security fix CVE-2014-5033
This commit is contained in:
Than Ngo
parent
a1007e1b91
commit
adb7ba49b7
|
|
@ -0,0 +1,36 @@
|
|||
diff -up kdelibs-4.11.5/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp.than kdelibs-4.11.5/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp
|
||||
--- kdelibs-4.11.5/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp.than 2014-09-23 11:19:47.000000000 +0200
|
||||
+++ kdelibs-4.11.5/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp 2014-09-23 11:22:50.000000000 +0200
|
||||
@@ -144,7 +144,7 @@ void Polkit1Backend::setupAction(const Q
|
||||
|
||||
Action::AuthStatus Polkit1Backend::actionStatus(const QString &action)
|
||||
{
|
||||
- PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid());
|
||||
+ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID()));
|
||||
PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject,
|
||||
PolkitQt1::Authority::None);
|
||||
switch (r) {
|
||||
@@ -160,21 +160,12 @@ Action::AuthStatus Polkit1Backend::actio
|
||||
|
||||
QByteArray Polkit1Backend::callerID() const
|
||||
{
|
||||
- QByteArray a;
|
||||
- QDataStream s(&a, QIODevice::WriteOnly);
|
||||
- s << QCoreApplication::applicationPid();
|
||||
-
|
||||
- return a;
|
||||
+ return QDBusConnection::systemBus().baseService().toUtf8();
|
||||
}
|
||||
|
||||
bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID)
|
||||
{
|
||||
- QDataStream s(&callerID, QIODevice::ReadOnly);
|
||||
- qint64 pid;
|
||||
-
|
||||
- s >> pid;
|
||||
-
|
||||
- PolkitQt1::UnixProcessSubject subject(pid);
|
||||
+ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID));
|
||||
PolkitQt1::Authority *authority = PolkitQt1::Authority::instance();
|
||||
|
||||
PolkitResultEventLoop e;
|
||||
|
|
@ -39,7 +39,7 @@
|
|||
|
||||
Summary: KDE Libraries
|
||||
Version: 4.11.5
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
|
||||
Name: kdelibs
|
||||
Epoch: 6
|
||||
|
|
@ -171,6 +171,7 @@ Patch093: turn-the-packagekit-support-feature-off-by-default.patch
|
|||
|
||||
## security fix
|
||||
Patch158: 0008-Don-t-require-a-job-to-handle-messageboxes.patch
|
||||
Patch159: kdelibs-4.11.5-CVE-2014-5033.patch
|
||||
|
||||
# rhel patches
|
||||
|
||||
|
|
@ -374,6 +375,7 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
|
|||
|
||||
# security fixes
|
||||
%patch158 -p1 -b .0008
|
||||
%patch159 -p1 -b .CVE-2014-5033
|
||||
|
||||
# rhel patches
|
||||
%if ! 0%{?webkit}
|
||||
|
|
@ -630,6 +632,9 @@ gtk-update-icon-cache %{_kde4_iconsdir}/hicolor &> /dev/null || :
|
|||
|
||||
|
||||
%changelog
|
||||
* Tue Sep 23 2014 Than Ngo <than@redhat.com> - 6:4.11.5-5
|
||||
- security fix CVE-2014-5033
|
||||
|
||||
* Thu Jun 19 2014 Rex Dieter <rdieter@fedoraproject.org> - 6:4.11.5-4
|
||||
- Provides: kdelibs4-webkit ...
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue