diff options
author | Michael Palimaka <kensington@gentoo.org> | 2016-06-22 22:18:16 +1000 |
---|---|---|
committer | Michael Palimaka <kensington@gentoo.org> | 2016-06-22 22:19:34 +1000 |
commit | a7726c8295b82735d729c2232ad43a9ceef81ce9 (patch) | |
tree | 2df7477b05a9b6c5960e2d41ac8cc1ab489aa8c6 /kde-frameworks/kinit | |
parent | profiles: Last-rite dev-java/cacao (main tree only) (diff) | |
download | gentoo-a7726c8295b82735d729c2232ad43a9ceef81ce9.tar.gz gentoo-a7726c8295b82735d729c2232ad43a9ceef81ce9.tar.bz2 gentoo-a7726c8295b82735d729c2232ad43a9ceef81ce9.zip |
kde-frameworks/kinit: backport security patch from upstream solving CVE-2016-3100
Gentoo-bug: 586700
Package-Manager: portage-2.3.0_rc1
Diffstat (limited to 'kde-frameworks/kinit')
-rw-r--r-- | kde-frameworks/kinit/files/kinit-5.21.0-cve-2016-3100.patch | 63 | ||||
-rw-r--r-- | kde-frameworks/kinit/kinit-5.21.0-r1.ebuild | 43 |
2 files changed, 106 insertions, 0 deletions
diff --git a/kde-frameworks/kinit/files/kinit-5.21.0-cve-2016-3100.patch b/kde-frameworks/kinit/files/kinit-5.21.0-cve-2016-3100.patch new file mode 100644 index 000000000000..b7980ed0d254 --- /dev/null +++ b/kde-frameworks/kinit/files/kinit-5.21.0-cve-2016-3100.patch @@ -0,0 +1,63 @@ +From dece8fd89979cd1a86c03bcaceef6e9221e8d8cd Mon Sep 17 00:00:00 2001 +From: taro yamada <archer_ame@yahoo.co.jp> +Date: Wed, 18 May 2016 00:08:09 +0200 +Subject: [PATCH] Fix permissions of /tmp/xauth-xxx-_y + +BUGS: 358593 +--- + src/kdeinit/kinit.cpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/kdeinit/kinit.cpp b/src/kdeinit/kinit.cpp +index ca18603..19e38b8 100644 +--- a/src/kdeinit/kinit.cpp ++++ b/src/kdeinit/kinit.cpp +@@ -1531,6 +1531,7 @@ static void setupX() + QSaveFile xauthfile(xauth); + QFile xauthfrom(QFile::decodeName(qgetenv("XAUTHORITY"))); + if (!xauthfrom.open(QFile::ReadOnly) || !xauthfile.open(QFile::WriteOnly) ++ || !xauthfile.setPermissions(QFile::ReadOwner | QFile::WriteOwner) + || xauthfile.write(xauthfrom.readAll()) != xauthfrom.size() || !xauthfile.commit()) { + // error + } else { +-- +2.7.3 + +From 72f3702dbe6cf15c06dc13da2c99c864e9022a58 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid <aacid@kde.org> +Date: Sat, 21 May 2016 17:48:36 +0200 +Subject: [PATCH] Fix race in which the file containing the X11 cookie has the + wrong permissions for a small while + +if someone is very fast can watch the file between the open and the setPermissions + +REVIEW: 127973 +Acked-by: mpyne +--- + src/kdeinit/kinit.cpp | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/kdeinit/kinit.cpp b/src/kdeinit/kinit.cpp +index 19e38b8..216c87e 100644 +--- a/src/kdeinit/kinit.cpp ++++ b/src/kdeinit/kinit.cpp +@@ -1530,13 +1530,15 @@ static void setupX() + + QString::number(getuid()) + QLatin1Char('-') + QString::fromLocal8Bit(display); + QSaveFile xauthfile(xauth); + QFile xauthfrom(QFile::decodeName(qgetenv("XAUTHORITY"))); ++ // Set umask to make sure the file permissions of xauthfile are correct ++ mode_t oldMask = umask(S_IRGRP | S_IROTH | S_IWGRP | S_IWOTH); + if (!xauthfrom.open(QFile::ReadOnly) || !xauthfile.open(QFile::WriteOnly) +- || !xauthfile.setPermissions(QFile::ReadOwner | QFile::WriteOwner) + || xauthfile.write(xauthfrom.readAll()) != xauthfrom.size() || !xauthfile.commit()) { + // error + } else { + qputenv("XAUTHORITY", QFile::encodeName(xauth)); + } ++ umask(oldMask); + } + } + +-- +2.7.3 + diff --git a/kde-frameworks/kinit/kinit-5.21.0-r1.ebuild b/kde-frameworks/kinit/kinit-5.21.0-r1.ebuild new file mode 100644 index 000000000000..624bf6169aec --- /dev/null +++ b/kde-frameworks/kinit/kinit-5.21.0-r1.ebuild @@ -0,0 +1,43 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +KDE_TEST="false" +inherit kde5 + +DESCRIPTION="Helper library to speed up start of applications on KDE work spaces" +LICENSE="LGPL-2+" +KEYWORDS="~amd64 ~arm ~x86" +IUSE="+caps +man" + +RDEPEND=" + $(add_frameworks_dep kconfig) + $(add_frameworks_dep kcoreaddons) + $(add_frameworks_dep kcrash) + $(add_frameworks_dep ki18n) + $(add_frameworks_dep kio) + $(add_frameworks_dep kservice) + $(add_frameworks_dep kwindowsystem) + $(add_qt_dep qtdbus) + $(add_qt_dep qtgui) + x11-libs/libX11 + x11-libs/libxcb + caps? ( sys-libs/libcap ) +" +DEPEND="${RDEPEND} + man? ( $(add_frameworks_dep kdoctools) ) + x11-proto/xproto +" + +PATCHES=( "${FILESDIR}/${P}-cve-2016-3100.patch" ) + +src_configure() { + local mycmakeargs=( + $(cmake-utils_use_find_package caps Libcap) + $(cmake-utils_use_find_package man KF5DocTools) + ) + + kde5_src_configure +} |