gentoo resync : 14.07.2018

3 files changed, 67 insertions, 2 deletions

diff --git a/kde-apps/kate/Manifest b/kde-apps/kate/Manifest
index c90d0c614151..dd37e49e113a 100644
--- a/kde-apps/kate/Manifest
+++ b/kde-apps/kate/Manifest
@@ -1,6 +1,7 @@
 AUX kate-17.12.1-deps.patch 3101 BLAKE2B 6cb0a6762041c6f6f2b02d921cee39b9f8eba1f3104d05a4e9565f7e9c7287f1e3ad5cb51bf07ff2f93d1c826c646102ae47c4f67d3e34dc82524ad102fba784 SHA512 abdfce9b12de6b254fecfa8d5f9e532e01212711962c88a02ab099f81ab68ef02a95c6afbae22057467562b37fcb1036b4edd2e8d8f1bde3919c4cba171de38b
+AUX kate-18.04.3-root-user.patch 2754 BLAKE2B 98c0edf87332b3cceecc1af326730603adc72088915bd4373799cf8376b22edee536b1d04a97b0f303b2f4563288b48211fed899a363c70d5884d069c41fe122 SHA512 0b4cf0dfddc7060702c19824d4aa9b863a3ff1958e809d8112eec2cc6f3e4f3c594a69ee36390ba20d7067facb87f0c83a2cdee28c643cda7690cc3876aaea2c
 DIST kate-17.12.3.tar.xz 5629840 BLAKE2B 384b15a1273ec02d0d3342e761f5c1135f000d1b8485445d07ff5384ea49f60c6d4a6aaadd8371d931cbfcab190e4e5ff820021708dbc44899a01340b980e3bd SHA512 3435afb4dc643064c9e98c86e02521cec9d53fb7ad30320e686db6260e3468b3745643447172218b033dcd46e7c9f02efbd00af26ee820b928ac74f5cf62b0a6
-DIST kate-18.04.2.tar.xz 5641048 BLAKE2B 7385aaf26029a6c5b1e749440f41d8ed58e936a06fff9c40ff1b37fd5724298d49d7aa92eb3bdefb2b4088a6cbe106cf6f5796e2a410c2f348c9b42492c7ac7d SHA512 2b3545ba3042f95756f7f3af2d423041107860d390ab6884b52f410adc0a66c8e9fe85e0105935258c0a68daa41c96330ca78de2aa788685daa2b51d97afea7e
+DIST kate-18.04.3.tar.xz 5639892 BLAKE2B 76b36061ec758964e3644fc3893069791e060566646eb03ce0bb6ed04c6c2707f5f48240887078e309128f09e3316ee1bb7076063a8d937d1c4ee67e1dedc906 SHA512 7a41ef21e28e275a448fa80f6d6a7890e221669343c30f946a4522e7f9b4812407ff5b168939508568ce17965fa2dea965aa63062f4fe059a2612021f877694e
 EBUILD kate-17.12.3.ebuild 1971 BLAKE2B 3f2152e20b5d66f38cdaef7e201e2a98c4daf6961e788fabf682a2c9e9e6fa27cd57660767d605f14331ed57053bc6980f6912086b7070b8d7293709844bc182 SHA512 67e615780c13a51e507cf2fa51de9a7826d67cdb07cc3acc23f0798c291ec9119300410bfc064fb760d84139602655388ec072f8e24c6e66bd2350c2738140f0
-EBUILD kate-18.04.2.ebuild 2111 BLAKE2B 7bea7d9d214f5d0b7f2508b565a6b6f71d38783c77ce645d092a2c65dae3a8da5990b18aa2e86f2bc4d76acda143046877aff49fad4142d3c4b7c5e5bbc7d8fd SHA512 ade303f3d9a9ba014a7ec897cf929d1b76c7c7f187159d460a64589db63418fcdcdce02fba2ab47c6ebdbbdb2ca5aa429402cbacbd946554a2e968fa400fe5de
+EBUILD kate-18.04.3.ebuild 2168 BLAKE2B 925cd44a417907597f0570a1e0e1ad11810a1f72f156a4e59905e8e368a81687821d80df8b0af8e0d60dc20e23e4c74c0dc22dc655cbe63886e39f9ff1c588f1 SHA512 346633f4789e6d88c9816158c1f14317f1f6bd38247c453ea45998cf322ce9e741d21bdff06dddbec2f3a6a3f6eb9fe9423bf0d86facc9db53138351c4170123
 MISC metadata.xml 330 BLAKE2B 2c8081efb3a1a1a6c87988dcdf0ac12e4e3efd85ad5c3965662683891113c9a60caa085a97734ae793bc6d12ac3ae0b8cf5249120b45c98897651ea23c7c3045 SHA512 41ae5a022aca855524ba8c6d4c98e54408853a94398a3ae65afd162200e6e4bb8fb9909ac270a27e99a8dc489a61eb48d732a04a73321113874dfcf605d60e6e
diff --git a/kde-apps/kate/files/kate-18.04.3-root-user.patch b/kde-apps/kate/files/kate-18.04.3-root-user.patch
new file mode 100644
index 000000000000..320c17403595
--- /dev/null
+++ b/kde-apps/kate/files/kate-18.04.3-root-user.patch
@@ -0,0 +1,62 @@
+From bf6d5b7532968763bdc629aa90426c53500af13f Mon Sep 17 00:00:00 2001
+From: Nathaniel Graham <nate@kde.org>
+Date: Sat, 26 May 2018 14:50:24 -0600
+Subject: Re-allow running Kate and KWrite as the actual root user (but still
+ not using sudo)
+
+Summary:
+The original change (9adcebd3c2e476c8a32e9b455cc99f46b0e12a7e) to prevent sudo usage broke the use case of running KWrite or Kate while logged in as the actual `root` user with a GUI session. This is how the Kali distro is set up by default, so the original change amounted to making Kate and KWrite not launch at all on this KDE distro.
+
+This patch re-enables running as the actual root user, but keeps blocking usage via `sudo` or `kdesu`. There are no negative security implications associated with re-allowing usage via the root user, since if you're running a GUI session, you were already exposed to the original security threat and Kate and KWrite do not increase the attack surface.
+
+I have submitted a similar change for Dolphin that has been accepted (D12795), but @elvisangelaccio wants that to go in at the same time as this, to keep them in sync.
+
+BUG: 387973
+FIXED-IN: 18.08.0
+
+Test Plan:
+- Log in as normal user and run `sudo kate` or `sudo kwrite`: you get an error message.
+- Log in as normal user and run `kdesu kate` or `kdesu kwrite`: you get an error message.
+- Log in as the root user and run Kate or KWrite normally: it works.
+
+Reviewers: #kate, dhaumann, cullmann, #ktexteditor
+
+Reviewed By: #kate, dhaumann, #ktexteditor
+
+Subscribers: kwrite-devel, elvisangelaccio
+
+Tags: #kate
+
+Differential Revision: https://phabricator.kde.org/D13138
+---
+ kate/main.cpp   | 14 ++++++++------
+ 2 files changed, 16 insertions(+), 12 deletions(-)
+
+diff --git a/kate/main.cpp b/kate/main.cpp
+index e20fcff..19f7a99 100644
+--- a/kate/main.cpp
++++ b/kate/main.cpp
+@@ -61,13 +61,15 @@
+ int main(int argc, char **argv)
+ {
+ #ifndef Q_OS_WIN
+-    /**
+-     * Check whether we are running as root
+-     **/
++    // Prohibit using sudo or kdesu (but allow using the root user directly)
+     if (getuid() == 0) {
+-        std::cout << "Executing Kate as root is not possible. To edit files as root use:" << std::endl;
+-        std::cout << "SUDO_EDITOR=kate sudoedit <file>" << std::endl;
+-        return 0;
++        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
++            std::cout << "Executing Kate with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
++            return EXIT_FAILURE;
++        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
++            std::cout << "Executing Kate with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
++            return EXIT_FAILURE;
++        }
+     }
+ #endif
+     /**
+-- 
+cgit v0.11.2
diff --git a/kde-apps/kate/kate-18.04.2.ebuild b/kde-apps/kate/kate-18.04.3.ebuild
index df641468f081..d6665f97c1db 100644
--- a/kde-apps/kate/kate-18.04.2.ebuild
+++ b/kde-apps/kate/kate-18.04.3.ebuild
@@ -53,6 +53,8 @@ RDEPEND="${DEPEND}
 	!kde-misc/ktexteditorpreviewplugin
 "
 
+PATCHES=( "${FILESDIR}/${PN}-18.04.3-root-user.patch" )
+
 src_prepare() {
 	kde5_src_prepare
 	# test hangs