Skip to content

Commit

Permalink
kde-plasma/kde-cli-tools: backport patch from upstream to resolve CVE…
Browse files Browse the repository at this point in the history
…-2016-7787

Gentoo-bug: 595534

Package-Manager: portage-2.3.1
  • Loading branch information
Michael Palimaka committed Sep 29, 2016
1 parent 5369f3f commit d35f109
Show file tree
Hide file tree
Showing 2 changed files with 106 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
From 5eda179a099ba68a20dc21dc0da63e85a565a171 Mon Sep 17 00:00:00 2001
From: Martin Sandsmark <[email protected]>
Date: Fri, 9 Sep 2016 09:05:57 +0200
Subject: [PATCH] Make sure people are not trying to sneak invisible characters
on the kdesu label

i18n: Sorry for the new string

CCMAIL: [email protected]
---
kdesu/kdesu.cpp | 10 ++++++++++
1 file changed, 10 insertions(+)

diff --git a/kdesu/kdesu.cpp b/kdesu/kdesu.cpp
index b7a66a2..b0efbc7 100644
--- a/kdesu/kdesu.cpp
+++ b/kdesu/kdesu.cpp
@@ -162,6 +162,10 @@ int main(int argc, char *argv[])
{
KMessageBox::sorry(0, i18n("Cannot execute command '%1'.", QString::fromLocal8Bit(command)));
}
+ if (result == -2)
+ {
+ KMessageBox::sorry(0, i18n("Cannot execute command '%1'. It contains invalid characters.", QString::fromLocal8Bit(command)));
+ }

return result;
}
@@ -387,6 +391,12 @@ static int startApp(QCommandLineParser& p)
qDebug() << "Don't need password!!\n";
}

+ for (const QChar character : QString::fromLocal8Bit(command)) {
+ if (!character.isPrint() && character.category() != QChar::Other_Surrogate) {
+ return -2;
+ }
+ }
+
// Start the dialog
QString password;
if (needpw)
--
2.7.3

62 changes: 62 additions & 0 deletions kde-plasma/kde-cli-tools/kde-cli-tools-5.6.5-r1.ebuild
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$

EAPI=6

KDE_HANDBOOK="true"
KDE_TEST="true"
VIRTUALX_REQUIRED="test"
inherit kde5

DESCRIPTION="Tools based on KDE Frameworks 5 to better interact with the system"
HOMEPAGE="https://projects.kde.org/projects/kde/workspace/kde-cli-tools"
KEYWORDS="~amd64 ~arm ~x86"
IUSE="+kdesu X"

DEPEND="
$(add_frameworks_dep kcmutils)
$(add_frameworks_dep kcompletion)
$(add_frameworks_dep kconfig)
$(add_frameworks_dep kconfigwidgets)
$(add_frameworks_dep kcoreaddons)
$(add_frameworks_dep ki18n)
$(add_frameworks_dep kiconthemes)
$(add_frameworks_dep kio)
$(add_frameworks_dep kservice)
$(add_frameworks_dep kwidgetsaddons)
$(add_frameworks_dep kwindowsystem)
$(add_qt_dep qtdbus)
$(add_qt_dep qtgui)
$(add_qt_dep qtsvg)
$(add_qt_dep qtwidgets)
kdesu? ( $(add_frameworks_dep kdesu) )
X? (
$(add_frameworks_dep kdelibs4support)
$(add_qt_dep qtx11extras)
x11-libs/libX11
)
"
RDEPEND="${DEPEND}
handbook? ( !kde-apps/kdesu[handbook] )
"

# requires running kde environment
RESTRICT="test"

PATCHES=( "${FILESDIR}/${P}-CVE-2016-7787.patch" )

src_configure() {
local mycmakeargs=(
$(cmake-utils_use_find_package kdesu KF5Su)
$(cmake-utils_use_find_package X KF5KDELibs4Support)
$(cmake-utils_use_find_package X Qt5X11Extras)
)

kde5_src_configure
}

src_install() {
kde5_src_install
use kdesu && dosym /usr/$(get_libdir)/libexec/kf5/kdesu /usr/bin/kdesu5
}

0 comments on commit d35f109

Please sign in to comment.