From 2dc374211fecf677cbee171a915c330973ef2dbc Mon Sep 17 00:00:00 2001 From: mid-kid Date: Mon, 29 May 2017 23:44:12 +0100 Subject: desktop/i3lock: Updated for version 2.9. Signed-off-by: David Spencer --- desktop/i3lock/README | 4 + desktop/i3lock/i3lock-2.8-no-pam.patch | 273 --------------------- desktop/i3lock/i3lock-2.9-no-pam.patch | 296 +++++++++++++++++++++++ desktop/i3lock/i3lock-2.9-revert-composite.patch | 71 ++++++ desktop/i3lock/i3lock.SlackBuild | 14 +- desktop/i3lock/i3lock.info | 6 +- desktop/i3lock/slack-desc | 2 +- 7 files changed, 386 insertions(+), 280 deletions(-) delete mode 100644 desktop/i3lock/i3lock-2.8-no-pam.patch create mode 100644 desktop/i3lock/i3lock-2.9-no-pam.patch create mode 100644 desktop/i3lock/i3lock-2.9-revert-composite.patch (limited to 'desktop/i3lock') diff --git a/desktop/i3lock/README b/desktop/i3lock/README index adf8e935d1..edb2337c8c 100644 --- a/desktop/i3lock/README +++ b/desktop/i3lock/README @@ -5,3 +5,7 @@ Slackware. For verifying the password it uses shadow instead. Because of that, it needs suid permissions, but those privileges are dropped as soon as possible. The code for this was taken from slock. See the patch and LICENSE-slock. + +NOTE: Version 2.9-1_SBo is patched to revert this commit: +https://github.com/i3/i3lock/commit/80d4452ec680bcb0e57418f69d44d88ded82047c +See the SlackBuild for more info. diff --git a/desktop/i3lock/i3lock-2.8-no-pam.patch b/desktop/i3lock/i3lock-2.8-no-pam.patch deleted file mode 100644 index 665744f1cb..0000000000 --- a/desktop/i3lock/i3lock-2.8-no-pam.patch +++ /dev/null @@ -1,273 +0,0 @@ -diff -Nur i3lock-2.8-orig/LICENSE-slock i3lock-2.8/LICENSE-slock ---- i3lock-2.8-orig/LICENSE-slock 1970-01-01 01:00:00.000000000 +0100 -+++ i3lock-2.8/LICENSE-slock 2016-08-27 11:24:24.067880341 +0200 -@@ -0,0 +1,24 @@ -+MIT/X Consortium License -+ -+© 2015-2016 Markus Teich -+© 2014 Dimitris Papastamos -+© 2006-2014 Anselm R Garbe -+© 2014-2016 Laslo Hunhold -+ -+Permission is hereby granted, free of charge, to any person obtaining a -+copy of this software and associated documentation files (the "Software"), -+to deal in the Software without restriction, including without limitation -+the rights to use, copy, modify, merge, publish, distribute, sublicense, -+and/or sell copies of the Software, and to permit persons to whom the -+Software is furnished to do so, subject to the following conditions: -+ -+The above copyright notice and this permission notice shall be included in -+all copies or substantial portions of the Software. -+ -+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL -+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER -+DEALINGS IN THE SOFTWARE. -diff -Nur i3lock-2.8-orig/Makefile i3lock-2.8/Makefile ---- i3lock-2.8-orig/Makefile 2016-08-27 11:24:15.313880708 +0200 -+++ i3lock-2.8/Makefile 2016-08-27 11:24:24.067880341 +0200 -@@ -14,7 +14,7 @@ - CPPFLAGS += -D_GNU_SOURCE - CFLAGS += $(shell $(PKG_CONFIG) --cflags cairo xcb-dpms xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11) - LIBS += $(shell $(PKG_CONFIG) --libs cairo xcb-dpms xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11) --LIBS += -lpam -+LIBS += -lcrypt - LIBS += -lev - LIBS += -lm - -@@ -37,9 +37,7 @@ - - install: all - $(INSTALL) -d $(DESTDIR)$(PREFIX)/bin -- $(INSTALL) -d $(DESTDIR)$(SYSCONFDIR)/pam.d - $(INSTALL) -m 755 i3lock $(DESTDIR)$(PREFIX)/bin/i3lock -- $(INSTALL) -m 644 i3lock.pam $(DESTDIR)$(SYSCONFDIR)/pam.d/i3lock - - uninstall: - rm -f $(DESTDIR)$(PREFIX)/bin/i3lock -diff -Nur i3lock-2.8-orig/i3lock.1 i3lock-2.8/i3lock.1 ---- i3lock-2.8-orig/i3lock.1 2016-08-27 11:24:15.313880708 +0200 -+++ i3lock-2.8/i3lock.1 2016-08-27 11:25:01.863878761 +0200 -@@ -45,8 +45,6 @@ - You can specify either a background color or a PNG image which will be displayed while your screen is locked. - .IP \[bu] - You can specify whether i3lock should bell upon a wrong password. --.IP \[bu] --i3lock uses PAM and therefore is compatible with LDAP, etc. - - - .SH OPTIONS -@@ -75,7 +73,7 @@ - .B \-u, \-\-no-unlock-indicator - Disable the unlock indicator. i3lock will by default show an unlock indicator - after pressing keys. This will give feedback for every keypress and it will --show you the current PAM state (whether your password is currently being -+show you the current state (whether your password is currently being - verified or whether it is wrong). - - .TP -@@ -104,7 +102,7 @@ - .TP - .B \-e, \-\-ignore-empty-password - When an empty password is provided by the user, do not validate --it. Without this option, the empty password will be provided to PAM -+it. Without this option, the empty password will be checked - and, if invalid, the user will have to wait a few seconds before - another try. This can be useful if the XF86ScreenSaver key is used to - put a laptop to sleep and bounce on resume or if you happen to wake up -diff -Nur i3lock-2.8-orig/i3lock.c i3lock-2.8/i3lock.c ---- i3lock-2.8-orig/i3lock.c 2016-08-27 11:24:15.312880708 +0200 -+++ i3lock-2.8/i3lock.c 2016-08-27 11:24:24.068880341 +0200 -@@ -18,7 +18,6 @@ - #include - #include - #include --#include - #include - #include - #include -@@ -28,6 +27,8 @@ - #include - #include - #include -+#include -+#include - - #include "i3lock.h" - #include "xcb.h" -@@ -49,10 +50,10 @@ - uint32_t last_resolution[2]; - xcb_window_t win; - static xcb_cursor_t cursor; --static pam_handle_t *pam_handle; - int input_position = 0; - /* Holds the password you enter (in UTF-8). */ - static char password[512]; -+const char *pws = NULL; - static bool beep = false; - bool debug_mode = false; - bool unlock_indicator = true; -@@ -80,6 +81,39 @@ - bool ignore_empty_password = false; - bool skip_repeated_empty_password = false; - -+/* -+ * Shamelessly stolen from slock. See LICENSE-slock. -+ * This adjusts the process' out of memory score, -+ * so it isn't killed by the kernel under any circumstances. -+ */ -+#ifdef __linux__ -+#include -+#include -+#include -+ -+static void -+dontkillme(void) -+{ -+ int fd; -+ int length; -+ char value[64]; -+ -+ fd = open("/proc/self/oom_score_adj", O_WRONLY); -+ if (fd < 0 && errno == ENOENT) -+ return; -+ -+ /* convert OOM_SCORE_ADJ_MIN to string for writing */ -+ length = snprintf(value, sizeof(value), "%d\n", OOM_SCORE_ADJ_MIN); -+ -+ /* bail on truncation */ -+ if (length >= sizeof(value)) -+ errx(EXIT_FAILURE, "buffer too small\n"); -+ -+ if (fd < 0 || write(fd, value, length) != length || close(fd) != 0) -+ errx(EXIT_FAILURE, "cannot disable the out-of-memory killer for this process (make sure to suid or sgid i3lock)\n"); -+} -+#endif -+ - /* isutf, u8_dec © 2005 Jeff Bezanson, public domain */ - #define isutf(c) (((c)&0xC0) != 0x80) - -@@ -235,17 +269,10 @@ - unlock_state = STATE_STARTED; - redraw_screen(); - -- if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) { -+ if (!strcmp(crypt(password, pws), pws)) { - DEBUG("successfully authenticated\n"); - clear_password_memory(); - -- /* PAM credentials should be refreshed, this will for example update any kerberos tickets. -- * Related to credentials pam_end() needs to be called to cleanup any temporary -- * credentials like kerberos /tmp/krb5cc_pam_* files which may of been left behind if the -- * refresh of the credentials failed. */ -- pam_setcred(pam_handle, PAM_REFRESH_CRED); -- pam_end(pam_handle, PAM_SUCCESS); -- - exit(0); - } - -@@ -580,37 +607,6 @@ - } - - /* -- * Callback function for PAM. We only react on password request callbacks. -- * -- */ --static int conv_callback(int num_msg, const struct pam_message **msg, -- struct pam_response **resp, void *appdata_ptr) { -- if (num_msg == 0) -- return 1; -- -- /* PAM expects an array of responses, one for each message */ -- if ((*resp = calloc(num_msg, sizeof(struct pam_response))) == NULL) { -- perror("calloc"); -- return 1; -- } -- -- for (int c = 0; c < num_msg; c++) { -- if (msg[c]->msg_style != PAM_PROMPT_ECHO_OFF && -- msg[c]->msg_style != PAM_PROMPT_ECHO_ON) -- continue; -- -- /* return code is currently not used but should be set to zero */ -- resp[c]->resp_retcode = 0; -- if ((resp[c]->resp = strdup(password)) == NULL) { -- perror("strdup"); -- return 1; -- } -- } -- -- return 0; --} -- --/* - * This callback is only a dummy, see xcb_prepare_cb and xcb_check_cb. - * See also man libev(3): "ev_prepare" and "ev_check" - customise your event loop - * -@@ -764,8 +760,6 @@ - struct passwd *pw; - char *username; - char *image_path = NULL; -- int ret; -- struct pam_conv conv = {conv_callback, NULL}; - int curs_choice = CURS_NONE; - int o; - int optind = 0; -@@ -791,6 +785,30 @@ - if ((username = pw->pw_name) == NULL) - errx(EXIT_FAILURE, "pw->pw_name is NULL.\n"); - -+ /* -+ * This piece of code is shamelessly stolen from slock. -+ * See LICENSE-slock. -+ */ -+#ifdef __linux__ -+ dontkillme(); -+#endif -+ -+ pws = pw->pw_passwd; -+ -+ if (pws[0] == 'x' && pws[1] == '\0') { -+ struct spwd *sp; -+ if (!(sp = getspnam(getenv("USER")))) -+ errx(EXIT_FAILURE, "cannot retrieve shadow entry (make sure to suid or sgid i3lock)\n"); -+ pws = sp->sp_pwdp; -+ } -+ -+ /* drop privileges */ -+ if (geteuid() == 0 && -+ ((getegid() != pw->pw_gid && setgid(pw->pw_gid) < 0) || setuid(pw->pw_uid) < 0)) -+ errx(EXIT_FAILURE, "cannot drop privileges\n"); -+ -+ /* End of stolen code */ -+ - char *optstring = "hvnbdc:p:ui:teI:f"; - while ((o = getopt_long(argc, argv, optstring, longopts, &optind)) != -1) { - switch (o) { -@@ -862,13 +880,6 @@ - * the unlock indicator upon keypresses. */ - srand(time(NULL)); - -- /* Initialize PAM */ -- if ((ret = pam_start("i3lock", username, &conv, &pam_handle)) != PAM_SUCCESS) -- errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret)); -- -- if ((ret = pam_set_item(pam_handle, PAM_TTY, getenv("DISPLAY"))) != PAM_SUCCESS) -- errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret)); -- - /* Using mlock() as non-super-user seems only possible in Linux. Users of other - * operating systems should use encrypted swap/no swap (or remove the ifdef and - * run i3lock as super-user). */ -diff -Nur i3lock-2.8-orig/i3lock.pam i3lock-2.8/i3lock.pam ---- i3lock-2.8-orig/i3lock.pam 2016-08-27 11:24:15.313880708 +0200 -+++ i3lock-2.8/i3lock.pam 1970-01-01 01:00:00.000000000 +0100 -@@ -1,6 +0,0 @@ --# --# PAM configuration file for the i3lock screen locker. By default, it includes --# the 'login' configuration file (see /etc/pam.d/login) --# -- --auth include login diff --git a/desktop/i3lock/i3lock-2.9-no-pam.patch b/desktop/i3lock/i3lock-2.9-no-pam.patch new file mode 100644 index 0000000000..8fd5a30b7e --- /dev/null +++ b/desktop/i3lock/i3lock-2.9-no-pam.patch @@ -0,0 +1,296 @@ ++++ LICENSE-slock +@@ -0,0 +1,24 @@ ++MIT/X Consortium License ++ ++© 2015-2016 Markus Teich ++© 2014 Dimitris Papastamos ++© 2006-2014 Anselm R Garbe ++© 2014-2016 Laslo Hunhold ++ ++Permission is hereby granted, free of charge, to any person obtaining a ++copy of this software and associated documentation files (the "Software"), ++to deal in the Software without restriction, including without limitation ++the rights to use, copy, modify, merge, publish, distribute, sublicense, ++and/or sell copies of the Software, and to permit persons to whom the ++Software is furnished to do so, subject to the following conditions: ++ ++The above copyright notice and this permission notice shall be included in ++all copies or substantial portions of the Software. ++ ++THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL ++THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING ++FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER ++DEALINGS IN THE SOFTWARE. ++++ Makefile +@@ -20,9 +20,9 @@ + LIBS += -lev + LIBS += -lm + +-# OpenBSD lacks PAM, use bsd_auth(3) instead. ++# On OpenBSD we use bsd_auth(3) instead. + ifneq ($(UNAME),OpenBSD) +- LIBS += -lpam ++ LIBS += -lcrypt + endif + + FILES:=$(wildcard *.c) +@@ -50,9 +50,7 @@ + + install: all + $(INSTALL) -d $(DESTDIR)$(PREFIX)/bin +- $(INSTALL) -d $(DESTDIR)$(SYSCONFDIR)/pam.d + $(INSTALL) -m 755 i3lock $(DESTDIR)$(PREFIX)/bin/i3lock +- $(INSTALL) -m 644 i3lock.pam $(DESTDIR)$(SYSCONFDIR)/pam.d/i3lock + + uninstall: + rm -f $(DESTDIR)$(PREFIX)/bin/i3lock +@@ -61,7 +59,7 @@ + [ ! -d i3lock-${VERSION} ] || rm -rf i3lock-${VERSION} + [ ! -e i3lock-${VERSION}.tar.bz2 ] || rm i3lock-${VERSION}.tar.bz2 + mkdir i3lock-${VERSION} +- cp *.c *.h i3lock.1 i3lock.pam Makefile LICENSE README.md CHANGELOG i3lock-${VERSION} ++ cp *.c *.h i3lock.1 Makefile LICENSE README.md CHANGELOG i3lock-${VERSION} + sed -e 's/^I3LOCK_VERSION:=\(.*\)/I3LOCK_VERSION:=$(shell /bin/echo '${I3LOCK_VERSION}' | sed 's/\\/\\\\/g')/g;s/^VERSION:=\(.*\)/VERSION:=${VERSION}/g' Makefile > i3lock-${VERSION}/Makefile + tar cfj i3lock-${VERSION}.tar.bz2 i3lock-${VERSION} + rm -rf i3lock-${VERSION} ++++ i3lock.1 +@@ -43,8 +43,6 @@ + You can specify either a background color or a PNG image which will be displayed while your screen is locked. + .IP \[bu] + You can specify whether i3lock should bell upon a wrong password. +-.IP \[bu] +-i3lock uses PAM and therefore is compatible with LDAP, etc. + + + .SH OPTIONS +@@ -66,8 +64,7 @@ + .B \-u, \-\-no-unlock-indicator + Disable the unlock indicator. i3lock will by default show an unlock indicator + after pressing keys. This will give feedback for every keypress and it will +-show you the current PAM state (whether your password is currently being +-verified or whether it is wrong). ++show you whether your password is currently being verified or whether it is wrong. + + .TP + .BI \-i\ path \fR,\ \fB\-\-image= path +@@ -95,7 +92,7 @@ + .TP + .B \-e, \-\-ignore-empty-password + When an empty password is provided by the user, do not validate +-it. Without this option, the empty password will be provided to PAM ++it. Without this option, the empty password will be validated + and, if invalid, the user will have to wait a few seconds before + another try. This can be useful if the XF86ScreenSaver key is used to + put a laptop to sleep and bounce on resume or if you happen to wake up ++++ i3lock.c +@@ -21,7 +21,9 @@ + #ifdef __OpenBSD__ + #include + #else +-#include ++#include ++#include ++#include + #endif + #include + #include +@@ -57,7 +59,7 @@ + xcb_window_t win; + static xcb_cursor_t cursor; + #ifndef __OpenBSD__ +-static pam_handle_t *pam_handle; ++const char *hash = NULL; + #endif + int input_position = 0; + /* Holds the password you enter (in UTF-8). */ +@@ -90,6 +92,37 @@ + bool ignore_empty_password = false; + bool skip_repeated_empty_password = false; + ++/* ++ * Shamelessly stolen from slock. See LICENSE-slock. ++ * This adjusts the process' out of memory score, ++ * so it isn't killed by the kernel under any circumstances. ++ */ ++#ifdef __linux__ ++#include ++#include ++ ++static void ++dontkillme(void) ++{ ++ FILE *f; ++ const char oomfile[] = "/proc/self/oom_score_adj"; ++ ++ if (!(f = fopen(oomfile, "w"))) { ++ if (errno == ENOENT) ++ return; ++ errx(EXIT_FAILURE, "i3lock: fopen %s: %s", oomfile, strerror(errno)); ++ } ++ fprintf(f, "%d", OOM_SCORE_ADJ_MIN); ++ if (fclose(f)) { ++ if (errno == EACCES) ++ errx(EXIT_FAILURE, "i3lock: unable to disable OOM killer. " ++ "Make sure to suid or sgid i3lock."); ++ else ++ errx(EXIT_FAILURE, "i3lock: fclose %s: %s", oomfile, strerror(errno)); ++ } ++} ++#endif ++ + /* isutf, u8_dec © 2005 Jeff Bezanson, public domain */ + #define isutf(c) (((c)&0xC0) != 0x80) + +@@ -281,16 +314,16 @@ + exit(0); + } + #else +- if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) { +- DEBUG("successfully authenticated\n"); +- clear_password_memory(); ++ /* ++ * Shamelessly stolen from slock. See LICENSE-slock. ++ */ ++ char *inputhash; + +- /* PAM credentials should be refreshed, this will for example update any kerberos tickets. +- * Related to credentials pam_end() needs to be called to cleanup any temporary +- * credentials like kerberos /tmp/krb5cc_pam_* files which may of been left behind if the +- * refresh of the credentials failed. */ +- pam_setcred(pam_handle, PAM_REFRESH_CRED); +- pam_end(pam_handle, PAM_SUCCESS); ++ if (!(inputhash = crypt(password, hash))) ++ fprintf(stderr, "i3lock: crypt: %s", strerror(errno)); ++ else if (!strcmp(inputhash, hash)) { ++ DEBUG("successfully authenticated"); ++ clear_password_memory(); + + exit(0); + } +@@ -626,39 +659,6 @@ + redraw_screen(); + } + +-#ifndef __OpenBSD__ +-/* +- * Callback function for PAM. We only react on password request callbacks. +- * +- */ +-static int conv_callback(int num_msg, const struct pam_message **msg, +- struct pam_response **resp, void *appdata_ptr) { +- if (num_msg == 0) +- return 1; +- +- /* PAM expects an array of responses, one for each message */ +- if ((*resp = calloc(num_msg, sizeof(struct pam_response))) == NULL) { +- perror("calloc"); +- return 1; +- } +- +- for (int c = 0; c < num_msg; c++) { +- if (msg[c]->msg_style != PAM_PROMPT_ECHO_OFF && +- msg[c]->msg_style != PAM_PROMPT_ECHO_ON) +- continue; +- +- /* return code is currently not used but should be set to zero */ +- resp[c]->resp_retcode = 0; +- if ((resp[c]->resp = strdup(password)) == NULL) { +- perror("strdup"); +- return 1; +- } +- } +- +- return 0; +-} +-#endif +- + /* + * This callback is only a dummy, see xcb_prepare_cb and xcb_check_cb. + * See also man libev(3): "ev_prepare" and "ev_check" - customise your event loop +@@ -813,10 +813,6 @@ + struct passwd *pw; + char *username; + char *image_path = NULL; +-#ifndef __OpenBSD__ +- int ret; +- struct pam_conv conv = {conv_callback, NULL}; +-#endif + int curs_choice = CURS_NONE; + int o; + int optind = 0; +@@ -842,6 +838,48 @@ + if ((username = pw->pw_name) == NULL) + errx(EXIT_FAILURE, "pw->pw_name is NULL.\n"); + ++#ifndef __OpenBSD__ ++ /* ++ * Shamelessly stolen from slock. See LICENSE-slock. ++ * ++ * Slock has code to make it run as nobody:nogroup, which has the added ++ * security that the locker can only be killed by root. ++ * It causes problems with the xcb_connect in raise_loop, however, ++ * and I'm not aware of any other methods to keep the calling user from ++ * killing the locker. ++ * This means that a malicious program running as your user ++ * could easily bypass your locker by killing it. ++ * However, if such a program even manages to be running, you're pretty ++ * screwed regardless. ++ */ ++ ++#ifdef __linux__ ++ dontkillme(); ++#endif ++ ++ hash = pw->pw_passwd; ++ ++ if (!strcmp(hash, "x")) { ++ struct spwd *sp; ++ if (!(sp = getspnam(pw->pw_name))) ++ errx(EXIT_FAILURE, "i3lock: getspnam: cannot retrieve shadow entry. " ++ "Make sure to suid or sgid i3lock."); ++ hash = sp->sp_pwdp; ++ } ++ ++ errno = 0; ++ if (!crypt("", hash)) ++ errx(EXIT_FAILURE, "i3lock: crypt: %s", strerror(errno)); ++ ++ /* drop privileges */ ++ if (setgroups(0, NULL) < 0) ++ errx(EXIT_FAILURE, "i3lock: setgroups: %s", strerror(errno)); ++ if (setgid(pw->pw_gid) < 0) ++ errx(EXIT_FAILURE, "i3lock: setgid: %s", strerror(errno)); ++ if (setuid(pw->pw_uid) < 0) ++ errx(EXIT_FAILURE, "i3lock: setuid: %s", strerror(errno)); ++#endif ++ + char *optstring = "hvnbdc:p:ui:teI:f"; + while ((o = getopt_long(argc, argv, optstring, longopts, &optind)) != -1) { + switch (o) { +@@ -910,15 +948,6 @@ + * the unlock indicator upon keypresses. */ + srand(time(NULL)); + +-#ifndef __OpenBSD__ +- /* Initialize PAM */ +- if ((ret = pam_start("i3lock", username, &conv, &pam_handle)) != PAM_SUCCESS) +- errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret)); +- +- if ((ret = pam_set_item(pam_handle, PAM_TTY, getenv("DISPLAY"))) != PAM_SUCCESS) +- errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret)); +-#endif +- + /* Using mlock() as non-super-user seems only possible in Linux. + * Users of other operating systems should use encrypted swap/no swap + * (or remove the ifdef and run i3lock as super-user). ++++ i3lock.pam +@@ -1,6 +0,0 @@ +-# +-# PAM configuration file for the i3lock screen locker. By default, it includes +-# the 'login' configuration file (see /etc/pam.d/login) +-# +- +-auth include login diff --git a/desktop/i3lock/i3lock-2.9-revert-composite.patch b/desktop/i3lock/i3lock-2.9-revert-composite.patch new file mode 100644 index 0000000000..58ef56b053 --- /dev/null +++ b/desktop/i3lock/i3lock-2.9-revert-composite.patch @@ -0,0 +1,71 @@ ++++ Makefile +@@ -15,8 +15,8 @@ + CFLAGS += -pipe + CFLAGS += -Wall + CPPFLAGS += -D_GNU_SOURCE +-CFLAGS += $(shell $(PKG_CONFIG) --cflags cairo xcb-composite xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11) +-LIBS += $(shell $(PKG_CONFIG) --libs cairo xcb-composite xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11) ++CFLAGS += $(shell $(PKG_CONFIG) --cflags cairo xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11) ++LIBS += $(shell $(PKG_CONFIG) --libs cairo xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11) + LIBS += -lev + LIBS += -lm + ++++ README.md +@@ -25,7 +25,6 @@ + - libxcb-util + - libpam-dev + - libcairo-dev +-- libxcb-composite0 + - libxcb-xinerama + - libev + - libx11-dev ++++ xcb.c +@@ -11,7 +11,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -107,29 +106,6 @@ + uint32_t mask = 0; + uint32_t values[3]; + xcb_window_t win = xcb_generate_id(conn); +- xcb_window_t parent_win = scr->root; +- +- /* Check whether the composite extension is available */ +- const xcb_query_extension_reply_t *extension_query = NULL; +- xcb_generic_error_t *error = NULL; +- xcb_composite_get_overlay_window_cookie_t cookie; +- xcb_composite_get_overlay_window_reply_t *composite_reply = NULL; +- +- extension_query = xcb_get_extension_data(conn, &xcb_composite_id); +- if (extension_query && extension_query->present) { +- /* When composition is used, we need to use the composite overlay +- * window instead of the normal root window to be able to cover +- * composited windows */ +- cookie = xcb_composite_get_overlay_window(conn, scr->root); +- composite_reply = xcb_composite_get_overlay_window_reply(conn, cookie, &error); +- +- if (!error && composite_reply) { +- parent_win = composite_reply->overlay_win; +- } +- +- free(composite_reply); +- free(error); +- } + + if (pixmap == XCB_NONE) { + mask |= XCB_CW_BACK_PIXEL; +@@ -151,8 +127,8 @@ + + xcb_create_window(conn, + XCB_COPY_FROM_PARENT, +- win, /* the window id */ +- parent_win, ++ win, /* the window id */ ++ scr->root, /* parent == root */ + 0, 0, + scr->width_in_pixels, + scr->height_in_pixels, /* dimensions */ diff --git a/desktop/i3lock/i3lock.SlackBuild b/desktop/i3lock/i3lock.SlackBuild index a9c54a216f..2493ae5a9d 100644 --- a/desktop/i3lock/i3lock.SlackBuild +++ b/desktop/i3lock/i3lock.SlackBuild @@ -23,7 +23,7 @@ # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. PRGNAM=i3lock -VERSION=${VERSION:-2.8} +VERSION=${VERSION:-2.9} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} @@ -69,9 +69,17 @@ find -L . \ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; -# Apply a patch that removes all the PAM-related code, +# This patch reverts a commit that prevents the leakage of information through +# composited notifications. +# That commit causes issues (lag, most notably) on certain compositors. +# See the upstream issue: https://github.com/i3/i3lock/issues/128 +# You're welcome to try to comment this patch out and see whether it just works for you, +# or just leave this as is. +patch -p0 -i $CWD/i3lock-2.9-revert-composite.patch + +# This patch removes all the PAM-related code, # and checks the password against shadow instead. -patch -p1 -i $CWD/i3lock-2.8-no-pam.patch +patch -p0 -i $CWD/i3lock-2.9-no-pam.patch make install DESTDIR=$PKG diff --git a/desktop/i3lock/i3lock.info b/desktop/i3lock/i3lock.info index 889c44061a..1f9d4f0726 100644 --- a/desktop/i3lock/i3lock.info +++ b/desktop/i3lock/i3lock.info @@ -1,8 +1,8 @@ PRGNAM="i3lock" -VERSION="2.8" +VERSION="2.9" HOMEPAGE="http://i3wm.org/i3lock/" -DOWNLOAD="http://i3wm.org/i3lock/i3lock-2.8.tar.bz2" -MD5SUM="89de7b7d46fdb05638122cf3c2512093" +DOWNLOAD="http://i3wm.org/i3lock/i3lock-2.9.tar.bz2" +MD5SUM="3d0038021778f3178192f566dc87a931" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="libev libxkbcommon" diff --git a/desktop/i3lock/slack-desc b/desktop/i3lock/slack-desc index feb1c0b1d6..1861401179 100644 --- a/desktop/i3lock/slack-desc +++ b/desktop/i3lock/slack-desc @@ -10,7 +10,7 @@ i3lock: i3lock (a simple screen locker) i3lock: i3lock: i3lock is a simple screen locker like slock. i3lock: After starting it, you will see a white screen -i3lock: (you can configure the color/an image). +i3lock: (you can configure the color/an image). i3lock: You can return to your screen by entering your password. i3lock: i3lock: This version is patched to not to use PAM. -- cgit v1.2.3