diff options
author | Andreas Sturmlechner <asturm@gentoo.org> | 2017-05-10 20:21:06 +0200 |
---|---|---|
committer | Andreas Sturmlechner <asturm@gentoo.org> | 2017-05-10 20:21:06 +0200 |
commit | 6a77cbf5300e8baa10ecb89882fd46b837a1b3d8 (patch) | |
tree | 30398b9a42670de00cd5fc3e41048251a056c316 /kde-frameworks/kauth | |
parent | net-misc/smb4k: Drop old (diff) | |
download | gentoo-6a77cbf5300e8baa10ecb89882fd46b837a1b3d8.tar.gz gentoo-6a77cbf5300e8baa10ecb89882fd46b837a1b3d8.tar.bz2 gentoo-6a77cbf5300e8baa10ecb89882fd46b837a1b3d8.zip |
kde-frameworks/kauth: Security revbump
Fixes CVE-2017-8422
Gentoo-bug: 618108
Package-Manager: Portage-2.3.5, Repoman-2.3.1
Diffstat (limited to 'kde-frameworks/kauth')
-rw-r--r-- | kde-frameworks/kauth/files/kauth-5.33.0-CVE-2017-8422.patch | 186 | ||||
-rw-r--r-- | kde-frameworks/kauth/kauth-5.33.0-r1.ebuild | 35 |
2 files changed, 221 insertions, 0 deletions
diff --git a/kde-frameworks/kauth/files/kauth-5.33.0-CVE-2017-8422.patch b/kde-frameworks/kauth/files/kauth-5.33.0-CVE-2017-8422.patch new file mode 100644 index 000000000000..b789d734f18a --- /dev/null +++ b/kde-frameworks/kauth/files/kauth-5.33.0-CVE-2017-8422.patch @@ -0,0 +1,186 @@ +commit df875f725293af53399f5146362eb158b4f9216a +Author: Albert Astals Cid <aacid@kde.org> +Date: Wed May 10 10:03:45 2017 +0200 + + Verify that whoever is calling us is actually who he says he is + + CVE-2017-8422 + +diff --git a/src/AuthBackend.cpp b/src/AuthBackend.cpp +index a41d4f1..a847494 100644 +--- a/src/AuthBackend.cpp ++++ b/src/AuthBackend.cpp +@@ -54,6 +54,11 @@ void AuthBackend::setCapabilities(AuthBackend::Capabilities capabilities) + d->capabilities = capabilities; + } + ++AuthBackend::ExtraCallerIDVerificationMethod AuthBackend::extraCallerIDVerificationMethod() const ++{ ++ return NoExtraCallerIDVerificationMethod; ++} ++ + bool AuthBackend::actionExists(const QString &action) + { + Q_UNUSED(action); +diff --git a/src/AuthBackend.h b/src/AuthBackend.h +index c67a706..09195ef 100644 +--- a/src/AuthBackend.h ++++ b/src/AuthBackend.h +@@ -43,6 +43,12 @@ public: + }; + Q_DECLARE_FLAGS(Capabilities, Capability) + ++ enum ExtraCallerIDVerificationMethod { ++ NoExtraCallerIDVerificationMethod, ++ VerifyAgainstDBusServiceName, ++ VerifyAgainstDBusServicePid, ++ }; ++ + AuthBackend(); + virtual ~AuthBackend(); + virtual void setupAction(const QString &action) = 0; +@@ -50,6 +56,7 @@ public: + virtual Action::AuthStatus authorizeAction(const QString &action) = 0; + virtual Action::AuthStatus actionStatus(const QString &action) = 0; + virtual QByteArray callerID() const = 0; ++ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; + virtual bool isCallerAuthorized(const QString &action, QByteArray callerID) = 0; + virtual bool actionExists(const QString &action); + +diff --git a/src/backends/dbus/DBusHelperProxy.cpp b/src/backends/dbus/DBusHelperProxy.cpp +index 9c5cb96..3c1c108 100644 +--- a/src/backends/dbus/DBusHelperProxy.cpp ++++ b/src/backends/dbus/DBusHelperProxy.cpp +@@ -235,6 +235,29 @@ bool DBusHelperProxy::hasToStopAction() + return m_stopRequest; + } + ++bool DBusHelperProxy::isCallerAuthorized(const QString &action, const QByteArray &callerID) ++{ ++ // Check the caller is really who it says it is ++ switch (BackendsManager::authBackend()->extraCallerIDVerificationMethod()) { ++ case AuthBackend::NoExtraCallerIDVerificationMethod: ++ break; ++ ++ case AuthBackend::VerifyAgainstDBusServiceName: ++ if (message().service().toUtf8() != callerID) { ++ return false; ++ } ++ break; ++ ++ case AuthBackend::VerifyAgainstDBusServicePid: ++ if (connection().interface()->servicePid(message().service()).value() != callerID.toUInt()) { ++ return false; ++ } ++ break; ++ } ++ ++ return BackendsManager::authBackend()->isCallerAuthorized(action, callerID); ++} ++ + QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArray &callerID, QByteArray arguments) + { + if (!responder) { +@@ -259,7 +282,7 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra + QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value<QTimer *>(); + timer->stop(); + +- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { ++ if (isCallerAuthorized(action, callerID)) { + QString slotname = action; + if (slotname.startsWith(m_name + QLatin1Char('.'))) { + slotname = slotname.right(slotname.length() - m_name.length() - 1); +@@ -301,7 +324,7 @@ uint DBusHelperProxy::authorizeAction(const QString &action, const QByteArray &c + QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value<QTimer *>(); + timer->stop(); + +- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { ++ if (isCallerAuthorized(action, callerID)) { + retVal = static_cast<uint>(Action::AuthorizedStatus); + } else { + retVal = static_cast<uint>(Action::DeniedStatus); +diff --git a/src/backends/dbus/DBusHelperProxy.h b/src/backends/dbus/DBusHelperProxy.h +index 52b0ac4..82cec5a 100644 +--- a/src/backends/dbus/DBusHelperProxy.h ++++ b/src/backends/dbus/DBusHelperProxy.h +@@ -25,12 +25,13 @@ + #include "kauthactionreply.h" + + #include <QDBusConnection> ++#include <QDBusContext> + #include <QVariant> + + namespace KAuth + { + +-class DBusHelperProxy : public HelperProxy ++class DBusHelperProxy : public HelperProxy, protected QDBusContext + { + Q_OBJECT + Q_PLUGIN_METADATA(IID "org.kde.DBusHelperProxy") +@@ -79,6 +80,9 @@ Q_SIGNALS: + + private Q_SLOTS: + void remoteSignalReceived(int type, const QString &action, QByteArray blob); ++ ++private: ++ bool isCallerAuthorized(const QString &action, const QByteArray &callerID); + }; + + } // namespace Auth +diff --git a/src/backends/policykit/PolicyKitBackend.cpp b/src/backends/policykit/PolicyKitBackend.cpp +index c2b4d42..bf038a8 100644 +--- a/src/backends/policykit/PolicyKitBackend.cpp ++++ b/src/backends/policykit/PolicyKitBackend.cpp +@@ -78,6 +78,11 @@ QByteArray PolicyKitBackend::callerID() const + return a; + } + ++AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const ++{ ++ return VerifyAgainstDBusServicePid; ++} ++ + bool PolicyKitBackend::isCallerAuthorized(const QString &action, QByteArray callerID) + { + QDataStream s(&callerID, QIODevice::ReadOnly); +diff --git a/src/backends/policykit/PolicyKitBackend.h b/src/backends/policykit/PolicyKitBackend.h +index eb17a3a..38b0240 100644 +--- a/src/backends/policykit/PolicyKitBackend.h ++++ b/src/backends/policykit/PolicyKitBackend.h +@@ -40,6 +40,7 @@ public: + virtual Action::AuthStatus authorizeAction(const QString &); + virtual Action::AuthStatus actionStatus(const QString &); + virtual QByteArray callerID() const; ++ ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const Q_DECL_OVERRIDE; + virtual bool isCallerAuthorized(const QString &action, QByteArray callerID); + + private Q_SLOTS: +diff --git a/src/backends/polkit-1/Polkit1Backend.cpp b/src/backends/polkit-1/Polkit1Backend.cpp +index 78ee5bb..774588c 100644 +--- a/src/backends/polkit-1/Polkit1Backend.cpp ++++ b/src/backends/polkit-1/Polkit1Backend.cpp +@@ -162,6 +162,11 @@ QByteArray Polkit1Backend::callerID() const + return QDBusConnection::systemBus().baseService().toUtf8(); + } + ++AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const ++{ ++ return VerifyAgainstDBusServiceName; ++} ++ + bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) + { + PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); +diff --git a/src/backends/polkit-1/Polkit1Backend.h b/src/backends/polkit-1/Polkit1Backend.h +index d7d1e3a..2357892 100644 +--- a/src/backends/polkit-1/Polkit1Backend.h ++++ b/src/backends/polkit-1/Polkit1Backend.h +@@ -49,6 +49,7 @@ public: + Action::AuthStatus authorizeAction(const QString &) Q_DECL_OVERRIDE; + Action::AuthStatus actionStatus(const QString &) Q_DECL_OVERRIDE; + QByteArray callerID() const Q_DECL_OVERRIDE; ++ ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const Q_DECL_OVERRIDE; + bool isCallerAuthorized(const QString &action, QByteArray callerID) Q_DECL_OVERRIDE; + bool actionExists(const QString &action) Q_DECL_OVERRIDE; + diff --git a/kde-frameworks/kauth/kauth-5.33.0-r1.ebuild b/kde-frameworks/kauth/kauth-5.33.0-r1.ebuild new file mode 100644 index 000000000000..24fc0d1e02cf --- /dev/null +++ b/kde-frameworks/kauth/kauth-5.33.0-r1.ebuild @@ -0,0 +1,35 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +VIRTUALX_REQUIRED="test" +inherit kde5 + +DESCRIPTION="Framework to let applications perform actions as a privileged user" +LICENSE="LGPL-2.1+" +KEYWORDS="~amd64 ~arm ~x86" +IUSE="nls +policykit" + +# drop qtgui subslot operator when QT_MINIMAL >= 5.7.0 +RDEPEND=" + $(add_frameworks_dep kcoreaddons) + $(add_qt_dep qtdbus '' '' '5=') + $(add_qt_dep qtgui) + $(add_qt_dep qtwidgets) + policykit? ( sys-auth/polkit-qt[qt5] ) +" +DEPEND="${RDEPEND} + nls? ( $(add_qt_dep linguist-tools) ) +" +PDEPEND="policykit? ( kde-plasma/polkit-kde-agent )" + +PATCHES=( "${FILESDIR}/${P}-CVE-2017-8422.patch" ) + +src_configure() { + local mycmakeargs=( + $(cmake-utils_use_find_package policykit PolkitQt5-1) + ) + + kde5_src_configure +} |