From 16449a80e28af2209916cc66d19c9a44ca2b90d9 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 20 Feb 2019 15:11:50 +0000 Subject: gentoo resync : 20.02.2019 --- kde-frameworks/Manifest.gz | Bin 13738 -> 13744 bytes kde-frameworks/kauth/Manifest | 3 +- .../kauth/files/kauth-5.54.0-CVE-2019-7443.patch | 68 +++++++++++++++++++++ kde-frameworks/kauth/kauth-5.54.0-r1.ebuild | 43 +++++++++++++ kde-frameworks/kauth/kauth-5.54.0.ebuild | 41 ------------- kde-frameworks/kdoctools/Manifest | 2 +- .../kdoctools/kdoctools-5.54.0-r1.ebuild | 2 +- 7 files changed, 115 insertions(+), 44 deletions(-) create mode 100644 kde-frameworks/kauth/files/kauth-5.54.0-CVE-2019-7443.patch create mode 100644 kde-frameworks/kauth/kauth-5.54.0-r1.ebuild delete mode 100644 kde-frameworks/kauth/kauth-5.54.0.ebuild (limited to 'kde-frameworks') diff --git a/kde-frameworks/Manifest.gz b/kde-frameworks/Manifest.gz index 9206f8247747..7f00af4a915e 100644 Binary files a/kde-frameworks/Manifest.gz and b/kde-frameworks/Manifest.gz differ diff --git a/kde-frameworks/kauth/Manifest b/kde-frameworks/kauth/Manifest index 74260e5a0ba6..eb13328a1698 100644 --- a/kde-frameworks/kauth/Manifest +++ b/kde-frameworks/kauth/Manifest @@ -1,5 +1,6 @@ +AUX kauth-5.54.0-CVE-2019-7443.patch 2448 BLAKE2B b0a9d1e739c5ea66d489157c160db395ec406cafcb098e94ccca8136019a7cb33e3d5d1ff3654e9cfa2c3c003c866fb8dc315305ca5cee79b4bff17973edaa97 SHA512 9cb0e37eedb5cee82c5e6d1b316f92f014c8850c9274a8d0c728f306ceabc35cbbec81b0057ebaf904bd48f3e07d6f83d91b0ef12602a0c1ba66b39a04bb45e4 DIST kauth-5.54.0.tar.xz 84688 BLAKE2B beba564ccc64af52b772ce827b756fad493e3e4926e6bb8b7b65154bf6b7a1753a211e98dd12c67bba844412610ff08f39b9e34a0aadc6c2fc87f4a25e4090bc SHA512 f75c6f019d708409817a5b64d88033326a7d627cdee00e61280043d5cd8f65731f08d48405f50c7240f18670b25abfeea4b2af5966ebb2ee7e0f56669b5551c2 DIST kauth-5.55.0.tar.xz 84920 BLAKE2B 763a06a4361849c5f75a30b11e76ba99e5173844250b6b75b97560852dc7cd48438d3042a2c4575f9395a3be80215baf2f25a77e8d2e9d5879f2b881417106ab SHA512 fbaeb079ae478d84d9f75c19c3c8cafd105e8fc8648afb1787b61df44862620462ee379edb995f1157c09e70db2aba961ceaa82381fe7c9a05a35e30b103464b -EBUILD kauth-5.54.0.ebuild 825 BLAKE2B 4e034c0db47beb70b66b1f06b939868ea4a85927dbe23f35cde7d015c318e44aec1990a4993024864fb852bf9135778e5cc706a4c7b005f0c10ff625df36a290 SHA512 95a0a04bc8bc3d99b30c33a49454bc1f4ad12d5503059599bd6a1f1b23a7113a9145d0bf0e4389fa7cbaef7c7353442d9e8e21d64a7a30b3e0ce461f3a64a127 +EBUILD kauth-5.54.0-r1.ebuild 877 BLAKE2B 929aba9af56458ff78b2e1fce8155bc4bd676994f2b38a3824055be36b05be2803057577fa4d0258ca4071d4eedc0891e434cf4b35c74f53b2f5727f7b1dae6a SHA512 6928fba45328867836011167a53527a735073d0aad54e7e8d290410ab4c31562e9dfce7f781be72a515301b13717c86bd3bc2a410c1cd4f2eacd913afb3a5ef4 EBUILD kauth-5.55.0.ebuild 837 BLAKE2B 712f431c7dbd6fb1a00a9731fff4f1c46841996fb1a2a2684bbe907cc50acedc839ff765b055dfd596e46a38c60315e8f5ada9f5c46275a4689e67552f73c5d3 SHA512 77414c4a4851b0650c3e5b52b8027a999ac355781b3f2395b96e0f4f2a574b8f56421ead834da4d54d6deafea647cdb8a460c91d7b135c7cd3a5c98e1a7e447c MISC metadata.xml 249 BLAKE2B ad415db89e5dee1627aa77f44ded9d4e1e5b8217d06c7ca25bbaa3fe92ce67c2b1090957c45a821b407d7927e5af798498aa6a5b903895ee1af8ee20a446c7f7 SHA512 76a5a340b13f0053ca3c5e94ed24380ea8d29b45ac8655419e22eaadb1e4a827c04d2e7e36b65145c4964e6526f656618fc6ac144e277ef53cb7373e6239e3c3 diff --git a/kde-frameworks/kauth/files/kauth-5.54.0-CVE-2019-7443.patch b/kde-frameworks/kauth/files/kauth-5.54.0-CVE-2019-7443.patch new file mode 100644 index 000000000000..5b11cd8f5e98 --- /dev/null +++ b/kde-frameworks/kauth/files/kauth-5.54.0-CVE-2019-7443.patch @@ -0,0 +1,68 @@ +From fc70fb0161c1b9144d26389434d34dd135cd3f4a Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Sat, 2 Feb 2019 14:35:25 +0100 +Subject: Remove support for passing gui QVariants to KAuth helpers + +Supporting gui variants is very dangerous since they can end up triggering +image loading plugins which are one of the biggest vectors for crashes, which +for very smart people mean possible code execution, which is very dangerous +in code that is executed as root. + +We've checked all the KAuth helpers inside KDE git and none seems to be using +gui variants, so we're not actually limiting anything that people wanted to do. + +Reviewed by security@kde.org and Aleix Pol + +Issue reported by Fabian Vogt +--- + src/backends/dbus/DBusHelperProxy.cpp | 9 +++++++++ + src/kauthaction.h | 2 ++ + 2 files changed, 11 insertions(+) + +diff --git a/src/backends/dbus/DBusHelperProxy.cpp b/src/backends/dbus/DBusHelperProxy.cpp +index 10c14c6..8f0d336 100644 +--- a/src/backends/dbus/DBusHelperProxy.cpp ++++ b/src/backends/dbus/DBusHelperProxy.cpp +@@ -31,6 +31,8 @@ + #include "kf5authadaptor.h" + #include "kauthdebug.h" + ++extern Q_CORE_EXPORT const QMetaTypeInterface *qMetaTypeGuiHelper; ++ + namespace KAuth + { + +@@ -229,10 +231,17 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra + return ActionReply::HelperBusyReply().serialized(); + } + ++ // Make sure we don't try restoring gui variants, in particular QImage/QPixmap/QIcon are super dangerous ++ // since they end up calling the image loaders and thus are a vector for crashing → executing code ++ auto origMetaTypeGuiHelper = qMetaTypeGuiHelper; ++ qMetaTypeGuiHelper = nullptr; ++ + QVariantMap args; + QDataStream s(&arguments, QIODevice::ReadOnly); + s >> args; + ++ qMetaTypeGuiHelper = origMetaTypeGuiHelper; ++ + m_currentAction = action; + emit remoteSignal(ActionStarted, action, QByteArray()); + QEventLoop e; +diff --git a/src/kauthaction.h b/src/kauthaction.h +index c67a70a..01f3ba1 100644 +--- a/src/kauthaction.h ++++ b/src/kauthaction.h +@@ -298,6 +298,8 @@ public: + * This method sets the variant map that the application + * can use to pass arbitrary data to the helper when executing the action. + * ++ * Only non-gui variants are supported. ++ * + * @param arguments The new arguments map + */ + void setArguments(const QVariantMap &arguments); +-- +cgit v1.1 + diff --git a/kde-frameworks/kauth/kauth-5.54.0-r1.ebuild b/kde-frameworks/kauth/kauth-5.54.0-r1.ebuild new file mode 100644 index 000000000000..864369ed55f6 --- /dev/null +++ b/kde-frameworks/kauth/kauth-5.54.0-r1.ebuild @@ -0,0 +1,43 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +VIRTUALX_REQUIRED="test" +inherit kde5 + +DESCRIPTION="Framework to let applications perform actions as a privileged user" +LICENSE="LGPL-2.1+" +KEYWORDS="amd64 ~arm ~arm64 x86" +IUSE="nls +policykit" + +RDEPEND=" + $(add_frameworks_dep kcoreaddons) + $(add_qt_dep qtdbus) + $(add_qt_dep qtgui) + $(add_qt_dep qtwidgets) + policykit? ( sys-auth/polkit-qt[qt5(+)] ) +" +DEPEND="${RDEPEND} + nls? ( $(add_qt_dep linguist-tools) ) +" +PDEPEND="policykit? ( kde-plasma/polkit-kde-agent )" + +PATCHES=( "${FILESDIR}/${P}-CVE-2019-7443.patch" ) + +src_configure() { + local mycmakeargs=( + $(cmake-utils_use_find_package policykit PolkitQt5-1) + ) + + kde5_src_configure +} + +src_test() { + # KAuthHelperTest test fails, bug 654842 + local myctestargs=( + -E "(KAuthHelperTest)" + ) + + kde5_src_test +} diff --git a/kde-frameworks/kauth/kauth-5.54.0.ebuild b/kde-frameworks/kauth/kauth-5.54.0.ebuild deleted file mode 100644 index 8b1f6e6451e0..000000000000 --- a/kde-frameworks/kauth/kauth-5.54.0.ebuild +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -VIRTUALX_REQUIRED="test" -inherit kde5 - -DESCRIPTION="Framework to let applications perform actions as a privileged user" -LICENSE="LGPL-2.1+" -KEYWORDS="amd64 ~arm ~arm64 x86" -IUSE="nls +policykit" - -RDEPEND=" - $(add_frameworks_dep kcoreaddons) - $(add_qt_dep qtdbus) - $(add_qt_dep qtgui) - $(add_qt_dep qtwidgets) - policykit? ( sys-auth/polkit-qt[qt5(+)] ) -" -DEPEND="${RDEPEND} - nls? ( $(add_qt_dep linguist-tools) ) -" -PDEPEND="policykit? ( kde-plasma/polkit-kde-agent )" - -src_configure() { - local mycmakeargs=( - $(cmake-utils_use_find_package policykit PolkitQt5-1) - ) - - kde5_src_configure -} - -src_test() { - # KAuthHelperTest test fails, bug 654842 - local myctestargs=( - -E "(KAuthHelperTest)" - ) - - kde5_src_test -} diff --git a/kde-frameworks/kdoctools/Manifest b/kde-frameworks/kdoctools/Manifest index 42b22b4f38f8..f46cd1905681 100644 --- a/kde-frameworks/kdoctools/Manifest +++ b/kde-frameworks/kdoctools/Manifest @@ -1,7 +1,7 @@ AUX kdoctools-5.54.0-gentoo-docbundledir.patch 1055 BLAKE2B 0b57d4d23fdac39a939d1355ddecb5d0ba53c1a2b2ef43fb1127834b1004b4fd63a8e32a160794a51879a103c658068a67663fe8f9e1cb99ede5154cbccf2c1d SHA512 18dcd82bfccec19eccb5993cfabf4ead9222dbf29cad3a9df4b1c225a2693ea0b882dac78f969da7bf98aa4bdf5b09ee28cef6ff28935502439ca20fad427bdb DIST kdoctools-5.54.0.tar.xz 424772 BLAKE2B 84ca18c87b2a58370d4681ad88ed2f2effdf1d269a1bf550eed3b10a25997160fdc16fb7b39bc8b9816aa5cb3469467b2ab0448c379a6a6b0f10748cd4ec839a SHA512 b389fd1a7b2ea32d13ddca128ed2cb6375856f1c40f83c29a46e9ed1713de6e28e4415743403de37cf1f8a4ddcba4d7cc1e295e5c50443c4faf02939854f72cb DIST kdoctools-5.55.0.tar.xz 424852 BLAKE2B a41d701aad709a2558643005be4d9a4facad627836bd2654fe3d9c9418c2d541187af8c02091c7621270381beb21520c515851f36233ded854fb93f0fdbfeccb SHA512 157f7b98b16b8724c66885a2512952230ca8492b2f495d3738f1f4793c24c94b05751c88d4c4c79b3bd942b70e33e5fecb56f855383d883ef1b2f0c1ea8007d1 -EBUILD kdoctools-5.54.0-r1.ebuild 824 BLAKE2B a36dd50fe691451dae54f8de78549ae156761fd34530812fc8996ca114d0c89dc72eabd2cd6f586ab03c68f418e584ba69b633d3f6c0afabb2dab9a08ece3c7d SHA512 50d0488cb1f66d53386e2313efb44eed40a40a5de4940984eb99b235d426be11c6a4deb65190f4a7ef98a0c7f8434c41b3637f43433189cf1f9fbcc310fad44a +EBUILD kdoctools-5.54.0-r1.ebuild 822 BLAKE2B e494912216e51e72a3c3776b5b39b97859e3cdd2be8a0df16827528187501e4b74869917120e17d5630b9057d51523e4883432d988c15651807c92183818ede8 SHA512 4378204bc47a9c24f36baf690badd5a271c1d3ba6c8a3d598de2c875e0d008da10a0ab62139dffef470c99c5ee297844b8f41f8c3d4000190d1f38cc2c14f0a4 EBUILD kdoctools-5.54.0.ebuild 754 BLAKE2B 21e26b7e322d969dee69f1bb4a0df1ff6f5a78e14021197a2817322a4e0e8f1021253b1d5262e3f258fd9d60b95275d175fc63024287a4c6dea637188f43467f SHA512 a2ce911111472b5f28062615d9d5ab881ba067f99507dbf7b0b9b94ee3c48f9d62571bb51bd2cf96b97a37adb2a868063ec7f45db0afebbbaac6ce05a167db1f EBUILD kdoctools-5.55.0.ebuild 832 BLAKE2B 196d19d7342de8c5c55d03824e8bc05096cc0de00d9db180d09d85244ed703b7c144294bd5a7bd67429e00dbdaa3cdf5f7f39a61188e7360b5aa847bd2440d76 SHA512 97ec366935ac281a524d025feb514f641a01e323120f3e12a952c31ec817b62ed5506bd5ce1c69a960cb9a3c0a1747e089ed9f3aa4ba47a4630a37dd4549251b MISC metadata.xml 249 BLAKE2B ad415db89e5dee1627aa77f44ded9d4e1e5b8217d06c7ca25bbaa3fe92ce67c2b1090957c45a821b407d7927e5af798498aa6a5b903895ee1af8ee20a446c7f7 SHA512 76a5a340b13f0053ca3c5e94ed24380ea8d29b45ac8655419e22eaadb1e4a827c04d2e7e36b65145c4964e6526f656618fc6ac144e277ef53cb7373e6239e3c3 diff --git a/kde-frameworks/kdoctools/kdoctools-5.54.0-r1.ebuild b/kde-frameworks/kdoctools/kdoctools-5.54.0-r1.ebuild index f42653740612..93d8560fd4aa 100644 --- a/kde-frameworks/kdoctools/kdoctools-5.54.0-r1.ebuild +++ b/kde-frameworks/kdoctools/kdoctools-5.54.0-r1.ebuild @@ -8,7 +8,7 @@ inherit kde5 DESCRIPTION="Tools to generate documentation in various formats from DocBook files" LICENSE="MIT" -KEYWORDS="~amd64 ~arm ~arm64 ~x86" +KEYWORDS="amd64 ~arm ~arm64 x86" IUSE="nls" BDEPEND=" -- cgit v1.2.3