1 |
commit: d68e0a691d63ed87eed3e1fc1e0972a29c69e7f1 |
2 |
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun May 10 15:17:37 2020 +0000 |
4 |
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun May 10 15:59:24 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d68e0a69 |
7 |
|
8 |
kde-apps/kio-extras: Fix CVE-2020-12755 |
9 |
|
10 |
Bug: https://bugs.gentoo.org/722152 |
11 |
Package-Manager: Portage-2.3.99, Repoman-2.3.22 |
12 |
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> |
13 |
|
14 |
.../files/kio-extras-19.12.3-CVE-2020-12755.patch | 26 ++++++ |
15 |
kde-apps/kio-extras/kio-extras-19.12.3-r1.ebuild | 89 ++++++++++++++++++++ |
16 |
kde-apps/kio-extras/kio-extras-20.04.0-r1.ebuild | 97 ++++++++++++++++++++++ |
17 |
3 files changed, 212 insertions(+) |
18 |
|
19 |
diff --git a/kde-apps/kio-extras/files/kio-extras-19.12.3-CVE-2020-12755.patch b/kde-apps/kio-extras/files/kio-extras-19.12.3-CVE-2020-12755.patch |
20 |
new file mode 100644 |
21 |
index 00000000000..188eb28f104 |
22 |
--- /dev/null |
23 |
+++ b/kde-apps/kio-extras/files/kio-extras-19.12.3-CVE-2020-12755.patch |
24 |
@@ -0,0 +1,26 @@ |
25 |
+From d813cef3cecdec9af1532a40d677a203ff979145 Mon Sep 17 00:00:00 2001 |
26 |
+From: David Faure <faure@×××.org> |
27 |
+Date: Sat, 9 May 2020 11:20:48 +0200 |
28 |
+Subject: Only store password in KWallet if the user asked for it |
29 |
+ |
30 |
+--- |
31 |
+ fish/fish.cpp | 4 +++- |
32 |
+ 1 file changed, 3 insertions(+), 1 deletion(-) |
33 |
+ |
34 |
+diff --git a/fish/fish.cpp b/fish/fish.cpp |
35 |
+index a18ef34..ccd71d3 100644 |
36 |
+--- a/fish/fish.cpp |
37 |
++++ b/fish/fish.cpp |
38 |
+@@ -595,7 +595,9 @@ int fishProtocol::establishConnection(const QByteArray &buffer) { |
39 |
+ infoMessage(i18n("Initiating protocol...")); |
40 |
+ if (!connectionAuth.password.isEmpty()) { |
41 |
+ connectionAuth.password = connectionAuth.password.left(connectionAuth.password.length()-1); |
42 |
+- cacheAuthentication(connectionAuth); |
43 |
++ if (connectionAuth.keepPassword) { |
44 |
++ cacheAuthentication(connectionAuth); |
45 |
++ } |
46 |
+ } |
47 |
+ isLoggedIn = true; |
48 |
+ return 0; |
49 |
+-- |
50 |
+cgit v1.1 |
51 |
|
52 |
diff --git a/kde-apps/kio-extras/kio-extras-19.12.3-r1.ebuild b/kde-apps/kio-extras/kio-extras-19.12.3-r1.ebuild |
53 |
new file mode 100644 |
54 |
index 00000000000..9447420e2d4 |
55 |
--- /dev/null |
56 |
+++ b/kde-apps/kio-extras/kio-extras-19.12.3-r1.ebuild |
57 |
@@ -0,0 +1,89 @@ |
58 |
+# Copyright 1999-2020 Gentoo Authors |
59 |
+# Distributed under the terms of the GNU General Public License v2 |
60 |
+ |
61 |
+EAPI=7 |
62 |
+ |
63 |
+ECM_HANDBOOK="forceoptional" |
64 |
+ECM_TEST="optional" |
65 |
+KFMIN=5.63.0 |
66 |
+QTMIN=5.12.3 |
67 |
+VIRTUALX_REQUIRED="test" |
68 |
+inherit ecm kde.org |
69 |
+ |
70 |
+DESCRIPTION="KIO plugins present a filesystem-like view of arbitrary data" |
71 |
+HOMEPAGE="https://cgit.kde.org/kio-extras.git" |
72 |
+ |
73 |
+LICENSE="GPL-2" # TODO: CHECK |
74 |
+SLOT="5" |
75 |
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" |
76 |
+IUSE="activities +man mtp nfs openexr phonon samba +sftp taglib" |
77 |
+ |
78 |
+BDEPEND=" |
79 |
+ man? ( dev-util/gperf ) |
80 |
+" |
81 |
+DEPEND=" |
82 |
+ >=kde-frameworks/karchive-${KFMIN}:5[bzip2,lzma] |
83 |
+ >=kde-frameworks/kbookmarks-${KFMIN}:5 |
84 |
+ >=kde-frameworks/kcodecs-${KFMIN}:5 |
85 |
+ >=kde-frameworks/kconfig-${KFMIN}:5 |
86 |
+ >=kde-frameworks/kconfigwidgets-${KFMIN}:5 |
87 |
+ >=kde-frameworks/kcoreaddons-${KFMIN}:5 |
88 |
+ >=kde-frameworks/kdbusaddons-${KFMIN}:5 |
89 |
+ >=kde-frameworks/kdnssd-${KFMIN}:5 |
90 |
+ >=kde-frameworks/kguiaddons-${KFMIN}:5 |
91 |
+ >=kde-frameworks/ki18n-${KFMIN}:5 |
92 |
+ >=kde-frameworks/kiconthemes-${KFMIN}:5 |
93 |
+ >=kde-frameworks/kio-${KFMIN}:5 |
94 |
+ >=kde-frameworks/kparts-${KFMIN}:5 |
95 |
+ >=kde-frameworks/kpty-${KFMIN}:5 |
96 |
+ >=kde-frameworks/kservice-${KFMIN}:5 |
97 |
+ >=kde-frameworks/kxmlgui-${KFMIN}:5 |
98 |
+ >=kde-frameworks/solid-${KFMIN}:5 |
99 |
+ >=kde-frameworks/syntax-highlighting-${KFMIN}:5 |
100 |
+ >=dev-qt/qtdbus-${QTMIN}:5 |
101 |
+ >=dev-qt/qtgui-${QTMIN}:5 |
102 |
+ >=dev-qt/qtnetwork-${QTMIN}:5 |
103 |
+ >=dev-qt/qtsvg-${QTMIN}:5 |
104 |
+ >=dev-qt/qtwidgets-${QTMIN}:5 |
105 |
+ >=dev-qt/qtxml-${QTMIN}:5 |
106 |
+ activities? ( |
107 |
+ >=kde-frameworks/kactivities-${KFMIN}:5 |
108 |
+ >=kde-frameworks/kactivities-stats-${KFMIN}:5 |
109 |
+ >=dev-qt/qtsql-${QTMIN}:5 |
110 |
+ ) |
111 |
+ mtp? ( >=media-libs/libmtp-1.1.16:= ) |
112 |
+ nfs? ( net-libs/libtirpc:= ) |
113 |
+ openexr? ( media-libs/openexr:= ) |
114 |
+ phonon? ( media-libs/phonon[qt5(+)] ) |
115 |
+ samba? ( net-fs/samba[client] ) |
116 |
+ sftp? ( net-libs/libssh:=[sftp] ) |
117 |
+ taglib? ( >=media-libs/taglib-1.11.1 ) |
118 |
+" |
119 |
+RDEPEND="${DEPEND} |
120 |
+ >=kde-frameworks/kded-${KFMIN}:5 |
121 |
+" |
122 |
+ |
123 |
+# requires running kde environment |
124 |
+RESTRICT+=" test" |
125 |
+ |
126 |
+PATCHES=( |
127 |
+ "${FILESDIR}/${P}-kio_nfs.patch" |
128 |
+ "${FILESDIR}/${P}-CVE-2020-12755.patch" # bug 722152 |
129 |
+) |
130 |
+ |
131 |
+src_configure() { |
132 |
+ local mycmakeargs=( |
133 |
+ $(cmake_use_find_package activities KF5Activities) |
134 |
+ $(cmake_use_find_package activities KF5ActivitiesStats) |
135 |
+ $(cmake_use_find_package man Gperf) |
136 |
+ $(cmake_use_find_package mtp Mtp) |
137 |
+ $(cmake_use_find_package nfs TIRPC) |
138 |
+ $(cmake_use_find_package openexr OpenEXR) |
139 |
+ $(cmake_use_find_package phonon Phonon4Qt5) |
140 |
+ $(cmake_use_find_package samba Samba) |
141 |
+ $(cmake_use_find_package sftp libssh) |
142 |
+ $(cmake_use_find_package taglib Taglib) |
143 |
+ ) |
144 |
+ |
145 |
+ ecm_src_configure |
146 |
+} |
147 |
|
148 |
diff --git a/kde-apps/kio-extras/kio-extras-20.04.0-r1.ebuild b/kde-apps/kio-extras/kio-extras-20.04.0-r1.ebuild |
149 |
new file mode 100644 |
150 |
index 00000000000..5850b2c388f |
151 |
--- /dev/null |
152 |
+++ b/kde-apps/kio-extras/kio-extras-20.04.0-r1.ebuild |
153 |
@@ -0,0 +1,97 @@ |
154 |
+# Copyright 1999-2020 Gentoo Authors |
155 |
+# Distributed under the terms of the GNU General Public License v2 |
156 |
+ |
157 |
+EAPI=7 |
158 |
+ |
159 |
+ECM_HANDBOOK="forceoptional" |
160 |
+ECM_TEST="optional" |
161 |
+KFMIN=5.69.0 |
162 |
+QTMIN=5.12.3 |
163 |
+VIRTUALX_REQUIRED="test" |
164 |
+inherit ecm kde.org |
165 |
+ |
166 |
+DESCRIPTION="KIO plugins present a filesystem-like view of arbitrary data" |
167 |
+HOMEPAGE="https://cgit.kde.org/kio-extras.git" |
168 |
+ |
169 |
+LICENSE="GPL-2" # TODO: CHECK |
170 |
+SLOT="5" |
171 |
+KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86" |
172 |
+IUSE="activities +man mtp nfs openexr phonon samba +sftp taglib X" |
173 |
+ |
174 |
+BDEPEND=" |
175 |
+ man? ( dev-util/gperf ) |
176 |
+" |
177 |
+DEPEND=" |
178 |
+ >=dev-qt/qtdbus-${QTMIN}:5 |
179 |
+ >=dev-qt/qtgui-${QTMIN}:5 |
180 |
+ >=dev-qt/qtnetwork-${QTMIN}:5 |
181 |
+ >=dev-qt/qtsvg-${QTMIN}:5 |
182 |
+ >=dev-qt/qtwidgets-${QTMIN}:5 |
183 |
+ >=dev-qt/qtxml-${QTMIN}:5 |
184 |
+ >=kde-frameworks/karchive-${KFMIN}:5[bzip2,lzma] |
185 |
+ >=kde-frameworks/kbookmarks-${KFMIN}:5 |
186 |
+ >=kde-frameworks/kcodecs-${KFMIN}:5 |
187 |
+ >=kde-frameworks/kconfig-${KFMIN}:5 |
188 |
+ >=kde-frameworks/kconfigwidgets-${KFMIN}:5 |
189 |
+ >=kde-frameworks/kcoreaddons-${KFMIN}:5 |
190 |
+ >=kde-frameworks/kdbusaddons-${KFMIN}:5 |
191 |
+ >=kde-frameworks/kdnssd-${KFMIN}:5 |
192 |
+ >=kde-frameworks/kguiaddons-${KFMIN}:5 |
193 |
+ >=kde-frameworks/ki18n-${KFMIN}:5 |
194 |
+ >=kde-frameworks/kiconthemes-${KFMIN}:5 |
195 |
+ >=kde-frameworks/kio-${KFMIN}:5 |
196 |
+ >=kde-frameworks/kparts-${KFMIN}:5 |
197 |
+ >=kde-frameworks/kpty-${KFMIN}:5 |
198 |
+ >=kde-frameworks/kservice-${KFMIN}:5 |
199 |
+ >=kde-frameworks/kxmlgui-${KFMIN}:5 |
200 |
+ >=kde-frameworks/solid-${KFMIN}:5 |
201 |
+ >=kde-frameworks/syntax-highlighting-${KFMIN}:5 |
202 |
+ activities? ( |
203 |
+ >=dev-qt/qtsql-${QTMIN}:5 |
204 |
+ >=kde-frameworks/kactivities-${KFMIN}:5 |
205 |
+ >=kde-frameworks/kactivities-stats-${KFMIN}:5 |
206 |
+ ) |
207 |
+ mtp? ( >=media-libs/libmtp-1.1.16:= ) |
208 |
+ nfs? ( net-libs/libtirpc:= ) |
209 |
+ openexr? ( media-libs/openexr:= ) |
210 |
+ phonon? ( media-libs/phonon[qt5(+)] ) |
211 |
+ samba? ( |
212 |
+ net-fs/samba[client] |
213 |
+ net-libs/kdsoap-ws-discovery-client |
214 |
+ ) |
215 |
+ sftp? ( net-libs/libssh:=[sftp] ) |
216 |
+ taglib? ( >=media-libs/taglib-1.11.1 ) |
217 |
+ X? ( |
218 |
+ x11-libs/libX11 |
219 |
+ x11-libs/libXcursor |
220 |
+ ) |
221 |
+" |
222 |
+RDEPEND="${DEPEND} |
223 |
+ >=kde-frameworks/kded-${KFMIN}:5 |
224 |
+" |
225 |
+ |
226 |
+# requires running kde environment |
227 |
+RESTRICT+=" test" |
228 |
+ |
229 |
+PATCHES=( "${FILESDIR}/${PN}-19.12.3-CVE-2020-12755.patch" ) # bug 722152 |
230 |
+ |
231 |
+src_configure() { |
232 |
+ local mycmakeargs=( |
233 |
+ $(cmake_use_find_package activities KF5Activities) |
234 |
+ $(cmake_use_find_package activities KF5ActivitiesStats) |
235 |
+ $(cmake_use_find_package man Gperf) |
236 |
+ $(cmake_use_find_package mtp Mtp) |
237 |
+ $(cmake_use_find_package nfs TIRPC) |
238 |
+ $(cmake_use_find_package openexr OpenEXR) |
239 |
+ $(cmake_use_find_package phonon Phonon4Qt5) |
240 |
+ $(cmake_use_find_package samba Samba) |
241 |
+ $(cmake_use_find_package sftp libssh) |
242 |
+ $(cmake_use_find_package taglib Taglib) |
243 |
+ $(cmake_use_find_package X X11) |
244 |
+ ) |
245 |
+ use samba && mycmakeargs+=( |
246 |
+ -DBUILD_KDSoapWSDiscoveryClient=OFF # disable bundled stuff |
247 |
+ ) |
248 |
+ |
249 |
+ ecm_src_configure |
250 |
+} |