diff options
author | lethalman <lucabru@src.gnome.org> | 2014-09-10 10:10:36 +0200 |
---|---|---|
committer | lethalman <lucabru@src.gnome.org> | 2014-09-10 10:10:36 +0200 |
commit | d2bf37f183946dc032055b7e8db7ea699dd976ae (patch) | |
tree | 9c85a13b77308e2463ac49644b3da13c8e2b86b5 /pkgs | |
parent | 9b6f3298134f9675fba8d88fb0920cc4cad300c7 (diff) | |
parent | 7c0e0849afd32fcd1304a230aa88ea4a559ca142 (diff) | |
download | nixpkgs-d2bf37f183946dc032055b7e8db7ea699dd976ae.tar nixpkgs-d2bf37f183946dc032055b7e8db7ea699dd976ae.tar.gz nixpkgs-d2bf37f183946dc032055b7e8db7ea699dd976ae.tar.bz2 nixpkgs-d2bf37f183946dc032055b7e8db7ea699dd976ae.tar.lz nixpkgs-d2bf37f183946dc032055b7e8db7ea699dd976ae.tar.xz nixpkgs-d2bf37f183946dc032055b7e8db7ea699dd976ae.tar.zst nixpkgs-d2bf37f183946dc032055b7e8db7ea699dd976ae.zip |
Merge pull request #4010 from madjar/master
kde4: added the security patch for CVE-2014-5033 to nixpkgs because it is not available upstream
Diffstat (limited to 'pkgs')
-rw-r--r-- | pkgs/desktops/kde-4.12/files/kdelibs-cve-2014-5033.patch | 36 | ||||
-rw-r--r-- | pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix | 9 |
2 files changed, 38 insertions, 7 deletions
diff --git a/pkgs/desktops/kde-4.12/files/kdelibs-cve-2014-5033.patch b/pkgs/desktops/kde-4.12/files/kdelibs-cve-2014-5033.patch new file mode 100644 index 00000000000..c85eccd6beb --- /dev/null +++ b/pkgs/desktops/kde-4.12/files/kdelibs-cve-2014-5033.patch @@ -0,0 +1,36 @@ +--- a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp ++++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp +@@ -144,7 +144,7 @@ + + Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) + { +- PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid()); ++ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID())); + PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject, + PolkitQt1::Authority::None); + switch (r) { +@@ -160,21 +160,12 @@ + + QByteArray Polkit1Backend::callerID() const + { +- QByteArray a; +- QDataStream s(&a, QIODevice::WriteOnly); +- s << QCoreApplication::applicationPid(); +- +- return a; ++ return QDBusConnection::systemBus().baseService().toUtf8(); + } + + bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) + { +- QDataStream s(&callerID, QIODevice::ReadOnly); +- qint64 pid; +- +- s >> pid; +- +- PolkitQt1::UnixProcessSubject subject(pid); ++ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); + PolkitQt1::Authority *authority = PolkitQt1::Authority::instance(); + + PolkitResultEventLoop e; + diff --git a/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix b/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix index 1698abfd00f..5db693e6ea0 100644 --- a/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix +++ b/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix @@ -4,7 +4,7 @@ , automoc4, soprano, qca2, attica, enchant, libdbusmenu_qt, grantlee , docbook_xml_dtd_42, docbook_xsl, polkit_qt_1, acl, attr, libXtst , udev, herqq, phonon, libjpeg, xz, ilmbase, libxslt -, pkgconfig, fetchpatch +, pkgconfig }: kde { @@ -30,12 +30,7 @@ kde { patches = [ ../files/polkit-install.patch - (fetchpatch { - name = "CVE-2014-5033.patch"; - url = "http://quickgit.kde.org/?p=kdelibs.git" - + "&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23"; - sha256 = "0mdqa9w1p6cmli6976v4wi0sw9r4p5prkj7lzfd1877wk11c9c73"; - }) + ../files/kdelibs-cve-2014-5033.patch # Security patch, remove when updating to 4.14.0 or more ]; cmakeFlags = [ |