mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
gnu: slock: Fix CVE-2016-6866.
* gnu/packages/patches/slock-CVE-2016-6866.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/suckless.scm (slock): Use it.
This commit is contained in:
parent
a7199b7d99
commit
3ed3c105e3
3 changed files with 53 additions and 0 deletions
|
@ -790,6 +790,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/slim-session.patch \
|
||||
%D%/packages/patches/slim-config.patch \
|
||||
%D%/packages/patches/slim-sigusr1.patch \
|
||||
%D%/packages/patches/slock-CVE-2016-6866.patch \
|
||||
%D%/packages/patches/slurm-configure-remove-nonfree-contribs.patch \
|
||||
%D%/packages/patches/soprano-find-clucene.patch \
|
||||
%D%/packages/patches/superlu-dist-scotchmetis.patch \
|
||||
|
|
51
gnu/packages/patches/slock-CVE-2016-6866.patch
Normal file
51
gnu/packages/patches/slock-CVE-2016-6866.patch
Normal file
|
@ -0,0 +1,51 @@
|
|||
Fix CVE-2016-6866.
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6866
|
||||
https://security-tracker.debian.org/tracker/CVE-2016-6866
|
||||
|
||||
Copied from upstream source repository:
|
||||
http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29
|
||||
|
||||
From d8bec0f6fdc8a246d78cb488a0068954b46fcb29 Mon Sep 17 00:00:00 2001
|
||||
From: Markus Teich <markus.teich@stusta.mhn.de>
|
||||
Date: Tue, 30 Aug 2016 22:59:06 +0000
|
||||
Subject: fix CVE-2016-6866
|
||||
|
||||
---
|
||||
diff --git a/slock.c b/slock.c
|
||||
index 847b328..8ed59ca 100644
|
||||
--- a/slock.c
|
||||
+++ b/slock.c
|
||||
@@ -123,7 +123,7 @@ readpw(Display *dpy)
|
||||
readpw(Display *dpy, const char *pws)
|
||||
#endif
|
||||
{
|
||||
- char buf[32], passwd[256];
|
||||
+ char buf[32], passwd[256], *encrypted;
|
||||
int num, screen;
|
||||
unsigned int len, color;
|
||||
KeySym ksym;
|
||||
@@ -159,7 +159,11 @@ readpw(Display *dpy, const char *pws)
|
||||
#ifdef HAVE_BSD_AUTH
|
||||
running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
|
||||
#else
|
||||
- running = !!strcmp(crypt(passwd, pws), pws);
|
||||
+ errno = 0;
|
||||
+ if (!(encrypted = crypt(passwd, pws)))
|
||||
+ fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
|
||||
+ else
|
||||
+ running = !!strcmp(encrypted, pws);
|
||||
#endif
|
||||
if (running) {
|
||||
XBell(dpy, 100);
|
||||
@@ -312,6 +316,8 @@ main(int argc, char **argv) {
|
||||
|
||||
#ifndef HAVE_BSD_AUTH
|
||||
pws = getpw();
|
||||
+ if (strlen(pws) < 2)
|
||||
+ die("slock: failed to get user password hash.\n");
|
||||
#endif
|
||||
|
||||
if (!(dpy = XOpenDisplay(NULL)))
|
||||
--
|
||||
cgit v0.9.0.3-65-g4555
|
|
@ -111,6 +111,7 @@ (define-public slock
|
|||
(method url-fetch)
|
||||
(uri (string-append "http://dl.suckless.org/tools/slock-"
|
||||
version ".tar.gz"))
|
||||
(patches (search-patches "slock-CVE-2016-6866.patch"))
|
||||
(sha256
|
||||
(base32
|
||||
"065xa9hl7zn0lv2f7yjxphqsa35rg6dn9hv10gys0sh4ljpa7d5s"))))
|
||||
|
|
Loading…
Reference in a new issue