1 |
commit: c006f861f27d664944c9cbbd8653aa5a5fdc1a75 |
2 |
Author: Michael Palimaka <kensington <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Feb 9 13:55:21 2018 +0000 |
4 |
Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Feb 9 13:57:32 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c006f861 |
7 |
|
8 |
kde-plasma/plasma-workspace: revision bump fixes CVE-2018-6790 and CVE-2018-6791 |
9 |
|
10 |
Bug: https://bugs.gentoo.org/647106 |
11 |
Package-Manager: Portage-2.3.19, Repoman-2.3.6 |
12 |
|
13 |
.../plasma-workspace-5.11.5-CVE-2018-6790.patch | 409 +++++++++++++++++++++ |
14 |
.../plasma-workspace-5.11.5-CVE-2018-6791.patch | 31 ++ |
15 |
.../plasma-workspace-5.11.5-r1.ebuild | 175 +++++++++ |
16 |
3 files changed, 615 insertions(+) |
17 |
|
18 |
diff --git a/kde-plasma/plasma-workspace/files/plasma-workspace-5.11.5-CVE-2018-6790.patch b/kde-plasma/plasma-workspace/files/plasma-workspace-5.11.5-CVE-2018-6790.patch |
19 |
new file mode 100644 |
20 |
index 00000000000..b424e397a80 |
21 |
--- /dev/null |
22 |
+++ b/kde-plasma/plasma-workspace/files/plasma-workspace-5.11.5-CVE-2018-6790.patch |
23 |
@@ -0,0 +1,409 @@ |
24 |
+From f1e9a1c458ea44e9169c7e79b90a57fb7c65135f Mon Sep 17 00:00:00 2001 |
25 |
+From: David Edmundson <kde@×××××××××××××××××.uk> |
26 |
+Date: Wed, 31 Jan 2018 14:28:17 +0000 |
27 |
+Subject: [PATCH 1/2] Sanitise notification HTML |
28 |
+ |
29 |
+Summary: |
30 |
+Qt labels support a HTML subset, using a completely internal parser in |
31 |
+QTextDocument. |
32 |
+ |
33 |
+The Notification spec support an even smaller subset of notification |
34 |
+elements. |
35 |
+ |
36 |
+It's important to strip out irrelevant tags that could potentially load |
37 |
+remote information without user interaction, such as img |
38 |
+src or even <b style="background:url... |
39 |
+ |
40 |
+But we want to maintain the basic rich text formatting of bold and |
41 |
+italics and links. |
42 |
+ |
43 |
+This parser iterates reads the XML, copying only permissable tags and |
44 |
+attributes. |
45 |
+ |
46 |
+A future obvious improvement would be to merge the original regular |
47 |
+expressions into this stream parser, but I'm trying to minimise |
48 |
+breakages to get this into 5.12. |
49 |
+ |
50 |
+Test Plan: |
51 |
+Moved code into it's own class for easy unit testing |
52 |
+Tried a bunch of things, including what the old regexes were doing |
53 |
+ |
54 |
+Also ran notify send with a few options to make sure things worked |
55 |
+ |
56 |
+Reviewers: #plasma, fvogt |
57 |
+ |
58 |
+Reviewed By: fvogt |
59 |
+ |
60 |
+Subscribers: aacid, fvogt, plasma-devel |
61 |
+ |
62 |
+Tags: #plasma |
63 |
+ |
64 |
+Differential Revision: https://phabricator.kde.org/D10188 |
65 |
+--- |
66 |
+ dataengines/notifications/CMakeLists.txt | 8 ++ |
67 |
+ dataengines/notifications/notifications_test.cpp | 68 +++++++++++++ |
68 |
+ .../notifications/notificationsanitizer.cpp | 106 +++++++++++++++++++++ |
69 |
+ dataengines/notifications/notificationsanitizer.h | 35 +++++++ |
70 |
+ dataengines/notifications/notificationsengine.cpp | 19 +--- |
71 |
+ 5 files changed, 219 insertions(+), 17 deletions(-) |
72 |
+ create mode 100644 dataengines/notifications/notifications_test.cpp |
73 |
+ create mode 100644 dataengines/notifications/notificationsanitizer.cpp |
74 |
+ create mode 100644 dataengines/notifications/notificationsanitizer.h |
75 |
+ |
76 |
+diff --git a/dataengines/notifications/CMakeLists.txt b/dataengines/notifications/CMakeLists.txt |
77 |
+index 4fd3ee76..ad6e2120 100644 |
78 |
+--- a/dataengines/notifications/CMakeLists.txt |
79 |
++++ b/dataengines/notifications/CMakeLists.txt |
80 |
+@@ -4,6 +4,7 @@ set(notifications_engine_SRCS |
81 |
+ notificationsengine.cpp |
82 |
+ notificationservice.cpp |
83 |
+ notificationaction.cpp |
84 |
++ notificationsanitizer.cpp |
85 |
+ ) |
86 |
+ |
87 |
+ qt5_add_dbus_adaptor( notifications_engine_SRCS org.freedesktop.Notifications.xml notificationsengine.h NotificationsEngine ) |
88 |
+@@ -26,3 +27,10 @@ kcoreaddons_desktop_to_json(plasma_engine_notifications plasma-dataengine-notifi |
89 |
+ install(TARGETS plasma_engine_notifications DESTINATION ${KDE_INSTALL_PLUGINDIR}/plasma/dataengine) |
90 |
+ install(FILES plasma-dataengine-notifications.desktop DESTINATION ${KDE_INSTALL_KSERVICES5DIR} ) |
91 |
+ install(FILES notifications.operations DESTINATION ${PLASMA_DATA_INSTALL_DIR}/services) |
92 |
++ |
93 |
++ |
94 |
++#unit test |
95 |
++ |
96 |
++add_executable(notification_test notificationsanitizer.cpp notifications_test.cpp) |
97 |
++target_link_libraries(notification_test Qt5::Test Qt5::Core) |
98 |
++ecm_mark_as_test(notification_test) |
99 |
+diff --git a/dataengines/notifications/notifications_test.cpp b/dataengines/notifications/notifications_test.cpp |
100 |
+new file mode 100644 |
101 |
+index 00000000..58399746 |
102 |
+--- /dev/null |
103 |
++++ b/dataengines/notifications/notifications_test.cpp |
104 |
+@@ -0,0 +1,68 @@ |
105 |
++#include <QtTest> |
106 |
++#include <QObject> |
107 |
++#include <QDebug> |
108 |
++#include "notificationsanitizer.h" |
109 |
++ |
110 |
++class NotificationTest : public QObject |
111 |
++{ |
112 |
++ Q_OBJECT |
113 |
++public: |
114 |
++ NotificationTest() {} |
115 |
++private Q_SLOTS: |
116 |
++ void parse_data(); |
117 |
++ void parse(); |
118 |
++}; |
119 |
++ |
120 |
++void NotificationTest::parse_data() |
121 |
++{ |
122 |
++ QTest::addColumn<QString>("messageIn"); |
123 |
++ QTest::addColumn<QString>("expectedOut"); |
124 |
++ |
125 |
++ QTest::newRow("basic no HTML") << "I am a notification" << "I am a notification"; |
126 |
++ QTest::newRow("whitespace") << " I am a notification " << "I am a notification"; |
127 |
++ |
128 |
++ QTest::newRow("basic html") << "I am <b>the</b> notification" << "I am <b>the</b> notification"; |
129 |
++ QTest::newRow("nested html") << "I am <i><b>the</b></i> notification" << "I am <i><b>the</b></i> notification"; |
130 |
++ |
131 |
++ QTest::newRow("no extra tags") << "I am <blink>the</blink> notification" << "I am the notification"; |
132 |
++ QTest::newRow("no extra attrs") << "I am <b style=\"font-weight:20\">the</b> notification" << "I am <b>the</b> notification"; |
133 |
++ |
134 |
++ QTest::newRow("newlines") << "I am\nthe\nnotification" << "I am<br/>the<br/>notification"; |
135 |
++ QTest::newRow("multinewlines") << "I am\n\nthe\n\n\nnotification" << "I am<br/>the<br/>notification"; |
136 |
++ |
137 |
++ QTest::newRow("amp") << "me&you" << "me&you"; |
138 |
++ QTest::newRow("double escape") << "foo & <bar>" << "foo & <bar>"; |
139 |
++ |
140 |
++ QTest::newRow("quotes") << "'foo'" << "'foo'";//as label can't handle this normally valid entity |
141 |
++ |
142 |
++ QTest::newRow("image normal") << "This is <img src=\"file:://foo/boo.png\" alt=\"cheese\"/> and more text" << "This is <img src=\"file:://foo/boo.png\" alt=\"cheese\"/> and more text"; |
143 |
++ |
144 |
++ //this input is technically wrong, so the output is also wrong, but QTextHtmlParser does the "right" thing |
145 |
++ QTest::newRow("image normal no close") << "This is <img src=\"file:://foo/boo.png\" alt=\"cheese\"> and more text" << "This is <img src=\"file:://foo/boo.png\" alt=\"cheese\"> and more text</img>"; |
146 |
++ |
147 |
++ QTest::newRow("image remote URL") << "This is <img src=\"http://foo.com/boo.png\" alt=\"cheese\" /> and more text" << "This is <img alt=\"cheese\"/> and more text"; |
148 |
++ |
149 |
++ //more bad formatted options. To some extent actual output doesn't matter. Garbage in, garbabe out. |
150 |
++ //the important thing is that it doesn't contain anything that could be parsed as the remote URL |
151 |
++ QTest::newRow("image remote URL no close") << "This is <img src=\"http://foo.com/boo.png>\" alt=\"cheese\"> and more text" << "This is <img alt=\"cheese\"> and more text</img>"; |
152 |
++ QTest::newRow("image remote URL double open") << "This is <<img src=\"http://foo.com/boo.png>\" and more text" << "This is "; |
153 |
++ QTest::newRow("image remote URL no entitiy close") << "This is <img src=\"http://foo.com/boo.png\" and more text" << "This is "; |
154 |
++ QTest::newRow("image remote URL space in element name") << "This is < img src=\"http://foo.com/boo.png\" alt=\"cheese\" /> and more text" << "This is "; |
155 |
++ |
156 |
++ QTest::newRow("link") << "This is a link <a href=\"http://foo.com/boo\"/> and more text" << "This is a link <a href=\"http://foo.com/boo\"/> and more text"; |
157 |
++} |
158 |
++ |
159 |
++void NotificationTest::parse() |
160 |
++{ |
161 |
++ QFETCH(QString, messageIn); |
162 |
++ QFETCH(QString, expectedOut); |
163 |
++ |
164 |
++ const QString out = NotificationSanitizer::parse(messageIn); |
165 |
++ expectedOut = "<?xml version=\"1.0\"?><html>" + expectedOut + "</html>\n"; |
166 |
++ QCOMPARE(out, expectedOut); |
167 |
++} |
168 |
++ |
169 |
++ |
170 |
++QTEST_GUILESS_MAIN(NotificationTest) |
171 |
++ |
172 |
++#include "notifications_test.moc" |
173 |
+diff --git a/dataengines/notifications/notificationsanitizer.cpp b/dataengines/notifications/notificationsanitizer.cpp |
174 |
+new file mode 100644 |
175 |
+index 00000000..5410132c |
176 |
+--- /dev/null |
177 |
++++ b/dataengines/notifications/notificationsanitizer.cpp |
178 |
+@@ -0,0 +1,106 @@ |
179 |
++/* |
180 |
++ * Copyright (C) 2017 David Edmundson <davidedmundson@×××.org> |
181 |
++ * |
182 |
++ * This program is free software you can redistribute it and/or |
183 |
++ * modify it under the terms of the GNU Library General Public |
184 |
++ * License as published by the Free Software Foundation; either |
185 |
++ * version 2 of the License, or (at your option) any later version. |
186 |
++ * |
187 |
++ * This program is distributed in the hope that it will be useful, |
188 |
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
189 |
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
190 |
++ * Library General Public License for more details. |
191 |
++ * |
192 |
++ * You should have received a copy of the GNU Library General Public License |
193 |
++ * along with this library; see the file COPYING.LIB. If not, write to |
194 |
++ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, |
195 |
++ * Boston, MA 02110-1301, USA. |
196 |
++*/ |
197 |
++ |
198 |
++#include "notificationsanitizer.h" |
199 |
++ |
200 |
++#include <QXmlStreamReader> |
201 |
++#include <QXmlStreamWriter> |
202 |
++#include <QRegularExpression> |
203 |
++#include <QDebug> |
204 |
++#include <QUrl> |
205 |
++ |
206 |
++QString NotificationSanitizer::parse(const QString &text) |
207 |
++{ |
208 |
++ // replace all \ns with <br/> |
209 |
++ QString t = text; |
210 |
++ |
211 |
++ t.replace(QLatin1String("\n"), QStringLiteral("<br/>")); |
212 |
++ // Now remove all inner whitespace (\ns are already <br/>s) |
213 |
++ t = t.simplified(); |
214 |
++ // Finally, check if we don't have multiple <br/>s following, |
215 |
++ // can happen for example when "\n \n" is sent, this replaces |
216 |
++ // all <br/>s in succsession with just one |
217 |
++ t.replace(QRegularExpression(QStringLiteral("<br/>\\s*<br/>(\\s|<br/>)*")), QLatin1String("<br/>")); |
218 |
++ // This fancy RegExp escapes every occurence of & since QtQuick Text will blatantly cut off |
219 |
++ // text where it finds a stray ampersand. |
220 |
++ // Only &{apos, quot, gt, lt, amp}; as well as { character references will be allowed |
221 |
++ t.replace(QRegularExpression(QStringLiteral("&(?!(?:apos|quot|[gl]t|amp);|#)")), QLatin1String("&")); |
222 |
++ |
223 |
++ QXmlStreamReader r(QStringLiteral("<html>") + t + QStringLiteral("</html>")); |
224 |
++ QString result; |
225 |
++ QXmlStreamWriter out(&result); |
226 |
++ |
227 |
++ const QVector<QString> allowedTags = {"b", "i", "u", "img", "a", "html", "br"}; |
228 |
++ |
229 |
++ out.writeStartDocument(); |
230 |
++ while (!r.atEnd()) { |
231 |
++ r.readNext(); |
232 |
++ |
233 |
++ if (r.tokenType() == QXmlStreamReader::StartElement) { |
234 |
++ const QString name = r.name().toString(); |
235 |
++ if (!allowedTags.contains(name)) { |
236 |
++ continue; |
237 |
++ } |
238 |
++ out.writeStartElement(name); |
239 |
++ if (name == QLatin1String("img")) { |
240 |
++ auto src = r.attributes().value("src").toString(); |
241 |
++ auto alt = r.attributes().value("alt").toString(); |
242 |
++ |
243 |
++ const QUrl url(src); |
244 |
++ if (url.isLocalFile()) { |
245 |
++ out.writeAttribute(QStringLiteral("src"), src); |
246 |
++ } else { |
247 |
++ //image denied for security reasons! Do not copy the image src here! |
248 |
++ } |
249 |
++ |
250 |
++ out.writeAttribute(QStringLiteral("alt"), alt); |
251 |
++ } |
252 |
++ if (name == QLatin1String("a")) { |
253 |
++ out.writeAttribute(QStringLiteral("href"), r.attributes().value("href").toString()); |
254 |
++ } |
255 |
++ } |
256 |
++ |
257 |
++ if (r.tokenType() == QXmlStreamReader::EndElement) { |
258 |
++ const QString name = r.name().toString(); |
259 |
++ if (!allowedTags.contains(name)) { |
260 |
++ continue; |
261 |
++ } |
262 |
++ out.writeEndElement(); |
263 |
++ } |
264 |
++ |
265 |
++ if (r.tokenType() == QXmlStreamReader::Characters) { |
266 |
++ const auto text = r.text().toString(); |
267 |
++ out.writeCharacters(text); //this auto escapes chars -> HTML entities |
268 |
++ } |
269 |
++ } |
270 |
++ out.writeEndDocument(); |
271 |
++ |
272 |
++ if (r.hasError()) { |
273 |
++ qWarning() << "Notification to send to backend contains invalid XML: " |
274 |
++ << r.errorString() << "line" << r.lineNumber() |
275 |
++ << "col" << r.columnNumber(); |
276 |
++ } |
277 |
++ |
278 |
++ // The Text.StyledText format handles only html3.2 stuff and ' is html4 stuff |
279 |
++ // so we need to replace it here otherwise it will not render at all. |
280 |
++ result = result.replace(QLatin1String("'"), QChar('\'')); |
281 |
++ |
282 |
++ |
283 |
++ return result; |
284 |
++} |
285 |
+diff --git a/dataengines/notifications/notificationsanitizer.h b/dataengines/notifications/notificationsanitizer.h |
286 |
+new file mode 100644 |
287 |
+index 00000000..561a84b7 |
288 |
+--- /dev/null |
289 |
++++ b/dataengines/notifications/notificationsanitizer.h |
290 |
+@@ -0,0 +1,35 @@ |
291 |
++/* |
292 |
++ * Copyright (C) 2017 David Edmundson <davidedmundson@×××.org> |
293 |
++ * |
294 |
++ * This program is free software you can redistribute it and/or |
295 |
++ * modify it under the terms of the GNU Library General Public |
296 |
++ * License as published by the Free Software Foundation; either |
297 |
++ * version 2 of the License, or (at your option) any later version. |
298 |
++ * |
299 |
++ * This program is distributed in the hope that it will be useful, |
300 |
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
301 |
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
302 |
++ * Library General Public License for more details. |
303 |
++ * |
304 |
++ * You should have received a copy of the GNU Library General Public License |
305 |
++ * along with this library; see the file COPYING.LIB. If not, write to |
306 |
++ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, |
307 |
++ * Boston, MA 02110-1301, USA. |
308 |
++*/ |
309 |
++ |
310 |
++#include <QString> |
311 |
++ |
312 |
++namespace NotificationSanitizer |
313 |
++{ |
314 |
++ /* |
315 |
++ * This turns generic random text of either plain text of any degree of faux-HTML into HTML allowed |
316 |
++ * in the notification spec namely: |
317 |
++ * a, img, b, i, u and br |
318 |
++ * All other tags and attributes are stripped |
319 |
++ * Whitespace is stripped and converted to <br/> |
320 |
++ * Double newlines are compressed |
321 |
++ * |
322 |
++ * Image src is only copied when referring to a local file |
323 |
++ */ |
324 |
++ QString parse(const QString &in); |
325 |
++} |
326 |
+diff --git a/dataengines/notifications/notificationsengine.cpp b/dataengines/notifications/notificationsengine.cpp |
327 |
+index 72338aeb..caf310e5 100644 |
328 |
+--- a/dataengines/notifications/notificationsengine.cpp |
329 |
++++ b/dataengines/notifications/notificationsengine.cpp |
330 |
+@@ -20,6 +20,7 @@ |
331 |
+ #include "notificationsengine.h" |
332 |
+ #include "notificationservice.h" |
333 |
+ #include "notificationsadaptor.h" |
334 |
++#include "notificationsanitizer.h" |
335 |
+ |
336 |
+ #include <QDebug> |
337 |
+ #include <KConfigGroup> |
338 |
+@@ -281,23 +282,7 @@ uint NotificationsEngine::Notify(const QString &app_name, uint replaces_id, |
339 |
+ |
340 |
+ const QString source = QStringLiteral("notification %1").arg(id); |
341 |
+ |
342 |
+- // First trim whitespace from beginning and end |
343 |
+- bodyFinal = bodyFinal.trimmed(); |
344 |
+- // Now replace all \ns with <br/> |
345 |
+- bodyFinal = bodyFinal.replace(QLatin1String("\n"), QLatin1String("<br/>")); |
346 |
+- // Now remove all inner whitespace (\ns are already <br/>s |
347 |
+- bodyFinal = bodyFinal.simplified(); |
348 |
+- // Finally, check if we don't have multiple <br/>s following, |
349 |
+- // can happen for example when "\n \n" is sent, this replaces |
350 |
+- // all <br/>s in succsession with just one |
351 |
+- bodyFinal.replace(QRegularExpression(QStringLiteral("<br/>\\s*<br/>(\\s|<br/>)*")), QLatin1String("<br/>")); |
352 |
+- // This fancy RegExp escapes every occurence of & since QtQuick Text will blatantly cut off |
353 |
+- // text where it finds a stray ampersand. |
354 |
+- // Only &{apos, quot, gt, lt, amp}; as well as { character references will be allowed |
355 |
+- bodyFinal.replace(QRegularExpression(QStringLiteral("&(?!(?:apos|quot|[gl]t|amp);|#)")), QLatin1String("&")); |
356 |
+- // The Text.StyledText format handles only html3.2 stuff and ' is html4 stuff |
357 |
+- // so we need to replace it here otherwise it will not render at all. |
358 |
+- bodyFinal.replace(QLatin1String("'"), QChar('\'')); |
359 |
++ bodyFinal = NotificationSanitizer::parse(bodyFinal); |
360 |
+ |
361 |
+ Plasma::DataEngine::Data notificationData; |
362 |
+ notificationData.insert(QStringLiteral("id"), QString::number(id)); |
363 |
+-- |
364 |
+2.13.6 |
365 |
+ |
366 |
+From cb791b571aed1ea6976e0a6906df3e35dea657ef Mon Sep 17 00:00:00 2001 |
367 |
+From: Kai Uwe Broulik <kde@××××××××××××××.de> |
368 |
+Date: Mon, 5 Feb 2018 13:53:17 +0100 |
369 |
+Subject: [PATCH 2/2] [Notifications] Fix grouping |
370 |
+ |
371 |
+Sanitize the body before doing anything else. |
372 |
+Cleanup grouping logic. |
373 |
+ |
374 |
+Differential Revision: https://phabricator.kde.org/D10315 |
375 |
+--- |
376 |
+ dataengines/notifications/notificationsengine.cpp | 18 ++++++++---------- |
377 |
+ 1 file changed, 8 insertions(+), 10 deletions(-) |
378 |
+ |
379 |
+diff --git a/dataengines/notifications/notificationsengine.cpp b/dataengines/notifications/notificationsengine.cpp |
380 |
+index caf310e5..bc48deed 100644 |
381 |
+--- a/dataengines/notifications/notificationsengine.cpp |
382 |
++++ b/dataengines/notifications/notificationsengine.cpp |
383 |
+@@ -217,7 +217,7 @@ uint NotificationsEngine::Notify(const QString &app_name, uint replaces_id, |
384 |
+ qDebug() << "Currrent active notifications:" << m_activeNotifications; |
385 |
+ qDebug() << "Guessing partOf as:" << partOf; |
386 |
+ qDebug() << " New Notification: " << summary << body << timeout << "& Part of:" << partOf; |
387 |
+- QString bodyFinal = body; |
388 |
++ QString bodyFinal = NotificationSanitizer::parse(body); |
389 |
+ QString summaryFinal = summary; |
390 |
+ |
391 |
+ if (partOf > 0) { |
392 |
+@@ -225,13 +225,13 @@ uint NotificationsEngine::Notify(const QString &app_name, uint replaces_id, |
393 |
+ Plasma::DataContainer *container = containerForSource(source); |
394 |
+ if (container) { |
395 |
+ // append the body text |
396 |
+- QString _body = container->data()[QStringLiteral("body")].toString(); |
397 |
+- if (_body != body) { |
398 |
+- _body.append("\n").append(body); |
399 |
+- } else { |
400 |
+- _body = body; |
401 |
++ const QString previousBody = container->data()[QStringLiteral("body")].toString(); |
402 |
++ if (previousBody != bodyFinal) { |
403 |
++ // FIXME: This will just append the entire old XML document to another one, leading to: |
404 |
++ // <?xml><html>old</html><br><?xml><html>new</html> |
405 |
++ // It works but is not very clean. |
406 |
++ bodyFinal = previousBody + QStringLiteral("<br/>") + bodyFinal; |
407 |
+ } |
408 |
+- bodyFinal = _body; |
409 |
+ |
410 |
+ replaces_id = partOf; |
411 |
+ |
412 |
+@@ -267,7 +267,7 @@ uint NotificationsEngine::Notify(const QString &app_name, uint replaces_id, |
413 |
+ |
414 |
+ const int AVERAGE_WORD_LENGTH = 6; |
415 |
+ const int WORD_PER_MINUTE = 250; |
416 |
+- int count = summary.length() + body.length(); |
417 |
++ int count = summary.length() + body.length() - strlen("<?xml version=\"1.0\"><html></html>"); |
418 |
+ |
419 |
+ // -1 is "server default", 0 is persistent with "server default" display time, |
420 |
+ // anything more should honor the setting |
421 |
+@@ -282,8 +282,6 @@ uint NotificationsEngine::Notify(const QString &app_name, uint replaces_id, |
422 |
+ |
423 |
+ const QString source = QStringLiteral("notification %1").arg(id); |
424 |
+ |
425 |
+- bodyFinal = NotificationSanitizer::parse(bodyFinal); |
426 |
+- |
427 |
+ Plasma::DataEngine::Data notificationData; |
428 |
+ notificationData.insert(QStringLiteral("id"), QString::number(id)); |
429 |
+ notificationData.insert(QStringLiteral("eventId"), eventId); |
430 |
+-- |
431 |
+2.13.6 |
432 |
+ |
433 |
|
434 |
diff --git a/kde-plasma/plasma-workspace/files/plasma-workspace-5.11.5-CVE-2018-6791.patch b/kde-plasma/plasma-workspace/files/plasma-workspace-5.11.5-CVE-2018-6791.patch |
435 |
new file mode 100644 |
436 |
index 00000000000..621687c59d2 |
437 |
--- /dev/null |
438 |
+++ b/kde-plasma/plasma-workspace/files/plasma-workspace-5.11.5-CVE-2018-6791.patch |
439 |
@@ -0,0 +1,31 @@ |
440 |
+From f32002ce50edc3891f1fa41173132c820b917d57 Mon Sep 17 00:00:00 2001 |
441 |
+From: Marco Martin <notmart@×××××.com> |
442 |
+Date: Mon, 5 Feb 2018 13:12:51 +0100 |
443 |
+Subject: [PATCH] Make sure device paths are quoted |
444 |
+ |
445 |
+in the case a vfat removable device has $() or `` in its label, |
446 |
+such as $(touch foo) the quoted command may get executed, |
447 |
+leaving an attack vector. Use KMacroExpander::expandMacrosShellQuote |
448 |
+to make sure everything is quoted and not interpreted as a command |
449 |
+ |
450 |
+BUG:389815 |
451 |
+--- |
452 |
+ soliduiserver/deviceserviceaction.cpp | 2 +- |
453 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
454 |
+ |
455 |
+diff --git a/soliduiserver/deviceserviceaction.cpp b/soliduiserver/deviceserviceaction.cpp |
456 |
+index f49c967a..738b27c8 100644 |
457 |
+--- a/soliduiserver/deviceserviceaction.cpp |
458 |
++++ b/soliduiserver/deviceserviceaction.cpp |
459 |
+@@ -158,7 +158,7 @@ void DelayedExecutor::delayedExecute(const QString &udi) |
460 |
+ |
461 |
+ QString exec = m_service.exec(); |
462 |
+ MacroExpander mx(device); |
463 |
+- mx.expandMacros(exec); |
464 |
++ mx.expandMacrosShellQuote(exec); |
465 |
+ |
466 |
+ KRun::runCommand(exec, QString(), m_service.icon(), 0); |
467 |
+ deleteLater(); |
468 |
+-- |
469 |
+2.13.6 |
470 |
+ |
471 |
|
472 |
diff --git a/kde-plasma/plasma-workspace/plasma-workspace-5.11.5-r1.ebuild b/kde-plasma/plasma-workspace/plasma-workspace-5.11.5-r1.ebuild |
473 |
new file mode 100644 |
474 |
index 00000000000..adebe223325 |
475 |
--- /dev/null |
476 |
+++ b/kde-plasma/plasma-workspace/plasma-workspace-5.11.5-r1.ebuild |
477 |
@@ -0,0 +1,175 @@ |
478 |
+# Copyright 1999-2018 Gentoo Foundation |
479 |
+# Distributed under the terms of the GNU General Public License v2 |
480 |
+ |
481 |
+EAPI=6 |
482 |
+ |
483 |
+KDE_HANDBOOK="forceoptional" |
484 |
+KDE_TEST="forceoptional" |
485 |
+VIRTUALX_REQUIRED="test" |
486 |
+inherit kde5 qmake-utils |
487 |
+ |
488 |
+DESCRIPTION="KDE Plasma workspace" |
489 |
+KEYWORDS="~amd64 ~arm ~arm64 ~x86" |
490 |
+IUSE="appstream +calendar geolocation gps prison qalculate +semantic-desktop systemd" |
491 |
+ |
492 |
+REQUIRED_USE="gps? ( geolocation )" |
493 |
+ |
494 |
+COMMON_DEPEND=" |
495 |
+ $(add_frameworks_dep kactivities) |
496 |
+ $(add_frameworks_dep kauth) |
497 |
+ $(add_frameworks_dep kbookmarks) |
498 |
+ $(add_frameworks_dep kcompletion) |
499 |
+ $(add_frameworks_dep kconfig) |
500 |
+ $(add_frameworks_dep kconfigwidgets) |
501 |
+ $(add_frameworks_dep kcoreaddons) |
502 |
+ $(add_frameworks_dep kcrash) |
503 |
+ $(add_frameworks_dep kdbusaddons) |
504 |
+ $(add_frameworks_dep kdeclarative) |
505 |
+ $(add_frameworks_dep kdelibs4support) |
506 |
+ $(add_frameworks_dep kglobalaccel) |
507 |
+ $(add_frameworks_dep kguiaddons) |
508 |
+ $(add_frameworks_dep ki18n) |
509 |
+ $(add_frameworks_dep kiconthemes) |
510 |
+ $(add_frameworks_dep kidletime) |
511 |
+ $(add_frameworks_dep kio) |
512 |
+ $(add_frameworks_dep kitemmodels) |
513 |
+ $(add_frameworks_dep kitemviews) |
514 |
+ $(add_frameworks_dep kjobwidgets) |
515 |
+ $(add_frameworks_dep kjs) |
516 |
+ $(add_frameworks_dep kjsembed) |
517 |
+ $(add_frameworks_dep knewstuff) |
518 |
+ $(add_frameworks_dep knotifications) |
519 |
+ $(add_frameworks_dep knotifyconfig) |
520 |
+ $(add_frameworks_dep kpackage) |
521 |
+ $(add_frameworks_dep krunner) |
522 |
+ $(add_frameworks_dep kservice) |
523 |
+ $(add_frameworks_dep ktexteditor) |
524 |
+ $(add_frameworks_dep ktextwidgets) |
525 |
+ $(add_frameworks_dep kwallet) |
526 |
+ $(add_frameworks_dep kwayland) |
527 |
+ $(add_frameworks_dep kwidgetsaddons) |
528 |
+ $(add_frameworks_dep kwindowsystem) |
529 |
+ $(add_frameworks_dep kxmlgui) |
530 |
+ $(add_frameworks_dep plasma) |
531 |
+ $(add_frameworks_dep solid) |
532 |
+ $(add_plasma_dep kscreenlocker) |
533 |
+ $(add_plasma_dep kwin) |
534 |
+ $(add_plasma_dep libksysguard) |
535 |
+ $(add_qt_dep qtdbus) |
536 |
+ $(add_qt_dep qtdeclarative 'widgets') |
537 |
+ $(add_qt_dep qtgui 'jpeg') |
538 |
+ $(add_qt_dep qtnetwork) |
539 |
+ $(add_qt_dep qtscript) |
540 |
+ $(add_qt_dep qtsql) |
541 |
+ $(add_qt_dep qtwidgets) |
542 |
+ $(add_qt_dep qtx11extras) |
543 |
+ $(add_qt_dep qtxml) |
544 |
+ media-libs/phonon[qt5(+)] |
545 |
+ sys-libs/zlib |
546 |
+ x11-libs/libICE |
547 |
+ x11-libs/libSM |
548 |
+ x11-libs/libX11 |
549 |
+ x11-libs/libXau |
550 |
+ x11-libs/libxcb |
551 |
+ x11-libs/libXfixes |
552 |
+ x11-libs/libXrender |
553 |
+ x11-libs/libXtst |
554 |
+ x11-libs/xcb-util |
555 |
+ x11-libs/xcb-util-image |
556 |
+ appstream? ( dev-libs/appstream[qt5] ) |
557 |
+ calendar? ( $(add_kdeapps_dep kholidays) ) |
558 |
+ geolocation? ( $(add_frameworks_dep networkmanager-qt) ) |
559 |
+ gps? ( sci-geosciences/gpsd ) |
560 |
+ prison? ( $(add_frameworks_dep prison) ) |
561 |
+ qalculate? ( sci-libs/libqalculate:= ) |
562 |
+ semantic-desktop? ( $(add_frameworks_dep baloo) ) |
563 |
+" |
564 |
+RDEPEND="${COMMON_DEPEND} |
565 |
+ $(add_frameworks_dep kded) |
566 |
+ $(add_frameworks_dep kdesu) |
567 |
+ $(add_kdeapps_dep kio-extras) |
568 |
+ $(add_plasma_dep kde-cli-tools) |
569 |
+ $(add_plasma_dep ksysguard) |
570 |
+ $(add_plasma_dep milou) |
571 |
+ $(add_plasma_dep plasma-integration) |
572 |
+ $(add_qt_dep qdbus) |
573 |
+ $(add_qt_dep qtgraphicaleffects) |
574 |
+ $(add_qt_dep qtpaths) |
575 |
+ $(add_qt_dep qtquickcontrols 'widgets') |
576 |
+ app-text/iso-codes |
577 |
+ x11-apps/mkfontdir |
578 |
+ x11-apps/xmessage |
579 |
+ x11-apps/xprop |
580 |
+ x11-apps/xrdb |
581 |
+ x11-apps/xset |
582 |
+ x11-apps/xsetroot |
583 |
+ systemd? ( sys-apps/dbus[user-session] ) |
584 |
+ !systemd? ( sys-apps/dbus ) |
585 |
+ !dev-libs/xembed-sni-proxy |
586 |
+ !kde-plasma/freespacenotifier:4 |
587 |
+ !kde-plasma/libtaskmanager:4 |
588 |
+ !kde-plasma/kcminit:4 |
589 |
+ !kde-plasma/kdebase-startkde:4 |
590 |
+ !kde-plasma/klipper:4 |
591 |
+ !kde-plasma/krunner:4 |
592 |
+ !kde-plasma/ksmserver:4 |
593 |
+ !kde-plasma/ksplash:4 |
594 |
+ !kde-plasma/plasma-workspace:4 |
595 |
+" |
596 |
+DEPEND="${COMMON_DEPEND} |
597 |
+ $(add_qt_dep qtconcurrent) |
598 |
+ x11-proto/xproto |
599 |
+" |
600 |
+ |
601 |
+PATCHES=( |
602 |
+ "${FILESDIR}/${PN}-5.4-startkde-script.patch" |
603 |
+ "${FILESDIR}/${PN}-5.10-startplasmacompositor-script.patch" |
604 |
+ "${FILESDIR}/${PN}-5.10.4-unused-dep.patch" |
605 |
+ "${FILESDIR}/${P}-CVE-2018-6790.patch" |
606 |
+ "${FILESDIR}/${P}-CVE-2018-6791.patch" |
607 |
+) |
608 |
+ |
609 |
+RESTRICT+=" test" |
610 |
+ |
611 |
+src_prepare() { |
612 |
+ kde5_src_prepare |
613 |
+ |
614 |
+ sed -e "s|\`qtpaths|\`$(qt5_get_bindir)/qtpaths|" \ |
615 |
+ -i startkde/startkde.cmake startkde/startplasmacompositor.cmake || die |
616 |
+} |
617 |
+ |
618 |
+src_configure() { |
619 |
+ local mycmakeargs=( |
620 |
+ $(cmake-utils_use_find_package appstream AppStreamQt) |
621 |
+ $(cmake-utils_use_find_package calendar KF5Holidays) |
622 |
+ $(cmake-utils_use_find_package geolocation KF5NetworkManagerQt) |
623 |
+ $(cmake-utils_use_find_package prison KF5Prison) |
624 |
+ $(cmake-utils_use_find_package qalculate Qalculate) |
625 |
+ $(cmake-utils_use_find_package semantic-desktop KF5Baloo) |
626 |
+ ) |
627 |
+ |
628 |
+ use gps && mycmakeargs+=( $(cmake-utils_use_find_package gps libgps) ) |
629 |
+ |
630 |
+ kde5_src_configure |
631 |
+} |
632 |
+ |
633 |
+src_install() { |
634 |
+ kde5_src_install |
635 |
+ |
636 |
+ # startup and shutdown scripts |
637 |
+ insinto /etc/plasma/startup |
638 |
+ doins "${FILESDIR}/10-agent-startup.sh" |
639 |
+ |
640 |
+ insinto /etc/plasma/shutdown |
641 |
+ doins "${FILESDIR}/10-agent-shutdown.sh" |
642 |
+} |
643 |
+ |
644 |
+pkg_postinst () { |
645 |
+ kde5_pkg_postinst |
646 |
+ |
647 |
+ echo |
648 |
+ elog "To enable gpg-agent and/or ssh-agent in Plasma sessions," |
649 |
+ elog "edit ${EPREFIX}/etc/plasma/startup/10-agent-startup.sh and" |
650 |
+ elog "${EPREFIX}/etc/plasma/shutdown/10-agent-shutdown.sh" |
651 |
+ echo |
652 |
+} |