diff options
author | Robby Workman <rworkman@slackbuilds.org> | 2016-08-18 21:19:19 -0500 |
---|---|---|
committer | Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2016-08-20 07:51:29 +0700 |
commit | f5ab902a68fe049fec54b4ca437395dba32e408a (patch) | |
tree | 3416af953618575433b7e827db9c725ed43ebd8f /desktop/slock/patches | |
parent | ee31cb7cc1c27dbca84ebef88a4d42ef59ebd55b (diff) |
desktop/slock: Updated for version 1.3.
Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
Diffstat (limited to 'desktop/slock/patches')
16 files changed, 629 insertions, 789 deletions
diff --git a/desktop/slock/patches/0001-Simplify-the-oom-taming-function.patch b/desktop/slock/patches/0001-Simplify-the-oom-taming-function.patch new file mode 100644 index 0000000000000..993cab2491519 --- /dev/null +++ b/desktop/slock/patches/0001-Simplify-the-oom-taming-function.patch @@ -0,0 +1,60 @@ +From 3abbffa4934a62146e995ee7c2cf3ba50991b4ad Mon Sep 17 00:00:00 2001 +From: FRIGN <dev@frign.de> +Date: Sun, 14 Feb 2016 01:28:37 +0100 +Subject: [PATCH 1/7] Simplify the oom-taming-function + +There really is no need to source a defined variable from a linux +header. The OOM-rank ranges from -1000 to 1000, so we can safely +hardcode -1000, which is a sane thing to do given slock is suid and +we don't want to play around too much here anyway. + +On another notice, let's not forget that this still is a shitty +heuristic. The OOM-killer still can kill us (thus I also changed +the wording in the error-message. We do not disable the OOM-killer, +we're just hiding. +--- + slock.c | 20 ++++++-------------- + 1 file changed, 6 insertions(+), 14 deletions(-) + +diff --git a/slock.c b/slock.c +index cf49555..3188ff7 100644 +--- a/slock.c ++++ b/slock.c +@@ -60,28 +60,20 @@ die(const char *errstr, ...) + + #ifdef __linux__ + #include <fcntl.h> +-#include <linux/oom.h> + + static void + dontkillme(void) + { + int fd; +- int length; +- char value[64]; + + fd = open("/proc/self/oom_score_adj", O_WRONLY); +- if (fd < 0 && errno == ENOENT) ++ if (fd < 0 && errno == ENOENT) { + return; +- +- /* convert OOM_SCORE_ADJ_MIN to string for writing */ +- length = snprintf(value, sizeof(value), "%d\n", OOM_SCORE_ADJ_MIN); +- +- /* bail on truncation */ +- if (length >= sizeof(value)) +- die("buffer too small\n"); +- +- if (fd < 0 || write(fd, value, length) != length || close(fd) != 0) +- die("cannot disable the out-of-memory killer for this process (make sure to suid or sgid slock)\n"); ++ } ++ if (fd < 0 || write(fd, "-1000\n", (sizeof("-1000\n") - 1)) != ++ (sizeof("-1000\n") - 1) || close(fd) != 0) { ++ die("can't tame the oom-killer. is suid or sgid set?\n"); ++ } + } + #endif + +-- +2.9.2 + diff --git a/desktop/slock/patches/0001-applied-Dimitris-style-patch-from-Dec-14-with-some-m.patch b/desktop/slock/patches/0001-applied-Dimitris-style-patch-from-Dec-14-with-some-m.patch deleted file mode 100644 index d92e14925b9ab..0000000000000 --- a/desktop/slock/patches/0001-applied-Dimitris-style-patch-from-Dec-14-with-some-m.patch +++ /dev/null @@ -1,316 +0,0 @@ -From a31b9191111572dafaa8366415b89a4472aa4626 Mon Sep 17 00:00:00 2001 -From: Anselm R Garbe <garbeam@gmail.com> -Date: Tue, 27 Jan 2015 22:16:52 +0100 -Subject: [PATCH 1/9] applied Dimitris' style patch from Dec'14, with some - minor modifications - ---- - slock.c | 112 ++++++++++++++++++++++++++++++++++------------------------------ - 1 file changed, 60 insertions(+), 52 deletions(-) - -diff --git a/slock.c b/slock.c -index face75e..407a540 100644 ---- a/slock.c -+++ b/slock.c -@@ -1,4 +1,3 @@ -- - /* See LICENSE file for license details. */ - #define _XOPEN_SOURCE 500 - #if HAVE_SHADOW_H -@@ -37,20 +36,22 @@ static int nscreens; - static Bool running = True; - - static void --die(const char *errstr, ...) { -+die(const char *errstr, ...) -+{ - va_list ap; - - va_start(ap, errstr); - vfprintf(stderr, errstr, ap); - va_end(ap); -- exit(EXIT_FAILURE); -+ exit(1); - } - - #ifdef __linux__ - #include <fcntl.h> - - static void --dontkillme(void) { -+dontkillme(void) -+{ - int fd; - - fd = open("/proc/self/oom_score_adj", O_WRONLY); -@@ -62,8 +63,10 @@ dontkillme(void) { - #endif - - #ifndef HAVE_BSD_AUTH -+/* only run as root */ - static const char * --getpw(void) { /* only run as root */ -+getpw(void) -+{ - const char *rval; - struct passwd *pw; - -@@ -73,7 +76,7 @@ getpw(void) { /* only run as root */ - if (errno) - die("slock: getpwuid: %s\n", strerror(errno)); - else -- die("slock: cannot retrieve password entry (make sure to suid or sgid slock)\n"); -+ die("slock: cannot retrieve password entry\n"); - } - rval = pw->pw_passwd; - -@@ -81,15 +84,15 @@ getpw(void) { /* only run as root */ - if (rval[0] == 'x' && rval[1] == '\0') { - struct spwd *sp; - sp = getspnam(getenv("USER")); -- if(!sp) -+ if (!sp) - die("slock: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); - rval = sp->sp_pwdp; - } - #endif - - /* drop privileges */ -- if (geteuid() == 0 -- && ((getegid() != pw->pw_gid && setgid(pw->pw_gid) < 0) || setuid(pw->pw_uid) < 0)) -+ if (geteuid() == 0 && -+ ((getegid() != pw->pw_gid && setgid(pw->pw_gid) < 0) || setuid(pw->pw_uid) < 0)) - die("slock: cannot drop privileges\n"); - return rval; - } -@@ -115,21 +118,23 @@ readpw(Display *dpy, const char *pws) - * had been removed and you can set it with "xset" or some other - * utility. This way the user can easily set a customized DPMS - * timeout. */ -- while(running && !XNextEvent(dpy, &ev)) { -- if(ev.type == KeyPress) { -+ while (running && !XNextEvent(dpy, &ev)) { -+ if (ev.type == KeyPress) { - buf[0] = 0; - num = XLookupString(&ev.xkey, buf, sizeof buf, &ksym, 0); -- if(IsKeypadKey(ksym)) { -- if(ksym == XK_KP_Enter) -+ if (IsKeypadKey(ksym)) { -+ if (ksym == XK_KP_Enter) - ksym = XK_Return; -- else if(ksym >= XK_KP_0 && ksym <= XK_KP_9) -+ else if (ksym >= XK_KP_0 && ksym <= XK_KP_9) - ksym = (ksym - XK_KP_0) + XK_0; - } -- if(IsFunctionKey(ksym) || IsKeypadKey(ksym) -- || IsMiscFunctionKey(ksym) || IsPFKey(ksym) -- || IsPrivateKeypadKey(ksym)) -+ if (IsFunctionKey(ksym) || -+ IsKeypadKey(ksym) || -+ IsMiscFunctionKey(ksym) || -+ IsPFKey(ksym) || -+ IsPrivateKeypadKey(ksym)) - continue; -- switch(ksym) { -+ switch (ksym) { - case XK_Return: - passwd[len] = 0; - #ifdef HAVE_BSD_AUTH -@@ -137,7 +142,7 @@ readpw(Display *dpy, const char *pws) - #else - running = !!strcmp(crypt(passwd, pws), pws); - #endif -- if(running) -+ if (running) - XBell(dpy, 100); - len = 0; - break; -@@ -145,36 +150,37 @@ readpw(Display *dpy, const char *pws) - len = 0; - break; - case XK_BackSpace: -- if(len) -+ if (len) - --len; - break; - default: -- if(num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) { -+ if (num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) { - memcpy(passwd + len, buf, num); - len += num; - } - break; - } -- if(llen == 0 && len != 0) { -- for(screen = 0; screen < nscreens; screen++) { -+ if (llen == 0 && len != 0) { -+ for (screen = 0; screen < nscreens; screen++) { - XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[1]); - XClearWindow(dpy, locks[screen]->win); - } -- } else if(llen != 0 && len == 0) { -- for(screen = 0; screen < nscreens; screen++) { -+ } else if (llen != 0 && len == 0) { -+ for (screen = 0; screen < nscreens; screen++) { - XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[0]); - XClearWindow(dpy, locks[screen]->win); - } - } - llen = len; - } -- else for(screen = 0; screen < nscreens; screen++) -+ else for (screen = 0; screen < nscreens; screen++) - XRaiseWindow(dpy, locks[screen]->win); - } - } - - static void --unlockscreen(Display *dpy, Lock *lock) { -+unlockscreen(Display *dpy, Lock *lock) -+{ - if(dpy == NULL || lock == NULL) - return; - -@@ -187,7 +193,8 @@ unlockscreen(Display *dpy, Lock *lock) { - } - - static Lock * --lockscreen(Display *dpy, int screen) { -+lockscreen(Display *dpy, int screen) -+{ - char curs[] = {0, 0, 0, 0, 0, 0, 0, 0}; - unsigned int len; - Lock *lock; -@@ -195,11 +202,11 @@ lockscreen(Display *dpy, int screen) { - XSetWindowAttributes wa; - Cursor invisible; - -- if(dpy == NULL || screen < 0) -+ if (dpy == NULL || screen < 0) - return NULL; - - lock = malloc(sizeof(Lock)); -- if(lock == NULL) -+ if (lock == NULL) - return NULL; - - lock->screen = screen; -@@ -210,8 +217,8 @@ lockscreen(Display *dpy, int screen) { - wa.override_redirect = 1; - wa.background_pixel = BlackPixel(dpy, lock->screen); - lock->win = XCreateWindow(dpy, lock->root, 0, 0, DisplayWidth(dpy, lock->screen), DisplayHeight(dpy, lock->screen), -- 0, DefaultDepth(dpy, lock->screen), CopyFromParent, -- DefaultVisual(dpy, lock->screen), CWOverrideRedirect | CWBackPixel, &wa); -+ 0, DefaultDepth(dpy, lock->screen), CopyFromParent, -+ DefaultVisual(dpy, lock->screen), CWOverrideRedirect | CWBackPixel, &wa); - XAllocNamedColor(dpy, DefaultColormap(dpy, lock->screen), COLOR2, &color, &dummy); - lock->colors[1] = color.pixel; - XAllocNamedColor(dpy, DefaultColormap(dpy, lock->screen), COLOR1, &color, &dummy); -@@ -220,36 +227,37 @@ lockscreen(Display *dpy, int screen) { - invisible = XCreatePixmapCursor(dpy, lock->pmap, lock->pmap, &color, &color, 0, 0); - XDefineCursor(dpy, lock->win, invisible); - XMapRaised(dpy, lock->win); -- for(len = 1000; len; len--) { -- if(XGrabPointer(dpy, lock->root, False, ButtonPressMask | ButtonReleaseMask | PointerMotionMask, -- GrabModeAsync, GrabModeAsync, None, invisible, CurrentTime) == GrabSuccess) -+ for (len = 1000; len; len--) { -+ if (XGrabPointer(dpy, lock->root, False, ButtonPressMask | ButtonReleaseMask | PointerMotionMask, -+ GrabModeAsync, GrabModeAsync, None, invisible, CurrentTime) == GrabSuccess) - break; - usleep(1000); - } -- if(running && (len > 0)) { -- for(len = 1000; len; len--) { -- if(XGrabKeyboard(dpy, lock->root, True, GrabModeAsync, GrabModeAsync, CurrentTime) -- == GrabSuccess) -+ if (running && (len > 0)) { -+ for (len = 1000; len; len--) { -+ if (XGrabKeyboard(dpy, lock->root, True, GrabModeAsync, GrabModeAsync, CurrentTime) == GrabSuccess) - break; - usleep(1000); - } - } - - running &= (len > 0); -- if(!running) { -+ if (!running) { - unlockscreen(dpy, lock); - lock = NULL; - } -- else -+ else { - XSelectInput(dpy, lock->root, SubstructureNotifyMask); -+ } - - return lock; - } - - static void --usage(void) { -+usage(void) -+{ - fprintf(stderr, "usage: slock [-v]\n"); -- exit(EXIT_FAILURE); -+ exit(1); - } - - int -@@ -260,38 +268,38 @@ main(int argc, char **argv) { - Display *dpy; - int screen; - -- if((argc == 2) && !strcmp("-v", argv[1])) -- die("slock-%s, © 2006-2014 slock engineers\n", VERSION); -- else if(argc != 1) -+ if ((argc == 2) && !strcmp("-v", argv[1])) -+ die("slock-%s, © 2006-2015 slock engineers\n", VERSION); -+ else if (argc != 1) - usage(); - - #ifdef __linux__ - dontkillme(); - #endif - -- if(!getpwuid(getuid())) -+ if (!getpwuid(getuid())) - die("slock: no passwd entry for you\n"); - - #ifndef HAVE_BSD_AUTH - pws = getpw(); - #endif - -- if(!(dpy = XOpenDisplay(0))) -+ if (!(dpy = XOpenDisplay(0))) - die("slock: cannot open display\n"); - /* Get the number of screens in display "dpy" and blank them all. */ - nscreens = ScreenCount(dpy); - locks = malloc(sizeof(Lock *) * nscreens); -- if(locks == NULL) -+ if (locks == NULL) - die("slock: malloc: %s\n", strerror(errno)); - int nlocks = 0; -- for(screen = 0; screen < nscreens; screen++) { -+ for (screen = 0; screen < nscreens; screen++) { - if ( (locks[screen] = lockscreen(dpy, screen)) != NULL) - nlocks++; - } - XSync(dpy, False); - - /* Did we actually manage to lock something? */ -- if (nlocks == 0) { // nothing to protect -+ if (nlocks == 0) { /* nothing to protect */ - free(locks); - XCloseDisplay(dpy); - return 1; -@@ -305,7 +313,7 @@ main(int argc, char **argv) { - #endif - - /* Password ok, unlock everything and quit. */ -- for(screen = 0; screen < nscreens; screen++) -+ for (screen = 0; screen < nscreens; screen++) - unlockscreen(dpy, locks[screen]); - - free(locks); --- -2.6.4 - diff --git a/desktop/slock/patches/0002-Blank-the-screen-with-color-0-add-third-color-for-fa.patch b/desktop/slock/patches/0002-Blank-the-screen-with-color-0-add-third-color-for-fa.patch deleted file mode 100644 index 14d649f9429cc..0000000000000 --- a/desktop/slock/patches/0002-Blank-the-screen-with-color-0-add-third-color-for-fa.patch +++ /dev/null @@ -1,119 +0,0 @@ -From f2ea92c3ddf1d9476ef61f85ec3aa26818d094a1 Mon Sep 17 00:00:00 2001 -From: David Phillips <dbphillipsnz@gmail.com> -Date: Thu, 12 Feb 2015 11:56:35 +1300 -Subject: [PATCH 2/9] Blank the screen with color 0, add third color for failed - logins - -- Adds another color in config.def.h, COLOR_INIT -- Renames the colours from numerical ones to ones with meaningful names; - COLOR_INPUT for when there is content in the input buffer and COLOR_EMPTY - for when the input buffer has been cleared (backspaced or a failed attempt). -- Ensures XFreeColors frees the right number of colours. This is now derived - from the size of `Lock->colors` rather than being an integer literal. -- Makes slock exhibit the behaviour described by Markus - -The default colours are the same as the ones slock currently uses, with the -exception of the new color, which I have set to red, as it indicates someone -has either failed an attempt to unlock, or that they have entered input and -erased it all. ---- - config.def.h | 7 +++++-- - slock.c | 27 ++++++++++++++++++--------- - 2 files changed, 23 insertions(+), 11 deletions(-) - -diff --git a/config.def.h b/config.def.h -index 89e5977..4bccb5d 100644 ---- a/config.def.h -+++ b/config.def.h -@@ -1,2 +1,5 @@ --#define COLOR1 "black" --#define COLOR2 "#005577" -+static const char *colorname[NUMCOLS] = { -+ "black", /* after initialization */ -+ "#005577", /* during input */ -+ "#CC3333", /* failed/cleared the input */ -+}; -diff --git a/slock.c b/slock.c -index 407a540..df5c3fe 100644 ---- a/slock.c -+++ b/slock.c -@@ -22,13 +22,20 @@ - #include <bsd_auth.h> - #endif - -+enum { -+ INIT, -+ INPUT, -+ EMPTY, -+ NUMCOLS -+}; -+ - #include "config.h" - - typedef struct { - int screen; - Window root, win; - Pixmap pmap; -- unsigned long colors[2]; -+ unsigned long colors[NUMCOLS]; - } Lock; - - static Lock **locks; -@@ -162,12 +169,12 @@ readpw(Display *dpy, const char *pws) - } - if (llen == 0 && len != 0) { - for (screen = 0; screen < nscreens; screen++) { -- XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[1]); -+ XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[INPUT]); - XClearWindow(dpy, locks[screen]->win); - } - } else if (llen != 0 && len == 0) { - for (screen = 0; screen < nscreens; screen++) { -- XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[0]); -+ XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[EMPTY]); - XClearWindow(dpy, locks[screen]->win); - } - } -@@ -185,7 +192,7 @@ unlockscreen(Display *dpy, Lock *lock) - return; - - XUngrabPointer(dpy, CurrentTime); -- XFreeColors(dpy, DefaultColormap(dpy, lock->screen), lock->colors, 2, 0); -+ XFreeColors(dpy, DefaultColormap(dpy, lock->screen), lock->colors, NUMCOLS, 0); - XFreePixmap(dpy, lock->pmap); - XDestroyWindow(dpy, lock->win); - -@@ -197,6 +204,7 @@ lockscreen(Display *dpy, int screen) - { - char curs[] = {0, 0, 0, 0, 0, 0, 0, 0}; - unsigned int len; -+ int i; - Lock *lock; - XColor color, dummy; - XSetWindowAttributes wa; -@@ -213,16 +221,17 @@ lockscreen(Display *dpy, int screen) - - lock->root = RootWindow(dpy, lock->screen); - -+ for (i = 0; i < NUMCOLS; i++) { -+ XAllocNamedColor(dpy, DefaultColormap(dpy, lock->screen), colorname[i], &color, &dummy); -+ lock->colors[i] = color.pixel; -+ } -+ - /* init */ - wa.override_redirect = 1; -- wa.background_pixel = BlackPixel(dpy, lock->screen); -+ wa.background_pixel = lock->colors[INIT]; - lock->win = XCreateWindow(dpy, lock->root, 0, 0, DisplayWidth(dpy, lock->screen), DisplayHeight(dpy, lock->screen), - 0, DefaultDepth(dpy, lock->screen), CopyFromParent, - DefaultVisual(dpy, lock->screen), CWOverrideRedirect | CWBackPixel, &wa); -- XAllocNamedColor(dpy, DefaultColormap(dpy, lock->screen), COLOR2, &color, &dummy); -- lock->colors[1] = color.pixel; -- XAllocNamedColor(dpy, DefaultColormap(dpy, lock->screen), COLOR1, &color, &dummy); -- lock->colors[0] = color.pixel; - lock->pmap = XCreateBitmapFromData(dpy, lock->win, curs, 8, 8); - invisible = XCreatePixmapCursor(dpy, lock->pmap, lock->pmap, &color, &color, 0, 0); - XDefineCursor(dpy, lock->win, invisible); --- -2.6.4 - diff --git a/desktop/slock/patches/0002-Clarify-config.def.h.patch b/desktop/slock/patches/0002-Clarify-config.def.h.patch new file mode 100644 index 0000000000000..c5d05a892b926 --- /dev/null +++ b/desktop/slock/patches/0002-Clarify-config.def.h.patch @@ -0,0 +1,28 @@ +From bdcbeab0d8ac0963c61ae1d9d1ed57d3effb8ec3 Mon Sep 17 00:00:00 2001 +From: FRIGN <dev@frign.de> +Date: Sun, 14 Feb 2016 01:32:02 +0100 +Subject: [PATCH 2/7] Clarify config.def.h + +Clear up the wording a bit and explain what failonclear means. +--- + config.def.h | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/config.def.h b/config.def.h +index fca0ae0..eae2d9a 100644 +--- a/config.def.h ++++ b/config.def.h +@@ -1,6 +1,8 @@ + static const char *colorname[NUMCOLS] = { + "black", /* after initialization */ + "#005577", /* during input */ +- "#CC3333", /* failed/cleared the input */ ++ "#CC3333", /* wrong password */ + }; +-static const Bool failonclear = True; ++ ++/* treat a cleared input like a wrong password */ ++static const int failonclear = 1; +-- +2.9.2 + diff --git a/desktop/slock/patches/0003-No-need-for-usage.patch b/desktop/slock/patches/0003-No-need-for-usage.patch new file mode 100644 index 0000000000000..9eb7b4b25669c --- /dev/null +++ b/desktop/slock/patches/0003-No-need-for-usage.patch @@ -0,0 +1,102 @@ +From a6dc051e3744ce5b14c54d2d246d3e8258207e76 Mon Sep 17 00:00:00 2001 +From: FRIGN <dev@frign.de> +Date: Sun, 14 Feb 2016 01:48:48 +0100 +Subject: [PATCH 3/7] No need for usage() + +There are 2 arguments why -v and -h are broken: + + 1) if you are running off git, -v will show the last stable + release, effectively making this option useless. + people running stable versions leave open an attack surface + this way in case there are vulnerabilities found. + 99% of the people are also using package managers to keep + their software up to date, instead of running $TOOL -v to + check how old it is. + 2) -h is a sad excuse for not just looking at the manual page + (man 1 slock). Given we accept a post_lock_command, we can't + be as liberal and just intercept certain flags. + +I changed the manpage to reflect this change. +--- + slock.1 | 24 +++++++----------------- + slock.c | 16 ++-------------- + 2 files changed, 9 insertions(+), 31 deletions(-) + +diff --git a/slock.1 b/slock.1 +index 1f946d9..467194d 100644 +--- a/slock.1 ++++ b/slock.1 +@@ -1,29 +1,19 @@ + .TH SLOCK 1 slock\-VERSION + .SH NAME +-slock \- simple X display locker ++slock \- simple X screen locker + .SH SYNOPSIS + .B slock +-.RB [ \-v +-| +-.IR post_lock_command ] ++.RB [ ++.IR cmd ++] + .SH DESCRIPTION + .B slock +-is a screen locker for X. If provided, the +-.IR post_lock_command +-will be executed when the screen is locked. +-.SH OPTIONS +-.TP +-.B \-v +-prints version information to stdout, then exits. ++is an X screen locker. If provided, ++.IR cmd ++is executed after the screen has been locked. + .SH EXAMPLES + $ slock /usr/sbin/s2ram + .SH CUSTOMIZATION + .B slock + can be customized by creating a custom config.h and (re)compiling the source + code. This keeps it fast, secure and simple. +-.SH AUTHORS +-See the LICENSE file for the authors. +-.SH LICENSE +-See the LICENSE file for the terms of redistribution. +-.SH BUGS +-Please report them. +diff --git a/slock.c b/slock.c +index 3188ff7..4531f95 100644 +--- a/slock.c ++++ b/slock.c +@@ -272,27 +272,15 @@ lockscreen(Display *dpy, int screen) + return NULL; + } + +-static void +-usage(void) +-{ +- fprintf(stderr, "usage: slock [-v|POST_LOCK_CMD]\n"); +- exit(1); +-} +- + int +-main(int argc, char **argv) { ++main(int argc, char **argv) ++{ + #ifndef HAVE_BSD_AUTH + const char *pws; + #endif + Display *dpy; + int screen; + +- if ((argc == 2) && !strcmp("-v", argv[1])) +- die("slock-%s, © 2006-2016 slock engineers\n", VERSION); +- +- if ((argc == 2) && !strcmp("-h", argv[1])) +- usage(); +- + #ifdef __linux__ + dontkillme(); + #endif +-- +2.9.2 + diff --git a/desktop/slock/patches/0003-resize-lockscreen-window-after-Xrandr-resize.patch b/desktop/slock/patches/0003-resize-lockscreen-window-after-Xrandr-resize.patch deleted file mode 100644 index 4b74350fca05e..0000000000000 --- a/desktop/slock/patches/0003-resize-lockscreen-window-after-Xrandr-resize.patch +++ /dev/null @@ -1,83 +0,0 @@ -From f5ef1b8eb5555da11e81d92d8d05acd4aba1ef40 Mon Sep 17 00:00:00 2001 -From: Markus Teich <markus.teich@stusta.mhn.de> -Date: Wed, 25 Feb 2015 23:06:45 +0100 -Subject: [PATCH 3/9] resize lockscreen window after Xrandr resize - ---- - config.mk | 2 +- - slock.c | 18 ++++++++++++++++-- - 2 files changed, 17 insertions(+), 3 deletions(-) - -diff --git a/config.mk b/config.mk -index 067cfc7..44e41c6 100644 ---- a/config.mk -+++ b/config.mk -@@ -11,7 +11,7 @@ X11LIB = /usr/X11R6/lib - - # includes and libs - INCS = -I. -I/usr/include -I${X11INC} --LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -+LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr - - # flags - CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H -diff --git a/slock.c b/slock.c -index df5c3fe..6502c86 100644 ---- a/slock.c -+++ b/slock.c -@@ -13,6 +13,7 @@ - #include <string.h> - #include <unistd.h> - #include <sys/types.h> -+#include <X11/extensions/Xrandr.h> - #include <X11/keysym.h> - #include <X11/Xlib.h> - #include <X11/Xutil.h> -@@ -41,6 +42,9 @@ typedef struct { - static Lock **locks; - static int nscreens; - static Bool running = True; -+static Bool rr; -+static int rrevbase; -+static int rrerrbase; - - static void - die(const char *errstr, ...) -@@ -179,8 +183,15 @@ readpw(Display *dpy, const char *pws) - } - } - llen = len; -- } -- else for (screen = 0; screen < nscreens; screen++) -+ } else if (rr && ev.type == rrevbase + RRScreenChangeNotify) { -+ XRRScreenChangeNotifyEvent *rre = (XRRScreenChangeNotifyEvent*)&ev; -+ for (screen = 0; screen < nscreens; screen++) { -+ if (locks[screen]->win == rre->window) { -+ XResizeWindow(dpy, locks[screen]->win, rre->width, rre->height); -+ XClearWindow(dpy, locks[screen]->win); -+ } -+ } -+ } else for (screen = 0; screen < nscreens; screen++) - XRaiseWindow(dpy, locks[screen]->win); - } - } -@@ -236,6 +247,8 @@ lockscreen(Display *dpy, int screen) - invisible = XCreatePixmapCursor(dpy, lock->pmap, lock->pmap, &color, &color, 0, 0); - XDefineCursor(dpy, lock->win, invisible); - XMapRaised(dpy, lock->win); -+ if (rr) -+ XRRSelectInput(dpy, lock->win, RRScreenChangeNotifyMask); - for (len = 1000; len; len--) { - if (XGrabPointer(dpy, lock->root, False, ButtonPressMask | ButtonReleaseMask | PointerMotionMask, - GrabModeAsync, GrabModeAsync, None, invisible, CurrentTime) == GrabSuccess) -@@ -295,6 +308,7 @@ main(int argc, char **argv) { - - if (!(dpy = XOpenDisplay(0))) - die("slock: cannot open display\n"); -+ rr = XRRQueryExtension(dpy, &rrevbase, &rrerrbase); - /* Get the number of screens in display "dpy" and blank them all. */ - nscreens = ScreenCount(dpy); - locks = malloc(sizeof(Lock *) * nscreens); --- -2.6.4 - diff --git a/desktop/slock/patches/0004-Option-to-not-show-failure-color-on-clear.patch b/desktop/slock/patches/0004-Option-to-not-show-failure-color-on-clear.patch deleted file mode 100644 index 07866a66c65d1..0000000000000 --- a/desktop/slock/patches/0004-Option-to-not-show-failure-color-on-clear.patch +++ /dev/null @@ -1,64 +0,0 @@ -From b1289f30b79c9c5ea43a9e9c624406d7d0661692 Mon Sep 17 00:00:00 2001 -From: Nick Currier <nick.currier@gmail.com> -Date: Wed, 6 May 2015 10:18:50 -0600 -Subject: [PATCH 4/9] Option to not show failure color on clear - ---- - config.def.h | 1 + - slock.c | 9 ++++++--- - 2 files changed, 7 insertions(+), 3 deletions(-) - -diff --git a/config.def.h b/config.def.h -index 4bccb5d..fca0ae0 100644 ---- a/config.def.h -+++ b/config.def.h -@@ -3,3 +3,4 @@ static const char *colorname[NUMCOLS] = { - "#005577", /* during input */ - "#CC3333", /* failed/cleared the input */ - }; -+static const Bool failonclear = True; -diff --git a/slock.c b/slock.c -index 6502c86..1551a9e 100644 ---- a/slock.c -+++ b/slock.c -@@ -26,7 +26,7 @@ - enum { - INIT, - INPUT, -- EMPTY, -+ FAILED, - NUMCOLS - }; - -@@ -42,6 +42,7 @@ typedef struct { - static Lock **locks; - static int nscreens; - static Bool running = True; -+static Bool failure = False; - static Bool rr; - static int rrevbase; - static int rrerrbase; -@@ -153,8 +154,10 @@ readpw(Display *dpy, const char *pws) - #else - running = !!strcmp(crypt(passwd, pws), pws); - #endif -- if (running) -+ if (running) { - XBell(dpy, 100); -+ failure = True; -+ } - len = 0; - break; - case XK_Escape: -@@ -178,7 +181,7 @@ readpw(Display *dpy, const char *pws) - } - } else if (llen != 0 && len == 0) { - for (screen = 0; screen < nscreens; screen++) { -- XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[EMPTY]); -+ XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[failure || failonclear ? FAILED : INIT]); - XClearWindow(dpy, locks[screen]->win); - } - } --- -2.6.4 - diff --git a/desktop/slock/patches/0004-Use-argv0-instead-of-passing-slock-to-die-every-time.patch b/desktop/slock/patches/0004-Use-argv0-instead-of-passing-slock-to-die-every-time.patch new file mode 100644 index 0000000000000..954df8f8d3df4 --- /dev/null +++ b/desktop/slock/patches/0004-Use-argv0-instead-of-passing-slock-to-die-every-time.patch @@ -0,0 +1,125 @@ +From b02c4d452a7942d4be3c69e6f98dafd35a2e4e78 Mon Sep 17 00:00:00 2001 +From: FRIGN <dev@frign.de> +Date: Sun, 14 Feb 2016 02:13:54 +0100 +Subject: [PATCH 4/7] Use argv0 instead of passing "slock:" to die every time + +--- + slock.c | 28 ++++++++++++++++------------ + 1 file changed, 16 insertions(+), 12 deletions(-) + +diff --git a/slock.c b/slock.c +index 4531f95..a0ffed0 100644 +--- a/slock.c ++++ b/slock.c +@@ -46,6 +46,7 @@ static Bool failure = False; + static Bool rr; + static int rrevbase; + static int rrerrbase; ++static char *argv0; + + static void + die(const char *errstr, ...) +@@ -53,6 +54,7 @@ die(const char *errstr, ...) + va_list ap; + + va_start(ap, errstr); ++ fprintf(stderr, "%s: ", argv0); + vfprintf(stderr, errstr, ap); + va_end(ap); + exit(1); +@@ -88,9 +90,9 @@ getpw(void) + errno = 0; + if (!(pw = getpwuid(getuid()))) { + if (errno) +- die("slock: getpwuid: %s\n", strerror(errno)); ++ die("getpwuid: %s\n", strerror(errno)); + else +- die("slock: cannot retrieve password entry\n"); ++ die("cannot retrieve password entry\n"); + } + rval = pw->pw_passwd; + +@@ -98,7 +100,7 @@ getpw(void) + if (rval[0] == 'x' && rval[1] == '\0') { + struct spwd *sp; + if (!(sp = getspnam(getenv("USER")))) +- die("slock: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); ++ die("cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); + rval = sp->sp_pwdp; + } + #endif +@@ -106,7 +108,7 @@ getpw(void) + /* drop privileges */ + if (geteuid() == 0 && + ((getegid() != pw->pw_gid && setgid(pw->pw_gid) < 0) || setuid(pw->pw_uid) < 0)) +- die("slock: cannot drop privileges\n"); ++ die("cannot drop privileges\n"); + return rval; + } + #endif +@@ -254,7 +256,7 @@ lockscreen(Display *dpy, int screen) + usleep(1000); + } + if (!len) { +- fprintf(stderr, "slock: unable to grab mouse pointer for screen %d\n", screen); ++ fprintf(stderr, "unable to grab mouse pointer for screen %d\n", screen); + } else { + for (len = 1000; len; len--) { + if (XGrabKeyboard(dpy, lock->root, True, GrabModeAsync, GrabModeAsync, CurrentTime) == GrabSuccess) { +@@ -264,7 +266,7 @@ lockscreen(Display *dpy, int screen) + } + usleep(1000); + } +- fprintf(stderr, "slock: unable to grab keyboard for screen %d\n", screen); ++ fprintf(stderr, "unable to grab keyboard for screen %d\n", screen); + } + /* grabbing one of the inputs failed */ + running = 0; +@@ -281,24 +283,26 @@ main(int argc, char **argv) + Display *dpy; + int screen; + ++ argv0 = argv[0], argc--, argv++; ++ + #ifdef __linux__ + dontkillme(); + #endif + + if (!getpwuid(getuid())) +- die("slock: no passwd entry for you\n"); ++ die("no passwd entry for you\n"); + + #ifndef HAVE_BSD_AUTH + pws = getpw(); + #endif + + if (!(dpy = XOpenDisplay(0))) +- die("slock: cannot open display\n"); ++ die("cannot open display\n"); + rr = XRRQueryExtension(dpy, &rrevbase, &rrerrbase); + /* Get the number of screens in display "dpy" and blank them all. */ + nscreens = ScreenCount(dpy); + if (!(locks = malloc(sizeof(Lock*) * nscreens))) +- die("slock: malloc: %s\n", strerror(errno)); ++ die("Out of memory.\n"); + int nlocks = 0; + for (screen = 0; screen < nscreens; screen++) { + if ((locks[screen] = lockscreen(dpy, screen)) != NULL) +@@ -313,11 +317,11 @@ main(int argc, char **argv) + return 1; + } + +- if (argc >= 2 && fork() == 0) { ++ if (argc >= 1 && fork() == 0) { + if (dpy) + close(ConnectionNumber(dpy)); +- execvp(argv[1], argv+1); +- die("slock: execvp %s failed: %s\n", argv[1], strerror(errno)); ++ execvp(argv[0], argv); ++ die("execvp %s failed: %s\n", argv[0], strerror(errno)); + } + + /* Everything is now blank. Now wait for the correct password. */ +-- +2.9.2 + diff --git a/desktop/slock/patches/0005-consistently-use-with-sizeof.patch b/desktop/slock/patches/0005-consistently-use-with-sizeof.patch deleted file mode 100644 index 8db4960d68f3d..0000000000000 --- a/desktop/slock/patches/0005-consistently-use-with-sizeof.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 10d4e479c5f6d91bf86e15be3a12c6b09c9808be Mon Sep 17 00:00:00 2001 -From: Markus Teich <markus.teich@stusta.mhn.de> -Date: Fri, 8 May 2015 16:43:13 +0200 -Subject: [PATCH 5/9] consistently use () with sizeof - ---- - slock.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/slock.c b/slock.c -index 1551a9e..68e813f 100644 ---- a/slock.c -+++ b/slock.c -@@ -133,7 +133,7 @@ readpw(Display *dpy, const char *pws) - while (running && !XNextEvent(dpy, &ev)) { - if (ev.type == KeyPress) { - buf[0] = 0; -- num = XLookupString(&ev.xkey, buf, sizeof buf, &ksym, 0); -+ num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0); - if (IsKeypadKey(ksym)) { - if (ksym == XK_KP_Enter) - ksym = XK_Return; -@@ -168,7 +168,7 @@ readpw(Display *dpy, const char *pws) - --len; - break; - default: -- if (num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) { -+ if (num && !iscntrl((int) buf[0]) && (len + num < sizeof(passwd))) { - memcpy(passwd + len, buf, num); - len += num; - } --- -2.6.4 - diff --git a/desktop/slock/patches/0005-revert-using-argv0-and-minor-fixup.patch b/desktop/slock/patches/0005-revert-using-argv0-and-minor-fixup.patch new file mode 100644 index 0000000000000..d1ae1e9dfa1f5 --- /dev/null +++ b/desktop/slock/patches/0005-revert-using-argv0-and-minor-fixup.patch @@ -0,0 +1,78 @@ +From ec46680fe10ffc69007b0a8b29d9e69c72704053 Mon Sep 17 00:00:00 2001 +From: Markus Teich <markus.teich@stusta.mhn.de> +Date: Mon, 15 Feb 2016 14:00:56 +0100 +Subject: [PATCH 5/7] revert using argv0 and minor fixup + +- use hardcoded "slock" instead of argv[0] +- add "slock: " to fprintf calls, where it was missing +- revert `argc--, argv++` shifting +--- + slock.c | 15 ++++++--------- + 1 file changed, 6 insertions(+), 9 deletions(-) + +diff --git a/slock.c b/slock.c +index a0ffed0..2aa395e 100644 +--- a/slock.c ++++ b/slock.c +@@ -46,15 +46,14 @@ static Bool failure = False; + static Bool rr; + static int rrevbase; + static int rrerrbase; +-static char *argv0; + + static void + die(const char *errstr, ...) + { + va_list ap; + ++ fputs("slock: ", stderr); + va_start(ap, errstr); +- fprintf(stderr, "%s: ", argv0); + vfprintf(stderr, errstr, ap); + va_end(ap); + exit(1); +@@ -256,7 +255,7 @@ lockscreen(Display *dpy, int screen) + usleep(1000); + } + if (!len) { +- fprintf(stderr, "unable to grab mouse pointer for screen %d\n", screen); ++ fprintf(stderr, "slock: unable to grab mouse pointer for screen %d\n", screen); + } else { + for (len = 1000; len; len--) { + if (XGrabKeyboard(dpy, lock->root, True, GrabModeAsync, GrabModeAsync, CurrentTime) == GrabSuccess) { +@@ -266,7 +265,7 @@ lockscreen(Display *dpy, int screen) + } + usleep(1000); + } +- fprintf(stderr, "unable to grab keyboard for screen %d\n", screen); ++ fprintf(stderr, "slock: unable to grab keyboard for screen %d\n", screen); + } + /* grabbing one of the inputs failed */ + running = 0; +@@ -283,8 +282,6 @@ main(int argc, char **argv) + Display *dpy; + int screen; + +- argv0 = argv[0], argc--, argv++; +- + #ifdef __linux__ + dontkillme(); + #endif +@@ -317,11 +314,11 @@ main(int argc, char **argv) + return 1; + } + +- if (argc >= 1 && fork() == 0) { ++ if (argc >= 2 && fork() == 0) { + if (dpy) + close(ConnectionNumber(dpy)); +- execvp(argv[0], argv); +- die("execvp %s failed: %s\n", argv[0], strerror(errno)); ++ execvp(argv[1], argv+1); ++ die("execvp %s failed: %s\n", argv[1], strerror(errno)); + } + + /* Everything is now blank. Now wait for the correct password. */ +-- +2.9.2 + diff --git a/desktop/slock/patches/0006-Revert-No-need-for-usage.patch b/desktop/slock/patches/0006-Revert-No-need-for-usage.patch new file mode 100644 index 0000000000000..659685bc5d050 --- /dev/null +++ b/desktop/slock/patches/0006-Revert-No-need-for-usage.patch @@ -0,0 +1,90 @@ +From 65b8d5278882310eed758e6fbfd6ab9676db883c Mon Sep 17 00:00:00 2001 +From: Markus Teich <markus.teich@stusta.mhn.de> +Date: Mon, 15 Feb 2016 14:15:45 +0100 +Subject: [PATCH 6/7] Revert "No need for usage()" + +This reverts most of commit a6dc051e3744ce5b14c54d2d246d3e8258207e76 and fixes +some related stuff: + +- keep spelling fixes from original commit +- make -h and -v also work when followed by more arguments +- any unknown flag prints usage +- fix output of -v to display "slock: version 1.3" instead of "slock: slock-1.3" +--- + slock.1 | 16 +++++++++++++--- + slock.c | 17 +++++++++++++++-- + 2 files changed, 28 insertions(+), 5 deletions(-) + +diff --git a/slock.1 b/slock.1 +index 467194d..0ef3e15 100644 +--- a/slock.1 ++++ b/slock.1 +@@ -3,17 +3,27 @@ + slock \- simple X screen locker + .SH SYNOPSIS + .B slock +-.RB [ +-.IR cmd +-] ++.RB [ \-v ++| ++.IR cmd ] + .SH DESCRIPTION + .B slock + is an X screen locker. If provided, + .IR cmd + is executed after the screen has been locked. ++.SH OPTIONS ++.TP ++.B \-v ++prints version information to stdout, then exits. + .SH EXAMPLES + $ slock /usr/sbin/s2ram + .SH CUSTOMIZATION + .B slock + can be customized by creating a custom config.h and (re)compiling the source + code. This keeps it fast, secure and simple. ++.SH AUTHORS ++See the LICENSE file for the authors. ++.SH LICENSE ++See the LICENSE file for the terms of redistribution. ++.SH BUGS ++Please report them. +diff --git a/slock.c b/slock.c +index 2aa395e..c9cdee2 100644 +--- a/slock.c ++++ b/slock.c +@@ -273,15 +273,28 @@ lockscreen(Display *dpy, int screen) + return NULL; + } + +-int +-main(int argc, char **argv) ++static void ++usage(void) + { ++ fprintf(stderr, "usage: slock [-v|POST_LOCK_CMD]\n"); ++ exit(1); ++} ++ ++int ++main(int argc, char **argv) { + #ifndef HAVE_BSD_AUTH + const char *pws; + #endif + Display *dpy; + int screen; + ++ if ((argc >= 2) && !strcmp("-v", argv[1])) ++ die("version %s, © 2006-2016 slock engineers\n", VERSION); ++ ++ /* treat first argument starting with a '-' as option */ ++ if ((argc >= 2) && argv[1][0] == '-') ++ usage(); ++ + #ifdef __linux__ + dontkillme(); + #endif +-- +2.9.2 + diff --git a/desktop/slock/patches/0006-rework-setting-window-color.patch b/desktop/slock/patches/0006-rework-setting-window-color.patch deleted file mode 100644 index f1c0903f8c9d3..0000000000000 --- a/desktop/slock/patches/0006-rework-setting-window-color.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 754195f8d75586e23d1cc69cad00710802e0cb5d Mon Sep 17 00:00:00 2001 -From: Markus Teich <markus.teich@stusta.mhn.de> -Date: Fri, 8 May 2015 17:10:15 +0200 -Subject: [PATCH 6/9] rework setting window color - ---- - slock.c | 17 +++++++---------- - 1 file changed, 7 insertions(+), 10 deletions(-) - -diff --git a/slock.c b/slock.c -index 68e813f..d6053af 100644 ---- a/slock.c -+++ b/slock.c -@@ -119,11 +119,12 @@ readpw(Display *dpy, const char *pws) - { - char buf[32], passwd[256]; - int num, screen; -- unsigned int len, llen; -+ unsigned int len, color; - KeySym ksym; - XEvent ev; -+ static int oldc = INIT; - -- len = llen = 0; -+ len = 0; - running = True; - - /* As "slock" stands for "Simple X display locker", the DPMS settings -@@ -174,18 +175,14 @@ readpw(Display *dpy, const char *pws) - } - break; - } -- if (llen == 0 && len != 0) { -+ color = len ? INPUT : (failure || failonclear ? FAILED : INIT); -+ if (oldc != color) { - for (screen = 0; screen < nscreens; screen++) { -- XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[INPUT]); -- XClearWindow(dpy, locks[screen]->win); -- } -- } else if (llen != 0 && len == 0) { -- for (screen = 0; screen < nscreens; screen++) { -- XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[failure || failonclear ? FAILED : INIT]); -+ XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[color]); - XClearWindow(dpy, locks[screen]->win); - } -+ oldc = color; - } -- llen = len; - } else if (rr && ev.type == rrevbase + RRScreenChangeNotify) { - XRRScreenChangeNotifyEvent *rre = (XRRScreenChangeNotifyEvent*)&ev; - for (screen = 0; screen < nscreens; screen++) { --- -2.6.4 - diff --git a/desktop/slock/patches/0007-Slightly-safer-OOM-killer-disablement-in-linux.patch b/desktop/slock/patches/0007-Slightly-safer-OOM-killer-disablement-in-linux.patch deleted file mode 100644 index 8fbde2c31dbc7..0000000000000 --- a/desktop/slock/patches/0007-Slightly-safer-OOM-killer-disablement-in-linux.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 0edbd2e0164a8c6cbad415e38083469041f29996 Mon Sep 17 00:00:00 2001 -From: David Phillips <dbphillipsnz@gmail.com> -Date: Fri, 19 Jun 2015 23:42:15 +1200 -Subject: [PATCH 7/9] Slightly safer OOM killer disablement in linux - ---- - slock.c | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/slock.c b/slock.c -index d6053af..b3bee92 100644 ---- a/slock.c -+++ b/slock.c -@@ -60,16 +60,27 @@ die(const char *errstr, ...) - - #ifdef __linux__ - #include <fcntl.h> -+#include <linux/oom.h> - - static void - dontkillme(void) - { - int fd; -+ int length; -+ char value[64]; - - fd = open("/proc/self/oom_score_adj", O_WRONLY); - if (fd < 0 && errno == ENOENT) - return; -- if (fd < 0 || write(fd, "-1000\n", 6) != 6 || close(fd) != 0) -+ -+ /* convert OOM_SCORE_ADJ_MIN to string for writing */ -+ length = snprintf(value, sizeof(value), "%d\n", OOM_SCORE_ADJ_MIN); -+ -+ /* bail on truncation */ -+ if (length >= sizeof(value)) -+ die("buffer too small\n"); -+ -+ if (fd < 0 || write(fd, value, length) != length || close(fd) != 0) - die("cannot disable the out-of-memory killer for this process\n"); - } - #endif --- -2.6.4 - diff --git a/desktop/slock/patches/0007-clear-passwords-with-explicit_bzero.patch b/desktop/slock/patches/0007-clear-passwords-with-explicit_bzero.patch new file mode 100644 index 0000000000000..3d43e9a9bf503 --- /dev/null +++ b/desktop/slock/patches/0007-clear-passwords-with-explicit_bzero.patch @@ -0,0 +1,146 @@ +From a7afade1701a809f6a33b53525d59dd29b38d381 Mon Sep 17 00:00:00 2001 +From: Hiltjo Posthuma <hiltjo@codemadness.org> +Date: Sun, 31 Jul 2016 13:43:00 +0200 +Subject: [PATCH 7/7] clear passwords with explicit_bzero + +Make sure to explicitly clear memory that is used for password input. memset +is often optimized out by the compiler. + +Brought to attention by the OpenBSD community, see: +https://marc.info/?t=146989502600003&r=1&w=2 +Thread subject: x11/slock: clear passwords with explicit_bzero + +Changes: + +- explicit_bzero.c import from libressl-portable. +- Makefile: add COMPATSRC for compatibility src. +- config.mk: add separate *BSD section in config.mk to simply uncomment it on + these platforms. +--- + Makefile | 6 +++--- + config.mk | 4 ++++ + explicit_bzero.c | 19 +++++++++++++++++++ + slock.c | 8 ++++++-- + util.h | 2 ++ + 5 files changed, 34 insertions(+), 5 deletions(-) + create mode 100644 explicit_bzero.c + create mode 100644 util.h + +diff --git a/Makefile b/Makefile +index 86b3437..8b3e248 100644 +--- a/Makefile ++++ b/Makefile +@@ -3,7 +3,7 @@ + + include config.mk + +-SRC = slock.c ++SRC = slock.c ${COMPATSRC} + OBJ = ${SRC:.c=.o} + + all: options slock +@@ -35,8 +35,8 @@ clean: + dist: clean + @echo creating dist tarball + @mkdir -p slock-${VERSION} +- @cp -R LICENSE Makefile README config.def.h config.mk ${SRC} slock.1 \ +- slock-${VERSION} ++ @cp -R LICENSE Makefile README config.def.h config.mk ${SRC} \ ++ explicit_bzero.c slock.1 slock-${VERSION} + @tar -cf slock-${VERSION}.tar slock-${VERSION} + @gzip slock-${VERSION}.tar + @rm -rf slock-${VERSION} +diff --git a/config.mk b/config.mk +index f93879e..3afc061 100644 +--- a/config.mk ++++ b/config.mk +@@ -18,9 +18,13 @@ LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr + CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H + CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS} + LDFLAGS = -s ${LIBS} ++COMPATSRC = explicit_bzero.c + + # On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH + # On OpenBSD and Darwin remove -lcrypt from LIBS ++#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr ++#CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE ++#COMPATSRC = + + # compiler and linker + CC = cc +diff --git a/explicit_bzero.c b/explicit_bzero.c +new file mode 100644 +index 0000000..3e33ca8 +--- /dev/null ++++ b/explicit_bzero.c +@@ -0,0 +1,19 @@ ++/* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */ ++/* ++ * Public domain. ++ * Written by Matthew Dempsky. ++ */ ++ ++#include <string.h> ++ ++__attribute__((weak)) void ++__explicit_bzero_hook(void *buf, size_t len) ++{ ++} ++ ++void ++explicit_bzero(void *buf, size_t len) ++{ ++ memset(buf, 0, len); ++ __explicit_bzero_hook(buf, len); ++} +diff --git a/slock.c b/slock.c +index c9cdee2..a00fbb9 100644 +--- a/slock.c ++++ b/slock.c +@@ -23,6 +23,8 @@ + #include <bsd_auth.h> + #endif + ++#include "util.h" ++ + enum { + INIT, + INPUT, +@@ -135,7 +137,7 @@ readpw(Display *dpy, const char *pws) + * timeout. */ + while (running && !XNextEvent(dpy, &ev)) { + if (ev.type == KeyPress) { +- buf[0] = 0; ++ explicit_bzero(&buf, sizeof(buf)); + num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0); + if (IsKeypadKey(ksym)) { + if (ksym == XK_KP_Enter) +@@ -161,14 +163,16 @@ readpw(Display *dpy, const char *pws) + XBell(dpy, 100); + failure = True; + } ++ explicit_bzero(&passwd, sizeof(passwd)); + len = 0; + break; + case XK_Escape: ++ explicit_bzero(&passwd, sizeof(passwd)); + len = 0; + break; + case XK_BackSpace: + if (len) +- --len; ++ passwd[len--] = 0; + break; + default: + if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) { +diff --git a/util.h b/util.h +new file mode 100644 +index 0000000..6f748b8 +--- /dev/null ++++ b/util.h +@@ -0,0 +1,2 @@ ++#undef explicit_bzero ++void explicit_bzero(void *, size_t); +-- +2.9.2 + diff --git a/desktop/slock/patches/0008-Don-t-change-to-failure-colour-on-success.patch b/desktop/slock/patches/0008-Don-t-change-to-failure-colour-on-success.patch deleted file mode 100644 index 39c70926b7cf7..0000000000000 --- a/desktop/slock/patches/0008-Don-t-change-to-failure-colour-on-success.patch +++ /dev/null @@ -1,25 +0,0 @@ -From b95ee111c7625375716e848ec81af2f57ca35b02 Mon Sep 17 00:00:00 2001 -From: David Phillips <dbphillipsnz@gmail.com> -Date: Thu, 27 Aug 2015 06:16:25 +0200 -Subject: [PATCH 8/9] Don't change to failure colour on success - ---- - slock.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/slock.c b/slock.c -index b3bee92..6be8f22 100644 ---- a/slock.c -+++ b/slock.c -@@ -187,7 +187,7 @@ readpw(Display *dpy, const char *pws) - break; - } - color = len ? INPUT : (failure || failonclear ? FAILED : INIT); -- if (oldc != color) { -+ if (running && oldc != color) { - for (screen = 0; screen < nscreens; screen++) { - XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[color]); - XClearWindow(dpy, locks[screen]->win); --- -2.6.4 - diff --git a/desktop/slock/patches/0009-add-option-to-run-command-after-screen-is-locked.patch b/desktop/slock/patches/0009-add-option-to-run-command-after-screen-is-locked.patch deleted file mode 100644 index 574396a1dee83..0000000000000 --- a/desktop/slock/patches/0009-add-option-to-run-command-after-screen-is-locked.patch +++ /dev/null @@ -1,49 +0,0 @@ -From e867c38123175d6f050e051ee6b00f4737a9712a Mon Sep 17 00:00:00 2001 -From: Markus Teich <markus.teich@stusta.mhn.de> -Date: Sat, 26 Dec 2015 13:13:25 +0100 -Subject: [PATCH 9/9] add option to run command after screen is locked - ---- - slock.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/slock.c b/slock.c -index 6be8f22..ddf1074 100644 ---- a/slock.c -+++ b/slock.c -@@ -289,7 +289,7 @@ lockscreen(Display *dpy, int screen) - static void - usage(void) - { -- fprintf(stderr, "usage: slock [-v]\n"); -+ fprintf(stderr, "usage: slock [-v|POST_LOCK_CMD]\n"); - exit(1); - } - -@@ -303,7 +303,8 @@ main(int argc, char **argv) { - - if ((argc == 2) && !strcmp("-v", argv[1])) - die("slock-%s, © 2006-2015 slock engineers\n", VERSION); -- else if (argc != 1) -+ -+ if ((argc == 2) && !strcmp("-h", argv[1])) - usage(); - - #ifdef __linux__ -@@ -339,6 +340,13 @@ main(int argc, char **argv) { - return 1; - } - -+ if (argc >= 2 && fork() == 0) { -+ if (dpy) -+ close(ConnectionNumber(dpy)); -+ execvp(argv[1], argv+1); -+ die("slock: execvp %s failed: %s\n", argv[1], strerror(errno)); -+ } -+ - /* Everything is now blank. Now wait for the correct password. */ - #ifdef HAVE_BSD_AUTH - readpw(dpy); --- -2.6.4 - |