211218 – x11/kde4-workspace: installs kcheckpass with insufficient perms

Bug 211218 - x11/kde4-workspace: installs kcheckpass with insufficient perms

Summary: x11/kde4-workspace: installs kcheckpass with insufficient perms

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Chris Rees

URL:
Keywords:	easy, needs-patch, regression

Depends on:
Blocks:

Reported:	2016-07-19 10:15 UTC by Matthias Apitz
Modified:	2016-09-02 07:00 UTC (History)
CC List:	5 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (kde) koobs: merge-quarterly?

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthias Apitz 2016-07-19 10:15:13 UTC

I'm installing a new laptop with 12-CURRENT and ports from head
(compiled by me with poduriere); it turned out, that I was unable to
unlock a locked KDE session; digging into the problem I saw that the
component to validate the password (kcheckpass) was packaged into the
pkg with wrong perms:

$ tar tzvf /usr/PKGDIR.20160716/kde-workspace-4.11.21.txz | fgrep kcheckpass
-rwxr-xr-x  0 root   wheel   14352 17 jul. 21:43 /usr/local/lib/kde4/libexec/kcheckpass


in older versions from head in December and Mai it was with perms '-rwsr-sr-x':

$ tar tzvf /usr/PKGDIR.20151230/kde-workspace-4.11.14_4.txz | fgrep kcheckpass
-rwsr-sr-x  0 root   wheel   14352 dic. 31  2015 /usr/local/lib/kde4/libexec/kcheckpass

$ tar tzvf /usr/PKGDIR.20160501/kde-workspace-4.11.14_6.txz | fgrep kcheckpass
-rwsr-sr-x  0 root   wheel   14352 may.  6 21:19 /usr/local/lib/kde4/libexec/kcheckpass

Comment 1 groot 2016-08-09 22:40:51 UTC

I just built kde4-workspace out of area51-trunk, and the permissions are as described; official package dated may 15 2015 has different permissions on kcheckpass in the packaged txz.

Comment 2 John Baldwin freebsd_committer

2016-09-01 20:26:28 UTC

Adding a "me-too".  I was able to unlock my desktop by 'chmod u+s' of kcheckpass over an SSH session thankfully.

Comment 3 Bryan Drewery freebsd_committer

2016-09-01 20:28:49 UTC

Latest poudriere-devel has BUILD_AS_NON_ROOT=yes as default which may
be exposing the problem.  The official package builds do not use this
yet.  So there is a missing @mode or (mode) modifier in the pkg-plist.

Comment 4 John Baldwin freebsd_committer

2016-09-01 20:48:08 UTC

Untested possible fix:

Index: pkg-plist
===================================================================
--- pkg-plist   (revision 421134)
+++ pkg-plist   (working copy)
@@ -229,7 +229,7 @@
 lib/kde4/libexec/fontinst
 lib/kde4/libexec/fontinst_helper
 lib/kde4/libexec/fontinst_x11
-lib/kde4/libexec/kcheckpass
+@(root,wheel,6755) lib/kde4/libexec/kcheckpass
 lib/kde4/libexec/kcmdatetimehelper
 lib/kde4/libexec/kcmkdmhelper
 lib/kde4/libexec/kdm_config

Comment 5 John Baldwin freebsd_committer

2016-09-01 20:48:43 UTC

(Though I found that for me simply u+s was enough without also requiring g+s)

Comment 6 Chris Rees freebsd_committer

2016-09-01 21:14:29 UTC

Testing jhb's patch.

Comment 7 commit-hook freebsd_committer

2016-09-02 06:59:46 UTC

A commit references this bug:

Author: crees
Date: Fri Sep  2 06:59:23 UTC 2016
New revision: 421252
URL: https://svnweb.freebsd.org/changeset/ports/421252

Log:
  Correct permissions on kcheckpass

  Without this, if the port is staged as non-root (default on new poudriere), the
  file is installed without setuid root and fails to unlock desktops.

  PR:		ports/211218
  Submitted by:	jhb
  Approved by:	maintainer timeout (kde, 2 months)

Changes:
  head/x11/kde4-workspace/Makefile
  head/x11/kde4-workspace/pkg-plist

Comment 8 Chris Rees freebsd_committer

2016-09-02 07:00:06 UTC

Committed.  Thanks!