forked from gentoo/gentoo
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
lxde-base/menu-cache: fix against CVE-2017-8933.
Package-Manager: Portage-2.3.13, Repoman-2.3.3 Bug: https://bugs.gentoo.org/618620 Closes: gentoo#5355
- Loading branch information
Showing
2 changed files
with
144 additions
and
0 deletions.
There are no files selected for viewing
122 changes: 122 additions & 0 deletions
122
lxde-base/menu-cache/files/menu-cache-1.0.2-CVE-2017-8933.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,122 @@ | ||
diff --git a/NEWS b/NEWS | ||
index dcc572a..6177e9d 100644 | ||
--- a/NEWS | ||
+++ b/NEWS | ||
@@ -1,3 +1,12 @@ | ||
+* Fixed crash with invalid <Name> tag in a menu. | ||
+ | ||
+* Added new API menu_cache_app_get_generic_name() to get generic | ||
+ name for application. | ||
+ | ||
+* Fixed potential access violation, use runtime user dir instead of tmp dir. | ||
+ It limits libmenu-cache compatibility to menu-cached >= 0.7.0. | ||
+ | ||
+ | ||
Changes in 1.0.2 since 1.0.1: | ||
|
||
* Fixed crash in menu-cached if cache regeneration fails. | ||
diff --git a/libmenu-cache/menu-cache.c b/libmenu-cache/menu-cache.c | ||
index 3bc9cfc..d914127 100644 | ||
--- a/libmenu-cache/menu-cache.c | ||
+++ b/libmenu-cache/menu-cache.c | ||
@@ -3,7 +3,7 @@ | ||
* | ||
* Copyright 2008 PCMan <[email protected]> | ||
* Copyright 2009 Jürgen Hötzel <[email protected]> | ||
- * Copyright 2012-2015 Andriy Grytsenko (LStranger) <[email protected]> | ||
+ * Copyright 2012-2017 Andriy Grytsenko (LStranger) <[email protected]> | ||
* | ||
* This library is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU Lesser General Public | ||
@@ -1234,6 +1234,22 @@ gboolean menu_cache_dir_is_visible(MenuCacheDir *dir) | ||
} | ||
|
||
/** | ||
+ * menu_cache_app_get_generic_name | ||
+ * @app: a menu cache item | ||
+ * | ||
+ * Retrieves generic name for @app. Returned data are owned by menu | ||
+ * cache and should not be freed by caller. | ||
+ * | ||
+ * Returns: (transfer none): app's generic name or %NULL. | ||
+ * | ||
+ * Since: 1.0.3 | ||
+ */ | ||
+const char* menu_cache_app_get_generic_name( MenuCacheApp* app ) | ||
+{ | ||
+ return app->generic_name; | ||
+} | ||
+ | ||
+/** | ||
* menu_cache_app_get_exec | ||
* @app: a menu cache item | ||
* | ||
@@ -1522,8 +1538,13 @@ static void get_socket_name( char* buf, int len ) | ||
if(*p) | ||
*p = '\0'; | ||
} | ||
+#if GLIB_CHECK_VERSION(2, 28, 0) | ||
+ g_snprintf( buf, len, "%s/menu-cached-%s", g_get_user_runtime_dir(), | ||
+ dpy ? dpy : ":0" ); | ||
+#else | ||
g_snprintf( buf, len, "%s/.menu-cached-%s-%s", g_get_tmp_dir(), | ||
dpy ? dpy : ":0", g_get_user_name() ); | ||
+#endif | ||
g_free(dpy); | ||
} | ||
|
||
diff --git a/libmenu-cache/menu-cache.h.in b/libmenu-cache/menu-cache.h.in | ||
index 76ea7b4..cded59d 100644 | ||
--- a/libmenu-cache/menu-cache.h.in | ||
+++ b/libmenu-cache/menu-cache.h.in | ||
@@ -151,6 +151,7 @@ MenuCacheItem *menu_cache_find_child_by_name(MenuCacheDir *dir, const char *name | ||
|
||
char* menu_cache_dir_make_path( MenuCacheDir* dir ); | ||
|
||
+const char* menu_cache_app_get_generic_name( MenuCacheApp* app ); | ||
const char* menu_cache_app_get_exec( MenuCacheApp* app ); | ||
const char* menu_cache_app_get_working_dir( MenuCacheApp* app ); | ||
const char* const *menu_cache_app_get_categories(MenuCacheApp* app); | ||
diff --git a/menu-cache-daemon/menu-cached.c b/menu-cache-daemon/menu-cached.c | ||
index a6895ee..c100484 100644 | ||
--- a/menu-cache-daemon/menu-cached.c | ||
+++ b/menu-cache-daemon/menu-cached.c | ||
@@ -473,6 +473,9 @@ static void get_socket_name( char* buf, int len ) | ||
if(*p) | ||
*p = '\0'; | ||
} | ||
+ /* NOTE: this socket name is incompatible with versions > 1.0.2, | ||
+ although this function is never used since 0.7.0 but | ||
+ libmenu-cache always requests exact socket name instead */ | ||
g_snprintf( buf, len, "%s/.menu-cached-%s-%s", g_get_tmp_dir(), | ||
dpy ? dpy : ":0", g_get_user_name() ); | ||
g_free(dpy); | ||
diff --git a/menu-cache-gen/menu-merge.c b/menu-cache-gen/menu-merge.c | ||
index 816cf96..31f05b0 100644 | ||
--- a/menu-cache-gen/menu-merge.c | ||
+++ b/menu-cache-gen/menu-merge.c | ||
@@ -1,7 +1,7 @@ | ||
/* | ||
* menu-file.c : parses <name>.menu file and merges all XML tags. | ||
* | ||
- * Copyright 2013-2016 Andriy Grytsenko (LStranger) <[email protected]> | ||
+ * Copyright 2013-2017 Andriy Grytsenko (LStranger) <[email protected]> | ||
* | ||
* This file is a part of libmenu-cache package and created program | ||
* should be not used without the library. | ||
@@ -138,11 +138,13 @@ static gboolean _menu_xml_handler_Name(FmXmlFileItem *item, GList *children, | ||
guint n_attributes, gint line, gint pos, | ||
GError **error, gpointer user_data) | ||
{ | ||
+ FmXmlFileItem *name_item; | ||
const char *name; | ||
|
||
RETURN_IF_IN_LAYOUT(item, error); | ||
- item = fm_xml_file_item_find_child(item, FM_XML_FILE_TEXT); | ||
- if (item == NULL || (name = fm_xml_file_item_get_data(item, NULL)) == NULL || | ||
+ name_item = fm_xml_file_item_find_child(item, FM_XML_FILE_TEXT); | ||
+ if (name_item == NULL || | ||
+ (name = fm_xml_file_item_get_data(name_item, NULL)) == NULL || | ||
strchr(name, '/') != NULL) /* empty or invalid tag */ | ||
{ | ||
RETURN_TRUE_AND_DESTROY_IF_QUIET(item); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# Copyright 1999-2018 Gentoo Foundation | ||
# Distributed under the terms of the GNU General Public License v2 | ||
|
||
EAPI=6 | ||
|
||
DESCRIPTION="Library to create and utilize caches to speed up freedesktop application menus" | ||
HOMEPAGE="http://lxde.sourceforge.net/" | ||
SRC_URI="mirror://sourceforge/lxde/${P}.tar.xz" | ||
|
||
LICENSE="LGPL-2.1+" | ||
# ABI is v2. See Makefile.am | ||
SLOT="0/2" | ||
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~mips ~ppc ~x86 ~amd64-linux ~x86-linux" | ||
IUSE="" | ||
|
||
PATCHES=( "${FILESDIR}"/${PN}-1.0.2-CVE-2017-8933.patch ) | ||
|
||
RDEPEND="dev-libs/glib:2 | ||
x11-libs/libfm-extra" | ||
DEPEND="${RDEPEND} | ||
sys-devel/gettext | ||
virtual/pkgconfig" |