Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Michael Palimaka <kensington@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: kde-plasma/plasma-workspace/, kde-plasma/plasma-workspace/files/
Date: Fri, 09 Feb 2018 13:57:53
Message-Id: 1518184652.c006f861f27d664944c9cbbd8653aa5a5fdc1a75.kensington@gentoo
1 commit: c006f861f27d664944c9cbbd8653aa5a5fdc1a75
2 Author: Michael Palimaka <kensington <AT> gentoo <DOT> org>
3 AuthorDate: Fri Feb 9 13:55:21 2018 +0000
4 Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org>
5 CommitDate: Fri Feb 9 13:57:32 2018 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c006f861
7
8 kde-plasma/plasma-workspace: revision bump fixes CVE-2018-6790 and CVE-2018-6791
9
10 Bug: https://bugs.gentoo.org/647106
11 Package-Manager: Portage-2.3.19, Repoman-2.3.6
12
13 .../plasma-workspace-5.11.5-CVE-2018-6790.patch | 409 +++++++++++++++++++++
14 .../plasma-workspace-5.11.5-CVE-2018-6791.patch | 31 ++
15 .../plasma-workspace-5.11.5-r1.ebuild | 175 +++++++++
16 3 files changed, 615 insertions(+)
17
18 diff --git a/kde-plasma/plasma-workspace/files/plasma-workspace-5.11.5-CVE-2018-6790.patch b/kde-plasma/plasma-workspace/files/plasma-workspace-5.11.5-CVE-2018-6790.patch
19 new file mode 100644
20 index 00000000000..b424e397a80
21 --- /dev/null
22 +++ b/kde-plasma/plasma-workspace/files/plasma-workspace-5.11.5-CVE-2018-6790.patch
23 @@ -0,0 +1,409 @@
24 +From f1e9a1c458ea44e9169c7e79b90a57fb7c65135f Mon Sep 17 00:00:00 2001
25 +From: David Edmundson <kde@×××××××××××××××××.uk>
26 +Date: Wed, 31 Jan 2018 14:28:17 +0000
27 +Subject: [PATCH 1/2] Sanitise notification HTML
28 +
29 +Summary:
30 +Qt labels support a HTML subset, using a completely internal parser in
31 +QTextDocument.
32 +
33 +The Notification spec support an even smaller subset of notification
34 +elements.
35 +
36 +It's important to strip out irrelevant tags that could potentially load
37 +remote information without user interaction, such as img
38 +src or even <b style="background:url...
39 +
40 +But we want to maintain the basic rich text formatting of bold and
41 +italics and links.
42 +
43 +This parser iterates reads the XML, copying only permissable tags and
44 +attributes.
45 +
46 +A future obvious improvement would be to merge the original regular
47 +expressions into this stream parser, but I'm trying to minimise
48 +breakages to get this into 5.12.
49 +
50 +Test Plan:
51 +Moved code into it's own class for easy unit testing
52 +Tried a bunch of things, including what the old regexes were doing
53 +
54 +Also ran notify send with a few options to make sure things worked
55 +
56 +Reviewers: #plasma, fvogt
57 +
58 +Reviewed By: fvogt
59 +
60 +Subscribers: aacid, fvogt, plasma-devel
61 +
62 +Tags: #plasma
63 +
64 +Differential Revision: https://phabricator.kde.org/D10188
65 +---
66 + dataengines/notifications/CMakeLists.txt | 8 ++
67 + dataengines/notifications/notifications_test.cpp | 68 +++++++++++++
68 + .../notifications/notificationsanitizer.cpp | 106 +++++++++++++++++++++
69 + dataengines/notifications/notificationsanitizer.h | 35 +++++++
70 + dataengines/notifications/notificationsengine.cpp | 19 +---
71 + 5 files changed, 219 insertions(+), 17 deletions(-)
72 + create mode 100644 dataengines/notifications/notifications_test.cpp
73 + create mode 100644 dataengines/notifications/notificationsanitizer.cpp
74 + create mode 100644 dataengines/notifications/notificationsanitizer.h
75 +
76 +diff --git a/dataengines/notifications/CMakeLists.txt b/dataengines/notifications/CMakeLists.txt
77 +index 4fd3ee76..ad6e2120 100644
78 +--- a/dataengines/notifications/CMakeLists.txt
79 ++++ b/dataengines/notifications/CMakeLists.txt
80 +@@ -4,6 +4,7 @@ set(notifications_engine_SRCS
81 + notificationsengine.cpp
82 + notificationservice.cpp
83 + notificationaction.cpp
84 ++ notificationsanitizer.cpp
85 + )
86 +
87 + qt5_add_dbus_adaptor( notifications_engine_SRCS org.freedesktop.Notifications.xml notificationsengine.h NotificationsEngine )
88 +@@ -26,3 +27,10 @@ kcoreaddons_desktop_to_json(plasma_engine_notifications plasma-dataengine-notifi
89 + install(TARGETS plasma_engine_notifications DESTINATION ${KDE_INSTALL_PLUGINDIR}/plasma/dataengine)
90 + install(FILES plasma-dataengine-notifications.desktop DESTINATION ${KDE_INSTALL_KSERVICES5DIR} )
91 + install(FILES notifications.operations DESTINATION ${PLASMA_DATA_INSTALL_DIR}/services)
92 ++
93 ++
94 ++#unit test
95 ++
96 ++add_executable(notification_test notificationsanitizer.cpp notifications_test.cpp)
97 ++target_link_libraries(notification_test Qt5::Test Qt5::Core)
98 ++ecm_mark_as_test(notification_test)
99 +diff --git a/dataengines/notifications/notifications_test.cpp b/dataengines/notifications/notifications_test.cpp
100 +new file mode 100644
101 +index 00000000..58399746
102 +--- /dev/null
103 ++++ b/dataengines/notifications/notifications_test.cpp
104 +@@ -0,0 +1,68 @@
105 ++#include <QtTest>
106 ++#include <QObject>
107 ++#include <QDebug>
108 ++#include "notificationsanitizer.h"
109 ++
110 ++class NotificationTest : public QObject
111 ++{
112 ++ Q_OBJECT
113 ++public:
114 ++ NotificationTest() {}
115 ++private Q_SLOTS:
116 ++ void parse_data();
117 ++ void parse();
118 ++};
119 ++
120 ++void NotificationTest::parse_data()
121 ++{
122 ++ QTest::addColumn<QString>("messageIn");
123 ++ QTest::addColumn<QString>("expectedOut");
124 ++
125 ++ QTest::newRow("basic no HTML") << "I am a notification" << "I am a notification";
126 ++ QTest::newRow("whitespace") << " I am a notification " << "I am a notification";
127 ++
128 ++ QTest::newRow("basic html") << "I am <b>the</b> notification" << "I am <b>the</b> notification";
129 ++ QTest::newRow("nested html") << "I am <i><b>the</b></i> notification" << "I am <i><b>the</b></i> notification";
130 ++
131 ++ QTest::newRow("no extra tags") << "I am <blink>the</blink> notification" << "I am the notification";
132 ++ QTest::newRow("no extra attrs") << "I am <b style=\"font-weight:20\">the</b> notification" << "I am <b>the</b> notification";
133 ++
134 ++ QTest::newRow("newlines") << "I am\nthe\nnotification" << "I am<br/>the<br/>notification";
135 ++ QTest::newRow("multinewlines") << "I am\n\nthe\n\n\nnotification" << "I am<br/>the<br/>notification";
136 ++
137 ++ QTest::newRow("amp") << "me&you" << "me&amp;you";
138 ++ QTest::newRow("double escape") << "foo &amp; &lt;bar&gt;" << "foo &amp; &lt;bar&gt;";
139 ++
140 ++ QTest::newRow("quotes") << "&apos;foo&apos;" << "'foo'";//as label can't handle this normally valid entity
141 ++
142 ++ QTest::newRow("image normal") << "This is <img src=\"file:://foo/boo.png\" alt=\"cheese\"/> and more text" << "This is <img src=\"file:://foo/boo.png\" alt=\"cheese\"/> and more text";
143 ++
144 ++ //this input is technically wrong, so the output is also wrong, but QTextHtmlParser does the "right" thing
145 ++ QTest::newRow("image normal no close") << "This is <img src=\"file:://foo/boo.png\" alt=\"cheese\"> and more text" << "This is <img src=\"file:://foo/boo.png\" alt=\"cheese\"> and more text</img>";
146 ++
147 ++ QTest::newRow("image remote URL") << "This is <img src=\"http://foo.com/boo.png\" alt=\"cheese\" /> and more text" << "This is <img alt=\"cheese\"/> and more text";
148 ++
149 ++ //more bad formatted options. To some extent actual output doesn't matter. Garbage in, garbabe out.
150 ++ //the important thing is that it doesn't contain anything that could be parsed as the remote URL
151 ++ QTest::newRow("image remote URL no close") << "This is <img src=\"http://foo.com/boo.png>\" alt=\"cheese\"> and more text" << "This is <img alt=\"cheese\"> and more text</img>";
152 ++ QTest::newRow("image remote URL double open") << "This is <<img src=\"http://foo.com/boo.png>\" and more text" << "This is ";
153 ++ QTest::newRow("image remote URL no entitiy close") << "This is <img src=\"http://foo.com/boo.png\" and more text" << "This is ";
154 ++ QTest::newRow("image remote URL space in element name") << "This is < img src=\"http://foo.com/boo.png\" alt=\"cheese\" /> and more text" << "This is ";
155 ++
156 ++ QTest::newRow("link") << "This is a link <a href=\"http://foo.com/boo\"/> and more text" << "This is a link <a href=\"http://foo.com/boo\"/> and more text";
157 ++}
158 ++
159 ++void NotificationTest::parse()
160 ++{
161 ++ QFETCH(QString, messageIn);
162 ++ QFETCH(QString, expectedOut);
163 ++
164 ++ const QString out = NotificationSanitizer::parse(messageIn);
165 ++ expectedOut = "<?xml version=\"1.0\"?><html>" + expectedOut + "</html>\n";
166 ++ QCOMPARE(out, expectedOut);
167 ++}
168 ++
169 ++
170 ++QTEST_GUILESS_MAIN(NotificationTest)
171 ++
172 ++#include "notifications_test.moc"
173 +diff --git a/dataengines/notifications/notificationsanitizer.cpp b/dataengines/notifications/notificationsanitizer.cpp
174 +new file mode 100644
175 +index 00000000..5410132c
176 +--- /dev/null
177 ++++ b/dataengines/notifications/notificationsanitizer.cpp
178 +@@ -0,0 +1,106 @@
179 ++/*
180 ++ * Copyright (C) 2017 David Edmundson <davidedmundson@×××.org>
181 ++ *
182 ++ * This program is free software you can redistribute it and/or
183 ++ * modify it under the terms of the GNU Library General Public
184 ++ * License as published by the Free Software Foundation; either
185 ++ * version 2 of the License, or (at your option) any later version.
186 ++ *
187 ++ * This program is distributed in the hope that it will be useful,
188 ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
189 ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
190 ++ * Library General Public License for more details.
191 ++ *
192 ++ * You should have received a copy of the GNU Library General Public License
193 ++ * along with this library; see the file COPYING.LIB. If not, write to
194 ++ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
195 ++ * Boston, MA 02110-1301, USA.
196 ++*/
197 ++
198 ++#include "notificationsanitizer.h"
199 ++
200 ++#include <QXmlStreamReader>
201 ++#include <QXmlStreamWriter>
202 ++#include <QRegularExpression>
203 ++#include <QDebug>
204 ++#include <QUrl>
205 ++
206 ++QString NotificationSanitizer::parse(const QString &text)
207 ++{
208 ++ // replace all \ns with <br/>
209 ++ QString t = text;
210 ++
211 ++ t.replace(QLatin1String("\n"), QStringLiteral("<br/>"));
212 ++ // Now remove all inner whitespace (\ns are already <br/>s)
213 ++ t = t.simplified();
214 ++ // Finally, check if we don't have multiple <br/>s following,
215 ++ // can happen for example when "\n \n" is sent, this replaces
216 ++ // all <br/>s in succsession with just one
217 ++ t.replace(QRegularExpression(QStringLiteral("<br/>\\s*<br/>(\\s|<br/>)*")), QLatin1String("<br/>"));
218 ++ // This fancy RegExp escapes every occurence of & since QtQuick Text will blatantly cut off
219 ++ // text where it finds a stray ampersand.
220 ++ // Only &{apos, quot, gt, lt, amp}; as well as &#123 character references will be allowed
221 ++ t.replace(QRegularExpression(QStringLiteral("&(?!(?:apos|quot|[gl]t|amp);|#)")), QLatin1String("&amp;"));
222 ++
223 ++ QXmlStreamReader r(QStringLiteral("<html>") + t + QStringLiteral("</html>"));
224 ++ QString result;
225 ++ QXmlStreamWriter out(&result);
226 ++
227 ++ const QVector<QString> allowedTags = {"b", "i", "u", "img", "a", "html", "br"};
228 ++
229 ++ out.writeStartDocument();
230 ++ while (!r.atEnd()) {
231 ++ r.readNext();
232 ++
233 ++ if (r.tokenType() == QXmlStreamReader::StartElement) {
234 ++ const QString name = r.name().toString();
235 ++ if (!allowedTags.contains(name)) {
236 ++ continue;
237 ++ }
238 ++ out.writeStartElement(name);
239 ++ if (name == QLatin1String("img")) {
240 ++ auto src = r.attributes().value("src").toString();
241 ++ auto alt = r.attributes().value("alt").toString();
242 ++
243 ++ const QUrl url(src);
244 ++ if (url.isLocalFile()) {
245 ++ out.writeAttribute(QStringLiteral("src"), src);
246 ++ } else {
247 ++ //image denied for security reasons! Do not copy the image src here!
248 ++ }
249 ++
250 ++ out.writeAttribute(QStringLiteral("alt"), alt);
251 ++ }
252 ++ if (name == QLatin1String("a")) {
253 ++ out.writeAttribute(QStringLiteral("href"), r.attributes().value("href").toString());
254 ++ }
255 ++ }
256 ++
257 ++ if (r.tokenType() == QXmlStreamReader::EndElement) {
258 ++ const QString name = r.name().toString();
259 ++ if (!allowedTags.contains(name)) {
260 ++ continue;
261 ++ }
262 ++ out.writeEndElement();
263 ++ }
264 ++
265 ++ if (r.tokenType() == QXmlStreamReader::Characters) {
266 ++ const auto text = r.text().toString();
267 ++ out.writeCharacters(text); //this auto escapes chars -> HTML entities
268 ++ }
269 ++ }
270 ++ out.writeEndDocument();
271 ++
272 ++ if (r.hasError()) {
273 ++ qWarning() << "Notification to send to backend contains invalid XML: "
274 ++ << r.errorString() << "line" << r.lineNumber()
275 ++ << "col" << r.columnNumber();
276 ++ }
277 ++
278 ++ // The Text.StyledText format handles only html3.2 stuff and &apos; is html4 stuff
279 ++ // so we need to replace it here otherwise it will not render at all.
280 ++ result = result.replace(QLatin1String("&apos;"), QChar('\''));
281 ++
282 ++
283 ++ return result;
284 ++}
285 +diff --git a/dataengines/notifications/notificationsanitizer.h b/dataengines/notifications/notificationsanitizer.h
286 +new file mode 100644
287 +index 00000000..561a84b7
288 +--- /dev/null
289 ++++ b/dataengines/notifications/notificationsanitizer.h
290 +@@ -0,0 +1,35 @@
291 ++/*
292 ++ * Copyright (C) 2017 David Edmundson <davidedmundson@×××.org>
293 ++ *
294 ++ * This program is free software you can redistribute it and/or
295 ++ * modify it under the terms of the GNU Library General Public
296 ++ * License as published by the Free Software Foundation; either
297 ++ * version 2 of the License, or (at your option) any later version.
298 ++ *
299 ++ * This program is distributed in the hope that it will be useful,
300 ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
301 ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
302 ++ * Library General Public License for more details.
303 ++ *
304 ++ * You should have received a copy of the GNU Library General Public License
305 ++ * along with this library; see the file COPYING.LIB. If not, write to
306 ++ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
307 ++ * Boston, MA 02110-1301, USA.
308 ++*/
309 ++
310 ++#include <QString>
311 ++
312 ++namespace NotificationSanitizer
313 ++{
314 ++ /*
315 ++ * This turns generic random text of either plain text of any degree of faux-HTML into HTML allowed
316 ++ * in the notification spec namely:
317 ++ * a, img, b, i, u and br
318 ++ * All other tags and attributes are stripped
319 ++ * Whitespace is stripped and converted to <br/>
320 ++ * Double newlines are compressed
321 ++ *
322 ++ * Image src is only copied when referring to a local file
323 ++ */
324 ++ QString parse(const QString &in);
325 ++}
326 +diff --git a/dataengines/notifications/notificationsengine.cpp b/dataengines/notifications/notificationsengine.cpp
327 +index 72338aeb..caf310e5 100644
328 +--- a/dataengines/notifications/notificationsengine.cpp
329 ++++ b/dataengines/notifications/notificationsengine.cpp
330 +@@ -20,6 +20,7 @@
331 + #include "notificationsengine.h"
332 + #include "notificationservice.h"
333 + #include "notificationsadaptor.h"
334 ++#include "notificationsanitizer.h"
335 +
336 + #include <QDebug>
337 + #include <KConfigGroup>
338 +@@ -281,23 +282,7 @@ uint NotificationsEngine::Notify(const QString &app_name, uint replaces_id,
339 +
340 + const QString source = QStringLiteral("notification %1").arg(id);
341 +
342 +- // First trim whitespace from beginning and end
343 +- bodyFinal = bodyFinal.trimmed();
344 +- // Now replace all \ns with <br/>
345 +- bodyFinal = bodyFinal.replace(QLatin1String("\n"), QLatin1String("<br/>"));
346 +- // Now remove all inner whitespace (\ns are already <br/>s
347 +- bodyFinal = bodyFinal.simplified();
348 +- // Finally, check if we don't have multiple <br/>s following,
349 +- // can happen for example when "\n \n" is sent, this replaces
350 +- // all <br/>s in succsession with just one
351 +- bodyFinal.replace(QRegularExpression(QStringLiteral("<br/>\\s*<br/>(\\s|<br/>)*")), QLatin1String("<br/>"));
352 +- // This fancy RegExp escapes every occurence of & since QtQuick Text will blatantly cut off
353 +- // text where it finds a stray ampersand.
354 +- // Only &{apos, quot, gt, lt, amp}; as well as &#123 character references will be allowed
355 +- bodyFinal.replace(QRegularExpression(QStringLiteral("&(?!(?:apos|quot|[gl]t|amp);|#)")), QLatin1String("&amp;"));
356 +- // The Text.StyledText format handles only html3.2 stuff and &apos; is html4 stuff
357 +- // so we need to replace it here otherwise it will not render at all.
358 +- bodyFinal.replace(QLatin1String("&apos;"), QChar('\''));
359 ++ bodyFinal = NotificationSanitizer::parse(bodyFinal);
360 +
361 + Plasma::DataEngine::Data notificationData;
362 + notificationData.insert(QStringLiteral("id"), QString::number(id));
363 +--
364 +2.13.6
365 +
366 +From cb791b571aed1ea6976e0a6906df3e35dea657ef Mon Sep 17 00:00:00 2001
367 +From: Kai Uwe Broulik <kde@××××××××××××××.de>
368 +Date: Mon, 5 Feb 2018 13:53:17 +0100
369 +Subject: [PATCH 2/2] [Notifications] Fix grouping
370 +
371 +Sanitize the body before doing anything else.
372 +Cleanup grouping logic.
373 +
374 +Differential Revision: https://phabricator.kde.org/D10315
375 +---
376 + dataengines/notifications/notificationsengine.cpp | 18 ++++++++----------
377 + 1 file changed, 8 insertions(+), 10 deletions(-)
378 +
379 +diff --git a/dataengines/notifications/notificationsengine.cpp b/dataengines/notifications/notificationsengine.cpp
380 +index caf310e5..bc48deed 100644
381 +--- a/dataengines/notifications/notificationsengine.cpp
382 ++++ b/dataengines/notifications/notificationsengine.cpp
383 +@@ -217,7 +217,7 @@ uint NotificationsEngine::Notify(const QString &app_name, uint replaces_id,
384 + qDebug() << "Currrent active notifications:" << m_activeNotifications;
385 + qDebug() << "Guessing partOf as:" << partOf;
386 + qDebug() << " New Notification: " << summary << body << timeout << "& Part of:" << partOf;
387 +- QString bodyFinal = body;
388 ++ QString bodyFinal = NotificationSanitizer::parse(body);
389 + QString summaryFinal = summary;
390 +
391 + if (partOf > 0) {
392 +@@ -225,13 +225,13 @@ uint NotificationsEngine::Notify(const QString &app_name, uint replaces_id,
393 + Plasma::DataContainer *container = containerForSource(source);
394 + if (container) {
395 + // append the body text
396 +- QString _body = container->data()[QStringLiteral("body")].toString();
397 +- if (_body != body) {
398 +- _body.append("\n").append(body);
399 +- } else {
400 +- _body = body;
401 ++ const QString previousBody = container->data()[QStringLiteral("body")].toString();
402 ++ if (previousBody != bodyFinal) {
403 ++ // FIXME: This will just append the entire old XML document to another one, leading to:
404 ++ // <?xml><html>old</html><br><?xml><html>new</html>
405 ++ // It works but is not very clean.
406 ++ bodyFinal = previousBody + QStringLiteral("<br/>") + bodyFinal;
407 + }
408 +- bodyFinal = _body;
409 +
410 + replaces_id = partOf;
411 +
412 +@@ -267,7 +267,7 @@ uint NotificationsEngine::Notify(const QString &app_name, uint replaces_id,
413 +
414 + const int AVERAGE_WORD_LENGTH = 6;
415 + const int WORD_PER_MINUTE = 250;
416 +- int count = summary.length() + body.length();
417 ++ int count = summary.length() + body.length() - strlen("<?xml version=\"1.0\"><html></html>");
418 +
419 + // -1 is "server default", 0 is persistent with "server default" display time,
420 + // anything more should honor the setting
421 +@@ -282,8 +282,6 @@ uint NotificationsEngine::Notify(const QString &app_name, uint replaces_id,
422 +
423 + const QString source = QStringLiteral("notification %1").arg(id);
424 +
425 +- bodyFinal = NotificationSanitizer::parse(bodyFinal);
426 +-
427 + Plasma::DataEngine::Data notificationData;
428 + notificationData.insert(QStringLiteral("id"), QString::number(id));
429 + notificationData.insert(QStringLiteral("eventId"), eventId);
430 +--
431 +2.13.6
432 +
433
434 diff --git a/kde-plasma/plasma-workspace/files/plasma-workspace-5.11.5-CVE-2018-6791.patch b/kde-plasma/plasma-workspace/files/plasma-workspace-5.11.5-CVE-2018-6791.patch
435 new file mode 100644
436 index 00000000000..621687c59d2
437 --- /dev/null
438 +++ b/kde-plasma/plasma-workspace/files/plasma-workspace-5.11.5-CVE-2018-6791.patch
439 @@ -0,0 +1,31 @@
440 +From f32002ce50edc3891f1fa41173132c820b917d57 Mon Sep 17 00:00:00 2001
441 +From: Marco Martin <notmart@×××××.com>
442 +Date: Mon, 5 Feb 2018 13:12:51 +0100
443 +Subject: [PATCH] Make sure device paths are quoted
444 +
445 +in the case a vfat removable device has $() or `` in its label,
446 +such as $(touch foo) the quoted command may get executed,
447 +leaving an attack vector. Use KMacroExpander::expandMacrosShellQuote
448 +to make sure everything is quoted and not interpreted as a command
449 +
450 +BUG:389815
451 +---
452 + soliduiserver/deviceserviceaction.cpp | 2 +-
453 + 1 file changed, 1 insertion(+), 1 deletion(-)
454 +
455 +diff --git a/soliduiserver/deviceserviceaction.cpp b/soliduiserver/deviceserviceaction.cpp
456 +index f49c967a..738b27c8 100644
457 +--- a/soliduiserver/deviceserviceaction.cpp
458 ++++ b/soliduiserver/deviceserviceaction.cpp
459 +@@ -158,7 +158,7 @@ void DelayedExecutor::delayedExecute(const QString &udi)
460 +
461 + QString exec = m_service.exec();
462 + MacroExpander mx(device);
463 +- mx.expandMacros(exec);
464 ++ mx.expandMacrosShellQuote(exec);
465 +
466 + KRun::runCommand(exec, QString(), m_service.icon(), 0);
467 + deleteLater();
468 +--
469 +2.13.6
470 +
471
472 diff --git a/kde-plasma/plasma-workspace/plasma-workspace-5.11.5-r1.ebuild b/kde-plasma/plasma-workspace/plasma-workspace-5.11.5-r1.ebuild
473 new file mode 100644
474 index 00000000000..adebe223325
475 --- /dev/null
476 +++ b/kde-plasma/plasma-workspace/plasma-workspace-5.11.5-r1.ebuild
477 @@ -0,0 +1,175 @@
478 +# Copyright 1999-2018 Gentoo Foundation
479 +# Distributed under the terms of the GNU General Public License v2
480 +
481 +EAPI=6
482 +
483 +KDE_HANDBOOK="forceoptional"
484 +KDE_TEST="forceoptional"
485 +VIRTUALX_REQUIRED="test"
486 +inherit kde5 qmake-utils
487 +
488 +DESCRIPTION="KDE Plasma workspace"
489 +KEYWORDS="~amd64 ~arm ~arm64 ~x86"
490 +IUSE="appstream +calendar geolocation gps prison qalculate +semantic-desktop systemd"
491 +
492 +REQUIRED_USE="gps? ( geolocation )"
493 +
494 +COMMON_DEPEND="
495 + $(add_frameworks_dep kactivities)
496 + $(add_frameworks_dep kauth)
497 + $(add_frameworks_dep kbookmarks)
498 + $(add_frameworks_dep kcompletion)
499 + $(add_frameworks_dep kconfig)
500 + $(add_frameworks_dep kconfigwidgets)
501 + $(add_frameworks_dep kcoreaddons)
502 + $(add_frameworks_dep kcrash)
503 + $(add_frameworks_dep kdbusaddons)
504 + $(add_frameworks_dep kdeclarative)
505 + $(add_frameworks_dep kdelibs4support)
506 + $(add_frameworks_dep kglobalaccel)
507 + $(add_frameworks_dep kguiaddons)
508 + $(add_frameworks_dep ki18n)
509 + $(add_frameworks_dep kiconthemes)
510 + $(add_frameworks_dep kidletime)
511 + $(add_frameworks_dep kio)
512 + $(add_frameworks_dep kitemmodels)
513 + $(add_frameworks_dep kitemviews)
514 + $(add_frameworks_dep kjobwidgets)
515 + $(add_frameworks_dep kjs)
516 + $(add_frameworks_dep kjsembed)
517 + $(add_frameworks_dep knewstuff)
518 + $(add_frameworks_dep knotifications)
519 + $(add_frameworks_dep knotifyconfig)
520 + $(add_frameworks_dep kpackage)
521 + $(add_frameworks_dep krunner)
522 + $(add_frameworks_dep kservice)
523 + $(add_frameworks_dep ktexteditor)
524 + $(add_frameworks_dep ktextwidgets)
525 + $(add_frameworks_dep kwallet)
526 + $(add_frameworks_dep kwayland)
527 + $(add_frameworks_dep kwidgetsaddons)
528 + $(add_frameworks_dep kwindowsystem)
529 + $(add_frameworks_dep kxmlgui)
530 + $(add_frameworks_dep plasma)
531 + $(add_frameworks_dep solid)
532 + $(add_plasma_dep kscreenlocker)
533 + $(add_plasma_dep kwin)
534 + $(add_plasma_dep libksysguard)
535 + $(add_qt_dep qtdbus)
536 + $(add_qt_dep qtdeclarative 'widgets')
537 + $(add_qt_dep qtgui 'jpeg')
538 + $(add_qt_dep qtnetwork)
539 + $(add_qt_dep qtscript)
540 + $(add_qt_dep qtsql)
541 + $(add_qt_dep qtwidgets)
542 + $(add_qt_dep qtx11extras)
543 + $(add_qt_dep qtxml)
544 + media-libs/phonon[qt5(+)]
545 + sys-libs/zlib
546 + x11-libs/libICE
547 + x11-libs/libSM
548 + x11-libs/libX11
549 + x11-libs/libXau
550 + x11-libs/libxcb
551 + x11-libs/libXfixes
552 + x11-libs/libXrender
553 + x11-libs/libXtst
554 + x11-libs/xcb-util
555 + x11-libs/xcb-util-image
556 + appstream? ( dev-libs/appstream[qt5] )
557 + calendar? ( $(add_kdeapps_dep kholidays) )
558 + geolocation? ( $(add_frameworks_dep networkmanager-qt) )
559 + gps? ( sci-geosciences/gpsd )
560 + prison? ( $(add_frameworks_dep prison) )
561 + qalculate? ( sci-libs/libqalculate:= )
562 + semantic-desktop? ( $(add_frameworks_dep baloo) )
563 +"
564 +RDEPEND="${COMMON_DEPEND}
565 + $(add_frameworks_dep kded)
566 + $(add_frameworks_dep kdesu)
567 + $(add_kdeapps_dep kio-extras)
568 + $(add_plasma_dep kde-cli-tools)
569 + $(add_plasma_dep ksysguard)
570 + $(add_plasma_dep milou)
571 + $(add_plasma_dep plasma-integration)
572 + $(add_qt_dep qdbus)
573 + $(add_qt_dep qtgraphicaleffects)
574 + $(add_qt_dep qtpaths)
575 + $(add_qt_dep qtquickcontrols 'widgets')
576 + app-text/iso-codes
577 + x11-apps/mkfontdir
578 + x11-apps/xmessage
579 + x11-apps/xprop
580 + x11-apps/xrdb
581 + x11-apps/xset
582 + x11-apps/xsetroot
583 + systemd? ( sys-apps/dbus[user-session] )
584 + !systemd? ( sys-apps/dbus )
585 + !dev-libs/xembed-sni-proxy
586 + !kde-plasma/freespacenotifier:4
587 + !kde-plasma/libtaskmanager:4
588 + !kde-plasma/kcminit:4
589 + !kde-plasma/kdebase-startkde:4
590 + !kde-plasma/klipper:4
591 + !kde-plasma/krunner:4
592 + !kde-plasma/ksmserver:4
593 + !kde-plasma/ksplash:4
594 + !kde-plasma/plasma-workspace:4
595 +"
596 +DEPEND="${COMMON_DEPEND}
597 + $(add_qt_dep qtconcurrent)
598 + x11-proto/xproto
599 +"
600 +
601 +PATCHES=(
602 + "${FILESDIR}/${PN}-5.4-startkde-script.patch"
603 + "${FILESDIR}/${PN}-5.10-startplasmacompositor-script.patch"
604 + "${FILESDIR}/${PN}-5.10.4-unused-dep.patch"
605 + "${FILESDIR}/${P}-CVE-2018-6790.patch"
606 + "${FILESDIR}/${P}-CVE-2018-6791.patch"
607 +)
608 +
609 +RESTRICT+=" test"
610 +
611 +src_prepare() {
612 + kde5_src_prepare
613 +
614 + sed -e "s|\`qtpaths|\`$(qt5_get_bindir)/qtpaths|" \
615 + -i startkde/startkde.cmake startkde/startplasmacompositor.cmake || die
616 +}
617 +
618 +src_configure() {
619 + local mycmakeargs=(
620 + $(cmake-utils_use_find_package appstream AppStreamQt)
621 + $(cmake-utils_use_find_package calendar KF5Holidays)
622 + $(cmake-utils_use_find_package geolocation KF5NetworkManagerQt)
623 + $(cmake-utils_use_find_package prison KF5Prison)
624 + $(cmake-utils_use_find_package qalculate Qalculate)
625 + $(cmake-utils_use_find_package semantic-desktop KF5Baloo)
626 + )
627 +
628 + use gps && mycmakeargs+=( $(cmake-utils_use_find_package gps libgps) )
629 +
630 + kde5_src_configure
631 +}
632 +
633 +src_install() {
634 + kde5_src_install
635 +
636 + # startup and shutdown scripts
637 + insinto /etc/plasma/startup
638 + doins "${FILESDIR}/10-agent-startup.sh"
639 +
640 + insinto /etc/plasma/shutdown
641 + doins "${FILESDIR}/10-agent-shutdown.sh"
642 +}
643 +
644 +pkg_postinst () {
645 + kde5_pkg_postinst
646 +
647 + echo
648 + elog "To enable gpg-agent and/or ssh-agent in Plasma sessions,"
649 + elog "edit ${EPREFIX}/etc/plasma/startup/10-agent-startup.sh and"
650 + elog "${EPREFIX}/etc/plasma/shutdown/10-agent-shutdown.sh"
651 + echo
652 +}
Report Message
Find on MARC Find on Google Groups