diff options
author | Andreas Sturmlechner <asturm@gentoo.org> | 2020-05-10 17:17:37 +0200 |
---|---|---|
committer | Andreas Sturmlechner <asturm@gentoo.org> | 2020-05-10 17:59:24 +0200 |
commit | d68e0a691d63ed87eed3e1fc1e0972a29c69e7f1 (patch) | |
tree | 3dc5a921046d9682d806b658dfee89db157db521 | |
parent | app-emacs/php-mode: Version bump to 1.23.0. (diff) | |
download | gentoo-d68e0a691d63ed87eed3e1fc1e0972a29c69e7f1.tar.gz gentoo-d68e0a691d63ed87eed3e1fc1e0972a29c69e7f1.tar.bz2 gentoo-d68e0a691d63ed87eed3e1fc1e0972a29c69e7f1.zip |
kde-apps/kio-extras: Fix CVE-2020-12755
Bug: https://bugs.gentoo.org/722152
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
-rw-r--r-- | kde-apps/kio-extras/files/kio-extras-19.12.3-CVE-2020-12755.patch | 26 | ||||
-rw-r--r-- | kde-apps/kio-extras/kio-extras-19.12.3-r1.ebuild | 89 | ||||
-rw-r--r-- | kde-apps/kio-extras/kio-extras-20.04.0-r1.ebuild | 97 |
3 files changed, 212 insertions, 0 deletions
diff --git a/kde-apps/kio-extras/files/kio-extras-19.12.3-CVE-2020-12755.patch b/kde-apps/kio-extras/files/kio-extras-19.12.3-CVE-2020-12755.patch new file mode 100644 index 000000000000..188eb28f1043 --- /dev/null +++ b/kde-apps/kio-extras/files/kio-extras-19.12.3-CVE-2020-12755.patch @@ -0,0 +1,26 @@ +From d813cef3cecdec9af1532a40d677a203ff979145 Mon Sep 17 00:00:00 2001 +From: David Faure <faure@kde.org> +Date: Sat, 9 May 2020 11:20:48 +0200 +Subject: Only store password in KWallet if the user asked for it + +--- + fish/fish.cpp | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/fish/fish.cpp b/fish/fish.cpp +index a18ef34..ccd71d3 100644 +--- a/fish/fish.cpp ++++ b/fish/fish.cpp +@@ -595,7 +595,9 @@ int fishProtocol::establishConnection(const QByteArray &buffer) { + infoMessage(i18n("Initiating protocol...")); + if (!connectionAuth.password.isEmpty()) { + connectionAuth.password = connectionAuth.password.left(connectionAuth.password.length()-1); +- cacheAuthentication(connectionAuth); ++ if (connectionAuth.keepPassword) { ++ cacheAuthentication(connectionAuth); ++ } + } + isLoggedIn = true; + return 0; +-- +cgit v1.1 diff --git a/kde-apps/kio-extras/kio-extras-19.12.3-r1.ebuild b/kde-apps/kio-extras/kio-extras-19.12.3-r1.ebuild new file mode 100644 index 000000000000..9447420e2d4f --- /dev/null +++ b/kde-apps/kio-extras/kio-extras-19.12.3-r1.ebuild @@ -0,0 +1,89 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +ECM_HANDBOOK="forceoptional" +ECM_TEST="optional" +KFMIN=5.63.0 +QTMIN=5.12.3 +VIRTUALX_REQUIRED="test" +inherit ecm kde.org + +DESCRIPTION="KIO plugins present a filesystem-like view of arbitrary data" +HOMEPAGE="https://cgit.kde.org/kio-extras.git" + +LICENSE="GPL-2" # TODO: CHECK +SLOT="5" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +IUSE="activities +man mtp nfs openexr phonon samba +sftp taglib" + +BDEPEND=" + man? ( dev-util/gperf ) +" +DEPEND=" + >=kde-frameworks/karchive-${KFMIN}:5[bzip2,lzma] + >=kde-frameworks/kbookmarks-${KFMIN}:5 + >=kde-frameworks/kcodecs-${KFMIN}:5 + >=kde-frameworks/kconfig-${KFMIN}:5 + >=kde-frameworks/kconfigwidgets-${KFMIN}:5 + >=kde-frameworks/kcoreaddons-${KFMIN}:5 + >=kde-frameworks/kdbusaddons-${KFMIN}:5 + >=kde-frameworks/kdnssd-${KFMIN}:5 + >=kde-frameworks/kguiaddons-${KFMIN}:5 + >=kde-frameworks/ki18n-${KFMIN}:5 + >=kde-frameworks/kiconthemes-${KFMIN}:5 + >=kde-frameworks/kio-${KFMIN}:5 + >=kde-frameworks/kparts-${KFMIN}:5 + >=kde-frameworks/kpty-${KFMIN}:5 + >=kde-frameworks/kservice-${KFMIN}:5 + >=kde-frameworks/kxmlgui-${KFMIN}:5 + >=kde-frameworks/solid-${KFMIN}:5 + >=kde-frameworks/syntax-highlighting-${KFMIN}:5 + >=dev-qt/qtdbus-${QTMIN}:5 + >=dev-qt/qtgui-${QTMIN}:5 + >=dev-qt/qtnetwork-${QTMIN}:5 + >=dev-qt/qtsvg-${QTMIN}:5 + >=dev-qt/qtwidgets-${QTMIN}:5 + >=dev-qt/qtxml-${QTMIN}:5 + activities? ( + >=kde-frameworks/kactivities-${KFMIN}:5 + >=kde-frameworks/kactivities-stats-${KFMIN}:5 + >=dev-qt/qtsql-${QTMIN}:5 + ) + mtp? ( >=media-libs/libmtp-1.1.16:= ) + nfs? ( net-libs/libtirpc:= ) + openexr? ( media-libs/openexr:= ) + phonon? ( media-libs/phonon[qt5(+)] ) + samba? ( net-fs/samba[client] ) + sftp? ( net-libs/libssh:=[sftp] ) + taglib? ( >=media-libs/taglib-1.11.1 ) +" +RDEPEND="${DEPEND} + >=kde-frameworks/kded-${KFMIN}:5 +" + +# requires running kde environment +RESTRICT+=" test" + +PATCHES=( + "${FILESDIR}/${P}-kio_nfs.patch" + "${FILESDIR}/${P}-CVE-2020-12755.patch" # bug 722152 +) + +src_configure() { + local mycmakeargs=( + $(cmake_use_find_package activities KF5Activities) + $(cmake_use_find_package activities KF5ActivitiesStats) + $(cmake_use_find_package man Gperf) + $(cmake_use_find_package mtp Mtp) + $(cmake_use_find_package nfs TIRPC) + $(cmake_use_find_package openexr OpenEXR) + $(cmake_use_find_package phonon Phonon4Qt5) + $(cmake_use_find_package samba Samba) + $(cmake_use_find_package sftp libssh) + $(cmake_use_find_package taglib Taglib) + ) + + ecm_src_configure +} diff --git a/kde-apps/kio-extras/kio-extras-20.04.0-r1.ebuild b/kde-apps/kio-extras/kio-extras-20.04.0-r1.ebuild new file mode 100644 index 000000000000..5850b2c388fe --- /dev/null +++ b/kde-apps/kio-extras/kio-extras-20.04.0-r1.ebuild @@ -0,0 +1,97 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +ECM_HANDBOOK="forceoptional" +ECM_TEST="optional" +KFMIN=5.69.0 +QTMIN=5.12.3 +VIRTUALX_REQUIRED="test" +inherit ecm kde.org + +DESCRIPTION="KIO plugins present a filesystem-like view of arbitrary data" +HOMEPAGE="https://cgit.kde.org/kio-extras.git" + +LICENSE="GPL-2" # TODO: CHECK +SLOT="5" +KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86" +IUSE="activities +man mtp nfs openexr phonon samba +sftp taglib X" + +BDEPEND=" + man? ( dev-util/gperf ) +" +DEPEND=" + >=dev-qt/qtdbus-${QTMIN}:5 + >=dev-qt/qtgui-${QTMIN}:5 + >=dev-qt/qtnetwork-${QTMIN}:5 + >=dev-qt/qtsvg-${QTMIN}:5 + >=dev-qt/qtwidgets-${QTMIN}:5 + >=dev-qt/qtxml-${QTMIN}:5 + >=kde-frameworks/karchive-${KFMIN}:5[bzip2,lzma] + >=kde-frameworks/kbookmarks-${KFMIN}:5 + >=kde-frameworks/kcodecs-${KFMIN}:5 + >=kde-frameworks/kconfig-${KFMIN}:5 + >=kde-frameworks/kconfigwidgets-${KFMIN}:5 + >=kde-frameworks/kcoreaddons-${KFMIN}:5 + >=kde-frameworks/kdbusaddons-${KFMIN}:5 + >=kde-frameworks/kdnssd-${KFMIN}:5 + >=kde-frameworks/kguiaddons-${KFMIN}:5 + >=kde-frameworks/ki18n-${KFMIN}:5 + >=kde-frameworks/kiconthemes-${KFMIN}:5 + >=kde-frameworks/kio-${KFMIN}:5 + >=kde-frameworks/kparts-${KFMIN}:5 + >=kde-frameworks/kpty-${KFMIN}:5 + >=kde-frameworks/kservice-${KFMIN}:5 + >=kde-frameworks/kxmlgui-${KFMIN}:5 + >=kde-frameworks/solid-${KFMIN}:5 + >=kde-frameworks/syntax-highlighting-${KFMIN}:5 + activities? ( + >=dev-qt/qtsql-${QTMIN}:5 + >=kde-frameworks/kactivities-${KFMIN}:5 + >=kde-frameworks/kactivities-stats-${KFMIN}:5 + ) + mtp? ( >=media-libs/libmtp-1.1.16:= ) + nfs? ( net-libs/libtirpc:= ) + openexr? ( media-libs/openexr:= ) + phonon? ( media-libs/phonon[qt5(+)] ) + samba? ( + net-fs/samba[client] + net-libs/kdsoap-ws-discovery-client + ) + sftp? ( net-libs/libssh:=[sftp] ) + taglib? ( >=media-libs/taglib-1.11.1 ) + X? ( + x11-libs/libX11 + x11-libs/libXcursor + ) +" +RDEPEND="${DEPEND} + >=kde-frameworks/kded-${KFMIN}:5 +" + +# requires running kde environment +RESTRICT+=" test" + +PATCHES=( "${FILESDIR}/${PN}-19.12.3-CVE-2020-12755.patch" ) # bug 722152 + +src_configure() { + local mycmakeargs=( + $(cmake_use_find_package activities KF5Activities) + $(cmake_use_find_package activities KF5ActivitiesStats) + $(cmake_use_find_package man Gperf) + $(cmake_use_find_package mtp Mtp) + $(cmake_use_find_package nfs TIRPC) + $(cmake_use_find_package openexr OpenEXR) + $(cmake_use_find_package phonon Phonon4Qt5) + $(cmake_use_find_package samba Samba) + $(cmake_use_find_package sftp libssh) + $(cmake_use_find_package taglib Taglib) + $(cmake_use_find_package X X11) + ) + use samba && mycmakeargs+=( + -DBUILD_KDSoapWSDiscoveryClient=OFF # disable bundled stuff + ) + + ecm_src_configure +} |