summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Sturmlechner <asturm@gentoo.org>2017-05-10 20:21:06 +0200
committerAndreas Sturmlechner <asturm@gentoo.org>2017-05-10 20:21:06 +0200
commit6a77cbf5300e8baa10ecb89882fd46b837a1b3d8 (patch)
tree30398b9a42670de00cd5fc3e41048251a056c316 /kde-frameworks/kauth
parentnet-misc/smb4k: Drop old (diff)
downloadgentoo-6a77cbf5300e8baa10ecb89882fd46b837a1b3d8.tar.gz
gentoo-6a77cbf5300e8baa10ecb89882fd46b837a1b3d8.tar.bz2
gentoo-6a77cbf5300e8baa10ecb89882fd46b837a1b3d8.zip
kde-frameworks/kauth: Security revbump
Fixes CVE-2017-8422 Gentoo-bug: 618108 Package-Manager: Portage-2.3.5, Repoman-2.3.1
Diffstat (limited to 'kde-frameworks/kauth')
-rw-r--r--kde-frameworks/kauth/files/kauth-5.33.0-CVE-2017-8422.patch186
-rw-r--r--kde-frameworks/kauth/kauth-5.33.0-r1.ebuild35
2 files changed, 221 insertions, 0 deletions
diff --git a/kde-frameworks/kauth/files/kauth-5.33.0-CVE-2017-8422.patch b/kde-frameworks/kauth/files/kauth-5.33.0-CVE-2017-8422.patch
new file mode 100644
index 000000000000..b789d734f18a
--- /dev/null
+++ b/kde-frameworks/kauth/files/kauth-5.33.0-CVE-2017-8422.patch
@@ -0,0 +1,186 @@
+commit df875f725293af53399f5146362eb158b4f9216a
+Author: Albert Astals Cid <aacid@kde.org>
+Date: Wed May 10 10:03:45 2017 +0200
+
+ Verify that whoever is calling us is actually who he says he is
+
+ CVE-2017-8422
+
+diff --git a/src/AuthBackend.cpp b/src/AuthBackend.cpp
+index a41d4f1..a847494 100644
+--- a/src/AuthBackend.cpp
++++ b/src/AuthBackend.cpp
+@@ -54,6 +54,11 @@ void AuthBackend::setCapabilities(AuthBackend::Capabilities capabilities)
+ d->capabilities = capabilities;
+ }
+
++AuthBackend::ExtraCallerIDVerificationMethod AuthBackend::extraCallerIDVerificationMethod() const
++{
++ return NoExtraCallerIDVerificationMethod;
++}
++
+ bool AuthBackend::actionExists(const QString &action)
+ {
+ Q_UNUSED(action);
+diff --git a/src/AuthBackend.h b/src/AuthBackend.h
+index c67a706..09195ef 100644
+--- a/src/AuthBackend.h
++++ b/src/AuthBackend.h
+@@ -43,6 +43,12 @@ public:
+ };
+ Q_DECLARE_FLAGS(Capabilities, Capability)
+
++ enum ExtraCallerIDVerificationMethod {
++ NoExtraCallerIDVerificationMethod,
++ VerifyAgainstDBusServiceName,
++ VerifyAgainstDBusServicePid,
++ };
++
+ AuthBackend();
+ virtual ~AuthBackend();
+ virtual void setupAction(const QString &action) = 0;
+@@ -50,6 +56,7 @@ public:
+ virtual Action::AuthStatus authorizeAction(const QString &action) = 0;
+ virtual Action::AuthStatus actionStatus(const QString &action) = 0;
+ virtual QByteArray callerID() const = 0;
++ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const;
+ virtual bool isCallerAuthorized(const QString &action, QByteArray callerID) = 0;
+ virtual bool actionExists(const QString &action);
+
+diff --git a/src/backends/dbus/DBusHelperProxy.cpp b/src/backends/dbus/DBusHelperProxy.cpp
+index 9c5cb96..3c1c108 100644
+--- a/src/backends/dbus/DBusHelperProxy.cpp
++++ b/src/backends/dbus/DBusHelperProxy.cpp
+@@ -235,6 +235,29 @@ bool DBusHelperProxy::hasToStopAction()
+ return m_stopRequest;
+ }
+
++bool DBusHelperProxy::isCallerAuthorized(const QString &action, const QByteArray &callerID)
++{
++ // Check the caller is really who it says it is
++ switch (BackendsManager::authBackend()->extraCallerIDVerificationMethod()) {
++ case AuthBackend::NoExtraCallerIDVerificationMethod:
++ break;
++
++ case AuthBackend::VerifyAgainstDBusServiceName:
++ if (message().service().toUtf8() != callerID) {
++ return false;
++ }
++ break;
++
++ case AuthBackend::VerifyAgainstDBusServicePid:
++ if (connection().interface()->servicePid(message().service()).value() != callerID.toUInt()) {
++ return false;
++ }
++ break;
++ }
++
++ return BackendsManager::authBackend()->isCallerAuthorized(action, callerID);
++}
++
+ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArray &callerID, QByteArray arguments)
+ {
+ if (!responder) {
+@@ -259,7 +282,7 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra
+ QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value<QTimer *>();
+ timer->stop();
+
+- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) {
++ if (isCallerAuthorized(action, callerID)) {
+ QString slotname = action;
+ if (slotname.startsWith(m_name + QLatin1Char('.'))) {
+ slotname = slotname.right(slotname.length() - m_name.length() - 1);
+@@ -301,7 +324,7 @@ uint DBusHelperProxy::authorizeAction(const QString &action, const QByteArray &c
+ QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value<QTimer *>();
+ timer->stop();
+
+- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) {
++ if (isCallerAuthorized(action, callerID)) {
+ retVal = static_cast<uint>(Action::AuthorizedStatus);
+ } else {
+ retVal = static_cast<uint>(Action::DeniedStatus);
+diff --git a/src/backends/dbus/DBusHelperProxy.h b/src/backends/dbus/DBusHelperProxy.h
+index 52b0ac4..82cec5a 100644
+--- a/src/backends/dbus/DBusHelperProxy.h
++++ b/src/backends/dbus/DBusHelperProxy.h
+@@ -25,12 +25,13 @@
+ #include "kauthactionreply.h"
+
+ #include <QDBusConnection>
++#include <QDBusContext>
+ #include <QVariant>
+
+ namespace KAuth
+ {
+
+-class DBusHelperProxy : public HelperProxy
++class DBusHelperProxy : public HelperProxy, protected QDBusContext
+ {
+ Q_OBJECT
+ Q_PLUGIN_METADATA(IID "org.kde.DBusHelperProxy")
+@@ -79,6 +80,9 @@ Q_SIGNALS:
+
+ private Q_SLOTS:
+ void remoteSignalReceived(int type, const QString &action, QByteArray blob);
++
++private:
++ bool isCallerAuthorized(const QString &action, const QByteArray &callerID);
+ };
+
+ } // namespace Auth
+diff --git a/src/backends/policykit/PolicyKitBackend.cpp b/src/backends/policykit/PolicyKitBackend.cpp
+index c2b4d42..bf038a8 100644
+--- a/src/backends/policykit/PolicyKitBackend.cpp
++++ b/src/backends/policykit/PolicyKitBackend.cpp
+@@ -78,6 +78,11 @@ QByteArray PolicyKitBackend::callerID() const
+ return a;
+ }
+
++AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const
++{
++ return VerifyAgainstDBusServicePid;
++}
++
+ bool PolicyKitBackend::isCallerAuthorized(const QString &action, QByteArray callerID)
+ {
+ QDataStream s(&callerID, QIODevice::ReadOnly);
+diff --git a/src/backends/policykit/PolicyKitBackend.h b/src/backends/policykit/PolicyKitBackend.h
+index eb17a3a..38b0240 100644
+--- a/src/backends/policykit/PolicyKitBackend.h
++++ b/src/backends/policykit/PolicyKitBackend.h
+@@ -40,6 +40,7 @@ public:
+ virtual Action::AuthStatus authorizeAction(const QString &);
+ virtual Action::AuthStatus actionStatus(const QString &);
+ virtual QByteArray callerID() const;
++ ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const Q_DECL_OVERRIDE;
+ virtual bool isCallerAuthorized(const QString &action, QByteArray callerID);
+
+ private Q_SLOTS:
+diff --git a/src/backends/polkit-1/Polkit1Backend.cpp b/src/backends/polkit-1/Polkit1Backend.cpp
+index 78ee5bb..774588c 100644
+--- a/src/backends/polkit-1/Polkit1Backend.cpp
++++ b/src/backends/polkit-1/Polkit1Backend.cpp
+@@ -162,6 +162,11 @@ QByteArray Polkit1Backend::callerID() const
+ return QDBusConnection::systemBus().baseService().toUtf8();
+ }
+
++AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const
++{
++ return VerifyAgainstDBusServiceName;
++}
++
+ bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID)
+ {
+ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID));
+diff --git a/src/backends/polkit-1/Polkit1Backend.h b/src/backends/polkit-1/Polkit1Backend.h
+index d7d1e3a..2357892 100644
+--- a/src/backends/polkit-1/Polkit1Backend.h
++++ b/src/backends/polkit-1/Polkit1Backend.h
+@@ -49,6 +49,7 @@ public:
+ Action::AuthStatus authorizeAction(const QString &) Q_DECL_OVERRIDE;
+ Action::AuthStatus actionStatus(const QString &) Q_DECL_OVERRIDE;
+ QByteArray callerID() const Q_DECL_OVERRIDE;
++ ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const Q_DECL_OVERRIDE;
+ bool isCallerAuthorized(const QString &action, QByteArray callerID) Q_DECL_OVERRIDE;
+ bool actionExists(const QString &action) Q_DECL_OVERRIDE;
+
diff --git a/kde-frameworks/kauth/kauth-5.33.0-r1.ebuild b/kde-frameworks/kauth/kauth-5.33.0-r1.ebuild
new file mode 100644
index 000000000000..24fc0d1e02cf
--- /dev/null
+++ b/kde-frameworks/kauth/kauth-5.33.0-r1.ebuild
@@ -0,0 +1,35 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+VIRTUALX_REQUIRED="test"
+inherit kde5
+
+DESCRIPTION="Framework to let applications perform actions as a privileged user"
+LICENSE="LGPL-2.1+"
+KEYWORDS="~amd64 ~arm ~x86"
+IUSE="nls +policykit"
+
+# drop qtgui subslot operator when QT_MINIMAL >= 5.7.0
+RDEPEND="
+ $(add_frameworks_dep kcoreaddons)
+ $(add_qt_dep qtdbus '' '' '5=')
+ $(add_qt_dep qtgui)
+ $(add_qt_dep qtwidgets)
+ policykit? ( sys-auth/polkit-qt[qt5] )
+"
+DEPEND="${RDEPEND}
+ nls? ( $(add_qt_dep linguist-tools) )
+"
+PDEPEND="policykit? ( kde-plasma/polkit-kde-agent )"
+
+PATCHES=( "${FILESDIR}/${P}-CVE-2017-8422.patch" )
+
+src_configure() {
+ local mycmakeargs=(
+ $(cmake-utils_use_find_package policykit PolkitQt5-1)
+ )
+
+ kde5_src_configure
+}