kdelibs: add CVE-2017-8422.patch

taken from upstream git commit 264e97625abe2e0334f97de17f6ffb52582888ab KDE security advisory: https://www.kde.org/info/security/advisory-20170510-1.txt
2017-05-26 21:06:44 +02:00 · 2017-05-26 21:06:44 +02:00 · 9531007cf9
parent b045ca2897
commit 9531007cf9
2 changed files with 165 additions and 1 deletions
--- a/srcpkgs/kdelibs/patches/CVE-2017-8422.patch
+++ b/srcpkgs/kdelibs/patches/CVE-2017-8422.patch
@ -0,0 +1,164 @@
+--- kdecore/auth/AuthBackend.cpp
+++ kdecore/auth/AuthBackend.cpp
+@@ -54,6 +54,11 @@ void AuthBackend::setCapabilities(AuthBackend::Capabilities capabilities)
+     d->capabilities = capabilities;
+ }
+ 
+AuthBackend::ExtraCallerIDVerificationMethod AuthBackend::extraCallerIDVerificationMethod() const
+{
+    return NoExtraCallerIDVerificationMethod;
+}
+
+ bool AuthBackend::actionExists(const QString& action)
+ {
+     Q_UNUSED(action);
+--- kdecore/auth/AuthBackend.h
+++ kdecore/auth/AuthBackend.h
+@@ -43,6 +43,12 @@ public:
+     };
+     Q_DECLARE_FLAGS(Capabilities, Capability)
+ 
+    enum ExtraCallerIDVerificationMethod {
+        NoExtraCallerIDVerificationMethod,
+        VerifyAgainstDBusServiceName,
+        VerifyAgainstDBusServicePid,
+    };
+
+     AuthBackend();
+     virtual ~AuthBackend();
+     virtual void setupAction(const QString &action) = 0;
+@@ -50,6 +56,7 @@ public:
+     virtual Action::AuthStatus authorizeAction(const QString &action) = 0;
+     virtual Action::AuthStatus actionStatus(const QString &action) = 0;
+     virtual QByteArray callerID() const = 0;
+    virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const;
+     virtual bool isCallerAuthorized(const QString &action, QByteArray callerID) = 0;
+     virtual bool actionExists(const QString &action);
+ 
+--- kdecore/auth/backends/dbus/DBusHelperProxy.cpp
+++ kdecore/auth/backends/dbus/DBusHelperProxy.cpp
+@@ -271,6 +271,29 @@ void DBusHelperProxy::performActions(QByteArray blob, const QByteArray &callerID
+     }
+ }
+ 
+bool DBusHelperProxy::isCallerAuthorized(const QString &action, const QByteArray &callerID)
+{
+    // Check the caller is really who it says it is
+    switch (BackendsManager::authBackend()->extraCallerIDVerificationMethod()) {
+        case AuthBackend::NoExtraCallerIDVerificationMethod:
+        break;
+
+        case AuthBackend::VerifyAgainstDBusServiceName:
+            if (message().service().toUtf8() != callerID) {
+                return false;
+            }
+        break;
+
+        case AuthBackend::VerifyAgainstDBusServicePid:
+            if (connection().interface()->servicePid(message().service()).value() != callerID.toUInt()) {
+                return false;
+            }
+        break;
+    }
+
+    return BackendsManager::authBackend()->isCallerAuthorized(action, callerID);
+}
+
+ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArray &callerID, QByteArray arguments)
+ {
+     if (!responder) {
+@@ -295,7 +318,7 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra
+     QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value<QTimer*>();
+     timer->stop();
+ 
+-    if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) {
+    if (isCallerAuthorized(action, callerID)) {
+         QString slotname = action;
+         if (slotname.startsWith(m_name + QLatin1Char('.'))) {
+             slotname = slotname.right(slotname.length() - m_name.length() - 1);
+@@ -338,7 +361,7 @@ uint DBusHelperProxy::authorizeAction(const QString& action, const QByteArray& c
+     QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value<QTimer*>();
+     timer->stop();
+ 
+-    if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) {
+    if (isCallerAuthorized(action, callerID)) {
+         retVal = static_cast<uint>(Action::Authorized);
+     } else {
+         retVal = static_cast<uint>(Action::Denied);
+--- kdecore/auth/backends/dbus/DBusHelperProxy.h
+++ kdecore/auth/backends/dbus/DBusHelperProxy.h
+@@ -21,6 +21,7 @@
+ #ifndef DBUS_HELPER_PROXY_H
+ #define DBUS_HELPER_PROXY_H
+ 
+#include <QDBusContext>
+ #include <QVariant>
+ #include "HelperProxy.h"
+ #include "kauthactionreply.h"
+@@ -28,7 +29,7 @@
+ namespace KAuth
+ {
+ 
+-class DBusHelperProxy : public HelperProxy
+class DBusHelperProxy : public HelperProxy, protected QDBusContext
+ {
+     Q_OBJECT
+     Q_INTERFACES(KAuth::HelperProxy)
+@@ -73,6 +74,9 @@ signals:
+ 
+ private slots:
+     void remoteSignalReceived(int type, const QString &action, QByteArray blob);
+
+private:
+    bool isCallerAuthorized(const QString &action, const QByteArray &callerID);
+ };
+ 
+ } // namespace Auth
+--- kdecore/auth/backends/policykit/PolicyKitBackend.cpp
+++ kdecore/auth/backends/policykit/PolicyKitBackend.cpp
+@@ -78,6 +78,11 @@ QByteArray PolicyKitBackend::callerID() const
+     return a;
+ }
+ 
+AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const
+{
+    return VerifyAgainstDBusServicePid;
+}
+
+ bool PolicyKitBackend::isCallerAuthorized(const QString &action, QByteArray callerID)
+ {
+     QDataStream s(&callerID, QIODevice::ReadOnly);
+--- kdecore/auth/backends/policykit/PolicyKitBackend.h
+++ kdecore/auth/backends/policykit/PolicyKitBackend.h
+@@ -40,6 +40,7 @@ public:
+     virtual Action::AuthStatus authorizeAction(const QString&);
+     virtual Action::AuthStatus actionStatus(const QString&);
+     virtual QByteArray callerID() const;
+    virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const;
+     virtual bool isCallerAuthorized(const QString &action, QByteArray callerID);
+ 
+ private Q_SLOTS:
+--- kdecore/auth/backends/polkit-1/Polkit1Backend.cpp
+++ kdecore/auth/backends/polkit-1/Polkit1Backend.cpp
+@@ -163,6 +163,11 @@ QByteArray Polkit1Backend::callerID() const
+     return QDBusConnection::systemBus().baseService().toUtf8();
+ }
+ 
+AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const
+{
+    return VerifyAgainstDBusServiceName;
+}
+
+ bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID)
+ {
+     PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID));
+--- kdecore/auth/backends/polkit-1/Polkit1Backend.h
+++ kdecore/auth/backends/polkit-1/Polkit1Backend.h
+@@ -48,6 +48,7 @@ public:
+     virtual Action::AuthStatus authorizeAction(const QString&);
+     virtual Action::AuthStatus actionStatus(const QString&);
+     virtual QByteArray callerID() const;
+    virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const;
+     virtual bool isCallerAuthorized(const QString &action, QByteArray callerID);
+     virtual bool actionExists(const QString& action);
+
--- a/srcpkgs/kdelibs/template
+++ b/srcpkgs/kdelibs/template
@ -1,7 +1,7 @@
 # Template file for 'kdelibs'
 pkgname=kdelibs
 version=4.14.3
-revision=8
+revision=9
 short_desc="KDE core libraries"
 maintainer="Juan RP <xtraeme@voidlinux.eu>"
 license="GPL-2.0, LGPL-2.1, FDL"