gentoo resync : 14.07.2018

3 files changed, 67 insertions, 2 deletions

diff --git a/kde-apps/kwrite/Manifest b/kde-apps/kwrite/Manifest
index c390e6042aa7..0bd4af7f46f0 100644
--- a/kde-apps/kwrite/Manifest
+++ b/kde-apps/kwrite/Manifest
@@ -1,5 +1,6 @@
+AUX kwrite-18.04.3-root-user.patch 2791 BLAKE2B 504d19baecc1a31c00fe32ed25c4f5c42400b33e788a94559a0833dad0dba0600bf5f763dffbfb4868c213d1825d852c988cded0bf2937f8e5614e5edb953b84 SHA512 b8d71b7e609ae671071419d75dcc6fcfb1577e25d4dbea5f62baafe00862fb45d4d91b01e90cb874a849897a9fe4d3ce50b02ff1b7ac7faaf6f5fc5b9ccf3634
 DIST kate-17.12.3.tar.xz 5629840 BLAKE2B 384b15a1273ec02d0d3342e761f5c1135f000d1b8485445d07ff5384ea49f60c6d4a6aaadd8371d931cbfcab190e4e5ff820021708dbc44899a01340b980e3bd SHA512 3435afb4dc643064c9e98c86e02521cec9d53fb7ad30320e686db6260e3468b3745643447172218b033dcd46e7c9f02efbd00af26ee820b928ac74f5cf62b0a6
-DIST kate-18.04.2.tar.xz 5641048 BLAKE2B 7385aaf26029a6c5b1e749440f41d8ed58e936a06fff9c40ff1b37fd5724298d49d7aa92eb3bdefb2b4088a6cbe106cf6f5796e2a410c2f348c9b42492c7ac7d SHA512 2b3545ba3042f95756f7f3af2d423041107860d390ab6884b52f410adc0a66c8e9fe85e0105935258c0a68daa41c96330ca78de2aa788685daa2b51d97afea7e
+DIST kate-18.04.3.tar.xz 5639892 BLAKE2B 76b36061ec758964e3644fc3893069791e060566646eb03ce0bb6ed04c6c2707f5f48240887078e309128f09e3316ee1bb7076063a8d937d1c4ee67e1dedc906 SHA512 7a41ef21e28e275a448fa80f6d6a7890e221669343c30f946a4522e7f9b4812407ff5b168939508568ce17965fa2dea965aa63062f4fe059a2612021f877694e
 EBUILD kwrite-17.12.3.ebuild 1187 BLAKE2B d4013638f4e083e2bb09d4fd13b8460576be643f743275a6db02cc662c93c498bcd99c8293ef1aab6a14fca1874f3d066c92544479a1bc0636bd942bdb8292e6 SHA512 46a6a9c2da045780652a90adfd6390c3623c1b5da38f75228bd87fe7ad4ca7a0cafda28d926a8e09f5ab49d4027a4c3cf73025a0c54e0a1e05b875458eea755e
-EBUILD kwrite-18.04.2.ebuild 1189 BLAKE2B d42d84f053107c7d7631f8008515a1022ab162b36c5e55471c9536e6c6b67399c185f6055d6de97f773ecab1481cccec261cfa38c0c2273fdca3ebc616904ce2 SHA512 8dfbabe38a589b0fa4dac0db266d1dd15a276ddf19335352013f5d7f13494cc2f50051d931821a3b180c48c697627382a2014358e9e87c261bdd62b6600c4b7a
+EBUILD kwrite-18.04.3.ebuild 1246 BLAKE2B f1f04a7f61c6184ef9e5a7b98f6c04705b9562ca0758caa69db0b5fef2411a1b0bf175c026efdb798038473d46ff4802f299dbc2ef08fb14dd6c59bb8a30d02d SHA512 40aa3545a9c56397d9bf254beaa60f2bdeda17df501b820d7248ca69a23f452aafada5123c93b9d69ee55ecfb2e5d11a0129e6c7a353b1b1782a08748ed31c26
 MISC metadata.xml 249 BLAKE2B ad415db89e5dee1627aa77f44ded9d4e1e5b8217d06c7ca25bbaa3fe92ce67c2b1090957c45a821b407d7927e5af798498aa6a5b903895ee1af8ee20a446c7f7 SHA512 76a5a340b13f0053ca3c5e94ed24380ea8d29b45ac8655419e22eaadb1e4a827c04d2e7e36b65145c4964e6526f656618fc6ac144e277ef53cb7373e6239e3c3
diff --git a/kde-apps/kwrite/files/kwrite-18.04.3-root-user.patch b/kde-apps/kwrite/files/kwrite-18.04.3-root-user.patch
new file mode 100644
index 000000000000..5bbf2da605ea
--- /dev/null
+++ b/kde-apps/kwrite/files/kwrite-18.04.3-root-user.patch
@@ -0,0 +1,62 @@
+From bf6d5b7532968763bdc629aa90426c53500af13f Mon Sep 17 00:00:00 2001
+From: Nathaniel Graham <nate@kde.org>
+Date: Sat, 26 May 2018 14:50:24 -0600
+Subject: Re-allow running Kate and KWrite as the actual root user (but still
+ not using sudo)
+
+Summary:
+The original change (9adcebd3c2e476c8a32e9b455cc99f46b0e12a7e) to prevent sudo usage broke the use case of running KWrite or Kate while logged in as the actual `root` user with a GUI session. This is how the Kali distro is set up by default, so the original change amounted to making Kate and KWrite not launch at all on this KDE distro.
+
+This patch re-enables running as the actual root user, but keeps blocking usage via `sudo` or `kdesu`. There are no negative security implications associated with re-allowing usage via the root user, since if you're running a GUI session, you were already exposed to the original security threat and Kate and KWrite do not increase the attack surface.
+
+I have submitted a similar change for Dolphin that has been accepted (D12795), but @elvisangelaccio wants that to go in at the same time as this, to keep them in sync.
+
+BUG: 387973
+FIXED-IN: 18.08.0
+
+Test Plan:
+- Log in as normal user and run `sudo kate` or `sudo kwrite`: you get an error message.
+- Log in as normal user and run `kdesu kate` or `kdesu kwrite`: you get an error message.
+- Log in as the root user and run Kate or KWrite normally: it works.
+
+Reviewers: #kate, dhaumann, cullmann, #ktexteditor
+
+Reviewed By: #kate, dhaumann, #ktexteditor
+
+Subscribers: kwrite-devel, elvisangelaccio
+
+Tags: #kate
+
+Differential Revision: https://phabricator.kde.org/D13138
+---
+ kwrite/main.cpp | 14 ++++++++------
+ 2 files changed, 16 insertions(+), 12 deletions(-)
+
+diff --git a/kwrite/main.cpp b/kwrite/main.cpp
+index 62f4f2d..d3f3ca9 100644
+--- a/kwrite/main.cpp
++++ b/kwrite/main.cpp
+@@ -50,13 +50,15 @@
+ extern "C" Q_DECL_EXPORT int main(int argc, char **argv)
+ {
+ #ifndef Q_OS_WIN
+-    /**
+-     * Check whether we are running as root
+-     **/
++    // Prohibit using sudo or kdesu (but allow using the root user directly)
+     if (getuid() == 0) {
+-        std::cout << "Executing KWrite as root is not possible. To edit files as root use:" << std::endl;
+-        std::cout << "SUDO_EDITOR=kwrite sudoedit <file>" << std::endl;
+-        return 0;
++        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
++            std::cout << "Executing Kate with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
++            return EXIT_FAILURE;
++        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
++            std::cout << "Executing Kate with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
++            return EXIT_FAILURE;
++        }
+     }
+ #endif
+     /**
+-- 
+cgit v0.11.2
diff --git a/kde-apps/kwrite/kwrite-18.04.2.ebuild b/kde-apps/kwrite/kwrite-18.04.3.ebuild
index 40a36cff18e3..c9b017598b83 100644
--- a/kde-apps/kwrite/kwrite-18.04.2.ebuild
+++ b/kde-apps/kwrite/kwrite-18.04.3.ebuild
@@ -30,6 +30,8 @@ DEPEND="
 "
 RDEPEND="${DEPEND}"
 
+PATCHES=( "${FILESDIR}/${PN}-18.04.3-root-user.patch" )
+
 src_prepare() {
 	kde5_src_prepare
 	# delete colliding kate translations