summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Palimaka <kensington@gentoo.org>2016-06-22 22:18:16 +1000
committerMichael Palimaka <kensington@gentoo.org>2016-06-22 22:19:34 +1000
commita7726c8295b82735d729c2232ad43a9ceef81ce9 (patch)
tree2df7477b05a9b6c5960e2d41ac8cc1ab489aa8c6 /kde-frameworks/kinit
parentprofiles: Last-rite dev-java/cacao (main tree only) (diff)
downloadgentoo-a7726c8295b82735d729c2232ad43a9ceef81ce9.tar.gz
gentoo-a7726c8295b82735d729c2232ad43a9ceef81ce9.tar.bz2
gentoo-a7726c8295b82735d729c2232ad43a9ceef81ce9.zip
kde-frameworks/kinit: backport security patch from upstream solving CVE-2016-3100
Gentoo-bug: 586700 Package-Manager: portage-2.3.0_rc1
Diffstat (limited to 'kde-frameworks/kinit')
-rw-r--r--kde-frameworks/kinit/files/kinit-5.21.0-cve-2016-3100.patch63
-rw-r--r--kde-frameworks/kinit/kinit-5.21.0-r1.ebuild43
2 files changed, 106 insertions, 0 deletions
diff --git a/kde-frameworks/kinit/files/kinit-5.21.0-cve-2016-3100.patch b/kde-frameworks/kinit/files/kinit-5.21.0-cve-2016-3100.patch
new file mode 100644
index 000000000000..b7980ed0d254
--- /dev/null
+++ b/kde-frameworks/kinit/files/kinit-5.21.0-cve-2016-3100.patch
@@ -0,0 +1,63 @@
+From dece8fd89979cd1a86c03bcaceef6e9221e8d8cd Mon Sep 17 00:00:00 2001
+From: taro yamada <archer_ame@yahoo.co.jp>
+Date: Wed, 18 May 2016 00:08:09 +0200
+Subject: [PATCH] Fix permissions of /tmp/xauth-xxx-_y
+
+BUGS: 358593
+---
+ src/kdeinit/kinit.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/kdeinit/kinit.cpp b/src/kdeinit/kinit.cpp
+index ca18603..19e38b8 100644
+--- a/src/kdeinit/kinit.cpp
++++ b/src/kdeinit/kinit.cpp
+@@ -1531,6 +1531,7 @@ static void setupX()
+ QSaveFile xauthfile(xauth);
+ QFile xauthfrom(QFile::decodeName(qgetenv("XAUTHORITY")));
+ if (!xauthfrom.open(QFile::ReadOnly) || !xauthfile.open(QFile::WriteOnly)
++ || !xauthfile.setPermissions(QFile::ReadOwner | QFile::WriteOwner)
+ || xauthfile.write(xauthfrom.readAll()) != xauthfrom.size() || !xauthfile.commit()) {
+ // error
+ } else {
+--
+2.7.3
+
+From 72f3702dbe6cf15c06dc13da2c99c864e9022a58 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Sat, 21 May 2016 17:48:36 +0200
+Subject: [PATCH] Fix race in which the file containing the X11 cookie has the
+ wrong permissions for a small while
+
+if someone is very fast can watch the file between the open and the setPermissions
+
+REVIEW: 127973
+Acked-by: mpyne
+---
+ src/kdeinit/kinit.cpp | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/kdeinit/kinit.cpp b/src/kdeinit/kinit.cpp
+index 19e38b8..216c87e 100644
+--- a/src/kdeinit/kinit.cpp
++++ b/src/kdeinit/kinit.cpp
+@@ -1530,13 +1530,15 @@ static void setupX()
+ + QString::number(getuid()) + QLatin1Char('-') + QString::fromLocal8Bit(display);
+ QSaveFile xauthfile(xauth);
+ QFile xauthfrom(QFile::decodeName(qgetenv("XAUTHORITY")));
++ // Set umask to make sure the file permissions of xauthfile are correct
++ mode_t oldMask = umask(S_IRGRP | S_IROTH | S_IWGRP | S_IWOTH);
+ if (!xauthfrom.open(QFile::ReadOnly) || !xauthfile.open(QFile::WriteOnly)
+- || !xauthfile.setPermissions(QFile::ReadOwner | QFile::WriteOwner)
+ || xauthfile.write(xauthfrom.readAll()) != xauthfrom.size() || !xauthfile.commit()) {
+ // error
+ } else {
+ qputenv("XAUTHORITY", QFile::encodeName(xauth));
+ }
++ umask(oldMask);
+ }
+ }
+
+--
+2.7.3
+
diff --git a/kde-frameworks/kinit/kinit-5.21.0-r1.ebuild b/kde-frameworks/kinit/kinit-5.21.0-r1.ebuild
new file mode 100644
index 000000000000..624bf6169aec
--- /dev/null
+++ b/kde-frameworks/kinit/kinit-5.21.0-r1.ebuild
@@ -0,0 +1,43 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+KDE_TEST="false"
+inherit kde5
+
+DESCRIPTION="Helper library to speed up start of applications on KDE work spaces"
+LICENSE="LGPL-2+"
+KEYWORDS="~amd64 ~arm ~x86"
+IUSE="+caps +man"
+
+RDEPEND="
+ $(add_frameworks_dep kconfig)
+ $(add_frameworks_dep kcoreaddons)
+ $(add_frameworks_dep kcrash)
+ $(add_frameworks_dep ki18n)
+ $(add_frameworks_dep kio)
+ $(add_frameworks_dep kservice)
+ $(add_frameworks_dep kwindowsystem)
+ $(add_qt_dep qtdbus)
+ $(add_qt_dep qtgui)
+ x11-libs/libX11
+ x11-libs/libxcb
+ caps? ( sys-libs/libcap )
+"
+DEPEND="${RDEPEND}
+ man? ( $(add_frameworks_dep kdoctools) )
+ x11-proto/xproto
+"
+
+PATCHES=( "${FILESDIR}/${P}-cve-2016-3100.patch" )
+
+src_configure() {
+ local mycmakeargs=(
+ $(cmake-utils_use_find_package caps Libcap)
+ $(cmake-utils_use_find_package man KF5DocTools)
+ )
+
+ kde5_src_configure
+}