all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* [PATCH] gnu: slock: Update to 1.4.
@ 2017-01-04  0:11 Alex Griffin
  2017-01-04  4:39 ` Leo Famulari
  0 siblings, 1 reply; 2+ messages in thread
From: Alex Griffin @ 2017-01-04  0:11 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/plain, Size: 185 bytes --]

After a long absence, I'm back with a string of trivial version bumps!
This patch updates slock to version 1.4, which also no longer needs the
patch for CVE-2016-6866.
-- 
Alex Griffin

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-gnu-slock-Update-to-1.4.patch --]
[-- Type: text/x-patch; name="0001-gnu-slock-Update-to-1.4.patch", Size: 4143 bytes --]

From b24fc41055a7e345bac348df09f017c138319bd6 Mon Sep 17 00:00:00 2001
From: Alex Griffin <a@ajgrf.com>
Date: Tue, 3 Jan 2017 08:49:01 -0600
Subject: [PATCH 1/9] gnu: slock: Update to 1.4.

* gnu/packages/suckless.scm (slock): Update to 1.4.
[source] Remove CVE-2016-6866 patch (no longer needed).
* gnu/packages/patches/slock-CVE-2016-6866.patch: Remove file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
 gnu/local.mk                                   |  1 -
 gnu/packages/patches/slock-CVE-2016-6866.patch | 51 --------------------------
 gnu/packages/suckless.scm                      |  6 +--
 3 files changed, 3 insertions(+), 55 deletions(-)
 delete mode 100644 gnu/packages/patches/slock-CVE-2016-6866.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 0c42f9f44..f45030f84 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -851,7 +851,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/slim-sigusr1.patch			\
   %D%/packages/patches/slim-reset.patch				\
   %D%/packages/patches/slim-login.patch				\
-  %D%/packages/patches/slock-CVE-2016-6866.patch		\
   %D%/packages/patches/slurm-configure-remove-nonfree-contribs.patch \
   %D%/packages/patches/soprano-find-clucene.patch		\
   %D%/packages/patches/steghide-fixes.patch			\
diff --git a/gnu/packages/patches/slock-CVE-2016-6866.patch b/gnu/packages/patches/slock-CVE-2016-6866.patch
deleted file mode 100644
index 2f94b8c1a..000000000
--- a/gnu/packages/patches/slock-CVE-2016-6866.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-Fix CVE-2016-6866.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6866
-https://security-tracker.debian.org/tracker/CVE-2016-6866
-
-Copied from upstream source repository:
-http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29
-
-From d8bec0f6fdc8a246d78cb488a0068954b46fcb29 Mon Sep 17 00:00:00 2001
-From: Markus Teich <markus.teich@stusta.mhn.de>
-Date: Tue, 30 Aug 2016 22:59:06 +0000
-Subject: fix CVE-2016-6866
-
----
-diff --git a/slock.c b/slock.c
-index 847b328..8ed59ca 100644
---- a/slock.c
-+++ b/slock.c
-@@ -123,7 +123,7 @@ readpw(Display *dpy)
- readpw(Display *dpy, const char *pws)
- #endif
- {
--	char buf[32], passwd[256];
-+	char buf[32], passwd[256], *encrypted;
- 	int num, screen;
- 	unsigned int len, color;
- 	KeySym ksym;
-@@ -159,7 +159,11 @@ readpw(Display *dpy, const char *pws)
- #ifdef HAVE_BSD_AUTH
- 				running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
- #else
--				running = !!strcmp(crypt(passwd, pws), pws);
-+				errno = 0;
-+				if (!(encrypted = crypt(passwd, pws)))
-+					fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
-+				else
-+					running = !!strcmp(encrypted, pws);
- #endif
- 				if (running) {
- 					XBell(dpy, 100);
-@@ -312,6 +316,8 @@ main(int argc, char **argv) {
- 
- #ifndef HAVE_BSD_AUTH
- 	pws = getpw();
-+	if (strlen(pws) < 2)
-+		die("slock: failed to get user password hash.\n");
- #endif
- 
- 	if (!(dpy = XOpenDisplay(NULL)))
---
-cgit v0.9.0.3-65-g4555
diff --git a/gnu/packages/suckless.scm b/gnu/packages/suckless.scm
index 820d550d6..a501bb5f2 100644
--- a/gnu/packages/suckless.scm
+++ b/gnu/packages/suckless.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2015 Dmitry Bogatov <KAction@gnu.org>
 ;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2017 Alex Griffin <a@ajgrf.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -106,15 +107,14 @@ numbers of user-defined menu items efficiently.")
 (define-public slock
   (package
     (name "slock")
-    (version "1.3")
+    (version "1.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://dl.suckless.org/tools/slock-"
                                   version ".tar.gz"))
-              (patches (search-patches "slock-CVE-2016-6866.patch"))
               (sha256
                (base32
-                "065xa9hl7zn0lv2f7yjxphqsa35rg6dn9hv10gys0sh4ljpa7d5s"))))
+                "0sif752303dg33f14k6pgwq2jp1hjyhqv6x4sy3sj281qvdljf5m"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f ; no tests
-- 
2.11.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] gnu: slock: Update to 1.4.
  2017-01-04  0:11 [PATCH] gnu: slock: Update to 1.4 Alex Griffin
@ 2017-01-04  4:39 ` Leo Famulari
  0 siblings, 0 replies; 2+ messages in thread
From: Leo Famulari @ 2017-01-04  4:39 UTC (permalink / raw)
  To: Alex Griffin; +Cc: guix-devel

On Tue, Jan 03, 2017 at 06:11:06PM -0600, Alex Griffin wrote:
> After a long absence, I'm back with a string of trivial version bumps!
> This patch updates slock to version 1.4, which also no longer needs the
> patch for CVE-2016-6866.
> -- 
> Alex Griffin

> From b24fc41055a7e345bac348df09f017c138319bd6 Mon Sep 17 00:00:00 2001
> From: Alex Griffin <a@ajgrf.com>
> Date: Tue, 3 Jan 2017 08:49:01 -0600
> Subject: [PATCH 1/9] gnu: slock: Update to 1.4.
> 
> * gnu/packages/suckless.scm (slock): Update to 1.4.
> [source] Remove CVE-2016-6866 patch (no longer needed).
> * gnu/packages/patches/slock-CVE-2016-6866.patch: Remove file.
> * gnu/local.mk (dist_patch_DATA): Remove it.

Thanks, pushed!

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2017-01-04  4:39 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-01-04  0:11 [PATCH] gnu: slock: Update to 1.4 Alex Griffin
2017-01-04  4:39 ` Leo Famulari

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.