kdelibs added security patch, CVE-2014-5033

2025-01-24 02:22:13 +08:00 · 2014-07-30 20:46:11 +00:00 · 2014-07-30 20:46:11 +00:00 · fa06b5e0a0
commit fa06b5e0a0
parent c835d17a3d
2 changed files with 58 additions and 3 deletions
--- a/kdelibs/PKGBUILD
+++ b/kdelibs/PKGBUILD
@ -7,7 +7,7 @@ source ../_buildscripts/${current_repo}-${_arch}-cfg.conf
 pkgname="kdelibs"
 arch=('x86_64')
 pkgver=${_kdever}
-pkgrel=1
+pkgrel=2
 pkgdesc="KDE Core Libraries"
 url="http://www.kde.org"
 license=('GPL'
@ -84,12 +84,15 @@ source=($_mirror/${pkgname}-$_kdever.tar.xz
        01_chakra_tag.patch
        02_kde_applications_menu.patch
        03_chakra_menu.patch
-        MergeDir.patch)
+        MergeDir.patch
+        dbus_system_bus_name_instead_of_PID_for_authentication-security.patch)
 sha256sums=(`grep $pkgname-$_kdever.tar.xz  ../checksums.txt | cut -d " " -f1`
+#sha256sums=('d291b4bc159a3f686ad93ff3dfbe90a0a7e33600357e8390c84154ec050efc82'
            '029e2d07c5fc8676d143b903aa181fc470e5b469d49ccf107e19031f562bf4e3'
            'b2d25c76081ea6bb31d90c4c6b619ce64ac36de3a6eefb2f9990d3dbf8cd9c91'
            '505e9e5e969be5094b3f713b865d5927cc3de1f4693915174732b20793228c4f'
-            'd7d2fac1ceb1551081a5f3fa860c14d4aeb0c774d56067e931c20b8d79c4450f')
+            'd7d2fac1ceb1551081a5f3fa860c14d4aeb0c774d56067e931c20b8d79c4450f'
+            'ab0164407de4b7435e86c011f06c0b3688ead93789999537c47d55403acd9e54')

 build() {
    # main patches
@ -98,6 +101,9 @@ build() {
    patch -Np1 -i ${srcdir}/01_chakra_tag.patch
    patch -Np1 -i ${srcdir}/02_kde_applications_menu.patch
    patch -Np1 -i ${srcdir}/03_chakra_menu.patch
+    
+    # http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=e4e7b53b71e2659adaf52691d4accc3594203b23&hp=03272a9f2e00e146bfa3b83467fdc28f72a4e194&o=plain
+    patch -Np1 -i ${srcdir}/dbus_system_bus_name_instead_of_PID_for_authentication-security.patch

    # right positioning of applications' entries in kmenu
    patch -p1 -i ${srcdir}/MergeDir.patch
--- a/kdelibs/dbus_system_bus_name_instead_of_PID_for_authentication-security.patch
+++ b/kdelibs/dbus_system_bus_name_instead_of_PID_for_authentication-security.patch
@ -0,0 +1,49 @@
+From: Martin T. H. Sandsmark <martin.sandsmark@kde.org>
+Date: Mon, 21 Jul 2014 20:52:40 +0000
+Subject: Use dbus system bus name instead of PID for authentication.
+X-Git-Url: http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=e4e7b53b71e2659adaf52691d4accc3594203b23
+---
+Use dbus system bus name instead of PID for authentication.
+
+Using the PID for authentication is prone to a PID reuse
+race condition, and a security issue.
+
+REVIEW: 119323
+---
+
+
+--- a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp
+++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp
+@@ -144,7 +144,7 @@
+ 
+ Action::AuthStatus Polkit1Backend::actionStatus(const QString &action)
+ {
+-    PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid());
+    PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID()));
+     PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject,
+                                                                                               PolkitQt1::Authority::None);
+     switch (r) {
+@@ -160,21 +160,12 @@
+ 
+ QByteArray Polkit1Backend::callerID() const
+ {
+-    QByteArray a;
+-    QDataStream s(&a, QIODevice::WriteOnly);
+-    s << QCoreApplication::applicationPid();
+-
+-    return a;
+    return QDBusConnection::systemBus().baseService().toUtf8();
+ }
+ 
+ bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID)
+ {
+-    QDataStream s(&callerID, QIODevice::ReadOnly);
+-    qint64 pid;
+-
+-    s >> pid;
+-
+-    PolkitQt1::UnixProcessSubject subject(pid);
+    PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID));
+     PolkitQt1::Authority *authority = PolkitQt1::Authority::instance();
+ 
+     PolkitResultEventLoop e;