From f3a53f3c8feedfad2a33462225dca8ea077b151b Mon Sep 17 00:00:00 2001 From: Alex Griffin Date: Tue, 3 Jan 2017 08:49:01 -0600 Subject: gnu: slock: Update to 1.4. * gnu/packages/suckless.scm (slock): Update to 1.4. [source] Remove CVE-2016-6866 patch (no longer needed). * gnu/packages/patches/slock-CVE-2016-6866.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. Signed-off-by: Leo Famulari --- gnu/local.mk | 1 - gnu/packages/patches/slock-CVE-2016-6866.patch | 51 -------------------------- gnu/packages/suckless.scm | 6 +-- 3 files changed, 3 insertions(+), 55 deletions(-) delete mode 100644 gnu/packages/patches/slock-CVE-2016-6866.patch (limited to 'gnu') diff --git a/gnu/local.mk b/gnu/local.mk index 0c42f9f442..f45030f840 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -851,7 +851,6 @@ dist_patch_DATA = \ %D%/packages/patches/slim-sigusr1.patch \ %D%/packages/patches/slim-reset.patch \ %D%/packages/patches/slim-login.patch \ - %D%/packages/patches/slock-CVE-2016-6866.patch \ %D%/packages/patches/slurm-configure-remove-nonfree-contribs.patch \ %D%/packages/patches/soprano-find-clucene.patch \ %D%/packages/patches/steghide-fixes.patch \ diff --git a/gnu/packages/patches/slock-CVE-2016-6866.patch b/gnu/packages/patches/slock-CVE-2016-6866.patch deleted file mode 100644 index 2f94b8c1a9..0000000000 --- a/gnu/packages/patches/slock-CVE-2016-6866.patch +++ /dev/null @@ -1,51 +0,0 @@ -Fix CVE-2016-6866. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6866 -https://security-tracker.debian.org/tracker/CVE-2016-6866 - -Copied from upstream source repository: -http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29 - -From d8bec0f6fdc8a246d78cb488a0068954b46fcb29 Mon Sep 17 00:00:00 2001 -From: Markus Teich -Date: Tue, 30 Aug 2016 22:59:06 +0000 -Subject: fix CVE-2016-6866 - ---- -diff --git a/slock.c b/slock.c -index 847b328..8ed59ca 100644 ---- a/slock.c -+++ b/slock.c -@@ -123,7 +123,7 @@ readpw(Display *dpy) - readpw(Display *dpy, const char *pws) - #endif - { -- char buf[32], passwd[256]; -+ char buf[32], passwd[256], *encrypted; - int num, screen; - unsigned int len, color; - KeySym ksym; -@@ -159,7 +159,11 @@ readpw(Display *dpy, const char *pws) - #ifdef HAVE_BSD_AUTH - running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd); - #else -- running = !!strcmp(crypt(passwd, pws), pws); -+ errno = 0; -+ if (!(encrypted = crypt(passwd, pws))) -+ fprintf(stderr, "slock: crypt: %s\n", strerror(errno)); -+ else -+ running = !!strcmp(encrypted, pws); - #endif - if (running) { - XBell(dpy, 100); -@@ -312,6 +316,8 @@ main(int argc, char **argv) { - - #ifndef HAVE_BSD_AUTH - pws = getpw(); -+ if (strlen(pws) < 2) -+ die("slock: failed to get user password hash.\n"); - #endif - - if (!(dpy = XOpenDisplay(NULL))) --- -cgit v0.9.0.3-65-g4555 diff --git a/gnu/packages/suckless.scm b/gnu/packages/suckless.scm index 820d550d6e..a501bb5f2d 100644 --- a/gnu/packages/suckless.scm +++ b/gnu/packages/suckless.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2015 Dmitry Bogatov ;;; Copyright © 2015 Leo Famulari ;;; Copyright © 2016 Eric Bavier +;;; Copyright © 2017 Alex Griffin ;;; ;;; This file is part of GNU Guix. ;;; @@ -106,15 +107,14 @@ numbers of user-defined menu items efficiently.") (define-public slock (package (name "slock") - (version "1.3") + (version "1.4") (source (origin (method url-fetch) (uri (string-append "http://dl.suckless.org/tools/slock-" version ".tar.gz")) - (patches (search-patches "slock-CVE-2016-6866.patch")) (sha256 (base32 - "065xa9hl7zn0lv2f7yjxphqsa35rg6dn9hv10gys0sh4ljpa7d5s")))) + "0sif752303dg33f14k6pgwq2jp1hjyhqv6x4sy3sj281qvdljf5m")))) (build-system gnu-build-system) (arguments '(#:tests? #f ; no tests -- cgit v1.2.3