kinit: Increase environment size limit

start_kdeinit reads its environment over a pipe from start_kdeinit_wrapper. For security, each environment entry must be smaller than 4kb by default. Qt-based applications in Nixpkgs may have larger environments, and the recent upgrade to Plasma 5.17 pushed start_kdeinit_wrapper over the limit. The limit is now extended to 16kb. This problem was not detected during testing because the failure is silent: start_kdeinit will continue with an empty environment. In other circumstances, this strategy might work, but it does not work on NixOS. This failure is now treated as a fatal error. Fixes: #79707
author: Thomas Tuegel <ttuegel@mailbox.org> 2020-02-17 08:12:48 -0600
committer: Thomas Tuegel <ttuegel@mailbox.org> 2020-02-17 08:21:39 -0600
commit: c75860918f0e470bcc881414bd039d7c6c541a21 (patch)
tree: 8d9a245ef009f6d6f11d1a02c85fbb82b4691168
parent: d40256f0e5059e358c9d55c7d36af0388f38e645 (diff)
download: nixpkgs-c75860918f0e470bcc881414bd039d7c6c541a21.tar
nixpkgs-c75860918f0e470bcc881414bd039d7c6c541a21.tar.gz
nixpkgs-c75860918f0e470bcc881414bd039d7c6c541a21.tar.bz2
nixpkgs-c75860918f0e470bcc881414bd039d7c6c541a21.tar.lz
nixpkgs-c75860918f0e470bcc881414bd039d7c6c541a21.tar.xz
nixpkgs-c75860918f0e470bcc881414bd039d7c6c541a21.tar.zst
nixpkgs-c75860918f0e470bcc881414bd039d7c6c541a21.zip
6 files changed, 96 insertions, 25 deletions
diff --git a/pkgs/development/libraries/kde-frameworks/kinit/kinit-libpath.patch b/pkgs/development/libraries/kde-frameworks/kinit/0001-kinit-libpath.patch
index b949723fb54..21477394c91 100644
--- a/pkgs/development/libraries/kde-frameworks/kinit/kinit-libpath.patch
+++ b/pkgs/development/libraries/kde-frameworks/kinit/0001-kinit-libpath.patch
@@ -1,8 +1,17 @@
-Index: kinit-5.32.0/src/kdeinit/kinit.cpp
-===================================================================
---- kinit-5.32.0.orig/src/kdeinit/kinit.cpp
-+++ kinit-5.32.0/src/kdeinit/kinit.cpp
-@@ -623,19 +623,15 @@ static pid_t launch(int argc, const char
+From 715c5f461b4992dac066601202a673bc551a5e33 Mon Sep 17 00:00:00 2001
+From: Thomas Tuegel <ttuegel@mailbox.org>
+Date: Sun, 16 Feb 2020 14:23:31 -0600
+Subject: [PATCH 1/4] kinit-libpath
+
+---
+ src/kdeinit/kinit.cpp | 22 +++++++++-------------
+ 1 file changed, 9 insertions(+), 13 deletions(-)
+
+diff --git a/src/kdeinit/kinit.cpp b/src/kdeinit/kinit.cpp
+index 8fff17a..0801b75 100644
+--- a/src/kdeinit/kinit.cpp
++++ b/src/kdeinit/kinit.cpp
+@@ -622,19 +622,15 @@ static pid_t launch(int argc, const char *_name, const char *args,
  
          if (!libpath.isEmpty()) {
              if (libpath_relative) {
@@ -31,3 +40,6 @@ Index: kinit-5.32.0/src/kdeinit/kinit.cpp
                  }
              } else {
                  l.load();
+-- 
+2.23.1
+
diff --git a/pkgs/development/libraries/kde-frameworks/kinit/0002-start_kdeinit-path.patch b/pkgs/development/libraries/kde-frameworks/kinit/0002-start_kdeinit-path.patch
new file mode 100644
index 00000000000..bf25b98d6c5
--- /dev/null
+++ b/pkgs/development/libraries/kde-frameworks/kinit/0002-start_kdeinit-path.patch
@@ -0,0 +1,25 @@
+From 129cd0ae1e983adc10dbe84e87bcc6f31cb13db8 Mon Sep 17 00:00:00 2001
+From: Thomas Tuegel <ttuegel@mailbox.org>
+Date: Sun, 16 Feb 2020 14:23:44 -0600
+Subject: [PATCH 2/4] start_kdeinit-path
+
+---
+ src/start_kdeinit/start_kdeinit_wrapper.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/start_kdeinit/start_kdeinit_wrapper.c b/src/start_kdeinit/start_kdeinit_wrapper.c
+index 891f50c..ef664ad 100644
+--- a/src/start_kdeinit/start_kdeinit_wrapper.c
++++ b/src/start_kdeinit/start_kdeinit_wrapper.c
+@@ -23,7 +23,7 @@
+ #include <string.h>
+ #include <unistd.h>
+ 
+-#define EXECUTE CMAKE_INSTALL_FULL_LIBEXECDIR_KF5 "/start_kdeinit"
++#define EXECUTE "/run/wrappers/bin/start_kdeinit"
+ 
+ #if KDEINIT_OOM_PROTECT
+ 
+-- 
+2.23.1
+
diff --git a/pkgs/development/libraries/kde-frameworks/kinit/kdeinit-extra_libs.patch b/pkgs/development/libraries/kde-frameworks/kinit/0003-kdeinit-extra-libs.patch
index d5b1a4accaa..9df8505b292 100644
--- a/pkgs/development/libraries/kde-frameworks/kinit/kdeinit-extra_libs.patch
+++ b/pkgs/development/libraries/kde-frameworks/kinit/0003-kdeinit-extra-libs.patch
@@ -1,7 +1,16 @@
-Index: kinit-5.32.0/src/kdeinit/kinit.cpp
-===================================================================
---- kinit-5.32.0.orig/src/kdeinit/kinit.cpp
-+++ kinit-5.32.0/src/kdeinit/kinit.cpp
+From 4f5d0de7e35744cdbfa9e280ee7e15a54cf21abb Mon Sep 17 00:00:00 2001
+From: Thomas Tuegel <ttuegel@mailbox.org>
+Date: Sun, 16 Feb 2020 14:24:07 -0600
+Subject: [PATCH 3/4] kdeinit-extra-libs
+
+---
+ src/kdeinit/kinit.cpp | 22 ++++------------------
+ 1 file changed, 4 insertions(+), 18 deletions(-)
+
+diff --git a/src/kdeinit/kinit.cpp b/src/kdeinit/kinit.cpp
+index 0801b75..622dd5f 100644
+--- a/src/kdeinit/kinit.cpp
++++ b/src/kdeinit/kinit.cpp
 @@ -96,9 +96,9 @@ static const char *extra_libs[] = {
      "libKF5Parts.5.dylib",
      "libKF5Plasma.5.dylib"
@@ -15,7 +24,7 @@ Index: kinit-5.32.0/src/kdeinit/kinit.cpp
  #endif
  };
  #endif
-@@ -1533,20 +1531,6 @@ static int initXconnection()
+@@ -1524,20 +1524,6 @@ static int initXconnection()
  }
  #endif
  
@@ -36,7 +45,8 @@ Index: kinit-5.32.0/src/kdeinit/kinit.cpp
  extern "C" {
  
      static void secondary_child_handler(int)
-@@ -1692,7 +1676,7 @@ int main(int argc, char **argv)
+@@ -1679,7 +1665,7 @@ int main(int argc, char **argv)
+ #if defined(Q_OS_UNIX) && !defined(Q_OS_OSX)
      if (!d.suicide && qEnvironmentVariableIsEmpty("KDE_IS_PRELINKED")) {
          for (const char *extra_lib : extra_libs) {
 -            const QString extra = findSharedLib(QString::fromLatin1(extra_lib));
@@ -44,3 +54,6 @@ Index: kinit-5.32.0/src/kdeinit/kinit.cpp
              if (!extra.isEmpty()) {
                  QLibrary l(extra);
                  l.setLoadHints(QLibrary::ExportExternalSymbolsHint);
+-- 
+2.23.1
+
diff --git a/pkgs/development/libraries/kde-frameworks/kinit/0004-start_kdeinit-environ-hard-limit.patch b/pkgs/development/libraries/kde-frameworks/kinit/0004-start_kdeinit-environ-hard-limit.patch
new file mode 100644
index 00000000000..34d4726150c
--- /dev/null
+++ b/pkgs/development/libraries/kde-frameworks/kinit/0004-start_kdeinit-environ-hard-limit.patch
@@ -0,0 +1,29 @@
+From 41e94983dcfbc1667f1b18c5b566aa5c5975edcb Mon Sep 17 00:00:00 2001
+From: Thomas Tuegel <ttuegel@mailbox.org>
+Date: Mon, 17 Feb 2020 04:45:03 -0600
+Subject: [PATCH 4/4] start_kdeinit-environ-hard-limit
+
+---
+ src/start_kdeinit/start_kdeinit.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/start_kdeinit/start_kdeinit.c b/src/start_kdeinit/start_kdeinit.c
+index f2db3e9..4ff2602 100644
+--- a/src/start_kdeinit/start_kdeinit.c
++++ b/src/start_kdeinit/start_kdeinit.c
+@@ -148,7 +148,11 @@ int main(int argc, char **argv)
+                         ++i) {
+                     unsigned len;
+                     if (read(0, &len, sizeof(unsigned)) == sizeof(unsigned)
+-                            && len && len < (1 << 12)) {
++                            && len) {
++                        if (len >= (1 << 14)) {
++                            fprintf(stderr, "%s: exceeded environment length limit", argv[0]);
++                            return 1;
++                        }
+                         env[ i ] = malloc(len + 1);
+                         if ((unsigned) read(0, env[ i ], len) == len) {
+                             env[ i ][ len ] = '\0';
+-- 
+2.23.1
+
diff --git a/pkgs/development/libraries/kde-frameworks/kinit/default.nix b/pkgs/development/libraries/kde-frameworks/kinit/default.nix
index 42a1e157a91..116f475e2f8 100644
--- a/pkgs/development/libraries/kde-frameworks/kinit/default.nix
+++ b/pkgs/development/libraries/kde-frameworks/kinit/default.nix
@@ -14,7 +14,12 @@ mkDerivation {
   buildInputs = [
     kconfig kcrash ki18n kio kservice kwindowsystem
   ];
-  patches = copyPathsToStore (lib.readPathsFromFile ./. ./series);
+  patches = [
+    ./0001-kinit-libpath.patch
+    ./0002-start_kdeinit-path.patch
+    ./0003-kdeinit-extra-libs.patch
+    ./0004-start_kdeinit-environ-hard-limit.patch
+  ];
   CXXFLAGS = [
     ''-DNIXPKGS_KF5_KIOCORE=\"${getLib kio}/lib/libKF5KIOCore.so.5\"''
     ''-DNIXPKGS_KF5_PARTS=\"${getLib kparts}/lib/libKF5Parts.so.5\"''
diff --git a/pkgs/development/libraries/kde-frameworks/kinit/start_kdeinit-path.patch b/pkgs/development/libraries/kde-frameworks/kinit/start_kdeinit-path.patch
deleted file mode 100644
index e3bfc2ebe6b..00000000000
--- a/pkgs/development/libraries/kde-frameworks/kinit/start_kdeinit-path.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Index: kinit-5.24.0/src/start_kdeinit/start_kdeinit_wrapper.c
-===================================================================
---- kinit-5.24.0.orig/src/start_kdeinit/start_kdeinit_wrapper.c
-+++ kinit-5.24.0/src/start_kdeinit/start_kdeinit_wrapper.c
-@@ -23,7 +23,7 @@
- #include <string.h>
- #include <unistd.h>
- 
--#define EXECUTE CMAKE_INSTALL_FULL_LIBEXECDIR_KF5 "/start_kdeinit"
-+#define EXECUTE "/run/wrappers/bin/start_kdeinit"
- 
- #if KDEINIT_OOM_PROTECT
-
author	Thomas Tuegel <ttuegel@mailbox.org>	2020-02-17 08:12:48 -0600
committer	Thomas Tuegel <ttuegel@mailbox.org>	2020-02-17 08:21:39 -0600
commit	c75860918f0e470bcc881414bd039d7c6c541a21 (patch)
tree	8d9a245ef009f6d6f11d1a02c85fbb82b4691168
parent	d40256f0e5059e358c9d55c7d36af0388f38e645 (diff)
download	nixpkgs-c75860918f0e470bcc881414bd039d7c6c541a21.tar nixpkgs-c75860918f0e470bcc881414bd039d7c6c541a21.tar.gz nixpkgs-c75860918f0e470bcc881414bd039d7c6c541a21.tar.bz2 nixpkgs-c75860918f0e470bcc881414bd039d7c6c541a21.tar.lz nixpkgs-c75860918f0e470bcc881414bd039d7c6c541a21.tar.xz nixpkgs-c75860918f0e470bcc881414bd039d7c6c541a21.tar.zst nixpkgs-c75860918f0e470bcc881414bd039d7c6c541a21.zip