Submitted By: Douglas R. Reno Date: 2019-08-08 Initial Package Version: 5.60.0 Origin: Upstream URL: https://cgit.kde.org/kconfig.git/commit/?id=5d3e71b1d2ecd2cb2f910036e614ffdfc895aa22 Description: Fixes CVE-2019-14744, a 0day vulnerability that allows execution of unauthorized/malicious code through .desktop and .directory files. This can be triggered by any file that Baloo indexes, as well as through a File Manager or Ark. diff -Naurp kconfig-5.60.0.orig/autotests/kconfigtest.cpp kconfig-5.60.0/autotests/kconfigtest.cpp --- kconfig-5.60.0.orig/autotests/kconfigtest.cpp 2019-07-07 13:31:29.000000000 -0500 +++ kconfig-5.60.0/autotests/kconfigtest.cpp 2019-08-08 00:18:14.862566708 -0500 @@ -38,7 +38,7 @@ #include #endif #ifndef Q_OS_WIN -#include // gethostname +#include // getuid #endif KCONFIGGROUP_DECLARE_ENUM_QOBJECT(KConfigTest, Testing) @@ -546,14 +546,8 @@ void KConfigTest::testPath() QCOMPARE(group.readPathEntry("withBraces", QString()), QString("file://" + HOMEPATH)); QVERIFY(group.hasKey("URL")); QCOMPARE(group.readEntry("URL", QString()), QString("file://" + HOMEPATH)); -#if !defined(Q_OS_WIN32) && !defined(Q_OS_MAC) - // I don't know if this will work on windows - // This test hangs on OS X QVERIFY(group.hasKey("hostname")); - char hostname[256]; - QVERIFY(::gethostname(hostname, sizeof(hostname)) == 0); - QCOMPARE(group.readEntry("hostname", QString()), QString::fromLatin1(hostname)); -#endif + QCOMPARE(group.readEntry("hostname", QString()), QStringLiteral("(hostname)")); // the $ got removed because of an empty var name QVERIFY(group.hasKey("noeol")); QCOMPARE(group.readEntry("noeol", QString()), QString("foo")); diff -Naurp kconfig-5.60.0.orig/docs/options.md kconfig-5.60.0/docs/options.md --- kconfig-5.60.0.orig/docs/options.md 2019-07-07 13:31:29.000000000 -0500 +++ kconfig-5.60.0/docs/options.md 2019-08-08 00:19:43.065462121 -0500 @@ -67,18 +67,16 @@ environment variables (and `XDG_CONFIG_H Shell Expansion --------------- -If an entry is marked with `$e`, environment variables and shell commands will -be expanded. +If an entry is marked with `$e`, environment variable will be expanded. Name[$e]=$USER Host[$e]=$(hostname) When the "Name" entry is read `$USER` will be replaced with the value of the -`$USER` environment variable, and `$(hostname)` will be replaced with the output -of the `hostname` command. +`$USER` environment variable. -Note that the application will replace `$USER` and `$(hostname)` with their -respective expanded values after saving. To prevent this combine the `$e` option +Note that the application will replace `$USER` with its +expanded values after saving. To prevent this combine the `$e` option with `$i` (immmutable) option. For example: Name[$ei]=$USER diff -Naurp kconfig-5.60.0.orig/src/core/kconfig.cpp kconfig-5.60.0/src/core/kconfig.cpp --- kconfig-5.60.0.orig/src/core/kconfig.cpp 2019-07-07 13:31:29.000000000 -0500 +++ kconfig-5.60.0/src/core/kconfig.cpp 2019-08-08 00:22:17.370555147 -0500 @@ -28,19 +28,6 @@ #include #include -#ifdef _MSC_VER -static inline FILE *popen(const char *cmd, const char *mode) -{ - return _popen(cmd, mode); -} -static inline int pclose(FILE *stream) -{ - return _pclose(stream); -} -#else -#include -#endif - #include "kconfigbackend_p.h" #include "kconfiggroup.h" @@ -183,29 +170,7 @@ QString KConfigPrivate::expandString(con int nDollarPos = aValue.indexOf(QLatin1Char('$')); while (nDollarPos != -1 && nDollarPos + 1 < aValue.length()) { // there is at least one $ - if (aValue[nDollarPos + 1] == QLatin1Char('(')) { - int nEndPos = nDollarPos + 1; - // the next character is not $ - while ((nEndPos <= aValue.length()) && (aValue[nEndPos] != QLatin1Char(')'))) { - nEndPos++; - } - nEndPos++; - QString cmd = aValue.mid(nDollarPos + 2, nEndPos - nDollarPos - 3); - - QString result; - -// FIXME: wince does not have pipes -#ifndef _WIN32_WCE - FILE *fs = popen(QFile::encodeName(cmd).data(), "r"); - if (fs) { - QTextStream ts(fs, QIODevice::ReadOnly); - result = ts.readAll().trimmed(); - pclose(fs); - } -#endif - aValue.replace(nDollarPos, nEndPos - nDollarPos, result); - nDollarPos += result.length(); - } else if (aValue[nDollarPos + 1] != QLatin1Char('$')) { + if (aValue[nDollarPos + 1] != QLatin1Char('$')) { int nEndPos = nDollarPos + 1; // the next character is not $ QStringRef aVarName;