[gentoo-commits] proj/kde:master commit in: kde-frameworks/kauth/files/, kde-frameworks/kauth/

[gentoo-commits] proj/kde:master commit in: kde-frameworks/kauth/files/, kde-frameworks/kauth/

[Michael Palimaka]

commit:     3850c1f25e208bda49c729a9a58ee57f1191b8c2
Author:     Michael Palimaka <kensington <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 23 11:12:15 2014 +0000
Commit:     Michael Palimaka <kensington <AT> gentoo <DOT> org>
CommitDate: Wed Jul 23 11:12:15 2014 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/kde.git;a=commit;h=3850c1f2

[kde-frameworks/kauth] Backport patch from upstream to solve CVE-2014-5033.

Package-Manager: portage-2.2.10

---
 .../kauth/files/kauth-5.0.0-CVE-2014-5033.patch    | 53 ++++++++++++++++++++++
 .../{kauth-5.0.0.ebuild => kauth-5.0.0-r1.ebuild}  |  2 +
 2 files changed, 55 insertions(+)

diff --git a/kde-frameworks/kauth/files/kauth-5.0.0-CVE-2014-5033.patch b/kde-frameworks/kauth/files/kauth-5.0.0-CVE-2014-5033.patch
new file mode 100644
index 0000000..94087c1
--- /dev/null
+++ b/kde-frameworks/kauth/files/kauth-5.0.0-CVE-2014-5033.patch
@@ -0,0 +1,53 @@
+From 341b7d84b6d9c03cf56905cb277b47e11c81482a Mon Sep 17 00:00:00 2001
+From: "Martin T. H. Sandsmark" <martin.sandsmark@kde.org>
+Date: Mon, 21 Jul 2014 22:45:55 +0200
+Subject: [PATCH] Use dbus system bus name instead of PID for authentication.
+
+Using the PID for authentication is prone to a PID reuse race condition,
+and a security issue.
+
+REVIEW: 119323
+---
+ src/backends/polkit-1/Polkit1Backend.cpp | 15 +++------------
+ 1 file changed, 3 insertions(+), 12 deletions(-)
+
+diff --git a/src/backends/polkit-1/Polkit1Backend.cpp b/src/backends/polkit-1/Polkit1Backend.cpp
+index 165f7bb..5cac3fb 100644
+--- a/src/backends/polkit-1/Polkit1Backend.cpp
++++ b/src/backends/polkit-1/Polkit1Backend.cpp
+@@ -142,7 +142,7 @@ void Polkit1Backend::setupAction(const QString &action)
+ 
+ Action::AuthStatus Polkit1Backend::actionStatus(const QString &action)
+ {
+-    PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid());
++    PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID()));
+     PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject,
+                                      PolkitQt1::Authority::None);
+     switch (r) {
+@@ -158,21 +158,12 @@ Action::AuthStatus Polkit1Backend::actionStatus(const QString &action)
+ 
+ QByteArray Polkit1Backend::callerID() const
+ {
+-    QByteArray a;
+-    QDataStream s(&a, QIODevice::WriteOnly);
+-    s << QCoreApplication::applicationPid();
+-
+-    return a;
++        return QDBusConnection::systemBus().baseService().toUtf8();
+ }
+ 
+ bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID)
+ {
+-    QDataStream s(&callerID, QIODevice::ReadOnly);
+-    qint64 pid;
+-
+-    s >> pid;
+-
+-    PolkitQt1::UnixProcessSubject subject(pid);
++    PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID));
+     PolkitQt1::Authority *authority = PolkitQt1::Authority::instance();
+ 
+     PolkitResultEventLoop e;
+-- 
+1.8.5.5
+

diff --git a/kde-frameworks/kauth/kauth-5.0.0.ebuild b/kde-frameworks/kauth/kauth-5.0.0-r1.ebuild
similarity index 92%
rename from kde-frameworks/kauth/kauth-5.0.0.ebuild
rename to kde-frameworks/kauth/kauth-5.0.0-r1.ebuild
index f930351..f913f94 100644
--- a/kde-frameworks/kauth/kauth-5.0.0.ebuild
+++ b/kde-frameworks/kauth/kauth-5.0.0-r1.ebuild
@@ -24,6 +24,8 @@ DEPEND="${RDEPEND}
 "
 #PDEPEND="policykit? ( sys-auth/polkit-kde-agent )"
 
+PATCHES=( "${FILESDIR}/${P}-CVE-2014-5033.patch" )
+
 src_configure() {
 	local mycmakeargs=(
 		$(cmake-utils_use_find_package policykit PolkitQt-1)