From cb3e8c6af7661fbcafdcacc7e0ecdfb610d098fa Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Sat, 9 Jun 2018 09:27:03 +0100
Subject: gentoo resync : 09.06.2018

---
 kde-frameworks/ktexteditor/Manifest                |   2 +
 .../files/ktexteditor-5.46.0-CVE-2018-10361.patch  | 187 +++++++++++++++++++++
 .../ktexteditor/ktexteditor-5.46.0-r1.ebuild       |  58 +++++++
 3 files changed, 247 insertions(+)
 create mode 100644 kde-frameworks/ktexteditor/files/ktexteditor-5.46.0-CVE-2018-10361.patch
 create mode 100644 kde-frameworks/ktexteditor/ktexteditor-5.46.0-r1.ebuild

(limited to 'kde-frameworks/ktexteditor')

diff --git a/kde-frameworks/ktexteditor/Manifest b/kde-frameworks/ktexteditor/Manifest
index 796a272b9dda..68ca6b2761eb 100644
--- a/kde-frameworks/ktexteditor/Manifest
+++ b/kde-frameworks/ktexteditor/Manifest
@@ -1,5 +1,7 @@
+AUX ktexteditor-5.46.0-CVE-2018-10361.patch 6579 BLAKE2B 9e992f2fc416cf51b30476df46f290069d490c22c09f5f0a7d790789163f1269373c607260ed638c62984cf405944ebd7a36b564ef6d80603827a3f23c4c5662 SHA512 c67557557e8eea7c74426df333301c8e8db6af7d892e7a8aff7e545b450155253b47eabc3a1baeb669e7e34539615d8f8cdf99e4b199204a4decb9962b11b423
 DIST ktexteditor-5.43.0.tar.xz 2302580 BLAKE2B 458e60148b02f59dd2da11a865bb11386b38a483493b3e7cd95b2f9edef4d8b90c03e453a37411f64e70ea66a81f486bba934111ae9e8d1361c1b38e6e7ed69b SHA512 fc2b3b69224e62d1bf240410fa5c3dab04e020f210230474e5e924c7125f626cd2dd30dee449948cb9197adc8f0d6e1886ed85e03312a51d116d86fc13fbf08d
 DIST ktexteditor-5.46.0.tar.xz 2296888 BLAKE2B 45572ff487505c38f6dfa23b96bd84ba83292ae1077bf3615fc2d30aaf6aa0347605a7c2ae4df68cc92552c1ecd8060ce1ba44f11bc78cfe736149476d6af5ab SHA512 b0197a82e9489c4093594c68a6c21dc9e204ec78cd17e5a0117d84e501710d90ad06214ed217332279f3b67ae84119d09d6eb19e33b37b7bde2ebb8a07b6a543
 EBUILD ktexteditor-5.43.0.ebuild 1425 BLAKE2B 00eeb14ac463fc23b391229bb4bf605b9c12c0e91fbdb81773f7bb0bdab0ec3836b0463c43beed8146431b14b28ffb73a456b192c27fdebdecca86da57dd073e SHA512 ba454c8d95abc15b5f746f63bf175b83991c46dccf54117b9769820341fa400ee35dc0bf54d3a7cced63deec5daa3cb49ba55751a7461e48adb7edd89a88abe8
+EBUILD ktexteditor-5.46.0-r1.ebuild 1480 BLAKE2B 4b75e3a34ae782e26e53bc636aef5b0d71b4b54c129239120205bca4db3f1ffca5b4635a473032a486e3948cac1edb9f9860ad6a4df9c7debc89b5b6603e226c SHA512 c857d1bc43c348c825224c4ab05aa1efdc0d19da91580fb95fc8550967014662a8a3de6d5d62bc0bf001b4a95a0e04ba3865234e64f8c57c91fba1f8d3b7bc0d
 EBUILD ktexteditor-5.46.0.ebuild 1427 BLAKE2B 06ae9c7111371de93791cac534e9959d6b32ea22affe26193148185b2564332cde237eb7c0c698894c69f52c62a9e10c4ab5508dad736ce9e953a964fda28be1 SHA512 1fc22a7562f17aed007dce8a6d1263944a432e680da55a93355092f413483ae8ab37244b8d189d7d70ace3a9bf16108195e39397eca6d5f6f4d65e39a1cc4100
 MISC metadata.xml 351 BLAKE2B 7e4b1aefcf41fd5e37bd68d4e2fdb057be4ba7f8efb18b3494fe551c1990eb5209e4692e9b9a5618c950875c03a05ba6a39e2ea8c7f63c9894dab23277b0a070 SHA512 e87786bace9486ef7f23fe747b3a880af51a6b0b2e7dd7c0e6c7e597bb9ac11e787c403e15cded386632d13682061f7dbcd47e2b411b12f998de964bbfe57301
diff --git a/kde-frameworks/ktexteditor/files/ktexteditor-5.46.0-CVE-2018-10361.patch b/kde-frameworks/ktexteditor/files/ktexteditor-5.46.0-CVE-2018-10361.patch
new file mode 100644
index 000000000000..d3b9b5d480ac
--- /dev/null
+++ b/kde-frameworks/ktexteditor/files/ktexteditor-5.46.0-CVE-2018-10361.patch
@@ -0,0 +1,187 @@
+From c81af5aa1d4f6e0f8c44b2e85ca007ba2a1e4590 Mon Sep 17 00:00:00 2001
+From: Christoph Cullmann <cullmann@kde.org>
+Date: Thu, 7 Jun 2018 16:12:25 +0200
+Subject: CVE-2018-10361: privilege escalation
+
+improve handling of temporary file to avoid possible race-condition
+
+Differential Revision: https://phabricator.kde.org/D12513
+---
+ src/buffer/katesecuretextbuffer.cpp | 99 +++++++++++++++++--------------------
+ src/buffer/katesecuretextbuffer_p.h |  4 --
+ 2 files changed, 46 insertions(+), 57 deletions(-)
+
+diff --git a/src/buffer/katesecuretextbuffer.cpp b/src/buffer/katesecuretextbuffer.cpp
+index 0647bee..c014608 100644
+--- a/src/buffer/katesecuretextbuffer.cpp
++++ b/src/buffer/katesecuretextbuffer.cpp
+@@ -53,39 +53,37 @@ ActionReply SecureTextBuffer::savefile(const QVariantMap &args)
+ bool SecureTextBuffer::saveFileInternal(const QString &sourceFile, const QString &targetFile,
+                                         const QByteArray &checksum, const uint ownerId, const uint groupId)
+ {
+-    QFileInfo targetFileInfo(targetFile);
+-    if (!QDir::setCurrent(targetFileInfo.dir().path())) {
++    /**
++     * open source file for reading
++     * if not possible, signal error
++     */
++    QFile readFile(sourceFile);
++    if (!readFile.open(QIODevice::ReadOnly)) {
+         return false;
+     }
+ 
+-    // get information about target file
+-    const QString targetFileName = targetFileInfo.fileName();
+-    targetFileInfo.setFile(targetFileName);
+-    const bool newFile = !targetFileInfo.exists();
+-
+-    // open source and target file
+-    QFile readFile(sourceFile);
+-    //TODO use QSaveFile for saving contents and automatic atomic move on commit() when QSaveFile's security problem
+-    // (default temporary file permissions) is fixed
+-    //
+-    // We will first generate temporary filename and then use it relatively to prevent an attacker
+-    // to trick us to write contents to a different file by changing underlying directory.
+-    QTemporaryFile tempFile(targetFileName);
++    /**
++     * construct file info for target file
++     * we need to know things like path/exists/permissions
++     */
++    const QFileInfo targetFileInfo(targetFile);
++
++    /**
++     * create temporary file in current directory to be able to later do an atomic rename
++     * we need to pass full path, else QTemporaryFile uses the temporary directory
++     * if not possible, signal error, this catches e.g. a non-existing target directory, too
++     */
++    QTemporaryFile tempFile(targetFileInfo.absolutePath() + QStringLiteral("/secureXXXXXX"));
+     if (!tempFile.open()) {
+         return false;
+     }
+-    tempFile.close();
+-    QString tempFileName = QFileInfo(tempFile).fileName();
+-    tempFile.setFileName(tempFileName);
+-    if (!readFile.open(QIODevice::ReadOnly) || !tempFile.open()) {
+-        return false;
+-    }
+-    const int tempFileDescriptor = tempFile.handle();
+ 
+-    // prepare checksum maker
++    /**
++     * copy contents + do checksumming
++     * if not possible, signal error
++     */
+     QCryptographicHash cryptographicHash(checksumAlgorithm);
+-
+-    // copy contents
++    const qint64 bufferLength = 4096;
+     char buffer[bufferLength];
+     qint64 read = -1;
+     while ((read = readFile.read(buffer, bufferLength)) > 0) {
+@@ -95,30 +93,43 @@ bool SecureTextBuffer::saveFileInternal(const QString &sourceFile, const QString
+         }
+     }
+ 
+-    // check that copying was successful and checksum matched
+-    QByteArray localChecksum = cryptographicHash.result();
+-    if (read == -1 || localChecksum != checksum || !tempFile.flush()) {
++    /**
++     * check that copying was successful and checksum matched
++     * we need to flush the file, as QTemporaryFile keeps the handle open
++     * and we later do things like renaming of the file!
++     * if not possible, signal error
++     */
++    if ((read == -1) || (cryptographicHash.result() != checksum) || !tempFile.flush()) {
+         return false;
+     }
+ 
+-    tempFile.close();
+-
+-    if (newFile) {
++    /**
++     * try to preserve the permissions
++     */
++    if (!targetFileInfo.exists()) {
+         // ensure new file is readable by anyone
+         tempFile.setPermissions(tempFile.permissions() | QFile::Permission::ReadGroup | QFile::Permission::ReadOther);
+     } else {
+         // ensure the same file permissions
+         tempFile.setPermissions(targetFileInfo.permissions());
++
+         // ensure file has the same owner and group as before
+-        setOwner(tempFileDescriptor, ownerId, groupId);
++        setOwner(tempFile.handle(), ownerId, groupId);
+     }
+ 
+-    // rename temporary file to the target file
+-    if (moveFile(tempFileName, targetFileName)) {
++    /**
++     * try to (atomic) rename temporary file to the target file
++     */
++    if (moveFile(tempFile.fileName(), targetFileInfo.filePath())) {
+         // temporary file was renamed, there is nothing to remove anymore
+         tempFile.setAutoRemove(false);
+         return true;
+     }
++
++    /**
++     * we failed
++     * QTemporaryFile will handle cleanup
++     */
+     return false;
+ }
+ 
+@@ -141,28 +152,10 @@ bool SecureTextBuffer::moveFile(const QString &sourceFile, const QString &target
+ {
+ #if !defined(Q_OS_WIN) && !defined(Q_OS_ANDROID)
+     const int result = std::rename(QFile::encodeName(sourceFile).constData(), QFile::encodeName(targetFile).constData());
+-    if (result == 0) {
+-        syncToDisk(QFile(targetFile).handle());
+-        return true;
+-    }
+-    return false;
++    return (result == 0);
+ #else
+     // use racy fallback for windows
+     QFile::remove(targetFile);
+     return QFile::rename(sourceFile, targetFile);
+ #endif
+ }
+-
+-void SecureTextBuffer::syncToDisk(const int fd)
+-{
+-#ifndef Q_OS_WIN
+-#if HAVE_FDATASYNC
+-    fdatasync(fd);
+-#else
+-    fsync(fd);
+-#endif
+-#else
+-    // no-op for windows
+-#endif
+-}
+-
+diff --git a/src/buffer/katesecuretextbuffer_p.h b/src/buffer/katesecuretextbuffer_p.h
+index a38285b..e00721c 100644
+--- a/src/buffer/katesecuretextbuffer_p.h
++++ b/src/buffer/katesecuretextbuffer_p.h
+@@ -56,8 +56,6 @@ public:
+     static const QCryptographicHash::Algorithm checksumAlgorithm = QCryptographicHash::Algorithm::Sha512;
+ 
+ private:
+-    static const qint64 bufferLength = 4096;
+-
+     /**
+      * Saves file contents using sets permissions.
+      */
+@@ -66,8 +64,6 @@ private:
+ 
+     static bool moveFile(const QString &sourceFile, const QString &targetFile);
+ 
+-    static void syncToDisk(const int fd);
+-
+ public Q_SLOTS:
+     /**
+      * KAuth action to perform both prepare or move work based on given parameters.
+-- 
+cgit v0.11.2
diff --git a/kde-frameworks/ktexteditor/ktexteditor-5.46.0-r1.ebuild b/kde-frameworks/ktexteditor/ktexteditor-5.46.0-r1.ebuild
new file mode 100644
index 000000000000..6920f6f7c32f
--- /dev/null
+++ b/kde-frameworks/ktexteditor/ktexteditor-5.46.0-r1.ebuild
@@ -0,0 +1,58 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+VIRTUALX_REQUIRED="test"
+inherit kde5
+
+DESCRIPTION="Framework providing a full text editor component"
+LICENSE="LGPL-2+"
+KEYWORDS="~amd64 ~arm ~arm64 ~x86"
+IUSE="editorconfig git"
+
+RDEPEND="
+	$(add_frameworks_dep karchive)
+	$(add_frameworks_dep kauth)
+	$(add_frameworks_dep kcodecs)
+	$(add_frameworks_dep kcompletion)
+	$(add_frameworks_dep kconfig)
+	$(add_frameworks_dep kconfigwidgets)
+	$(add_frameworks_dep kcoreaddons)
+	$(add_frameworks_dep kguiaddons)
+	$(add_frameworks_dep ki18n)
+	$(add_frameworks_dep kiconthemes)
+	$(add_frameworks_dep kio)
+	$(add_frameworks_dep kitemviews)
+	$(add_frameworks_dep kjobwidgets)
+	$(add_frameworks_dep kparts)
+	$(add_frameworks_dep ktextwidgets)
+	$(add_frameworks_dep kwidgetsaddons)
+	$(add_frameworks_dep kxmlgui)
+	$(add_frameworks_dep sonnet)
+	$(add_frameworks_dep syntax-highlighting)
+	$(add_qt_dep qtdeclarative)
+	$(add_qt_dep qtgui)
+	$(add_qt_dep qtprintsupport)
+	$(add_qt_dep qtwidgets)
+	$(add_qt_dep qtxml)
+	editorconfig? ( app-text/editorconfig-core-c )
+	git? ( dev-libs/libgit2:= )
+"
+DEPEND="${RDEPEND}
+	$(add_qt_dep qtxmlpatterns)
+	test? ( $(add_frameworks_dep kservice) )
+"
+
+RESTRICT+=" test"
+
+PATCHES=( "${FILESDIR}/${P}-CVE-2018-10361.patch" )
+
+src_configure() {
+	local mycmakeargs=(
+		$(cmake-utils_use_find_package editorconfig EditorConfig)
+		$(cmake-utils_use_find_package git LibGit2)
+	)
+
+	kde5_src_configure
+}
-- 
cgit v1.2.3