summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Sturmlechner <asturm@gentoo.org>2019-05-16 14:57:53 +0200
committerAndreas Sturmlechner <asturm@gentoo.org>2019-05-16 16:00:18 +0200
commitceff5f1dd56de1b5a1ae444fdfbad4ed69d7c7c8 (patch)
treeae7212f3eb47b4ce2b8937b47e56eaa835429e3f /kde-frameworks/kauth
parentwww-apps/nextcloud: 16.0.1, 15.0.8, 14.0.11 bumps (diff)
downloadgentoo-ceff5f1dd56de1b5a1ae444fdfbad4ed69d7c7c8.tar.gz
gentoo-ceff5f1dd56de1b5a1ae444fdfbad4ed69d7c7c8.tar.bz2
gentoo-ceff5f1dd56de1b5a1ae444fdfbad4ed69d7c7c8.zip
kde-frameworks: Drop KDE Frameworks 5.54.0
Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> Package-Manager: Portage-2.3.62, Repoman-2.3.11
Diffstat (limited to 'kde-frameworks/kauth')
-rw-r--r--kde-frameworks/kauth/Manifest1
-rw-r--r--kde-frameworks/kauth/files/kauth-5.54.0-CVE-2019-7443.patch68
-rw-r--r--kde-frameworks/kauth/kauth-5.54.0-r1.ebuild43
3 files changed, 0 insertions, 112 deletions
diff --git a/kde-frameworks/kauth/Manifest b/kde-frameworks/kauth/Manifest
index b13401ac1ae..96d71721c89 100644
--- a/kde-frameworks/kauth/Manifest
+++ b/kde-frameworks/kauth/Manifest
@@ -1,3 +1,2 @@
-DIST kauth-5.54.0.tar.xz 84688 BLAKE2B beba564ccc64af52b772ce827b756fad493e3e4926e6bb8b7b65154bf6b7a1753a211e98dd12c67bba844412610ff08f39b9e34a0aadc6c2fc87f4a25e4090bc SHA512 f75c6f019d708409817a5b64d88033326a7d627cdee00e61280043d5cd8f65731f08d48405f50c7240f18670b25abfeea4b2af5966ebb2ee7e0f56669b5551c2
DIST kauth-5.57.0.tar.xz 85364 BLAKE2B 24eec6862a3d68e3abb7b16a2ed93d0b04484d782ecf5543092b382dc84e3935ff81073f077d3b87b68ea5fa2b95bfad4f8cc9572fbb2284ff152da3d450123e SHA512 7d5e2aee7c5f60cb1e30b1a54864ba79e61f3b79bda4c9efc8adb58b04e5723412156501583593087ca594a4348f8be7d569e2ef67747d95492b91b3c1cf5fec
DIST kauth-5.58.0.tar.xz 85388 BLAKE2B 55a02bce3c06b00c1d8cb6422550d170343934a2e339f3d358f8789bcaaf1fcc90c74cc6a5ef38a07f69a38c88af64588f88c1be957aa3cf605285279bbcee0f SHA512 7d337b4b6507dd1b35df118a5a1f9167efcec67386f85d0ed3c7f22dbb6c56fddf7ba4979c7f1c70c11b525f99a2e3e95e3a1d4f9971d8c02ce40e9664ee0cef
diff --git a/kde-frameworks/kauth/files/kauth-5.54.0-CVE-2019-7443.patch b/kde-frameworks/kauth/files/kauth-5.54.0-CVE-2019-7443.patch
deleted file mode 100644
index 5b11cd8f5e9..00000000000
--- a/kde-frameworks/kauth/files/kauth-5.54.0-CVE-2019-7443.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From fc70fb0161c1b9144d26389434d34dd135cd3f4a Mon Sep 17 00:00:00 2001
-From: Albert Astals Cid <aacid@kde.org>
-Date: Sat, 2 Feb 2019 14:35:25 +0100
-Subject: Remove support for passing gui QVariants to KAuth helpers
-
-Supporting gui variants is very dangerous since they can end up triggering
-image loading plugins which are one of the biggest vectors for crashes, which
-for very smart people mean possible code execution, which is very dangerous
-in code that is executed as root.
-
-We've checked all the KAuth helpers inside KDE git and none seems to be using
-gui variants, so we're not actually limiting anything that people wanted to do.
-
-Reviewed by security@kde.org and Aleix Pol
-
-Issue reported by Fabian Vogt
----
- src/backends/dbus/DBusHelperProxy.cpp | 9 +++++++++
- src/kauthaction.h | 2 ++
- 2 files changed, 11 insertions(+)
-
-diff --git a/src/backends/dbus/DBusHelperProxy.cpp b/src/backends/dbus/DBusHelperProxy.cpp
-index 10c14c6..8f0d336 100644
---- a/src/backends/dbus/DBusHelperProxy.cpp
-+++ b/src/backends/dbus/DBusHelperProxy.cpp
-@@ -31,6 +31,8 @@
- #include "kf5authadaptor.h"
- #include "kauthdebug.h"
-
-+extern Q_CORE_EXPORT const QMetaTypeInterface *qMetaTypeGuiHelper;
-+
- namespace KAuth
- {
-
-@@ -229,10 +231,17 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra
- return ActionReply::HelperBusyReply().serialized();
- }
-
-+ // Make sure we don't try restoring gui variants, in particular QImage/QPixmap/QIcon are super dangerous
-+ // since they end up calling the image loaders and thus are a vector for crashing → executing code
-+ auto origMetaTypeGuiHelper = qMetaTypeGuiHelper;
-+ qMetaTypeGuiHelper = nullptr;
-+
- QVariantMap args;
- QDataStream s(&arguments, QIODevice::ReadOnly);
- s >> args;
-
-+ qMetaTypeGuiHelper = origMetaTypeGuiHelper;
-+
- m_currentAction = action;
- emit remoteSignal(ActionStarted, action, QByteArray());
- QEventLoop e;
-diff --git a/src/kauthaction.h b/src/kauthaction.h
-index c67a70a..01f3ba1 100644
---- a/src/kauthaction.h
-+++ b/src/kauthaction.h
-@@ -298,6 +298,8 @@ public:
- * This method sets the variant map that the application
- * can use to pass arbitrary data to the helper when executing the action.
- *
-+ * Only non-gui variants are supported.
-+ *
- * @param arguments The new arguments map
- */
- void setArguments(const QVariantMap &arguments);
---
-cgit v1.1
-
diff --git a/kde-frameworks/kauth/kauth-5.54.0-r1.ebuild b/kde-frameworks/kauth/kauth-5.54.0-r1.ebuild
deleted file mode 100644
index 864369ed55f..00000000000
--- a/kde-frameworks/kauth/kauth-5.54.0-r1.ebuild
+++ /dev/null
@@ -1,43 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-VIRTUALX_REQUIRED="test"
-inherit kde5
-
-DESCRIPTION="Framework to let applications perform actions as a privileged user"
-LICENSE="LGPL-2.1+"
-KEYWORDS="amd64 ~arm ~arm64 x86"
-IUSE="nls +policykit"
-
-RDEPEND="
- $(add_frameworks_dep kcoreaddons)
- $(add_qt_dep qtdbus)
- $(add_qt_dep qtgui)
- $(add_qt_dep qtwidgets)
- policykit? ( sys-auth/polkit-qt[qt5(+)] )
-"
-DEPEND="${RDEPEND}
- nls? ( $(add_qt_dep linguist-tools) )
-"
-PDEPEND="policykit? ( kde-plasma/polkit-kde-agent )"
-
-PATCHES=( "${FILESDIR}/${P}-CVE-2019-7443.patch" )
-
-src_configure() {
- local mycmakeargs=(
- $(cmake-utils_use_find_package policykit PolkitQt5-1)
- )
-
- kde5_src_configure
-}
-
-src_test() {
- # KAuthHelperTest test fails, bug 654842
- local myctestargs=(
- -E "(KAuthHelperTest)"
- )
-
- kde5_src_test
-}