[neon/kde/ktexteditor/Neon/release] debian/patches: CVE-2022-23853
Jonathan Esk-Riddell
null at kde.org
Mon Jan 31 15:24:12 GMT 2022
Git commit 7c0560220bcd9907a068c20bf56eb279606bb805 by Jonathan Esk-Riddell.
Committed on 31/01/2022 at 15:24.
Pushed by jriddell into branch 'Neon/release'.
CVE-2022-23853
A +89 -0 debian/patches/804e49444c093fe58ec0df2ab436565e50dc147e.diff
A +42 -0 debian/patches/c80f935c345de2e2fb10635202800839ca9697bf.diff
M +2 -0 debian/patches/series
https://invent.kde.org/neon/kde/ktexteditor/commit/7c0560220bcd9907a068c20bf56eb279606bb805
diff --git a/debian/patches/804e49444c093fe58ec0df2ab436565e50dc147e.diff b/debian/patches/804e49444c093fe58ec0df2ab436565e50dc147e.diff
new file mode 100644
index 0000000..63e5f30
--- /dev/null
+++ b/debian/patches/804e49444c093fe58ec0df2ab436565e50dc147e.diff
@@ -0,0 +1,89 @@
+diff --git a/src/document/katedocument.cpp b/src/document/katedocument.cpp
+index 01f74da1e6e51e4e386cedfc3c9631ebbbcfa14c..05d0e91b6ed965f6d10fd96ee01dd19bc75fcc8e 100644
+--- a/src/document/katedocument.cpp
++++ b/src/document/katedocument.cpp
+@@ -72,6 +72,7 @@
+ #include <QMimeDatabase>
+ #include <QProcess>
+ #include <QRegularExpression>
++#include <QStandardPaths>
+ #include <QTemporaryFile>
+ #include <QTextCodec>
+ #include <QTextStream>
+@@ -5054,18 +5055,22 @@ void KTextEditor::DocumentPrivate::slotDelayedHandleModOnHd()
+ // skip that, if document is modified!
+ // only do that, if the file is still there, else reload makes no sense!
+ if (m_modOnHd && !isModified() && QFile::exists(url().toLocalFile())) {
+- QProcess git;
+- const QStringList args{QStringLiteral("cat-file"), QStringLiteral("-e"), QString::fromUtf8(oldDigest)};
+- git.start(QStringLiteral("git"), args);
+- if (git.waitForStarted()) {
+- git.closeWriteChannel();
+- if (git.waitForFinished()) {
+- if (git.exitCode() == 0) {
+- // this hash exists still in git => just reload
+- m_modOnHd = false;
+- m_modOnHdReason = OnDiskUnmodified;
+- m_prevModOnHdReason = OnDiskUnmodified;
+- documentReload();
++ // we only want to use git from PATH, cache this
++ static const QString fullGitPath = QStandardPaths::findExecutable(QStringLiteral("git"));
++ if (!fullGitPath.isEmpty()) {
++ QProcess git;
++ const QStringList args{QStringLiteral("cat-file"), QStringLiteral("-e"), QString::fromUtf8(oldDigest)};
++ git.start(fullGitPath, args);
++ if (git.waitForStarted()) {
++ git.closeWriteChannel();
++ if (git.waitForFinished()) {
++ if (git.exitCode() == 0) {
++ // this hash exists still in git => just reload
++ m_modOnHd = false;
++ m_modOnHdReason = OnDiskUnmodified;
++ m_prevModOnHdReason = OnDiskUnmodified;
++ documentReload();
++ }
+ }
+ }
+ }
+diff --git a/src/swapfile/kateswapdiffcreator.cpp b/src/swapfile/kateswapdiffcreator.cpp
+index 5c515c45e42170be050ce5984fd9f50561d91fdf..a185123acd0d94cfef18e7e28137db677bf03151 100644
+--- a/src/swapfile/kateswapdiffcreator.cpp
++++ b/src/swapfile/kateswapdiffcreator.cpp
+@@ -14,6 +14,7 @@
+ #include <KMessageBox>
+
+ #include <QDir>
++#include <QStandardPaths>
+ #include <QTextCodec>
+
+ // BEGIN SwapDiffCreator
+@@ -85,17 +86,25 @@ void SwapDiffCreator::viewDiff()
+ connect(&m_proc, &QProcess::readyRead, this, &SwapDiffCreator::slotDataAvailable, Qt::UniqueConnection);
+ connect(&m_proc, &QProcess::finished, this, &SwapDiffCreator::slotDiffFinished, Qt::UniqueConnection);
+
+- // try to start diff process, if we can't be started be done with error
+- m_proc.start(QStringLiteral("diff"), QStringList() << QStringLiteral("-u") << m_originalFile.fileName() << m_recoveredFile.fileName());
+- if (!m_proc.waitForStarted()) {
++ // use diff from PATH only => inform if not found at all
++ const QString fullDiffPath = QStandardPaths::findExecutable(QStringLiteral("diff"));
++ if (fullDiffPath.isEmpty()) {
+ KMessageBox::sorry(nullptr,
+- i18n("The diff command could not be started. Please make sure that "
++ i18n("The diff command could not be found. Please make sure that "
+ "diff(1) is installed and in your PATH."),
+ i18n("Error Creating Diff"));
+ deleteLater();
+ return;
+ }
+
++ // try to start the diff program, might fail, too
++ m_proc.start(fullDiffPath, QStringList() << QStringLiteral("-u") << m_originalFile.fileName() << m_recoveredFile.fileName());
++ if (!m_proc.waitForStarted()) {
++ KMessageBox::sorry(nullptr, i18n("The diff command '%1' could not be started.").arg(fullDiffPath), i18n("Error Creating Diff"));
++ deleteLater();
++ return;
++ }
++
+ // process is up and running, we can write data to it
+ QTextStream ts(&m_proc);
+ int lineCount = recoverDoc.lines();
diff --git a/debian/patches/c80f935c345de2e2fb10635202800839ca9697bf.diff b/debian/patches/c80f935c345de2e2fb10635202800839ca9697bf.diff
new file mode 100644
index 0000000..5785af4
--- /dev/null
+++ b/debian/patches/c80f935c345de2e2fb10635202800839ca9697bf.diff
@@ -0,0 +1,42 @@
+diff --git a/src/dialogs/katedialogs.cpp b/src/dialogs/katedialogs.cpp
+index 5b949f368a33fef371ddfcd85c8e25ebf8850158..63a58aeec57f43955f012bcea2bf8037176459fb 100644
+--- a/src/dialogs/katedialogs.cpp
++++ b/src/dialogs/katedialogs.cpp
+@@ -1317,6 +1317,7 @@ KateModOnHdPrompt::KateModOnHdPrompt(KTextEditor::DocumentPrivate *doc, KTextEdi
+ : QObject(doc)
+ , m_doc(doc)
+ , m_modtype(modtype)
++ , m_fullDiffPath(QStandardPaths::findExecutable(QStringLiteral("diff")))
+ , m_proc(nullptr)
+ , m_diffFile(nullptr)
+ , m_diffAction(nullptr)
+@@ -1334,7 +1335,7 @@ KateModOnHdPrompt::KateModOnHdPrompt(KTextEditor::DocumentPrivate *doc, KTextEdi
+ m_message->addAction(aAutoReload, false);
+ connect(aAutoReload, &QAction::triggered, this, &KateModOnHdPrompt::autoReloadTriggered);
+
+- if (!QStandardPaths::findExecutable(QStringLiteral("diff")).isEmpty()) {
++ if (!m_fullDiffPath.isEmpty()) {
+ m_diffAction = new QAction(i18n("View &Difference"), this);
+ m_diffAction->setIcon(QIcon::fromTheme(QStringLiteral("document-multiple")));
+ m_diffAction->setToolTip(i18n("Shows a diff of the changes"));
+@@ -1394,7 +1395,7 @@ void KateModOnHdPrompt::slotDiff()
+ // Start a KProcess that creates a diff
+ m_proc = new KProcess(this);
+ m_proc->setOutputChannelMode(KProcess::MergedChannels);
+- *m_proc << QStringLiteral("diff") << QStringLiteral("-u") << QStringLiteral("-") << m_doc->url().toLocalFile();
++ *m_proc << m_fullDiffPath << QStringLiteral("-u") << QStringLiteral("-") << m_doc->url().toLocalFile();
+ connect(m_proc, &KProcess::readyRead, this, &KateModOnHdPrompt::slotDataAvailable);
+ connect(m_proc, &KProcess::finished, this, &KateModOnHdPrompt::slotPDone);
+
+diff --git a/src/dialogs/katedialogs.h b/src/dialogs/katedialogs.h
+index 80b611d9fbd2f584840736f5822cb2612938ccba..e5574023e4c635e84bc583c7c7e612f594bd2c8b 100644
+--- a/src/dialogs/katedialogs.h
++++ b/src/dialogs/katedialogs.h
+@@ -376,6 +376,7 @@ private:
+ KTextEditor::DocumentPrivate *m_doc;
+ QPointer<KTextEditor::Message> m_message;
+ KTextEditor::ModificationInterface::ModifiedOnDiskReason m_modtype;
++ QString m_fullDiffPath;
+ KProcess *m_proc;
+ QTemporaryFile *m_diffFile;
+ QAction *m_diffAction;
diff --git a/debian/patches/series b/debian/patches/series
index 8178381..6fcb7b5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,3 @@
Use-the-underscore.js-available-in-libraries.patch
+c80f935c345de2e2fb10635202800839ca9697bf.diff
+804e49444c093fe58ec0df2ab436565e50dc147e.diff
More information about the Neon-commits
mailing list