From 8369a03e08c0708871944fed47f3939eca024659 Mon Sep 17 00:00:00 2001 From: Andreas Sturmlechner Date: Sun, 4 Apr 2021 14:33:55 +0200 Subject: kde-frameworks/kglobalaccel: Don't make krunner run with root privs Upstream commit bbec74337b3186bc258bd5adf849b89191789535 KDE-bug: https://bugs.kde.org/show_bug.cgi?id=423059 KDE-bug: https://bugs.kde.org/show_bug.cgi?id=432975 Bug: https://bugs.gentoo.org/767478 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner --- ...kglobalaccel-5.80.0-dont-run-w-root-privs.patch | 43 ++++++++++++++++++++++ .../kglobalaccel/kglobalaccel-5.80.0-r1.ebuild | 36 ++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 kde-frameworks/kglobalaccel/files/kglobalaccel-5.80.0-dont-run-w-root-privs.patch create mode 100644 kde-frameworks/kglobalaccel/kglobalaccel-5.80.0-r1.ebuild (limited to 'kde-frameworks') diff --git a/kde-frameworks/kglobalaccel/files/kglobalaccel-5.80.0-dont-run-w-root-privs.patch b/kde-frameworks/kglobalaccel/files/kglobalaccel-5.80.0-dont-run-w-root-privs.patch new file mode 100644 index 000000000000..ab606eebed99 --- /dev/null +++ b/kde-frameworks/kglobalaccel/files/kglobalaccel-5.80.0-dont-run-w-root-privs.patch @@ -0,0 +1,43 @@ +From bbec74337b3186bc258bd5adf849b89191789535 Mon Sep 17 00:00:00 2001 +From: Fabian Vogt +Date: Fri, 29 Jan 2021 11:31:54 +0100 +Subject: [PATCH] Don't let kglobalaccel run if KDE_SESSION_UID mismatches + +Otherwise shortcuts execute actions as the wrong user. +--- + src/runtime/main.cpp | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/runtime/main.cpp b/src/runtime/main.cpp +index d2917ad..46506b3 100644 +--- a/src/runtime/main.cpp ++++ b/src/runtime/main.cpp +@@ -10,6 +10,8 @@ + #include "kglobalacceld.h" + #include "logging_p.h" + ++#include ++ + #include + #include + #include +@@ -57,6 +59,16 @@ extern "C" Q_DECL_EXPORT int main(int argc, char **argv) + return 0; + } + ++ // It's possible that kglobalaccel gets started as the wrong user by ++ // accident, e.g. kdesu dolphin leads to dbus activation. It then installs ++ // its grabs and the actions are run as the wrong user. ++ bool isUidset = false; ++ const int sessionuid = qEnvironmentVariableIntValue("KDE_SESSION_UID", &isUidset); ++ if(isUidset && static_cast(sessionuid) != getuid()) { ++ qCWarning(KGLOBALACCELD) << "kglobalaccel running as wrong user, exiting."; ++ return 0; ++ } ++ + KDBusService service(KDBusService::Unique); + + app.setQuitOnLastWindowClosed(false); +-- +GitLab + diff --git a/kde-frameworks/kglobalaccel/kglobalaccel-5.80.0-r1.ebuild b/kde-frameworks/kglobalaccel/kglobalaccel-5.80.0-r1.ebuild new file mode 100644 index 000000000000..4f9f131751b4 --- /dev/null +++ b/kde-frameworks/kglobalaccel/kglobalaccel-5.80.0-r1.ebuild @@ -0,0 +1,36 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PVCUT=$(ver_cut 1-2) +QTMIN=5.15.2 +VIRTUALX_REQUIRED="test" +inherit ecm kde.org + +DESCRIPTION="Framework to handle global shortcuts" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +LICENSE="LGPL-2+" +IUSE="nls" + +BDEPEND=" + nls? ( >=dev-qt/linguist-tools-${QTMIN}:5 ) +" +DEPEND=" + >=dev-qt/qtdbus-${QTMIN}:5 + >=dev-qt/qtgui-${QTMIN}:5 + >=dev-qt/qtwidgets-${QTMIN}:5 + >=dev-qt/qtx11extras-${QTMIN}:5 + =kde-frameworks/kconfig-${PVCUT}*:5 + =kde-frameworks/kcoreaddons-${PVCUT}*:5 + =kde-frameworks/kcrash-${PVCUT}*:5 + =kde-frameworks/kdbusaddons-${PVCUT}*:5 + =kde-frameworks/kwindowsystem-${PVCUT}*:5[X] + x11-libs/libxcb + x11-libs/xcb-util-keysyms +" +RDEPEND="${DEPEND}" + +PATCHES=( + "${FILESDIR}"/${P}-dont-run-w-root-privs.patch # bug 767478, KDE-bug 423059 +) -- cgit v1.2.3-18-g5258