diff options
author | Andreas Sturmlechner <asturm@gentoo.org> | 2021-04-04 14:33:55 +0200 |
---|---|---|
committer | Andreas Sturmlechner <asturm@gentoo.org> | 2021-04-04 15:19:38 +0200 |
commit | 8369a03e08c0708871944fed47f3939eca024659 (patch) | |
tree | fdd791a9b68699af4dd78791783bfa3bbd5f894c /kde-frameworks/kglobalaccel | |
parent | kde-frameworks/baloo: Drop 5.80.0 (r0) (diff) | |
download | gentoo-8369a03e08c0708871944fed47f3939eca024659.tar.gz gentoo-8369a03e08c0708871944fed47f3939eca024659.tar.bz2 gentoo-8369a03e08c0708871944fed47f3939eca024659.zip |
kde-frameworks/kglobalaccel: Don't make krunner run with root privs
Upstream commit bbec74337b3186bc258bd5adf849b89191789535
KDE-bug: https://bugs.kde.org/show_bug.cgi?id=423059
KDE-bug: https://bugs.kde.org/show_bug.cgi?id=432975
Bug: https://bugs.gentoo.org/767478
Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
Diffstat (limited to 'kde-frameworks/kglobalaccel')
-rw-r--r-- | kde-frameworks/kglobalaccel/files/kglobalaccel-5.80.0-dont-run-w-root-privs.patch | 43 | ||||
-rw-r--r-- | kde-frameworks/kglobalaccel/kglobalaccel-5.80.0-r1.ebuild | 36 |
2 files changed, 79 insertions, 0 deletions
diff --git a/kde-frameworks/kglobalaccel/files/kglobalaccel-5.80.0-dont-run-w-root-privs.patch b/kde-frameworks/kglobalaccel/files/kglobalaccel-5.80.0-dont-run-w-root-privs.patch new file mode 100644 index 000000000000..ab606eebed99 --- /dev/null +++ b/kde-frameworks/kglobalaccel/files/kglobalaccel-5.80.0-dont-run-w-root-privs.patch @@ -0,0 +1,43 @@ +From bbec74337b3186bc258bd5adf849b89191789535 Mon Sep 17 00:00:00 2001 +From: Fabian Vogt <fabian@ritter-vogt.de> +Date: Fri, 29 Jan 2021 11:31:54 +0100 +Subject: [PATCH] Don't let kglobalaccel run if KDE_SESSION_UID mismatches + +Otherwise shortcuts execute actions as the wrong user. +--- + src/runtime/main.cpp | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/runtime/main.cpp b/src/runtime/main.cpp +index d2917ad..46506b3 100644 +--- a/src/runtime/main.cpp ++++ b/src/runtime/main.cpp +@@ -10,6 +10,8 @@ + #include "kglobalacceld.h" + #include "logging_p.h" + ++#include <unistd.h> ++ + #include <KAboutData> + #include <KCrash> + #include <KDBusService> +@@ -57,6 +59,16 @@ extern "C" Q_DECL_EXPORT int main(int argc, char **argv) + return 0; + } + ++ // It's possible that kglobalaccel gets started as the wrong user by ++ // accident, e.g. kdesu dolphin leads to dbus activation. It then installs ++ // its grabs and the actions are run as the wrong user. ++ bool isUidset = false; ++ const int sessionuid = qEnvironmentVariableIntValue("KDE_SESSION_UID", &isUidset); ++ if(isUidset && static_cast<uid_t>(sessionuid) != getuid()) { ++ qCWarning(KGLOBALACCELD) << "kglobalaccel running as wrong user, exiting."; ++ return 0; ++ } ++ + KDBusService service(KDBusService::Unique); + + app.setQuitOnLastWindowClosed(false); +-- +GitLab + diff --git a/kde-frameworks/kglobalaccel/kglobalaccel-5.80.0-r1.ebuild b/kde-frameworks/kglobalaccel/kglobalaccel-5.80.0-r1.ebuild new file mode 100644 index 000000000000..4f9f131751b4 --- /dev/null +++ b/kde-frameworks/kglobalaccel/kglobalaccel-5.80.0-r1.ebuild @@ -0,0 +1,36 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PVCUT=$(ver_cut 1-2) +QTMIN=5.15.2 +VIRTUALX_REQUIRED="test" +inherit ecm kde.org + +DESCRIPTION="Framework to handle global shortcuts" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +LICENSE="LGPL-2+" +IUSE="nls" + +BDEPEND=" + nls? ( >=dev-qt/linguist-tools-${QTMIN}:5 ) +" +DEPEND=" + >=dev-qt/qtdbus-${QTMIN}:5 + >=dev-qt/qtgui-${QTMIN}:5 + >=dev-qt/qtwidgets-${QTMIN}:5 + >=dev-qt/qtx11extras-${QTMIN}:5 + =kde-frameworks/kconfig-${PVCUT}*:5 + =kde-frameworks/kcoreaddons-${PVCUT}*:5 + =kde-frameworks/kcrash-${PVCUT}*:5 + =kde-frameworks/kdbusaddons-${PVCUT}*:5 + =kde-frameworks/kwindowsystem-${PVCUT}*:5[X] + x11-libs/libxcb + x11-libs/xcb-util-keysyms +" +RDEPEND="${DEPEND}" + +PATCHES=( + "${FILESDIR}"/${P}-dont-run-w-root-privs.patch # bug 767478, KDE-bug 423059 +) |