lxde-base/menu-cache: fix against CVE-2017-8933.

Package-Manager: Portage-2.3.13, Repoman-2.3.3
Bug: https://bugs.gentoo.org/618620
Closes: https://github.com/gentoo/gentoo/pull/5355

2 files changed, 144 insertions, 0 deletions

diff --git a/lxde-base/menu-cache/files/menu-cache-1.0.2-CVE-2017-8933.patch b/lxde-base/menu-cache/files/menu-cache-1.0.2-CVE-2017-8933.patch
new file mode 100644
index 000000000000..89ce5c501b0b
--- /dev/null
+++ b/lxde-base/menu-cache/files/menu-cache-1.0.2-CVE-2017-8933.patch
@@ -0,0 +1,122 @@
+diff --git a/NEWS b/NEWS
+index dcc572a..6177e9d 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,3 +1,12 @@
++* Fixed crash with invalid <Name> tag in a menu.
++
++* Added new API menu_cache_app_get_generic_name() to get generic
++    name for application.
++
++* Fixed potential access violation, use runtime user dir instead of tmp dir.
++    It limits libmenu-cache compatibility to menu-cached >= 0.7.0.
++
++
+ Changes in 1.0.2 since 1.0.1:
+ 
+ * Fixed crash in menu-cached if cache regeneration fails.
+diff --git a/libmenu-cache/menu-cache.c b/libmenu-cache/menu-cache.c
+index 3bc9cfc..d914127 100644
+--- a/libmenu-cache/menu-cache.c
++++ b/libmenu-cache/menu-cache.c
+@@ -3,7 +3,7 @@
+  *
+  *      Copyright 2008 PCMan <pcman.tw@gmail.com>
+  *      Copyright 2009 Jürgen Hötzel <juergen@archlinux.org>
+- *      Copyright 2012-2015 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua>
++ *      Copyright 2012-2017 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua>
+  *
+  *      This library is free software; you can redistribute it and/or
+  *      modify it under the terms of the GNU Lesser General Public
+@@ -1234,6 +1234,22 @@ gboolean menu_cache_dir_is_visible(MenuCacheDir *dir)
+ }
+ 
+ /**
++ * menu_cache_app_get_generic_name
++ * @app: a menu cache item
++ *
++ * Retrieves generic name for @app. Returned data are owned by menu
++ * cache and should not be freed by caller.
++ *
++ * Returns: (transfer none): app's generic name or %NULL.
++ *
++ * Since: 1.0.3
++ */
++const char* menu_cache_app_get_generic_name( MenuCacheApp* app )
++{
++	return app->generic_name;
++}
++
++/**
+  * menu_cache_app_get_exec
+  * @app: a menu cache item
+  *
+@@ -1522,8 +1538,13 @@ static void get_socket_name( char* buf, int len )
+         if(*p)
+             *p = '\0';
+     }
++#if GLIB_CHECK_VERSION(2, 28, 0)
++    g_snprintf( buf, len, "%s/menu-cached-%s", g_get_user_runtime_dir(),
++                dpy ? dpy : ":0" );
++#else
+     g_snprintf( buf, len, "%s/.menu-cached-%s-%s", g_get_tmp_dir(),
+                 dpy ? dpy : ":0", g_get_user_name() );
++#endif
+     g_free(dpy);
+ }
+ 
+diff --git a/libmenu-cache/menu-cache.h.in b/libmenu-cache/menu-cache.h.in
+index 76ea7b4..cded59d 100644
+--- a/libmenu-cache/menu-cache.h.in
++++ b/libmenu-cache/menu-cache.h.in
+@@ -151,6 +151,7 @@ MenuCacheItem *menu_cache_find_child_by_name(MenuCacheDir *dir, const char *name
+ 
+ char* menu_cache_dir_make_path( MenuCacheDir* dir );
+ 
++const char* menu_cache_app_get_generic_name( MenuCacheApp* app );
+ const char* menu_cache_app_get_exec( MenuCacheApp* app );
+ const char* menu_cache_app_get_working_dir( MenuCacheApp* app );
+ const char* const *menu_cache_app_get_categories(MenuCacheApp* app);
+diff --git a/menu-cache-daemon/menu-cached.c b/menu-cache-daemon/menu-cached.c
+index a6895ee..c100484 100644
+--- a/menu-cache-daemon/menu-cached.c
++++ b/menu-cache-daemon/menu-cached.c
+@@ -473,6 +473,9 @@ static void get_socket_name( char* buf, int len )
+         if(*p)
+             *p = '\0';
+     }
++    /* NOTE: this socket name is incompatible with versions > 1.0.2,
++            although this function is never used since 0.7.0 but
++            libmenu-cache always requests exact socket name instead */
+     g_snprintf( buf, len, "%s/.menu-cached-%s-%s", g_get_tmp_dir(),
+                 dpy ? dpy : ":0", g_get_user_name() );
+     g_free(dpy);
+diff --git a/menu-cache-gen/menu-merge.c b/menu-cache-gen/menu-merge.c
+index 816cf96..31f05b0 100644
+--- a/menu-cache-gen/menu-merge.c
++++ b/menu-cache-gen/menu-merge.c
+@@ -1,7 +1,7 @@
+ /*
+  *      menu-file.c : parses <name>.menu file and merges all XML tags.
+  *
+- *      Copyright 2013-2016 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua>
++ *      Copyright 2013-2017 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua>
+  *
+  *      This file is a part of libmenu-cache package and created program
+  *      should be not used without the library.
+@@ -138,11 +138,13 @@ static gboolean _menu_xml_handler_Name(FmXmlFileItem *item, GList *children,
+                                        guint n_attributes, gint line, gint pos,
+                                        GError **error, gpointer user_data)
+ {
++    FmXmlFileItem *name_item;
+     const char *name;
+ 
+     RETURN_IF_IN_LAYOUT(item, error);
+-    item = fm_xml_file_item_find_child(item, FM_XML_FILE_TEXT);
+-    if (item == NULL || (name = fm_xml_file_item_get_data(item, NULL)) == NULL ||
++    name_item = fm_xml_file_item_find_child(item, FM_XML_FILE_TEXT);
++    if (name_item == NULL ||
++        (name = fm_xml_file_item_get_data(name_item, NULL)) == NULL ||
+         strchr(name, '/') != NULL) /* empty or invalid tag */
+     {
+         RETURN_TRUE_AND_DESTROY_IF_QUIET(item);
diff --git a/lxde-base/menu-cache/menu-cache-1.0.2-r1.ebuild b/lxde-base/menu-cache/menu-cache-1.0.2-r1.ebuild
new file mode 100644
index 000000000000..736a786ebeac
--- /dev/null
+++ b/lxde-base/menu-cache/menu-cache-1.0.2-r1.ebuild
@@ -0,0 +1,22 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+DESCRIPTION="Library to create and utilize caches to speed up freedesktop application menus"
+HOMEPAGE="http://lxde.sourceforge.net/"
+SRC_URI="mirror://sourceforge/lxde/${P}.tar.xz"
+
+LICENSE="LGPL-2.1+"
+# ABI is v2. See Makefile.am
+SLOT="0/2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~mips ~ppc ~x86 ~amd64-linux ~x86-linux"
+IUSE=""
+
+PATCHES=( "${FILESDIR}"/${PN}-1.0.2-CVE-2017-8933.patch )
+
+RDEPEND="dev-libs/glib:2
+	x11-libs/libfm-extra"
+DEPEND="${RDEPEND}
+	sys-devel/gettext
+	virtual/pkgconfig"