commit: 3850c1f25e208bda49c729a9a58ee57f1191b8c2 Author: Michael Palimaka <kensington <AT> gentoo <DOT> org> AuthorDate: Wed Jul 23 11:12:15 2014 +0000 Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org> CommitDate: Wed Jul 23 11:12:15 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/kde.git;a=commit;h=3850c1f2
[kde-frameworks/kauth] Backport patch from upstream to solve CVE-2014-5033. Package-Manager: portage-2.2.10 --- .../kauth/files/kauth-5.0.0-CVE-2014-5033.patch | 53 ++++++++++++++++++++++ .../{kauth-5.0.0.ebuild => kauth-5.0.0-r1.ebuild} | 2 + 2 files changed, 55 insertions(+) diff --git a/kde-frameworks/kauth/files/kauth-5.0.0-CVE-2014-5033.patch b/kde-frameworks/kauth/files/kauth-5.0.0-CVE-2014-5033.patch new file mode 100644 index 0000000..94087c1 --- /dev/null +++ b/kde-frameworks/kauth/files/kauth-5.0.0-CVE-2014-5033.patch @@ -0,0 +1,53 @@ +From 341b7d84b6d9c03cf56905cb277b47e11c81482a Mon Sep 17 00:00:00 2001 +From: "Martin T. H. Sandsmark" <martin.sandsm...@kde.org> +Date: Mon, 21 Jul 2014 22:45:55 +0200 +Subject: [PATCH] Use dbus system bus name instead of PID for authentication. + +Using the PID for authentication is prone to a PID reuse race condition, +and a security issue. + +REVIEW: 119323 +--- + src/backends/polkit-1/Polkit1Backend.cpp | 15 +++------------ + 1 file changed, 3 insertions(+), 12 deletions(-) + +diff --git a/src/backends/polkit-1/Polkit1Backend.cpp b/src/backends/polkit-1/Polkit1Backend.cpp +index 165f7bb..5cac3fb 100644 +--- a/src/backends/polkit-1/Polkit1Backend.cpp ++++ b/src/backends/polkit-1/Polkit1Backend.cpp +@@ -142,7 +142,7 @@ void Polkit1Backend::setupAction(const QString &action) + + Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) + { +- PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid()); ++ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID())); + PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject, + PolkitQt1::Authority::None); + switch (r) { +@@ -158,21 +158,12 @@ Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) + + QByteArray Polkit1Backend::callerID() const + { +- QByteArray a; +- QDataStream s(&a, QIODevice::WriteOnly); +- s << QCoreApplication::applicationPid(); +- +- return a; ++ return QDBusConnection::systemBus().baseService().toUtf8(); + } + + bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) + { +- QDataStream s(&callerID, QIODevice::ReadOnly); +- qint64 pid; +- +- s >> pid; +- +- PolkitQt1::UnixProcessSubject subject(pid); ++ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); + PolkitQt1::Authority *authority = PolkitQt1::Authority::instance(); + + PolkitResultEventLoop e; +-- +1.8.5.5 + diff --git a/kde-frameworks/kauth/kauth-5.0.0.ebuild b/kde-frameworks/kauth/kauth-5.0.0-r1.ebuild similarity index 92% rename from kde-frameworks/kauth/kauth-5.0.0.ebuild rename to kde-frameworks/kauth/kauth-5.0.0-r1.ebuild index f930351..f913f94 100644 --- a/kde-frameworks/kauth/kauth-5.0.0.ebuild +++ b/kde-frameworks/kauth/kauth-5.0.0-r1.ebuild @@ -24,6 +24,8 @@ DEPEND="${RDEPEND} " #PDEPEND="policykit? ( sys-auth/polkit-kde-agent )" +PATCHES=( "${FILESDIR}/${P}-CVE-2014-5033.patch" ) + src_configure() { local mycmakeargs=( $(cmake-utils_use_find_package policykit PolkitQt-1)