summaryrefslogtreecommitdiff
path: root/desktop/slock/patches
diff options
context:
space:
mode:
Diffstat (limited to 'desktop/slock/patches')
-rw-r--r--desktop/slock/patches/0001-Simplify-the-oom-taming-function.patch60
-rw-r--r--desktop/slock/patches/0001-applied-Dimitris-style-patch-from-Dec-14-with-some-m.patch316
-rw-r--r--desktop/slock/patches/0002-Blank-the-screen-with-color-0-add-third-color-for-fa.patch119
-rw-r--r--desktop/slock/patches/0002-Clarify-config.def.h.patch28
-rw-r--r--desktop/slock/patches/0003-No-need-for-usage.patch102
-rw-r--r--desktop/slock/patches/0003-resize-lockscreen-window-after-Xrandr-resize.patch83
-rw-r--r--desktop/slock/patches/0004-Option-to-not-show-failure-color-on-clear.patch64
-rw-r--r--desktop/slock/patches/0004-Use-argv0-instead-of-passing-slock-to-die-every-time.patch125
-rw-r--r--desktop/slock/patches/0005-consistently-use-with-sizeof.patch34
-rw-r--r--desktop/slock/patches/0005-revert-using-argv0-and-minor-fixup.patch78
-rw-r--r--desktop/slock/patches/0006-Revert-No-need-for-usage.patch90
-rw-r--r--desktop/slock/patches/0006-rework-setting-window-color.patch54
-rw-r--r--desktop/slock/patches/0007-Slightly-safer-OOM-killer-disablement-in-linux.patch45
-rw-r--r--desktop/slock/patches/0007-clear-passwords-with-explicit_bzero.patch146
-rw-r--r--desktop/slock/patches/0008-Don-t-change-to-failure-colour-on-success.patch25
-rw-r--r--desktop/slock/patches/0009-add-option-to-run-command-after-screen-is-locked.patch49
16 files changed, 629 insertions, 789 deletions
diff --git a/desktop/slock/patches/0001-Simplify-the-oom-taming-function.patch b/desktop/slock/patches/0001-Simplify-the-oom-taming-function.patch
new file mode 100644
index 0000000000..993cab2491
--- /dev/null
+++ b/desktop/slock/patches/0001-Simplify-the-oom-taming-function.patch
@@ -0,0 +1,60 @@
+From 3abbffa4934a62146e995ee7c2cf3ba50991b4ad Mon Sep 17 00:00:00 2001
+From: FRIGN <dev@frign.de>
+Date: Sun, 14 Feb 2016 01:28:37 +0100
+Subject: [PATCH 1/7] Simplify the oom-taming-function
+
+There really is no need to source a defined variable from a linux
+header. The OOM-rank ranges from -1000 to 1000, so we can safely
+hardcode -1000, which is a sane thing to do given slock is suid and
+we don't want to play around too much here anyway.
+
+On another notice, let's not forget that this still is a shitty
+heuristic. The OOM-killer still can kill us (thus I also changed
+the wording in the error-message. We do not disable the OOM-killer,
+we're just hiding.
+---
+ slock.c | 20 ++++++--------------
+ 1 file changed, 6 insertions(+), 14 deletions(-)
+
+diff --git a/slock.c b/slock.c
+index cf49555..3188ff7 100644
+--- a/slock.c
++++ b/slock.c
+@@ -60,28 +60,20 @@ die(const char *errstr, ...)
+
+ #ifdef __linux__
+ #include <fcntl.h>
+-#include <linux/oom.h>
+
+ static void
+ dontkillme(void)
+ {
+ int fd;
+- int length;
+- char value[64];
+
+ fd = open("/proc/self/oom_score_adj", O_WRONLY);
+- if (fd < 0 && errno == ENOENT)
++ if (fd < 0 && errno == ENOENT) {
+ return;
+-
+- /* convert OOM_SCORE_ADJ_MIN to string for writing */
+- length = snprintf(value, sizeof(value), "%d\n", OOM_SCORE_ADJ_MIN);
+-
+- /* bail on truncation */
+- if (length >= sizeof(value))
+- die("buffer too small\n");
+-
+- if (fd < 0 || write(fd, value, length) != length || close(fd) != 0)
+- die("cannot disable the out-of-memory killer for this process (make sure to suid or sgid slock)\n");
++ }
++ if (fd < 0 || write(fd, "-1000\n", (sizeof("-1000\n") - 1)) !=
++ (sizeof("-1000\n") - 1) || close(fd) != 0) {
++ die("can't tame the oom-killer. is suid or sgid set?\n");
++ }
+ }
+ #endif
+
+--
+2.9.2
+
diff --git a/desktop/slock/patches/0001-applied-Dimitris-style-patch-from-Dec-14-with-some-m.patch b/desktop/slock/patches/0001-applied-Dimitris-style-patch-from-Dec-14-with-some-m.patch
deleted file mode 100644
index d92e14925b..0000000000
--- a/desktop/slock/patches/0001-applied-Dimitris-style-patch-from-Dec-14-with-some-m.patch
+++ /dev/null
@@ -1,316 +0,0 @@
-From a31b9191111572dafaa8366415b89a4472aa4626 Mon Sep 17 00:00:00 2001
-From: Anselm R Garbe <garbeam@gmail.com>
-Date: Tue, 27 Jan 2015 22:16:52 +0100
-Subject: [PATCH 1/9] applied Dimitris' style patch from Dec'14, with some
- minor modifications
-
----
- slock.c | 112 ++++++++++++++++++++++++++++++++++------------------------------
- 1 file changed, 60 insertions(+), 52 deletions(-)
-
-diff --git a/slock.c b/slock.c
-index face75e..407a540 100644
---- a/slock.c
-+++ b/slock.c
-@@ -1,4 +1,3 @@
--
- /* See LICENSE file for license details. */
- #define _XOPEN_SOURCE 500
- #if HAVE_SHADOW_H
-@@ -37,20 +36,22 @@ static int nscreens;
- static Bool running = True;
-
- static void
--die(const char *errstr, ...) {
-+die(const char *errstr, ...)
-+{
- va_list ap;
-
- va_start(ap, errstr);
- vfprintf(stderr, errstr, ap);
- va_end(ap);
-- exit(EXIT_FAILURE);
-+ exit(1);
- }
-
- #ifdef __linux__
- #include <fcntl.h>
-
- static void
--dontkillme(void) {
-+dontkillme(void)
-+{
- int fd;
-
- fd = open("/proc/self/oom_score_adj", O_WRONLY);
-@@ -62,8 +63,10 @@ dontkillme(void) {
- #endif
-
- #ifndef HAVE_BSD_AUTH
-+/* only run as root */
- static const char *
--getpw(void) { /* only run as root */
-+getpw(void)
-+{
- const char *rval;
- struct passwd *pw;
-
-@@ -73,7 +76,7 @@ getpw(void) { /* only run as root */
- if (errno)
- die("slock: getpwuid: %s\n", strerror(errno));
- else
-- die("slock: cannot retrieve password entry (make sure to suid or sgid slock)\n");
-+ die("slock: cannot retrieve password entry\n");
- }
- rval = pw->pw_passwd;
-
-@@ -81,15 +84,15 @@ getpw(void) { /* only run as root */
- if (rval[0] == 'x' && rval[1] == '\0') {
- struct spwd *sp;
- sp = getspnam(getenv("USER"));
-- if(!sp)
-+ if (!sp)
- die("slock: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
- rval = sp->sp_pwdp;
- }
- #endif
-
- /* drop privileges */
-- if (geteuid() == 0
-- && ((getegid() != pw->pw_gid && setgid(pw->pw_gid) < 0) || setuid(pw->pw_uid) < 0))
-+ if (geteuid() == 0 &&
-+ ((getegid() != pw->pw_gid && setgid(pw->pw_gid) < 0) || setuid(pw->pw_uid) < 0))
- die("slock: cannot drop privileges\n");
- return rval;
- }
-@@ -115,21 +118,23 @@ readpw(Display *dpy, const char *pws)
- * had been removed and you can set it with "xset" or some other
- * utility. This way the user can easily set a customized DPMS
- * timeout. */
-- while(running && !XNextEvent(dpy, &ev)) {
-- if(ev.type == KeyPress) {
-+ while (running && !XNextEvent(dpy, &ev)) {
-+ if (ev.type == KeyPress) {
- buf[0] = 0;
- num = XLookupString(&ev.xkey, buf, sizeof buf, &ksym, 0);
-- if(IsKeypadKey(ksym)) {
-- if(ksym == XK_KP_Enter)
-+ if (IsKeypadKey(ksym)) {
-+ if (ksym == XK_KP_Enter)
- ksym = XK_Return;
-- else if(ksym >= XK_KP_0 && ksym <= XK_KP_9)
-+ else if (ksym >= XK_KP_0 && ksym <= XK_KP_9)
- ksym = (ksym - XK_KP_0) + XK_0;
- }
-- if(IsFunctionKey(ksym) || IsKeypadKey(ksym)
-- || IsMiscFunctionKey(ksym) || IsPFKey(ksym)
-- || IsPrivateKeypadKey(ksym))
-+ if (IsFunctionKey(ksym) ||
-+ IsKeypadKey(ksym) ||
-+ IsMiscFunctionKey(ksym) ||
-+ IsPFKey(ksym) ||
-+ IsPrivateKeypadKey(ksym))
- continue;
-- switch(ksym) {
-+ switch (ksym) {
- case XK_Return:
- passwd[len] = 0;
- #ifdef HAVE_BSD_AUTH
-@@ -137,7 +142,7 @@ readpw(Display *dpy, const char *pws)
- #else
- running = !!strcmp(crypt(passwd, pws), pws);
- #endif
-- if(running)
-+ if (running)
- XBell(dpy, 100);
- len = 0;
- break;
-@@ -145,36 +150,37 @@ readpw(Display *dpy, const char *pws)
- len = 0;
- break;
- case XK_BackSpace:
-- if(len)
-+ if (len)
- --len;
- break;
- default:
-- if(num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) {
-+ if (num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) {
- memcpy(passwd + len, buf, num);
- len += num;
- }
- break;
- }
-- if(llen == 0 && len != 0) {
-- for(screen = 0; screen < nscreens; screen++) {
-+ if (llen == 0 && len != 0) {
-+ for (screen = 0; screen < nscreens; screen++) {
- XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[1]);
- XClearWindow(dpy, locks[screen]->win);
- }
-- } else if(llen != 0 && len == 0) {
-- for(screen = 0; screen < nscreens; screen++) {
-+ } else if (llen != 0 && len == 0) {
-+ for (screen = 0; screen < nscreens; screen++) {
- XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[0]);
- XClearWindow(dpy, locks[screen]->win);
- }
- }
- llen = len;
- }
-- else for(screen = 0; screen < nscreens; screen++)
-+ else for (screen = 0; screen < nscreens; screen++)
- XRaiseWindow(dpy, locks[screen]->win);
- }
- }
-
- static void
--unlockscreen(Display *dpy, Lock *lock) {
-+unlockscreen(Display *dpy, Lock *lock)
-+{
- if(dpy == NULL || lock == NULL)
- return;
-
-@@ -187,7 +193,8 @@ unlockscreen(Display *dpy, Lock *lock) {
- }
-
- static Lock *
--lockscreen(Display *dpy, int screen) {
-+lockscreen(Display *dpy, int screen)
-+{
- char curs[] = {0, 0, 0, 0, 0, 0, 0, 0};
- unsigned int len;
- Lock *lock;
-@@ -195,11 +202,11 @@ lockscreen(Display *dpy, int screen) {
- XSetWindowAttributes wa;
- Cursor invisible;
-
-- if(dpy == NULL || screen < 0)
-+ if (dpy == NULL || screen < 0)
- return NULL;
-
- lock = malloc(sizeof(Lock));
-- if(lock == NULL)
-+ if (lock == NULL)
- return NULL;
-
- lock->screen = screen;
-@@ -210,8 +217,8 @@ lockscreen(Display *dpy, int screen) {
- wa.override_redirect = 1;
- wa.background_pixel = BlackPixel(dpy, lock->screen);
- lock->win = XCreateWindow(dpy, lock->root, 0, 0, DisplayWidth(dpy, lock->screen), DisplayHeight(dpy, lock->screen),
-- 0, DefaultDepth(dpy, lock->screen), CopyFromParent,
-- DefaultVisual(dpy, lock->screen), CWOverrideRedirect | CWBackPixel, &wa);
-+ 0, DefaultDepth(dpy, lock->screen), CopyFromParent,
-+ DefaultVisual(dpy, lock->screen), CWOverrideRedirect | CWBackPixel, &wa);
- XAllocNamedColor(dpy, DefaultColormap(dpy, lock->screen), COLOR2, &color, &dummy);
- lock->colors[1] = color.pixel;
- XAllocNamedColor(dpy, DefaultColormap(dpy, lock->screen), COLOR1, &color, &dummy);
-@@ -220,36 +227,37 @@ lockscreen(Display *dpy, int screen) {
- invisible = XCreatePixmapCursor(dpy, lock->pmap, lock->pmap, &color, &color, 0, 0);
- XDefineCursor(dpy, lock->win, invisible);
- XMapRaised(dpy, lock->win);
-- for(len = 1000; len; len--) {
-- if(XGrabPointer(dpy, lock->root, False, ButtonPressMask | ButtonReleaseMask | PointerMotionMask,
-- GrabModeAsync, GrabModeAsync, None, invisible, CurrentTime) == GrabSuccess)
-+ for (len = 1000; len; len--) {
-+ if (XGrabPointer(dpy, lock->root, False, ButtonPressMask | ButtonReleaseMask | PointerMotionMask,
-+ GrabModeAsync, GrabModeAsync, None, invisible, CurrentTime) == GrabSuccess)
- break;
- usleep(1000);
- }
-- if(running && (len > 0)) {
-- for(len = 1000; len; len--) {
-- if(XGrabKeyboard(dpy, lock->root, True, GrabModeAsync, GrabModeAsync, CurrentTime)
-- == GrabSuccess)
-+ if (running && (len > 0)) {
-+ for (len = 1000; len; len--) {
-+ if (XGrabKeyboard(dpy, lock->root, True, GrabModeAsync, GrabModeAsync, CurrentTime) == GrabSuccess)
- break;
- usleep(1000);
- }
- }
-
- running &= (len > 0);
-- if(!running) {
-+ if (!running) {
- unlockscreen(dpy, lock);
- lock = NULL;
- }
-- else
-+ else {
- XSelectInput(dpy, lock->root, SubstructureNotifyMask);
-+ }
-
- return lock;
- }
-
- static void
--usage(void) {
-+usage(void)
-+{
- fprintf(stderr, "usage: slock [-v]\n");
-- exit(EXIT_FAILURE);
-+ exit(1);
- }
-
- int
-@@ -260,38 +268,38 @@ main(int argc, char **argv) {
- Display *dpy;
- int screen;
-
-- if((argc == 2) && !strcmp("-v", argv[1]))
-- die("slock-%s, © 2006-2014 slock engineers\n", VERSION);
-- else if(argc != 1)
-+ if ((argc == 2) && !strcmp("-v", argv[1]))
-+ die("slock-%s, © 2006-2015 slock engineers\n", VERSION);
-+ else if (argc != 1)
- usage();
-
- #ifdef __linux__
- dontkillme();
- #endif
-
-- if(!getpwuid(getuid()))
-+ if (!getpwuid(getuid()))
- die("slock: no passwd entry for you\n");
-
- #ifndef HAVE_BSD_AUTH
- pws = getpw();
- #endif
-
-- if(!(dpy = XOpenDisplay(0)))
-+ if (!(dpy = XOpenDisplay(0)))
- die("slock: cannot open display\n");
- /* Get the number of screens in display "dpy" and blank them all. */
- nscreens = ScreenCount(dpy);
- locks = malloc(sizeof(Lock *) * nscreens);
-- if(locks == NULL)
-+ if (locks == NULL)
- die("slock: malloc: %s\n", strerror(errno));
- int nlocks = 0;
-- for(screen = 0; screen < nscreens; screen++) {
-+ for (screen = 0; screen < nscreens; screen++) {
- if ( (locks[screen] = lockscreen(dpy, screen)) != NULL)
- nlocks++;
- }
- XSync(dpy, False);
-
- /* Did we actually manage to lock something? */
-- if (nlocks == 0) { // nothing to protect
-+ if (nlocks == 0) { /* nothing to protect */
- free(locks);
- XCloseDisplay(dpy);
- return 1;
-@@ -305,7 +313,7 @@ main(int argc, char **argv) {
- #endif
-
- /* Password ok, unlock everything and quit. */
-- for(screen = 0; screen < nscreens; screen++)
-+ for (screen = 0; screen < nscreens; screen++)
- unlockscreen(dpy, locks[screen]);
-
- free(locks);
---
-2.6.4
-
diff --git a/desktop/slock/patches/0002-Blank-the-screen-with-color-0-add-third-color-for-fa.patch b/desktop/slock/patches/0002-Blank-the-screen-with-color-0-add-third-color-for-fa.patch
deleted file mode 100644
index 14d649f942..0000000000
--- a/desktop/slock/patches/0002-Blank-the-screen-with-color-0-add-third-color-for-fa.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From f2ea92c3ddf1d9476ef61f85ec3aa26818d094a1 Mon Sep 17 00:00:00 2001
-From: David Phillips <dbphillipsnz@gmail.com>
-Date: Thu, 12 Feb 2015 11:56:35 +1300
-Subject: [PATCH 2/9] Blank the screen with color 0, add third color for failed
- logins
-
-- Adds another color in config.def.h, COLOR_INIT
-- Renames the colours from numerical ones to ones with meaningful names;
- COLOR_INPUT for when there is content in the input buffer and COLOR_EMPTY
- for when the input buffer has been cleared (backspaced or a failed attempt).
-- Ensures XFreeColors frees the right number of colours. This is now derived
- from the size of `Lock->colors` rather than being an integer literal.
-- Makes slock exhibit the behaviour described by Markus
-
-The default colours are the same as the ones slock currently uses, with the
-exception of the new color, which I have set to red, as it indicates someone
-has either failed an attempt to unlock, or that they have entered input and
-erased it all.
----
- config.def.h | 7 +++++--
- slock.c | 27 ++++++++++++++++++---------
- 2 files changed, 23 insertions(+), 11 deletions(-)
-
-diff --git a/config.def.h b/config.def.h
-index 89e5977..4bccb5d 100644
---- a/config.def.h
-+++ b/config.def.h
-@@ -1,2 +1,5 @@
--#define COLOR1 "black"
--#define COLOR2 "#005577"
-+static const char *colorname[NUMCOLS] = {
-+ "black", /* after initialization */
-+ "#005577", /* during input */
-+ "#CC3333", /* failed/cleared the input */
-+};
-diff --git a/slock.c b/slock.c
-index 407a540..df5c3fe 100644
---- a/slock.c
-+++ b/slock.c
-@@ -22,13 +22,20 @@
- #include <bsd_auth.h>
- #endif
-
-+enum {
-+ INIT,
-+ INPUT,
-+ EMPTY,
-+ NUMCOLS
-+};
-+
- #include "config.h"
-
- typedef struct {
- int screen;
- Window root, win;
- Pixmap pmap;
-- unsigned long colors[2];
-+ unsigned long colors[NUMCOLS];
- } Lock;
-
- static Lock **locks;
-@@ -162,12 +169,12 @@ readpw(Display *dpy, const char *pws)
- }
- if (llen == 0 && len != 0) {
- for (screen = 0; screen < nscreens; screen++) {
-- XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[1]);
-+ XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[INPUT]);
- XClearWindow(dpy, locks[screen]->win);
- }
- } else if (llen != 0 && len == 0) {
- for (screen = 0; screen < nscreens; screen++) {
-- XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[0]);
-+ XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[EMPTY]);
- XClearWindow(dpy, locks[screen]->win);
- }
- }
-@@ -185,7 +192,7 @@ unlockscreen(Display *dpy, Lock *lock)
- return;
-
- XUngrabPointer(dpy, CurrentTime);
-- XFreeColors(dpy, DefaultColormap(dpy, lock->screen), lock->colors, 2, 0);
-+ XFreeColors(dpy, DefaultColormap(dpy, lock->screen), lock->colors, NUMCOLS, 0);
- XFreePixmap(dpy, lock->pmap);
- XDestroyWindow(dpy, lock->win);
-
-@@ -197,6 +204,7 @@ lockscreen(Display *dpy, int screen)
- {
- char curs[] = {0, 0, 0, 0, 0, 0, 0, 0};
- unsigned int len;
-+ int i;
- Lock *lock;
- XColor color, dummy;
- XSetWindowAttributes wa;
-@@ -213,16 +221,17 @@ lockscreen(Display *dpy, int screen)
-
- lock->root = RootWindow(dpy, lock->screen);
-
-+ for (i = 0; i < NUMCOLS; i++) {
-+ XAllocNamedColor(dpy, DefaultColormap(dpy, lock->screen), colorname[i], &color, &dummy);
-+ lock->colors[i] = color.pixel;
-+ }
-+
- /* init */
- wa.override_redirect = 1;
-- wa.background_pixel = BlackPixel(dpy, lock->screen);
-+ wa.background_pixel = lock->colors[INIT];
- lock->win = XCreateWindow(dpy, lock->root, 0, 0, DisplayWidth(dpy, lock->screen), DisplayHeight(dpy, lock->screen),
- 0, DefaultDepth(dpy, lock->screen), CopyFromParent,
- DefaultVisual(dpy, lock->screen), CWOverrideRedirect | CWBackPixel, &wa);
-- XAllocNamedColor(dpy, DefaultColormap(dpy, lock->screen), COLOR2, &color, &dummy);
-- lock->colors[1] = color.pixel;
-- XAllocNamedColor(dpy, DefaultColormap(dpy, lock->screen), COLOR1, &color, &dummy);
-- lock->colors[0] = color.pixel;
- lock->pmap = XCreateBitmapFromData(dpy, lock->win, curs, 8, 8);
- invisible = XCreatePixmapCursor(dpy, lock->pmap, lock->pmap, &color, &color, 0, 0);
- XDefineCursor(dpy, lock->win, invisible);
---
-2.6.4
-
diff --git a/desktop/slock/patches/0002-Clarify-config.def.h.patch b/desktop/slock/patches/0002-Clarify-config.def.h.patch
new file mode 100644
index 0000000000..c5d05a892b
--- /dev/null
+++ b/desktop/slock/patches/0002-Clarify-config.def.h.patch
@@ -0,0 +1,28 @@
+From bdcbeab0d8ac0963c61ae1d9d1ed57d3effb8ec3 Mon Sep 17 00:00:00 2001
+From: FRIGN <dev@frign.de>
+Date: Sun, 14 Feb 2016 01:32:02 +0100
+Subject: [PATCH 2/7] Clarify config.def.h
+
+Clear up the wording a bit and explain what failonclear means.
+---
+ config.def.h | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/config.def.h b/config.def.h
+index fca0ae0..eae2d9a 100644
+--- a/config.def.h
++++ b/config.def.h
+@@ -1,6 +1,8 @@
+ static const char *colorname[NUMCOLS] = {
+ "black", /* after initialization */
+ "#005577", /* during input */
+- "#CC3333", /* failed/cleared the input */
++ "#CC3333", /* wrong password */
+ };
+-static const Bool failonclear = True;
++
++/* treat a cleared input like a wrong password */
++static const int failonclear = 1;
+--
+2.9.2
+
diff --git a/desktop/slock/patches/0003-No-need-for-usage.patch b/desktop/slock/patches/0003-No-need-for-usage.patch
new file mode 100644
index 0000000000..9eb7b4b256
--- /dev/null
+++ b/desktop/slock/patches/0003-No-need-for-usage.patch
@@ -0,0 +1,102 @@
+From a6dc051e3744ce5b14c54d2d246d3e8258207e76 Mon Sep 17 00:00:00 2001
+From: FRIGN <dev@frign.de>
+Date: Sun, 14 Feb 2016 01:48:48 +0100
+Subject: [PATCH 3/7] No need for usage()
+
+There are 2 arguments why -v and -h are broken:
+
+ 1) if you are running off git, -v will show the last stable
+ release, effectively making this option useless.
+ people running stable versions leave open an attack surface
+ this way in case there are vulnerabilities found.
+ 99% of the people are also using package managers to keep
+ their software up to date, instead of running $TOOL -v to
+ check how old it is.
+ 2) -h is a sad excuse for not just looking at the manual page
+ (man 1 slock). Given we accept a post_lock_command, we can't
+ be as liberal and just intercept certain flags.
+
+I changed the manpage to reflect this change.
+---
+ slock.1 | 24 +++++++-----------------
+ slock.c | 16 ++--------------
+ 2 files changed, 9 insertions(+), 31 deletions(-)
+
+diff --git a/slock.1 b/slock.1
+index 1f946d9..467194d 100644
+--- a/slock.1
++++ b/slock.1
+@@ -1,29 +1,19 @@
+ .TH SLOCK 1 slock\-VERSION
+ .SH NAME
+-slock \- simple X display locker
++slock \- simple X screen locker
+ .SH SYNOPSIS
+ .B slock
+-.RB [ \-v
+-|
+-.IR post_lock_command ]
++.RB [
++.IR cmd
++]
+ .SH DESCRIPTION
+ .B slock
+-is a screen locker for X. If provided, the
+-.IR post_lock_command
+-will be executed when the screen is locked.
+-.SH OPTIONS
+-.TP
+-.B \-v
+-prints version information to stdout, then exits.
++is an X screen locker. If provided,
++.IR cmd
++is executed after the screen has been locked.
+ .SH EXAMPLES
+ $ slock /usr/sbin/s2ram
+ .SH CUSTOMIZATION
+ .B slock
+ can be customized by creating a custom config.h and (re)compiling the source
+ code. This keeps it fast, secure and simple.
+-.SH AUTHORS
+-See the LICENSE file for the authors.
+-.SH LICENSE
+-See the LICENSE file for the terms of redistribution.
+-.SH BUGS
+-Please report them.
+diff --git a/slock.c b/slock.c
+index 3188ff7..4531f95 100644
+--- a/slock.c
++++ b/slock.c
+@@ -272,27 +272,15 @@ lockscreen(Display *dpy, int screen)
+ return NULL;
+ }
+
+-static void
+-usage(void)
+-{
+- fprintf(stderr, "usage: slock [-v|POST_LOCK_CMD]\n");
+- exit(1);
+-}
+-
+ int
+-main(int argc, char **argv) {
++main(int argc, char **argv)
++{
+ #ifndef HAVE_BSD_AUTH
+ const char *pws;
+ #endif
+ Display *dpy;
+ int screen;
+
+- if ((argc == 2) && !strcmp("-v", argv[1]))
+- die("slock-%s, © 2006-2016 slock engineers\n", VERSION);
+-
+- if ((argc == 2) && !strcmp("-h", argv[1]))
+- usage();
+-
+ #ifdef __linux__
+ dontkillme();
+ #endif
+--
+2.9.2
+
diff --git a/desktop/slock/patches/0003-resize-lockscreen-window-after-Xrandr-resize.patch b/desktop/slock/patches/0003-resize-lockscreen-window-after-Xrandr-resize.patch
deleted file mode 100644
index 4b74350fca..0000000000
--- a/desktop/slock/patches/0003-resize-lockscreen-window-after-Xrandr-resize.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From f5ef1b8eb5555da11e81d92d8d05acd4aba1ef40 Mon Sep 17 00:00:00 2001
-From: Markus Teich <markus.teich@stusta.mhn.de>
-Date: Wed, 25 Feb 2015 23:06:45 +0100
-Subject: [PATCH 3/9] resize lockscreen window after Xrandr resize
-
----
- config.mk | 2 +-
- slock.c | 18 ++++++++++++++++--
- 2 files changed, 17 insertions(+), 3 deletions(-)
-
-diff --git a/config.mk b/config.mk
-index 067cfc7..44e41c6 100644
---- a/config.mk
-+++ b/config.mk
-@@ -11,7 +11,7 @@ X11LIB = /usr/X11R6/lib
-
- # includes and libs
- INCS = -I. -I/usr/include -I${X11INC}
--LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext
-+LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr
-
- # flags
- CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H
-diff --git a/slock.c b/slock.c
-index df5c3fe..6502c86 100644
---- a/slock.c
-+++ b/slock.c
-@@ -13,6 +13,7 @@
- #include <string.h>
- #include <unistd.h>
- #include <sys/types.h>
-+#include <X11/extensions/Xrandr.h>
- #include <X11/keysym.h>
- #include <X11/Xlib.h>
- #include <X11/Xutil.h>
-@@ -41,6 +42,9 @@ typedef struct {
- static Lock **locks;
- static int nscreens;
- static Bool running = True;
-+static Bool rr;
-+static int rrevbase;
-+static int rrerrbase;
-
- static void
- die(const char *errstr, ...)
-@@ -179,8 +183,15 @@ readpw(Display *dpy, const char *pws)
- }
- }
- llen = len;
-- }
-- else for (screen = 0; screen < nscreens; screen++)
-+ } else if (rr && ev.type == rrevbase + RRScreenChangeNotify) {
-+ XRRScreenChangeNotifyEvent *rre = (XRRScreenChangeNotifyEvent*)&ev;
-+ for (screen = 0; screen < nscreens; screen++) {
-+ if (locks[screen]->win == rre->window) {
-+ XResizeWindow(dpy, locks[screen]->win, rre->width, rre->height);
-+ XClearWindow(dpy, locks[screen]->win);
-+ }
-+ }
-+ } else for (screen = 0; screen < nscreens; screen++)
- XRaiseWindow(dpy, locks[screen]->win);
- }
- }
-@@ -236,6 +247,8 @@ lockscreen(Display *dpy, int screen)
- invisible = XCreatePixmapCursor(dpy, lock->pmap, lock->pmap, &color, &color, 0, 0);
- XDefineCursor(dpy, lock->win, invisible);
- XMapRaised(dpy, lock->win);
-+ if (rr)
-+ XRRSelectInput(dpy, lock->win, RRScreenChangeNotifyMask);
- for (len = 1000; len; len--) {
- if (XGrabPointer(dpy, lock->root, False, ButtonPressMask | ButtonReleaseMask | PointerMotionMask,
- GrabModeAsync, GrabModeAsync, None, invisible, CurrentTime) == GrabSuccess)
-@@ -295,6 +308,7 @@ main(int argc, char **argv) {
-
- if (!(dpy = XOpenDisplay(0)))
- die("slock: cannot open display\n");
-+ rr = XRRQueryExtension(dpy, &rrevbase, &rrerrbase);
- /* Get the number of screens in display "dpy" and blank them all. */
- nscreens = ScreenCount(dpy);
- locks = malloc(sizeof(Lock *) * nscreens);
---
-2.6.4
-
diff --git a/desktop/slock/patches/0004-Option-to-not-show-failure-color-on-clear.patch b/desktop/slock/patches/0004-Option-to-not-show-failure-color-on-clear.patch
deleted file mode 100644
index 07866a66c6..0000000000
--- a/desktop/slock/patches/0004-Option-to-not-show-failure-color-on-clear.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From b1289f30b79c9c5ea43a9e9c624406d7d0661692 Mon Sep 17 00:00:00 2001
-From: Nick Currier <nick.currier@gmail.com>
-Date: Wed, 6 May 2015 10:18:50 -0600
-Subject: [PATCH 4/9] Option to not show failure color on clear
-
----
- config.def.h | 1 +
- slock.c | 9 ++++++---
- 2 files changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/config.def.h b/config.def.h
-index 4bccb5d..fca0ae0 100644
---- a/config.def.h
-+++ b/config.def.h
-@@ -3,3 +3,4 @@ static const char *colorname[NUMCOLS] = {
- "#005577", /* during input */
- "#CC3333", /* failed/cleared the input */
- };
-+static const Bool failonclear = True;
-diff --git a/slock.c b/slock.c
-index 6502c86..1551a9e 100644
---- a/slock.c
-+++ b/slock.c
-@@ -26,7 +26,7 @@
- enum {
- INIT,
- INPUT,
-- EMPTY,
-+ FAILED,
- NUMCOLS
- };
-
-@@ -42,6 +42,7 @@ typedef struct {
- static Lock **locks;
- static int nscreens;
- static Bool running = True;
-+static Bool failure = False;
- static Bool rr;
- static int rrevbase;
- static int rrerrbase;
-@@ -153,8 +154,10 @@ readpw(Display *dpy, const char *pws)
- #else
- running = !!strcmp(crypt(passwd, pws), pws);
- #endif
-- if (running)
-+ if (running) {
- XBell(dpy, 100);
-+ failure = True;
-+ }
- len = 0;
- break;
- case XK_Escape:
-@@ -178,7 +181,7 @@ readpw(Display *dpy, const char *pws)
- }
- } else if (llen != 0 && len == 0) {
- for (screen = 0; screen < nscreens; screen++) {
-- XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[EMPTY]);
-+ XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[failure || failonclear ? FAILED : INIT]);
- XClearWindow(dpy, locks[screen]->win);
- }
- }
---
-2.6.4
-
diff --git a/desktop/slock/patches/0004-Use-argv0-instead-of-passing-slock-to-die-every-time.patch b/desktop/slock/patches/0004-Use-argv0-instead-of-passing-slock-to-die-every-time.patch
new file mode 100644
index 0000000000..954df8f8d3
--- /dev/null
+++ b/desktop/slock/patches/0004-Use-argv0-instead-of-passing-slock-to-die-every-time.patch
@@ -0,0 +1,125 @@
+From b02c4d452a7942d4be3c69e6f98dafd35a2e4e78 Mon Sep 17 00:00:00 2001
+From: FRIGN <dev@frign.de>
+Date: Sun, 14 Feb 2016 02:13:54 +0100
+Subject: [PATCH 4/7] Use argv0 instead of passing "slock:" to die every time
+
+---
+ slock.c | 28 ++++++++++++++++------------
+ 1 file changed, 16 insertions(+), 12 deletions(-)
+
+diff --git a/slock.c b/slock.c
+index 4531f95..a0ffed0 100644
+--- a/slock.c
++++ b/slock.c
+@@ -46,6 +46,7 @@ static Bool failure = False;
+ static Bool rr;
+ static int rrevbase;
+ static int rrerrbase;
++static char *argv0;
+
+ static void
+ die(const char *errstr, ...)
+@@ -53,6 +54,7 @@ die(const char *errstr, ...)
+ va_list ap;
+
+ va_start(ap, errstr);
++ fprintf(stderr, "%s: ", argv0);
+ vfprintf(stderr, errstr, ap);
+ va_end(ap);
+ exit(1);
+@@ -88,9 +90,9 @@ getpw(void)
+ errno = 0;
+ if (!(pw = getpwuid(getuid()))) {
+ if (errno)
+- die("slock: getpwuid: %s\n", strerror(errno));
++ die("getpwuid: %s\n", strerror(errno));
+ else
+- die("slock: cannot retrieve password entry\n");
++ die("cannot retrieve password entry\n");
+ }
+ rval = pw->pw_passwd;
+
+@@ -98,7 +100,7 @@ getpw(void)
+ if (rval[0] == 'x' && rval[1] == '\0') {
+ struct spwd *sp;
+ if (!(sp = getspnam(getenv("USER"))))
+- die("slock: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
++ die("cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
+ rval = sp->sp_pwdp;
+ }
+ #endif
+@@ -106,7 +108,7 @@ getpw(void)
+ /* drop privileges */
+ if (geteuid() == 0 &&
+ ((getegid() != pw->pw_gid && setgid(pw->pw_gid) < 0) || setuid(pw->pw_uid) < 0))
+- die("slock: cannot drop privileges\n");
++ die("cannot drop privileges\n");
+ return rval;
+ }
+ #endif
+@@ -254,7 +256,7 @@ lockscreen(Display *dpy, int screen)
+ usleep(1000);
+ }
+ if (!len) {
+- fprintf(stderr, "slock: unable to grab mouse pointer for screen %d\n", screen);
++ fprintf(stderr, "unable to grab mouse pointer for screen %d\n", screen);
+ } else {
+ for (len = 1000; len; len--) {
+ if (XGrabKeyboard(dpy, lock->root, True, GrabModeAsync, GrabModeAsync, CurrentTime) == GrabSuccess) {
+@@ -264,7 +266,7 @@ lockscreen(Display *dpy, int screen)
+ }
+ usleep(1000);
+ }
+- fprintf(stderr, "slock: unable to grab keyboard for screen %d\n", screen);
++ fprintf(stderr, "unable to grab keyboard for screen %d\n", screen);
+ }
+ /* grabbing one of the inputs failed */
+ running = 0;
+@@ -281,24 +283,26 @@ main(int argc, char **argv)
+ Display *dpy;
+ int screen;
+
++ argv0 = argv[0], argc--, argv++;
++
+ #ifdef __linux__
+ dontkillme();
+ #endif
+
+ if (!getpwuid(getuid()))
+- die("slock: no passwd entry for you\n");
++ die("no passwd entry for you\n");
+
+ #ifndef HAVE_BSD_AUTH
+ pws = getpw();
+ #endif
+
+ if (!(dpy = XOpenDisplay(0)))
+- die("slock: cannot open display\n");
++ die("cannot open display\n");
+ rr = XRRQueryExtension(dpy, &rrevbase, &rrerrbase);
+ /* Get the number of screens in display "dpy" and blank them all. */
+ nscreens = ScreenCount(dpy);
+ if (!(locks = malloc(sizeof(Lock*) * nscreens)))
+- die("slock: malloc: %s\n", strerror(errno));
++ die("Out of memory.\n");
+ int nlocks = 0;
+ for (screen = 0; screen < nscreens; screen++) {
+ if ((locks[screen] = lockscreen(dpy, screen)) != NULL)
+@@ -313,11 +317,11 @@ main(int argc, char **argv)
+ return 1;
+ }
+
+- if (argc >= 2 && fork() == 0) {
++ if (argc >= 1 && fork() == 0) {
+ if (dpy)
+ close(ConnectionNumber(dpy));
+- execvp(argv[1], argv+1);
+- die("slock: execvp %s failed: %s\n", argv[1], strerror(errno));
++ execvp(argv[0], argv);
++ die("execvp %s failed: %s\n", argv[0], strerror(errno));
+ }
+
+ /* Everything is now blank. Now wait for the correct password. */
+--
+2.9.2
+
diff --git a/desktop/slock/patches/0005-consistently-use-with-sizeof.patch b/desktop/slock/patches/0005-consistently-use-with-sizeof.patch
deleted file mode 100644
index 8db4960d68..0000000000
--- a/desktop/slock/patches/0005-consistently-use-with-sizeof.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 10d4e479c5f6d91bf86e15be3a12c6b09c9808be Mon Sep 17 00:00:00 2001
-From: Markus Teich <markus.teich@stusta.mhn.de>
-Date: Fri, 8 May 2015 16:43:13 +0200
-Subject: [PATCH 5/9] consistently use () with sizeof
-
----
- slock.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/slock.c b/slock.c
-index 1551a9e..68e813f 100644
---- a/slock.c
-+++ b/slock.c
-@@ -133,7 +133,7 @@ readpw(Display *dpy, const char *pws)
- while (running && !XNextEvent(dpy, &ev)) {
- if (ev.type == KeyPress) {
- buf[0] = 0;
-- num = XLookupString(&ev.xkey, buf, sizeof buf, &ksym, 0);
-+ num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
- if (IsKeypadKey(ksym)) {
- if (ksym == XK_KP_Enter)
- ksym = XK_Return;
-@@ -168,7 +168,7 @@ readpw(Display *dpy, const char *pws)
- --len;
- break;
- default:
-- if (num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) {
-+ if (num && !iscntrl((int) buf[0]) && (len + num < sizeof(passwd))) {
- memcpy(passwd + len, buf, num);
- len += num;
- }
---
-2.6.4
-
diff --git a/desktop/slock/patches/0005-revert-using-argv0-and-minor-fixup.patch b/desktop/slock/patches/0005-revert-using-argv0-and-minor-fixup.patch
new file mode 100644
index 0000000000..d1ae1e9dfa
--- /dev/null
+++ b/desktop/slock/patches/0005-revert-using-argv0-and-minor-fixup.patch
@@ -0,0 +1,78 @@
+From ec46680fe10ffc69007b0a8b29d9e69c72704053 Mon Sep 17 00:00:00 2001
+From: Markus Teich <markus.teich@stusta.mhn.de>
+Date: Mon, 15 Feb 2016 14:00:56 +0100
+Subject: [PATCH 5/7] revert using argv0 and minor fixup
+
+- use hardcoded "slock" instead of argv[0]
+- add "slock: " to fprintf calls, where it was missing
+- revert `argc--, argv++` shifting
+---
+ slock.c | 15 ++++++---------
+ 1 file changed, 6 insertions(+), 9 deletions(-)
+
+diff --git a/slock.c b/slock.c
+index a0ffed0..2aa395e 100644
+--- a/slock.c
++++ b/slock.c
+@@ -46,15 +46,14 @@ static Bool failure = False;
+ static Bool rr;
+ static int rrevbase;
+ static int rrerrbase;
+-static char *argv0;
+
+ static void
+ die(const char *errstr, ...)
+ {
+ va_list ap;
+
++ fputs("slock: ", stderr);
+ va_start(ap, errstr);
+- fprintf(stderr, "%s: ", argv0);
+ vfprintf(stderr, errstr, ap);
+ va_end(ap);
+ exit(1);
+@@ -256,7 +255,7 @@ lockscreen(Display *dpy, int screen)
+ usleep(1000);
+ }
+ if (!len) {
+- fprintf(stderr, "unable to grab mouse pointer for screen %d\n", screen);
++ fprintf(stderr, "slock: unable to grab mouse pointer for screen %d\n", screen);
+ } else {
+ for (len = 1000; len; len--) {
+ if (XGrabKeyboard(dpy, lock->root, True, GrabModeAsync, GrabModeAsync, CurrentTime) == GrabSuccess) {
+@@ -266,7 +265,7 @@ lockscreen(Display *dpy, int screen)
+ }
+ usleep(1000);
+ }
+- fprintf(stderr, "unable to grab keyboard for screen %d\n", screen);
++ fprintf(stderr, "slock: unable to grab keyboard for screen %d\n", screen);
+ }
+ /* grabbing one of the inputs failed */
+ running = 0;
+@@ -283,8 +282,6 @@ main(int argc, char **argv)
+ Display *dpy;
+ int screen;
+
+- argv0 = argv[0], argc--, argv++;
+-
+ #ifdef __linux__
+ dontkillme();
+ #endif
+@@ -317,11 +314,11 @@ main(int argc, char **argv)
+ return 1;
+ }
+
+- if (argc >= 1 && fork() == 0) {
++ if (argc >= 2 && fork() == 0) {
+ if (dpy)
+ close(ConnectionNumber(dpy));
+- execvp(argv[0], argv);
+- die("execvp %s failed: %s\n", argv[0], strerror(errno));
++ execvp(argv[1], argv+1);
++ die("execvp %s failed: %s\n", argv[1], strerror(errno));
+ }
+
+ /* Everything is now blank. Now wait for the correct password. */
+--
+2.9.2
+
diff --git a/desktop/slock/patches/0006-Revert-No-need-for-usage.patch b/desktop/slock/patches/0006-Revert-No-need-for-usage.patch
new file mode 100644
index 0000000000..659685bc5d
--- /dev/null
+++ b/desktop/slock/patches/0006-Revert-No-need-for-usage.patch
@@ -0,0 +1,90 @@
+From 65b8d5278882310eed758e6fbfd6ab9676db883c Mon Sep 17 00:00:00 2001
+From: Markus Teich <markus.teich@stusta.mhn.de>
+Date: Mon, 15 Feb 2016 14:15:45 +0100
+Subject: [PATCH 6/7] Revert "No need for usage()"
+
+This reverts most of commit a6dc051e3744ce5b14c54d2d246d3e8258207e76 and fixes
+some related stuff:
+
+- keep spelling fixes from original commit
+- make -h and -v also work when followed by more arguments
+- any unknown flag prints usage
+- fix output of -v to display "slock: version 1.3" instead of "slock: slock-1.3"
+---
+ slock.1 | 16 +++++++++++++---
+ slock.c | 17 +++++++++++++++--
+ 2 files changed, 28 insertions(+), 5 deletions(-)
+
+diff --git a/slock.1 b/slock.1
+index 467194d..0ef3e15 100644
+--- a/slock.1
++++ b/slock.1
+@@ -3,17 +3,27 @@
+ slock \- simple X screen locker
+ .SH SYNOPSIS
+ .B slock
+-.RB [
+-.IR cmd
+-]
++.RB [ \-v
++|
++.IR cmd ]
+ .SH DESCRIPTION
+ .B slock
+ is an X screen locker. If provided,
+ .IR cmd
+ is executed after the screen has been locked.
++.SH OPTIONS
++.TP
++.B \-v
++prints version information to stdout, then exits.
+ .SH EXAMPLES
+ $ slock /usr/sbin/s2ram
+ .SH CUSTOMIZATION
+ .B slock
+ can be customized by creating a custom config.h and (re)compiling the source
+ code. This keeps it fast, secure and simple.
++.SH AUTHORS
++See the LICENSE file for the authors.
++.SH LICENSE
++See the LICENSE file for the terms of redistribution.
++.SH BUGS
++Please report them.
+diff --git a/slock.c b/slock.c
+index 2aa395e..c9cdee2 100644
+--- a/slock.c
++++ b/slock.c
+@@ -273,15 +273,28 @@ lockscreen(Display *dpy, int screen)
+ return NULL;
+ }
+
+-int
+-main(int argc, char **argv)
++static void
++usage(void)
+ {
++ fprintf(stderr, "usage: slock [-v|POST_LOCK_CMD]\n");
++ exit(1);
++}
++
++int
++main(int argc, char **argv) {
+ #ifndef HAVE_BSD_AUTH
+ const char *pws;
+ #endif
+ Display *dpy;
+ int screen;
+
++ if ((argc >= 2) && !strcmp("-v", argv[1]))
++ die("version %s, © 2006-2016 slock engineers\n", VERSION);
++
++ /* treat first argument starting with a '-' as option */
++ if ((argc >= 2) && argv[1][0] == '-')
++ usage();
++
+ #ifdef __linux__
+ dontkillme();
+ #endif
+--
+2.9.2
+
diff --git a/desktop/slock/patches/0006-rework-setting-window-color.patch b/desktop/slock/patches/0006-rework-setting-window-color.patch
deleted file mode 100644
index f1c0903f8c..0000000000
--- a/desktop/slock/patches/0006-rework-setting-window-color.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 754195f8d75586e23d1cc69cad00710802e0cb5d Mon Sep 17 00:00:00 2001
-From: Markus Teich <markus.teich@stusta.mhn.de>
-Date: Fri, 8 May 2015 17:10:15 +0200
-Subject: [PATCH 6/9] rework setting window color
-
----
- slock.c | 17 +++++++----------
- 1 file changed, 7 insertions(+), 10 deletions(-)
-
-diff --git a/slock.c b/slock.c
-index 68e813f..d6053af 100644
---- a/slock.c
-+++ b/slock.c
-@@ -119,11 +119,12 @@ readpw(Display *dpy, const char *pws)
- {
- char buf[32], passwd[256];
- int num, screen;
-- unsigned int len, llen;
-+ unsigned int len, color;
- KeySym ksym;
- XEvent ev;
-+ static int oldc = INIT;
-
-- len = llen = 0;
-+ len = 0;
- running = True;
-
- /* As "slock" stands for "Simple X display locker", the DPMS settings
-@@ -174,18 +175,14 @@ readpw(Display *dpy, const char *pws)
- }
- break;
- }
-- if (llen == 0 && len != 0) {
-+ color = len ? INPUT : (failure || failonclear ? FAILED : INIT);
-+ if (oldc != color) {
- for (screen = 0; screen < nscreens; screen++) {
-- XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[INPUT]);
-- XClearWindow(dpy, locks[screen]->win);
-- }
-- } else if (llen != 0 && len == 0) {
-- for (screen = 0; screen < nscreens; screen++) {
-- XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[failure || failonclear ? FAILED : INIT]);
-+ XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[color]);
- XClearWindow(dpy, locks[screen]->win);
- }
-+ oldc = color;
- }
-- llen = len;
- } else if (rr && ev.type == rrevbase + RRScreenChangeNotify) {
- XRRScreenChangeNotifyEvent *rre = (XRRScreenChangeNotifyEvent*)&ev;
- for (screen = 0; screen < nscreens; screen++) {
---
-2.6.4
-
diff --git a/desktop/slock/patches/0007-Slightly-safer-OOM-killer-disablement-in-linux.patch b/desktop/slock/patches/0007-Slightly-safer-OOM-killer-disablement-in-linux.patch
deleted file mode 100644
index 8fbde2c31d..0000000000
--- a/desktop/slock/patches/0007-Slightly-safer-OOM-killer-disablement-in-linux.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 0edbd2e0164a8c6cbad415e38083469041f29996 Mon Sep 17 00:00:00 2001
-From: David Phillips <dbphillipsnz@gmail.com>
-Date: Fri, 19 Jun 2015 23:42:15 +1200
-Subject: [PATCH 7/9] Slightly safer OOM killer disablement in linux
-
----
- slock.c | 13 ++++++++++++-
- 1 file changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/slock.c b/slock.c
-index d6053af..b3bee92 100644
---- a/slock.c
-+++ b/slock.c
-@@ -60,16 +60,27 @@ die(const char *errstr, ...)
-
- #ifdef __linux__
- #include <fcntl.h>
-+#include <linux/oom.h>
-
- static void
- dontkillme(void)
- {
- int fd;
-+ int length;
-+ char value[64];
-
- fd = open("/proc/self/oom_score_adj", O_WRONLY);
- if (fd < 0 && errno == ENOENT)
- return;
-- if (fd < 0 || write(fd, "-1000\n", 6) != 6 || close(fd) != 0)
-+
-+ /* convert OOM_SCORE_ADJ_MIN to string for writing */
-+ length = snprintf(value, sizeof(value), "%d\n", OOM_SCORE_ADJ_MIN);
-+
-+ /* bail on truncation */
-+ if (length >= sizeof(value))
-+ die("buffer too small\n");
-+
-+ if (fd < 0 || write(fd, value, length) != length || close(fd) != 0)
- die("cannot disable the out-of-memory killer for this process\n");
- }
- #endif
---
-2.6.4
-
diff --git a/desktop/slock/patches/0007-clear-passwords-with-explicit_bzero.patch b/desktop/slock/patches/0007-clear-passwords-with-explicit_bzero.patch
new file mode 100644
index 0000000000..3d43e9a9bf
--- /dev/null
+++ b/desktop/slock/patches/0007-clear-passwords-with-explicit_bzero.patch
@@ -0,0 +1,146 @@
+From a7afade1701a809f6a33b53525d59dd29b38d381 Mon Sep 17 00:00:00 2001
+From: Hiltjo Posthuma <hiltjo@codemadness.org>
+Date: Sun, 31 Jul 2016 13:43:00 +0200
+Subject: [PATCH 7/7] clear passwords with explicit_bzero
+
+Make sure to explicitly clear memory that is used for password input. memset
+is often optimized out by the compiler.
+
+Brought to attention by the OpenBSD community, see:
+https://marc.info/?t=146989502600003&r=1&w=2
+Thread subject: x11/slock: clear passwords with explicit_bzero
+
+Changes:
+
+- explicit_bzero.c import from libressl-portable.
+- Makefile: add COMPATSRC for compatibility src.
+- config.mk: add separate *BSD section in config.mk to simply uncomment it on
+ these platforms.
+---
+ Makefile | 6 +++---
+ config.mk | 4 ++++
+ explicit_bzero.c | 19 +++++++++++++++++++
+ slock.c | 8 ++++++--
+ util.h | 2 ++
+ 5 files changed, 34 insertions(+), 5 deletions(-)
+ create mode 100644 explicit_bzero.c
+ create mode 100644 util.h
+
+diff --git a/Makefile b/Makefile
+index 86b3437..8b3e248 100644
+--- a/Makefile
++++ b/Makefile
+@@ -3,7 +3,7 @@
+
+ include config.mk
+
+-SRC = slock.c
++SRC = slock.c ${COMPATSRC}
+ OBJ = ${SRC:.c=.o}
+
+ all: options slock
+@@ -35,8 +35,8 @@ clean:
+ dist: clean
+ @echo creating dist tarball
+ @mkdir -p slock-${VERSION}
+- @cp -R LICENSE Makefile README config.def.h config.mk ${SRC} slock.1 \
+- slock-${VERSION}
++ @cp -R LICENSE Makefile README config.def.h config.mk ${SRC} \
++ explicit_bzero.c slock.1 slock-${VERSION}
+ @tar -cf slock-${VERSION}.tar slock-${VERSION}
+ @gzip slock-${VERSION}.tar
+ @rm -rf slock-${VERSION}
+diff --git a/config.mk b/config.mk
+index f93879e..3afc061 100644
+--- a/config.mk
++++ b/config.mk
+@@ -18,9 +18,13 @@ LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr
+ CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H
+ CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}
+ LDFLAGS = -s ${LIBS}
++COMPATSRC = explicit_bzero.c
+
+ # On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH
+ # On OpenBSD and Darwin remove -lcrypt from LIBS
++#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr
++#CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE
++#COMPATSRC =
+
+ # compiler and linker
+ CC = cc
+diff --git a/explicit_bzero.c b/explicit_bzero.c
+new file mode 100644
+index 0000000..3e33ca8
+--- /dev/null
++++ b/explicit_bzero.c
+@@ -0,0 +1,19 @@
++/* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
++/*
++ * Public domain.
++ * Written by Matthew Dempsky.
++ */
++
++#include <string.h>
++
++__attribute__((weak)) void
++__explicit_bzero_hook(void *buf, size_t len)
++{
++}
++
++void
++explicit_bzero(void *buf, size_t len)
++{
++ memset(buf, 0, len);
++ __explicit_bzero_hook(buf, len);
++}
+diff --git a/slock.c b/slock.c
+index c9cdee2..a00fbb9 100644
+--- a/slock.c
++++ b/slock.c
+@@ -23,6 +23,8 @@
+ #include <bsd_auth.h>
+ #endif
+
++#include "util.h"
++
+ enum {
+ INIT,
+ INPUT,
+@@ -135,7 +137,7 @@ readpw(Display *dpy, const char *pws)
+ * timeout. */
+ while (running && !XNextEvent(dpy, &ev)) {
+ if (ev.type == KeyPress) {
+- buf[0] = 0;
++ explicit_bzero(&buf, sizeof(buf));
+ num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
+ if (IsKeypadKey(ksym)) {
+ if (ksym == XK_KP_Enter)
+@@ -161,14 +163,16 @@ readpw(Display *dpy, const char *pws)
+ XBell(dpy, 100);
+ failure = True;
+ }
++ explicit_bzero(&passwd, sizeof(passwd));
+ len = 0;
+ break;
+ case XK_Escape:
++ explicit_bzero(&passwd, sizeof(passwd));
+ len = 0;
+ break;
+ case XK_BackSpace:
+ if (len)
+- --len;
++ passwd[len--] = 0;
+ break;
+ default:
+ if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) {
+diff --git a/util.h b/util.h
+new file mode 100644
+index 0000000..6f748b8
+--- /dev/null
++++ b/util.h
+@@ -0,0 +1,2 @@
++#undef explicit_bzero
++void explicit_bzero(void *, size_t);
+--
+2.9.2
+
diff --git a/desktop/slock/patches/0008-Don-t-change-to-failure-colour-on-success.patch b/desktop/slock/patches/0008-Don-t-change-to-failure-colour-on-success.patch
deleted file mode 100644
index 39c70926b7..0000000000
--- a/desktop/slock/patches/0008-Don-t-change-to-failure-colour-on-success.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From b95ee111c7625375716e848ec81af2f57ca35b02 Mon Sep 17 00:00:00 2001
-From: David Phillips <dbphillipsnz@gmail.com>
-Date: Thu, 27 Aug 2015 06:16:25 +0200
-Subject: [PATCH 8/9] Don't change to failure colour on success
-
----
- slock.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/slock.c b/slock.c
-index b3bee92..6be8f22 100644
---- a/slock.c
-+++ b/slock.c
-@@ -187,7 +187,7 @@ readpw(Display *dpy, const char *pws)
- break;
- }
- color = len ? INPUT : (failure || failonclear ? FAILED : INIT);
-- if (oldc != color) {
-+ if (running && oldc != color) {
- for (screen = 0; screen < nscreens; screen++) {
- XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[color]);
- XClearWindow(dpy, locks[screen]->win);
---
-2.6.4
-
diff --git a/desktop/slock/patches/0009-add-option-to-run-command-after-screen-is-locked.patch b/desktop/slock/patches/0009-add-option-to-run-command-after-screen-is-locked.patch
deleted file mode 100644
index 574396a1de..0000000000
--- a/desktop/slock/patches/0009-add-option-to-run-command-after-screen-is-locked.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From e867c38123175d6f050e051ee6b00f4737a9712a Mon Sep 17 00:00:00 2001
-From: Markus Teich <markus.teich@stusta.mhn.de>
-Date: Sat, 26 Dec 2015 13:13:25 +0100
-Subject: [PATCH 9/9] add option to run command after screen is locked
-
----
- slock.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/slock.c b/slock.c
-index 6be8f22..ddf1074 100644
---- a/slock.c
-+++ b/slock.c
-@@ -289,7 +289,7 @@ lockscreen(Display *dpy, int screen)
- static void
- usage(void)
- {
-- fprintf(stderr, "usage: slock [-v]\n");
-+ fprintf(stderr, "usage: slock [-v|POST_LOCK_CMD]\n");
- exit(1);
- }
-
-@@ -303,7 +303,8 @@ main(int argc, char **argv) {
-
- if ((argc == 2) && !strcmp("-v", argv[1]))
- die("slock-%s, © 2006-2015 slock engineers\n", VERSION);
-- else if (argc != 1)
-+
-+ if ((argc == 2) && !strcmp("-h", argv[1]))
- usage();
-
- #ifdef __linux__
-@@ -339,6 +340,13 @@ main(int argc, char **argv) {
- return 1;
- }
-
-+ if (argc >= 2 && fork() == 0) {
-+ if (dpy)
-+ close(ConnectionNumber(dpy));
-+ execvp(argv[1], argv+1);
-+ die("slock: execvp %s failed: %s\n", argv[1], strerror(errno));
-+ }
-+
- /* Everything is now blank. Now wait for the correct password. */
- #ifdef HAVE_BSD_AUTH
- readpw(dpy);
---
-2.6.4
-