diff options
Diffstat (limited to 'kde-frameworks/ktexteditor')
-rw-r--r-- | kde-frameworks/ktexteditor/Manifest | 7 | ||||
-rw-r--r-- | kde-frameworks/ktexteditor/files/ktexteditor-5.46.0-CVE-2018-10361.patch | 187 | ||||
-rw-r--r-- | kde-frameworks/ktexteditor/ktexteditor-5.50.0.ebuild | 4 | ||||
-rw-r--r-- | kde-frameworks/ktexteditor/ktexteditor-5.51.0.ebuild (renamed from kde-frameworks/ktexteditor/ktexteditor-5.46.0-r1.ebuild) | 7 |
4 files changed, 7 insertions, 198 deletions
diff --git a/kde-frameworks/ktexteditor/Manifest b/kde-frameworks/ktexteditor/Manifest index f0b98f2f35f3..39fd2eade014 100644 --- a/kde-frameworks/ktexteditor/Manifest +++ b/kde-frameworks/ktexteditor/Manifest @@ -1,6 +1,5 @@ -AUX ktexteditor-5.46.0-CVE-2018-10361.patch 6579 BLAKE2B 9e992f2fc416cf51b30476df46f290069d490c22c09f5f0a7d790789163f1269373c607260ed638c62984cf405944ebd7a36b564ef6d80603827a3f23c4c5662 SHA512 c67557557e8eea7c74426df333301c8e8db6af7d892e7a8aff7e545b450155253b47eabc3a1baeb669e7e34539615d8f8cdf99e4b199204a4decb9962b11b423 -DIST ktexteditor-5.46.0.tar.xz 2296888 BLAKE2B 45572ff487505c38f6dfa23b96bd84ba83292ae1077bf3615fc2d30aaf6aa0347605a7c2ae4df68cc92552c1ecd8060ce1ba44f11bc78cfe736149476d6af5ab SHA512 b0197a82e9489c4093594c68a6c21dc9e204ec78cd17e5a0117d84e501710d90ad06214ed217332279f3b67ae84119d09d6eb19e33b37b7bde2ebb8a07b6a543 DIST ktexteditor-5.50.0.tar.xz 2247840 BLAKE2B 000f2e9f021d3e6275baafe0e70c7d24ef950e1d6ad13ecfc0ed7dc60ce09840a11401b3b6b00f1cddd3155ad4cde82fe93689a259af32efba1d01e8299509c4 SHA512 ab58d937d7b3e6374f7800fa81d52522a8fe73e67a222402b557b41770f1067348bb6b0e8a4e76cf4c983cc3e2e9df0760bd10791531b6d59cbd438c39e93537 -EBUILD ktexteditor-5.46.0-r1.ebuild 1478 BLAKE2B 1db4a6c3fbdd3149f0494d2d97ff7b6638393e1559df27f4206c10f04ec8dbd41c07d8c540c0cff133c8e1ff9ac7084f3b7cdf95169b8f67d6ddd7825d11b18b SHA512 86a33f3ffb9fbd7f077bed69fd3e1e800a332ac6e239c7b6994d5cb2656b7100db45fa19fb9f9bd6db46a827190c426a853b92dcf4b4b93b383ae3b71651e037 -EBUILD ktexteditor-5.50.0.ebuild 1467 BLAKE2B 1703e79ee198f14c5cd6ece3caca83caf24fb336951c8cc00315a4fa18128405b70b5f056ba5fa3862da0b73291bad3296732cb26edb0085c22d7236195cd914 SHA512 6765fb3da287956365ebfe558c7f04dcf0ed3b94305ada6e1622fea10751f6fcee80556f8b9d8e5364c49412621fc7e12e5c85e10d282621672082e9fe32377f +DIST ktexteditor-5.51.0.tar.xz 2249636 BLAKE2B 5f537e5a69a6bbe51b9470908e66c027966d0c9cf362362b6c8a05345b7bcea35026ed87378d0a3b44d32cf5504766df176e6299b486cba6ae7d2a16aa618035 SHA512 9da7f51240b9772e03d90438a3e21f29889ef0e69c7af86ffbd702f7a1569cffeda52e1f24f1b4a28739366a5229348a147da994e2ffe32b1a6d5dc17213f0f9 +EBUILD ktexteditor-5.50.0.ebuild 1462 BLAKE2B 2079339d4c9abdba2f9519c0d45e2a3e49fcd0abd8bdeeafefdd78c6fb917988906b759f19d13f8bc9d08f0bab9ebf0cdf17c07d9f7ad225b4cf8b2dbb5d164c SHA512 93d1828f0ae9dc86ccb2551baddd6bf359b13b2e04545df16a5f404b318519c8ca2a969532a05b6f98187ae92292785530b2ca023c1f7ccc3e76372330192e43 +EBUILD ktexteditor-5.51.0.ebuild 1395 BLAKE2B b4be6ac4af75375ed216a680e467b88cb002a803ee3fbe64f2e9d7c69fe8a17cebe9e88ba8fe5ccee276b2e29bbdb4d0a94c57fe9aa98a51ada0911d19302ce1 SHA512 e829402126d57b4794a42e0899735b82e35dc9a2615d2a6eda997ab28c8fd4a1c1bb005488e901bec314bbf5c669bb862ac900acc0fcb9217d6cbd76fc73e6aa MISC metadata.xml 351 BLAKE2B 7e4b1aefcf41fd5e37bd68d4e2fdb057be4ba7f8efb18b3494fe551c1990eb5209e4692e9b9a5618c950875c03a05ba6a39e2ea8c7f63c9894dab23277b0a070 SHA512 e87786bace9486ef7f23fe747b3a880af51a6b0b2e7dd7c0e6c7e597bb9ac11e787c403e15cded386632d13682061f7dbcd47e2b411b12f998de964bbfe57301 diff --git a/kde-frameworks/ktexteditor/files/ktexteditor-5.46.0-CVE-2018-10361.patch b/kde-frameworks/ktexteditor/files/ktexteditor-5.46.0-CVE-2018-10361.patch deleted file mode 100644 index d3b9b5d480ac..000000000000 --- a/kde-frameworks/ktexteditor/files/ktexteditor-5.46.0-CVE-2018-10361.patch +++ /dev/null @@ -1,187 +0,0 @@ -From c81af5aa1d4f6e0f8c44b2e85ca007ba2a1e4590 Mon Sep 17 00:00:00 2001 -From: Christoph Cullmann <cullmann@kde.org> -Date: Thu, 7 Jun 2018 16:12:25 +0200 -Subject: CVE-2018-10361: privilege escalation - -improve handling of temporary file to avoid possible race-condition - -Differential Revision: https://phabricator.kde.org/D12513 ---- - src/buffer/katesecuretextbuffer.cpp | 99 +++++++++++++++++-------------------- - src/buffer/katesecuretextbuffer_p.h | 4 -- - 2 files changed, 46 insertions(+), 57 deletions(-) - -diff --git a/src/buffer/katesecuretextbuffer.cpp b/src/buffer/katesecuretextbuffer.cpp -index 0647bee..c014608 100644 ---- a/src/buffer/katesecuretextbuffer.cpp -+++ b/src/buffer/katesecuretextbuffer.cpp -@@ -53,39 +53,37 @@ ActionReply SecureTextBuffer::savefile(const QVariantMap &args) - bool SecureTextBuffer::saveFileInternal(const QString &sourceFile, const QString &targetFile, - const QByteArray &checksum, const uint ownerId, const uint groupId) - { -- QFileInfo targetFileInfo(targetFile); -- if (!QDir::setCurrent(targetFileInfo.dir().path())) { -+ /** -+ * open source file for reading -+ * if not possible, signal error -+ */ -+ QFile readFile(sourceFile); -+ if (!readFile.open(QIODevice::ReadOnly)) { - return false; - } - -- // get information about target file -- const QString targetFileName = targetFileInfo.fileName(); -- targetFileInfo.setFile(targetFileName); -- const bool newFile = !targetFileInfo.exists(); -- -- // open source and target file -- QFile readFile(sourceFile); -- //TODO use QSaveFile for saving contents and automatic atomic move on commit() when QSaveFile's security problem -- // (default temporary file permissions) is fixed -- // -- // We will first generate temporary filename and then use it relatively to prevent an attacker -- // to trick us to write contents to a different file by changing underlying directory. -- QTemporaryFile tempFile(targetFileName); -+ /** -+ * construct file info for target file -+ * we need to know things like path/exists/permissions -+ */ -+ const QFileInfo targetFileInfo(targetFile); -+ -+ /** -+ * create temporary file in current directory to be able to later do an atomic rename -+ * we need to pass full path, else QTemporaryFile uses the temporary directory -+ * if not possible, signal error, this catches e.g. a non-existing target directory, too -+ */ -+ QTemporaryFile tempFile(targetFileInfo.absolutePath() + QStringLiteral("/secureXXXXXX")); - if (!tempFile.open()) { - return false; - } -- tempFile.close(); -- QString tempFileName = QFileInfo(tempFile).fileName(); -- tempFile.setFileName(tempFileName); -- if (!readFile.open(QIODevice::ReadOnly) || !tempFile.open()) { -- return false; -- } -- const int tempFileDescriptor = tempFile.handle(); - -- // prepare checksum maker -+ /** -+ * copy contents + do checksumming -+ * if not possible, signal error -+ */ - QCryptographicHash cryptographicHash(checksumAlgorithm); -- -- // copy contents -+ const qint64 bufferLength = 4096; - char buffer[bufferLength]; - qint64 read = -1; - while ((read = readFile.read(buffer, bufferLength)) > 0) { -@@ -95,30 +93,43 @@ bool SecureTextBuffer::saveFileInternal(const QString &sourceFile, const QString - } - } - -- // check that copying was successful and checksum matched -- QByteArray localChecksum = cryptographicHash.result(); -- if (read == -1 || localChecksum != checksum || !tempFile.flush()) { -+ /** -+ * check that copying was successful and checksum matched -+ * we need to flush the file, as QTemporaryFile keeps the handle open -+ * and we later do things like renaming of the file! -+ * if not possible, signal error -+ */ -+ if ((read == -1) || (cryptographicHash.result() != checksum) || !tempFile.flush()) { - return false; - } - -- tempFile.close(); -- -- if (newFile) { -+ /** -+ * try to preserve the permissions -+ */ -+ if (!targetFileInfo.exists()) { - // ensure new file is readable by anyone - tempFile.setPermissions(tempFile.permissions() | QFile::Permission::ReadGroup | QFile::Permission::ReadOther); - } else { - // ensure the same file permissions - tempFile.setPermissions(targetFileInfo.permissions()); -+ - // ensure file has the same owner and group as before -- setOwner(tempFileDescriptor, ownerId, groupId); -+ setOwner(tempFile.handle(), ownerId, groupId); - } - -- // rename temporary file to the target file -- if (moveFile(tempFileName, targetFileName)) { -+ /** -+ * try to (atomic) rename temporary file to the target file -+ */ -+ if (moveFile(tempFile.fileName(), targetFileInfo.filePath())) { - // temporary file was renamed, there is nothing to remove anymore - tempFile.setAutoRemove(false); - return true; - } -+ -+ /** -+ * we failed -+ * QTemporaryFile will handle cleanup -+ */ - return false; - } - -@@ -141,28 +152,10 @@ bool SecureTextBuffer::moveFile(const QString &sourceFile, const QString &target - { - #if !defined(Q_OS_WIN) && !defined(Q_OS_ANDROID) - const int result = std::rename(QFile::encodeName(sourceFile).constData(), QFile::encodeName(targetFile).constData()); -- if (result == 0) { -- syncToDisk(QFile(targetFile).handle()); -- return true; -- } -- return false; -+ return (result == 0); - #else - // use racy fallback for windows - QFile::remove(targetFile); - return QFile::rename(sourceFile, targetFile); - #endif - } -- --void SecureTextBuffer::syncToDisk(const int fd) --{ --#ifndef Q_OS_WIN --#if HAVE_FDATASYNC -- fdatasync(fd); --#else -- fsync(fd); --#endif --#else -- // no-op for windows --#endif --} -- -diff --git a/src/buffer/katesecuretextbuffer_p.h b/src/buffer/katesecuretextbuffer_p.h -index a38285b..e00721c 100644 ---- a/src/buffer/katesecuretextbuffer_p.h -+++ b/src/buffer/katesecuretextbuffer_p.h -@@ -56,8 +56,6 @@ public: - static const QCryptographicHash::Algorithm checksumAlgorithm = QCryptographicHash::Algorithm::Sha512; - - private: -- static const qint64 bufferLength = 4096; -- - /** - * Saves file contents using sets permissions. - */ -@@ -66,8 +64,6 @@ private: - - static bool moveFile(const QString &sourceFile, const QString &targetFile); - -- static void syncToDisk(const int fd); -- - public Q_SLOTS: - /** - * KAuth action to perform both prepare or move work based on given parameters. --- -cgit v0.11.2 diff --git a/kde-frameworks/ktexteditor/ktexteditor-5.50.0.ebuild b/kde-frameworks/ktexteditor/ktexteditor-5.50.0.ebuild index 7894f7bd968c..ad58dd3ca059 100644 --- a/kde-frameworks/ktexteditor/ktexteditor-5.50.0.ebuild +++ b/kde-frameworks/ktexteditor/ktexteditor-5.50.0.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2018 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=6 @@ -8,7 +8,7 @@ inherit kde5 DESCRIPTION="Framework providing a full text editor component" LICENSE="LGPL-2+" -KEYWORDS="~amd64 ~arm ~arm64 ~x86" +KEYWORDS="amd64 ~arm ~arm64 x86" IUSE="editorconfig git" RDEPEND=" diff --git a/kde-frameworks/ktexteditor/ktexteditor-5.46.0-r1.ebuild b/kde-frameworks/ktexteditor/ktexteditor-5.51.0.ebuild index ab7450b249e3..574303e70287 100644 --- a/kde-frameworks/ktexteditor/ktexteditor-5.46.0-r1.ebuild +++ b/kde-frameworks/ktexteditor/ktexteditor-5.51.0.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2018 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=6 @@ -8,7 +8,7 @@ inherit kde5 DESCRIPTION="Framework providing a full text editor component" LICENSE="LGPL-2+" -KEYWORDS="amd64 ~arm ~arm64 x86" +KEYWORDS="~amd64 ~arm ~arm64 ~x86" IUSE="editorconfig git" RDEPEND=" @@ -40,14 +40,11 @@ RDEPEND=" git? ( dev-libs/libgit2:= ) " DEPEND="${RDEPEND} - $(add_qt_dep qtxmlpatterns) test? ( $(add_frameworks_dep kservice) ) " RESTRICT+=" test" -PATCHES=( "${FILESDIR}/${P}-CVE-2018-10361.patch" ) - src_configure() { local mycmakeargs=( $(cmake-utils_use_find_package editorconfig EditorConfig) |