Package: kde4libs / 4:4.4.5-2+squeeze4

CVE-2014-5033.patch Patch series | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
Index: kde4libs-4.4.5/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp
===================================================================
--- kde4libs-4.4.5.orig/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp	2010-04-29 21:52:20.000000000 +0200
+++ kde4libs-4.4.5/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp	2014-10-20 17:00:22.334816485 +0200
@@ -26,6 +26,7 @@
 #include <PolkitQt1/Authority>
 #include <PolkitQt1/Subject>
 #include <QtCore/QCoreApplication>
+#include <QtDBus/QDBusConnection>
 
 namespace KAuth
 {
@@ -81,7 +82,7 @@ void Polkit1Backend::setupAction(const Q
 
 Action::AuthStatus Polkit1Backend::actionStatus(const QString &action)
 {
-    PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid());
+    PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID()));
     PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, &subject,
                                                                                               PolkitQt1::Authority::None);
     switch (r) {
@@ -97,21 +98,12 @@ Action::AuthStatus Polkit1Backend::actio
 
 QByteArray Polkit1Backend::callerID() const
 {
-    QByteArray a;
-    QDataStream s(&a, QIODevice::WriteOnly);
-    s << QCoreApplication::applicationPid();
-
-    return a;
+    return QDBusConnection::systemBus().baseService().toUtf8();
 }
 
 bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID)
 {
-    QDataStream s(&callerID, QIODevice::ReadOnly);
-    qint64 pid;
-
-    s >> pid;
-
-    PolkitQt1::UnixProcessSubject subject(pid);
+    PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID));
     PolkitQt1::Authority *authority = PolkitQt1::Authority::instance();
 
     PolkitResultEventLoop e;
Index: kde4libs-4.4.5/kdecore/auth/ConfigureChecks.cmake
===================================================================
--- kde4libs-4.4.5.orig/kdecore/auth/ConfigureChecks.cmake	2010-03-26 18:24:30.000000000 +0100
+++ kde4libs-4.4.5/kdecore/auth/ConfigureChecks.cmake	2014-10-20 17:14:11.829290683 +0200
@@ -113,7 +113,7 @@ elseif(KDE4_AUTH_BACKEND_NAME STREQUAL "
        auth/backends/policykit/PolicyKitBackend.cpp
     )
 
-    set(KAUTH_BACKEND_LIBS ${POLKITQT_CORE_LIBRARY} ${QT_QTCORE_LIBRARY})
+    set(KAUTH_BACKEND_LIBS ${POLKITQT_CORE_LIBRARY} ${QT_QTCORE_LIBRARY} kdecore)
 
     set(KDE4_AUTH_POLICY_FILES_INSTALL_DIR ${POLKITQT_POLICY_FILES_INSTALL_DIR} CACHE STRING 
         "Where policy files generated by KAuth will be installed" FORCE)
@@ -128,7 +128,7 @@ elseif(KDE4_AUTH_BACKEND_NAME STREQUAL "
         auth/backends/polkit-1/Polkit1Backend.cpp
     )
 
-    set(KAUTH_BACKEND_LIBS ${POLKITQT-1_CORE_LIBRARY} ${QT_QTCORE_LIBRARY})
+    set(KAUTH_BACKEND_LIBS ${POLKITQT-1_CORE_LIBRARY} ${QT_QTCORE_LIBRARY} kdecore)
 
     set(KDE4_AUTH_POLICY_FILES_INSTALL_DIR ${POLKITQT-1_POLICY_FILES_INSTALL_DIR} CACHE STRING 
         "Where policy files generated by KAuth will be installed" FORCE)