pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/x11/xscreensaver don't install suid on NetBSD per defa...
details: https://anonhg.NetBSD.org/pkgsrc/rev/f1e1f06296f3
branches: trunk
changeset: 523521:f1e1f06296f3
user: drochner <drochner%pkgsrc.org@localhost>
date: Mon Jan 08 21:45:10 2007 +0000
description:
don't install suid on NetBSD per default; now there are 3 ways:
-no PAM (default): let configure figure out whether shadow passwords
are used, in that case xscreensaver will be installed suid to enable
checking
-"pam" option enabled: assume that PAM is able to check the password
w/o root privs; require the new pam-pwauth_suid on NetBSD for that
-"pam" option enabled; the user decides not to use pam-pwauth_suid
but sets xscreensaver suid instead (on NetBSD, or if the PAM
implementation needs it)
add a MESSAGE discussing the latter 2 options
bump PKGREVISION
diffstat:
x11/xscreensaver/MESSAGE | 17 +++++++++++++++++
x11/xscreensaver/Makefile | 13 ++++++++++++-
x11/xscreensaver/Makefile.common | 4 +---
x11/xscreensaver/PLIST | 5 ++++-
x11/xscreensaver/distinfo | 4 ++--
x11/xscreensaver/files/pam-xscreensaver-NetBSD | 17 +++++++++++++++++
x11/xscreensaver/options.mk | 14 ++++++++++++--
x11/xscreensaver/patches/patch-ac | 13 +++++++++++--
8 files changed, 76 insertions(+), 11 deletions(-)
diffs (195 lines):
diff -r 5ef344f45895 -r f1e1f06296f3 x11/xscreensaver/MESSAGE
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/xscreensaver/MESSAGE Mon Jan 08 21:45:10 2007 +0000
@@ -0,0 +1,17 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1 2007/01/08 21:45:10 drochner Exp $
+
+If xsreensaver is built with the "pam" option:
+In order to make unlocking work , you need to add an
+xscreensaver file to your pam configuration directory (usually
+/etc/pam.d). You can find a sample file in:
+ ${EGDIR}/pam.d/xscreensaver-NetBSD
+On NetBSD, the "pam_pwauth_suid.so" module can be used to authenticate
+against a shadow password database. Note that use of this module might
+allow programs with your privileges to get a copy of your plaintext
+password as typed in for unlocking.
+Alternatively, you might set the
+ ${PREFIX}/bin/xscreensaver
+executable setuid root. Since this is a relatively complex program,
+there is the risk of other exploits.
+===========================================================================
diff -r 5ef344f45895 -r f1e1f06296f3 x11/xscreensaver/Makefile
--- a/x11/xscreensaver/Makefile Mon Jan 08 21:42:41 2007 +0000
+++ b/x11/xscreensaver/Makefile Mon Jan 08 21:45:10 2007 +0000
@@ -1,4 +1,6 @@
-# $NetBSD: Makefile,v 1.81 2006/10/15 11:44:20 markd Exp $
+# $NetBSD: Makefile,v 1.82 2007/01/08 21:45:10 drochner Exp $
+
+PKGREVISION= 1
COMMENT= Screen saver and locker for the X window system
@@ -10,6 +12,9 @@
CONFIGURE_ARGS+= --with-xml=${BUILDLINK_PREFIX.libxml2}
CONFIGURE_ARGS+= --with-configdir=${PREFIX}/libexec/xscreensaver/config
+EGDIR= ${PREFIX}/share/examples/xscreensaver
+MESSAGE_SUBST+= EGDIR=${EGDIR:Q}
+
.include "options.mk"
.include "../../textproc/libxml2/buildlink3.mk"
@@ -17,4 +22,10 @@
post-extract:
cd ${WRKSRC}/po && ${RM} -f ca.po pt_BR.po
+post-install: installpamex
+installpamex:
+ ${INSTALL_DATA_DIR} ${EGDIR}/pam.d
+ ${INSTALL_DATA} ${FILESDIR}/pam-xscreensaver-NetBSD \
+ ${EGDIR}/pam.d/xscreensaver-NetBSD
+
.include "../../mk/bsd.pkg.mk"
diff -r 5ef344f45895 -r f1e1f06296f3 x11/xscreensaver/Makefile.common
--- a/x11/xscreensaver/Makefile.common Mon Jan 08 21:42:41 2007 +0000
+++ b/x11/xscreensaver/Makefile.common Mon Jan 08 21:45:10 2007 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.93 2006/12/15 20:33:06 joerg Exp $
+# $NetBSD: Makefile.common,v 1.94 2007/01/08 21:45:10 drochner Exp $
#
# When updating the package, and screensavers are removed,
@@ -25,8 +25,6 @@
CONFIGURE_ARGS+= --with-zippy=/usr/games/fortune
CONFIGURE_ARGS+= --without-motif
-CONFIGURE_ARGS+= --without-shadow
-CONFIGURE_ARGS+= --without-pam
CONFIGURE_ENV+= X_PRE_LIBS=-lXt
CONFIGURE_ENV+= ac_cv_x_app_defaults="${PREFIX}/lib/X11/app-defaults"
diff -r 5ef344f45895 -r f1e1f06296f3 x11/xscreensaver/PLIST
--- a/x11/xscreensaver/PLIST Mon Jan 08 21:42:41 2007 +0000
+++ b/x11/xscreensaver/PLIST Mon Jan 08 21:45:10 2007 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.30 2006/07/18 18:40:36 wiz Exp $
+@comment $NetBSD: PLIST,v 1.31 2007/01/08 21:45:10 drochner Exp $
bin/xscreensaver
bin/xscreensaver-command
bin/xscreensaver-getimage
@@ -634,6 +634,7 @@
man/man6/xspirograph.6
man/man6/xsublim.6
man/man6/zoom.6
+share/examples/xscreensaver/pam.d/xscreensaver-NetBSD
share/locale/da/LC_MESSAGES/xscreensaver.mo
share/locale/de/LC_MESSAGES/xscreensaver.mo
share/locale/es/LC_MESSAGES/xscreensaver.mo
@@ -656,5 +657,7 @@
share/locale/wa/LC_MESSAGES/xscreensaver.mo
share/locale/zh_CN/LC_MESSAGES/xscreensaver.mo
share/locale/zh_TW/LC_MESSAGES/xscreensaver.mo
+@dirrm share/examples/xscreensaver/pam.d
+@dirrm share/examples/xscreensaver
@dirrm libexec/xscreensaver/config
@dirrm libexec/xscreensaver
diff -r 5ef344f45895 -r f1e1f06296f3 x11/xscreensaver/distinfo
--- a/x11/xscreensaver/distinfo Mon Jan 08 21:42:41 2007 +0000
+++ b/x11/xscreensaver/distinfo Mon Jan 08 21:45:10 2007 +0000
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.50 2006/08/10 14:51:39 reed Exp $
+$NetBSD: distinfo,v 1.51 2007/01/08 21:45:10 drochner Exp $
SHA1 (xscreensaver-5.00.tar.gz) = 631eb0414112b2db2e62e2ab5a984726d61696d2
RMD160 (xscreensaver-5.00.tar.gz) = 7630ff42cfd24557cf1459902ddc6256004fc938
Size (xscreensaver-5.00.tar.gz) = 5263478 bytes
SHA1 (patch-aa) = e9081bc1b18d6906fcda3d652df9954092b93a84
SHA1 (patch-ab) = d49a0854e40d6e0dcd9dfcec9c4007d0dd62dfdb
-SHA1 (patch-ac) = 258161b29cdd951d2c7421433f0786c1595e52b6
+SHA1 (patch-ac) = c51781671f11d4fcfbc19ef41c01228bd3c6d529
SHA1 (patch-ad) = 5d0e3fe79d0161897cf945ca4f2a2178342d3ba5
SHA1 (patch-ae) = 16d0c8b50b2601458aaec09d1c7425fb23308225
SHA1 (patch-af) = d8261f1c8fd01b455a151f97837712dc46aff6f3
diff -r 5ef344f45895 -r f1e1f06296f3 x11/xscreensaver/files/pam-xscreensaver-NetBSD
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/xscreensaver/files/pam-xscreensaver-NetBSD Mon Jan 08 21:45:10 2007 +0000
@@ -0,0 +1,17 @@
+# $NetBSD: pam-xscreensaver-NetBSD,v 1.1 2007/01/08 21:45:10 drochner Exp $
+#
+# PAM configuration for the "xscreensaver" service
+#
+
+# auth
+auth sufficient pam_pwauth_suid.so
+auth include system
+
+# account
+account include system
+
+# session
+session include system
+
+# password
+password include system
diff -r 5ef344f45895 -r f1e1f06296f3 x11/xscreensaver/options.mk
--- a/x11/xscreensaver/options.mk Mon Jan 08 21:42:41 2007 +0000
+++ b/x11/xscreensaver/options.mk Mon Jan 08 21:45:10 2007 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.3 2007/01/06 19:53:40 rillig Exp $
+# $NetBSD: options.mk,v 1.4 2007/01/08 21:45:10 drochner Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.xscreensaver
PKG_SUPPORTED_OPTIONS= pam xscreensaver-webcollage
@@ -8,12 +8,22 @@
.if !empty(PKG_OPTIONS:Mpam)
. include "../../mk/pam.buildlink3.mk"
CONFIGURE_ARGS+= --with-pam
+CONFIGURE_ARGS+= --without-shadow
+.if ${OPSYS} == "NetBSD"
+# needed to read shadow passwords
+DEPENDS+= pam-pwauth_suid-*:../../security/pam-pwauth_suid
+.endif
+.else
+CONFIGURE_ARGS+= --without-pam
+# configure should figure out
+#CONFIGURE_ARGS+= --without-shadow
.endif
.if !empty(PKG_OPTIONS:Mxscreensaver-webcollage)
PLIST_SRC= PLIST.webcollage PLIST
.else
-post-install:
+post-install: delwebcollage
+delwebcollage:
rm ${PREFIX}/libexec/xscreensaver/config/webcollage.xml
rm ${PREFIX}/libexec/xscreensaver/webcollage
rm ${PREFIX}/${PKGMANDIR}/man6/webcollage.6
diff -r 5ef344f45895 -r f1e1f06296f3 x11/xscreensaver/patches/patch-ac
--- a/x11/xscreensaver/patches/patch-ac Mon Jan 08 21:42:41 2007 +0000
+++ b/x11/xscreensaver/patches/patch-ac Mon Jan 08 21:45:10 2007 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-ac,v 1.17 2006/07/18 18:40:36 wiz Exp $
+$NetBSD: patch-ac,v 1.18 2007/01/08 21:45:10 drochner Exp $
---- configure.orig 2006-05-23 23:01:32.000000000 +0000
+--- configure.orig 2006-05-24 01:01:32.000000000 +0200
+++ configure
@@ -2872,6 +2872,9 @@ echo "${ECHO_T}Turning on SGI compiler w
esac
@@ -47,6 +47,15 @@
# jwz: MacOS X uses -lkrb5, but not -lcrypt
+@@ -14371,7 +14375,7 @@ fi
+ #
+ if test "$enable_locking" = yes ; then
+ case "$host" in
+- *-hpux* | *-aix* | *-netbsd* | *-freebsd* | *-openbsd* )
++ *-hpux* | *-aix* | *-freebsd* | *-openbsd* )
+ need_setuid=yes
+ ;;
+ esac
@@ -14800,11 +14804,7 @@ echo "${ECHO_T}$ac_cv_gtk_config_libs" >
ac_gtk_config_libs=$ac_cv_gtk_config_libs
Home |
Main Index |
Thread Index |
Old Index