summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'kde-apps/kwrite')
-rw-r--r--kde-apps/kwrite/Manifest1
-rw-r--r--kde-apps/kwrite/files/kwrite-18.04.3-root-user.patch62
-rw-r--r--kde-apps/kwrite/kwrite-18.04.3.ebuild52
3 files changed, 115 insertions, 0 deletions
diff --git a/kde-apps/kwrite/Manifest b/kde-apps/kwrite/Manifest
index 590532f0bb5b..de1974b1d6ae 100644
--- a/kde-apps/kwrite/Manifest
+++ b/kde-apps/kwrite/Manifest
@@ -1,2 +1,3 @@
DIST kate-17.12.3.tar.xz 5629840 BLAKE2B 384b15a1273ec02d0d3342e761f5c1135f000d1b8485445d07ff5384ea49f60c6d4a6aaadd8371d931cbfcab190e4e5ff820021708dbc44899a01340b980e3bd SHA512 3435afb4dc643064c9e98c86e02521cec9d53fb7ad30320e686db6260e3468b3745643447172218b033dcd46e7c9f02efbd00af26ee820b928ac74f5cf62b0a6
DIST kate-18.04.2.tar.xz 5641048 BLAKE2B 7385aaf26029a6c5b1e749440f41d8ed58e936a06fff9c40ff1b37fd5724298d49d7aa92eb3bdefb2b4088a6cbe106cf6f5796e2a410c2f348c9b42492c7ac7d SHA512 2b3545ba3042f95756f7f3af2d423041107860d390ab6884b52f410adc0a66c8e9fe85e0105935258c0a68daa41c96330ca78de2aa788685daa2b51d97afea7e
+DIST kate-18.04.3.tar.xz 5639892 BLAKE2B 76b36061ec758964e3644fc3893069791e060566646eb03ce0bb6ed04c6c2707f5f48240887078e309128f09e3316ee1bb7076063a8d937d1c4ee67e1dedc906 SHA512 7a41ef21e28e275a448fa80f6d6a7890e221669343c30f946a4522e7f9b4812407ff5b168939508568ce17965fa2dea965aa63062f4fe059a2612021f877694e
diff --git a/kde-apps/kwrite/files/kwrite-18.04.3-root-user.patch b/kde-apps/kwrite/files/kwrite-18.04.3-root-user.patch
new file mode 100644
index 000000000000..5bbf2da605ea
--- /dev/null
+++ b/kde-apps/kwrite/files/kwrite-18.04.3-root-user.patch
@@ -0,0 +1,62 @@
+From bf6d5b7532968763bdc629aa90426c53500af13f Mon Sep 17 00:00:00 2001
+From: Nathaniel Graham <nate@kde.org>
+Date: Sat, 26 May 2018 14:50:24 -0600
+Subject: Re-allow running Kate and KWrite as the actual root user (but still
+ not using sudo)
+
+Summary:
+The original change (9adcebd3c2e476c8a32e9b455cc99f46b0e12a7e) to prevent sudo usage broke the use case of running KWrite or Kate while logged in as the actual `root` user with a GUI session. This is how the Kali distro is set up by default, so the original change amounted to making Kate and KWrite not launch at all on this KDE distro.
+
+This patch re-enables running as the actual root user, but keeps blocking usage via `sudo` or `kdesu`. There are no negative security implications associated with re-allowing usage via the root user, since if you're running a GUI session, you were already exposed to the original security threat and Kate and KWrite do not increase the attack surface.
+
+I have submitted a similar change for Dolphin that has been accepted (D12795), but @elvisangelaccio wants that to go in at the same time as this, to keep them in sync.
+
+BUG: 387973
+FIXED-IN: 18.08.0
+
+Test Plan:
+- Log in as normal user and run `sudo kate` or `sudo kwrite`: you get an error message.
+- Log in as normal user and run `kdesu kate` or `kdesu kwrite`: you get an error message.
+- Log in as the root user and run Kate or KWrite normally: it works.
+
+Reviewers: #kate, dhaumann, cullmann, #ktexteditor
+
+Reviewed By: #kate, dhaumann, #ktexteditor
+
+Subscribers: kwrite-devel, elvisangelaccio
+
+Tags: #kate
+
+Differential Revision: https://phabricator.kde.org/D13138
+---
+ kwrite/main.cpp | 14 ++++++++------
+ 2 files changed, 16 insertions(+), 12 deletions(-)
+
+diff --git a/kwrite/main.cpp b/kwrite/main.cpp
+index 62f4f2d..d3f3ca9 100644
+--- a/kwrite/main.cpp
++++ b/kwrite/main.cpp
+@@ -50,13 +50,15 @@
+ extern "C" Q_DECL_EXPORT int main(int argc, char **argv)
+ {
+ #ifndef Q_OS_WIN
+- /**
+- * Check whether we are running as root
+- **/
++ // Prohibit using sudo or kdesu (but allow using the root user directly)
+ if (getuid() == 0) {
+- std::cout << "Executing KWrite as root is not possible. To edit files as root use:" << std::endl;
+- std::cout << "SUDO_EDITOR=kwrite sudoedit <file>" << std::endl;
+- return 0;
++ if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
++ std::cout << "Executing Kate with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
++ return EXIT_FAILURE;
++ } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
++ std::cout << "Executing Kate with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
++ return EXIT_FAILURE;
++ }
+ }
+ #endif
+ /**
+--
+cgit v0.11.2
diff --git a/kde-apps/kwrite/kwrite-18.04.3.ebuild b/kde-apps/kwrite/kwrite-18.04.3.ebuild
new file mode 100644
index 000000000000..c9b017598b83
--- /dev/null
+++ b/kde-apps/kwrite/kwrite-18.04.3.ebuild
@@ -0,0 +1,52 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+KMNAME="kate"
+KDE_HANDBOOK="optional"
+inherit kde5
+
+DESCRIPTION="KDE simple text editor"
+HOMEPAGE="https://www.kde.org/applications/utilities/kwrite"
+KEYWORDS="~amd64 ~x86"
+
+DEPEND="
+ $(add_frameworks_dep kactivities)
+ $(add_frameworks_dep kconfig)
+ $(add_frameworks_dep kconfigwidgets)
+ $(add_frameworks_dep kcoreaddons)
+ $(add_frameworks_dep kcrash)
+ $(add_frameworks_dep kdbusaddons)
+ $(add_frameworks_dep ki18n)
+ $(add_frameworks_dep kio)
+ $(add_frameworks_dep kjobwidgets)
+ $(add_frameworks_dep kparts)
+ $(add_frameworks_dep ktexteditor)
+ $(add_frameworks_dep kwidgetsaddons)
+ $(add_frameworks_dep kxmlgui)
+ $(add_qt_dep qtgui)
+ $(add_qt_dep qtwidgets)
+"
+RDEPEND="${DEPEND}"
+
+PATCHES=( "${FILESDIR}/${PN}-18.04.3-root-user.patch" )
+
+src_prepare() {
+ kde5_src_prepare
+ # delete colliding kate translations
+ if [[ ${KDE_BUILD_TYPE} = release ]]; then
+ find po -type f -name "*po" -and -not -name "kwrite*" -delete || die
+ rm -rf po/*/docs/kate* || die
+ fi
+}
+
+src_configure() {
+ local mycmakeargs=(
+ -DBUILD_addons=FALSE
+ -DBUILD_kate=FALSE
+ )
+ use handbook && mycmakeargs+=( -DBUILD_katepart=FALSE )
+
+ kde5_src_configure
+}