lxde-base/menu-cache: fix against CVE-2017-8933.

Package-Manager: Portage-2.3.13, Repoman-2.3.3 Bug: https://bugs.gentoo.org/618620 Closes: gentoo#5355
hanetzer · Mar 5, 2018 · f661657 · f661657
1 parent bfe2786
commit f661657
Show file tree

Hide file tree

Showing 2 changed files with 144 additions and 0 deletions.
diff --git a/lxde-base/menu-cache/files/menu-cache-1.0.2-CVE-2017-8933.patch b/lxde-base/menu-cache/files/menu-cache-1.0.2-CVE-2017-8933.patch
@@ -0,0 +1,122 @@
+diff --git a/NEWS b/NEWS
+index dcc572a..6177e9d 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,3 +1,12 @@
++* Fixed crash with invalid <Name> tag in a menu.
++
++* Added new API menu_cache_app_get_generic_name() to get generic
++ name for application.
++
++* Fixed potential access violation, use runtime user dir instead of tmp dir.
++ It limits libmenu-cache compatibility to menu-cached >= 0.7.0.
++
++
+ Changes in 1.0.2 since 1.0.1:
+
+ * Fixed crash in menu-cached if cache regeneration fails.
+diff --git a/libmenu-cache/menu-cache.c b/libmenu-cache/menu-cache.c
+index 3bc9cfc..d914127 100644
+--- a/libmenu-cache/menu-cache.c
++++ b/libmenu-cache/menu-cache.c
+@@ -3,7 +3,7 @@
+ *
+ * Copyright 2008 PCMan <[email protected]>
+ * Copyright 2009 Jürgen Hötzel <[email protected]>
+- * Copyright 2012-2015 Andriy Grytsenko (LStranger) <[email protected]>
++ * Copyright 2012-2017 Andriy Grytsenko (LStranger) <[email protected]>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+@@ -1234,6 +1234,22 @@ gboolean menu_cache_dir_is_visible(MenuCacheDir *dir)
+ }
+
+ /**
++ * menu_cache_app_get_generic_name
++ * @app: a menu cache item
++ *
++ * Retrieves generic name for @app. Returned data are owned by menu
++ * cache and should not be freed by caller.
++ *
++ * Returns: (transfer none): app's generic name or %NULL.
++ *
++ * Since: 1.0.3
++ */
++const char* menu_cache_app_get_generic_name( MenuCacheApp* app )
++{
++ return app->generic_name;
++}
++
++/**
+ * menu_cache_app_get_exec
+ * @app: a menu cache item
+ *
+@@ -1522,8 +1538,13 @@ static void get_socket_name( char* buf, int len )
+ if(*p)
+ *p = '\0';
+ }
++#if GLIB_CHECK_VERSION(2, 28, 0)
++ g_snprintf( buf, len, "%s/menu-cached-%s", g_get_user_runtime_dir(),
++ dpy ? dpy : ":0" );
++#else
+ g_snprintf( buf, len, "%s/.menu-cached-%s-%s", g_get_tmp_dir(),
+ dpy ? dpy : ":0", g_get_user_name() );
++#endif
+ g_free(dpy);
+ }
+
+diff --git a/libmenu-cache/menu-cache.h.in b/libmenu-cache/menu-cache.h.in
+index 76ea7b4..cded59d 100644
+--- a/libmenu-cache/menu-cache.h.in
++++ b/libmenu-cache/menu-cache.h.in
+@@ -151,6 +151,7 @@ MenuCacheItem *menu_cache_find_child_by_name(MenuCacheDir *dir, const char *name
+
+ char* menu_cache_dir_make_path( MenuCacheDir* dir );
+
++const char* menu_cache_app_get_generic_name( MenuCacheApp* app );
+ const char* menu_cache_app_get_exec( MenuCacheApp* app );
+ const char* menu_cache_app_get_working_dir( MenuCacheApp* app );
+ const char* const *menu_cache_app_get_categories(MenuCacheApp* app);
+diff --git a/menu-cache-daemon/menu-cached.c b/menu-cache-daemon/menu-cached.c
+index a6895ee..c100484 100644
+--- a/menu-cache-daemon/menu-cached.c
++++ b/menu-cache-daemon/menu-cached.c
+@@ -473,6 +473,9 @@ static void get_socket_name( char* buf, int len )
+ if(*p)
+ *p = '\0';
+ }
++ /* NOTE: this socket name is incompatible with versions > 1.0.2,
++ although this function is never used since 0.7.0 but
++ libmenu-cache always requests exact socket name instead */
+ g_snprintf( buf, len, "%s/.menu-cached-%s-%s", g_get_tmp_dir(),
+ dpy ? dpy : ":0", g_get_user_name() );
+ g_free(dpy);
+diff --git a/menu-cache-gen/menu-merge.c b/menu-cache-gen/menu-merge.c
+index 816cf96..31f05b0 100644
+--- a/menu-cache-gen/menu-merge.c
++++ b/menu-cache-gen/menu-merge.c
+@@ -1,7 +1,7 @@
+ /*
+ * menu-file.c : parses <name>.menu file and merges all XML tags.
+ *
+- * Copyright 2013-2016 Andriy Grytsenko (LStranger) <[email protected]>
++ * Copyright 2013-2017 Andriy Grytsenko (LStranger) <[email protected]>
+ *
+ * This file is a part of libmenu-cache package and created program
+ * should be not used without the library.
+@@ -138,11 +138,13 @@ static gboolean _menu_xml_handler_Name(FmXmlFileItem *item, GList *children,
+ guint n_attributes, gint line, gint pos,
+ GError **error, gpointer user_data)
+ {
++ FmXmlFileItem *name_item;
+ const char *name;
+
+ RETURN_IF_IN_LAYOUT(item, error);
+- item = fm_xml_file_item_find_child(item, FM_XML_FILE_TEXT);
+- if (item == NULL || (name = fm_xml_file_item_get_data(item, NULL)) == NULL ||
++ name_item = fm_xml_file_item_find_child(item, FM_XML_FILE_TEXT);
++ if (name_item == NULL ||
++ (name = fm_xml_file_item_get_data(name_item, NULL)) == NULL ||
+ strchr(name, '/') != NULL) /* empty or invalid tag */
+ {
+ RETURN_TRUE_AND_DESTROY_IF_QUIET(item);
diff --git a/lxde-base/menu-cache/menu-cache-1.0.2-r1.ebuild b/lxde-base/menu-cache/menu-cache-1.0.2-r1.ebuild
@@ -0,0 +1,22 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+DESCRIPTION="Library to create and utilize caches to speed up freedesktop application menus"
+HOMEPAGE="http://lxde.sourceforge.net/"
+SRC_URI="mirror://sourceforge/lxde/${P}.tar.xz"
+
+LICENSE="LGPL-2.1+"
+# ABI is v2. See Makefile.am
+SLOT="0/2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~mips ~ppc ~x86 ~amd64-linux ~x86-linux"
+IUSE=""
+
+PATCHES=( "${FILESDIR}"/${PN}-1.0.2-CVE-2017-8933.patch )
+
+RDEPEND="dev-libs/glib:2
+ x11-libs/libfm-extra"
+DEPEND="${RDEPEND}
+ sys-devel/gettext
+ virtual/pkgconfig"