commit: b10b19ab1f8fb85673011d7f37f6cf1a6ab4bb2e Author: Jauhien Piatlicki <jauhien <AT> gentoo <DOT> org> AuthorDate: Fri Oct 16 20:11:57 2015 +0000 Commit: Jauhien Piatlicki <jauhien <AT> gentoo <DOT> org> CommitDate: Fri Oct 16 20:14:19 2015 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b10b19ab
x11-misc/sddm: fix CVE-2015-0856 x11-misc/sddm does not prevent access to the KDE crash handler Gentoo-Bug: 563108 Package-Manager: portage-2.2.20.1 .../sddm/files/sddm-0.12.0-CVE-2015-0856.patch | 34 ++++++++++++++++++++++ x11-misc/sddm/sddm-0.11.0-r3.ebuild | 4 +-- x11-misc/sddm/sddm-0.12.0.ebuild | 3 +- 3 files changed, 38 insertions(+), 3 deletions(-) diff --git a/x11-misc/sddm/files/sddm-0.12.0-CVE-2015-0856.patch b/x11-misc/sddm/files/sddm-0.12.0-CVE-2015-0856.patch new file mode 100644 index 0000000..7ae6773 --- /dev/null +++ b/x11-misc/sddm/files/sddm-0.12.0-CVE-2015-0856.patch @@ -0,0 +1,34 @@ +commit 4cfed6b0a625593fb43876f04badc4dd99799d86 +Author: David Edmundson <k...@davidedmundson.co.uk> +Date: Wed Oct 14 00:08:59 2015 +0100 + + Disable greeters from loading KDE's debug hander + + Some themes may use KDE components which will automatically load KDE's + crash handler. + + If the greeter were to then somehow crash, that would leave a crash + handler allowing other actions, albeit as the locked down SDDM user. + + Only SDDM users using the breeze theme from plasma-workspace are + affected. Safest and simplest fix is to handle this inside SDDM + disabling kcrash via an environment variable for all future themes that + may use these libraries. + + CVE-2015-0856 + +diff --git a/src/daemon/Greeter.cpp b/src/daemon/Greeter.cpp +index 68c4dc3..8c936b7 100644 +--- a/src/daemon/Greeter.cpp ++++ b/src/daemon/Greeter.cpp +@@ -145,6 +145,10 @@ namespace SDDM { + env.insert(QStringLiteral("XDG_VTNR"), QString::number(m_display->terminalId())); + env.insert(QStringLiteral("XDG_SESSION_CLASS"), QStringLiteral("greeter")); + env.insert(QStringLiteral("XDG_SESSION_TYPE"), m_display->sessionType()); ++ ++ //some themes may use KDE components and that will automatically load KDE's crash handler which we don't want ++ //counterintuitively setting this env disables that handler ++ env.insert(QStringLiteral("KDE_DEBUG"), QStringLiteral("1")); + m_auth->insertEnvironment(env); + + // log message diff --git a/x11-misc/sddm/sddm-0.11.0-r3.ebuild b/x11-misc/sddm/sddm-0.11.0-r3.ebuild index 32fd737..6c5dac9 100644 --- a/x11-misc/sddm/sddm-0.11.0-r3.ebuild +++ b/x11-misc/sddm/sddm-0.11.0-r3.ebuild @@ -38,8 +38,8 @@ pkg_pretend() { src_prepare() { use consolekit && epatch "${FILESDIR}/${P}-consolekit.patch" use !systemd && epatch "${FILESDIR}/${PN}-0.10.0-upower.patch" - # fix bug 552318 - epatch "${FILESDIR}/${P}-dbus-config.patch" + # fix bug 552318 and bug 563108 + epatch "${FILESDIR}/${P}-dbus-config.patch" "${FILESDIR}/${PN}-0.12.0-CVE-2015-0856.patch" # respect user's cflags sed -e 's|-Wall -march=native||' \ diff --git a/x11-misc/sddm/sddm-0.12.0.ebuild b/x11-misc/sddm/sddm-0.12.0.ebuild index 14af057..0acdabc 100644 --- a/x11-misc/sddm/sddm-0.12.0.ebuild +++ b/x11-misc/sddm/sddm-0.12.0.ebuild @@ -43,7 +43,8 @@ pkg_pretend() { src_prepare() { cmake-utils_src_prepare - epatch "${FILESDIR}/${P}-respect-user-flags.patch" + # fix for flags handling and bug 563108 + epatch "${FILESDIR}/${P}-respect-user-flags.patch" "${FILESDIR}/${P}-CVE-2015-0856.patch" use consolekit && epatch "${FILESDIR}/${PN}-0.11.0-consolekit.patch" }