summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Sturmlechner <asturm@gentoo.org>2020-11-25 18:50:42 +0100
committerAndreas Sturmlechner <asturm@gentoo.org>2020-11-25 19:05:14 +0100
commitddff9313f499fb608c4a27a6ce98b66917ccf1f8 (patch)
tree8400d5c42c2cd09ac09b4e5677e0108870245dbe /kde-apps/kleopatra
parentkde-apps/kldap: drop 20.04.3* (diff)
downloadgentoo-ddff9313f499fb608c4a27a6ce98b66917ccf1f8.tar.gz
gentoo-ddff9313f499fb608c4a27a6ce98b66917ccf1f8.tar.bz2
gentoo-ddff9313f499fb608c4a27a6ce98b66917ccf1f8.zip
kde-apps/kleopatra: drop 20.04.3*
Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
Diffstat (limited to 'kde-apps/kleopatra')
-rw-r--r--kde-apps/kleopatra/Manifest1
-rw-r--r--kde-apps/kleopatra/files/kleopatra-20.04.3-CVE-2020-24972.patch110
-rw-r--r--kde-apps/kleopatra/files/kleopatra-20.04.3-exec-w-double-dash.patch108
-rw-r--r--kde-apps/kleopatra/kleopatra-20.04.3-r1.ebuild60
4 files changed, 0 insertions, 279 deletions
diff --git a/kde-apps/kleopatra/Manifest b/kde-apps/kleopatra/Manifest
index 64febc194c2..7d6fee44372 100644
--- a/kde-apps/kleopatra/Manifest
+++ b/kde-apps/kleopatra/Manifest
@@ -1,2 +1 @@
-DIST kleopatra-20.04.3.tar.xz 1935784 BLAKE2B 3c64c29762c06ce196149f0e9de3ec1a3c9970e2dce03dea600b4096da2100a1138548ddbc794bd0d47852e1b6e2ff962ec38f5b245a453f4a9953c1d846b909 SHA512 b72ffb37b3116525d8a531c056a0457e6fb3257081d639fc1c175c8dd4566e4f3c0989cfc696c43c92b630b43dcad90f667a9f3496fede0121065553041c554a
DIST kleopatra-20.08.3.tar.xz 1944160 BLAKE2B 1c610913a330a04420a04e89b6760d55ed47f911f7b5830d793a8723b702eddb6748475ab44487cf7a978c1465db868251ecdee9e177e88dc7637827aa4fc67a SHA512 c3c2de5073eee0a21114d9b3b4ed335e6fd7589b28bb82494c840eb53ffe347e4bef15ec54353cac0149bbd08297d05c2c1bac3bb5279260e66131b2249f1bba
diff --git a/kde-apps/kleopatra/files/kleopatra-20.04.3-CVE-2020-24972.patch b/kde-apps/kleopatra/files/kleopatra-20.04.3-CVE-2020-24972.patch
deleted file mode 100644
index ebcbb232e08..00000000000
--- a/kde-apps/kleopatra/files/kleopatra-20.04.3-CVE-2020-24972.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From b4bd63c1739900d94c04da03045e9445a5a5f54b Mon Sep 17 00:00:00 2001
-From: Andre Heinecke <aheinecke@gnupg.org>
-Date: Tue, 7 Jul 2020 14:39:29 +0200
-Subject: [PATCH] Allow safe usage of query
-
-To allow secure usage of query and search the parameters are
-no longer parsed as value but instead of positional arguments.
-
-This allows us to register "kleoptra --query -- $1" as an
-URL handler for openpgp4fpr: without the risk of command
-line injection through an unsescaped query string.
-
-Similarly the double dash should be used for file handling
-to avoid command line injection through filenames.
----
- src/kleopatra_options.h | 19 ++++++++++++++-----
- src/kleopatraapplication.cpp | 25 ++++++++++++++-----------
- 2 files changed, 28 insertions(+), 16 deletions(-)
-
-diff --git a/src/kleopatra_options.h b/src/kleopatra_options.h
-index 661c44d7..8ce7fccf 100644
---- a/src/kleopatra_options.h
-+++ b/src/kleopatra_options.h
-@@ -79,8 +79,7 @@ static void kleopatra_options(QCommandLineParser *parser)
- << QStringLiteral("D"),
- i18n("Decrypt and/or verify file(s)"))
- << QCommandLineOption(QStringList() << QStringLiteral("search"),
-- i18n("Search for a certificate on a keyserver"),
-- QStringLiteral("search string"))
-+ i18n("Search for a certificate on a keyserver"))
- << QCommandLineOption(QStringList() << QStringLiteral("checksum"),
- i18n("Create or check a checksum file"))
- << QCommandLineOption(QStringList() << QStringLiteral("query")
-@@ -88,8 +87,7 @@ static void kleopatra_options(QCommandLineParser *parser)
- i18nc("If a certificate is already known it shows the certificate details dialog."
- "Otherwise it brings up the certificate search dialog.",
- "Show details of a local certificate or search for it on a keyserver"
-- " by fingerprint"),
-- QStringLiteral("fingerprint"))
-+ " by fingerprint"))
- << QCommandLineOption(QStringList() << QStringLiteral("gen-key"),
- i18n("Create a new key pair or certificate signing request"))
- << QCommandLineOption(QStringLiteral("parent-windowid"),
-@@ -100,8 +98,19 @@ static void kleopatra_options(QCommandLineParser *parser)
-
- parser->addOptions(options);
-
-+ /* Security note: To avoid code execution by shared library injection
-+ * through e.g. -platformpluginpath any external input should be seperated
-+ * by a double dash -- this is why query / search uses positional arguments.
-+ *
-+ * For example on Windows there is an URLhandler for openpgp4fpr:
-+ * be opened with Kleopatra's query function. And while a browser should
-+ * urlescape such a query there might be tricks to inject a quote character
-+ * and as such inject command line options for Kleopatra in an URL. */
- parser->addPositionalArgument(QStringLiteral("files"),
- i18n("File(s) to process"),
-- QStringLiteral("[files..]"));
-+ QStringLiteral("-- [files..]"));
-+ parser->addPositionalArgument(QStringLiteral("query"),
-+ i18n("String or Fingerprint for query and search"),
-+ QStringLiteral("-- [query..]"));
- }
- #endif
-diff --git a/src/kleopatraapplication.cpp b/src/kleopatraapplication.cpp
-index 989f14b4..a8c5dd08 100644
---- a/src/kleopatraapplication.cpp
-+++ b/src/kleopatraapplication.cpp
-@@ -273,13 +273,18 @@ QString KleopatraApplication::newInstance(const QCommandLineParser &parser,
-
- QStringList files;
- const QDir cwd = QDir(workingDirectory);
-- Q_FOREACH (const QString &file, parser.positionalArguments()) {
-- // We do not check that file exists here. Better handle
-- // these errors in the UI.
-- if (QFileInfo(file).isAbsolute()) {
-- files << file;
-- } else {
-- files << cwd.absoluteFilePath(file);
-+ bool queryMode = parser.isSet(QStringLiteral("query")) || parser.isSet(QStringLiteral("search"));
-+
-+ // Query and Search treat positional arguments differently, see below.
-+ if (!queryMode) {
-+ Q_FOREACH (const QString &file, parser.positionalArguments()) {
-+ // We do not check that file exists here. Better handle
-+ // these errors in the UI.
-+ if (QFileInfo(file).isAbsolute()) {
-+ files << file;
-+ } else {
-+ files << cwd.absoluteFilePath(file);
-+ }
- }
- }
-
-@@ -313,10 +318,8 @@ QString KleopatraApplication::newInstance(const QCommandLineParser &parser,
-
- // Handle openpgp4fpr URI scheme
- QString needle;
-- if (parser.isSet(QStringLiteral("search"))) {
-- needle = parser.value(QStringLiteral("search"));
-- } else if (parser.isSet(QStringLiteral("query"))) {
-- needle = parser.value(QStringLiteral("query"));
-+ if (queryMode) {
-+ needle = parser.positionalArguments().join(QLatin1Char(' '));
- }
- if (needle.startsWith(QLatin1String("openpgp4fpr:"))) {
- needle.remove(0, 12);
---
-GitLab
-
diff --git a/kde-apps/kleopatra/files/kleopatra-20.04.3-exec-w-double-dash.patch b/kde-apps/kleopatra/files/kleopatra-20.04.3-exec-w-double-dash.patch
deleted file mode 100644
index d5ba1236c2d..00000000000
--- a/kde-apps/kleopatra/files/kleopatra-20.04.3-exec-w-double-dash.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From 9abdda396818842de1d9af9a153b66a1399f7c0f Mon Sep 17 00:00:00 2001
-From: Andre Heinecke <aheinecke@gnupg.org>
-Date: Tue, 7 Jul 2020 14:46:31 +0200
-Subject: [PATCH] Add double dash for exec command for files
-
-This prevents shenannigans with file names that might
-inject command line options.
----
- src/data/kleopatra_decryptverifyfiles.desktop | 2 +-
- src/data/kleopatra_decryptverifyfolders.desktop | 2 +-
- src/data/kleopatra_import.desktop | 2 +-
- src/data/kleopatra_signencryptfiles.desktop | 8 ++++----
- src/data/kleopatra_signencryptfolders.desktop | 4 ++--
- 5 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/src/data/kleopatra_decryptverifyfiles.desktop b/src/data/kleopatra_decryptverifyfiles.desktop
-index 5f4832fe..1bd3200e 100644
---- a/src/data/kleopatra_decryptverifyfiles.desktop
-+++ b/src/data/kleopatra_decryptverifyfiles.desktop
-@@ -102,4 +102,4 @@ Name[x-test]=xxDecrypt/Verify Filexx
- Name[zh_CN]=解密/验证文件
- Name[zh_TW]=解密/檢查檔案
- Icon=kleopatra
--Exec=kleopatra --decrypt-verify %F
-+Exec=kleopatra --decrypt-verify -- %F
-diff --git a/src/data/kleopatra_decryptverifyfolders.desktop b/src/data/kleopatra_decryptverifyfolders.desktop
-index 8b6af1e2..54644c8f 100644
---- a/src/data/kleopatra_decryptverifyfolders.desktop
-+++ b/src/data/kleopatra_decryptverifyfolders.desktop
-@@ -101,4 +101,4 @@ Name[x-test]=xxDecrypt/Verify All Files In Folderxx
- Name[zh_CN]=文件夹中的全部解密/验证文件
- Name[zh_TW]=解密/檢查所有資料夾中的檔案
- Icon=kleopatra
--Exec=kleopatra --decrypt-verify %F
-+Exec=kleopatra --decrypt-verify -- %F
-diff --git a/src/data/kleopatra_import.desktop b/src/data/kleopatra_import.desktop
-index 2b886b24..8a99c81d 100644
---- a/src/data/kleopatra_import.desktop
-+++ b/src/data/kleopatra_import.desktop
-@@ -1,7 +1,7 @@
- [Desktop Entry]
- Type=Application
- Icon=kleopatra
--Exec=kleopatra --import-certificate %F
-+Exec=kleopatra --import-certificate -- %F
- MimeType=application/pkcs7-mime;application/x-x509-ca-cert;application/x-pkcs12;application/pgp-keys;
- Categories=Qt;KDE;Utility;X-KDE-Utilities-PIM;
-
-diff --git a/src/data/kleopatra_signencryptfiles.desktop b/src/data/kleopatra_signencryptfiles.desktop
-index d3ea5f98..8656bccb 100644
---- a/src/data/kleopatra_signencryptfiles.desktop
-+++ b/src/data/kleopatra_signencryptfiles.desktop
-@@ -103,7 +103,7 @@ Name[x-test]=xxSign & Encrypt Filexx
- Name[zh_CN]=签名并加密文件
- Name[zh_TW]=簽署並加密檔案
- Icon=kleopatra
--Exec=kleopatra --encrypt-sign %F
-+Exec=kleopatra --encrypt-sign -- %F
-
- [Desktop Action kleoencryptfiles]
- Name=Encrypt File
-@@ -159,7 +159,7 @@ Name[x-test]=xxEncrypt Filexx
- Name[zh_CN]=加密文件
- Name[zh_TW]=加密檔案
- Icon=kleopatra
--Exec=kleopatra --encrypt %F
-+Exec=kleopatra --encrypt -- %F
-
- [Desktop Action kleosignfilesopenpgp]
- Name=OpenPGP-Sign File
-@@ -211,7 +211,7 @@ Name[x-test]=xxOpenPGP-Sign Filexx
- Name[zh_CN]=OpenPGP 签名文件
- Name[zh_TW]=OpenPGP─簽署檔案
- Icon=kleopatra
--Exec=kleopatra --openpgp --sign %F
-+Exec=kleopatra --openpgp --sign -- %F
-
- [Desktop Action kleosignfilescms]
- Name=S/MIME-Sign File
-@@ -263,5 +263,5 @@ Name[x-test]=xxS/MIME-Sign Filexx
- Name[zh_CN]=S/MIME 签名文件
- Name[zh_TW]=S/MIME─簽署檔案
- Icon=kleopatra
--Exec=kleopatra --cms --sign %F
-+Exec=kleopatra --cms --sign -- %F
-
-diff --git a/src/data/kleopatra_signencryptfolders.desktop b/src/data/kleopatra_signencryptfolders.desktop
-index 5ef802ce..b9146d5a 100644
---- a/src/data/kleopatra_signencryptfolders.desktop
-+++ b/src/data/kleopatra_signencryptfolders.desktop
-@@ -100,7 +100,7 @@ Name[x-test]=xxArchive, Sign && Encrypt Folderxx
- Name[zh_CN]=归档、签名并加密文件夹
- Name[zh_TW]=歸檔,簽署與加密資料夾
- Icon=kleopatra
--Exec=kleopatra --encrypt-sign %F
-+Exec=kleopatra --encrypt-sign -- %F
-
- [Desktop Action kleoencryptfolder]
- Name=Archive && Encrypt Folder
-@@ -151,4 +151,4 @@ Name[x-test]=xxArchive && Encrypt Folderxx
- Name[zh_CN]=归档并加密文件夹
- Name[zh_TW]=歸檔並加密資料夾
- Icon=kleopatra
--Exec=kleopatra --encrypt %F
-+Exec=kleopatra --encrypt -- %F
---
-GitLab
-
diff --git a/kde-apps/kleopatra/kleopatra-20.04.3-r1.ebuild b/kde-apps/kleopatra/kleopatra-20.04.3-r1.ebuild
deleted file mode 100644
index e4871f71257..00000000000
--- a/kde-apps/kleopatra/kleopatra-20.04.3-r1.ebuild
+++ /dev/null
@@ -1,60 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-ECM_HANDBOOK="optional"
-ECM_TEST="forceoptional"
-PVCUT=$(ver_cut 1-3)
-KFMIN=5.70.0
-QTMIN=5.14.2
-VIRTUALX_REQUIRED="test"
-inherit ecm kde.org
-
-DESCRIPTION="Certificate manager and GUI for OpenPGP and CMS cryptography"
-HOMEPAGE="https://apps.kde.org/en/kleopatra"
-
-LICENSE="GPL-2+ handbook? ( FDL-1.2+ )"
-SLOT="5"
-KEYWORDS="amd64 arm64 x86"
-IUSE=""
-
-DEPEND="
- >=app-crypt/gpgme-1.11.1[cxx,qt5]
- dev-libs/boost:=
- dev-libs/libassuan
- dev-libs/libgpg-error
- >=dev-qt/qtdbus-${QTMIN}:5
- >=dev-qt/qtgui-${QTMIN}:5
- >=dev-qt/qtnetwork-${QTMIN}:5
- >=dev-qt/qtprintsupport-${QTMIN}:5
- >=dev-qt/qtwidgets-${QTMIN}:5
- >=kde-apps/kmime-${PVCUT}:5
- >=kde-apps/libkleo-${PVCUT}:5
- >=kde-frameworks/kcmutils-${KFMIN}:5
- >=kde-frameworks/kcodecs-${KFMIN}:5
- >=kde-frameworks/kconfig-${KFMIN}:5
- >=kde-frameworks/kconfigwidgets-${KFMIN}:5
- >=kde-frameworks/kcoreaddons-${KFMIN}:5
- >=kde-frameworks/kdbusaddons-${KFMIN}:5
- >=kde-frameworks/ki18n-${KFMIN}:5
- >=kde-frameworks/kiconthemes-${KFMIN}:5
- >=kde-frameworks/kitemmodels-${KFMIN}:5
- >=kde-frameworks/knotifications-${KFMIN}:5
- >=kde-frameworks/ktextwidgets-${KFMIN}:5
- >=kde-frameworks/kwidgetsaddons-${KFMIN}:5
- >=kde-frameworks/kwindowsystem-${KFMIN}:5
- >=kde-frameworks/kxmlgui-${KFMIN}:5
-"
-RDEPEND="${DEPEND}
- >=app-crypt/gnupg-2.1
- app-crypt/paperkey
-"
-
-# tests completely broken, bug #641720
-RESTRICT+=" test"
-
-PATCHES=(
- "${FILESDIR}/${P}-CVE-2020-24972.patch"
- "${FILESDIR}/${P}-exec-w-double-dash.patch"
-)