diff --git a/.gitignore b/.gitignore index d4286a0..809073b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -/kdelibs-4.14.31.tar.xz +/kdelibs-4.14.32.tar.xz diff --git a/kdelibs-CVE-2017-8422-kauth-local-privilige-escalation.patch b/kdelibs-CVE-2017-8422-kauth-local-privilige-escalation.patch deleted file mode 100644 index 0a2fa53..0000000 --- a/kdelibs-CVE-2017-8422-kauth-local-privilige-escalation.patch +++ /dev/null @@ -1,200 +0,0 @@ -From 264e97625abe2e0334f97de17f6ffb52582888ab Mon Sep 17 00:00:00 2001 -From: Albert Astals Cid -Date: Wed, 10 May 2017 10:06:07 +0200 -Subject: Verify that whoever is calling us is actually who he says he is - -CVE-2017-8422 ---- - kdecore/auth/AuthBackend.cpp | 5 ++++ - kdecore/auth/AuthBackend.h | 7 ++++++ - kdecore/auth/backends/dbus/DBusHelperProxy.cpp | 27 ++++++++++++++++++++-- - kdecore/auth/backends/dbus/DBusHelperProxy.h | 6 ++++- - .../auth/backends/policykit/PolicyKitBackend.cpp | 5 ++++ - kdecore/auth/backends/policykit/PolicyKitBackend.h | 1 + - kdecore/auth/backends/polkit-1/Polkit1Backend.cpp | 5 ++++ - kdecore/auth/backends/polkit-1/Polkit1Backend.h | 1 + - 8 files changed, 54 insertions(+), 3 deletions(-) - -diff --git a/kdecore/auth/AuthBackend.cpp b/kdecore/auth/AuthBackend.cpp -index c953b81..0ba4650 100644 ---- a/kdecore/auth/AuthBackend.cpp -+++ b/kdecore/auth/AuthBackend.cpp -@@ -54,6 +54,11 @@ void AuthBackend::setCapabilities(AuthBackend::Capabilities capabilities) - d->capabilities = capabilities; - } - -+AuthBackend::ExtraCallerIDVerificationMethod AuthBackend::extraCallerIDVerificationMethod() const -+{ -+ return NoExtraCallerIDVerificationMethod; -+} -+ - bool AuthBackend::actionExists(const QString& action) - { - Q_UNUSED(action); -diff --git a/kdecore/auth/AuthBackend.h b/kdecore/auth/AuthBackend.h -index a86732e..6f4b1bc 100644 ---- a/kdecore/auth/AuthBackend.h -+++ b/kdecore/auth/AuthBackend.h -@@ -43,6 +43,12 @@ public: - }; - Q_DECLARE_FLAGS(Capabilities, Capability) - -+ enum ExtraCallerIDVerificationMethod { -+ NoExtraCallerIDVerificationMethod, -+ VerifyAgainstDBusServiceName, -+ VerifyAgainstDBusServicePid, -+ }; -+ - AuthBackend(); - virtual ~AuthBackend(); - virtual void setupAction(const QString &action) = 0; -@@ -50,6 +56,7 @@ public: - virtual Action::AuthStatus authorizeAction(const QString &action) = 0; - virtual Action::AuthStatus actionStatus(const QString &action) = 0; - virtual QByteArray callerID() const = 0; -+ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; - virtual bool isCallerAuthorized(const QString &action, QByteArray callerID) = 0; - virtual bool actionExists(const QString &action); - -diff --git a/kdecore/auth/backends/dbus/DBusHelperProxy.cpp b/kdecore/auth/backends/dbus/DBusHelperProxy.cpp -index 9557a0f..ca59f1c 100644 ---- a/kdecore/auth/backends/dbus/DBusHelperProxy.cpp -+++ b/kdecore/auth/backends/dbus/DBusHelperProxy.cpp -@@ -271,6 +271,29 @@ void DBusHelperProxy::performActions(QByteArray blob, const QByteArray &callerID - } - } - -+bool DBusHelperProxy::isCallerAuthorized(const QString &action, const QByteArray &callerID) -+{ -+ // Check the caller is really who it says it is -+ switch (BackendsManager::authBackend()->extraCallerIDVerificationMethod()) { -+ case AuthBackend::NoExtraCallerIDVerificationMethod: -+ break; -+ -+ case AuthBackend::VerifyAgainstDBusServiceName: -+ if (message().service().toUtf8() != callerID) { -+ return false; -+ } -+ break; -+ -+ case AuthBackend::VerifyAgainstDBusServicePid: -+ if (connection().interface()->servicePid(message().service()).value() != callerID.toUInt()) { -+ return false; -+ } -+ break; -+ } -+ -+ return BackendsManager::authBackend()->isCallerAuthorized(action, callerID); -+} -+ - QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArray &callerID, QByteArray arguments) - { - if (!responder) { -@@ -295,7 +318,7 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra - QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value(); - timer->stop(); - -- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { -+ if (isCallerAuthorized(action, callerID)) { - QString slotname = action; - if (slotname.startsWith(m_name + QLatin1Char('.'))) { - slotname = slotname.right(slotname.length() - m_name.length() - 1); -@@ -338,7 +361,7 @@ uint DBusHelperProxy::authorizeAction(const QString& action, const QByteArray& c - QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value(); - timer->stop(); - -- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { -+ if (isCallerAuthorized(action, callerID)) { - retVal = static_cast(Action::Authorized); - } else { - retVal = static_cast(Action::Denied); -diff --git a/kdecore/auth/backends/dbus/DBusHelperProxy.h b/kdecore/auth/backends/dbus/DBusHelperProxy.h -index 455cf51..264f6cc 100644 ---- a/kdecore/auth/backends/dbus/DBusHelperProxy.h -+++ b/kdecore/auth/backends/dbus/DBusHelperProxy.h -@@ -21,6 +21,7 @@ - #ifndef DBUS_HELPER_PROXY_H - #define DBUS_HELPER_PROXY_H - -+#include - #include - #include "HelperProxy.h" - #include "kauthactionreply.h" -@@ -28,7 +29,7 @@ - namespace KAuth - { - --class DBusHelperProxy : public HelperProxy -+class DBusHelperProxy : public HelperProxy, protected QDBusContext - { - Q_OBJECT - Q_INTERFACES(KAuth::HelperProxy) -@@ -73,6 +74,9 @@ signals: - - private slots: - void remoteSignalReceived(int type, const QString &action, QByteArray blob); -+ -+private: -+ bool isCallerAuthorized(const QString &action, const QByteArray &callerID); - }; - - } // namespace Auth -diff --git a/kdecore/auth/backends/policykit/PolicyKitBackend.cpp b/kdecore/auth/backends/policykit/PolicyKitBackend.cpp -index 3be97f2..9d041d1 100644 ---- a/kdecore/auth/backends/policykit/PolicyKitBackend.cpp -+++ b/kdecore/auth/backends/policykit/PolicyKitBackend.cpp -@@ -78,6 +78,11 @@ QByteArray PolicyKitBackend::callerID() const - return a; - } - -+AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const -+{ -+ return VerifyAgainstDBusServicePid; -+} -+ - bool PolicyKitBackend::isCallerAuthorized(const QString &action, QByteArray callerID) - { - QDataStream s(&callerID, QIODevice::ReadOnly); -diff --git a/kdecore/auth/backends/policykit/PolicyKitBackend.h b/kdecore/auth/backends/policykit/PolicyKitBackend.h -index 7154e93..0d3d8f9 100644 ---- a/kdecore/auth/backends/policykit/PolicyKitBackend.h -+++ b/kdecore/auth/backends/policykit/PolicyKitBackend.h -@@ -40,6 +40,7 @@ public: - virtual Action::AuthStatus authorizeAction(const QString&); - virtual Action::AuthStatus actionStatus(const QString&); - virtual QByteArray callerID() const; -+ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; - virtual bool isCallerAuthorized(const QString &action, QByteArray callerID); - - private Q_SLOTS: -diff --git a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp -index 732d2cb..63c0e1e 100644 ---- a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp -+++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp -@@ -163,6 +163,11 @@ QByteArray Polkit1Backend::callerID() const - return QDBusConnection::systemBus().baseService().toUtf8(); - } - -+AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const -+{ -+ return VerifyAgainstDBusServiceName; -+} -+ - bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) - { - PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); -diff --git a/kdecore/auth/backends/polkit-1/Polkit1Backend.h b/kdecore/auth/backends/polkit-1/Polkit1Backend.h -index 18ed1a2..d579da2 100644 ---- a/kdecore/auth/backends/polkit-1/Polkit1Backend.h -+++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.h -@@ -48,6 +48,7 @@ public: - virtual Action::AuthStatus authorizeAction(const QString&); - virtual Action::AuthStatus actionStatus(const QString&); - virtual QByteArray callerID() const; -+ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; - virtual bool isCallerAuthorized(const QString &action, QByteArray callerID); - virtual bool actionExists(const QString& action); - --- -cgit v0.11.2 - diff --git a/kdelibs.spec b/kdelibs.spec index 269e06c..1309c7d 100644 --- a/kdelibs.spec +++ b/kdelibs.spec @@ -49,9 +49,9 @@ Summary: KDE Libraries # shipped with kde applications, version... -%global apps_version 17.04.0 -Version: 4.14.31 -Release: 2%{?dist} +%global apps_version 17.04.1 +Version: 4.14.32 +Release: 1%{?dist} Name: kdelibs Epoch: 6 @@ -203,7 +203,6 @@ Patch67: kdelibs-4.14.17-gcc6_narrowing_hack.patch # 4.14 branch (lookaside cache) ## security fix -Patch100: kdelibs-CVE-2017-8422-kauth-local-privilige-escalation.patch # rhel patches @@ -498,7 +497,6 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage # upstream patches # security fixes -%patch100 -p1 -b CVE-2017-8422 # rhel patches %if ! 0%{?webkit} @@ -879,6 +877,9 @@ update-mime-database %{?fedora:-n} %{_datadir}/mime &> /dev/null || : %changelog +* Wed May 10 2017 Rex Dieter - 6:4.14.32-1 +- 4.14.32 + * Wed May 10 2017 Than Ngo - 6:4.14.31-2 - security fix, CVE-2017-8422 diff --git a/sources b/sources index 9633267..d7f3797 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (kdelibs-4.14.31.tar.xz) = 137ec20009c3e2bed7cf1bab6c7efd807b61f561de3bd934e1edc02d431d82295f144c2dabea4ce819af83a3e7f86938a74999ed997a66b17ea055eb1ada6aba +SHA512 (kdelibs-4.14.32.tar.xz) = 06cc64b79758d4dbf676eb6bbf56c1bb2820f3405c61e4d39e4e68a3ecd7db4afcf6fca1fcfe870dba9f8264b56aaee72d0f06da0923d2befd6ea56aa5adba22