From: "Michael Palimaka" <kensington@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/kde:master commit in: kde-plasma/plasma-workspace/files/, kde-plasma/plasma-workspace/
Date: Sat, 14 Nov 2015 16:01:23 +0000 (UTC) [thread overview]
Message-ID: <1447514573.7bf4c3b3b8cedd4960c163eccac57eb55883ab96.kensington@gentoo> (raw)
commit: 7bf4c3b3b8cedd4960c163eccac57eb55883ab96
Author: Andreas Sturmlechner <andreas.sturmlechner <AT> gmail <DOT> com>
AuthorDate: Thu Nov 12 23:54:29 2015 +0000
Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org>
CommitDate: Sat Nov 14 15:22:53 2015 +0000
URL: https://gitweb.gentoo.org/proj/kde.git/commit/?id=7bf4c3b3
kde-plasma/plasma-workspace: USE=pam, fix setuid, block kdebase-pam:4
SUID optional per kcheckpass/README, only required for shadow based login
setuid code in upstream cmake does not work, do it manually instead if USE=-pam
Block kdebase-pam which sneakily sabotaged plasma-workspace in /etc/pam.d,
leading to broken screenlocker bugs like #564618
Package-Manager: portage-2.2.24
.../plasma-workspace-5.4.3-no-SUID-no-GUID.patch | 16 ++++++++++++++++
....4.3.ebuild => plasma-workspace-5.4.3-r1.ebuild} | 21 +++++++++++++++------
.../plasma-workspace-5.4.49.9999.ebuild | 21 +++++++++++++++------
3 files changed, 46 insertions(+), 12 deletions(-)
diff --git a/kde-plasma/plasma-workspace/files/plasma-workspace-5.4.3-no-SUID-no-GUID.patch b/kde-plasma/plasma-workspace/files/plasma-workspace-5.4.3-no-SUID-no-GUID.patch
new file mode 100644
index 0000000..a099b23
--- /dev/null
+++ b/kde-plasma/plasma-workspace/files/plasma-workspace-5.4.3-no-SUID-no-GUID.patch
@@ -0,0 +1,16 @@
+diff --git a/kcheckpass/CMakeLists.txt b/kcheckpass/CMakeLists.txt
+index a63fa1403e897e70989dc2e1ba7eed4bc69cbb51..12d1bfb3c690eca1acf344045a92eb942669da83 100644
+--- a/ksmserver/screenlocker/kcheckpass/CMakeLists.txt
++++ b/ksmserver/screenlocker/kcheckpass/CMakeLists.txt
+@@ -22,10 +22,6 @@ endif ()
+
+ set_property(TARGET kcheckpass APPEND_STRING PROPERTY COMPILE_FLAGS " -U_REENTRANT")
+ target_link_libraries(kcheckpass ${UNIXAUTH_LIBRARIES} ${SOCKET_LIBRARIES})
+-install(TARGETS kcheckpass DESTINATION ${KDE_INSTALL_LIBEXECDIR})
+-install(CODE "
+- set(KCP_PATH \"\$ENV{DESTDIR}${KDE_INSTALL_LIBEXECDIR}/kcheckpass\")
+- execute_process(COMMAND sh -c \"chown root '\${KCP_PATH}' && chmod +s '\${KCP_PATH}'\")
+-")
++install(TARGETS kcheckpass DESTINATION ${LIBEXEC_INSTALL_DIR})
+
+ #EXTRA_DIST = README
diff --git a/kde-plasma/plasma-workspace/plasma-workspace-5.4.3.ebuild b/kde-plasma/plasma-workspace/plasma-workspace-5.4.3-r1.ebuild
similarity index 92%
rename from kde-plasma/plasma-workspace/plasma-workspace-5.4.3.ebuild
rename to kde-plasma/plasma-workspace/plasma-workspace-5.4.3-r1.ebuild
index 52f30c5..a0c34fd 100644
--- a/kde-plasma/plasma-workspace/plasma-workspace-5.4.3.ebuild
+++ b/kde-plasma/plasma-workspace/plasma-workspace-5.4.3-r1.ebuild
@@ -12,13 +12,9 @@ inherit kde5 multilib pam qmake-utils
DESCRIPTION="KDE Plasma workspace"
KEYWORDS=" ~amd64 ~x86"
-IUSE="dbus +drkonqi +geolocation gps prison qalculate +systemmonitor"
+IUSE="dbus +drkonqi +geolocation gps pam prison qalculate +systemmonitor"
COMMON_DEPEND="
- $(add_plasma_dep kwayland)
- $(add_plasma_dep kwin)
- $(add_plasma_dep libkscreen)
- $(add_plasma_dep libksysguard)
$(add_frameworks_dep baloo)
$(add_frameworks_dep kactivities)
$(add_frameworks_dep kauth)
@@ -58,6 +54,10 @@ COMMON_DEPEND="
$(add_frameworks_dep kxmlrpcclient)
$(add_frameworks_dep plasma)
$(add_frameworks_dep solid)
+ $(add_plasma_dep kwayland)
+ $(add_plasma_dep kwin)
+ $(add_plasma_dep libkscreen)
+ $(add_plasma_dep libksysguard)
dev-libs/wayland
dev-qt/qtconcurrent:5
dev-qt/qtdbus:5
@@ -70,7 +70,6 @@ COMMON_DEPEND="
dev-qt/qtx11extras:5
dev-qt/qtxml:5
media-libs/phonon[qt5]
- sys-libs/pam
sys-libs/zlib
x11-libs/libICE
x11-libs/libSM
@@ -88,6 +87,7 @@ COMMON_DEPEND="
)
geolocation? ( $(add_frameworks_dep networkmanager-qt) )
gps? ( sci-geosciences/gpsd )
+ pam? ( virtual/pam )
prison? ( media-libs/prison:5 )
qalculate? ( sci-libs/libqalculate )
systemmonitor? (
@@ -111,7 +111,9 @@ RDEPEND="${COMMON_DEPEND}
systemmonitor? ( $(add_plasma_dep ksysguard) )
!kde-base/freespacenotifier:4
!kde-base/libtaskmanager:4
+ !<kde-base/kcheckpass-4.11.22-r1:4
!kde-base/kcminit:4
+ !kde-base/kdebase-pam:4
!kde-base/kdebase-startkde:4
!kde-base/klipper:4
!kde-base/krunner:4
@@ -127,6 +129,7 @@ PATCHES=(
"${FILESDIR}/${PN}-5.4-startkde-script.patch"
"${FILESDIR}/${PN}-5.4-consolekit2.patch"
"${FILESDIR}/${PN}-5.4.3-fix-drkonqi.patch" #Upstream bug 354110
+ "${FILESDIR}/${PN}-5.4.3-no-SUID-no-GUID.patch"
)
RESTRICT="test"
@@ -164,6 +167,7 @@ src_prepare() {
src_configure() {
local mycmakeargs=(
+ $(cmake-utils_use_find_package pam)
$(cmake-utils_use_find_package dbus dbusmenu-qt5)
$(cmake-utils_use_find_package gps libgps)
$(cmake-utils_use_find_package prison)
@@ -185,6 +189,11 @@ src_install() {
insinto /etc/plasma/shutdown
doins "${FILESDIR}/agent-shutdown.sh"
+
+ if ! use pam; then
+ chown root "${ED}"usr/$(get_libdir)/libexec/kcheckpass || die
+ chmod +s "${ED}"usr/$(get_libdir)/libexec/kcheckpass || die
+ fi
}
pkg_postinst () {
diff --git a/kde-plasma/plasma-workspace/plasma-workspace-5.4.49.9999.ebuild b/kde-plasma/plasma-workspace/plasma-workspace-5.4.49.9999.ebuild
index 7b58192..1cd19ef 100644
--- a/kde-plasma/plasma-workspace/plasma-workspace-5.4.49.9999.ebuild
+++ b/kde-plasma/plasma-workspace/plasma-workspace-5.4.49.9999.ebuild
@@ -12,13 +12,9 @@ inherit kde5 multilib pam qmake-utils
DESCRIPTION="KDE Plasma workspace"
KEYWORDS=""
-IUSE="dbus +drkonqi +geolocation gps prison qalculate +systemmonitor"
+IUSE="dbus +drkonqi +geolocation gps pam prison qalculate +systemmonitor"
COMMON_DEPEND="
- $(add_plasma_dep kwayland)
- $(add_plasma_dep kwin)
- $(add_plasma_dep libkscreen)
- $(add_plasma_dep libksysguard)
$(add_frameworks_dep baloo)
$(add_frameworks_dep kactivities)
$(add_frameworks_dep kauth)
@@ -58,6 +54,10 @@ COMMON_DEPEND="
$(add_frameworks_dep kxmlrpcclient)
$(add_frameworks_dep plasma)
$(add_frameworks_dep solid)
+ $(add_plasma_dep kwayland)
+ $(add_plasma_dep kwin)
+ $(add_plasma_dep libkscreen)
+ $(add_plasma_dep libksysguard)
dev-libs/wayland
dev-qt/qtconcurrent:5
dev-qt/qtdbus:5
@@ -70,7 +70,6 @@ COMMON_DEPEND="
dev-qt/qtx11extras:5
dev-qt/qtxml:5
media-libs/phonon[qt5]
- sys-libs/pam
sys-libs/zlib
x11-libs/libICE
x11-libs/libSM
@@ -88,6 +87,7 @@ COMMON_DEPEND="
)
geolocation? ( $(add_frameworks_dep networkmanager-qt) )
gps? ( sci-geosciences/gpsd )
+ pam? ( virtual/pam )
prison? ( media-libs/prison:5 )
qalculate? ( sci-libs/libqalculate )
systemmonitor? (
@@ -111,7 +111,9 @@ RDEPEND="${COMMON_DEPEND}
systemmonitor? ( $(add_plasma_dep ksysguard) )
!kde-base/freespacenotifier:4
!kde-base/libtaskmanager:4
+ !<kde-base/kcheckpass-4.11.22-r1:4
!kde-base/kcminit:4
+ !kde-base/kdebase-pam:4
!kde-base/kdebase-startkde:4
!kde-base/klipper:4
!kde-base/krunner:4
@@ -127,6 +129,7 @@ PATCHES=(
"${FILESDIR}/${PN}-5.4-startkde-script.patch"
"${FILESDIR}/${PN}-5.4-consolekit2.patch"
"${FILESDIR}/${PN}-5.4.3-fix-drkonqi.patch" #Upstream bug 354110
+ "${FILESDIR}/${PN}-5.4.3-no-SUID-no-GUID.patch"
)
RESTRICT="test"
@@ -164,6 +167,7 @@ src_prepare() {
src_configure() {
local mycmakeargs=(
+ $(cmake-utils_use_find_package pam)
$(cmake-utils_use_find_package dbus dbusmenu-qt5)
$(cmake-utils_use_find_package gps libgps)
$(cmake-utils_use_find_package prison)
@@ -185,6 +189,11 @@ src_install() {
insinto /etc/plasma/shutdown
doins "${FILESDIR}/agent-shutdown.sh"
+
+ if ! use pam; then
+ chown root "${ED}"usr/$(get_libdir)/libexec/kcheckpass || die
+ chmod +s "${ED}"usr/$(get_libdir)/libexec/kcheckpass || die
+ fi
}
pkg_postinst () {
next reply other threads:[~2015-11-14 16:01 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-14 16:01 Michael Palimaka [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-02-21 11:47 [gentoo-commits] proj/kde:master commit in: kde-plasma/plasma-workspace/files/, kde-plasma/plasma-workspace/ Andreas Sturmlechner
2021-11-09 13:04 Andreas Sturmlechner
2021-05-05 3:00 Andreas Sturmlechner
2021-05-04 21:12 Andreas Sturmlechner
2019-10-15 17:10 Andreas Sturmlechner
2019-05-14 6:28 Andreas Sturmlechner
2018-10-22 18:14 Andreas Sturmlechner
2016-11-12 8:34 Michael Palimaka
2016-10-08 15:51 Michael Palimaka
2016-03-20 14:47 Michael Palimaka
2015-12-28 0:33 Marc Schiffbauer
2015-11-10 12:41 Michael Palimaka
2015-08-16 20:36 Johannes Huber
2015-07-04 14:48 Johannes Huber
2015-06-01 18:18 Michael Palimaka
2015-04-29 15:03 Michael Palimaka
2015-01-27 20:07 Johannes Huber
2015-01-21 20:48 Johannes Huber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1447514573.7bf4c3b3b8cedd4960c163eccac57eb55883ab96.kensington@gentoo \
--to=kensington@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox