diff options
| author | markd <markd@pkgsrc.org> | 2014-08-11 21:18:03 +0000 |
|---|---|---|
| committer | markd <markd@pkgsrc.org> | 2014-08-11 21:18:03 +0000 |
| commit | b34ee20ca38a10e4f1831d7c6ac4475ccf2ff6b8 (patch) | |
| tree | 01be3112ab4397d719d06c50453d45c3baa4be9e /x11 | |
| parent | b3093a78cde31b6075fe6d8114dd115eb2faa6c4 (diff) | |
| download | pkgsrc-b34ee20ca38a10e4f1831d7c6ac4475ccf2ff6b8.tar.gz | |
http://www.kde.org/info/security/advisory-20140730-1.txt
Diffstat (limited to 'x11')
| -rw-r--r-- | x11/kdelibs4/Makefile | 4 | ||||
| -rw-r--r-- | x11/kdelibs4/distinfo | 5 | ||||
| -rw-r--r-- | x11/kdelibs4/patches/patch-kdecore_auth_backends_polkit-1_Polkit1Backend.cpp | 52 |
3 files changed, 57 insertions, 4 deletions
diff --git a/x11/kdelibs4/Makefile b/x11/kdelibs4/Makefile index e679d9f4997..9ee1ea3fa75 100644 --- a/x11/kdelibs4/Makefile +++ b/x11/kdelibs4/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.71 2014/07/24 21:30:10 markd Exp $ +# $NetBSD: Makefile,v 1.72 2014/08/11 21:18:03 markd Exp $ DISTNAME= kdelibs-${_KDE_VERSION} PKGNAME= ${DISTNAME:S/-4/4-4/} -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= x11 COMMENT= Support libraries for the KDE integrated X11 desktop diff --git a/x11/kdelibs4/distinfo b/x11/kdelibs4/distinfo index 550b7db98c6..01c00bdfa20 100644 --- a/x11/kdelibs4/distinfo +++ b/x11/kdelibs4/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.41 2014/07/24 21:30:10 markd Exp $ +$NetBSD: distinfo,v 1.42 2014/08/11 21:18:03 markd Exp $ SHA1 (kdelibs-4.11.5.tar.xz) = b4926c62b590e48ac7547bead7e04ef4938d6981 RMD160 (kdelibs-4.11.5.tar.xz) = 9ed91ef6f0860443ec584fdf75adde57d3236682 @@ -16,11 +16,12 @@ SHA1 (patch-al) = 5efa7d504fe75bec53837bfa062a4b3f910fd71f SHA1 (patch-am) = b6c315d152d2c3d3c66ad85050549d0b39b263e5 SHA1 (patch-cmake_modules_FindKDE4Internal.cmake) = b5f00d1df3c35f499f86aa1d8d234612e8bd130a SHA1 (patch-cmake_modules_FindTaglib.cmake) = be38479966da542343dd962c57f7e9d1be3e9ff4 +SHA1 (patch-kdecore_auth_backends_polkit-1_Polkit1Backend.cpp) = 3f9cf465db8c1eec3e3a799d9b02e1c9642a4216 SHA1 (patch-kdecore_localization_klocale_kde.cpp) = b8a513a0c51e65d7e604a88c1d0e3325be6ad688 SHA1 (patch-kdecore_network_ConfigureChecks.cmake) = 0ad9352974911ef78ec565f7b2a97c45ead2cf72 SHA1 (patch-kdecore_tests_CMakeLists.txt) = bbe806b078f54201528c86489d3ac200145a8d2f SHA1 (patch-kdecore_util_kshareddatacache_p.h) = 6d064fe75fbecd489b0343960333864c717c0805 -SHA1 (patch-khtml_imload_decoders_gifloader.cpp) = 6e5720556e4a82c8d0528f1803663cee592a6a84 +SHA1 (patch-khtml_imload_decoders_gifloader.cpp) = 79180efd4b13e273b4eda1ae70b3e04c0cb4aac1 SHA1 (patch-kio_kio_usernotificationhandler.cpp) = f0b3d408e90ad665e8e0cbf47856ded654c0b72e SHA1 (patch-kjs_JSImmediate.h) = ecc761c7c82f711f41cf47d706c1c22d22c2980a SHA1 (patch-kjs_interpreter.cpp) = 9d400daf7d96674b8d66e1cde46dcb3615635241 diff --git a/x11/kdelibs4/patches/patch-kdecore_auth_backends_polkit-1_Polkit1Backend.cpp b/x11/kdelibs4/patches/patch-kdecore_auth_backends_polkit-1_Polkit1Backend.cpp new file mode 100644 index 00000000000..68b5f6f1574 --- /dev/null +++ b/x11/kdelibs4/patches/patch-kdecore_auth_backends_polkit-1_Polkit1Backend.cpp @@ -0,0 +1,52 @@ +$NetBSD: patch-kdecore_auth_backends_polkit-1_Polkit1Backend.cpp,v 1.1 2014/08/11 21:18:03 markd Exp $ + +From: Martin T. H. Sandsmark <martin.sandsmark@kde.org> +Date: Mon, 21 Jul 2014 20:52:40 +0000 +Subject: Use dbus system bus name instead of PID for authentication. +X-Git-Url: http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=e4e7b53b71e2659adaf52691d4accc3594203b23 +--- +Use dbus system bus name instead of PID for authentication. + +Using the PID for authentication is prone to a PID reuse +race condition, and a security issue. + +REVIEW: 119323 +--- + + +--- kdecore/auth/backends/polkit-1/Polkit1Backend.cpp ++++ kdecore/auth/backends/polkit-1/Polkit1Backend.cpp +@@ -144,7 +144,7 @@ + + Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) + { +- PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid()); ++ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID())); + PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject, + PolkitQt1::Authority::None); + switch (r) { +@@ -160,21 +160,12 @@ + + QByteArray Polkit1Backend::callerID() const + { +- QByteArray a; +- QDataStream s(&a, QIODevice::WriteOnly); +- s << QCoreApplication::applicationPid(); +- +- return a; ++ return QDBusConnection::systemBus().baseService().toUtf8(); + } + + bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) + { +- QDataStream s(&callerID, QIODevice::ReadOnly); +- qint64 pid; +- +- s >> pid; +- +- PolkitQt1::UnixProcessSubject subject(pid); ++ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); + PolkitQt1::Authority *authority = PolkitQt1::Authority::instance(); + + PolkitResultEventLoop e; + |