From 241fc7257af2730947e7a5ee3d35868eb8e95cbd Mon Sep 17 00:00:00 2001
From: Eric Hameleers <alien@slackware.com>
Date: Wed, 10 Feb 2016 12:14:01 +0100
Subject: Plasma: apply a patch to kscreenlocker to address CVE-2016-2312.

Turning all screens off while the lock screen is shown can result in
the screen being unlocked when turning a screen on again.
See also https://www.kde.org/info/security/advisory-20160209-1.txt
---
 kde/build/kscreenlocker                            |  1 +
 kde/patch/kscreenlocker.patch                      |  4 +++
 .../kscreenlocker_CVE-2016-2312.patch              | 36 ++++++++++++++++++++++
 3 files changed, 41 insertions(+)
 create mode 100644 kde/build/kscreenlocker
 create mode 100644 kde/patch/kscreenlocker.patch
 create mode 100644 kde/patch/kscreenlocker/kscreenlocker_CVE-2016-2312.patch

(limited to 'kde')

diff --git a/kde/build/kscreenlocker b/kde/build/kscreenlocker
new file mode 100644
index 0000000..0cfbf08
--- /dev/null
+++ b/kde/build/kscreenlocker
@@ -0,0 +1 @@
+2
diff --git a/kde/patch/kscreenlocker.patch b/kde/patch/kscreenlocker.patch
new file mode 100644
index 0000000..e1beada
--- /dev/null
+++ b/kde/patch/kscreenlocker.patch
@@ -0,0 +1,4 @@
+# KDEBUG #358125, also CVE-2016-2312 (fixed in Plasma 5.5.5):
+# Dont quit the Greeter when last window closes.
+cat $CWD/patch/kscreenlocker/kscreenlocker_CVE-2016-2312.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+
diff --git a/kde/patch/kscreenlocker/kscreenlocker_CVE-2016-2312.patch b/kde/patch/kscreenlocker/kscreenlocker_CVE-2016-2312.patch
new file mode 100644
index 0000000..492ef80
--- /dev/null
+++ b/kde/patch/kscreenlocker/kscreenlocker_CVE-2016-2312.patch
@@ -0,0 +1,36 @@
+From: Martin Gräßlin <mgraesslin@kde.org>
+Date: Fri, 05 Feb 2016 09:30:19 +0000
+Subject: [greeter] Dont quit when last window closes
+X-Git-Url: http://quickgit.kde.org/?p=kscreenlocker.git&a=commitdiff&h=fae65f1cdd6446042b31ccd0eafd7a4c0b6623e3
+---
+[greeter] Dont quit when last window closes
+
+Qt allows to have no screens. If all XRandR screens are disconnected
+there are also no QScreens. This is from an X11 perspective wrong, but
+we have to deal with it. No QScreens means that all views are destroyed
+and no new ones are created. Thus all windows close and the greeter
+exited successfully which in turn unlocked the screen.
+
+This change ensures that the greeter doesn't exit when all windows close.
+
+Funnily this was not a problem with the well known issue of Qt
+crashing when all screens are disconnected. The lock screen handles
+crashes gracefully and just restarts or more likely Qt also crashes
+the application using KSld and thus taking down the complete session.
+
+BUG: 358125
+FIXED-IN: 5.5.5
+---
+
+
+--- a/greeter/main.cpp
++++ b/greeter/main.cpp
+@@ -59,6 +59,7 @@
+         qputenv("QT_IM_MODULE", QByteArrayLiteral("compose"));
+     }
+     ScreenLocker::UnlockApp app(argc, argv);
++    app.setQuitOnLastWindowClosed(false);
+     QCoreApplication::setApplicationName(QStringLiteral("kscreenlocker_greet"));
+     QCoreApplication::setApplicationVersion(QStringLiteral("0.1"));
+     QCoreApplication::setOrganizationDomain(QStringLiteral("kde.org"));
+
-- 
cgit v1.2.3