diff options
| author | David P <megver83@parabola.nu> | 2019-06-14 18:36:56 -0400 |
|---|---|---|
| committer | David P <megver83@parabola.nu> | 2019-06-14 18:36:56 -0400 |
| commit | 5f65483205a7c1c9853150db5c914d0f8515bea7 (patch) | |
| tree | b204711ce32facb861bef9fee17af009abbb6c65 | |
| parent | 35be460d7058089dc9559785b3f5e41903747e6f (diff) | |
upgpkg: pcr/kate-root 19.04.1-1
Signed-off-by: David P <megver83@parabola.nu>
| -rw-r--r-- | pcr/kate-root/0001-Defuse-root-block.patch | 54 | ||||
| -rw-r--r-- | pcr/kate-root/PKGBUILD | 49 |
2 files changed, 76 insertions, 27 deletions
diff --git a/pcr/kate-root/0001-Defuse-root-block.patch b/pcr/kate-root/0001-Defuse-root-block.patch new file mode 100644 index 000000000..948718748 --- /dev/null +++ b/pcr/kate-root/0001-Defuse-root-block.patch @@ -0,0 +1,54 @@ +From 435ed5853b9451ab8fdfff722545c57a8f154625 Mon Sep 17 00:00:00 2001 +From: Fabian Vogt <fabian@ritter-vogt.de> +Date: Sat, 18 Feb 2017 13:49:14 +0100 +Subject: [PATCH] Defuse root block + +While the main point is correct as any application running in the same +X session (not sandboxed) can use kate's capability to open a console, +we allow (even encourage) running YaST on X11 as root. +That way it's only an impact on usability. +--- + kate/main.cpp | 3 +-- + kwrite/main.cpp | 3 +-- + 2 files changed, 2 insertions(+), 4 deletions(-) + +Index: kate-19.03.60git.20181224T024634~7203979fc/kate/main.cpp +=================================================================== +--- kate-19.03.60git.20181224T024634~7203979fc.orig/kate/main.cpp 2018-12-25 09:49:15.867478873 +0100 ++++ kate-19.03.60git.20181224T024634~7203979fc/kate/main.cpp 2018-12-25 09:49:19.231424088 +0100 +@@ -61,13 +61,8 @@ + #ifndef Q_OS_WIN + // Prohibit using sudo or kdesu (but allow using the root user directly) + if (getuid() == 0) { +- if (!qEnvironmentVariableIsEmpty("SUDO_USER")) { +- std::cout << "Executing Kate with sudo is not possible due to unfixable security vulnerabilities." << std::endl; +- return EXIT_FAILURE; +- } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) { +- std::cout << "Executing Kate with kdesu is not possible due to unfixable security vulnerabilities." << std::endl; +- return EXIT_FAILURE; +- } ++ std::cout << "THIS IS POTENTIALLY INSECURE!\nTo edit files as root please use:" << std::endl; ++ std::cout << "SUDO_EDITOR=kwrite sudoedit <file>" << std::endl; + } + #endif + /** +Index: kate-19.03.60git.20181224T024634~7203979fc/kwrite/main.cpp +=================================================================== +--- kate-19.03.60git.20181224T024634~7203979fc.orig/kwrite/main.cpp 2018-12-25 09:49:19.231424088 +0100 ++++ kate-19.03.60git.20181224T024634~7203979fc/kwrite/main.cpp 2018-12-25 09:50:32.302253532 +0100 +@@ -52,13 +52,8 @@ + #ifndef Q_OS_WIN + // Prohibit using sudo or kdesu (but allow using the root user directly) + if (getuid() == 0) { +- if (!qEnvironmentVariableIsEmpty("SUDO_USER")) { +- std::cout << "Executing KWrite with sudo is not possible due to unfixable security vulnerabilities." << std::endl; +- return EXIT_FAILURE; +- } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) { +- std::cout << "Executing KWrite with kdesu is not possible due to unfixable security vulnerabilities." << std::endl; +- return EXIT_FAILURE; +- } ++ std::cout << "THIS IS POTENTIALLY INSECURE!\nTo edit files as root please use:" << std::endl; ++ std::cout << "SUDO_EDITOR=kwrite sudoedit <file>" << std::endl; + } + #endif + /** diff --git a/pcr/kate-root/PKGBUILD b/pcr/kate-root/PKGBUILD index 43d4a3258..368e9c854 100644 --- a/pcr/kate-root/PKGBUILD +++ b/pcr/kate-root/PKGBUILD @@ -4,35 +4,30 @@ # Contributor: Andrea Scarpino <andrea@archlinux.org> pkgbase=kate-root -_pkgbase=${pkgbase/-root} -pkgname=('kwrite-root' - 'kate-root') -pkgver=18.04.0 +_pkgbase=${pkgbase%-root} +pkgname=(kwrite-root kate-root) +pkgver=19.04.1 pkgrel=1 -arch=('armv7h' 'i686' 'x86_64') +arch=(armv7h i686 x86_64) license=(GPL LGPL FDL) makedepends=(extra-cmake-modules kdoctools plasma-framework knewstuff ktexteditor threadweaver kitemmodels kactivities) -source=("https://download.kde.org/stable/applications/${pkgver}/src/${_pkgbase}-${pkgver}.tar.xz"{,.sig} - "https://gitlab.com/Megver83/kdebase-root-patches/raw/master/0001-Defuse-root-block.patch"{,.sig}) -sha512sums=('2962b64a123be966017408bf02d3a92d6814ff76c759e8ea6f98e58c2cfa92086c290aea23f800dfa05ecf092c421ad7225161f757c98d409d40adce61aebc93' +source=("https://download.kde.org/stable/applications/$pkgver/src/$_pkgbase-$pkgver.tar.xz"{,.sig} + 0001-Defuse-root-block.patch) +sha512sums=('fa17365049496acdeccd70acfef1554af87b038a63c4e1dc38c6c3aaeb3ec127eed59a212fcf5488989a9e9f8cff3c71ccf00fd4081214cf51288ea2c2916077' 'SKIP' - 'a6d1a2bf6664ac72dc9c9434c64a228eb91320d405e6cd4b4dd6b24d8ff8d0675407c0e0f76e76d3e2758238f22fe00e0cd96caa9d24bd9fa39950cafdc03fa8' - 'SKIP') -validpgpkeys=('CA262C6C83DE4D2FB28A332A3A6A4DB839EAA6D7' # Albert Astals Cid <aacid@kde.org> - 'F23275E4BF10AFC1DF6914A6DBD2CE893E2D1C87' # Christoph Feck <cfeck@kde.org> - '6DB9C4B4F0D8C0DC432CF6E4227CA7C556B2BA78' # David P. -) + '01f7fd779d2e2c87ccb78e1f6014b89687b87af33831eae74864c66ed52e18d2adbb9b2803574cd8a55f7feacd24c9b1afbf3cba5b7b45b2746a36d6072894df') +validpgpkeys=(CA262C6C83DE4D2FB28A332A3A6A4DB839EAA6D7 # Albert Astals Cid <aacid@kde.org> + F23275E4BF10AFC1DF6914A6DBD2CE893E2D1C87) # Christoph Feck <cfeck@kde.org> prepare() { mkdir -p build - cd $srcdir/${_pkgbase}-${pkgver} + cd $srcdir/$_pkgbase-$pkgver patch -p1 -i $srcdir/0001-Defuse-root-block.patch } build() { cd build - cmake ../${_pkgbase}-${pkgver} \ - -DCMAKE_BUILD_TYPE=Release \ + cmake ../$_pkgbase-$pkgver \ -DCMAKE_INSTALL_PREFIX=/usr \ -DCMAKE_INSTALL_LIBDIR=lib \ -DBUILD_TESTING=OFF @@ -42,13 +37,13 @@ build() { package_kwrite-root() { pkgdesc="Text Editor, patched to be able to run as root" url="https://www.kde.org/applications/utilities/kwrite/" - depends=('ktexteditor' 'kactivities' 'hicolor-icon-theme') - replaces=('kdebase-kwrite' 'kwrite') - conflicts=('kdebase-kwrite' 'kwrite') - provides=('kdebase-kwrite' 'kwrite') + depends=(ktexteditor kactivities hicolor-icon-theme) + provides=(${pkgname%-root}) + conflicts=(${provides[@]}) + replaces=(${provides[@]}) cd build - make DESTDIR="${pkgdir}" install + make DESTDIR="$pkgdir" install find "$pkgdir" -type f -name '*kate*' -exec rm {} \; rm -r "$pkgdir"/usr/lib/qt/plugins/ktexteditor \ @@ -61,14 +56,14 @@ package_kwrite-root() { package_kate-root() { pkgdesc="Advanced Text Editor, patched to be able to run as root" url="https://www.kde.org/applications/utilities/kate/" - depends=('knewstuff' 'ktexteditor' 'threadweaver' 'kitemmodels' 'kactivities' 'hicolor-icon-theme') - replaces=('kdesdk-kate' 'kate') - conflicts=('kdesdk-kate' 'kate') - provides=('kdesdk-kate' 'kate') + depends=(knewstuff ktexteditor threadweaver kitemmodels kactivities hicolor-icon-theme) + provides=(${pkgname%-root}) + conflicts=(${provides[@]}) + replaces=(${provides[@]}) optdepends=('konsole: open a terminal in Kate') cd build - make DESTDIR="${pkgdir}" install + make DESTDIR="$pkgdir" install find "$pkgdir" -type f -name '*kwrite*' -exec rm {} \; rm -r "$pkgdir"/usr/share/doc/HTML/*/kwrite |