commit: 3850c1f25e208bda49c729a9a58ee57f1191b8c2
Author: Michael Palimaka <kensington <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 23 11:12:15 2014 +0000
Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org>
CommitDate: Wed Jul 23 11:12:15 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/kde.git;a=commit;h=3850c1f2
[kde-frameworks/kauth] Backport patch from upstream to solve CVE-2014-5033.
Package-Manager: portage-2.2.10
---
.../kauth/files/kauth-5.0.0-CVE-2014-5033.patch | 53 ++++++++++++++++++++++
.../{kauth-5.0.0.ebuild => kauth-5.0.0-r1.ebuild} | 2 +
2 files changed, 55 insertions(+)
diff --git a/kde-frameworks/kauth/files/kauth-5.0.0-CVE-2014-5033.patch
b/kde-frameworks/kauth/files/kauth-5.0.0-CVE-2014-5033.patch
new file mode 100644
index 0000000..94087c1
--- /dev/null
+++ b/kde-frameworks/kauth/files/kauth-5.0.0-CVE-2014-5033.patch
@@ -0,0 +1,53 @@
+From 341b7d84b6d9c03cf56905cb277b47e11c81482a Mon Sep 17 00:00:00 2001
+From: "Martin T. H. Sandsmark" <martin.sandsm...@kde.org>
+Date: Mon, 21 Jul 2014 22:45:55 +0200
+Subject: [PATCH] Use dbus system bus name instead of PID for authentication.
+
+Using the PID for authentication is prone to a PID reuse race condition,
+and a security issue.
+
+REVIEW: 119323
+---
+ src/backends/polkit-1/Polkit1Backend.cpp | 15 +++------------
+ 1 file changed, 3 insertions(+), 12 deletions(-)
+
+diff --git a/src/backends/polkit-1/Polkit1Backend.cpp
b/src/backends/polkit-1/Polkit1Backend.cpp
+index 165f7bb..5cac3fb 100644
+--- a/src/backends/polkit-1/Polkit1Backend.cpp
++++ b/src/backends/polkit-1/Polkit1Backend.cpp
+@@ -142,7 +142,7 @@ void Polkit1Backend::setupAction(const QString &action)
+
+ Action::AuthStatus Polkit1Backend::actionStatus(const QString &action)
+ {
+- PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid());
++ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID()));
+ PolkitQt1::Authority::Result r =
PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject,
+ PolkitQt1::Authority::None);
+ switch (r) {
+@@ -158,21 +158,12 @@ Action::AuthStatus Polkit1Backend::actionStatus(const
QString &action)
+
+ QByteArray Polkit1Backend::callerID() const
+ {
+- QByteArray a;
+- QDataStream s(&a, QIODevice::WriteOnly);
+- s << QCoreApplication::applicationPid();
+-
+- return a;
++ return QDBusConnection::systemBus().baseService().toUtf8();
+ }
+
+ bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray
callerID)
+ {
+- QDataStream s(&callerID, QIODevice::ReadOnly);
+- qint64 pid;
+-
+- s >> pid;
+-
+- PolkitQt1::UnixProcessSubject subject(pid);
++ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID));
+ PolkitQt1::Authority *authority = PolkitQt1::Authority::instance();
+
+ PolkitResultEventLoop e;
+--
+1.8.5.5
+
diff --git a/kde-frameworks/kauth/kauth-5.0.0.ebuild
b/kde-frameworks/kauth/kauth-5.0.0-r1.ebuild
similarity index 92%
rename from kde-frameworks/kauth/kauth-5.0.0.ebuild
rename to kde-frameworks/kauth/kauth-5.0.0-r1.ebuild
index f930351..f913f94 100644
--- a/kde-frameworks/kauth/kauth-5.0.0.ebuild
+++ b/kde-frameworks/kauth/kauth-5.0.0-r1.ebuild
@@ -24,6 +24,8 @@ DEPEND="${RDEPEND}
"
#PDEPEND="policykit? ( sys-auth/polkit-kde-agent )"
+PATCHES=( "${FILESDIR}/${P}-CVE-2014-5033.patch" )
+
src_configure() {
local mycmakeargs=(
$(cmake-utils_use_find_package policykit PolkitQt-1)
