diff options
| author |   Andreas Sturmlechner <asturm@gentoo.org> | 2021-04-04 14:09:16 +0200 |
|---|---|---|
| committer | Andreas Sturmlechner <asturm@gentoo.org> | 2021-04-04 15:19:36 +0200 |
| commit | ee5b2b3f04e3e3ee919334c251ae26dce7e761d2 (patch) | |
| tree | 71912086b8bd90935bedfeebb5f845a19d2cbdb4 /kde-plasma/discover | |
| parent | app-office/calligra: Fix invalid CMake argument (diff) | |
| download | gentoo-ee5b2b3f04e3e3ee919334c251ae26dce7e761d2.tar.gz gentoo-ee5b2b3f04e3e3ee919334c251ae26dce7e761d2.tar.bz2 gentoo-ee5b2b3f04e3e3ee919334c251ae26dce7e761d2.zip | |
kde-plasma/discover: Fix CVE-2021-28117
See also: https://kde.org/info/security/advisory-20210310-1.txt
Bug: https://bugs.gentoo.org/777777
Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
Diffstat (limited to 'kde-plasma/discover')
| -rw-r--r-- | kde-plasma/discover/discover-5.20.5-r1.ebuild | 84 | ||||
| -rw-r--r-- | kde-plasma/discover/files/discover-5.20.5-CVE-2021-28117.patch | 28 |
2 files changed, 112 insertions, 0 deletions
diff --git a/kde-plasma/discover/discover-5.20.5-r1.ebuild b/kde-plasma/discover/discover-5.20.5-r1.ebuild new file mode 100644 index 000000000000..a6b37d443f86 --- /dev/null +++ b/kde-plasma/discover/discover-5.20.5-r1.ebuild @@ -0,0 +1,84 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +ECM_TEST="forceoptional" +KFMIN=5.74.0 +QTMIN=5.15.1 +VIRTUALX_REQUIRED="test" +inherit ecm kde.org + +DESCRIPTION="KDE Plasma resources management GUI" +HOMEPAGE="https://userbase.kde.org/Discover" + +LICENSE="GPL-2" # TODO: CHECK +SLOT="5" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +IUSE="+firmware flatpak telemetry" + +# libmarkdown (app-text/discount) only used in PackageKitBackend +DEPEND=" + >=dev-qt/qtconcurrent-${QTMIN}:5 + >=dev-qt/qtdbus-${QTMIN}:5 + >=dev-qt/qtdeclarative-${QTMIN}:5 + >=dev-qt/qtgui-${QTMIN}:5 + >=dev-qt/qtnetwork-${QTMIN}:5 + >=dev-qt/qtwidgets-${QTMIN}:5 + >=dev-qt/qtxml-${QTMIN}:5 + >=kde-frameworks/attica-${KFMIN}:5 + >=kde-frameworks/kconfig-${KFMIN}:5 + >=kde-frameworks/kconfigwidgets-${KFMIN}:5 + >=kde-frameworks/kcoreaddons-${KFMIN}:5 + >=kde-frameworks/kcrash-${KFMIN}:5 + >=kde-frameworks/kdbusaddons-${KFMIN}:5 + >=kde-frameworks/kdeclarative-${KFMIN}:5 + >=kde-frameworks/ki18n-${KFMIN}:5 + >=kde-frameworks/kio-${KFMIN}:5 + >=kde-frameworks/kirigami-${KFMIN}:5 + >=kde-frameworks/kitemmodels-${KFMIN}:5 + >=kde-frameworks/knewstuff-${KFMIN}:5 + >=kde-frameworks/knotifications-${KFMIN}:5 + >=kde-frameworks/kwidgetsaddons-${KFMIN}:5 + >=kde-frameworks/kxmlgui-${KFMIN}:5 + firmware? ( sys-apps/fwupd ) + flatpak? ( + dev-libs/appstream:= + sys-apps/flatpak + ) + telemetry? ( dev-libs/kuserfeedback:5 ) +" +RDEPEND="${DEPEND} + >=dev-qt/qtquickcontrols2-${QTMIN}:5 + >=kde-frameworks/kirigami-${KFMIN}:5 +" + +PATCHES=( "${FILESDIR}/${P}-CVE-2021-28117.patch" ) # bug 777777 + +src_prepare() { + ecm_src_prepare + # we don't need it with PackageKitBackend off + ecm_punt_bogus_dep KF5 Archive +} + +src_configure() { + local mycmakeargs=( + -DCMAKE_DISABLE_FIND_PACKAGE_packagekitqt5=ON + -DCMAKE_DISABLE_FIND_PACKAGE_Snapd=ON + -DBUILD_FlatpakBackend=$(usex flatpak) + $(cmake_use_find_package flatpak AppStreamQt) + -DBUILD_FwupdBackend=$(usex firmware) + $(cmake_use_find_package telemetry KUserFeedback) + ) + + ecm_src_configure +} + +src_test() { + # bug 686392: needs network connection + local myctestargs=( + -E "(knsbackendtest)" + ) + + ecm_src_test +} diff --git a/kde-plasma/discover/files/discover-5.20.5-CVE-2021-28117.patch b/kde-plasma/discover/files/discover-5.20.5-CVE-2021-28117.patch new file mode 100644 index 000000000000..1a2685dbc8d1 --- /dev/null +++ b/kde-plasma/discover/files/discover-5.20.5-CVE-2021-28117.patch @@ -0,0 +1,28 @@ +From 94478827aab63d2e2321f0ca9ec5553718798e60 Mon Sep 17 00:00:00 2001 +From: Aleix Pol <aleixpol@kde.org> +Date: Wed, 10 Mar 2021 21:48:53 +0100 +Subject: [PATCH] Only turn http[s] links into clickable links + +CVE-2021-28117 + +(cherry picked from commit d375031ff0262cedac7d6ee2b26d6a164ddebb67) +--- + libdiscover/backends/KNSBackend/KNSResource.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libdiscover/backends/KNSBackend/KNSResource.cpp b/libdiscover/backends/KNSBackend/KNSResource.cpp +index 4394d5df..f7670c55 100644 +--- a/libdiscover/backends/KNSBackend/KNSResource.cpp ++++ b/libdiscover/backends/KNSBackend/KNSResource.cpp +@@ -87,7 +87,7 @@ QString KNSResource::longDescription() + ret.remove(QRegularExpression(QStringLiteral("\\[\\/?[a-z]*\\]"))); + // Find anything that looks like a link (but which also is not some html + // tag value or another already) and make it a link +- static const QRegularExpression urlRegExp(QStringLiteral("(^|\\s)([-a-zA-Z0-9@:%_\\+.~#?&//=]{2,256}\\.[a-z]{2,4}\\b(\\/[-a-zA-Z0-9@:;%_\\+.~#?&//=]*)?)"), QRegularExpression::CaseInsensitiveOption); ++ static const QRegularExpression urlRegExp(QStringLiteral("(^|\\s)(http[-a-zA-Z0-9@:%_\\+.~#?&//=]{2,256}\\.[a-z]{2,4}\\b(\\/[-a-zA-Z0-9@:;%_\\+.~#?&//=]*)?)"), QRegularExpression::CaseInsensitiveOption); + ret.replace(urlRegExp, QStringLiteral("<a href=\"\\2\">\\2</a>")); + return ret; + } +-- +GitLab + |