2014-08-08 12:38 GMT+04:00 Vadim Zhukov <[email protected]>: > This fixes a security issue in KDE4 for 5.5, as mentioned here: > http://www.kde.org/info/security/advisory-20140730-1.txt > > Packaging tested on i386. Okay? > -- > WBR, > Vadim Zhukov > > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/x11/kde4/libs/Makefile,v > retrieving revision 1.47.2.1 > diff -u -p -r1.47.2.1 Makefile > --- Makefile 20 Jun 2014 13:16:07 -0000 1.47.2.1 > +++ Makefile 7 Aug 2014 14:30:07 -0000 > @@ -11,7 +11,7 @@ PKGNAME-langlist = kde4-langlist-${MODKD > PKG_ARCH-en_US = * > PKG_ARCH-langlist = * > PKGSPEC-main = kdelibs->=4 > -REVISION-main = 5 > +REVISION-main = 6 > > DPB_PROPERTIES = parallel tag:kde4 > > Index: patches/patch-kdecore_auth_backends_polkit-1_Polkit1Backend_cpp > =================================================================== > RCS file: patches/patch-kdecore_auth_backends_polkit-1_Polkit1Backend_cpp > diff -N patches/patch-kdecore_auth_backends_polkit-1_Polkit1Backend_cpp > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-kdecore_auth_backends_polkit-1_Polkit1Backend_cpp 7 Aug > 2014 14:30:07 -0000 > @@ -0,0 +1,38 @@ > +$OpenBSD$ > +Fix for auth race condition. > +REVIEW: https://git.reviewboard.kde.org/r/119323/ > +--- kdecore/auth/backends/polkit-1/Polkit1Backend.cpp.orig Thu Jan 2 > 23:26:51 2014 > ++++ kdecore/auth/backends/polkit-1/Polkit1Backend.cpp Thu Aug 7 18:08:58 > 2014 > +@@ -144,7 +144,7 @@ void Polkit1Backend::setupAction(const QString &action > + > + Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) > + { > +- PolkitQt1::UnixProcessSubject > subject(QCoreApplication::applicationPid()); > ++ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID())); > + PolkitQt1::Authority::Result r = > PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject, > + > PolkitQt1::Authority::None); > + switch (r) { > +@@ -160,21 +160,12 @@ Action::AuthStatus Polkit1Backend::actionStatus(const > + > + QByteArray Polkit1Backend::callerID() const > + { > +- QByteArray a; > +- QDataStream s(&a, QIODevice::WriteOnly); > +- s << QCoreApplication::applicationPid(); > +- > +- return a; > ++ return QDBusConnection::systemBus().baseService().toUtf8(); > + } > + > + bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray > callerID) > + { > +- QDataStream s(&callerID, QIODevice::ReadOnly); > +- qint64 pid; > +- > +- s >> pid; > +- > +- PolkitQt1::UnixProcessSubject subject(pid); > ++ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); > + PolkitQt1::Authority *authority = PolkitQt1::Authority::instance(); > + > + PolkitResultEventLoop e;
ping? -- WBR, Vadim Zhukov
