rpms
/
plasma-workspace
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pull in upstream fix for sanitized user environment (#1754395)

Browse Source
epel9
Rex Dieter 4 years ago
parent 428be718dc
commit 04515cb09c
3 changed files with 74 additions and 46 deletions
Show Stats Download Patch File Download Diff File

68
0416-libkworkspace-Only-update-env-vars-with-alphanumeric.patch
Unescape View File

@ -0,0 +1,68 @@
From 10780187f57ab6e68fa08386321f2d0274b951df Mon Sep 17 00:00:00 2001
From: Jonas Lundholm Bertelsen <drixi.b@gmail.com>
Date: Wed, 13 Jan 2021 01:29:44 +0100
Subject: [PATCH 416/419] [libkworkspace] Only update env vars with
alphanumeric_ names
It gives issues with systemd to try and pass it env var names with eg.
'%' in them. That to such a degree that if invalid names are passed,
none are set [1]. This change ensures compatibility by skipping any
non-alphanumerical (and _) variable names.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1754395
---
libkworkspace/updatelaunchenvjob.cpp | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/libkworkspace/updatelaunchenvjob.cpp b/libkworkspace/updatelaunchenvjob.cpp
index f01a4c144..b7e124c71 100644
--- a/libkworkspace/updatelaunchenvjob.cpp
+++ b/libkworkspace/updatelaunchenvjob.cpp
@@ -28,6 +28,7 @@ public:
explicit Private(UpdateLaunchEnvJob *q);
void monitorReply(const QDBusPendingReply<> &reply);
+ static bool isPosixName(const QString &name);
static bool isSystemdApprovedValue(const QString &value);
UpdateLaunchEnvJob *q;
@@ -82,6 +83,10 @@ void UpdateLaunchEnvJob::start()
QStringList systemdUpdates;
for (const auto &varName : d->environment.keys()) {
+ if (!Private::isPosixName(varName)){
+ qWarning() << "Skipping syncing of environment variable " << varName << "as name contains unsupported characters";
+ continue;
+ }
const QString value = d->environment.value(varName);
// KLauncher
@@ -136,6 +141,25 @@ void UpdateLaunchEnvJob::start()
d->monitorReply(systemdActivationReply);
}
+bool UpdateLaunchEnvJob::Private::isPosixName(const QString &name)
+{
+ // Posix says characters like % should be 'tolerated', but it gives issues in practice.
+ // https://bugzilla.redhat.com/show_bug.cgi?id=1754395
+ // https://bugzilla.redhat.com/show_bug.cgi?id=1879216
+ // Ensure systemd compat by only allowing alphanumerics and _ in names.
+ bool first = true;
+ for (const QChar c : name) {
+ if (first && !c.isLetter() && c != QChar('_')) {
+ return false;
+ } else if (first) {
+ first = false;
+ } else if (!c.isLetterOrNumber() && c != QChar('_')) {
+ return false;
+ }
+ }
+ return !first;
+}
+
bool UpdateLaunchEnvJob::Private::isSystemdApprovedValue(const QString &value)
{
// systemd code checks that a value contains no control characters except \n \t
--
2.29.2

42
plasma-workspace-5.18.4.1-filter-environment-v2.patch
Unescape View File

@ -1,42 +0,0 @@
diff -r -U3 plasma-workspace-5.18.4.1.orig/startkde/startplasma.cpp plasma-workspace-5.18.4.1/startkde/startplasma.cpp
--- plasma-workspace-5.18.4.1.orig/startkde/startplasma.cpp 2020-03-31 17:33:37.000000000 +0300
+++ plasma-workspace-5.18.4.1/startkde/startplasma.cpp 2020-04-03 20:43:32.178541309 +0300
@@ -28,6 +28,9 @@
#include <QDBusConnectionInterface>
#include <QDBusServiceWatcher>
+#include <QRegularExpression>
+#include <QProcessEnvironment>
+
#include <KConfig>
#include <KConfigGroup>
@@ -64,8 +66,26 @@
int runSync(const QString& program, const QStringList &args, const QStringList &env)
{
QProcess p;
- if (!env.isEmpty())
- p.setEnvironment(QProcess::systemEnvironment() << env);
+ auto pEnv = QProcessEnvironment::systemEnvironment();
+ if (!env.isEmpty()) {
+ for (const auto &value : env) {
+ int pos = value.indexOf(QStringLiteral("="));
+ if (pos != -1) {
+ pEnv.insert(value.left(pos), value.mid(pos+1));
+ }
+ }
+ }
+ if (program.endsWith(QStringLiteral("dbus-update-activation-environment"))) {
+ const QRegularExpression re(QStringLiteral("[^A-Z0-9_]"));
+ for (const auto &key : pEnv.keys()) {
+ const auto match = re.match(key);
+ if (match.hasMatch()) {
+ pEnv.remove(key);
+ qInfo() << "program:" << program << "environment variable removed:" << key;
+ }
+ }
+ }
+ p.setProcessEnvironment(pEnv);
p.setProcessChannelMode(QProcess::ForwardedChannels);
p.start(program, args);
// qDebug() << "started..." << program << args;

10
plasma-workspace.spec
Unescape View File

@ -16,7 +16,7 @@
Name: plasma-workspace Name: plasma-workspace
Summary: Plasma workspace, applications and applets Summary: Plasma workspace, applications and applets
Version: 5.20.5 Version: 5.20.5
Release: 2%{?dist} Release: 3%{?dist}
License: GPLv2+ License: GPLv2+
URL: https://cgit.kde.org/%{name}.git URL: https://cgit.kde.org/%{name}.git
@ -51,14 +51,13 @@ Patch101: plasma-workspace-5.3.0-set-fedora-default-look-and-feel.patch
# and example, # and example,
# https://github.com/notmart/artwork-lnf-netrunner-core/blob/master/usr/share/plasma/look-and-feel/org.kde.netrunner-core.desktop/contents/defaults # https://github.com/notmart/artwork-lnf-netrunner-core/blob/master/usr/share/plasma/look-and-feel/org.kde.netrunner-core.desktop/contents/defaults
Patch105: plasma-workspace-5.7.3-folderview_layout.patch Patch105: plasma-workspace-5.7.3-folderview_layout.patch
# workaround https://bugzilla.redhat.com/show_bug.cgi?id=1754395
Patch106: plasma-workspace-5.18.4.1-filter-environment-v2.patch
## upstreamable Patches ## upstreamable Patches
## upstream Patches lookaside cache ## upstream Patches lookaside cache
## upstream Patches (master branch) ## upstream Patches (master branch)
Patch416: 0416-libkworkspace-Only-update-env-vars-with-alphanumeric.patch
# udev # udev
BuildRequires: zlib-devel BuildRequires: zlib-devel
@ -404,6 +403,7 @@ BuildArch: noarch
%setup -q -a 20 %setup -q -a 20
## upstream patches ## upstream patches
%patch416 -p1 -b 0416
%patch100 -p1 -b .konsole-in-contextmenu %patch100 -p1 -b .konsole-in-contextmenu
# FIXME/TODO: it is unclear whether this is needed or even a good idea anymore -- rex # FIXME/TODO: it is unclear whether this is needed or even a good idea anymore -- rex
@ -413,7 +413,6 @@ sed -i -e "s|@DEFAULT_LOOKANDFEEL@|%{?default_lookandfeel}%{!?default_lookandfee
shell/packageplugins/lookandfeel/lookandfeel.cpp shell/packageplugins/lookandfeel/lookandfeel.cpp
%endif %endif
%patch105 -p1 %patch105 -p1
%patch106 -p1 -b .bz1754395
%if 0%{?fedora} %if 0%{?fedora}
cp -a lookandfeel lookandfeel-fedora cp -a lookandfeel lookandfeel-fedora
@ -701,6 +700,9 @@ desktop-file-validate %{buildroot}%{_kf5_datadir}/applications/org.kde.{klipper,
%changelog %changelog
* Thu Jan 14 2021 Rex Dieter <rdieter@fedoraproject.org> - 5.20.5-3
- pull in upstream fix for sanitized user environment (#1754395)
* Thu Jan 14 10:43:00 CET 2021 Jan Grulich <jgrulich@redhat.com> - 5.20.5-2 * Thu Jan 14 10:43:00 CET 2021 Jan Grulich <jgrulich@redhat.com> - 5.20.5-2
- Rebuild (gpsd) - Rebuild (gpsd)

Write Preview
Loading…
Cancel
Save