diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2020-11-25 22:39:15 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2020-11-25 22:39:15 +0000 |
commit | d934827bf44b7cfcf6711964418148fa60877668 (patch) | |
tree | 0625f358789b5e015e49db139cc1dbc9be00428f /kde-apps/kleopatra | |
parent | 2e34d110f164bf74d55fced27fe0000201b3eec5 (diff) |
gentoo resync : 25.11.2020
Diffstat (limited to 'kde-apps/kleopatra')
-rw-r--r-- | kde-apps/kleopatra/Manifest | 8 | ||||
-rw-r--r-- | kde-apps/kleopatra/files/kleopatra-20.04.3-CVE-2020-24972.patch | 110 | ||||
-rw-r--r-- | kde-apps/kleopatra/files/kleopatra-20.04.3-exec-w-double-dash.patch | 108 | ||||
-rw-r--r-- | kde-apps/kleopatra/kleopatra-20.04.3-r1.ebuild | 60 | ||||
-rw-r--r-- | kde-apps/kleopatra/kleopatra-20.08.3.ebuild (renamed from kde-apps/kleopatra/kleopatra-20.08.1.ebuild) | 8 |
5 files changed, 6 insertions, 288 deletions
diff --git a/kde-apps/kleopatra/Manifest b/kde-apps/kleopatra/Manifest index 1e21715453a4..6ce0b7b38637 100644 --- a/kde-apps/kleopatra/Manifest +++ b/kde-apps/kleopatra/Manifest @@ -1,7 +1,3 @@ -AUX kleopatra-20.04.3-CVE-2020-24972.patch 5485 BLAKE2B 1836b3783ddc67791e847f310da68837a5a5e244326514cadaea334788b1df44c2d0ab68482921f227343627b00421ef4566b79d8cba3bb2d6807e753f43ba62 SHA512 0eb8b7ce25e86e9e4733f9fe155cac62a4503db83f02f1bbb43c9c46af02c0a41cc842413f2a9d97b76e110fe2fd48cf55cf95a3be33042aba7167498cc16442 -AUX kleopatra-20.04.3-exec-w-double-dash.patch 4138 BLAKE2B 92b1512c437dce78efebf5b248fc6cb8fb2447fb37ee24aabc92a3c907f8af4bd025a6aceff2118518379ef3fde111d4d01b32b762626f380e626c3a099b58a5 SHA512 7ecc38876df91934412ea9c3a16a566d3454369504a0bbe0ff865cb5e6435a40e964d4ba49df9becee8a52d7964bf6b9f0a32d45473f9d084c831468db982df4 -DIST kleopatra-20.04.3.tar.xz 1935784 BLAKE2B 3c64c29762c06ce196149f0e9de3ec1a3c9970e2dce03dea600b4096da2100a1138548ddbc794bd0d47852e1b6e2ff962ec38f5b245a453f4a9953c1d846b909 SHA512 b72ffb37b3116525d8a531c056a0457e6fb3257081d639fc1c175c8dd4566e4f3c0989cfc696c43c92b630b43dcad90f667a9f3496fede0121065553041c554a -DIST kleopatra-20.08.1.tar.xz 1937140 BLAKE2B f37a4cc458d851db833febee58fc1a4e535428c1a359ce4643ea944a5cafb824d6fecc12eb9e14b9361c56050311394a3c2c3a7368bae4ed9c921e6839f02a54 SHA512 6cbd3caa8c773380e4b7f7b396ba45f7a21ae39afc3e6b55d507ea0ef53c6a5663635de1ff494c325b88a57918665485a68c8100b67fe77292b632451b67e63c -EBUILD kleopatra-20.04.3-r1.ebuild 1590 BLAKE2B 500d250a7ade1cf0883be418c53398704c48255ed9e1bc810d9ed509aef69aa361b88f9c2e764c02ac795d7298bb034836de61ca423987c42df88781f79f4703 SHA512 07fa72c5b06fde135f28f2e3d7e04213ed311ac81d311cc609a89e264b536ef2f0cdb24e62821e786f751214a2473166d05240379f63f6d87857eb3e599a11b9 -EBUILD kleopatra-20.08.1.ebuild 1494 BLAKE2B 365dfb25105e2193743aa8a47e97cec6595d1fc655f03e8cb2dbab0c0bbb92c3f8940b68793378c7ccc6400f5d718de7a83edc0f1b40b349de1e9d545b1f63ce SHA512 9c003dcf7fa6eae1b6d76d4ceece4fdd37b9bfc76e3904a5ada420b9e85faab68617b13b322d535a3c2ab9e92c4e267625e477f140fd16e5302b55c21d0ec507 +DIST kleopatra-20.08.3.tar.xz 1944160 BLAKE2B 1c610913a330a04420a04e89b6760d55ed47f911f7b5830d793a8723b702eddb6748475ab44487cf7a978c1465db868251ecdee9e177e88dc7637827aa4fc67a SHA512 c3c2de5073eee0a21114d9b3b4ed335e6fd7589b28bb82494c840eb53ffe347e4bef15ec54353cac0149bbd08297d05c2c1bac3bb5279260e66131b2249f1bba +EBUILD kleopatra-20.08.3.ebuild 1475 BLAKE2B 978c3d4fea4a466fd660198709c0bf2cd5523b585283001d447abeaebaf5f98a0531043036848b735737bf0d4d508136182368b3e8e26e97d20b00de41162885 SHA512 520ecbec2f62b6067a9bcefab0e4db891cf4f9358908a38e93382bf917b3351fa139759d11ff162643d89355c264e1ffba89f2b980dde57937f4c62bc848573e MISC metadata.xml 249 BLAKE2B ad415db89e5dee1627aa77f44ded9d4e1e5b8217d06c7ca25bbaa3fe92ce67c2b1090957c45a821b407d7927e5af798498aa6a5b903895ee1af8ee20a446c7f7 SHA512 76a5a340b13f0053ca3c5e94ed24380ea8d29b45ac8655419e22eaadb1e4a827c04d2e7e36b65145c4964e6526f656618fc6ac144e277ef53cb7373e6239e3c3 diff --git a/kde-apps/kleopatra/files/kleopatra-20.04.3-CVE-2020-24972.patch b/kde-apps/kleopatra/files/kleopatra-20.04.3-CVE-2020-24972.patch deleted file mode 100644 index ebcbb232e08f..000000000000 --- a/kde-apps/kleopatra/files/kleopatra-20.04.3-CVE-2020-24972.patch +++ /dev/null @@ -1,110 +0,0 @@ -From b4bd63c1739900d94c04da03045e9445a5a5f54b Mon Sep 17 00:00:00 2001 -From: Andre Heinecke <aheinecke@gnupg.org> -Date: Tue, 7 Jul 2020 14:39:29 +0200 -Subject: [PATCH] Allow safe usage of query - -To allow secure usage of query and search the parameters are -no longer parsed as value but instead of positional arguments. - -This allows us to register "kleoptra --query -- $1" as an -URL handler for openpgp4fpr: without the risk of command -line injection through an unsescaped query string. - -Similarly the double dash should be used for file handling -to avoid command line injection through filenames. ---- - src/kleopatra_options.h | 19 ++++++++++++++----- - src/kleopatraapplication.cpp | 25 ++++++++++++++----------- - 2 files changed, 28 insertions(+), 16 deletions(-) - -diff --git a/src/kleopatra_options.h b/src/kleopatra_options.h -index 661c44d7..8ce7fccf 100644 ---- a/src/kleopatra_options.h -+++ b/src/kleopatra_options.h -@@ -79,8 +79,7 @@ static void kleopatra_options(QCommandLineParser *parser) - << QStringLiteral("D"), - i18n("Decrypt and/or verify file(s)")) - << QCommandLineOption(QStringList() << QStringLiteral("search"), -- i18n("Search for a certificate on a keyserver"), -- QStringLiteral("search string")) -+ i18n("Search for a certificate on a keyserver")) - << QCommandLineOption(QStringList() << QStringLiteral("checksum"), - i18n("Create or check a checksum file")) - << QCommandLineOption(QStringList() << QStringLiteral("query") -@@ -88,8 +87,7 @@ static void kleopatra_options(QCommandLineParser *parser) - i18nc("If a certificate is already known it shows the certificate details dialog." - "Otherwise it brings up the certificate search dialog.", - "Show details of a local certificate or search for it on a keyserver" -- " by fingerprint"), -- QStringLiteral("fingerprint")) -+ " by fingerprint")) - << QCommandLineOption(QStringList() << QStringLiteral("gen-key"), - i18n("Create a new key pair or certificate signing request")) - << QCommandLineOption(QStringLiteral("parent-windowid"), -@@ -100,8 +98,19 @@ static void kleopatra_options(QCommandLineParser *parser) - - parser->addOptions(options); - -+ /* Security note: To avoid code execution by shared library injection -+ * through e.g. -platformpluginpath any external input should be seperated -+ * by a double dash -- this is why query / search uses positional arguments. -+ * -+ * For example on Windows there is an URLhandler for openpgp4fpr: -+ * be opened with Kleopatra's query function. And while a browser should -+ * urlescape such a query there might be tricks to inject a quote character -+ * and as such inject command line options for Kleopatra in an URL. */ - parser->addPositionalArgument(QStringLiteral("files"), - i18n("File(s) to process"), -- QStringLiteral("[files..]")); -+ QStringLiteral("-- [files..]")); -+ parser->addPositionalArgument(QStringLiteral("query"), -+ i18n("String or Fingerprint for query and search"), -+ QStringLiteral("-- [query..]")); - } - #endif -diff --git a/src/kleopatraapplication.cpp b/src/kleopatraapplication.cpp -index 989f14b4..a8c5dd08 100644 ---- a/src/kleopatraapplication.cpp -+++ b/src/kleopatraapplication.cpp -@@ -273,13 +273,18 @@ QString KleopatraApplication::newInstance(const QCommandLineParser &parser, - - QStringList files; - const QDir cwd = QDir(workingDirectory); -- Q_FOREACH (const QString &file, parser.positionalArguments()) { -- // We do not check that file exists here. Better handle -- // these errors in the UI. -- if (QFileInfo(file).isAbsolute()) { -- files << file; -- } else { -- files << cwd.absoluteFilePath(file); -+ bool queryMode = parser.isSet(QStringLiteral("query")) || parser.isSet(QStringLiteral("search")); -+ -+ // Query and Search treat positional arguments differently, see below. -+ if (!queryMode) { -+ Q_FOREACH (const QString &file, parser.positionalArguments()) { -+ // We do not check that file exists here. Better handle -+ // these errors in the UI. -+ if (QFileInfo(file).isAbsolute()) { -+ files << file; -+ } else { -+ files << cwd.absoluteFilePath(file); -+ } - } - } - -@@ -313,10 +318,8 @@ QString KleopatraApplication::newInstance(const QCommandLineParser &parser, - - // Handle openpgp4fpr URI scheme - QString needle; -- if (parser.isSet(QStringLiteral("search"))) { -- needle = parser.value(QStringLiteral("search")); -- } else if (parser.isSet(QStringLiteral("query"))) { -- needle = parser.value(QStringLiteral("query")); -+ if (queryMode) { -+ needle = parser.positionalArguments().join(QLatin1Char(' ')); - } - if (needle.startsWith(QLatin1String("openpgp4fpr:"))) { - needle.remove(0, 12); --- -GitLab - diff --git a/kde-apps/kleopatra/files/kleopatra-20.04.3-exec-w-double-dash.patch b/kde-apps/kleopatra/files/kleopatra-20.04.3-exec-w-double-dash.patch deleted file mode 100644 index d5ba1236c2df..000000000000 --- a/kde-apps/kleopatra/files/kleopatra-20.04.3-exec-w-double-dash.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 9abdda396818842de1d9af9a153b66a1399f7c0f Mon Sep 17 00:00:00 2001 -From: Andre Heinecke <aheinecke@gnupg.org> -Date: Tue, 7 Jul 2020 14:46:31 +0200 -Subject: [PATCH] Add double dash for exec command for files - -This prevents shenannigans with file names that might -inject command line options. ---- - src/data/kleopatra_decryptverifyfiles.desktop | 2 +- - src/data/kleopatra_decryptverifyfolders.desktop | 2 +- - src/data/kleopatra_import.desktop | 2 +- - src/data/kleopatra_signencryptfiles.desktop | 8 ++++---- - src/data/kleopatra_signencryptfolders.desktop | 4 ++-- - 5 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/src/data/kleopatra_decryptverifyfiles.desktop b/src/data/kleopatra_decryptverifyfiles.desktop -index 5f4832fe..1bd3200e 100644 ---- a/src/data/kleopatra_decryptverifyfiles.desktop -+++ b/src/data/kleopatra_decryptverifyfiles.desktop -@@ -102,4 +102,4 @@ Name[x-test]=xxDecrypt/Verify Filexx - Name[zh_CN]=解密/验证文件 - Name[zh_TW]=解密/檢查檔案 - Icon=kleopatra --Exec=kleopatra --decrypt-verify %F -+Exec=kleopatra --decrypt-verify -- %F -diff --git a/src/data/kleopatra_decryptverifyfolders.desktop b/src/data/kleopatra_decryptverifyfolders.desktop -index 8b6af1e2..54644c8f 100644 ---- a/src/data/kleopatra_decryptverifyfolders.desktop -+++ b/src/data/kleopatra_decryptverifyfolders.desktop -@@ -101,4 +101,4 @@ Name[x-test]=xxDecrypt/Verify All Files In Folderxx - Name[zh_CN]=文件夹中的全部解密/验证文件 - Name[zh_TW]=解密/檢查所有資料夾中的檔案 - Icon=kleopatra --Exec=kleopatra --decrypt-verify %F -+Exec=kleopatra --decrypt-verify -- %F -diff --git a/src/data/kleopatra_import.desktop b/src/data/kleopatra_import.desktop -index 2b886b24..8a99c81d 100644 ---- a/src/data/kleopatra_import.desktop -+++ b/src/data/kleopatra_import.desktop -@@ -1,7 +1,7 @@ - [Desktop Entry] - Type=Application - Icon=kleopatra --Exec=kleopatra --import-certificate %F -+Exec=kleopatra --import-certificate -- %F - MimeType=application/pkcs7-mime;application/x-x509-ca-cert;application/x-pkcs12;application/pgp-keys; - Categories=Qt;KDE;Utility;X-KDE-Utilities-PIM; - -diff --git a/src/data/kleopatra_signencryptfiles.desktop b/src/data/kleopatra_signencryptfiles.desktop -index d3ea5f98..8656bccb 100644 ---- a/src/data/kleopatra_signencryptfiles.desktop -+++ b/src/data/kleopatra_signencryptfiles.desktop -@@ -103,7 +103,7 @@ Name[x-test]=xxSign & Encrypt Filexx - Name[zh_CN]=签名并加密文件 - Name[zh_TW]=簽署並加密檔案 - Icon=kleopatra --Exec=kleopatra --encrypt-sign %F -+Exec=kleopatra --encrypt-sign -- %F - - [Desktop Action kleoencryptfiles] - Name=Encrypt File -@@ -159,7 +159,7 @@ Name[x-test]=xxEncrypt Filexx - Name[zh_CN]=加密文件 - Name[zh_TW]=加密檔案 - Icon=kleopatra --Exec=kleopatra --encrypt %F -+Exec=kleopatra --encrypt -- %F - - [Desktop Action kleosignfilesopenpgp] - Name=OpenPGP-Sign File -@@ -211,7 +211,7 @@ Name[x-test]=xxOpenPGP-Sign Filexx - Name[zh_CN]=OpenPGP 签名文件 - Name[zh_TW]=OpenPGP─簽署檔案 - Icon=kleopatra --Exec=kleopatra --openpgp --sign %F -+Exec=kleopatra --openpgp --sign -- %F - - [Desktop Action kleosignfilescms] - Name=S/MIME-Sign File -@@ -263,5 +263,5 @@ Name[x-test]=xxS/MIME-Sign Filexx - Name[zh_CN]=S/MIME 签名文件 - Name[zh_TW]=S/MIME─簽署檔案 - Icon=kleopatra --Exec=kleopatra --cms --sign %F -+Exec=kleopatra --cms --sign -- %F - -diff --git a/src/data/kleopatra_signencryptfolders.desktop b/src/data/kleopatra_signencryptfolders.desktop -index 5ef802ce..b9146d5a 100644 ---- a/src/data/kleopatra_signencryptfolders.desktop -+++ b/src/data/kleopatra_signencryptfolders.desktop -@@ -100,7 +100,7 @@ Name[x-test]=xxArchive, Sign && Encrypt Folderxx - Name[zh_CN]=归档、签名并加密文件夹 - Name[zh_TW]=歸檔,簽署與加密資料夾 - Icon=kleopatra --Exec=kleopatra --encrypt-sign %F -+Exec=kleopatra --encrypt-sign -- %F - - [Desktop Action kleoencryptfolder] - Name=Archive && Encrypt Folder -@@ -151,4 +151,4 @@ Name[x-test]=xxArchive && Encrypt Folderxx - Name[zh_CN]=归档并加密文件夹 - Name[zh_TW]=歸檔並加密資料夾 - Icon=kleopatra --Exec=kleopatra --encrypt %F -+Exec=kleopatra --encrypt -- %F --- -GitLab - diff --git a/kde-apps/kleopatra/kleopatra-20.04.3-r1.ebuild b/kde-apps/kleopatra/kleopatra-20.04.3-r1.ebuild deleted file mode 100644 index 57574a47f59b..000000000000 --- a/kde-apps/kleopatra/kleopatra-20.04.3-r1.ebuild +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -ECM_HANDBOOK="optional" -ECM_TEST="forceoptional" -PVCUT=$(ver_cut 1-3) -KFMIN=5.70.0 -QTMIN=5.14.2 -VIRTUALX_REQUIRED="test" -inherit ecm kde.org - -DESCRIPTION="Certificate manager and GUI for OpenPGP and CMS cryptography" -HOMEPAGE="https://kde.org/applications/utilities/org.kde.kleopatra" - -LICENSE="GPL-2+ handbook? ( FDL-1.2+ )" -SLOT="5" -KEYWORDS="amd64 arm64 x86" -IUSE="" - -DEPEND=" - >=app-crypt/gpgme-1.11.1[cxx,qt5] - dev-libs/boost:= - dev-libs/libassuan - dev-libs/libgpg-error - >=dev-qt/qtdbus-${QTMIN}:5 - >=dev-qt/qtgui-${QTMIN}:5 - >=dev-qt/qtnetwork-${QTMIN}:5 - >=dev-qt/qtprintsupport-${QTMIN}:5 - >=dev-qt/qtwidgets-${QTMIN}:5 - >=kde-apps/kmime-${PVCUT}:5 - >=kde-apps/libkleo-${PVCUT}:5 - >=kde-frameworks/kcmutils-${KFMIN}:5 - >=kde-frameworks/kcodecs-${KFMIN}:5 - >=kde-frameworks/kconfig-${KFMIN}:5 - >=kde-frameworks/kconfigwidgets-${KFMIN}:5 - >=kde-frameworks/kcoreaddons-${KFMIN}:5 - >=kde-frameworks/kdbusaddons-${KFMIN}:5 - >=kde-frameworks/ki18n-${KFMIN}:5 - >=kde-frameworks/kiconthemes-${KFMIN}:5 - >=kde-frameworks/kitemmodels-${KFMIN}:5 - >=kde-frameworks/knotifications-${KFMIN}:5 - >=kde-frameworks/ktextwidgets-${KFMIN}:5 - >=kde-frameworks/kwidgetsaddons-${KFMIN}:5 - >=kde-frameworks/kwindowsystem-${KFMIN}:5 - >=kde-frameworks/kxmlgui-${KFMIN}:5 -" -RDEPEND="${DEPEND} - >=app-crypt/gnupg-2.1 - app-crypt/paperkey -" - -# tests completely broken, bug #641720 -RESTRICT+=" test" - -PATCHES=( - "${FILESDIR}/${P}-CVE-2020-24972.patch" - "${FILESDIR}/${P}-exec-w-double-dash.patch" -) diff --git a/kde-apps/kleopatra/kleopatra-20.08.1.ebuild b/kde-apps/kleopatra/kleopatra-20.08.3.ebuild index 86a91c6e8525..803886d95041 100644 --- a/kde-apps/kleopatra/kleopatra-20.08.1.ebuild +++ b/kde-apps/kleopatra/kleopatra-20.08.3.ebuild @@ -6,17 +6,17 @@ EAPI=7 ECM_HANDBOOK="optional" ECM_TEST="forceoptional" PVCUT=$(ver_cut 1-3) -KFMIN=5.72.0 -QTMIN=5.14.2 +KFMIN=5.74.0 +QTMIN=5.15.1 VIRTUALX_REQUIRED="test" inherit ecm kde.org DESCRIPTION="Certificate manager and GUI for OpenPGP and CMS cryptography" -HOMEPAGE="https://kde.org/applications/utilities/org.kde.kleopatra" +HOMEPAGE="https://apps.kde.org/en/kleopatra" LICENSE="GPL-2+ handbook? ( FDL-1.2+ )" SLOT="5" -KEYWORDS="~amd64 ~arm64 ~x86" +KEYWORDS="amd64 arm64 ~ppc64 x86" IUSE="" DEPEND=" |