commit: d35f109306617f42f57b31169cdf2a6797850297 Author: Michael Palimaka <kensington <AT> gentoo <DOT> org> AuthorDate: Thu Sep 29 16:34:24 2016 +0000 Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org> CommitDate: Thu Sep 29 16:36:31 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d35f1093
kde-plasma/kde-cli-tools: backport patch from upstream to resolve CVE-2016-7787 Gentoo-bug: 595534 Package-Manager: portage-2.3.1 .../files/kde-cli-tools-5.6.5-CVE-2016-7787.patch | 44 +++++++++++++++ .../kde-cli-tools/kde-cli-tools-5.6.5-r1.ebuild | 62 ++++++++++++++++++++++ 2 files changed, 106 insertions(+) diff --git a/kde-plasma/kde-cli-tools/files/kde-cli-tools-5.6.5-CVE-2016-7787.patch b/kde-plasma/kde-cli-tools/files/kde-cli-tools-5.6.5-CVE-2016-7787.patch new file mode 100644 index 00000000..cce11d8 --- /dev/null +++ b/kde-plasma/kde-cli-tools/files/kde-cli-tools-5.6.5-CVE-2016-7787.patch @@ -0,0 +1,44 @@ +From 5eda179a099ba68a20dc21dc0da63e85a565a171 Mon Sep 17 00:00:00 2001 +From: Martin Sandsmark <[email protected]> +Date: Fri, 9 Sep 2016 09:05:57 +0200 +Subject: [PATCH] Make sure people are not trying to sneak invisible characters + on the kdesu label + +i18n: Sorry for the new string + +CCMAIL: [email protected] +--- + kdesu/kdesu.cpp | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/kdesu/kdesu.cpp b/kdesu/kdesu.cpp +index b7a66a2..b0efbc7 100644 +--- a/kdesu/kdesu.cpp ++++ b/kdesu/kdesu.cpp +@@ -162,6 +162,10 @@ int main(int argc, char *argv[]) + { + KMessageBox::sorry(0, i18n("Cannot execute command '%1'.", QString::fromLocal8Bit(command))); + } ++ if (result == -2) ++ { ++ KMessageBox::sorry(0, i18n("Cannot execute command '%1'. It contains invalid characters.", QString::fromLocal8Bit(command))); ++ } + + return result; + } +@@ -387,6 +391,12 @@ static int startApp(QCommandLineParser& p) + qDebug() << "Don't need password!!\n"; + } + ++ for (const QChar character : QString::fromLocal8Bit(command)) { ++ if (!character.isPrint() && character.category() != QChar::Other_Surrogate) { ++ return -2; ++ } ++ } ++ + // Start the dialog + QString password; + if (needpw) +-- +2.7.3 + diff --git a/kde-plasma/kde-cli-tools/kde-cli-tools-5.6.5-r1.ebuild b/kde-plasma/kde-cli-tools/kde-cli-tools-5.6.5-r1.ebuild new file mode 100644 index 00000000..67d1dde --- /dev/null +++ b/kde-plasma/kde-cli-tools/kde-cli-tools-5.6.5-r1.ebuild @@ -0,0 +1,62 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +KDE_HANDBOOK="true" +KDE_TEST="true" +VIRTUALX_REQUIRED="test" +inherit kde5 + +DESCRIPTION="Tools based on KDE Frameworks 5 to better interact with the system" +HOMEPAGE="https://projects.kde.org/projects/kde/workspace/kde-cli-tools"; +KEYWORDS="~amd64 ~arm ~x86" +IUSE="+kdesu X" + +DEPEND=" + $(add_frameworks_dep kcmutils) + $(add_frameworks_dep kcompletion) + $(add_frameworks_dep kconfig) + $(add_frameworks_dep kconfigwidgets) + $(add_frameworks_dep kcoreaddons) + $(add_frameworks_dep ki18n) + $(add_frameworks_dep kiconthemes) + $(add_frameworks_dep kio) + $(add_frameworks_dep kservice) + $(add_frameworks_dep kwidgetsaddons) + $(add_frameworks_dep kwindowsystem) + $(add_qt_dep qtdbus) + $(add_qt_dep qtgui) + $(add_qt_dep qtsvg) + $(add_qt_dep qtwidgets) + kdesu? ( $(add_frameworks_dep kdesu) ) + X? ( + $(add_frameworks_dep kdelibs4support) + $(add_qt_dep qtx11extras) + x11-libs/libX11 + ) +" +RDEPEND="${DEPEND} + handbook? ( !kde-apps/kdesu[handbook] ) +" + +# requires running kde environment +RESTRICT="test" + +PATCHES=( "${FILESDIR}/${P}-CVE-2016-7787.patch" ) + +src_configure() { + local mycmakeargs=( + $(cmake-utils_use_find_package kdesu KF5Su) + $(cmake-utils_use_find_package X KF5KDELibs4Support) + $(cmake-utils_use_find_package X Qt5X11Extras) + ) + + kde5_src_configure +} + +src_install() { + kde5_src_install + use kdesu && dosym /usr/$(get_libdir)/libexec/kf5/kdesu /usr/bin/kdesu5 +}
