diff options
| author | rakuco <rakuco@FreeBSD.org> | 2014-11-18 05:00:49 +0800 |
|---|---|---|
| committer | rakuco <rakuco@FreeBSD.org> | 2014-11-18 05:00:49 +0800 |
| commit | b28e80163142adff60fde47633d128290672b938 (patch) | |
| tree | f1bbccf8f3c8c2a536102cc6459c5fe81d3cb374 /x11 | |
| parent | 8613f83cd628ceed391bce4d98743bf65b5b968d (diff) | |
| download | freebsd-ports-gnome-b28e80163142adff60fde47633d128290672b938.tar.gz freebsd-ports-gnome-b28e80163142adff60fde47633d128290672b938.tar.zst freebsd-ports-gnome-b28e80163142adff60fde47633d128290672b938.zip | |
Add patch for CVE-2014-8651 (privilege escalation).
MFH: 2014Q4
Security: dafa13a8-6e9b-11e4-8ef7-5453ed2e2b49
Diffstat (limited to 'x11')
| -rw-r--r-- | x11/kde4-workspace/Makefile | 1 | ||||
| -rw-r--r-- | x11/kde4-workspace/files/patch-CVE-2014-8651 | 113 |
2 files changed, 114 insertions, 0 deletions
diff --git a/x11/kde4-workspace/Makefile b/x11/kde4-workspace/Makefile index 27b3c08df361..5a3fd6090fec 100644 --- a/x11/kde4-workspace/Makefile +++ b/x11/kde4-workspace/Makefile @@ -2,6 +2,7 @@ PORTNAME= kde-workspace PORTVERSION= ${KDE4_WORKSPACE_VERSION} +PORTREVISION= 1 CATEGORIES= x11 kde MASTER_SITES= KDE/${KDE4_BRANCH}/${KDE4_VERSION}/src DIST_SUBDIR= KDE/${PORTVERSION} diff --git a/x11/kde4-workspace/files/patch-CVE-2014-8651 b/x11/kde4-workspace/files/patch-CVE-2014-8651 new file mode 100644 index 000000000000..288b8afb99f1 --- /dev/null +++ b/x11/kde4-workspace/files/patch-CVE-2014-8651 @@ -0,0 +1,113 @@ +commit eebcb17746d9fa86ea8c5a7344709ef6750781cf +Author: David Edmundson <kde@davidedmundson.co.uk> +Date: Tue Nov 4 13:57:59 2014 +0100 + + Do not pass ntpUtility as an argument to datetime helper + + Passing the name of a binary to run to a polkit helper is a security + risk as it allows any arbitrary process to be executed. + + This patch moves the detection of ntp utility location into the helper + function. + + REVIEW: 120977 + +--- kcontrol/dateandtime/dtime.cpp ++++ kcontrol/dateandtime/dtime.cpp +@@ -142,27 +142,15 @@ void Dtime::serverTimeCheck() { + //kclock->setEnabled(enabled); + } + +-void Dtime::findNTPutility(){ +- QByteArray envpath = qgetenv("PATH"); +- if (!envpath.isEmpty() && envpath[0] == ':') { +- envpath = envpath.mid(1); +- } +- +- QString path = "/sbin:/usr/sbin:"; +- if (!envpath.isEmpty()) { +- path += QString::fromLocal8Bit(envpath); +- } else { +- path += QLatin1String("/bin:/usr/bin"); +- } +- +- foreach(const QString &possible_ntputility, QStringList() << "ntpdate" << "rdate" ) { +- if( !((ntpUtility = KStandardDirs::findExe(possible_ntputility, path)).isEmpty()) ) { +- kDebug() << "ntpUtility = " << ntpUtility; +- return; ++void Dtime::findNTPutility() ++{ ++ const QString exePath = QLatin1String("/usr/sbin:/usr/bin:/sbin:/bin"); ++ foreach(const QString &possible_ntputility, QStringList() << "ntpdate" << "rdate" ) { ++ ntpUtility = KStandardDirs::findExe(possible_ntputility, exePath); ++ if (!ntpUtility.isEmpty()) { ++ return; ++ } + } +- } +- +- kDebug() << "ntpUtility not found!"; + } + + void Dtime::set_time() +@@ -238,7 +226,6 @@ void Dtime::save( QVariantMap& helperargs ) + helperargs["ntp"] = true; + helperargs["ntpServers"] = list; + helperargs["ntpEnabled"] = setDateTimeAuto->isChecked(); +- helperargs["ntpUtility"] = ntpUtility; + + if(setDateTimeAuto->isChecked() && !ntpUtility.isEmpty()){ + // NTP Time setting - done in helper +--- kcontrol/dateandtime/helper.cpp ++++ kcontrol/dateandtime/helper.cpp +@@ -52,8 +52,18 @@ + // clears it. So we have to use a reasonable default. + static const QString exePath = QLatin1String("/usr/sbin:/usr/bin:/sbin:/bin"); + +-int ClockHelper::ntp( const QStringList& ntpServers, bool ntpEnabled, +- const QString& ntpUtility ) ++static QString findNtpUtility() ++{ ++ foreach(const QString &possible_ntputility, QStringList() << "ntpdate" << "rdate" ) { ++ const QString ntpUtility = KStandardDirs::findExe(possible_ntputility, exePath); ++ if (!ntpUtility.isEmpty()) { ++ return ntpUtility; ++ } ++ } ++ return QString(); ++} ++ ++int ClockHelper::ntp( const QStringList& ntpServers, bool ntpEnabled ) + { + int ret = 0; + +@@ -69,6 +79,8 @@ int ClockHelper::ntp( const QStringList& ntpServers, bool ntpEnabled, + config.writeEntry("servers", ntpServers ); + config.writeEntry("enabled", ntpEnabled ); + ++ QString ntpUtility(findNtpUtility()); ++ + if ( ntpEnabled && !ntpUtility.isEmpty() ) { + // NTP Time setting + QString timeServer = ntpServers.first(); +@@ -227,7 +239,7 @@ ActionReply ClockHelper::save(const QVariantMap &args) + int ret = 0; // error code + // The order here is important + if( _ntp ) +- ret |= ntp( args.value("ntpServers").toStringList(), args.value("ntpEnabled").toBool(), args.value("ntpUtility").toString() ); ++ ret |= ntp( args.value("ntpServers").toStringList(), args.value("ntpEnabled").toBool()); + if( _date ) + ret |= date( args.value("newdate").toString(), args.value("olddate").toString() ); + if( _tz ) +--- kcontrol/dateandtime/helper.h ++++ kcontrol/dateandtime/helper.h +@@ -42,8 +42,7 @@ class ClockHelper : public QObject + ActionReply save(const QVariantMap &map); + + private: +- int ntp(const QStringList& ntpServers, bool ntpEnabled, +- const QString& ntpUtility); ++ int ntp(const QStringList& ntpServers, bool ntpEnabled); + int date(const QString& newdate, const QString& olddate); + int tz(const QString& selectedzone); + int tzreset(); |