[neon/kf6/kf6-kdbusaddons/Neon/release_jammy] debian/patches: add snap specific patch to stop env var leakage required for kde-neon-core

Fri Jul 26 11:07:27 BST 2024

Git commit a081154037f0bdb1decc9690b905cd9da4f3929a by Carlos De Maine.
Committed on 26/07/2024 at 10:07.
Pushed by carlosdem into branch 'Neon/release_jammy'.

add snap specific patch to stop env var leakage required for kde-neon-core

A  +38   -0    debian/patches/env_vars_leaking_in_snaps
A  +1    -0    debian/patches/series

https://invent.kde.org/neon/kf6/kf6-kdbusaddons/-/commit/a081154037f0bdb1decc9690b905cd9da4f3929a

diff --git a/debian/patches/env_vars_leaking_in_snaps b/debian/patches/env_vars_leaking_in_snaps
new file mode 100644
index 0000000..08da67c
--- /dev/null
+++ b/debian/patches/env_vars_leaking_in_snaps
@@ -0,0 +1,38 @@
+diff --git a/src/kupdatelaunchenvironmentjob.cpp b/src/kupdatelaunchenvironmentjob.cpp
+index 981666e51bf6d4e40f349d60e7b78770239fb18d..6af300301dab70e2273f672e74f6629aaeb89f51 100644
+--- a/src/kupdatelaunchenvironmentjob.cpp
++++ b/src/kupdatelaunchenvironmentjob.cpp
+@@ -23,6 +23,7 @@ public:
+     void monitorReply(const QDBusPendingReply<> &reply);
+ 
+     static bool isPosixName(const QString &name);
++    static bool isProcessConfinementName(const QString &name);
+     static bool isSystemdApprovedValue(const QString &value);
+ 
+     KUpdateLaunchEnvironmentJob *q;
+@@ -71,6 +72,10 @@ void KUpdateLaunchEnvironmentJob::start()
+             qCWarning(KDBUSADDONS_LOG) << "Skipping syncing of environment variable " << varName << "as name contains unsupported characters";
+             continue;
+         }
++        if (KUpdateLaunchEnvironmentJobPrivate::isProcessConfinementName(varName)) {
++            qCWarning(KDBUSADDONS_LOG) << "Skipping syncing of environment variable " << varName << "as name is related to process specific confinement";
++            continue;
++        }
+         const QString value = d->environment.value(varName);
+ 
+         // plasma-session
+@@ -137,6 +142,14 @@ bool KUpdateLaunchEnvironmentJobPrivate::isPosixName(const QString &name)
+     return !first;
+ }
+ 
++bool KUpdateLaunchEnvironmentJobPrivate::isProcessConfinementName(const QString &name)
++{
++    if (name == QStringLiteral("SNAP") || name.startsWith(QStringLiteral("SNAP_"))) {
++        return true;
++    }
++    return false;
++}
++
+ bool KUpdateLaunchEnvironmentJobPrivate::isSystemdApprovedValue(const QString &value)
+ {
+     // systemd code checks that a value contains no control characters except \n \t
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..f4454f9
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+env_vars_leaking_in_snaps
