From b10b19ab1f8fb85673011d7f37f6cf1a6ab4bb2e Mon Sep 17 00:00:00 2001
From: Jauhien Piatlicki <jauhien@gentoo.org>
Date: Fri, 16 Oct 2015 22:11:57 +0200
Subject: x11-misc/sddm: fix CVE-2015-0856

x11-misc/sddm does not prevent access to the KDE crash handler

Gentoo-Bug: 563108

Package-Manager: portage-2.2.20.1
---
 .../sddm/files/sddm-0.12.0-CVE-2015-0856.patch     | 34 ++++++++++++++++++++++
 x11-misc/sddm/sddm-0.11.0-r3.ebuild                |  4 +--
 x11-misc/sddm/sddm-0.12.0.ebuild                   |  3 +-
 3 files changed, 38 insertions(+), 3 deletions(-)
 create mode 100644 x11-misc/sddm/files/sddm-0.12.0-CVE-2015-0856.patch

(limited to 'x11-misc/sddm')

diff --git a/x11-misc/sddm/files/sddm-0.12.0-CVE-2015-0856.patch b/x11-misc/sddm/files/sddm-0.12.0-CVE-2015-0856.patch
new file mode 100644
index 00000000000..7ae67735dd2
--- /dev/null
+++ b/x11-misc/sddm/files/sddm-0.12.0-CVE-2015-0856.patch
@@ -0,0 +1,34 @@
+commit 4cfed6b0a625593fb43876f04badc4dd99799d86
+Author: David Edmundson <kde@davidedmundson.co.uk>
+Date:   Wed Oct 14 00:08:59 2015 +0100
+
+    Disable greeters from loading KDE's debug hander
+    
+    Some themes may use KDE components which will automatically load KDE's
+    crash handler.
+    
+    If the greeter were to then somehow crash, that would leave a crash
+    handler allowing other actions, albeit as the locked down SDDM user.
+    
+    Only SDDM users using the breeze theme from plasma-workspace are
+    affected. Safest and simplest fix is to handle this inside SDDM
+    disabling kcrash via an environment variable for all future themes that
+    may use these libraries.
+    
+    CVE-2015-0856
+
+diff --git a/src/daemon/Greeter.cpp b/src/daemon/Greeter.cpp
+index 68c4dc3..8c936b7 100644
+--- a/src/daemon/Greeter.cpp
++++ b/src/daemon/Greeter.cpp
+@@ -145,6 +145,10 @@ namespace SDDM {
+             env.insert(QStringLiteral("XDG_VTNR"), QString::number(m_display->terminalId()));
+             env.insert(QStringLiteral("XDG_SESSION_CLASS"), QStringLiteral("greeter"));
+             env.insert(QStringLiteral("XDG_SESSION_TYPE"), m_display->sessionType());
++
++            //some themes may use KDE components and that will automatically load KDE's crash handler which we don't want
++            //counterintuitively setting this env disables that handler
++            env.insert(QStringLiteral("KDE_DEBUG"), QStringLiteral("1"));
+             m_auth->insertEnvironment(env);
+ 
+             // log message
diff --git a/x11-misc/sddm/sddm-0.11.0-r3.ebuild b/x11-misc/sddm/sddm-0.11.0-r3.ebuild
index 32fd737e7ea..6c5dac9372f 100644
--- a/x11-misc/sddm/sddm-0.11.0-r3.ebuild
+++ b/x11-misc/sddm/sddm-0.11.0-r3.ebuild
@@ -38,8 +38,8 @@ pkg_pretend() {
 src_prepare() {
 	use consolekit && epatch "${FILESDIR}/${P}-consolekit.patch"
 	use !systemd && epatch "${FILESDIR}/${PN}-0.10.0-upower.patch"
-	# fix bug 552318
-	epatch "${FILESDIR}/${P}-dbus-config.patch"
+	# fix bug 552318 and bug 563108
+	epatch "${FILESDIR}/${P}-dbus-config.patch" "${FILESDIR}/${PN}-0.12.0-CVE-2015-0856.patch"
 
 	# respect user's cflags
 	sed -e 's|-Wall -march=native||' \
diff --git a/x11-misc/sddm/sddm-0.12.0.ebuild b/x11-misc/sddm/sddm-0.12.0.ebuild
index 14af057498d..0acdabc921a 100644
--- a/x11-misc/sddm/sddm-0.12.0.ebuild
+++ b/x11-misc/sddm/sddm-0.12.0.ebuild
@@ -43,7 +43,8 @@ pkg_pretend() {
 src_prepare() {
 	cmake-utils_src_prepare
 
-	epatch "${FILESDIR}/${P}-respect-user-flags.patch"
+	# fix for flags handling and bug 563108
+	epatch "${FILESDIR}/${P}-respect-user-flags.patch" "${FILESDIR}/${P}-CVE-2015-0856.patch"
 	use consolekit && epatch "${FILESDIR}/${PN}-0.11.0-consolekit.patch"
 }
 
-- 
cgit v1.2.1