kde-plasma/kde-cli-tools: backport patch from upstream to resolve CVE…

…-2016-7787 Gentoo-bug: 595534 Package-Manager: portage-2.3.1
johu · Sep 29, 2016 · d35f109 · d35f109
1 parent 5369f3f
commit d35f109
Show file tree

Hide file tree

Showing 2 changed files with 106 additions and 0 deletions.
diff --git a/kde-plasma/kde-cli-tools/files/kde-cli-tools-5.6.5-CVE-2016-7787.patch b/kde-plasma/kde-cli-tools/files/kde-cli-tools-5.6.5-CVE-2016-7787.patch
@@ -0,0 +1,44 @@
+From 5eda179a099ba68a20dc21dc0da63e85a565a171 Mon Sep 17 00:00:00 2001
+From: Martin Sandsmark <[email protected]>
+Date: Fri, 9 Sep 2016 09:05:57 +0200
+Subject: [PATCH] Make sure people are not trying to sneak invisible characters
+ on the kdesu label
+
+i18n: Sorry for the new string
+
+CCMAIL: [email protected]
+---
+ kdesu/kdesu.cpp | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/kdesu/kdesu.cpp b/kdesu/kdesu.cpp
+index b7a66a2..b0efbc7 100644
+--- a/kdesu/kdesu.cpp
++++ b/kdesu/kdesu.cpp
+@@ -162,6 +162,10 @@ int main(int argc, char *argv[])
+ {
+ KMessageBox::sorry(0, i18n("Cannot execute command '%1'.", QString::fromLocal8Bit(command)));
+ }
++ if (result == -2)
++ {
++ KMessageBox::sorry(0, i18n("Cannot execute command '%1'. It contains invalid characters.", QString::fromLocal8Bit(command)));
++ }
+
+ return result;
+ }
+@@ -387,6 +391,12 @@ static int startApp(QCommandLineParser& p)
+ qDebug() << "Don't need password!!\n";
+ }
+
++ for (const QChar character : QString::fromLocal8Bit(command)) {
++ if (!character.isPrint() && character.category() != QChar::Other_Surrogate) {
++ return -2;
++ }
++ }
++
+ // Start the dialog
+ QString password;
+ if (needpw)
+-- 
+2.7.3
+
diff --git a/kde-plasma/kde-cli-tools/kde-cli-tools-5.6.5-r1.ebuild b/kde-plasma/kde-cli-tools/kde-cli-tools-5.6.5-r1.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+KDE_HANDBOOK="true"
+KDE_TEST="true"
+VIRTUALX_REQUIRED="test"
+inherit kde5
+
+DESCRIPTION="Tools based on KDE Frameworks 5 to better interact with the system"
+HOMEPAGE="https://projects.kde.org/projects/kde/workspace/kde-cli-tools"
+KEYWORDS="~amd64 ~arm ~x86"
+IUSE="+kdesu X"
+
+DEPEND="
+ $(add_frameworks_dep kcmutils)
+ $(add_frameworks_dep kcompletion)
+ $(add_frameworks_dep kconfig)
+ $(add_frameworks_dep kconfigwidgets)
+ $(add_frameworks_dep kcoreaddons)
+ $(add_frameworks_dep ki18n)
+ $(add_frameworks_dep kiconthemes)
+ $(add_frameworks_dep kio)
+ $(add_frameworks_dep kservice)
+ $(add_frameworks_dep kwidgetsaddons)
+ $(add_frameworks_dep kwindowsystem)
+ $(add_qt_dep qtdbus)
+ $(add_qt_dep qtgui)
+ $(add_qt_dep qtsvg)
+ $(add_qt_dep qtwidgets)
+ kdesu? ( $(add_frameworks_dep kdesu) )
+ X? (
+ $(add_frameworks_dep kdelibs4support)
+ $(add_qt_dep qtx11extras)
+ x11-libs/libX11
+ )
+"
+RDEPEND="${DEPEND}
+ handbook? ( !kde-apps/kdesu[handbook] )
+"
+
+# requires running kde environment
+RESTRICT="test"
+
+PATCHES=( "${FILESDIR}/${P}-CVE-2016-7787.patch" )
+
+src_configure() {
+ local mycmakeargs=(
+ $(cmake-utils_use_find_package kdesu KF5Su)
+ $(cmake-utils_use_find_package X KF5KDELibs4Support)
+ $(cmake-utils_use_find_package X Qt5X11Extras)
+ )
+
+ kde5_src_configure
+}
+
+src_install() {
+ kde5_src_install
+ use kdesu && dosym /usr/$(get_libdir)/libexec/kf5/kdesu /usr/bin/kdesu5
+}