From 1dc001c02a79783eb25851d8c006935730b1c066 Mon Sep 17 00:00:00 2001 From: tanyulong2021 Date: Wed, 7 Jul 2021 16:28:32 +0800 Subject: [PATCH] =?UTF-8?q?Fix=20CVE-2019-14744=E6=BC=8F=E6=B4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- 0001-CVE-2019-14744.patch | 127 ++++++++++++++++++++++++++++++++++++++ kf5-kconfig.spec | 9 ++- 2 files changed, 133 insertions(+), 3 deletions(-) create mode 100644 0001-CVE-2019-14744.patch diff --git a/0001-CVE-2019-14744.patch b/0001-CVE-2019-14744.patch new file mode 100644 index 0000000..28250fb --- /dev/null +++ b/0001-CVE-2019-14744.patch @@ -0,0 +1,127 @@ +From e7e85401bc4e092cd2b2d4e6a1dca2736002faa5 Mon Sep 17 00:00:00 2001 +From: tanyulong +Date: Wed, 7 Jul 2021 15:19:28 +0800 +Subject: [PATCH] CVE-2019-14744 + +--- + autotests/kconfigtest.cpp | 10 ++-------- + docs/options.md | 15 +++++---------- + src/core/kconfig.cpp | 37 +------------------------------------ + 3 files changed, 8 insertions(+), 54 deletions(-) + +diff --git a/autotests/kconfigtest.cpp b/autotests/kconfigtest.cpp +index 64c6223..4d97c56 100644 +--- a/autotests/kconfigtest.cpp ++++ b/autotests/kconfigtest.cpp +@@ -38,7 +38,7 @@ + #include + #endif + #ifndef Q_OS_WIN +-#include // gethostname ++#include // getuid + #endif + + KCONFIGGROUP_DECLARE_ENUM_QOBJECT(KConfigTest, Testing) +@@ -545,14 +545,8 @@ void KConfigTest::testPath() + QCOMPARE(group.readPathEntry("withBraces", QString()), QString("file://" + HOMEPATH)); + QVERIFY(group.hasKey("URL")); + QCOMPARE(group.readEntry("URL", QString()), QString("file://" + HOMEPATH)); +-#if !defined(Q_OS_WIN32) && !defined(Q_OS_MAC) +- // I don't know if this will work on windows +- // This test hangs on OS X + QVERIFY(group.hasKey("hostname")); +- char hostname[256]; +- QVERIFY(::gethostname(hostname, sizeof(hostname)) == 0); +- QCOMPARE(group.readEntry("hostname", QString()), QString::fromLatin1(hostname)); +-#endif ++ QCOMPARE(group.readEntry("hostname", QString()), QStringLiteral("(hostname)")); // the $ got removed because empty var name + QVERIFY(group.hasKey("noeol")); + QCOMPARE(group.readEntry("noeol", QString()), QString("foo")); + +diff --git a/docs/options.md b/docs/options.md +index fab22e1..8cd73f8 100644 +--- a/docs/options.md ++++ b/docs/options.md +@@ -66,19 +66,14 @@ environment variables (and `XDG_CONFIG_HOME` in particular). + + Shell Expansion + --------------- +- +-If an entry is marked with `$e`, environment variables and shell commands will +-be expanded. +- ++If an entry is marked with `$e`, environment variables will be expanded. ++ + Name[$e]=$USER +- Host[$e]=$(hostname) + + When the "Name" entry is read `$USER` will be replaced with the value of the +-`$USER` environment variable, and `$(hostname)` will be replaced with the output +-of the `hostname` command. +- +-Note that the application will replace `$USER` and `$(hostname)` with their +-respective expanded values after saving. To prevent this combine the `$e` option ++`$USER` environment variable. ++Note that the application will replace `$USER` with its ++expanded value after saving. To prevent this combine the `$e` option + with `$i` (immmutable) option. For example: + + Name[$ei]=$USER +diff --git a/src/core/kconfig.cpp b/src/core/kconfig.cpp +index bc2871c..f9a3381 100644 +--- a/src/core/kconfig.cpp ++++ b/src/core/kconfig.cpp +@@ -28,19 +28,6 @@ + #include + #include + +-#ifdef _MSC_VER +-static inline FILE *popen(const char *cmd, const char *mode) +-{ +- return _popen(cmd, mode); +-} +-static inline int pclose(FILE *stream) +-{ +- return _pclose(stream); +-} +-#else +-#include +-#endif +- + #include "kconfigbackend_p.h" + #include "kconfiggroup.h" + +@@ -183,29 +170,7 @@ QString KConfigPrivate::expandString(const QString &value) + int nDollarPos = aValue.indexOf(QLatin1Char('$')); + while (nDollarPos != -1 && nDollarPos + 1 < aValue.length()) { + // there is at least one $ +- if (aValue[nDollarPos + 1] == QLatin1Char('(')) { +- int nEndPos = nDollarPos + 1; +- // the next character is not $ +- while ((nEndPos <= aValue.length()) && (aValue[nEndPos] != QLatin1Char(')'))) { +- nEndPos++; +- } +- nEndPos++; +- QString cmd = aValue.mid(nDollarPos + 2, nEndPos - nDollarPos - 3); +- +- QString result; +- +-// FIXME: wince does not have pipes +-#ifndef _WIN32_WCE +- FILE *fs = popen(QFile::encodeName(cmd).data(), "r"); +- if (fs) { +- QTextStream ts(fs, QIODevice::ReadOnly); +- result = ts.readAll().trimmed(); +- pclose(fs); +- } +-#endif +- aValue.replace(nDollarPos, nEndPos - nDollarPos, result); +- nDollarPos += result.length(); +- } else if (aValue[nDollarPos + 1] != QLatin1Char('$')) { ++ if (aValue[nDollarPos + 1] != QLatin1Char('$')) { + int nEndPos = nDollarPos + 1; + // the next character is not $ + QStringRef aVarName; +-- +2.23.0 + diff --git a/kf5-kconfig.spec b/kf5-kconfig.spec index 1609747..dfec614 100644 --- a/kf5-kconfig.spec +++ b/kf5-kconfig.spec @@ -21,7 +21,7 @@ Name: kf5-%{framework} Version: 5.55.0 -Release: 1%{?dist} +Release: 2 Summary: KDE Frameworks 5 Tier 1 addon with advanced configuration system License: GPLv2+ and LGPLv2+ and MIT @@ -35,7 +35,7 @@ URL: https://cgit.kde.org/%{framework}.git %global stable stable %endif Source0: http://download.kde.org/%{stable}/frameworks/%{majmin}/%{framework}-%{version}.tar.xz - +patch0: 0001-CVE-2019-14744.patch ## upstream patches ## upstreamable patches @@ -128,7 +128,7 @@ BuildArch: noarch %prep %autosetup -n %{framework}-%{version} -p1 - +## %patch0 -p1 %build @@ -215,5 +215,8 @@ make test -C %{_target_platform} ARGS="--output-on-failure --timeout 300" ||: %changelog +* Wen Jul 07 2021 tanyulong -5.55.0-2 +- fix kf5-kconfig project + * Thu Jul 23 2020 wangmian - 5.55.0-1 - Init kf5-kconfig project