From 98fff58e77d9b5931ce681e7aa5b54f5db8029c0 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Fri, 14 Apr 2017 10:44:00 -0500 Subject: [PATCH 1/3] 4.14.31 (kde-apps-17.04.0) --- .gitignore | 2 +- kdelibs.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index bec5966..d4286a0 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -/kdelibs-4.14.30.tar.xz +/kdelibs-4.14.31.tar.xz diff --git a/kdelibs.spec b/kdelibs.spec index 7fb3553..5237283 100644 --- a/kdelibs.spec +++ b/kdelibs.spec @@ -49,8 +49,8 @@ Summary: KDE Libraries # shipped with kde applications, version... -%global apps_version 16.12.3 -Version: 4.14.30 +%global apps_version 17.04.0 +Version: 4.14.31 Release: 1%{?dist} Name: kdelibs @@ -877,6 +877,9 @@ update-mime-database %{?fedora:-n} %{_datadir}/mime &> /dev/null || : %changelog +* Fri Apr 14 2017 Rex Dieter - 6:4.14.31-1 +- 4.14.31 (kde-apps-17.04.0) + * Wed Mar 08 2017 Rex Dieter - 6:4.14.30-1 - 4.14.30 (kde-apps-16.12.3) diff --git a/sources b/sources index 398be58..9633267 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (kdelibs-4.14.30.tar.xz) = 60cceeb35d872c5cbba3894f991e728eb5f84e0de7d9d944ed6bf53a3aff7e4de48e0f3369e98944eed0a52659a5331976fbe32c2f3685e65acbfd4ceb98696d +SHA512 (kdelibs-4.14.31.tar.xz) = 137ec20009c3e2bed7cf1bab6c7efd807b61f561de3bd934e1edc02d431d82295f144c2dabea4ce819af83a3e7f86938a74999ed997a66b17ea055eb1ada6aba From 71ae6c005be752d617a8c3b4a23758686d17a830 Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Wed, 10 May 2017 10:47:35 +0200 Subject: [PATCH 2/3] security fix, CVE-2017-8422 --- ...422-kauth-local-privilige-escalation.patch | 200 ++++++++++++++++++ kdelibs.spec | 7 +- 2 files changed, 206 insertions(+), 1 deletion(-) create mode 100644 kdelibs-CVE-2017-8422-kauth-local-privilige-escalation.patch diff --git a/kdelibs-CVE-2017-8422-kauth-local-privilige-escalation.patch b/kdelibs-CVE-2017-8422-kauth-local-privilige-escalation.patch new file mode 100644 index 0000000..0a2fa53 --- /dev/null +++ b/kdelibs-CVE-2017-8422-kauth-local-privilige-escalation.patch @@ -0,0 +1,200 @@ +From 264e97625abe2e0334f97de17f6ffb52582888ab Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Wed, 10 May 2017 10:06:07 +0200 +Subject: Verify that whoever is calling us is actually who he says he is + +CVE-2017-8422 +--- + kdecore/auth/AuthBackend.cpp | 5 ++++ + kdecore/auth/AuthBackend.h | 7 ++++++ + kdecore/auth/backends/dbus/DBusHelperProxy.cpp | 27 ++++++++++++++++++++-- + kdecore/auth/backends/dbus/DBusHelperProxy.h | 6 ++++- + .../auth/backends/policykit/PolicyKitBackend.cpp | 5 ++++ + kdecore/auth/backends/policykit/PolicyKitBackend.h | 1 + + kdecore/auth/backends/polkit-1/Polkit1Backend.cpp | 5 ++++ + kdecore/auth/backends/polkit-1/Polkit1Backend.h | 1 + + 8 files changed, 54 insertions(+), 3 deletions(-) + +diff --git a/kdecore/auth/AuthBackend.cpp b/kdecore/auth/AuthBackend.cpp +index c953b81..0ba4650 100644 +--- a/kdecore/auth/AuthBackend.cpp ++++ b/kdecore/auth/AuthBackend.cpp +@@ -54,6 +54,11 @@ void AuthBackend::setCapabilities(AuthBackend::Capabilities capabilities) + d->capabilities = capabilities; + } + ++AuthBackend::ExtraCallerIDVerificationMethod AuthBackend::extraCallerIDVerificationMethod() const ++{ ++ return NoExtraCallerIDVerificationMethod; ++} ++ + bool AuthBackend::actionExists(const QString& action) + { + Q_UNUSED(action); +diff --git a/kdecore/auth/AuthBackend.h b/kdecore/auth/AuthBackend.h +index a86732e..6f4b1bc 100644 +--- a/kdecore/auth/AuthBackend.h ++++ b/kdecore/auth/AuthBackend.h +@@ -43,6 +43,12 @@ public: + }; + Q_DECLARE_FLAGS(Capabilities, Capability) + ++ enum ExtraCallerIDVerificationMethod { ++ NoExtraCallerIDVerificationMethod, ++ VerifyAgainstDBusServiceName, ++ VerifyAgainstDBusServicePid, ++ }; ++ + AuthBackend(); + virtual ~AuthBackend(); + virtual void setupAction(const QString &action) = 0; +@@ -50,6 +56,7 @@ public: + virtual Action::AuthStatus authorizeAction(const QString &action) = 0; + virtual Action::AuthStatus actionStatus(const QString &action) = 0; + virtual QByteArray callerID() const = 0; ++ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; + virtual bool isCallerAuthorized(const QString &action, QByteArray callerID) = 0; + virtual bool actionExists(const QString &action); + +diff --git a/kdecore/auth/backends/dbus/DBusHelperProxy.cpp b/kdecore/auth/backends/dbus/DBusHelperProxy.cpp +index 9557a0f..ca59f1c 100644 +--- a/kdecore/auth/backends/dbus/DBusHelperProxy.cpp ++++ b/kdecore/auth/backends/dbus/DBusHelperProxy.cpp +@@ -271,6 +271,29 @@ void DBusHelperProxy::performActions(QByteArray blob, const QByteArray &callerID + } + } + ++bool DBusHelperProxy::isCallerAuthorized(const QString &action, const QByteArray &callerID) ++{ ++ // Check the caller is really who it says it is ++ switch (BackendsManager::authBackend()->extraCallerIDVerificationMethod()) { ++ case AuthBackend::NoExtraCallerIDVerificationMethod: ++ break; ++ ++ case AuthBackend::VerifyAgainstDBusServiceName: ++ if (message().service().toUtf8() != callerID) { ++ return false; ++ } ++ break; ++ ++ case AuthBackend::VerifyAgainstDBusServicePid: ++ if (connection().interface()->servicePid(message().service()).value() != callerID.toUInt()) { ++ return false; ++ } ++ break; ++ } ++ ++ return BackendsManager::authBackend()->isCallerAuthorized(action, callerID); ++} ++ + QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArray &callerID, QByteArray arguments) + { + if (!responder) { +@@ -295,7 +318,7 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra + QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value(); + timer->stop(); + +- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { ++ if (isCallerAuthorized(action, callerID)) { + QString slotname = action; + if (slotname.startsWith(m_name + QLatin1Char('.'))) { + slotname = slotname.right(slotname.length() - m_name.length() - 1); +@@ -338,7 +361,7 @@ uint DBusHelperProxy::authorizeAction(const QString& action, const QByteArray& c + QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value(); + timer->stop(); + +- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { ++ if (isCallerAuthorized(action, callerID)) { + retVal = static_cast(Action::Authorized); + } else { + retVal = static_cast(Action::Denied); +diff --git a/kdecore/auth/backends/dbus/DBusHelperProxy.h b/kdecore/auth/backends/dbus/DBusHelperProxy.h +index 455cf51..264f6cc 100644 +--- a/kdecore/auth/backends/dbus/DBusHelperProxy.h ++++ b/kdecore/auth/backends/dbus/DBusHelperProxy.h +@@ -21,6 +21,7 @@ + #ifndef DBUS_HELPER_PROXY_H + #define DBUS_HELPER_PROXY_H + ++#include + #include + #include "HelperProxy.h" + #include "kauthactionreply.h" +@@ -28,7 +29,7 @@ + namespace KAuth + { + +-class DBusHelperProxy : public HelperProxy ++class DBusHelperProxy : public HelperProxy, protected QDBusContext + { + Q_OBJECT + Q_INTERFACES(KAuth::HelperProxy) +@@ -73,6 +74,9 @@ signals: + + private slots: + void remoteSignalReceived(int type, const QString &action, QByteArray blob); ++ ++private: ++ bool isCallerAuthorized(const QString &action, const QByteArray &callerID); + }; + + } // namespace Auth +diff --git a/kdecore/auth/backends/policykit/PolicyKitBackend.cpp b/kdecore/auth/backends/policykit/PolicyKitBackend.cpp +index 3be97f2..9d041d1 100644 +--- a/kdecore/auth/backends/policykit/PolicyKitBackend.cpp ++++ b/kdecore/auth/backends/policykit/PolicyKitBackend.cpp +@@ -78,6 +78,11 @@ QByteArray PolicyKitBackend::callerID() const + return a; + } + ++AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const ++{ ++ return VerifyAgainstDBusServicePid; ++} ++ + bool PolicyKitBackend::isCallerAuthorized(const QString &action, QByteArray callerID) + { + QDataStream s(&callerID, QIODevice::ReadOnly); +diff --git a/kdecore/auth/backends/policykit/PolicyKitBackend.h b/kdecore/auth/backends/policykit/PolicyKitBackend.h +index 7154e93..0d3d8f9 100644 +--- a/kdecore/auth/backends/policykit/PolicyKitBackend.h ++++ b/kdecore/auth/backends/policykit/PolicyKitBackend.h +@@ -40,6 +40,7 @@ public: + virtual Action::AuthStatus authorizeAction(const QString&); + virtual Action::AuthStatus actionStatus(const QString&); + virtual QByteArray callerID() const; ++ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; + virtual bool isCallerAuthorized(const QString &action, QByteArray callerID); + + private Q_SLOTS: +diff --git a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp +index 732d2cb..63c0e1e 100644 +--- a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp ++++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp +@@ -163,6 +163,11 @@ QByteArray Polkit1Backend::callerID() const + return QDBusConnection::systemBus().baseService().toUtf8(); + } + ++AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const ++{ ++ return VerifyAgainstDBusServiceName; ++} ++ + bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) + { + PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); +diff --git a/kdecore/auth/backends/polkit-1/Polkit1Backend.h b/kdecore/auth/backends/polkit-1/Polkit1Backend.h +index 18ed1a2..d579da2 100644 +--- a/kdecore/auth/backends/polkit-1/Polkit1Backend.h ++++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.h +@@ -48,6 +48,7 @@ public: + virtual Action::AuthStatus authorizeAction(const QString&); + virtual Action::AuthStatus actionStatus(const QString&); + virtual QByteArray callerID() const; ++ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; + virtual bool isCallerAuthorized(const QString &action, QByteArray callerID); + virtual bool actionExists(const QString& action); + +-- +cgit v0.11.2 + diff --git a/kdelibs.spec b/kdelibs.spec index 5237283..269e06c 100644 --- a/kdelibs.spec +++ b/kdelibs.spec @@ -51,7 +51,7 @@ Summary: KDE Libraries # shipped with kde applications, version... %global apps_version 17.04.0 Version: 4.14.31 -Release: 1%{?dist} +Release: 2%{?dist} Name: kdelibs Epoch: 6 @@ -203,6 +203,7 @@ Patch67: kdelibs-4.14.17-gcc6_narrowing_hack.patch # 4.14 branch (lookaside cache) ## security fix +Patch100: kdelibs-CVE-2017-8422-kauth-local-privilige-escalation.patch # rhel patches @@ -497,6 +498,7 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage # upstream patches # security fixes +%patch100 -p1 -b CVE-2017-8422 # rhel patches %if ! 0%{?webkit} @@ -877,6 +879,9 @@ update-mime-database %{?fedora:-n} %{_datadir}/mime &> /dev/null || : %changelog +* Wed May 10 2017 Than Ngo - 6:4.14.31-2 +- security fix, CVE-2017-8422 + * Fri Apr 14 2017 Rex Dieter - 6:4.14.31-1 - 4.14.31 (kde-apps-17.04.0) From dbb6ec293b63ceeeb2cbc427976b1d86fb8e7ef4 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Wed, 10 May 2017 09:06:46 -0500 Subject: [PATCH 3/3] 4.14.32 --- .gitignore | 2 +- ...422-kauth-local-privilige-escalation.patch | 200 ------------------ kdelibs.spec | 11 +- sources | 2 +- 4 files changed, 8 insertions(+), 207 deletions(-) delete mode 100644 kdelibs-CVE-2017-8422-kauth-local-privilige-escalation.patch diff --git a/.gitignore b/.gitignore index d4286a0..809073b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -/kdelibs-4.14.31.tar.xz +/kdelibs-4.14.32.tar.xz diff --git a/kdelibs-CVE-2017-8422-kauth-local-privilige-escalation.patch b/kdelibs-CVE-2017-8422-kauth-local-privilige-escalation.patch deleted file mode 100644 index 0a2fa53..0000000 --- a/kdelibs-CVE-2017-8422-kauth-local-privilige-escalation.patch +++ /dev/null @@ -1,200 +0,0 @@ -From 264e97625abe2e0334f97de17f6ffb52582888ab Mon Sep 17 00:00:00 2001 -From: Albert Astals Cid -Date: Wed, 10 May 2017 10:06:07 +0200 -Subject: Verify that whoever is calling us is actually who he says he is - -CVE-2017-8422 ---- - kdecore/auth/AuthBackend.cpp | 5 ++++ - kdecore/auth/AuthBackend.h | 7 ++++++ - kdecore/auth/backends/dbus/DBusHelperProxy.cpp | 27 ++++++++++++++++++++-- - kdecore/auth/backends/dbus/DBusHelperProxy.h | 6 ++++- - .../auth/backends/policykit/PolicyKitBackend.cpp | 5 ++++ - kdecore/auth/backends/policykit/PolicyKitBackend.h | 1 + - kdecore/auth/backends/polkit-1/Polkit1Backend.cpp | 5 ++++ - kdecore/auth/backends/polkit-1/Polkit1Backend.h | 1 + - 8 files changed, 54 insertions(+), 3 deletions(-) - -diff --git a/kdecore/auth/AuthBackend.cpp b/kdecore/auth/AuthBackend.cpp -index c953b81..0ba4650 100644 ---- a/kdecore/auth/AuthBackend.cpp -+++ b/kdecore/auth/AuthBackend.cpp -@@ -54,6 +54,11 @@ void AuthBackend::setCapabilities(AuthBackend::Capabilities capabilities) - d->capabilities = capabilities; - } - -+AuthBackend::ExtraCallerIDVerificationMethod AuthBackend::extraCallerIDVerificationMethod() const -+{ -+ return NoExtraCallerIDVerificationMethod; -+} -+ - bool AuthBackend::actionExists(const QString& action) - { - Q_UNUSED(action); -diff --git a/kdecore/auth/AuthBackend.h b/kdecore/auth/AuthBackend.h -index a86732e..6f4b1bc 100644 ---- a/kdecore/auth/AuthBackend.h -+++ b/kdecore/auth/AuthBackend.h -@@ -43,6 +43,12 @@ public: - }; - Q_DECLARE_FLAGS(Capabilities, Capability) - -+ enum ExtraCallerIDVerificationMethod { -+ NoExtraCallerIDVerificationMethod, -+ VerifyAgainstDBusServiceName, -+ VerifyAgainstDBusServicePid, -+ }; -+ - AuthBackend(); - virtual ~AuthBackend(); - virtual void setupAction(const QString &action) = 0; -@@ -50,6 +56,7 @@ public: - virtual Action::AuthStatus authorizeAction(const QString &action) = 0; - virtual Action::AuthStatus actionStatus(const QString &action) = 0; - virtual QByteArray callerID() const = 0; -+ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; - virtual bool isCallerAuthorized(const QString &action, QByteArray callerID) = 0; - virtual bool actionExists(const QString &action); - -diff --git a/kdecore/auth/backends/dbus/DBusHelperProxy.cpp b/kdecore/auth/backends/dbus/DBusHelperProxy.cpp -index 9557a0f..ca59f1c 100644 ---- a/kdecore/auth/backends/dbus/DBusHelperProxy.cpp -+++ b/kdecore/auth/backends/dbus/DBusHelperProxy.cpp -@@ -271,6 +271,29 @@ void DBusHelperProxy::performActions(QByteArray blob, const QByteArray &callerID - } - } - -+bool DBusHelperProxy::isCallerAuthorized(const QString &action, const QByteArray &callerID) -+{ -+ // Check the caller is really who it says it is -+ switch (BackendsManager::authBackend()->extraCallerIDVerificationMethod()) { -+ case AuthBackend::NoExtraCallerIDVerificationMethod: -+ break; -+ -+ case AuthBackend::VerifyAgainstDBusServiceName: -+ if (message().service().toUtf8() != callerID) { -+ return false; -+ } -+ break; -+ -+ case AuthBackend::VerifyAgainstDBusServicePid: -+ if (connection().interface()->servicePid(message().service()).value() != callerID.toUInt()) { -+ return false; -+ } -+ break; -+ } -+ -+ return BackendsManager::authBackend()->isCallerAuthorized(action, callerID); -+} -+ - QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArray &callerID, QByteArray arguments) - { - if (!responder) { -@@ -295,7 +318,7 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra - QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value(); - timer->stop(); - -- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { -+ if (isCallerAuthorized(action, callerID)) { - QString slotname = action; - if (slotname.startsWith(m_name + QLatin1Char('.'))) { - slotname = slotname.right(slotname.length() - m_name.length() - 1); -@@ -338,7 +361,7 @@ uint DBusHelperProxy::authorizeAction(const QString& action, const QByteArray& c - QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value(); - timer->stop(); - -- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { -+ if (isCallerAuthorized(action, callerID)) { - retVal = static_cast(Action::Authorized); - } else { - retVal = static_cast(Action::Denied); -diff --git a/kdecore/auth/backends/dbus/DBusHelperProxy.h b/kdecore/auth/backends/dbus/DBusHelperProxy.h -index 455cf51..264f6cc 100644 ---- a/kdecore/auth/backends/dbus/DBusHelperProxy.h -+++ b/kdecore/auth/backends/dbus/DBusHelperProxy.h -@@ -21,6 +21,7 @@ - #ifndef DBUS_HELPER_PROXY_H - #define DBUS_HELPER_PROXY_H - -+#include - #include - #include "HelperProxy.h" - #include "kauthactionreply.h" -@@ -28,7 +29,7 @@ - namespace KAuth - { - --class DBusHelperProxy : public HelperProxy -+class DBusHelperProxy : public HelperProxy, protected QDBusContext - { - Q_OBJECT - Q_INTERFACES(KAuth::HelperProxy) -@@ -73,6 +74,9 @@ signals: - - private slots: - void remoteSignalReceived(int type, const QString &action, QByteArray blob); -+ -+private: -+ bool isCallerAuthorized(const QString &action, const QByteArray &callerID); - }; - - } // namespace Auth -diff --git a/kdecore/auth/backends/policykit/PolicyKitBackend.cpp b/kdecore/auth/backends/policykit/PolicyKitBackend.cpp -index 3be97f2..9d041d1 100644 ---- a/kdecore/auth/backends/policykit/PolicyKitBackend.cpp -+++ b/kdecore/auth/backends/policykit/PolicyKitBackend.cpp -@@ -78,6 +78,11 @@ QByteArray PolicyKitBackend::callerID() const - return a; - } - -+AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const -+{ -+ return VerifyAgainstDBusServicePid; -+} -+ - bool PolicyKitBackend::isCallerAuthorized(const QString &action, QByteArray callerID) - { - QDataStream s(&callerID, QIODevice::ReadOnly); -diff --git a/kdecore/auth/backends/policykit/PolicyKitBackend.h b/kdecore/auth/backends/policykit/PolicyKitBackend.h -index 7154e93..0d3d8f9 100644 ---- a/kdecore/auth/backends/policykit/PolicyKitBackend.h -+++ b/kdecore/auth/backends/policykit/PolicyKitBackend.h -@@ -40,6 +40,7 @@ public: - virtual Action::AuthStatus authorizeAction(const QString&); - virtual Action::AuthStatus actionStatus(const QString&); - virtual QByteArray callerID() const; -+ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; - virtual bool isCallerAuthorized(const QString &action, QByteArray callerID); - - private Q_SLOTS: -diff --git a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp -index 732d2cb..63c0e1e 100644 ---- a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp -+++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp -@@ -163,6 +163,11 @@ QByteArray Polkit1Backend::callerID() const - return QDBusConnection::systemBus().baseService().toUtf8(); - } - -+AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const -+{ -+ return VerifyAgainstDBusServiceName; -+} -+ - bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) - { - PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); -diff --git a/kdecore/auth/backends/polkit-1/Polkit1Backend.h b/kdecore/auth/backends/polkit-1/Polkit1Backend.h -index 18ed1a2..d579da2 100644 ---- a/kdecore/auth/backends/polkit-1/Polkit1Backend.h -+++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.h -@@ -48,6 +48,7 @@ public: - virtual Action::AuthStatus authorizeAction(const QString&); - virtual Action::AuthStatus actionStatus(const QString&); - virtual QByteArray callerID() const; -+ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; - virtual bool isCallerAuthorized(const QString &action, QByteArray callerID); - virtual bool actionExists(const QString& action); - --- -cgit v0.11.2 - diff --git a/kdelibs.spec b/kdelibs.spec index 269e06c..1309c7d 100644 --- a/kdelibs.spec +++ b/kdelibs.spec @@ -49,9 +49,9 @@ Summary: KDE Libraries # shipped with kde applications, version... -%global apps_version 17.04.0 -Version: 4.14.31 -Release: 2%{?dist} +%global apps_version 17.04.1 +Version: 4.14.32 +Release: 1%{?dist} Name: kdelibs Epoch: 6 @@ -203,7 +203,6 @@ Patch67: kdelibs-4.14.17-gcc6_narrowing_hack.patch # 4.14 branch (lookaside cache) ## security fix -Patch100: kdelibs-CVE-2017-8422-kauth-local-privilige-escalation.patch # rhel patches @@ -498,7 +497,6 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage # upstream patches # security fixes -%patch100 -p1 -b CVE-2017-8422 # rhel patches %if ! 0%{?webkit} @@ -879,6 +877,9 @@ update-mime-database %{?fedora:-n} %{_datadir}/mime &> /dev/null || : %changelog +* Wed May 10 2017 Rex Dieter - 6:4.14.32-1 +- 4.14.32 + * Wed May 10 2017 Than Ngo - 6:4.14.31-2 - security fix, CVE-2017-8422 diff --git a/sources b/sources index 9633267..d7f3797 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (kdelibs-4.14.31.tar.xz) = 137ec20009c3e2bed7cf1bab6c7efd807b61f561de3bd934e1edc02d431d82295f144c2dabea4ce819af83a3e7f86938a74999ed997a66b17ea055eb1ada6aba +SHA512 (kdelibs-4.14.32.tar.xz) = 06cc64b79758d4dbf676eb6bbf56c1bb2820f3405c61e4d39e4e68a3ecd7db4afcf6fca1fcfe870dba9f8264b56aaee72d0f06da0923d2befd6ea56aa5adba22