Summary: | <x11-misc/sddm-0.10.0: privilege escalation | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | alex_y_xu, jauhien, lxqt, nucrap |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1148659 | ||
See Also: | https://github.com/sddm/sddm/issues/283 | ||
Whiteboard: | ~1 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 454132 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2014-10-03 15:54:08 UTC
Reported upstream Masked until upstream solves this problem. sddm-0.10.0 released excerpt from release notes: *BACKWARDS INCOMPATIBLE: Drop support for Qt 4. *BACKWARDS INCOMPATIBLE: SDDM now prioritizes loading sessions with a .desktop $ *SECURITY: Never try to login as the sddm user (CVE-2014-7271) *SECURITY: Fix race condition in XAUTHORITY file generation (CVE-2014-7272) *SECURITY: XAUTHORITY file is no longer owned by root --- sddm-0.9.0-r1.ebuild +++ sddm-0.10.0.ebuild @@ -12,24 +12,17 @@ LICENSE="GPL-2+ MIT CC-BY-3.0 public-domain" SLOT="0" -IUSE="consolekit +qt4 qt5 systemd +upower" -REQUIRED_USE="?? ( upower systemd ) - ^^ ( qt4 qt5 )" +IUSE="consolekit systemd +upower" +REQUIRED_USE="?? ( upower systemd )" -RDEPEND="sys-libs/pam +RDEPEND="dev-qt/qtcore:5 + dev-qt/qtdbus:5 + dev-qt/qtdeclarative:5 + dev-qt/linguist-tools:5 + dev-qt/qttest:5 + sys-libs/pam >=x11-base/xorg-server-1.15.1 x11-libs/libxcb[xkb(-)] - qt4? ( - dev-qt/qtcore:4 - dev-qt/qtdbus:4 - dev-qt/qtdeclarative:4 - dev-qt/qttest:4 ) - qt5? ( - dev-qt/qtcore:5 - dev-qt/qtdbus:5 - dev-qt/qtdeclarative:5 - dev-qt/linguist-tools:5 - dev-qt/qttest:5 ) systemd? ( sys-apps/systemd:= ) upower? ( || ( sys-power/upower sys-power/upower-pm-utils ) )" DEPEND="${RDEPEND} @@ -44,8 +37,8 @@ } src_prepare() { - use consolekit && epatch "${FILESDIR}/${P}-consolekit.patch" - use upower && epatch "${FILESDIR}/${P}-upower.patch" + # use consolekit && epatch "${FILESDIR}/${P}-consolekit.patch" + # use upower && epatch "${FILESDIR}/${P}-upower.patch" # respect user's cflags sed -e 's|-Wall -march=native||' \ @@ -55,7 +48,7 @@ src_configure() { local mycmakeargs=( - $(cmake-utils_use_use qt5 QT5) + -DUSE_QT5=ON $(cmake-utils_use_no systemd SYSTEMD) ) cmake-utils_src_configure --- sddm-0.9.0-r1.ebuild 2014-10-17 12:41:40.840065291 +0200 +++ sddm-0.10.0.ebuild 2014-10-17 12:59:02.912531522 +0200 @@ -12,24 +12,17 @@ LICENSE="GPL-2+ MIT CC-BY-3.0 public-domain" SLOT="0" -IUSE="consolekit +qt4 qt5 systemd +upower" -REQUIRED_USE="?? ( upower systemd ) - ^^ ( qt4 qt5 )" +IUSE="consolekit systemd +upower" +REQUIRED_USE="?? ( upower systemd )" -RDEPEND="sys-libs/pam +RDEPEND="dev-qt/qtcore:5 + dev-qt/qtdbus:5 + dev-qt/qtdeclarative:5 + dev-qt/linguist-tools:5 + dev-qt/qttest:5 + sys-libs/pam >=x11-base/xorg-server-1.15.1 x11-libs/libxcb[xkb(-)] - qt4? ( - dev-qt/qtcore:4 - dev-qt/qtdbus:4 - dev-qt/qtdeclarative:4 - dev-qt/qttest:4 ) - qt5? ( - dev-qt/qtcore:5 - dev-qt/qtdbus:5 - dev-qt/qtdeclarative:5 - dev-qt/linguist-tools:5 - dev-qt/qttest:5 ) systemd? ( sys-apps/systemd:= ) upower? ( || ( sys-power/upower sys-power/upower-pm-utils ) )" DEPEND="${RDEPEND} @@ -45,7 +38,6 @@ src_prepare() { use consolekit && epatch "${FILESDIR}/${P}-consolekit.patch" - use upower && epatch "${FILESDIR}/${P}-upower.patch" # respect user's cflags sed -e 's|-Wall -march=native||' \ @@ -55,7 +47,7 @@ src_configure() { local mycmakeargs=( - $(cmake-utils_use_use qt5 QT5) + -DUSE_QT5=ON $(cmake-utils_use_no systemd SYSTEMD) ) cmake-utils_src_configure first diff is obsolete! *** Bug 525774 has been marked as a duplicate of this bug. *** Version bumped. Please, test if this isuue: https://github.com/sddm/sddm/issues/277 exists for you. Maked until QT5 is unmasked. no respective issues here; gcc 4.8.3, openrc, amd64 no-multilib, -mtune=generic -O2 -pipe Unmasked together with Qt5. I believe this issue has been resolved as <=0.10.0 have been dropped from the tree. |