From 3b234388a5f545f071422864e1a274ba45a696a0 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Sun, 3 Mar 2019 22:03:39 +0000 Subject: Sun Mar 3 22:03:39 UTC 2019 a/mkinitrd-1.4.11-x86_64-12.txz: Rebuilt. Updated to busybox-1.30.1. mkinitrd: allow a colon-delimited list of kernel versions with -k mkinitrd_command_generator.sh: allow a colon-delimited list of kernel versions with -k setup.01.mkinitrd: simplify script by using -k with a version list ap/pamixer-1.4-x86_64-1.txz: Upgraded. d/python-2.7.16-x86_64-1.txz: Upgraded. Updated to the latest 2.7.x release, which fixes a few security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010 (* Security fix *) d/vala-0.42.6-x86_64-1.txz: Upgraded. l/gegl-0.4.14-x86_64-1.txz: Upgraded. l/libsecret-0.18.8-x86_64-1.txz: Upgraded. l/xapian-core-1.4.11-x86_64-1.txz: Upgraded. x/mkfontscale-1.2.0-x86_64-1.txz: Upgraded. x/xditview-1.0.5-x86_64-1.txz: Upgraded. x/xdm-1.1.12-x86_64-1.txz: Upgraded. --- source/x/x11/patch/xdm.patch | 6 - .../patch/xdm/xdm-1.1.11-arc4random-include.patch | 18 -- .../xdm/xdm-1.1.11-setproctitle-include.patch | 37 ---- source/x/x11/patch/xdm/xdm-consolekit.patch | 187 ++++++++++----------- source/x/x11/patch/xdm/xdm.glibc.crypt.diff | 42 ----- 5 files changed, 91 insertions(+), 199 deletions(-) delete mode 100644 source/x/x11/patch/xdm/xdm-1.1.11-arc4random-include.patch delete mode 100644 source/x/x11/patch/xdm/xdm-1.1.11-setproctitle-include.patch delete mode 100644 source/x/x11/patch/xdm/xdm.glibc.crypt.diff (limited to 'source/x/x11/patch') diff --git a/source/x/x11/patch/xdm.patch b/source/x/x11/patch/xdm.patch index 37be22286..29875b41b 100644 --- a/source/x/x11/patch/xdm.patch +++ b/source/x/x11/patch/xdm.patch @@ -1,8 +1,2 @@ -zcat $CWD/patch/xdm/xdm.glibc.crypt.diff.gz | patch -p1 --verbose || \ - { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } -zcat $CWD/patch/xdm/xdm-1.1.11-arc4random-include.patch.gz | patch -p1 --verbose || \ - { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } -zcat $CWD/patch/xdm/xdm-1.1.11-setproctitle-include.patch.gz | patch -p1 --verbose || \ - { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } zcat $CWD/patch/xdm/xdm-consolekit.patch.gz | patch -p1 --verbose || \ { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } diff --git a/source/x/x11/patch/xdm/xdm-1.1.11-arc4random-include.patch b/source/x/x11/patch/xdm/xdm-1.1.11-arc4random-include.patch deleted file mode 100644 index db948094b..000000000 --- a/source/x/x11/patch/xdm/xdm-1.1.11-arc4random-include.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -ur a/xdm/genauth.c b/xdm/genauth.c ---- a/xdm/genauth.c 2011-09-25 09:35:47.000000000 +0200 -+++ b/xdm/genauth.c 2014-01-06 16:28:09.664060603 +0100 -@@ -40,6 +40,14 @@ - - #include - -+#ifdef HAVE_ARC4RANDOM -+# ifdef __linux__ -+# include -+# else -+# include -+# endif -+#endif -+ - #include - #define Time_t time_t - diff --git a/source/x/x11/patch/xdm/xdm-1.1.11-setproctitle-include.patch b/source/x/x11/patch/xdm/xdm-1.1.11-setproctitle-include.patch deleted file mode 100644 index 0a3f32bbe..000000000 --- a/source/x/x11/patch/xdm/xdm-1.1.11-setproctitle-include.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff -ur a/xdm/choose.c b/xdm/choose.c ---- a/xdm/choose.c 2011-09-25 09:35:47.000000000 +0200 -+++ b/xdm/choose.c 2014-01-06 16:33:09.628065364 +0100 -@@ -54,6 +54,14 @@ - # include - # endif - -+# ifdef HAVE_SETPROCTITLE -+# ifdef __linux__ -+# include -+# else -+# include -+# endif -+# endif -+ - # include - # define Time_t time_t - -diff -ur a/xdm/session.c b/xdm/session.c ---- a/xdm/session.c 2011-09-25 09:35:47.000000000 +0200 -+++ b/xdm/session.c 2014-01-06 16:40:57.508072789 +0100 -@@ -54,6 +54,15 @@ - # include - #endif - -+# ifdef HAVE_SETPROCTITLE -+# include -+# ifdef __linux__ -+# include -+# else -+# include -+# endif -+# endif -+ - #ifndef USE_PAM /* PAM modules should handle these */ - # ifdef SECURE_RPC - # include diff --git a/source/x/x11/patch/xdm/xdm-consolekit.patch b/source/x/x11/patch/xdm/xdm-consolekit.patch index fbacd36fc..d69b31a7a 100644 --- a/source/x/x11/patch/xdm/xdm-consolekit.patch +++ b/source/x/x11/patch/xdm/xdm-consolekit.patch @@ -1,14 +1,9 @@ -http://bugs.gentoo.org/360987 -http://projects.archlinux.org/svntogit/packages.git/plain/trunk/xdm-consolekit.patch?h=packages/xorg-xdm -http://lists.x.org/archives/xorg-devel/2011-February/019615.html -http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615020 - ---- a/configure.ac -+++ b/configure.ac -@@ -362,6 +362,20 @@ - - AM_CONDITIONAL(DYNAMIC_GREETER, test x$DYNAMIC_GREETER = xyes) - +--- ./configure.ac.orig 2019-03-02 16:06:13.000000000 -0600 ++++ ./configure.ac 2019-03-03 13:30:09.779278886 -0600 +@@ -395,6 +395,20 @@ + PKG_CHECK_MODULES(XLIB, x11) + PKG_CHECK_MODULES(AUTH, xau) + +# ConsoleKit support +AC_ARG_WITH(consolekit, AC_HELP_STRING([--with-consolekit], [Use ConsoleKit]), + [USE_CONSOLEKIT=$withval], [USE_CONSOLEKIT=yes]) @@ -24,26 +19,96 @@ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615020 +dnl AM_CONDITIONAL(USE_CONSOLEKIT, test$USE_CONSOLEKIT = xyes) + # - # XDM + # Greeter # ---- a/xdm/session.c -+++ b/xdm/session.c -@@ -66,6 +66,11 @@ +--- ./include/dm.h.orig 2019-03-02 16:06:13.000000000 -0600 ++++ ./include/dm.h 2019-03-03 13:30:09.788278885 -0600 +@@ -327,6 +327,9 @@ + extern char *prngdSocket; + extern int prngdPort; + # endif ++#ifdef USE_CONSOLEKIT ++extern int use_consolekit; ++#endif + + extern char *greeterLib; + extern char *willing; +--- ./man/xdm.man.orig 2019-03-02 16:06:13.000000000 -0600 ++++ ./man/xdm.man 2019-03-03 13:30:09.794278884 -0600 +@@ -48,6 +48,8 @@ + ] [ + .B \-session + .I session_program ++] [ ++.B \-noconsolekit + ] + .SH DESCRIPTION + .I Xdm +@@ -215,6 +217,10 @@ + .IP "\fB\-xrm\fP \fIresource_specification\fP" + Allows an arbitrary resource to be specified, as in most + X Toolkit applications. ++.IP "\fB\-noconsolekit\fP" ++Specifies ``false'' as the value for the \fBDisplayManager.consoleKit\fP ++resource. ++This suppresses the session management using ConsoleKit. + .SH RESOURCES + At many stages the actions of + .I xdm +--- ./xdm/resource.c.orig 2019-03-02 16:06:13.000000000 -0600 ++++ ./xdm/resource.c 2019-03-03 13:30:09.792278885 -0600 +@@ -65,6 +65,9 @@ + char *prngdSocket; + int prngdPort; #endif ++#ifdef USE_CONSOLEKIT ++int use_consolekit; ++#endif + + char *greeterLib; + char *willing; +@@ -192,6 +195,10 @@ + "false"} , + { "willing", "Willing", DM_STRING, &willing, + ""} , ++#ifdef USE_CONSOLEKIT ++{ "consoleKit", "ConsoleKit", DM_BOOL, (char **) &use_consolekit, ++ "true"} , ++#endif + }; + + #define NUM_DM_RESOURCES (sizeof DmResources / sizeof DmResources[0]) +@@ -377,7 +384,11 @@ + {"-debug", "*debugLevel", XrmoptionSepArg, (caddr_t) NULL }, + {"-xrm", NULL, XrmoptionResArg, (caddr_t) NULL }, + {"-daemon", ".daemonMode", XrmoptionNoArg, "true" }, +-{"-nodaemon", ".daemonMode", XrmoptionNoArg, "false" } ++{"-nodaemon", ".daemonMode", XrmoptionNoArg, "false" }, ++#ifdef USE_CONSOLEKIT ++{"-consolekit", ".consoleKit", XrmoptionNoArg, "true" }, ++{"-noconsolekit", ".consoleKit", XrmoptionNoArg, "false" } ++#endif + }; + + static int originalArgc; +--- ./xdm/session.c.orig 2019-03-02 16:06:13.000000000 -0600 ++++ ./xdm/session.c 2019-03-03 13:31:17.126272595 -0600 +@@ -73,6 +73,11 @@ + # endif #endif /* USE_PAM */ - + +#ifdef USE_CONSOLEKIT +#include +#include +#endif + - #ifdef __SCO__ - #include - #endif -@@ -472,6 +477,97 @@ + #ifdef USE_SELINUX + #include + #include +@@ -523,6 +528,97 @@ } } - + +#ifdef USE_CONSOLEKIT + +static CkConnector *connector; @@ -138,16 +203,16 @@ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615020 void SessionExit (struct display *d, int status, int removeAuth) { -@@ -486,6 +580,8 @@ +@@ -537,6 +633,8 @@ } #endif - + + closeCKSession(); + /* make sure the server gets reset after the session is over */ if (d->serverPid >= 2 && d->resetSignal) - kill (d->serverPid, d->resetSignal); -@@ -568,6 +664,10 @@ + kill (d->serverPid, d->resetSignal); +@@ -614,6 +712,10 @@ #ifdef USE_PAM if (pamh) pam_open_session(pamh, 0); #endif @@ -157,74 +222,4 @@ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615020 + switch (pid = fork ()) { case 0: - CleanUpChild (); ---- a/include/dm.h -+++ b/include/dm.h -@@ -325,6 +325,9 @@ - extern char *prngdSocket; - extern int prngdPort; - # endif -+#ifdef USE_CONSOLEKIT -+extern int use_consolekit; -+#endif - - extern char *greeterLib; - extern char *willing; ---- a/xdm/resource.c -+++ b/xdm/resource.c -@@ -68,6 +68,9 @@ - char *prngdSocket; - int prngdPort; - #endif -+#ifdef USE_CONSOLEKIT -+int use_consolekit; -+#endif - - char *greeterLib; - char *willing; -@@ -258,6 +261,10 @@ - "false"} , - { "willing", "Willing", DM_STRING, &willing, - ""} , -+#ifdef USE_CONSOLEKIT -+{ "consoleKit", "ConsoleKit", DM_BOOL, (char **) &use_consolekit, -+ "true"} , -+#endif - }; - - # define NUM_DM_RESOURCES (sizeof DmResources / sizeof DmResources[0]) -@@ -440,7 +447,11 @@ - {"-debug", "*debugLevel", XrmoptionSepArg, (caddr_t) NULL }, - {"-xrm", NULL, XrmoptionResArg, (caddr_t) NULL }, - {"-daemon", ".daemonMode", XrmoptionNoArg, "true" }, --{"-nodaemon", ".daemonMode", XrmoptionNoArg, "false" } -+{"-nodaemon", ".daemonMode", XrmoptionNoArg, "false" }, -+#ifdef USE_CONSOLEKIT -+{"-consolekit", ".consoleKit", XrmoptionNoArg, "true" }, -+{"-noconsolekit", ".consoleKit", XrmoptionNoArg, "false" } -+#endif - }; - - static int originalArgc; ---- a/man/xdm.man -+++ b/man/xdm.man -@@ -51,6 +51,8 @@ - ] [ - .B \-session - .I session_program -+] [ -+.B \-noconsolekit - ] - .SH DESCRIPTION - .I Xdm -@@ -218,6 +220,10 @@ - .IP "\fB\-xrm\fP \fIresource_specification\fP" - Allows an arbitrary resource to be specified, as in most - X Toolkit applications. -+.IP "\fB\-noconsolekit\fP" -+Specifies ``false'' as the value for the \fBDisplayManager.consoleKit\fP -+resource. -+This suppresses the session management using ConsoleKit. - .SH RESOURCES - At many stages the actions of - .I xdm + CleanUpChild (); diff --git a/source/x/x11/patch/xdm/xdm.glibc.crypt.diff b/source/x/x11/patch/xdm/xdm.glibc.crypt.diff deleted file mode 100644 index 076df37dc..000000000 --- a/source/x/x11/patch/xdm/xdm.glibc.crypt.diff +++ /dev/null @@ -1,42 +0,0 @@ -From 8d1eb5c74413e4c9a21f689fc106949b121c0117 Mon Sep 17 00:00:00 2001 -From: mancha -Date: Wed, 22 May 2013 14:20:26 +0000 -Subject: Handle NULL returns from glibc 2.17+ crypt(). - -Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL -(w/ NULL return) if the salt violates specifications. Additionally, -on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords -passed to crypt() fail with EPERM (w/ NULL return). - -If using glibc's crypt(), check return value to avoid a possible -NULL pointer dereference. - -Reviewed-by: Matthieu Herrb -Signed-off-by: Alan Coopersmith ---- -diff --git a/greeter/verify.c b/greeter/verify.c -index db3cb7d..b009e2b 100644 ---- a/greeter/verify.c -+++ b/greeter/verify.c -@@ -329,6 +329,7 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify) - struct spwd *sp; - # endif - char *user_pass = NULL; -+ char *crypted_pass = NULL; - # endif - # ifdef __OpenBSD__ - char *s; -@@ -464,7 +465,9 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify) - # if defined(ultrix) || defined(__ultrix__) - if (authenticate_user(p, greet->password, NULL) < 0) - # else -- if (strcmp (crypt (greet->password, user_pass), user_pass)) -+ crypted_pass = crypt (greet->password, user_pass); -+ if ((crypted_pass == NULL) -+ || (strcmp (crypted_pass, user_pass))) - # endif - { - if(!greet->allow_null_passwd || strlen(p->pw_passwd) > 0) { --- -cgit v0.9.0.2-2-gbebe - -- cgit v1.2.3-65-gdbad