diff options
| author |   Jauhien Piatlicki <jauhien@gentoo.org> | 2015-10-16 22:11:57 +0200 |
|---|---|---|
| committer | Jauhien Piatlicki <jauhien@gentoo.org> | 2015-10-16 22:14:19 +0200 |
| commit | b10b19ab1f8fb85673011d7f37f6cf1a6ab4bb2e (patch) | |
| tree | f9d4df3fa743ba33ba6fdad5610eb47277fa4cba /x11-misc | |
| parent | net-im/jabberd2: add libressl support (diff) | |
| download | gentoo-b10b19ab1f8fb85673011d7f37f6cf1a6ab4bb2e.tar.gz gentoo-b10b19ab1f8fb85673011d7f37f6cf1a6ab4bb2e.tar.bz2 gentoo-b10b19ab1f8fb85673011d7f37f6cf1a6ab4bb2e.zip | |
x11-misc/sddm: fix CVE-2015-0856
x11-misc/sddm does not prevent access to the KDE crash handler
Gentoo-Bug: 563108
Package-Manager: portage-2.2.20.1
Diffstat (limited to 'x11-misc')
| -rw-r--r-- | x11-misc/sddm/files/sddm-0.12.0-CVE-2015-0856.patch | 34 | ||||
| -rw-r--r-- | x11-misc/sddm/sddm-0.11.0-r3.ebuild | 4 | ||||
| -rw-r--r-- | x11-misc/sddm/sddm-0.12.0.ebuild | 3 |
3 files changed, 38 insertions, 3 deletions
diff --git a/x11-misc/sddm/files/sddm-0.12.0-CVE-2015-0856.patch b/x11-misc/sddm/files/sddm-0.12.0-CVE-2015-0856.patch new file mode 100644 index 000000000000..7ae67735dd21 --- /dev/null +++ b/x11-misc/sddm/files/sddm-0.12.0-CVE-2015-0856.patch @@ -0,0 +1,34 @@ +commit 4cfed6b0a625593fb43876f04badc4dd99799d86 +Author: David Edmundson <kde@davidedmundson.co.uk> +Date: Wed Oct 14 00:08:59 2015 +0100 + + Disable greeters from loading KDE's debug hander + + Some themes may use KDE components which will automatically load KDE's + crash handler. + + If the greeter were to then somehow crash, that would leave a crash + handler allowing other actions, albeit as the locked down SDDM user. + + Only SDDM users using the breeze theme from plasma-workspace are + affected. Safest and simplest fix is to handle this inside SDDM + disabling kcrash via an environment variable for all future themes that + may use these libraries. + + CVE-2015-0856 + +diff --git a/src/daemon/Greeter.cpp b/src/daemon/Greeter.cpp +index 68c4dc3..8c936b7 100644 +--- a/src/daemon/Greeter.cpp ++++ b/src/daemon/Greeter.cpp +@@ -145,6 +145,10 @@ namespace SDDM { + env.insert(QStringLiteral("XDG_VTNR"), QString::number(m_display->terminalId())); + env.insert(QStringLiteral("XDG_SESSION_CLASS"), QStringLiteral("greeter")); + env.insert(QStringLiteral("XDG_SESSION_TYPE"), m_display->sessionType()); ++ ++ //some themes may use KDE components and that will automatically load KDE's crash handler which we don't want ++ //counterintuitively setting this env disables that handler ++ env.insert(QStringLiteral("KDE_DEBUG"), QStringLiteral("1")); + m_auth->insertEnvironment(env); + + // log message diff --git a/x11-misc/sddm/sddm-0.11.0-r3.ebuild b/x11-misc/sddm/sddm-0.11.0-r3.ebuild index 32fd737e7ea4..6c5dac9372fd 100644 --- a/x11-misc/sddm/sddm-0.11.0-r3.ebuild +++ b/x11-misc/sddm/sddm-0.11.0-r3.ebuild @@ -38,8 +38,8 @@ pkg_pretend() { src_prepare() { use consolekit && epatch "${FILESDIR}/${P}-consolekit.patch" use !systemd && epatch "${FILESDIR}/${PN}-0.10.0-upower.patch" - # fix bug 552318 - epatch "${FILESDIR}/${P}-dbus-config.patch" + # fix bug 552318 and bug 563108 + epatch "${FILESDIR}/${P}-dbus-config.patch" "${FILESDIR}/${PN}-0.12.0-CVE-2015-0856.patch" # respect user's cflags sed -e 's|-Wall -march=native||' \ diff --git a/x11-misc/sddm/sddm-0.12.0.ebuild b/x11-misc/sddm/sddm-0.12.0.ebuild index 14af057498d8..0acdabc921a5 100644 --- a/x11-misc/sddm/sddm-0.12.0.ebuild +++ b/x11-misc/sddm/sddm-0.12.0.ebuild @@ -43,7 +43,8 @@ pkg_pretend() { src_prepare() { cmake-utils_src_prepare - epatch "${FILESDIR}/${P}-respect-user-flags.patch" + # fix for flags handling and bug 563108 + epatch "${FILESDIR}/${P}-respect-user-flags.patch" "${FILESDIR}/${P}-CVE-2015-0856.patch" use consolekit && epatch "${FILESDIR}/${PN}-0.11.0-consolekit.patch" } |