1 |
commit: 7096ccdac9c9e8d38b8b5f644258a44b5227f798 |
2 |
Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com> |
3 |
AuthorDate: Tue Sep 11 19:25:54 2018 +0000 |
4 |
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Sep 12 05:34:11 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/kde.git/commit/?id=7096ccda |
7 |
|
8 |
kde-frameworks/ktexteditor: remove unused patch(es) |
9 |
|
10 |
Closes: https://github.com/gentoo/kde/pull/868 |
11 |
|
12 |
.../files/ktexteditor-5.46.0-CVE-2018-10361.patch | 187 --------------------- |
13 |
1 file changed, 187 deletions(-) |
14 |
|
15 |
diff --git a/kde-frameworks/ktexteditor/files/ktexteditor-5.46.0-CVE-2018-10361.patch b/kde-frameworks/ktexteditor/files/ktexteditor-5.46.0-CVE-2018-10361.patch |
16 |
deleted file mode 100644 |
17 |
index d3b9b5d480..0000000000 |
18 |
--- a/kde-frameworks/ktexteditor/files/ktexteditor-5.46.0-CVE-2018-10361.patch |
19 |
+++ /dev/null |
20 |
@@ -1,187 +0,0 @@ |
21 |
-From c81af5aa1d4f6e0f8c44b2e85ca007ba2a1e4590 Mon Sep 17 00:00:00 2001 |
22 |
-From: Christoph Cullmann <cullmann@×××.org> |
23 |
-Date: Thu, 7 Jun 2018 16:12:25 +0200 |
24 |
-Subject: CVE-2018-10361: privilege escalation |
25 |
- |
26 |
-improve handling of temporary file to avoid possible race-condition |
27 |
- |
28 |
-Differential Revision: https://phabricator.kde.org/D12513 |
29 |
---- |
30 |
- src/buffer/katesecuretextbuffer.cpp | 99 +++++++++++++++++-------------------- |
31 |
- src/buffer/katesecuretextbuffer_p.h | 4 -- |
32 |
- 2 files changed, 46 insertions(+), 57 deletions(-) |
33 |
- |
34 |
-diff --git a/src/buffer/katesecuretextbuffer.cpp b/src/buffer/katesecuretextbuffer.cpp |
35 |
-index 0647bee..c014608 100644 |
36 |
---- a/src/buffer/katesecuretextbuffer.cpp |
37 |
-+++ b/src/buffer/katesecuretextbuffer.cpp |
38 |
-@@ -53,39 +53,37 @@ ActionReply SecureTextBuffer::savefile(const QVariantMap &args) |
39 |
- bool SecureTextBuffer::saveFileInternal(const QString &sourceFile, const QString &targetFile, |
40 |
- const QByteArray &checksum, const uint ownerId, const uint groupId) |
41 |
- { |
42 |
-- QFileInfo targetFileInfo(targetFile); |
43 |
-- if (!QDir::setCurrent(targetFileInfo.dir().path())) { |
44 |
-+ /** |
45 |
-+ * open source file for reading |
46 |
-+ * if not possible, signal error |
47 |
-+ */ |
48 |
-+ QFile readFile(sourceFile); |
49 |
-+ if (!readFile.open(QIODevice::ReadOnly)) { |
50 |
- return false; |
51 |
- } |
52 |
- |
53 |
-- // get information about target file |
54 |
-- const QString targetFileName = targetFileInfo.fileName(); |
55 |
-- targetFileInfo.setFile(targetFileName); |
56 |
-- const bool newFile = !targetFileInfo.exists(); |
57 |
-- |
58 |
-- // open source and target file |
59 |
-- QFile readFile(sourceFile); |
60 |
-- //TODO use QSaveFile for saving contents and automatic atomic move on commit() when QSaveFile's security problem |
61 |
-- // (default temporary file permissions) is fixed |
62 |
-- // |
63 |
-- // We will first generate temporary filename and then use it relatively to prevent an attacker |
64 |
-- // to trick us to write contents to a different file by changing underlying directory. |
65 |
-- QTemporaryFile tempFile(targetFileName); |
66 |
-+ /** |
67 |
-+ * construct file info for target file |
68 |
-+ * we need to know things like path/exists/permissions |
69 |
-+ */ |
70 |
-+ const QFileInfo targetFileInfo(targetFile); |
71 |
-+ |
72 |
-+ /** |
73 |
-+ * create temporary file in current directory to be able to later do an atomic rename |
74 |
-+ * we need to pass full path, else QTemporaryFile uses the temporary directory |
75 |
-+ * if not possible, signal error, this catches e.g. a non-existing target directory, too |
76 |
-+ */ |
77 |
-+ QTemporaryFile tempFile(targetFileInfo.absolutePath() + QStringLiteral("/secureXXXXXX")); |
78 |
- if (!tempFile.open()) { |
79 |
- return false; |
80 |
- } |
81 |
-- tempFile.close(); |
82 |
-- QString tempFileName = QFileInfo(tempFile).fileName(); |
83 |
-- tempFile.setFileName(tempFileName); |
84 |
-- if (!readFile.open(QIODevice::ReadOnly) || !tempFile.open()) { |
85 |
-- return false; |
86 |
-- } |
87 |
-- const int tempFileDescriptor = tempFile.handle(); |
88 |
- |
89 |
-- // prepare checksum maker |
90 |
-+ /** |
91 |
-+ * copy contents + do checksumming |
92 |
-+ * if not possible, signal error |
93 |
-+ */ |
94 |
- QCryptographicHash cryptographicHash(checksumAlgorithm); |
95 |
-- |
96 |
-- // copy contents |
97 |
-+ const qint64 bufferLength = 4096; |
98 |
- char buffer[bufferLength]; |
99 |
- qint64 read = -1; |
100 |
- while ((read = readFile.read(buffer, bufferLength)) > 0) { |
101 |
-@@ -95,30 +93,43 @@ bool SecureTextBuffer::saveFileInternal(const QString &sourceFile, const QString |
102 |
- } |
103 |
- } |
104 |
- |
105 |
-- // check that copying was successful and checksum matched |
106 |
-- QByteArray localChecksum = cryptographicHash.result(); |
107 |
-- if (read == -1 || localChecksum != checksum || !tempFile.flush()) { |
108 |
-+ /** |
109 |
-+ * check that copying was successful and checksum matched |
110 |
-+ * we need to flush the file, as QTemporaryFile keeps the handle open |
111 |
-+ * and we later do things like renaming of the file! |
112 |
-+ * if not possible, signal error |
113 |
-+ */ |
114 |
-+ if ((read == -1) || (cryptographicHash.result() != checksum) || !tempFile.flush()) { |
115 |
- return false; |
116 |
- } |
117 |
- |
118 |
-- tempFile.close(); |
119 |
-- |
120 |
-- if (newFile) { |
121 |
-+ /** |
122 |
-+ * try to preserve the permissions |
123 |
-+ */ |
124 |
-+ if (!targetFileInfo.exists()) { |
125 |
- // ensure new file is readable by anyone |
126 |
- tempFile.setPermissions(tempFile.permissions() | QFile::Permission::ReadGroup | QFile::Permission::ReadOther); |
127 |
- } else { |
128 |
- // ensure the same file permissions |
129 |
- tempFile.setPermissions(targetFileInfo.permissions()); |
130 |
-+ |
131 |
- // ensure file has the same owner and group as before |
132 |
-- setOwner(tempFileDescriptor, ownerId, groupId); |
133 |
-+ setOwner(tempFile.handle(), ownerId, groupId); |
134 |
- } |
135 |
- |
136 |
-- // rename temporary file to the target file |
137 |
-- if (moveFile(tempFileName, targetFileName)) { |
138 |
-+ /** |
139 |
-+ * try to (atomic) rename temporary file to the target file |
140 |
-+ */ |
141 |
-+ if (moveFile(tempFile.fileName(), targetFileInfo.filePath())) { |
142 |
- // temporary file was renamed, there is nothing to remove anymore |
143 |
- tempFile.setAutoRemove(false); |
144 |
- return true; |
145 |
- } |
146 |
-+ |
147 |
-+ /** |
148 |
-+ * we failed |
149 |
-+ * QTemporaryFile will handle cleanup |
150 |
-+ */ |
151 |
- return false; |
152 |
- } |
153 |
- |
154 |
-@@ -141,28 +152,10 @@ bool SecureTextBuffer::moveFile(const QString &sourceFile, const QString &target |
155 |
- { |
156 |
- #if !defined(Q_OS_WIN) && !defined(Q_OS_ANDROID) |
157 |
- const int result = std::rename(QFile::encodeName(sourceFile).constData(), QFile::encodeName(targetFile).constData()); |
158 |
-- if (result == 0) { |
159 |
-- syncToDisk(QFile(targetFile).handle()); |
160 |
-- return true; |
161 |
-- } |
162 |
-- return false; |
163 |
-+ return (result == 0); |
164 |
- #else |
165 |
- // use racy fallback for windows |
166 |
- QFile::remove(targetFile); |
167 |
- return QFile::rename(sourceFile, targetFile); |
168 |
- #endif |
169 |
- } |
170 |
-- |
171 |
--void SecureTextBuffer::syncToDisk(const int fd) |
172 |
--{ |
173 |
--#ifndef Q_OS_WIN |
174 |
--#if HAVE_FDATASYNC |
175 |
-- fdatasync(fd); |
176 |
--#else |
177 |
-- fsync(fd); |
178 |
--#endif |
179 |
--#else |
180 |
-- // no-op for windows |
181 |
--#endif |
182 |
--} |
183 |
-- |
184 |
-diff --git a/src/buffer/katesecuretextbuffer_p.h b/src/buffer/katesecuretextbuffer_p.h |
185 |
-index a38285b..e00721c 100644 |
186 |
---- a/src/buffer/katesecuretextbuffer_p.h |
187 |
-+++ b/src/buffer/katesecuretextbuffer_p.h |
188 |
-@@ -56,8 +56,6 @@ public: |
189 |
- static const QCryptographicHash::Algorithm checksumAlgorithm = QCryptographicHash::Algorithm::Sha512; |
190 |
- |
191 |
- private: |
192 |
-- static const qint64 bufferLength = 4096; |
193 |
-- |
194 |
- /** |
195 |
- * Saves file contents using sets permissions. |
196 |
- */ |
197 |
-@@ -66,8 +64,6 @@ private: |
198 |
- |
199 |
- static bool moveFile(const QString &sourceFile, const QString &targetFile); |
200 |
- |
201 |
-- static void syncToDisk(const int fd); |
202 |
-- |
203 |
- public Q_SLOTS: |
204 |
- /** |
205 |
- * KAuth action to perform both prepare or move work based on given parameters. |
206 |
--- |
207 |
-cgit v0.11.2 |