| author | Sven-Hendrik Haase
<svenstaro@archlinux.org> 2014-07-30 20:15:36 UTC |
| committer | Sven-Hendrik Haase
<svenstaro@archlinux.org> 2014-07-30 20:15:36 UTC |
| parent | 7ffcec54b842867466c2bb36991d5974ff81f027 |
| PKGBUILD | +9 | -3 |
| kauth-cve-2014-5033.patch | +36 | -0 |
diff --git a/PKGBUILD b/PKGBUILD index 99a741c..325d0f5 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -2,7 +2,7 @@ pkgname=kauth pkgver=5.0.0 -pkgrel=1 +pkgrel=2 pkgdesc='KAuth' arch=('i686' 'x86_64') url='https://projects.kde.org/projects/frameworks/kauth' @@ -10,11 +10,17 @@ license=('LGPL') depends=('kcoreaddons' 'polkit-qt5') makedepends=('extra-cmake-modules' 'qt5-tools') groups=('kf5') -source=("http://download.kde.org/stable/frameworks/${pkgver}/${pkgname}-${pkgver}.tar.xz") -md5sums=('eeb5e576c9d0d098cfb9def812f04089') +source=("http://download.kde.org/stable/frameworks/${pkgver}/${pkgname}-${pkgver}.tar.xz" + "${pkgname}-cve-2014-5033.patch") +md5sums=('eeb5e576c9d0d098cfb9def812f04089' + 'c24d35b0e96f98f1cfaff8e69e5fe8f6') prepare() { mkdir -p build + + cd ${pkgname}-${pkgver} + + patch -p1 -i "${srcdir}/kauth-cve-2014-5033.patch" } build() { diff --git a/kauth-cve-2014-5033.patch b/kauth-cve-2014-5033.patch new file mode 100644 index 0000000..a7736cd --- /dev/null +++ b/kauth-cve-2014-5033.patch @@ -0,0 +1,36 @@ +--- a/src/backends/polkit-1/Polkit1Backend.cpp ++++ b/src/backends/polkit-1/Polkit1Backend.cpp +@@ -142,7 +142,7 @@ + + Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) + { +- PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid()); ++ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID())); + PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject, + PolkitQt1::Authority::None); + switch (r) { +@@ -158,21 +158,12 @@ + + QByteArray Polkit1Backend::callerID() const + { +- QByteArray a; +- QDataStream s(&a, QIODevice::WriteOnly); +- s << QCoreApplication::applicationPid(); +- +- return a; ++ return QDBusConnection::systemBus().baseService().toUtf8(); + } + + bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) + { +- QDataStream s(&callerID, QIODevice::ReadOnly); +- qint64 pid; +- +- s >> pid; +- +- PolkitQt1::UnixProcessSubject subject(pid); ++ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); + PolkitQt1::Authority *authority = PolkitQt1::Authority::instance(); + + PolkitResultEventLoop e; +