Hi,
attached are debdiffs for CVE-2024-36041/plasma-workspace.
cu
Adrian
diffstat for plasma-workspace-5.27.5 plasma-workspace-5.27.5
changelog | 7 +
patches/0001-Authenticate-local-clients.patch | 128 ++++++++++++++++++++++++++
patches/series | 2
3 files changed, 137 insertions(+)
diff -Nru plasma-workspace-5.27.5/debian/changelog
plasma-workspace-5.27.5/debian/changelog
--- plasma-workspace-5.27.5/debian/changelog 2023-08-16 22:18:49.000000000
+0300
+++ plasma-workspace-5.27.5/debian/changelog 2024-06-21 20:58:15.000000000
+0300
@@ -1,3 +1,10 @@
+plasma-workspace (4:5.27.5-2+deb12u2) bookworm-security; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2024-36041: ksmserver: Unauthorized users can access session manager
+
+ -- Adrian Bunk <b...@debian.org> Fri, 21 Jun 2024 20:58:15 +0300
+
plasma-workspace (4:5.27.5-2+deb12u1) bookworm; urgency=medium
* Backport patch to fix crash in krunner (Closes: #1037557).
diff -Nru
plasma-workspace-5.27.5/debian/patches/0001-Authenticate-local-clients.patch
plasma-workspace-5.27.5/debian/patches/0001-Authenticate-local-clients.patch
---
plasma-workspace-5.27.5/debian/patches/0001-Authenticate-local-clients.patch
1970-01-01 02:00:00.000000000 +0200
+++
plasma-workspace-5.27.5/debian/patches/0001-Authenticate-local-clients.patch
2024-06-21 20:58:15.000000000 +0300
@@ -0,0 +1,128 @@
+From 061651824683fc728b804a5cbf8a51e4d62194e0 Mon Sep 17 00:00:00 2001
+From: David Edmundson <k...@davidedmundson.co.uk>
+Date: Sat, 13 Apr 2024 23:07:19 +0100
+Subject: Authenticate local clients
+
+ksmserver currently authenticates remote clients, but allows local
+connections through.
+
+This is a security risk that can allow another user on the same system
+to access the user's session management session without authentication.
+
+Co-authored-by: Fabian Vogt <fab...@ritter-vogt.de>
+---
+ ksmserver/server.cpp | 58 +++-----------------------------------------
+ 1 file changed, 4 insertions(+), 54 deletions(-)
+
+diff --git a/ksmserver/server.cpp b/ksmserver/server.cpp
+index 8a408cf73b..94b6952d4b 100644
+--- a/ksmserver/server.cpp
++++ b/ksmserver/server.cpp
+@@ -158,15 +158,6 @@ static QTemporaryFile *remTempFile = nullptr;
+
+ static IceListenObj *listenObjs = nullptr;
+ int numTransports = 0;
+-static bool only_local = 0;
+-
+-static Bool HostBasedAuthProc(char * /*hostname*/)
+-{
+- if (only_local)
+- return true;
+- else
+- return false;
+-}
+
+ Status KSMRegisterClientProc(SmsConn /* smsConn */, SmPointer managerData,
char *previousId)
+ {
+@@ -311,34 +302,6 @@ static void write_iceauth(FILE *addfp, FILE *removefp,
IceAuthDataEntry *entry)
+
+ #define MAGIC_COOKIE_LEN 16
+
+-Status SetAuthentication_local(int count, IceListenObj *listenObjs)
+-{
+- int i;
+- for (i = 0; i < count; i++) {
+- char *prot = IceGetListenConnectionString(listenObjs[i]);
+- if (!prot)
+- continue;
+- char *host = strchr(prot, '/');
+- char *sock = nullptr;
+- if (host) {
+- *host = 0;
+- host++;
+- sock = strchr(host, ':');
+- if (sock) {
+- *sock = 0;
+- sock++;
+- }
+- }
+- qCDebug(KSMSERVER) << "KSMServer: SetAProc_loc: conn " << (unsigned)i
<< ", prot=" << prot << ", file=" << sock;
+- if (sock && !strcmp(prot, "local")) {
+- chmod(sock, 0700);
+- }
+- IceSetHostBasedAuthProc(listenObjs[i], HostBasedAuthProc);
+- free(prot);
+- }
+- return 1;
+-}
+-
+ Status SetAuthentication(int count, IceListenObj *listenObjs,
IceAuthDataEntry **authDataEntries)
+ {
+ QTemporaryFile addTempFile;
+@@ -372,8 +335,6 @@ Status SetAuthentication(int count, IceListenObj
*listenObjs, IceAuthDataEntry *
+ write_iceauth(addAuthFile, remAuthFile, &(*authDataEntries)[i + 1]);
+
+ IceSetPaAuthData(2, &(*authDataEntries)[i]);
+-
+- IceSetHostBasedAuthProc(listenObjs[i / 2], HostBasedAuthProc);
+ }
+ fclose(addAuthFile);
+ fclose(remAuthFile);
+@@ -397,9 +358,6 @@ Status SetAuthentication(int count, IceListenObj
*listenObjs, IceAuthDataEntry *
+ void FreeAuthenticationData(int count, IceAuthDataEntry *authDataEntries)
+ {
+ /* Each transport has entries for ICE and XSMP */
+- if (only_local)
+- return;
+-
+ for (int i = 0; i < count * 2; i++) {
+ free(authDataEntries[i].network_id);
+ free(authDataEntries[i].auth_data);
+@@ -542,16 +500,13 @@ KSMServer::KSMServer(InitFlags flags)
+ clientInteracting = nullptr;
+ xonCommand = config.readEntry("xonCommand", "xon");
+
+- only_local = flags.testFlag(InitFlag::OnlyLocal);
+ #ifdef HAVE__ICETRANSNOLISTEN
+- if (only_local)
++ if (flags.testFlag(InitFlag::OnlyLocal))
+ _IceTransNoListen("tcp");
+-#else
+- only_local = false;
+ #endif
+
+ char errormsg[256];
+- if (!SmsInitialize((char *)KSMVendorString, (char *)KSMReleaseString,
KSMNewClientProc, (SmPointer)this, HostBasedAuthProc, 256, errormsg)) {
++ if (!SmsInitialize((char *)KSMVendorString, (char *)KSMReleaseString,
KSMNewClientProc, (SmPointer)this, nullptr, 256, errormsg)) {
+ qCWarning(KSMSERVER, "KSMServer: could not register XSM protocol");
+ }
+
+@@ -594,13 +549,8 @@ KSMServer::KSMServer(InitFlags flags)
+ free(session_manager);
+ }
+
+- if (only_local) {
+- if (!SetAuthentication_local(numTransports, listenObjs))
+- qFatal("KSMSERVER: authentication setup failed.");
+- } else {
+- if (!SetAuthentication(numTransports, listenObjs, &authDataEntries))
+- qFatal("KSMSERVER: authentication setup failed.");
+- }
++ if (!SetAuthentication(numTransports, listenObjs, &authDataEntries))
++ qFatal("KSMSERVER: authentication setup failed.");
+
+ IceAddConnectionWatch(KSMWatchProc, (IcePointer)this);
+
+--
+2.30.2
+
diff -Nru plasma-workspace-5.27.5/debian/patches/series
plasma-workspace-5.27.5/debian/patches/series
--- plasma-workspace-5.27.5/debian/patches/series 2023-08-16
22:18:49.000000000 +0300
+++ plasma-workspace-5.27.5/debian/patches/series 2024-06-21
20:58:15.000000000 +0300
@@ -3,3 +3,5 @@
# Fixed in 5.27.6
krunner_crash.patch
+
+0001-Authenticate-local-clients.patch
diffstat for plasma-workspace-5.20.5 plasma-workspace-5.20.5
changelog | 7 +
patches/0001-Authenticate-local-clients.patch | 129 ++++++++++++++++++++++++++
patches/series | 1
3 files changed, 137 insertions(+)
diff -Nru plasma-workspace-5.20.5/debian/changelog
plasma-workspace-5.20.5/debian/changelog
--- plasma-workspace-5.20.5/debian/changelog 2021-05-07 21:58:22.000000000
+0300
+++ plasma-workspace-5.20.5/debian/changelog 2024-06-21 22:39:32.000000000
+0300
@@ -1,3 +1,10 @@
+plasma-workspace (4:5.20.5-6+deb11u1) bullseye-security; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2024-36041: ksmserver: Unauthorized users can access session manager
+
+ -- Adrian Bunk <b...@debian.org> Fri, 21 Jun 2024 22:39:32 +0300
+
plasma-workspace (4:5.20.5-6) unstable; urgency=medium
* Add breaks+replaces for plasma-workspace in plasma-workspace-data as
diff -Nru
plasma-workspace-5.20.5/debian/patches/0001-Authenticate-local-clients.patch
plasma-workspace-5.20.5/debian/patches/0001-Authenticate-local-clients.patch
---
plasma-workspace-5.20.5/debian/patches/0001-Authenticate-local-clients.patch
1970-01-01 02:00:00.000000000 +0200
+++
plasma-workspace-5.20.5/debian/patches/0001-Authenticate-local-clients.patch
2024-06-21 22:39:23.000000000 +0300
@@ -0,0 +1,129 @@
+From 3beaabbddad43ae41994109afcd4dd601df4203a Mon Sep 17 00:00:00 2001
+From: David Edmundson <k...@davidedmundson.co.uk>
+Date: Sat, 13 Apr 2024 23:07:19 +0100
+Subject: Authenticate local clients
+
+ksmserver currently authenticates remote clients, but allows local
+connections through.
+
+This is a security risk that can allow another user on the same system
+to access the user's session management session without authentication.
+
+Co-authored-by: Fabian Vogt <fab...@ritter-vogt.de>
+---
+ ksmserver/server.cpp | 56 ++++----------------------------------------
+ 1 file changed, 4 insertions(+), 52 deletions(-)
+
+diff --git a/ksmserver/server.cpp b/ksmserver/server.cpp
+index f46dd31e3c..eeb900381d 100644
+--- a/ksmserver/server.cpp
++++ b/ksmserver/server.cpp
+@@ -152,15 +152,6 @@ static QTemporaryFile *remTempFile = nullptr;
+
+ static IceListenObj *listenObjs = nullptr;
+ int numTransports = 0;
+-static bool only_local = 0;
+-
+-static Bool HostBasedAuthProc ( char* /*hostname*/)
+-{
+- if (only_local)
+- return true;
+- else
+- return false;
+-}
+
+
+ Status KSMRegisterClientProc (
+@@ -367,33 +358,6 @@ static void write_iceauth (FILE *addfp, FILE *removefp,
IceAuthDataEntry *entry)
+
+ #define MAGIC_COOKIE_LEN 16
+
+-Status SetAuthentication_local (int count, IceListenObj *listenObjs)
+-{
+- int i;
+- for (i = 0; i < count; i ++) {
+- char *prot = IceGetListenConnectionString(listenObjs[i]);
+- if (!prot) continue;
+- char *host = strchr(prot, '/');
+- char *sock = nullptr;
+- if (host) {
+- *host=0;
+- host++;
+- sock = strchr(host, ':');
+- if (sock) {
+- *sock = 0;
+- sock++;
+- }
+- }
+- qCDebug(KSMSERVER) << "KSMServer: SetAProc_loc: conn " << (unsigned)i
<< ", prot=" << prot << ", file=" << sock;
+- if (sock && !strcmp(prot, "local")) {
+- chmod(sock, 0700);
+- }
+- IceSetHostBasedAuthProc (listenObjs[i], HostBasedAuthProc);
+- free(prot);
+- }
+- return 1;
+-}
+-
+ Status SetAuthentication (int count, IceListenObj *listenObjs,
+ IceAuthDataEntry **authDataEntries)
+ {
+@@ -434,7 +398,6 @@ Status SetAuthentication (int count, IceListenObj
*listenObjs,
+
+ IceSetPaAuthData (2, &(*authDataEntries)[i]);
+
+- IceSetHostBasedAuthProc (listenObjs[i/2], HostBasedAuthProc);
+ }
+ fclose(addAuthFile);
+ fclose(remAuthFile);
+@@ -459,9 +422,6 @@ Status SetAuthentication (int count, IceListenObj
*listenObjs,
+ void FreeAuthenticationData(int count, IceAuthDataEntry *authDataEntries)
+ {
+ /* Each transport has entries for ICE and XSMP */
+- if (only_local)
+- return;
+-
+ for (int i = 0; i < count * 2; i++) {
+ free (authDataEntries[i].network_id);
+ free (authDataEntries[i].auth_data);
+@@ -609,19 +569,16 @@ KSMServer::KSMServer(InitFlags flags)
+ clientInteracting = nullptr;
+ xonCommand = config.readEntry( "xonCommand", "xon" );
+
+- only_local = flags.testFlag(InitFlag::OnlyLocal);
+ #ifdef HAVE__ICETRANSNOLISTEN
+- if (only_local)
++ if (flags.testFlag(InitFlag::OnlyLocal))
+ _IceTransNoListen("tcp");
+-#else
+- only_local = false;
+ #endif
+
+ char errormsg[256];
+ if (!SmsInitialize ( (char*) KSMVendorString, (char*) KSMReleaseString,
+ KSMNewClientProc,
+ (SmPointer) this,
+- HostBasedAuthProc, 256, errormsg ) ) {
++ nullptr, 256, errormsg ) ) {
+
+ qCWarning(KSMSERVER, "KSMServer: could not register XSM protocol");
+ }
+@@ -669,13 +626,8 @@ KSMServer::KSMServer(InitFlags flags)
+ free(session_manager);
+ }
+
+- if (only_local) {
+- if (!SetAuthentication_local(numTransports, listenObjs))
+- qFatal("KSMSERVER: authentication setup failed.");
+- } else {
+- if (!SetAuthentication(numTransports, listenObjs, &authDataEntries))
+- qFatal("KSMSERVER: authentication setup failed.");
+- }
++ if (!SetAuthentication(numTransports, listenObjs, &authDataEntries))
++ qFatal("KSMSERVER: authentication setup failed.");
+
+ IceAddConnectionWatch (KSMWatchProc, (IcePointer) this);
+
+--
+2.30.2
+
diff -Nru plasma-workspace-5.20.5/debian/patches/series
plasma-workspace-5.20.5/debian/patches/series
--- plasma-workspace-5.20.5/debian/patches/series 2021-05-07
21:58:22.000000000 +0300
+++ plasma-workspace-5.20.5/debian/patches/series 2024-06-21
22:39:32.000000000 +0300
@@ -9,3 +9,4 @@
upstream_5.21_2fbdc187_evaluate_single_digit_factorial.patch
upstream_5.21_292d9d19_calculator_runner_Fix_handling_of_hexadecimal_input_output.patch
upstream_5.21_a3b017cc_calculatorrunner_fix_mixed_hex+decimal_calculations.patch
+0001-Authenticate-local-clients.patch
