[pkgsrc/trunk]: pkgsrc/x11/xscreensaver don't install suid on NetBSD per defa...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/x11/xscreensaver don't install suid on NetBSD per defa...
From: drochner <drochner%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 04:24:51 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/f1e1f06296f3
branches:  trunk
changeset: 523521:f1e1f06296f3
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Mon Jan 08 21:45:10 2007 +0000

description:
don't install suid on NetBSD per default; now there are 3 ways:
-no PAM (default): let configure figure out whether shadow passwords
 are used, in that case xscreensaver will be installed suid to enable
 checking
-"pam" option enabled: assume that PAM is able to check the password
 w/o root privs; require the new pam-pwauth_suid on NetBSD for that
-"pam" option enabled; the user decides not to use pam-pwauth_suid
 but sets xscreensaver suid instead (on NetBSD, or if the PAM
 implementation needs it)
add a MESSAGE discussing the latter 2 options
bump PKGREVISION

diffstat:

 x11/xscreensaver/MESSAGE                       |  17 +++++++++++++++++
 x11/xscreensaver/Makefile                      |  13 ++++++++++++-
 x11/xscreensaver/Makefile.common               |   4 +---
 x11/xscreensaver/PLIST                         |   5 ++++-
 x11/xscreensaver/distinfo                      |   4 ++--
 x11/xscreensaver/files/pam-xscreensaver-NetBSD |  17 +++++++++++++++++
 x11/xscreensaver/options.mk                    |  14 ++++++++++++--
 x11/xscreensaver/patches/patch-ac              |  13 +++++++++++--
 8 files changed, 76 insertions(+), 11 deletions(-)

diffs (195 lines):

diff -r 5ef344f45895 -r f1e1f06296f3 x11/xscreensaver/MESSAGE
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/xscreensaver/MESSAGE  Mon Jan 08 21:45:10 2007 +0000
@@ -0,0 +1,17 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1 2007/01/08 21:45:10 drochner Exp $
+
+If xsreensaver is built with the "pam" option:
+In order to make unlocking work , you need to add an
+xscreensaver file to your pam configuration directory (usually
+/etc/pam.d).  You can find a sample file in:
+       ${EGDIR}/pam.d/xscreensaver-NetBSD
+On  NetBSD, the "pam_pwauth_suid.so" module can be used to authenticate
+against a shadow password database. Note that use of this module might
+allow programs with your privileges to get a copy of your plaintext
+password as typed in for unlocking.
+Alternatively, you might set the
+       ${PREFIX}/bin/xscreensaver
+executable setuid root. Since this is a relatively complex program,
+there is the risk of other exploits.
+===========================================================================
diff -r 5ef344f45895 -r f1e1f06296f3 x11/xscreensaver/Makefile
--- a/x11/xscreensaver/Makefile Mon Jan 08 21:42:41 2007 +0000
+++ b/x11/xscreensaver/Makefile Mon Jan 08 21:45:10 2007 +0000
@@ -1,4 +1,6 @@
-# $NetBSD: Makefile,v 1.81 2006/10/15 11:44:20 markd Exp $
+# $NetBSD: Makefile,v 1.82 2007/01/08 21:45:10 drochner Exp $
+
+PKGREVISION=   1
 
 COMMENT=       Screen saver and locker for the X window system
 
@@ -10,6 +12,9 @@
 CONFIGURE_ARGS+=       --with-xml=${BUILDLINK_PREFIX.libxml2}
 CONFIGURE_ARGS+=       --with-configdir=${PREFIX}/libexec/xscreensaver/config
 
+EGDIR=                 ${PREFIX}/share/examples/xscreensaver
+MESSAGE_SUBST+=                EGDIR=${EGDIR:Q}
+
 .include "options.mk"
 .include "../../textproc/libxml2/buildlink3.mk"
 
@@ -17,4 +22,10 @@
 post-extract:
        cd ${WRKSRC}/po && ${RM} -f ca.po pt_BR.po
 
+post-install: installpamex
+installpamex:
+       ${INSTALL_DATA_DIR} ${EGDIR}/pam.d
+       ${INSTALL_DATA} ${FILESDIR}/pam-xscreensaver-NetBSD \
+                ${EGDIR}/pam.d/xscreensaver-NetBSD
+
 .include "../../mk/bsd.pkg.mk"
diff -r 5ef344f45895 -r f1e1f06296f3 x11/xscreensaver/Makefile.common
--- a/x11/xscreensaver/Makefile.common  Mon Jan 08 21:42:41 2007 +0000
+++ b/x11/xscreensaver/Makefile.common  Mon Jan 08 21:45:10 2007 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.93 2006/12/15 20:33:06 joerg Exp $
+# $NetBSD: Makefile.common,v 1.94 2007/01/08 21:45:10 drochner Exp $
 #
 
 # When updating the package, and screensavers are removed,
@@ -25,8 +25,6 @@
 CONFIGURE_ARGS+=       --with-zippy=/usr/games/fortune
 
 CONFIGURE_ARGS+=       --without-motif
-CONFIGURE_ARGS+=       --without-shadow
-CONFIGURE_ARGS+=       --without-pam
 
 CONFIGURE_ENV+=                X_PRE_LIBS=-lXt
 CONFIGURE_ENV+=                ac_cv_x_app_defaults="${PREFIX}/lib/X11/app-defaults"
diff -r 5ef344f45895 -r f1e1f06296f3 x11/xscreensaver/PLIST
--- a/x11/xscreensaver/PLIST    Mon Jan 08 21:42:41 2007 +0000
+++ b/x11/xscreensaver/PLIST    Mon Jan 08 21:45:10 2007 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.30 2006/07/18 18:40:36 wiz Exp $
+@comment $NetBSD: PLIST,v 1.31 2007/01/08 21:45:10 drochner Exp $
 bin/xscreensaver
 bin/xscreensaver-command
 bin/xscreensaver-getimage
@@ -634,6 +634,7 @@
 man/man6/xspirograph.6
 man/man6/xsublim.6
 man/man6/zoom.6
+share/examples/xscreensaver/pam.d/xscreensaver-NetBSD
 share/locale/da/LC_MESSAGES/xscreensaver.mo
 share/locale/de/LC_MESSAGES/xscreensaver.mo
 share/locale/es/LC_MESSAGES/xscreensaver.mo
@@ -656,5 +657,7 @@
 share/locale/wa/LC_MESSAGES/xscreensaver.mo
 share/locale/zh_CN/LC_MESSAGES/xscreensaver.mo
 share/locale/zh_TW/LC_MESSAGES/xscreensaver.mo
+@dirrm share/examples/xscreensaver/pam.d
+@dirrm share/examples/xscreensaver
 @dirrm libexec/xscreensaver/config
 @dirrm libexec/xscreensaver
diff -r 5ef344f45895 -r f1e1f06296f3 x11/xscreensaver/distinfo
--- a/x11/xscreensaver/distinfo Mon Jan 08 21:42:41 2007 +0000
+++ b/x11/xscreensaver/distinfo Mon Jan 08 21:45:10 2007 +0000
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.50 2006/08/10 14:51:39 reed Exp $
+$NetBSD: distinfo,v 1.51 2007/01/08 21:45:10 drochner Exp $
 
 SHA1 (xscreensaver-5.00.tar.gz) = 631eb0414112b2db2e62e2ab5a984726d61696d2
 RMD160 (xscreensaver-5.00.tar.gz) = 7630ff42cfd24557cf1459902ddc6256004fc938
 Size (xscreensaver-5.00.tar.gz) = 5263478 bytes
 SHA1 (patch-aa) = e9081bc1b18d6906fcda3d652df9954092b93a84
 SHA1 (patch-ab) = d49a0854e40d6e0dcd9dfcec9c4007d0dd62dfdb
-SHA1 (patch-ac) = 258161b29cdd951d2c7421433f0786c1595e52b6
+SHA1 (patch-ac) = c51781671f11d4fcfbc19ef41c01228bd3c6d529
 SHA1 (patch-ad) = 5d0e3fe79d0161897cf945ca4f2a2178342d3ba5
 SHA1 (patch-ae) = 16d0c8b50b2601458aaec09d1c7425fb23308225
 SHA1 (patch-af) = d8261f1c8fd01b455a151f97837712dc46aff6f3
diff -r 5ef344f45895 -r f1e1f06296f3 x11/xscreensaver/files/pam-xscreensaver-NetBSD
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/xscreensaver/files/pam-xscreensaver-NetBSD    Mon Jan 08 21:45:10 2007 +0000
@@ -0,0 +1,17 @@
+# $NetBSD: pam-xscreensaver-NetBSD,v 1.1 2007/01/08 21:45:10 drochner Exp $
+#
+# PAM configuration for the "xscreensaver" service
+#
+
+# auth
+auth           sufficient      pam_pwauth_suid.so
+auth           include         system
+
+# account
+account                include         system
+
+# session
+session                include         system
+
+# password
+password       include         system
diff -r 5ef344f45895 -r f1e1f06296f3 x11/xscreensaver/options.mk
--- a/x11/xscreensaver/options.mk       Mon Jan 08 21:42:41 2007 +0000
+++ b/x11/xscreensaver/options.mk       Mon Jan 08 21:45:10 2007 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.3 2007/01/06 19:53:40 rillig Exp $
+# $NetBSD: options.mk,v 1.4 2007/01/08 21:45:10 drochner Exp $
 
 PKG_OPTIONS_VAR=       PKG_OPTIONS.xscreensaver
 PKG_SUPPORTED_OPTIONS= pam xscreensaver-webcollage
@@ -8,12 +8,22 @@
 .if !empty(PKG_OPTIONS:Mpam)
 .  include "../../mk/pam.buildlink3.mk"
 CONFIGURE_ARGS+=       --with-pam
+CONFIGURE_ARGS+=       --without-shadow
+.if ${OPSYS} == "NetBSD"
+# needed to read shadow passwords
+DEPENDS+=      pam-pwauth_suid-*:../../security/pam-pwauth_suid
+.endif
+.else
+CONFIGURE_ARGS+=       --without-pam
+# configure should figure out
+#CONFIGURE_ARGS+=      --without-shadow
 .endif
 
 .if !empty(PKG_OPTIONS:Mxscreensaver-webcollage)
 PLIST_SRC=     PLIST.webcollage PLIST
 .else
-post-install:
+post-install: delwebcollage
+delwebcollage:
        rm ${PREFIX}/libexec/xscreensaver/config/webcollage.xml
        rm ${PREFIX}/libexec/xscreensaver/webcollage
        rm ${PREFIX}/${PKGMANDIR}/man6/webcollage.6
diff -r 5ef344f45895 -r f1e1f06296f3 x11/xscreensaver/patches/patch-ac
--- a/x11/xscreensaver/patches/patch-ac Mon Jan 08 21:42:41 2007 +0000
+++ b/x11/xscreensaver/patches/patch-ac Mon Jan 08 21:45:10 2007 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-ac,v 1.17 2006/07/18 18:40:36 wiz Exp $
+$NetBSD: patch-ac,v 1.18 2007/01/08 21:45:10 drochner Exp $
 
---- configure.orig     2006-05-23 23:01:32.000000000 +0000
+--- configure.orig     2006-05-24 01:01:32.000000000 +0200
 +++ configure
 @@ -2872,6 +2872,9 @@ echo "${ECHO_T}Turning on SGI compiler w
      esac
@@ -47,6 +47,15 @@
  
      # jwz: MacOS X uses -lkrb5, but not -lcrypt
  
+@@ -14371,7 +14375,7 @@ fi
+ #
+ if test "$enable_locking" = yes ; then
+   case "$host" in
+-    *-hpux* | *-aix* | *-netbsd* | *-freebsd* | *-openbsd* )
++    *-hpux* | *-aix* | *-freebsd* | *-openbsd* )
+       need_setuid=yes
+     ;;
+   esac
 @@ -14800,11 +14804,7 @@ echo "${ECHO_T}$ac_cv_gtk_config_libs" >
    ac_gtk_config_libs=$ac_cv_gtk_config_libs
Prev by Date: [pkgsrc/trunk]: pkgsrc/net/ktorrent Do not overwrite the x-bittorrent.desktop...
Next by Date: [pkgsrc/trunk]: pkgsrc/wm/sawfish-themes Fixed the file permissions: some fil...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/net/ktorrent Do not overwrite the x-bittorrent.desktop...
Next by Thread: [pkgsrc/trunk]: pkgsrc/wm/sawfish-themes Fixed the file permissions: some fil...
Indexes:
Home | Main Index | Thread Index | Old Index