diff options
| author | drochner <drochner> | 2007-01-08 21:45:10 +0000 |
|---|---|---|
| committer | drochner <drochner> | 2007-01-08 21:45:10 +0000 |
| commit | dd0cdae27d82da5d7ddbe6ed4e6e028c3b72d08e (patch) | |
| tree | 4988d2b25b625e4359fc5aa5a0e54e694c69d0ab | |
| parent | 33fdb545e2a004473ffa5c93c101ac16a922d499 (diff) | |
| download | pkgsrc-dd0cdae27d82da5d7ddbe6ed4e6e028c3b72d08e.tar.gz | |
don't install suid on NetBSD per default; now there are 3 ways:
-no PAM (default): let configure figure out whether shadow passwords
are used, in that case xscreensaver will be installed suid to enable
checking
-"pam" option enabled: assume that PAM is able to check the password
w/o root privs; require the new pam-pwauth_suid on NetBSD for that
-"pam" option enabled; the user decides not to use pam-pwauth_suid
but sets xscreensaver suid instead (on NetBSD, or if the PAM
implementation needs it)
add a MESSAGE discussing the latter 2 options
bump PKGREVISION
| -rw-r--r-- | x11/xscreensaver/MESSAGE | 17 | ||||
| -rw-r--r-- | x11/xscreensaver/Makefile | 13 | ||||
| -rw-r--r-- | x11/xscreensaver/Makefile.common | 4 | ||||
| -rw-r--r-- | x11/xscreensaver/PLIST | 5 | ||||
| -rw-r--r-- | x11/xscreensaver/distinfo | 4 | ||||
| -rw-r--r-- | x11/xscreensaver/files/pam-xscreensaver-NetBSD | 17 | ||||
| -rw-r--r-- | x11/xscreensaver/options.mk | 14 | ||||
| -rw-r--r-- | x11/xscreensaver/patches/patch-ac | 13 |
8 files changed, 76 insertions, 11 deletions
diff --git a/x11/xscreensaver/MESSAGE b/x11/xscreensaver/MESSAGE new file mode 100644 index 00000000000..050e26d5a07 --- /dev/null +++ b/x11/xscreensaver/MESSAGE @@ -0,0 +1,17 @@ +=========================================================================== +$NetBSD: MESSAGE,v 1.1 2007/01/08 21:45:10 drochner Exp $ + +If xsreensaver is built with the "pam" option: +In order to make unlocking work , you need to add an +xscreensaver file to your pam configuration directory (usually +/etc/pam.d). You can find a sample file in: + ${EGDIR}/pam.d/xscreensaver-NetBSD +On NetBSD, the "pam_pwauth_suid.so" module can be used to authenticate +against a shadow password database. Note that use of this module might +allow programs with your privileges to get a copy of your plaintext +password as typed in for unlocking. +Alternatively, you might set the + ${PREFIX}/bin/xscreensaver +executable setuid root. Since this is a relatively complex program, +there is the risk of other exploits. +=========================================================================== diff --git a/x11/xscreensaver/Makefile b/x11/xscreensaver/Makefile index ee77d225745..82636a9df0a 100644 --- a/x11/xscreensaver/Makefile +++ b/x11/xscreensaver/Makefile @@ -1,4 +1,6 @@ -# $NetBSD: Makefile,v 1.81 2006/10/15 11:44:20 markd Exp $ +# $NetBSD: Makefile,v 1.82 2007/01/08 21:45:10 drochner Exp $ + +PKGREVISION= 1 COMMENT= Screen saver and locker for the X window system @@ -10,6 +12,9 @@ CONFIGURE_ARGS+= --without-gtk CONFIGURE_ARGS+= --with-xml=${BUILDLINK_PREFIX.libxml2} CONFIGURE_ARGS+= --with-configdir=${PREFIX}/libexec/xscreensaver/config +EGDIR= ${PREFIX}/share/examples/xscreensaver +MESSAGE_SUBST+= EGDIR=${EGDIR:Q} + .include "options.mk" .include "../../textproc/libxml2/buildlink3.mk" @@ -17,4 +22,10 @@ CONFIGURE_ARGS+= --with-configdir=${PREFIX}/libexec/xscreensaver/config post-extract: cd ${WRKSRC}/po && ${RM} -f ca.po pt_BR.po +post-install: installpamex +installpamex: + ${INSTALL_DATA_DIR} ${EGDIR}/pam.d + ${INSTALL_DATA} ${FILESDIR}/pam-xscreensaver-NetBSD \ + ${EGDIR}/pam.d/xscreensaver-NetBSD + .include "../../mk/bsd.pkg.mk" diff --git a/x11/xscreensaver/Makefile.common b/x11/xscreensaver/Makefile.common index fb6b3ba1da0..3172ec97865 100644 --- a/x11/xscreensaver/Makefile.common +++ b/x11/xscreensaver/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.93 2006/12/15 20:33:06 joerg Exp $ +# $NetBSD: Makefile.common,v 1.94 2007/01/08 21:45:10 drochner Exp $ # # When updating the package, and screensavers are removed, @@ -25,8 +25,6 @@ CONFIGURE_ARGS+= --with-jpeg=${BUILDLINK_PREFIX.jpeg} CONFIGURE_ARGS+= --with-zippy=/usr/games/fortune CONFIGURE_ARGS+= --without-motif -CONFIGURE_ARGS+= --without-shadow -CONFIGURE_ARGS+= --without-pam CONFIGURE_ENV+= X_PRE_LIBS=-lXt CONFIGURE_ENV+= ac_cv_x_app_defaults="${PREFIX}/lib/X11/app-defaults" diff --git a/x11/xscreensaver/PLIST b/x11/xscreensaver/PLIST index 75e013135b5..bf4d0badc94 100644 --- a/x11/xscreensaver/PLIST +++ b/x11/xscreensaver/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.30 2006/07/18 18:40:36 wiz Exp $ +@comment $NetBSD: PLIST,v 1.31 2007/01/08 21:45:10 drochner Exp $ bin/xscreensaver bin/xscreensaver-command bin/xscreensaver-getimage @@ -634,6 +634,7 @@ man/man6/xscreensaver-gl-helper.6 man/man6/xspirograph.6 man/man6/xsublim.6 man/man6/zoom.6 +share/examples/xscreensaver/pam.d/xscreensaver-NetBSD share/locale/da/LC_MESSAGES/xscreensaver.mo share/locale/de/LC_MESSAGES/xscreensaver.mo share/locale/es/LC_MESSAGES/xscreensaver.mo @@ -656,5 +657,7 @@ share/locale/vi/LC_MESSAGES/xscreensaver.mo share/locale/wa/LC_MESSAGES/xscreensaver.mo share/locale/zh_CN/LC_MESSAGES/xscreensaver.mo share/locale/zh_TW/LC_MESSAGES/xscreensaver.mo +@dirrm share/examples/xscreensaver/pam.d +@dirrm share/examples/xscreensaver @dirrm libexec/xscreensaver/config @dirrm libexec/xscreensaver diff --git a/x11/xscreensaver/distinfo b/x11/xscreensaver/distinfo index 74a44a84bd4..5f6a4cc5a91 100644 --- a/x11/xscreensaver/distinfo +++ b/x11/xscreensaver/distinfo @@ -1,11 +1,11 @@ -$NetBSD: distinfo,v 1.50 2006/08/10 14:51:39 reed Exp $ +$NetBSD: distinfo,v 1.51 2007/01/08 21:45:10 drochner Exp $ SHA1 (xscreensaver-5.00.tar.gz) = 631eb0414112b2db2e62e2ab5a984726d61696d2 RMD160 (xscreensaver-5.00.tar.gz) = 7630ff42cfd24557cf1459902ddc6256004fc938 Size (xscreensaver-5.00.tar.gz) = 5263478 bytes SHA1 (patch-aa) = e9081bc1b18d6906fcda3d652df9954092b93a84 SHA1 (patch-ab) = d49a0854e40d6e0dcd9dfcec9c4007d0dd62dfdb -SHA1 (patch-ac) = 258161b29cdd951d2c7421433f0786c1595e52b6 +SHA1 (patch-ac) = c51781671f11d4fcfbc19ef41c01228bd3c6d529 SHA1 (patch-ad) = 5d0e3fe79d0161897cf945ca4f2a2178342d3ba5 SHA1 (patch-ae) = 16d0c8b50b2601458aaec09d1c7425fb23308225 SHA1 (patch-af) = d8261f1c8fd01b455a151f97837712dc46aff6f3 diff --git a/x11/xscreensaver/files/pam-xscreensaver-NetBSD b/x11/xscreensaver/files/pam-xscreensaver-NetBSD new file mode 100644 index 00000000000..d8be609ee46 --- /dev/null +++ b/x11/xscreensaver/files/pam-xscreensaver-NetBSD @@ -0,0 +1,17 @@ +# $NetBSD: pam-xscreensaver-NetBSD,v 1.1 2007/01/08 21:45:10 drochner Exp $ +# +# PAM configuration for the "xscreensaver" service +# + +# auth +auth sufficient pam_pwauth_suid.so +auth include system + +# account +account include system + +# session +session include system + +# password +password include system diff --git a/x11/xscreensaver/options.mk b/x11/xscreensaver/options.mk index 1abfb5d0118..965ccc71478 100644 --- a/x11/xscreensaver/options.mk +++ b/x11/xscreensaver/options.mk @@ -1,4 +1,4 @@ -# $NetBSD: options.mk,v 1.3 2007/01/06 19:53:40 rillig Exp $ +# $NetBSD: options.mk,v 1.4 2007/01/08 21:45:10 drochner Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.xscreensaver PKG_SUPPORTED_OPTIONS= pam xscreensaver-webcollage @@ -8,12 +8,22 @@ PKG_SUPPORTED_OPTIONS= pam xscreensaver-webcollage .if !empty(PKG_OPTIONS:Mpam) . include "../../mk/pam.buildlink3.mk" CONFIGURE_ARGS+= --with-pam +CONFIGURE_ARGS+= --without-shadow +.if ${OPSYS} == "NetBSD" +# needed to read shadow passwords +DEPENDS+= pam-pwauth_suid-*:../../security/pam-pwauth_suid +.endif +.else +CONFIGURE_ARGS+= --without-pam +# configure should figure out +#CONFIGURE_ARGS+= --without-shadow .endif .if !empty(PKG_OPTIONS:Mxscreensaver-webcollage) PLIST_SRC= PLIST.webcollage PLIST .else -post-install: +post-install: delwebcollage +delwebcollage: rm ${PREFIX}/libexec/xscreensaver/config/webcollage.xml rm ${PREFIX}/libexec/xscreensaver/webcollage rm ${PREFIX}/${PKGMANDIR}/man6/webcollage.6 diff --git a/x11/xscreensaver/patches/patch-ac b/x11/xscreensaver/patches/patch-ac index 2f866966493..9ab9a82ded7 100644 --- a/x11/xscreensaver/patches/patch-ac +++ b/x11/xscreensaver/patches/patch-ac @@ -1,6 +1,6 @@ -$NetBSD: patch-ac,v 1.17 2006/07/18 18:40:36 wiz Exp $ +$NetBSD: patch-ac,v 1.18 2007/01/08 21:45:10 drochner Exp $ ---- configure.orig 2006-05-23 23:01:32.000000000 +0000 +--- configure.orig 2006-05-24 01:01:32.000000000 +0200 +++ configure @@ -2872,6 +2872,9 @@ echo "${ECHO_T}Turning on SGI compiler w esac @@ -47,6 +47,15 @@ $NetBSD: patch-ac,v 1.17 2006/07/18 18:40:36 wiz Exp $ # jwz: MacOS X uses -lkrb5, but not -lcrypt +@@ -14371,7 +14375,7 @@ fi + # + if test "$enable_locking" = yes ; then + case "$host" in +- *-hpux* | *-aix* | *-netbsd* | *-freebsd* | *-openbsd* ) ++ *-hpux* | *-aix* | *-freebsd* | *-openbsd* ) + need_setuid=yes + ;; + esac @@ -14800,11 +14804,7 @@ echo "${ECHO_T}$ac_cv_gtk_config_libs" > ac_gtk_config_libs=$ac_cv_gtk_config_libs |