1 |
commit: fbfd1bffe2e7f0c68efb06aa292ed7ebcb796239 |
2 |
Author: Sebastian Pipping <sping <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Jun 11 15:35:34 2021 +0000 |
4 |
Commit: Sebastian Pipping <sping <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Jun 11 15:36:08 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fbfd1bff |
7 |
|
8 |
x11-misc/xscreensaver: CVE-2021-34557 |
9 |
|
10 |
Bug: https://bugs.gentoo.org/794475 |
11 |
Signed-off-by: Sebastian Pipping <sping <AT> gentoo.org> |
12 |
Package-Manager: Portage-3.0.19, Repoman-3.0.3 |
13 |
|
14 |
.../files/xscreensaver-5.45-cve-2021-34557.patch | 40 +++++ |
15 |
x11-misc/xscreensaver/xscreensaver-5.45-r1.ebuild | 168 +++++++++++++++++++++ |
16 |
2 files changed, 208 insertions(+) |
17 |
|
18 |
diff --git a/x11-misc/xscreensaver/files/xscreensaver-5.45-cve-2021-34557.patch b/x11-misc/xscreensaver/files/xscreensaver-5.45-cve-2021-34557.patch |
19 |
new file mode 100644 |
20 |
index 00000000000..3d002b40877 |
21 |
--- /dev/null |
22 |
+++ b/x11-misc/xscreensaver/files/xscreensaver-5.45-cve-2021-34557.patch |
23 |
@@ -0,0 +1,40 @@ |
24 |
+From c1e43f7fa01b7536bc90ad5a9b61c568f4db4dd1 Mon Sep 17 00:00:00 2001 |
25 |
+From: Marek Marczykowski-Górecki <marmarek@××××××××××××××××××.com> |
26 |
+Date: Tue, 18 May 2021 15:41:55 +0200 |
27 |
+Subject: [PATCH] Fix updating outputs info |
28 |
+ |
29 |
+When an output is disconnected, update_screen_layout() will try to unset |
30 |
+a property on window assigned to that output. It does that by iterating |
31 |
+si->screens up to 'count', while 'good_count' signifies how many outputs |
32 |
+are currently connected (good_count <= count). si->screens has few more |
33 |
+entries allocated (at start 10), but if there are more disconnected |
34 |
+outputs, the iteration will go beyond si->screens array. |
35 |
+The only out of bound access there is reading window ID to delete |
36 |
+property from, which in most cases will be a bogus number -> crashing |
37 |
+xscreensaver with BadWindow error. |
38 |
+ |
39 |
+Fix this by allocating array up to full 'count' entries, even if much |
40 |
+fewer outputs are connected at the moment. |
41 |
+--- |
42 |
+ driver/screens.c | 4 ++-- |
43 |
+ 1 file changed, 2 insertions(+), 2 deletions(-) |
44 |
+ |
45 |
+diff --git a/driver/screens.c b/driver/screens.c |
46 |
+index 5aeb55d..16d6ec3 100644 |
47 |
+--- a/driver/screens.c |
48 |
++++ b/driver/screens.c |
49 |
+@@ -1020,9 +1020,9 @@ update_screen_layout (saver_info *si) |
50 |
+ calloc (sizeof(*si->screens), si->ssi_count); |
51 |
+ } |
52 |
+ |
53 |
+- if (si->ssi_count <= good_count) |
54 |
++ if (si->ssi_count <= count) |
55 |
+ { |
56 |
+- si->ssi_count = good_count + 10; |
57 |
++ si->ssi_count = count; |
58 |
+ si->screens = (saver_screen_info *) |
59 |
+ realloc (si->screens, sizeof(*si->screens) * si->ssi_count); |
60 |
+ memset (si->screens + si->nscreens, 0, |
61 |
+-- |
62 |
+2.31.1 |
63 |
+ |
64 |
|
65 |
diff --git a/x11-misc/xscreensaver/xscreensaver-5.45-r1.ebuild b/x11-misc/xscreensaver/xscreensaver-5.45-r1.ebuild |
66 |
new file mode 100644 |
67 |
index 00000000000..9a996f52f7a |
68 |
--- /dev/null |
69 |
+++ b/x11-misc/xscreensaver/xscreensaver-5.45-r1.ebuild |
70 |
@@ -0,0 +1,168 @@ |
71 |
+# Copyright 1999-2021 Gentoo Authors |
72 |
+# Distributed under the terms of the GNU General Public License v2 |
73 |
+ |
74 |
+EAPI=7 |
75 |
+inherit autotools flag-o-matic l10n multilib optfeature pam |
76 |
+ |
77 |
+DESCRIPTION="modular screen saver and locker for the X Window System" |
78 |
+HOMEPAGE="https://www.jwz.org/xscreensaver/" |
79 |
+SRC_URI="https://www.jwz.org/xscreensaver/${P}.tar.gz" |
80 |
+ |
81 |
+LICENSE="BSD" |
82 |
+SLOT="0" |
83 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux" |
84 |
+IUSE="caps +gdk-pixbuf gdm +gtk jpeg +locking new-login offensive opengl pam +perl selinux suid systemd xinerama" |
85 |
+REQUIRED_USE=" |
86 |
+ gdk-pixbuf? ( gtk ) |
87 |
+" |
88 |
+ |
89 |
+COMMON_DEPEND=" |
90 |
+ >=gnome-base/libglade-2 |
91 |
+ dev-libs/libxml2 |
92 |
+ media-libs/netpbm |
93 |
+ x11-apps/appres |
94 |
+ x11-apps/xwininfo |
95 |
+ x11-libs/libX11 |
96 |
+ x11-libs/libXext |
97 |
+ x11-libs/libXft |
98 |
+ x11-libs/libXi |
99 |
+ x11-libs/libXmu |
100 |
+ x11-libs/libXrandr |
101 |
+ x11-libs/libXt |
102 |
+ x11-libs/libXxf86vm |
103 |
+ caps? ( sys-libs/libcap ) |
104 |
+ gdk-pixbuf? ( |
105 |
+ x11-libs/gdk-pixbuf-xlib |
106 |
+ >=x11-libs/gdk-pixbuf-2.42.0:2 |
107 |
+ ) |
108 |
+ gtk? ( x11-libs/gtk+:2 ) |
109 |
+ jpeg? ( virtual/jpeg:0 ) |
110 |
+ new-login? ( |
111 |
+ gdm? ( gnome-base/gdm ) |
112 |
+ !gdm? ( || ( x11-misc/lightdm lxde-base/lxdm ) ) |
113 |
+ ) |
114 |
+ opengl? ( |
115 |
+ virtual/glu |
116 |
+ virtual/opengl |
117 |
+ ) |
118 |
+ pam? ( sys-libs/pam ) |
119 |
+ systemd? ( >=sys-apps/systemd-221 ) |
120 |
+ xinerama? ( x11-libs/libXinerama ) |
121 |
+" |
122 |
+# For USE="perl" see output of `qlist xscreensaver | grep bin | xargs grep '::'` |
123 |
+RDEPEND=" |
124 |
+ ${COMMON_DEPEND} |
125 |
+ perl? ( |
126 |
+ dev-lang/perl |
127 |
+ dev-perl/libwww-perl |
128 |
+ virtual/perl-Digest-MD5 |
129 |
+ ) |
130 |
+ selinux? ( sec-policy/selinux-xscreensaver ) |
131 |
+" |
132 |
+DEPEND=" |
133 |
+ ${COMMON_DEPEND} |
134 |
+ dev-util/intltool |
135 |
+ sys-devel/bc |
136 |
+ sys-devel/gettext |
137 |
+ virtual/pkgconfig |
138 |
+ x11-base/xorg-proto |
139 |
+" |
140 |
+PATCHES=( |
141 |
+ "${FILESDIR}"/${PN}-5.45-remove-libXxf86misc-dep.patch |
142 |
+ "${FILESDIR}"/${PN}-5.45-interix.patch |
143 |
+ "${FILESDIR}"/${PN}-5.31-pragma.patch |
144 |
+ "${FILESDIR}"/${PN}-5.44-blurb-hndl-test-passwd.patch |
145 |
+ "${FILESDIR}"/${PN}-5.44-gentoo.patch |
146 |
+ "${FILESDIR}"/${PN}-5.45-gcc.patch |
147 |
+ "${FILESDIR}"/${PN}-5.45-configure.ac-sandbox.patch |
148 |
+ "${FILESDIR}"/${P}-cve-2021-34557.patch # bug 794475 |
149 |
+) |
150 |
+ |
151 |
+src_prepare() { |
152 |
+ sed -i configure.ac -e '/^ALL_LINGUAS=/d' || die |
153 |
+ strip-linguas -i po/ |
154 |
+ export ALL_LINGUAS="${LINGUAS}" |
155 |
+ |
156 |
+ if use new-login && ! use gdm; then #392967 |
157 |
+ sed -i \ |
158 |
+ -e "/default_l.*1/s:gdmflexiserver -ls:${EPREFIX}/usr/libexec/lightdm/&:" \ |
159 |
+ configure{,.ac} || die |
160 |
+ fi |
161 |
+ |
162 |
+ default |
163 |
+ |
164 |
+ if ! use offensive; then |
165 |
+ sed -i \ |
166 |
+ -e '/boobies/d;/boobs/d;/cock/d;/pussy/d;/viagra/d;/vibrator/d' \ |
167 |
+ hacks/barcode.c || die |
168 |
+ sed -i \ |
169 |
+ -e 's|erect penis|shuffle board|g' \ |
170 |
+ -e 's|flaccid penis|flaccid anchor|g' \ |
171 |
+ -e 's|vagina|engagement ring|g' \ |
172 |
+ -e 's|Penis|Shuttle|g' \ |
173 |
+ hacks/glx/glsnake.c || break |
174 |
+ fi |
175 |
+ |
176 |
+ eapply_user |
177 |
+ |
178 |
+ eautoconf |
179 |
+ eautoheader |
180 |
+} |
181 |
+ |
182 |
+src_configure() { |
183 |
+ if use ppc || use ppc64; then |
184 |
+ filter-flags -maltivec -mabi=altivec |
185 |
+ append-flags -U__VEC__ |
186 |
+ fi |
187 |
+ |
188 |
+ unset BC_ENV_ARGS #24568 |
189 |
+ export RPM_PACKAGE_VERSION=no #368025 |
190 |
+ |
191 |
+ econf \ |
192 |
+ $(use_enable locking) \ |
193 |
+ $(use_with caps setcap-hacks) \ |
194 |
+ $(use_with gdk-pixbuf pixbuf) \ |
195 |
+ $(use_with gtk) \ |
196 |
+ $(use_with jpeg) \ |
197 |
+ $(use_with new-login login-manager) \ |
198 |
+ $(use_with opengl gl) \ |
199 |
+ $(use_with pam) \ |
200 |
+ $(use_with suid setuid-hacks) \ |
201 |
+ $(use_with systemd) \ |
202 |
+ $(use_with xinerama xinerama-ext) \ |
203 |
+ --with-app-defaults="${EPREFIX}"/usr/share/X11/app-defaults \ |
204 |
+ --with-configdir="${EPREFIX}"/usr/share/${PN}/config \ |
205 |
+ --with-dpms-ext \ |
206 |
+ --with-hackdir="${EPREFIX}"/usr/$(get_libdir)/misc/${PN} \ |
207 |
+ --with-proc-interrupts \ |
208 |
+ --with-randr-ext \ |
209 |
+ --with-text-file="${EPREFIX}"/etc/gentoo-release \ |
210 |
+ --with-xdbe-ext \ |
211 |
+ --with-xf86gamma-ext \ |
212 |
+ --with-xf86vmode-ext \ |
213 |
+ --with-xinput-ext \ |
214 |
+ --with-xshm-ext \ |
215 |
+ --without-gle \ |
216 |
+ --without-kerberos \ |
217 |
+ --without-motif \ |
218 |
+ --x-includes="${EPREFIX}"/usr/include \ |
219 |
+ --x-libraries="${EPREFIX}"/usr/$(get_libdir) |
220 |
+} |
221 |
+ |
222 |
+src_install() { |
223 |
+ emake install_prefix="${D}" install |
224 |
+ |
225 |
+ dodoc README{,.hacking} |
226 |
+ |
227 |
+ if use pam; then |
228 |
+ fperms 755 /usr/bin/${PN} |
229 |
+ pamd_mimic_system ${PN} auth |
230 |
+ fi |
231 |
+ |
232 |
+ rm -f "${ED}"/usr/share/${PN}/config/{electricsheep,fireflies}.xml |
233 |
+} |
234 |
+ |
235 |
+pkg_postinst() { |
236 |
+ optfeature 'Bitmap fonts 75dpi' media-fonts/font-adobe-75dpi |
237 |
+ optfeature 'Bitmap fonts 100dpi' media-fonts/font-adobe-100dpi |
238 |
+} |