| 1 |
commit: 7096ccdac9c9e8d38b8b5f644258a44b5227f798 |
| 2 |
Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com> |
| 3 |
AuthorDate: Tue Sep 11 19:25:54 2018 +0000 |
| 4 |
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Wed Sep 12 05:34:11 2018 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/kde.git/commit/?id=7096ccda |
| 7 |
|
| 8 |
kde-frameworks/ktexteditor: remove unused patch(es) |
| 9 |
|
| 10 |
Closes: https://github.com/gentoo/kde/pull/868 |
| 11 |
|
| 12 |
.../files/ktexteditor-5.46.0-CVE-2018-10361.patch | 187 --------------------- |
| 13 |
1 file changed, 187 deletions(-) |
| 14 |
|
| 15 |
diff --git a/kde-frameworks/ktexteditor/files/ktexteditor-5.46.0-CVE-2018-10361.patch b/kde-frameworks/ktexteditor/files/ktexteditor-5.46.0-CVE-2018-10361.patch |
| 16 |
deleted file mode 100644 |
| 17 |
index d3b9b5d480..0000000000 |
| 18 |
--- a/kde-frameworks/ktexteditor/files/ktexteditor-5.46.0-CVE-2018-10361.patch |
| 19 |
+++ /dev/null |
| 20 |
@@ -1,187 +0,0 @@ |
| 21 |
-From c81af5aa1d4f6e0f8c44b2e85ca007ba2a1e4590 Mon Sep 17 00:00:00 2001 |
| 22 |
-From: Christoph Cullmann <cullmann@×××.org> |
| 23 |
-Date: Thu, 7 Jun 2018 16:12:25 +0200 |
| 24 |
-Subject: CVE-2018-10361: privilege escalation |
| 25 |
- |
| 26 |
-improve handling of temporary file to avoid possible race-condition |
| 27 |
- |
| 28 |
-Differential Revision: https://phabricator.kde.org/D12513 |
| 29 |
---- |
| 30 |
- src/buffer/katesecuretextbuffer.cpp | 99 +++++++++++++++++-------------------- |
| 31 |
- src/buffer/katesecuretextbuffer_p.h | 4 -- |
| 32 |
- 2 files changed, 46 insertions(+), 57 deletions(-) |
| 33 |
- |
| 34 |
-diff --git a/src/buffer/katesecuretextbuffer.cpp b/src/buffer/katesecuretextbuffer.cpp |
| 35 |
-index 0647bee..c014608 100644 |
| 36 |
---- a/src/buffer/katesecuretextbuffer.cpp |
| 37 |
-+++ b/src/buffer/katesecuretextbuffer.cpp |
| 38 |
-@@ -53,39 +53,37 @@ ActionReply SecureTextBuffer::savefile(const QVariantMap &args) |
| 39 |
- bool SecureTextBuffer::saveFileInternal(const QString &sourceFile, const QString &targetFile, |
| 40 |
- const QByteArray &checksum, const uint ownerId, const uint groupId) |
| 41 |
- { |
| 42 |
-- QFileInfo targetFileInfo(targetFile); |
| 43 |
-- if (!QDir::setCurrent(targetFileInfo.dir().path())) { |
| 44 |
-+ /** |
| 45 |
-+ * open source file for reading |
| 46 |
-+ * if not possible, signal error |
| 47 |
-+ */ |
| 48 |
-+ QFile readFile(sourceFile); |
| 49 |
-+ if (!readFile.open(QIODevice::ReadOnly)) { |
| 50 |
- return false; |
| 51 |
- } |
| 52 |
- |
| 53 |
-- // get information about target file |
| 54 |
-- const QString targetFileName = targetFileInfo.fileName(); |
| 55 |
-- targetFileInfo.setFile(targetFileName); |
| 56 |
-- const bool newFile = !targetFileInfo.exists(); |
| 57 |
-- |
| 58 |
-- // open source and target file |
| 59 |
-- QFile readFile(sourceFile); |
| 60 |
-- //TODO use QSaveFile for saving contents and automatic atomic move on commit() when QSaveFile's security problem |
| 61 |
-- // (default temporary file permissions) is fixed |
| 62 |
-- // |
| 63 |
-- // We will first generate temporary filename and then use it relatively to prevent an attacker |
| 64 |
-- // to trick us to write contents to a different file by changing underlying directory. |
| 65 |
-- QTemporaryFile tempFile(targetFileName); |
| 66 |
-+ /** |
| 67 |
-+ * construct file info for target file |
| 68 |
-+ * we need to know things like path/exists/permissions |
| 69 |
-+ */ |
| 70 |
-+ const QFileInfo targetFileInfo(targetFile); |
| 71 |
-+ |
| 72 |
-+ /** |
| 73 |
-+ * create temporary file in current directory to be able to later do an atomic rename |
| 74 |
-+ * we need to pass full path, else QTemporaryFile uses the temporary directory |
| 75 |
-+ * if not possible, signal error, this catches e.g. a non-existing target directory, too |
| 76 |
-+ */ |
| 77 |
-+ QTemporaryFile tempFile(targetFileInfo.absolutePath() + QStringLiteral("/secureXXXXXX")); |
| 78 |
- if (!tempFile.open()) { |
| 79 |
- return false; |
| 80 |
- } |
| 81 |
-- tempFile.close(); |
| 82 |
-- QString tempFileName = QFileInfo(tempFile).fileName(); |
| 83 |
-- tempFile.setFileName(tempFileName); |
| 84 |
-- if (!readFile.open(QIODevice::ReadOnly) || !tempFile.open()) { |
| 85 |
-- return false; |
| 86 |
-- } |
| 87 |
-- const int tempFileDescriptor = tempFile.handle(); |
| 88 |
- |
| 89 |
-- // prepare checksum maker |
| 90 |
-+ /** |
| 91 |
-+ * copy contents + do checksumming |
| 92 |
-+ * if not possible, signal error |
| 93 |
-+ */ |
| 94 |
- QCryptographicHash cryptographicHash(checksumAlgorithm); |
| 95 |
-- |
| 96 |
-- // copy contents |
| 97 |
-+ const qint64 bufferLength = 4096; |
| 98 |
- char buffer[bufferLength]; |
| 99 |
- qint64 read = -1; |
| 100 |
- while ((read = readFile.read(buffer, bufferLength)) > 0) { |
| 101 |
-@@ -95,30 +93,43 @@ bool SecureTextBuffer::saveFileInternal(const QString &sourceFile, const QString |
| 102 |
- } |
| 103 |
- } |
| 104 |
- |
| 105 |
-- // check that copying was successful and checksum matched |
| 106 |
-- QByteArray localChecksum = cryptographicHash.result(); |
| 107 |
-- if (read == -1 || localChecksum != checksum || !tempFile.flush()) { |
| 108 |
-+ /** |
| 109 |
-+ * check that copying was successful and checksum matched |
| 110 |
-+ * we need to flush the file, as QTemporaryFile keeps the handle open |
| 111 |
-+ * and we later do things like renaming of the file! |
| 112 |
-+ * if not possible, signal error |
| 113 |
-+ */ |
| 114 |
-+ if ((read == -1) || (cryptographicHash.result() != checksum) || !tempFile.flush()) { |
| 115 |
- return false; |
| 116 |
- } |
| 117 |
- |
| 118 |
-- tempFile.close(); |
| 119 |
-- |
| 120 |
-- if (newFile) { |
| 121 |
-+ /** |
| 122 |
-+ * try to preserve the permissions |
| 123 |
-+ */ |
| 124 |
-+ if (!targetFileInfo.exists()) { |
| 125 |
- // ensure new file is readable by anyone |
| 126 |
- tempFile.setPermissions(tempFile.permissions() | QFile::Permission::ReadGroup | QFile::Permission::ReadOther); |
| 127 |
- } else { |
| 128 |
- // ensure the same file permissions |
| 129 |
- tempFile.setPermissions(targetFileInfo.permissions()); |
| 130 |
-+ |
| 131 |
- // ensure file has the same owner and group as before |
| 132 |
-- setOwner(tempFileDescriptor, ownerId, groupId); |
| 133 |
-+ setOwner(tempFile.handle(), ownerId, groupId); |
| 134 |
- } |
| 135 |
- |
| 136 |
-- // rename temporary file to the target file |
| 137 |
-- if (moveFile(tempFileName, targetFileName)) { |
| 138 |
-+ /** |
| 139 |
-+ * try to (atomic) rename temporary file to the target file |
| 140 |
-+ */ |
| 141 |
-+ if (moveFile(tempFile.fileName(), targetFileInfo.filePath())) { |
| 142 |
- // temporary file was renamed, there is nothing to remove anymore |
| 143 |
- tempFile.setAutoRemove(false); |
| 144 |
- return true; |
| 145 |
- } |
| 146 |
-+ |
| 147 |
-+ /** |
| 148 |
-+ * we failed |
| 149 |
-+ * QTemporaryFile will handle cleanup |
| 150 |
-+ */ |
| 151 |
- return false; |
| 152 |
- } |
| 153 |
- |
| 154 |
-@@ -141,28 +152,10 @@ bool SecureTextBuffer::moveFile(const QString &sourceFile, const QString &target |
| 155 |
- { |
| 156 |
- #if !defined(Q_OS_WIN) && !defined(Q_OS_ANDROID) |
| 157 |
- const int result = std::rename(QFile::encodeName(sourceFile).constData(), QFile::encodeName(targetFile).constData()); |
| 158 |
-- if (result == 0) { |
| 159 |
-- syncToDisk(QFile(targetFile).handle()); |
| 160 |
-- return true; |
| 161 |
-- } |
| 162 |
-- return false; |
| 163 |
-+ return (result == 0); |
| 164 |
- #else |
| 165 |
- // use racy fallback for windows |
| 166 |
- QFile::remove(targetFile); |
| 167 |
- return QFile::rename(sourceFile, targetFile); |
| 168 |
- #endif |
| 169 |
- } |
| 170 |
-- |
| 171 |
--void SecureTextBuffer::syncToDisk(const int fd) |
| 172 |
--{ |
| 173 |
--#ifndef Q_OS_WIN |
| 174 |
--#if HAVE_FDATASYNC |
| 175 |
-- fdatasync(fd); |
| 176 |
--#else |
| 177 |
-- fsync(fd); |
| 178 |
--#endif |
| 179 |
--#else |
| 180 |
-- // no-op for windows |
| 181 |
--#endif |
| 182 |
--} |
| 183 |
-- |
| 184 |
-diff --git a/src/buffer/katesecuretextbuffer_p.h b/src/buffer/katesecuretextbuffer_p.h |
| 185 |
-index a38285b..e00721c 100644 |
| 186 |
---- a/src/buffer/katesecuretextbuffer_p.h |
| 187 |
-+++ b/src/buffer/katesecuretextbuffer_p.h |
| 188 |
-@@ -56,8 +56,6 @@ public: |
| 189 |
- static const QCryptographicHash::Algorithm checksumAlgorithm = QCryptographicHash::Algorithm::Sha512; |
| 190 |
- |
| 191 |
- private: |
| 192 |
-- static const qint64 bufferLength = 4096; |
| 193 |
-- |
| 194 |
- /** |
| 195 |
- * Saves file contents using sets permissions. |
| 196 |
- */ |
| 197 |
-@@ -66,8 +64,6 @@ private: |
| 198 |
- |
| 199 |
- static bool moveFile(const QString &sourceFile, const QString &targetFile); |
| 200 |
- |
| 201 |
-- static void syncToDisk(const int fd); |
| 202 |
-- |
| 203 |
- public Q_SLOTS: |
| 204 |
- /** |
| 205 |
- * KAuth action to perform both prepare or move work based on given parameters. |
| 206 |
--- |
| 207 |
-cgit v0.11.2 |
Archives