!6 Fix CVE-2019-14744漏洞

From: @tanyulong2021 Reviewed-by: @dou33 Signed-off-by: @dou33
2021-07-08 06:12:47 +00:00 · 2021-07-08 06:12:47 +00:00 · c8db8d5f21
commit c8db8d5f21
parent e7dffb378b 1dc001c02a
2 changed files with 133 additions and 3 deletions
--- a/0001-CVE-2019-14744.patch
+++ b/0001-CVE-2019-14744.patch
@ -0,0 +1,127 @@
+From e7e85401bc4e092cd2b2d4e6a1dca2736002faa5 Mon Sep 17 00:00:00 2001
+From: tanyulong <tanyulong@kylinos.cn>
+Date: Wed, 7 Jul 2021 15:19:28 +0800
+Subject: [PATCH] CVE-2019-14744
+
+---
+ autotests/kconfigtest.cpp | 10 ++--------
+ docs/options.md           | 15 +++++----------
+ src/core/kconfig.cpp      | 37 +------------------------------------
+ 3 files changed, 8 insertions(+), 54 deletions(-)
+
+diff --git a/autotests/kconfigtest.cpp b/autotests/kconfigtest.cpp
+index 64c6223..4d97c56 100644
+--- a/autotests/kconfigtest.cpp
+++ b/autotests/kconfigtest.cpp
+@@ -38,7 +38,7 @@
+ #include <utime.h>
+ #endif
+ #ifndef Q_OS_WIN
+-#include <unistd.h> // gethostname
+#include <unistd.h> // getuid
+ #endif
+ 
+ KCONFIGGROUP_DECLARE_ENUM_QOBJECT(KConfigTest, Testing)
+@@ -545,14 +545,8 @@ void KConfigTest::testPath()
+     QCOMPARE(group.readPathEntry("withBraces", QString()), QString("file://" + HOMEPATH));
+     QVERIFY(group.hasKey("URL"));
+     QCOMPARE(group.readEntry("URL", QString()), QString("file://" + HOMEPATH));
+-#if !defined(Q_OS_WIN32) && !defined(Q_OS_MAC)
+-    // I don't know if this will work on windows
+-    // This test hangs on OS X
+     QVERIFY(group.hasKey("hostname"));
+-    char hostname[256];
+-    QVERIFY(::gethostname(hostname, sizeof(hostname)) == 0);
+-    QCOMPARE(group.readEntry("hostname", QString()), QString::fromLatin1(hostname));
+-#endif
+    QCOMPARE(group.readEntry("hostname", QString()), QStringLiteral("(hostname)")); // the $ got removed because empty var name
+     QVERIFY(group.hasKey("noeol"));
+     QCOMPARE(group.readEntry("noeol", QString()), QString("foo"));
+ 
+diff --git a/docs/options.md b/docs/options.md
+index fab22e1..8cd73f8 100644
+--- a/docs/options.md
+++ b/docs/options.md
+@@ -66,19 +66,14 @@ environment variables (and `XDG_CONFIG_HOME` in particular).
+ 
+ Shell Expansion
+ ---------------
+-
+-If an entry is marked with `$e`, environment variables and shell commands will
+-be expanded.
+-
+If an entry is marked with `$e`, environment variables will be expanded.
+   
+     Name[$e]=$USER
+-    Host[$e]=$(hostname)
+ 
+ When the "Name" entry is read `$USER` will be replaced with the value of the
+-`$USER` environment variable, and `$(hostname)` will be replaced with the output
+-of the `hostname` command.
+-
+-Note that the application will replace `$USER` and `$(hostname)` with their
+-respective expanded values after saving. To prevent this combine the `$e` option
+`$USER` environment variable.
+Note that the application will replace `$USER` with its
+expanded value after saving. To prevent this combine the `$e` option
+ with `$i` (immmutable) option.  For example:
+ 
+     Name[$ei]=$USER
+diff --git a/src/core/kconfig.cpp b/src/core/kconfig.cpp
+index bc2871c..f9a3381 100644
+--- a/src/core/kconfig.cpp
+++ b/src/core/kconfig.cpp
+@@ -28,19 +28,6 @@
+ #include <cstdlib>
+ #include <fcntl.h>
+ 
+-#ifdef _MSC_VER
+-static inline FILE *popen(const char *cmd, const char *mode)
+-{
+-    return _popen(cmd, mode);
+-}
+-static inline int pclose(FILE *stream)
+-{
+-    return _pclose(stream);
+-}
+-#else
+-#include <unistd.h>
+-#endif
+-
+ #include "kconfigbackend_p.h"
+ #include "kconfiggroup.h"
+ 
+@@ -183,29 +170,7 @@ QString KConfigPrivate::expandString(const QString &value)
+     int nDollarPos = aValue.indexOf(QLatin1Char('$'));
+     while (nDollarPos != -1 && nDollarPos + 1 < aValue.length()) {
+         // there is at least one $
+-        if (aValue[nDollarPos + 1] == QLatin1Char('(')) {
+-            int nEndPos = nDollarPos + 1;
+-            // the next character is not $
+-            while ((nEndPos <= aValue.length()) && (aValue[nEndPos] != QLatin1Char(')'))) {
+-                nEndPos++;
+-            }
+-            nEndPos++;
+-            QString cmd = aValue.mid(nDollarPos + 2, nEndPos - nDollarPos - 3);
+-
+-            QString result;
+-
+-// FIXME: wince does not have pipes
+-#ifndef _WIN32_WCE
+-            FILE *fs = popen(QFile::encodeName(cmd).data(), "r");
+-            if (fs) {
+-                QTextStream ts(fs, QIODevice::ReadOnly);
+-                result = ts.readAll().trimmed();
+-                pclose(fs);
+-            }
+-#endif
+-            aValue.replace(nDollarPos, nEndPos - nDollarPos, result);
+-            nDollarPos += result.length();
+-        } else if (aValue[nDollarPos + 1] != QLatin1Char('$')) {
+	if (aValue[nDollarPos + 1] != QLatin1Char('$')) {
+             int nEndPos = nDollarPos + 1;
+             // the next character is not $
+             QStringRef aVarName;
+-- 
+2.23.0
+
--- a/kf5-kconfig.spec
+++ b/kf5-kconfig.spec
@ -21,7 +21,7 @@

 Name:    kf5-%{framework}
 Version: 5.55.0
-Release: 1%{?dist}
+Release: 2
 Summary: KDE Frameworks 5 Tier 1 addon with advanced configuration system

 License: GPLv2+ and LGPLv2+ and MIT
@ -35,7 +35,7 @@ URL:     https://cgit.kde.org/%{framework}.git
 %global stable stable
 %endif
 Source0: http://download.kde.org/%{stable}/frameworks/%{majmin}/%{framework}-%{version}.tar.xz
-
+patch0:  0001-CVE-2019-14744.patch
 ## upstream patches

 ## upstreamable patches
@ -128,7 +128,7 @@ BuildArch: noarch

 %prep
 %autosetup -n %{framework}-%{version} -p1
-
+## %patch0 -p1

 %build

@ -215,5 +215,8 @@ make test -C %{_target_platform} ARGS="--output-on-failure --timeout 300" ||:


 %changelog
+* Wen Jul 07 2021 tanyulong<tanyulong@kylinos.cn> -5.55.0-2
+- fix kf5-kconfig project 
+
 * Thu Jul 23 2020 wangmian<wangmian@kylinos.cn> - 5.55.0-1
 - Init kf5-kconfig project