From owner-svn-ports-all@freebsd.org  Sat Mar 11 21:42:57 2017
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id F3018D081E9;
 Sat, 11 Mar 2017 21:42:57 +0000 (UTC)
 (envelope-from rakuco@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id A5CAF1DEC;
 Sat, 11 Mar 2017 21:42:57 +0000 (UTC)
 (envelope-from rakuco@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v2BLgukw074819;
 Sat, 11 Mar 2017 21:42:56 GMT (envelope-from rakuco@FreeBSD.org)
Received: (from rakuco@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v2BLgum1074817;
 Sat, 11 Mar 2017 21:42:56 GMT (envelope-from rakuco@FreeBSD.org)
Message-Id: <201703112142.v2BLgum1074817@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: rakuco set sender to
 rakuco@FreeBSD.org using -f
From: Raphael Kubo da Costa <rakuco@FreeBSD.org>
Date: Sat, 11 Mar 2017 21:42:56 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r435966 - in head/x11/kde4-runtime: . files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Mar 2017 21:42:58 -0000

Author: rakuco
Date: Sat Mar 11 21:42:56 2017
New Revision: 435966
URL: https://svnweb.freebsd.org/changeset/ports/435966

Log:
  Add patch for CVE-2016-7787 in kdesu.
  
  MFH:		2017Q1
  Security:	41fe4724-06a2-11e7-8e3e-5453ed2e2b49

Added:
  head/x11/kde4-runtime/files/patch-kdesu_kdesu_kdesu.cpp   (contents, props changed)
Modified:
  head/x11/kde4-runtime/Makefile

Modified: head/x11/kde4-runtime/Makefile
==============================================================================
--- head/x11/kde4-runtime/Makefile	Sat Mar 11 21:42:07 2017	(r435965)
+++ head/x11/kde4-runtime/Makefile	Sat Mar 11 21:42:56 2017	(r435966)
@@ -2,7 +2,7 @@
 
 PORTNAME=	kde-runtime
 PORTVERSION=	${KDE4_VERSION}
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	x11 kde kde-kde4
 
 MAINTAINER=	kde@FreeBSD.org

Added: head/x11/kde4-runtime/files/patch-kdesu_kdesu_kdesu.cpp
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/x11/kde4-runtime/files/patch-kdesu_kdesu_kdesu.cpp	Sat Mar 11 21:42:56 2017	(r435966)
@@ -0,0 +1,27 @@
+Fix for https://www.kde.org/info/security/advisory-20160930-1.txt
+--- kdesu/kdesu/kdesu.cpp.orig	2014-10-30 23:50:20 UTC
++++ kdesu/kdesu/kdesu.cpp
+@@ -141,6 +141,10 @@ int main(int argc, char *argv[])
+     {
+         KMessageBox::sorry(0, i18n("Cannot execute command '%1'.", QString::fromLocal8Bit(command)));
+     }
++    if (result == -2)
++    {
++        KMessageBox::sorry(0, i18n("Cannot execute command '%1'. It contains invalid characters.", QString::fromLocal8Bit(command)));
++    }
+ 
+     return result;
+ }
+@@ -367,6 +371,12 @@ static int startApp()
+         kDebug() << "Don't need password!!\n";
+     }
+ 
++    for (const QChar character : QString::fromLocal8Bit(command)) {
++        if (!character.isPrint() && character.category() != QChar::Other_Surrogate) {
++            return -2;
++        }
++    }
++
+     // Start the dialog
+     QString password;
+     if (needpw)