Commit 2034ea01 authored by Chris Marchesi's avatar Chris Marchesi Committed by Anderson Torres
Browse files

xscreensaver: add suid wrapper patch 



This adds a patch for XScreenSaver that ensures that the suid wrapper
for xscreensaver-auth is run correctly.

The patch is a simple update to drivers/xscreensaver.c that inserts
/run/wrappers/bin before the DEFAULT_PATH_PREFIX, which is the directory
for xscreensaver hacks/demos, and should be preserved.

The wrapper directory can be modified in the derivation, or even
disabled.

Co-authored-by: default avatarAnderson Torres <torres.anderson.85@protonmail.com>
parent 45c70262

pkgs/by-name/xs/xscreensaver/package.nix

+14 −0
Original line number Diff line number Diff line
@@ -26,6 +26,9 @@ 
, systemd

, forceInstallAllHacks ? true

, withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd

, nixosTests

, substituteAll

, wrapperPrefix ? "/run/wrappers/bin"

}:



stdenv.mkDerivation (finalAttrs: {
@@ -75,6 +78,13 @@ stdenv.mkDerivation (finalAttrs: { 
    popd

  '';



  patches = [

    (substituteAll {

      src = ./xscreensaver-wrapper-prefix.patch;

      inherit wrapperPrefix;

    })

  ];



  preConfigure = ''

    # Fix installation paths for GTK resources.

    sed -e 's%@GTK_DATADIR@%@datadir@% ; s%@PO_DATADIR@%@datadir@%' \
@@ -105,6 +115,10 @@ stdenv.mkDerivation (finalAttrs: { 
    cp -f $(find hacks -type f -perm -111 "!" -name "*.*" ) "$out/libexec/xscreensaver"

  '';



  passthru.tests = {

    xscreensaver = nixosTests.xscreensaver;

  };



  meta = {

    homepage = "https://www.jwz.org/xscreensaver/";

    description = "A set of screensavers";

pkgs/by-name/xs/xscreensaver/xscreensaver-wrapper-prefix.patch

0 → 100644
+37 −0
Original line number Diff line number Diff line 
--- a/driver/xscreensaver.c

+++ b/driver/xscreensaver.c

@@ -253,6 +253,8 @@

 #undef MAX

 #define MAX(x,y)((x)>(y)?(x):(y))

 

+/* Define the default wrapper prefix here, for NixOS */

+#define NIXOS_WRAPPER_PREFIX "@wrapperPrefix@"

 

 /* Globals used in this file.

  */

@@ -632,12 +634,24 @@ handle_sigchld (Display *dpy, Bool blanked_p)

 static void

 hack_environment (void)

 {

+  static const char *wrapper_path = NIXOS_WRAPPER_PREFIX;

   static const char *def_path = DEFAULT_PATH_PREFIX;

   const char *opath = getenv("PATH");

   char *npath;

   if (! opath) opath = "/bin:/usr/bin";  /* WTF */

-  npath = (char *) malloc(strlen(def_path) + strlen(opath) + 20);

+  /* NOTE: The NixOS patch adds extra margin than what would be expected for a

+     single extra ":" PATH separator to account for UTF-32 encoding. The

+     original 20 bytes would have only accounted for UTF-16 safely (the path

+     concatenation would have needed 28 bytes of margin at minimum for UTF-32).

+   */

+  npath = (char *) malloc(strlen(wrapper_path) + strlen(def_path) + strlen(opath) + 32);

   strcpy (npath, "PATH=");

+  if (wrapper_path && *wrapper_path)

+    {

+      strcat (npath, wrapper_path);

+      strcat (npath, ":");

+    }

+

   strcat (npath, def_path);

   strcat (npath, ":");

   strcat (npath, opath);