diff --git a/security/vlock/Makefile b/security/vlock/Makefile index 92c33f25c529..40fb807d494c 100644 --- a/security/vlock/Makefile +++ b/security/vlock/Makefile @@ -1,61 +1,61 @@ # Created by: George Reid PORTNAME= vlock PORTVERSION= 2.2.3 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= http://cthulhu.c3d2.de/~toidinamai/vlock/archive/ \ LOCAL/martymac MAINTAINER= martymac@FreeBSD.org COMMENT= Locks a terminal LICENSE= GPLv2 HAS_CONFIGURE= yes CONFIGURE_ARGS= --enable-plugins --enable-pam \ --prefix=${PREFIX} \ --mandir=${MANPREFIX}/man \ --with-modules="${VLOCKMODULES}" \ --with-scripts="${VLOCKSCRIPTS}" \ VLOCK_GROUP="nobody" \ EXTRA_CFLAGS="-I${LOCALBASE}/include" \ EXTRA_LDFLAGS="-L${LOCALBASE}/lib" USES= gmake USE_CSTD= gnu99 OPTIONS_DEFINE= ROOTPWD VLOCKSCRIPTS CACASAVER DOCS OPTIONS_DEFAULT= ROOTPWD OPTIONS_SUB= yes ROOTPWD_DESC= Enable unlock using root password ROOTPWD_CONFIGURE_ENABLE= root-password VLOCKSCRIPTS_DESC= Install sample hook scripts CACASAVER_DESC= Enable libcaca screensaver -CACASAVER_BUILD_DEPENDS= ${LOCALBASE}/lib/libcaca.a:graphics/libcaca +CACASAVER_LIB_DEPENDS= libcaca.so:graphics/libcaca # Default scripts/modules VLOCKSCRIPTS= VLOCKMODULES= all.so new.so # Vlock special group VLOCK_GRP= vlock GROUPS= ${VLOCK_GRP} PLIST_SUB+= VLOCK_GRP=${VLOCK_GRP} PORTDOCS= ChangeLog PLUGINS README README.X11 SECURITY TODO .include .if ${PORT_OPTIONS:MVLOCKSCRIPTS} VLOCKSCRIPTS+= amarok.sh example_script.sh mplayer.sh .endif .if ${PORT_OPTIONS:MCACASAVER} VLOCKMODULES+= caca.so .endif post-install: ${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR} .include diff --git a/security/vlock/files/patch-src-process.c b/security/vlock/files/patch-src-process.c new file mode 100644 index 000000000000..8414706fb7ae --- /dev/null +++ b/security/vlock/files/patch-src-process.c @@ -0,0 +1,71 @@ +Work around FD_ISSET() accessing an invalid address + +and preventing modules such as caca.so to load sucessfully: + +# gdb /usr/local/sbin/vlock-main +(gdb) set args caca +(gdb) set environment VLOCK_TIMEOUT=2 +(gdb) set follow-fork-mode child +(gdb) run +Thread 2.1 received signal SIGBUS, Bus error. +Object-specific hardware error. +[Switching to LWP 100235 of process 83087] +0x00000000002075b0 in close_fds (except_fds=0x7fffffffe668) at src/process.c:125 +125 if (!FD_ISSET(fd, except_fds)) +(gdb) p fd +$1 = 52416 + +--- src/process.c.orig 2011-09-18 15:22:35 UTC ++++ src/process.c +@@ -105,27 +105,6 @@ void ensure_death(pid_t pid) + (void) waitpid(pid, &status, 0); + } + +-/* Close all possibly open file descriptors except the ones specified in the +- * given set. */ +-static void close_fds(fd_set *except_fds) +-{ +- struct rlimit r; +- int maxfd; +- +- /* Get the maximum number of file descriptors. */ +- if (getrlimit(RLIMIT_NOFILE, &r) == 0) +- maxfd = r.rlim_cur; +- else +- /* Hopefully safe default. */ +- maxfd = 1024; +- +- /* Close all possibly open file descriptors except STDIN_FILENO, +- * STDOUT_FILENO and STDERR_FILENO. */ +- for (int fd = 0; fd < maxfd; fd++) +- if (!FD_ISSET(fd, except_fds)) +- (void) close(fd); +-} +- + static int open_devnull(void) + { + static int devnull_fd = -1; +@@ -175,8 +154,6 @@ bool create_child(struct child_process *child) + + if (child->pid == 0) { + /* Child. */ +- fd_set except_fds; +- + if (child->stdin_fd == REDIRECT_PIPE) + (void) dup2(stdin_pipe[0], STDIN_FILENO); + else if (child->stdin_fd == REDIRECT_DEV_NULL) +@@ -198,13 +175,7 @@ bool create_child(struct child_process *child) + else if (child->stderr_fd != NO_REDIRECT) + (void) dup2(child->stderr_fd, STDERR_FILENO); + +- FD_ZERO(&except_fds); +- FD_SET(STDIN_FILENO, &except_fds); +- FD_SET(STDOUT_FILENO, &except_fds); +- FD_SET(STDERR_FILENO, &except_fds); +- FD_SET(status_pipe[1], &except_fds); +- +- (void) close_fds(&except_fds); ++ (void) closefrom(status_pipe[1] + 1); + + (void) setgid(getgid()); + (void) setuid(getuid());