[gentoo-commits] proj/kde:master commit in: kde-base/kdeplasma-addons/files/, kde-base/kdeplasma-addons/ - gentoo-commits

From:	Johannes Huber <johu@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/kde:master commit in: kde-base/kdeplasma-addons/files/, kde-base/kdeplasma-addons/
Date:	Tue, 04 Jun 2013 17:34:30
Message-Id:	`1370367258.7481883cd3d32ce567db6e7c81e80ead11ff06be.johu@gentoo`

1

commit:     7481883cd3d32ce567db6e7c81e80ead11ff06be

2

Author:     Johannes Huber <johu <AT> gentoo <DOT> org>

3

AuthorDate: Tue Jun  4 17:34:18 2013 +0000

4

Commit:     Johannes Huber <johu <AT> gentoo <DOT> org>

5

CommitDate: Tue Jun  4 17:34:18 2013 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/kde.git;a=commit;h=7481883c

7

8

[kde-base/kdeplasma-addons] Backport patch from upstream to fix CVE-2013-2120 wrt bug #471904 by kensington.

9

10

Package-Manager: portage-2.2.0_alpha177

11

12

---

13

 .../kdeplasma-addons-4.10.3-cve-2013-2120.patch    | 81 ++++++++++++++++++++++

14

 .../kdeplasma-addons-4.10.4.ebuild                 |  4 +-

15

 2 files changed, 84 insertions(+), 1 deletion(-)

16

17

diff --git a/kde-base/kdeplasma-addons/files/kdeplasma-addons-4.10.3-cve-2013-2120.patch b/kde-base/kdeplasma-addons/files/kdeplasma-addons-4.10.3-cve-2013-2120.patch

18

new file mode 100644

19

index 0000000..88d7879

20

--- /dev/null

21

+++ b/kde-base/kdeplasma-addons/files/kdeplasma-addons-4.10.3-cve-2013-2120.patch

22

@@ -0,0 +1,81 @@

23

+From d84015218bf78b707650cf5426ae1a469d37c29d Mon Sep 17 00:00:00 2001

24

+From: Aaron Seigo <aseigo@×××.org>

25

+Date: Mon, 3 Jun 2013 19:16:32 +0200

26

+Subject: [PATCH] use KRandom, avoid modulo bias

27

+

28

+---

29

+ applets/paste/pastemacroexpander.cpp | 29 ++++++++++++++++++++++-------

30

+ 1 file changed, 22 insertions(+), 7 deletions(-)

31

+

32

+diff --git a/applets/paste/pastemacroexpander.cpp b/applets/paste/pastemacroexpander.cpp

33

+index ea6163f..d0a8b49 100644

34

+--- a/applets/paste/pastemacroexpander.cpp

35

++++ b/applets/paste/pastemacroexpander.cpp

36

+@@ -27,6 +27,7 @@

37

+ #include <KDebug>

38

+ #include <KLocale>

39

+ #include <KMessageBox>

40

++#include <KRandom>

41

+

42

+ class PasteMacroExpanderSingleton

43

+ {

44

+@@ -142,35 +143,49 @@ QString PasteMacroExpander::password(const QString& args)

45

+             << "01234567890"

46

+             << "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~";

47

+

48

+-    int charCount;

49

++    int charCount = 8;

50

+     QString chars;

51

+     QString result;

52

+

53

+     if (a.count() > 0) {

54

+-        charCount = qMax(a[0].trimmed().toInt(), 1);

55

+-    } else {

56

+-        charCount = 8;

57

++        charCount = qMax(a[0].trimmed().toInt(), 8);

58

+     }

59

++

60

+     if (a.count() < 2) {

61

+         chars = characterSets.join("");

62

+     }

63

++

64

+     if (a.count() > 1) {

65

+         chars += (a[1].trimmed() == "true") ? characterSets[0] : "";

66

+     }

67

++

68

+     if (a.count() > 2) {

69

+         chars += (a[2].trimmed() == "true") ? characterSets[1] : "";

70

+     }

71

++

72

+     if (a.count() > 3) {

73

+         chars += (a[3].trimmed() == "true") ? characterSets[2] : "";

74

+     }

75

++

76

+     if (a.count() > 4) {

77

+         chars += (a[4].trimmed() == "true") ? characterSets[3] : "";

78

+     }

79

+

80

+-    QDateTime now = QDateTime::currentDateTime();

81

+-    qsrand(now.toTime_t() / now.time().msec());

82

++    const int setSize = chars.count();

83

++    const int top = (RAND_MAX / setSize) * setSize;

84

++    kDebug() << "topping out at " << setSize << RAND_MAX << top;

85

+     for (int i = 0; i < charCount; ++i) {

86

+-        result += chars[qrand() % chars.count()];

87

++        // to prevent modulo bias, discard random numbers at the

88

++        // 'top end' of INT_MAX

89

++        int rand = -1;

90

++        do {

91

++            if (rand > 0) {

92

++                kDebug() << "Ha!" << rand;

93

++            }

94

++            rand = KRandom::random();

95

++        } while (rand >= top);

96

++

97

++        result += chars[rand % setSize];

98

+     }

99

+     //kDebug() << result;

100

+     return result;

101

+--

102

+1.8.2.1

103

+

104

105

diff --git a/kde-base/kdeplasma-addons/kdeplasma-addons-4.10.4.ebuild b/kde-base/kdeplasma-addons/kdeplasma-addons-4.10.4.ebuild

106

index be3662d..0b3cf52 100644

107

--- a/kde-base/kdeplasma-addons/kdeplasma-addons-4.10.4.ebuild

108

+++ b/kde-base/kdeplasma-addons/kdeplasma-addons-4.10.4.ebuild

109

@@ -8,7 +8,7 @@ inherit kde4-base

110

111

 DESCRIPTION="Extra Plasma applets and engines"

112

 LICENSE="GPL-2 LGPL-2"

113

-KEYWORDS=" ~amd64 ~arm ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"

114

+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"

115

 IUSE="attica debug desktopglobe exif fcitx ibus json oauth qalculate qwt scim

116

 semantic-desktop"

117

118

@@ -44,6 +44,8 @@ DEPEND="${COMMON_DEPEND}

119

 RDEPEND="${COMMON_DEPEND}

120

"

121

122

+PATCHES=( "${FILESDIR}/${PN}-4.10.3-cve-2013-2120.patch" )

123

+

124

 src_configure() {

125

 	mycmakeargs=(

126

 		-DDBUS_INTERFACES_INSTALL_DIR="${EPREFIX}/usr/share/dbus-1/interfaces/"

1	commit: 7481883cd3d32ce567db6e7c81e80ead11ff06be
2	Author: Johannes Huber <johu <AT> gentoo <DOT> org>
3	AuthorDate: Tue Jun 4 17:34:18 2013 +0000
4	Commit: Johannes Huber <johu <AT> gentoo <DOT> org>
5	CommitDate: Tue Jun 4 17:34:18 2013 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/kde.git;a=commit;h=7481883c
7
8	[kde-base/kdeplasma-addons] Backport patch from upstream to fix CVE-2013-2120 wrt bug #471904 by kensington.
9
10	Package-Manager: portage-2.2.0_alpha177
11
12	---
13	.../kdeplasma-addons-4.10.3-cve-2013-2120.patch \| 81 ++++++++++++++++++++++
14	.../kdeplasma-addons-4.10.4.ebuild \| 4 +-
15	2 files changed, 84 insertions(+), 1 deletion(-)
16
17	diff --git a/kde-base/kdeplasma-addons/files/kdeplasma-addons-4.10.3-cve-2013-2120.patch b/kde-base/kdeplasma-addons/files/kdeplasma-addons-4.10.3-cve-2013-2120.patch
18	new file mode 100644
19	index 0000000..88d7879
20	--- /dev/null
21	+++ b/kde-base/kdeplasma-addons/files/kdeplasma-addons-4.10.3-cve-2013-2120.patch
22	@@ -0,0 +1,81 @@
23	+From d84015218bf78b707650cf5426ae1a469d37c29d Mon Sep 17 00:00:00 2001
24	+From: Aaron Seigo <aseigo@×××.org>
25	+Date: Mon, 3 Jun 2013 19:16:32 +0200
26	+Subject: [PATCH] use KRandom, avoid modulo bias
27	+
28	+---
29	+ applets/paste/pastemacroexpander.cpp \| 29 ++++++++++++++++++++++-------
30	+ 1 file changed, 22 insertions(+), 7 deletions(-)
31	+
32	+diff --git a/applets/paste/pastemacroexpander.cpp b/applets/paste/pastemacroexpander.cpp
33	+index ea6163f..d0a8b49 100644
34	+--- a/applets/paste/pastemacroexpander.cpp
35	++++ b/applets/paste/pastemacroexpander.cpp
36	+@@ -27,6 +27,7 @@
37	+ #include <KDebug>
38	+ #include <KLocale>
39	+ #include <KMessageBox>
40	++#include <KRandom>
41	+
42	+ class PasteMacroExpanderSingleton
43	+ {
44	+@@ -142,35 +143,49 @@ QString PasteMacroExpander::password(const QString& args)
45	+ << "01234567890"
46	+ << "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{\|}~";
47	+
48	+- int charCount;
49	++ int charCount = 8;
50	+ QString chars;
51	+ QString result;
52	+
53	+ if (a.count() > 0) {
54	+- charCount = qMax(a[0].trimmed().toInt(), 1);
55	+- } else {
56	+- charCount = 8;
57	++ charCount = qMax(a[0].trimmed().toInt(), 8);
58	+ }
59	++
60	+ if (a.count() < 2) {
61	+ chars = characterSets.join("");
62	+ }
63	++
64	+ if (a.count() > 1) {
65	+ chars += (a[1].trimmed() == "true") ? characterSets[0] : "";
66	+ }
67	++
68	+ if (a.count() > 2) {
69	+ chars += (a[2].trimmed() == "true") ? characterSets[1] : "";
70	+ }
71	++
72	+ if (a.count() > 3) {
73	+ chars += (a[3].trimmed() == "true") ? characterSets[2] : "";
74	+ }
75	++
76	+ if (a.count() > 4) {
77	+ chars += (a[4].trimmed() == "true") ? characterSets[3] : "";
78	+ }
79	+
80	+- QDateTime now = QDateTime::currentDateTime();
81	+- qsrand(now.toTime_t() / now.time().msec());
82	++ const int setSize = chars.count();
83	++ const int top = (RAND_MAX / setSize) * setSize;
84	++ kDebug() << "topping out at " << setSize << RAND_MAX << top;
85	+ for (int i = 0; i < charCount; ++i) {
86	+- result += chars[qrand() % chars.count()];
87	++ // to prevent modulo bias, discard random numbers at the
88	++ // 'top end' of INT_MAX
89	++ int rand = -1;
90	++ do {
91	++ if (rand > 0) {
92	++ kDebug() << "Ha!" << rand;
93	++ }
94	++ rand = KRandom::random();
95	++ } while (rand >= top);
96	++
97	++ result += chars[rand % setSize];
98	+ }
99	+ //kDebug() << result;
100	+ return result;
101	+--
102	+1.8.2.1
103	+
104
105	diff --git a/kde-base/kdeplasma-addons/kdeplasma-addons-4.10.4.ebuild b/kde-base/kdeplasma-addons/kdeplasma-addons-4.10.4.ebuild
106	index be3662d..0b3cf52 100644
107	--- a/kde-base/kdeplasma-addons/kdeplasma-addons-4.10.4.ebuild
108	+++ b/kde-base/kdeplasma-addons/kdeplasma-addons-4.10.4.ebuild
109	@@ -8,7 +8,7 @@ inherit kde4-base
110
111	DESCRIPTION="Extra Plasma applets and engines"
112	LICENSE="GPL-2 LGPL-2"
113	-KEYWORDS=" ~amd64 ~arm ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
114	+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
115	IUSE="attica debug desktopglobe exif fcitx ibus json oauth qalculate qwt scim
116	semantic-desktop"
117
118	@@ -44,6 +44,8 @@ DEPEND="${COMMON_DEPEND}
119	RDEPEND="${COMMON_DEPEND}
120	"
121
122	+PATCHES=( "${FILESDIR}/${PN}-4.10.3-cve-2013-2120.patch" )
123	+
124	src_configure() {
125	mycmakeargs=(
126	-DDBUS_INTERFACES_INSTALL_DIR="${EPREFIX}/usr/share/dbus-1/interfaces/"

Gentoo Archives: gentoo-commits