diff options
Diffstat (limited to '')
-rw-r--r-- | kde/patch/kdeplasma-addons.patch | 4 | ||||
-rw-r--r-- | kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch | 76 |
2 files changed, 0 insertions, 80 deletions
diff --git a/kde/patch/kdeplasma-addons.patch b/kde/patch/kdeplasma-addons.patch deleted file mode 100644 index 8c997b2..0000000 --- a/kde/patch/kdeplasma-addons.patch +++ /dev/null @@ -1,4 +0,0 @@ -# CVE 2013-2120: paste widget "password" generator uses insecure randomness: -# Fixed in KDE 4.11. -#cat $CWD/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } - diff --git a/kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch b/kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch deleted file mode 100644 index 7a394a5..0000000 --- a/kde/patch/kdeplasma-addons/random_generator_cve-2013-2120.patch +++ /dev/null @@ -1,76 +0,0 @@ -From: Aaron Seigo <aseigo@kde.org> -Date: Mon, 03 Jun 2013 17:16:32 +0000 -Subject: use KRandom, avoid modulo bias -X-Git-Url: http://quickgit.kde.org/?p=kdeplasma-addons.git&a=commitdiff&h=36a1fe49cb70f717c4a6e9eeee2c9186503a8dce ---- -use KRandom, avoid modulo bias ---- - - ---- a/applets/paste/pastemacroexpander.cpp -+++ b/applets/paste/pastemacroexpander.cpp -@@ -27,6 +27,7 @@ - #include <KDebug> - #include <KLocale> - #include <KMessageBox> -+#include <KRandom> - - class PasteMacroExpanderSingleton - { -@@ -142,35 +143,49 @@ - << "01234567890" - << "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~"; - -- int charCount; -+ int charCount = 8; - QString chars; - QString result; - - if (a.count() > 0) { -- charCount = qMax(a[0].trimmed().toInt(), 1); -- } else { -- charCount = 8; -+ charCount = qMax(a[0].trimmed().toInt(), 8); - } -+ - if (a.count() < 2) { - chars = characterSets.join(""); - } -+ - if (a.count() > 1) { - chars += (a[1].trimmed() == "true") ? characterSets[0] : ""; - } -+ - if (a.count() > 2) { - chars += (a[2].trimmed() == "true") ? characterSets[1] : ""; - } -+ - if (a.count() > 3) { - chars += (a[3].trimmed() == "true") ? characterSets[2] : ""; - } -+ - if (a.count() > 4) { - chars += (a[4].trimmed() == "true") ? characterSets[3] : ""; - } - -- QDateTime now = QDateTime::currentDateTime(); -- qsrand(now.toTime_t() / now.time().msec()); -+ const int setSize = chars.count(); -+ const int top = (RAND_MAX / setSize) * setSize; -+ kDebug() << "topping out at " << setSize << RAND_MAX << top; - for (int i = 0; i < charCount; ++i) { -- result += chars[qrand() % chars.count()]; -+ // to prevent modulo bias, discard random numbers at the -+ // 'top end' of INT_MAX -+ int rand = -1; -+ do { -+ if (rand > 0) { -+ kDebug() << "Ha!" << rand; -+ } -+ rand = KRandom::random(); -+ } while (rand >= top); -+ -+ result += chars[rand % setSize]; - } - //kDebug() << result; - return result; |