Index: head/devel/kf5-kauth/Makefile =================================================================== --- head/devel/kf5-kauth/Makefile (revision 440555) +++ head/devel/kf5-kauth/Makefile (revision 440556) @@ -1,18 +1,19 @@ # Created by: tcberner # $FreeBSD$ PORTNAME= kauth PORTVERSION= ${KDE_FRAMEWORKS_VERSION} +PORTREVISION= 1 CATEGORIES= devel kde kde-frameworks MAINTAINER= kde@FreeBSD.org COMMENT= KF5 abstraction to system policy and authentication features LIB_DEPENDS= libpolkit-qt5-core-1.so:sysutils/polkit-qt5 USES= cmake:outsource compiler:c++11-lib kde:5 tar:xz USE_KDE= coreaddons ecm USE_QT5= buildtools_build core dbus gui linguisttools qmake_build \ widgets .include Index: head/devel/kf5-kauth/files/patch-git_df875f7_CVE-2017-8422 =================================================================== --- head/devel/kf5-kauth/files/patch-git_df875f7_CVE-2017-8422 (nonexistent) +++ head/devel/kf5-kauth/files/patch-git_df875f7_CVE-2017-8422 (revision 440556) @@ -0,0 +1,198 @@ +From df875f725293af53399f5146362eb158b4f9216a Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Wed, 10 May 2017 10:03:45 +0200 +Subject: Verify that whoever is calling us is actually who he says he is + +CVE-2017-8422 +--- + src/AuthBackend.cpp | 5 +++++ + src/AuthBackend.h | 7 +++++++ + src/backends/dbus/DBusHelperProxy.cpp | 27 +++++++++++++++++++++++++-- + src/backends/dbus/DBusHelperProxy.h | 6 +++++- + src/backends/policykit/PolicyKitBackend.cpp | 5 +++++ + src/backends/policykit/PolicyKitBackend.h | 1 + + src/backends/polkit-1/Polkit1Backend.cpp | 5 +++++ + src/backends/polkit-1/Polkit1Backend.h | 1 + + 8 files changed, 54 insertions(+), 3 deletions(-) + +diff --git a/src/AuthBackend.cpp b/src/AuthBackend.cpp +index a41d4f1..a847494 100644 +--- src/AuthBackend.cpp ++++ src/AuthBackend.cpp +@@ -54,6 +54,11 @@ void AuthBackend::setCapabilities(AuthBackend::Capabilities capabilities) + d->capabilities = capabilities; + } + ++AuthBackend::ExtraCallerIDVerificationMethod AuthBackend::extraCallerIDVerificationMethod() const ++{ ++ return NoExtraCallerIDVerificationMethod; ++} ++ + bool AuthBackend::actionExists(const QString &action) + { + Q_UNUSED(action); +diff --git a/src/AuthBackend.h b/src/AuthBackend.h +index c67a706..09195ef 100644 +--- src/AuthBackend.h ++++ src/AuthBackend.h +@@ -43,6 +43,12 @@ public: + }; + Q_DECLARE_FLAGS(Capabilities, Capability) + ++ enum ExtraCallerIDVerificationMethod { ++ NoExtraCallerIDVerificationMethod, ++ VerifyAgainstDBusServiceName, ++ VerifyAgainstDBusServicePid, ++ }; ++ + AuthBackend(); + virtual ~AuthBackend(); + virtual void setupAction(const QString &action) = 0; +@@ -50,6 +56,7 @@ public: + virtual Action::AuthStatus authorizeAction(const QString &action) = 0; + virtual Action::AuthStatus actionStatus(const QString &action) = 0; + virtual QByteArray callerID() const = 0; ++ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; + virtual bool isCallerAuthorized(const QString &action, QByteArray callerID) = 0; + virtual bool actionExists(const QString &action); + +diff --git a/src/backends/dbus/DBusHelperProxy.cpp b/src/backends/dbus/DBusHelperProxy.cpp +index 9c5cb96..3c1c108 100644 +--- src/backends/dbus/DBusHelperProxy.cpp ++++ src/backends/dbus/DBusHelperProxy.cpp +@@ -235,6 +235,29 @@ bool DBusHelperProxy::hasToStopAction() + return m_stopRequest; + } + ++bool DBusHelperProxy::isCallerAuthorized(const QString &action, const QByteArray &callerID) ++{ ++ // Check the caller is really who it says it is ++ switch (BackendsManager::authBackend()->extraCallerIDVerificationMethod()) { ++ case AuthBackend::NoExtraCallerIDVerificationMethod: ++ break; ++ ++ case AuthBackend::VerifyAgainstDBusServiceName: ++ if (message().service().toUtf8() != callerID) { ++ return false; ++ } ++ break; ++ ++ case AuthBackend::VerifyAgainstDBusServicePid: ++ if (connection().interface()->servicePid(message().service()).value() != callerID.toUInt()) { ++ return false; ++ } ++ break; ++ } ++ ++ return BackendsManager::authBackend()->isCallerAuthorized(action, callerID); ++} ++ + QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArray &callerID, QByteArray arguments) + { + if (!responder) { +@@ -259,7 +282,7 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra + QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value(); + timer->stop(); + +- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { ++ if (isCallerAuthorized(action, callerID)) { + QString slotname = action; + if (slotname.startsWith(m_name + QLatin1Char('.'))) { + slotname = slotname.right(slotname.length() - m_name.length() - 1); +@@ -301,7 +324,7 @@ uint DBusHelperProxy::authorizeAction(const QString &action, const QByteArray &c + QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value(); + timer->stop(); + +- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { ++ if (isCallerAuthorized(action, callerID)) { + retVal = static_cast(Action::AuthorizedStatus); + } else { + retVal = static_cast(Action::DeniedStatus); +diff --git a/src/backends/dbus/DBusHelperProxy.h b/src/backends/dbus/DBusHelperProxy.h +index 52b0ac4..82cec5a 100644 +--- src/backends/dbus/DBusHelperProxy.h ++++ src/backends/dbus/DBusHelperProxy.h +@@ -25,12 +25,13 @@ + #include "kauthactionreply.h" + + #include ++#include + #include + + namespace KAuth + { + +-class DBusHelperProxy : public HelperProxy ++class DBusHelperProxy : public HelperProxy, protected QDBusContext + { + Q_OBJECT + Q_PLUGIN_METADATA(IID "org.kde.DBusHelperProxy") +@@ -79,6 +80,9 @@ Q_SIGNALS: + + private Q_SLOTS: + void remoteSignalReceived(int type, const QString &action, QByteArray blob); ++ ++private: ++ bool isCallerAuthorized(const QString &action, const QByteArray &callerID); + }; + + } // namespace Auth +diff --git a/src/backends/policykit/PolicyKitBackend.cpp b/src/backends/policykit/PolicyKitBackend.cpp +index c2b4d42..bf038a8 100644 +--- src/backends/policykit/PolicyKitBackend.cpp ++++ src/backends/policykit/PolicyKitBackend.cpp +@@ -78,6 +78,11 @@ QByteArray PolicyKitBackend::callerID() const + return a; + } + ++AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const ++{ ++ return VerifyAgainstDBusServicePid; ++} ++ + bool PolicyKitBackend::isCallerAuthorized(const QString &action, QByteArray callerID) + { + QDataStream s(&callerID, QIODevice::ReadOnly); +diff --git a/src/backends/policykit/PolicyKitBackend.h b/src/backends/policykit/PolicyKitBackend.h +index eb17a3a..38b0240 100644 +--- src/backends/policykit/PolicyKitBackend.h ++++ src/backends/policykit/PolicyKitBackend.h +@@ -40,6 +40,7 @@ public: + virtual Action::AuthStatus authorizeAction(const QString &); + virtual Action::AuthStatus actionStatus(const QString &); + virtual QByteArray callerID() const; ++ ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const Q_DECL_OVERRIDE; + virtual bool isCallerAuthorized(const QString &action, QByteArray callerID); + + private Q_SLOTS: +diff --git a/src/backends/polkit-1/Polkit1Backend.cpp b/src/backends/polkit-1/Polkit1Backend.cpp +index 78ee5bb..774588c 100644 +--- src/backends/polkit-1/Polkit1Backend.cpp ++++ src/backends/polkit-1/Polkit1Backend.cpp +@@ -162,6 +162,11 @@ QByteArray Polkit1Backend::callerID() const + return QDBusConnection::systemBus().baseService().toUtf8(); + } + ++AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const ++{ ++ return VerifyAgainstDBusServiceName; ++} ++ + bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) + { + PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); +diff --git a/src/backends/polkit-1/Polkit1Backend.h b/src/backends/polkit-1/Polkit1Backend.h +index d7d1e3a..2357892 100644 +--- src/backends/polkit-1/Polkit1Backend.h ++++ src/backends/polkit-1/Polkit1Backend.h +@@ -49,6 +49,7 @@ public: + Action::AuthStatus authorizeAction(const QString &) Q_DECL_OVERRIDE; + Action::AuthStatus actionStatus(const QString &) Q_DECL_OVERRIDE; + QByteArray callerID() const Q_DECL_OVERRIDE; ++ ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const Q_DECL_OVERRIDE; + bool isCallerAuthorized(const QString &action, QByteArray callerID) Q_DECL_OVERRIDE; + bool actionExists(const QString &action) Q_DECL_OVERRIDE; + +-- +cgit v0.11.2 + Property changes on: head/devel/kf5-kauth/files/patch-git_df875f7_CVE-2017-8422 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/x11/kdelibs4/Makefile =================================================================== --- head/x11/kdelibs4/Makefile (revision 440555) +++ head/x11/kdelibs4/Makefile (revision 440556) @@ -1,123 +1,123 @@ # Created by: arved@FreeBSD.org # $FreeBSD$ PORTNAME= kdelibs PORTVERSION= ${KDE4_KDELIBS_VERSION} -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= x11 kde kde-applications MAINTAINER= kde@FreeBSD.org COMMENT= Base set of libraries needed by KDE programs LIB_DEPENDS= libIlmImf.so:graphics/OpenEXR \ libImath-2_2.so.12:graphics/ilmbase \ libjasper.so:graphics/jasper \ libpcre.so:devel/pcre \ libenchant.so:textproc/enchant \ libgif.so:graphics/giflib \ libpng.so:graphics/png \ libhal.so:sysutils/hal \ libqca.so:devel/qca \ libpolkit-qt-core-1.so:sysutils/polkit-qt \ libdbusmenu-qt.so:devel/libdbusmenu-qt \ libstreams.so:deskutils/libstreams BUILD_DEPENDS= docbook-xml>0:textproc/docbook-xml \ ${LOCALBASE}/share/xsl/docbook/html/docbook.xsl:textproc/docbook-xsl RUN_DEPENDS= ${LOCALBASE}/share/icons/hicolor/index.theme:misc/hicolor-icon-theme \ xauth:x11/xauth \ docbook-xml>0:textproc/docbook-xml \ ${LOCALBASE}/share/xsl/docbook/html/docbook.xsl:textproc/docbook-xsl USES= cmake:outsource fam gettext grantlee:4 jpeg kde:4 perl5 \ shared-mime-info shebangfix tar:xz ssl USE_GNOME= libxml2 libxslt USE_KDE= oxygen-icons5 \ attica automoc4 ontologies soprano strigi USE_QT4= corelib dbus declarative designer_build gui \ network opengl phonon qt3support \ qtestlib script sql svg webkit xml \ moc_build qmake_build rcc_build uic_build \ imageformats_run qdbusviewer_run USE_XORG= ice sm x11 xau xcursor xdmcp xext xfixes xft xpm xrender xtst USE_LDCONFIG= yes MAKE_ENV= XDG_CONFIG_HOME=/dev/null CMAKE_ARGS+= -DWITH_ACL:BOOL=Off \ -DWITH_FAM:BOOL=On \ -DWITH_ASPELL:BOOL=Off \ -DWITH_HSPELL:BOOL=Off \ -DWITH_UDev:BOOL=Off \ -DKDE_DISTRIBUTION_TEXT:STRING="${OPSYS}" \ -DKDE_DEFAULT_HOME:STRING=".kde4" # Do not conflict with KDE Frameworks 5 headers: instead of installing kdelibs4 # headers directly into ${LOCALBASE}/include, put them into include/kde4 (this # also applies to all ports depending on kdelibs4 that derive their header # installation location from it). # If we install the headers directly into ${LOCALBASE}/include, with KDE # Frameworks 5 installed it is possible to end up in a situation where the # compiler is passed this: # -I${LOCALBASE}/include -I${LOCALBASE}/KF5 # which in turn leads to kdelibs4 headers with the same name being used instead # of the KF5 ones, possibly breaking the build. CMAKE_ARGS+= -DINCLUDE_INSTALL_DIR:PATH="${KDE_PREFIX}/include/kde4" SHEBANG_FILES= kdecore/kconfig_compiler/checkkcfg.pl \ kdeui/preparetips \ khtml/bindings/scripts/generate-bindings.pl \ kio/misc/fileshareset \ kio/useragent.pl \ kio/proxytype.pl \ kioslave/http/kcookiejar/kcookiescfg.pl OPTIONS_DEFINE= AVAHI UPNP OPTIONS_DEFAULT=AVAHI AVAHI_LIB_DEPENDS= libavahi-core.so:net/avahi-app UPNP_DESC= UPnP backend for Solid (WARNING: Unstable) UPNP_LIB_DEPENDS= libHUpnp.so:net/hupnp UPNP_CMAKE_ON= -DHUPNP_ENABLED:BOOL=On post-patch: ${REINPLACE_CMD} -e 's,/usr/local,${LOCALBASE},g' \ ${PATCH_WRKSRC}/kde3support/kdeui/k3sconfig.cpp \ ${PATCH_WRKSRC}/kdecore/network/k3socks.cpp \ ${PATCH_WRKSRC}/kdecore/kernel/kstandarddirs.cpp \ ${PATCH_WRKSRC}/kdeui/dialogs/kcupsoptionswidget_p.cpp \ ${PATCH_WRKSRC}/kdeui/kernel/start-session-bus.sh \ ${PATCH_WRKSRC}/kio/kssl/kopenssl.cpp \ ${PATCH_WRKSRC}/kio/kio/ksambashare.cpp \ ${PATCH_WRKSRC}/kjsembed/qtonly/FindQJSInternal.cmake # Fix rgb named colors database path. ${REINPLACE_CMD} -e 's|/usr/X11R6|${LOCALBASE}|g' \ ${PATCH_WRKSRC}/kdeui/colors/kcolordialog.cpp pre-configure: ${REINPLACE_CMD} -e 's|/usr/local|${LOCALBASE}|g' \ -e 's|/usr/X11R6|${LOCALBASE}|g' \ ${PATCH_WRKSRC}/cmake/modules/*.cmake \ ${PATCH_WRKSRC}/ConfigureChecks.cmake \ ${PATCH_WRKSRC}/doc/api/doxygen.sh ${REINPLACE_CMD} -e 's|/usr/include|${LOCALBASE}/include|g' \ ${PATCH_WRKSRC}/cmake/modules/FindDNSSD.cmake ${REINPLACE_CMD} -e 's|soprano/cmake|cmake/Modules|g' \ ${PATCH_WRKSRC}/cmake/modules/FindSoprano.cmake # FindBerkeleyDB.cmake should be rewritten to support multiple version # provided by ports, instead of hardcoding one of them # ${REINPLACE_CMD} -e 's|/usr/local/include/db4|${BDB_INCLUDE_DIR}|' \ # -e 's|NAMES db|NAMES ${BDB_LIB_NAME} ${LOCALBASE}/lib|' \ # ${PATCH_WRKSRC}/cmake/modules/FindBerkeleyDB.cmake # When XSync (xext) is found, xscreensaver is just used as a fallback, # then we can disable it. ${REINPLACE_CMD} -e '/macro_bool_to_01/ s|^.*X11_Xscreensaver.*$$|set(HAVE_XSCREENSAVER 0)|' \ ${PATCH_WRKSRC}/CMakeLists.txt post-install: # workaround for non-standard mime files and directories ${MKDIR} ${STAGEDIR}/${PREFIX}/share/mime/all \ ${STAGEDIR}/${PREFIX}/share/mime/uri .include Index: head/x11/kdelibs4/files/patch-git_264e976_CVE-2017-8422 =================================================================== --- head/x11/kdelibs4/files/patch-git_264e976_CVE-2017-8422 (nonexistent) +++ head/x11/kdelibs4/files/patch-git_264e976_CVE-2017-8422 (revision 440556) @@ -0,0 +1,200 @@ +From 264e97625abe2e0334f97de17f6ffb52582888ab Mon Sep 17 00:00:00 2001 +From: Albert Ast/.als Cid +Date: Wed, 10 May 2017 10:06:07 +0200 +Subject: Verify that whoever is calling us is actually who he says he is + +CVE-2017-8422 +--- + kdecore/auth/AuthBackend.cpp | 5 ++++ + kdecore/auth/AuthBackend.h | 7 ++++++ + kdecore/auth/backends/dbus/DBusHelperProxy.cpp | 27 ++++++++++++++++++++-- + kdecore/auth/backends/dbus/DBusHelperProxy.h | 6 ++++- + .../auth/backends/policykit/PolicyKitBackend.cpp | 5 ++++ + kdecore/auth/backends/policykit/PolicyKitBackend.h | 1 + + kdecore/auth/backends/polkit-1/Polkit1Backend.cpp | 5 ++++ + kdecore/auth/backends/polkit-1/Polkit1Backend.h | 1 + + 8 files changed, 54 insertions(+), 3 deletions(-) + +diff --git a/kdecore/auth/AuthBackend.cpp b/kdecore/auth/AuthBackend.cpp +index c953b81..0ba4650 100644 +--- kdecore/auth/AuthBackend.cpp ++++ kdecore/auth/AuthBackend.cpp +@@ -54,6 +54,11 @@ void AuthBackend::setCapabilities(AuthBackend::Capabilities capabilities) + d->capabilities = capabilities; + } + ++AuthBackend::ExtraCallerIDVerificationMethod AuthBackend::extraCallerIDVerificationMethod() const ++{ ++ return NoExtraCallerIDVerificationMethod; ++} ++ + bool AuthBackend::actionExists(const QString& action) + { + Q_UNUSED(action); +diff --git a/kdecore/auth/AuthBackend.h b/kdecore/auth/AuthBackend.h +index a86732e..6f4b1bc 100644 +--- kdecore/auth/AuthBackend.h ++++ kdecore/auth/AuthBackend.h +@@ -43,6 +43,12 @@ public: + }; + Q_DECLARE_FLAGS(Capabilities, Capability) + ++ enum ExtraCallerIDVerificationMethod { ++ NoExtraCallerIDVerificationMethod, ++ VerifyAgainstDBusServiceName, ++ VerifyAgainstDBusServicePid, ++ }; ++ + AuthBackend(); + virtual ~AuthBackend(); + virtual void setupAction(const QString &action) = 0; +@@ -50,6 +56,7 @@ public: + virtual Action::AuthStatus authorizeAction(const QString &action) = 0; + virtual Action::AuthStatus actionStatus(const QString &action) = 0; + virtual QByteArray callerID() const = 0; ++ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; + virtual bool isCallerAuthorized(const QString &action, QByteArray callerID) = 0; + virtual bool actionExists(const QString &action); + +diff --git a/kdecore/auth/backends/dbus/DBusHelperProxy.cpp b/kdecore/auth/backends/dbus/DBusHelperProxy.cpp +index 9557a0f..ca59f1c 100644 +--- kdecore/auth/backends/dbus/DBusHelperProxy.cpp ++++ kdecore/auth/backends/dbus/DBusHelperProxy.cpp +@@ -271,6 +271,29 @@ void DBusHelperProxy::performActions(QByteArray blob, const QByteArray &callerID + } + } + ++bool DBusHelperProxy::isCallerAuthorized(const QString &action, const QByteArray &callerID) ++{ ++ // Check the caller is really who it says it is ++ switch (BackendsManager::authBackend()->extraCallerIDVerificationMethod()) { ++ case AuthBackend::NoExtraCallerIDVerificationMethod: ++ break; ++ ++ case AuthBackend::VerifyAgainstDBusServiceName: ++ if (message().service().toUtf8() != callerID) { ++ return false; ++ } ++ break; ++ ++ case AuthBackend::VerifyAgainstDBusServicePid: ++ if (connection().interface()->servicePid(message().service()).value() != callerID.toUInt()) { ++ return false; ++ } ++ break; ++ } ++ ++ return BackendsManager::authBackend()->isCallerAuthorized(action, callerID); ++} ++ + QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArray &callerID, QByteArray arguments) + { + if (!responder) { +@@ -295,7 +318,7 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra + QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value(); + timer->stop(); + +- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { ++ if (isCallerAuthorized(action, callerID)) { + QString slotname = action; + if (slotname.startsWith(m_name + QLatin1Char('.'))) { + slotname = slotname.right(slotname.length() - m_name.length() - 1); +@@ -338,7 +361,7 @@ uint DBusHelperProxy::authorizeAction(const QString& action, const QByteArray& c + QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value(); + timer->stop(); + +- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { ++ if (isCallerAuthorized(action, callerID)) { + retVal = static_cast(Action::Authorized); + } else { + retVal = static_cast(Action::Denied); +diff --git a/kdecore/auth/backends/dbus/DBusHelperProxy.h b/kdecore/auth/backends/dbus/DBusHelperProxy.h +index 455cf51..264f6cc 100644 +--- kdecore/auth/backends/dbus/DBusHelperProxy.h ++++ kdecore/auth/backends/dbus/DBusHelperProxy.h +@@ -21,6 +21,7 @@ + #ifndef DBUS_HELPER_PROXY_H + #define DBUS_HELPER_PROXY_H + ++#include + #include + #include "HelperProxy.h" + #include "kauthactionreply.h" +@@ -28,7 +29,7 @@ + namespace KAuth + { + +-class DBusHelperProxy : public HelperProxy ++class DBusHelperProxy : public HelperProxy, protected QDBusContext + { + Q_OBJECT + Q_INTERFACES(KAuth::HelperProxy) +@@ -73,6 +74,9 @@ signals: + + private slots: + void remoteSignalReceived(int type, const QString &action, QByteArray blob); ++ ++private: ++ bool isCallerAuthorized(const QString &action, const QByteArray &callerID); + }; + + } // namespace Auth +diff --git a/kdecore/auth/backends/policykit/PolicyKitBackend.cpp b/kdecore/auth/backends/policykit/PolicyKitBackend.cpp +index 3be97f2..9d041d1 100644 +--- kdecore/auth/backends/policykit/PolicyKitBackend.cpp ++++ kdecore/auth/backends/policykit/PolicyKitBackend.cpp +@@ -78,6 +78,11 @@ QByteArray PolicyKitBackend::callerID() const + return a; + } + ++AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const ++{ ++ return VerifyAgainstDBusServicePid; ++} ++ + bool PolicyKitBackend::isCallerAuthorized(const QString &action, QByteArray callerID) + { + QDataStream s(&callerID, QIODevice::ReadOnly); +diff --git a/kdecore/auth/backends/policykit/PolicyKitBackend.h b/kdecore/auth/backends/policykit/PolicyKitBackend.h +index 7154e93..0d3d8f9 100644 +--- kdecore/auth/backends/policykit/PolicyKitBackend.h ++++ kdecore/auth/backends/policykit/PolicyKitBackend.h +@@ -40,6 +40,7 @@ public: + virtual Action::AuthStatus authorizeAction(const QString&); + virtual Action::AuthStatus actionStatus(const QString&); + virtual QByteArray callerID() const; ++ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; + virtual bool isCallerAuthorized(const QString &action, QByteArray callerID); + + private Q_SLOTS: +diff --git a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp +index 732d2cb..63c0e1e 100644 +--- kdecore/auth/backends/polkit-1/Polkit1Backend.cpp ++++ kdecore/auth/backends/polkit-1/Polkit1Backend.cpp +@@ -163,6 +163,11 @@ QByteArray Polkit1Backend::callerID() const + return QDBusConnection::systemBus().baseService().toUtf8(); + } + ++AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const ++{ ++ return VerifyAgainstDBusServiceName; ++} ++ + bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) + { + PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); +diff --git a/kdecore/auth/backends/polkit-1/Polkit1Backend.h b/kdecore/auth/backends/polkit-1/Polkit1Backend.h +index 18ed1a2..d579da2 100644 +--- kdecore/auth/backends/polkit-1/Polkit1Backend.h ++++ kdecore/auth/backends/polkit-1/Polkit1Backend.h +@@ -48,6 +48,7 @@ public: + virtual Action::AuthStatus authorizeAction(const QString&); + virtual Action::AuthStatus actionStatus(const QString&); + virtual QByteArray callerID() const; ++ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; + virtual bool isCallerAuthorized(const QString &action, QByteArray callerID); + virtual bool actionExists(const QString& action); + +-- +cgit v0.11.2 + Property changes on: head/x11/kdelibs4/files/patch-git_264e976_CVE-2017-8422 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property