| 1 |
commit: 9b4b314b09abdf8166816004850cf357eb48d904 |
| 2 |
Author: Johannes Huber <johu <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Tue Feb 28 20:47:34 2017 +0000 |
| 4 |
Commit: Johannes Huber <johu <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Tue Feb 28 20:47:43 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b4b314b |
| 7 |
|
| 8 |
kde-frameworks/kdelibs: Fix information leak |
| 9 |
|
| 10 |
Revision bump backports upstream patch to fix a information leak when accessing |
| 11 |
https when using a malicious PAC file |
| 12 |
https://www.kde.org/info/security/advisory-20170228-1.txt |
| 13 |
|
| 14 |
Gentoo-bug: 611254 |
| 15 |
|
| 16 |
Package-Manager: Portage-2.3.3, Repoman-2.3.1 |
| 17 |
|
| 18 |
.../files/kdelibs-4.14.29-sanitize-url.patch | 34 +++ |
| 19 |
kde-frameworks/kdelibs/kdelibs-4.14.29-r1.ebuild | 299 +++++++++++++++++++++ |
| 20 |
2 files changed, 333 insertions(+) |
| 21 |
|
| 22 |
diff --git a/kde-frameworks/kdelibs/files/kdelibs-4.14.29-sanitize-url.patch b/kde-frameworks/kdelibs/files/kdelibs-4.14.29-sanitize-url.patch |
| 23 |
new file mode 100644 |
| 24 |
index 00000000000..d063f8b598d |
| 25 |
--- /dev/null |
| 26 |
+++ b/kde-frameworks/kdelibs/files/kdelibs-4.14.29-sanitize-url.patch |
| 27 |
@@ -0,0 +1,34 @@ |
| 28 |
+commit 1804c2fde7bf4e432c6cf5bb8cce5701c7010559 |
| 29 |
+Author: Albert Astals Cid <aacid@×××.org> |
| 30 |
+Date: Tue Feb 28 19:08:50 2017 +0100 |
| 31 |
+ |
| 32 |
+ Sanitize URLs before passing them to FindProxyForURL |
| 33 |
+ |
| 34 |
+ Remove user/password information |
| 35 |
+ For https: remove path and query |
| 36 |
+ |
| 37 |
+ Backport from kio f9d0cb47cf94e209f6171ac0e8d774e68156a6e4 |
| 38 |
+ |
| 39 |
+diff --git a/kio/misc/kpac/script.cpp b/kio/misc/kpac/script.cpp |
| 40 |
+index a595301307..9ab360a0b5 100644 |
| 41 |
+--- a/kio/misc/kpac/script.cpp |
| 42 |
++++ b/kio/misc/kpac/script.cpp |
| 43 |
+@@ -754,9 +754,16 @@ namespace KPAC |
| 44 |
+ } |
| 45 |
+ } |
| 46 |
+ |
| 47 |
++ KUrl cleanUrl = url; |
| 48 |
++ cleanUrl.setUserInfo(QString()); |
| 49 |
++ if (cleanUrl.scheme().toLower() == QLatin1String("https")) { |
| 50 |
++ cleanUrl.setPath(QString()); |
| 51 |
++ cleanUrl.setQuery(QString()); |
| 52 |
++ } |
| 53 |
++ |
| 54 |
+ QScriptValueList args; |
| 55 |
+- args << url.url(); |
| 56 |
+- args << url.host(); |
| 57 |
++ args << cleanUrl.url(); |
| 58 |
++ args << cleanUrl.host(); |
| 59 |
+ |
| 60 |
+ QScriptValue result = func.call(QScriptValue(), args); |
| 61 |
+ if (result.isError()) { |
| 62 |
|
| 63 |
diff --git a/kde-frameworks/kdelibs/kdelibs-4.14.29-r1.ebuild b/kde-frameworks/kdelibs/kdelibs-4.14.29-r1.ebuild |
| 64 |
new file mode 100644 |
| 65 |
index 00000000000..29d0e1ef251 |
| 66 |
--- /dev/null |
| 67 |
+++ b/kde-frameworks/kdelibs/kdelibs-4.14.29-r1.ebuild |
| 68 |
@@ -0,0 +1,299 @@ |
| 69 |
+# Copyright 1999-2017 Gentoo Foundation |
| 70 |
+# Distributed under the terms of the GNU General Public License v2 |
| 71 |
+ |
| 72 |
+EAPI=6 |
| 73 |
+ |
| 74 |
+CPPUNIT_REQUIRED="optional" |
| 75 |
+DECLARATIVE_REQUIRED="always" |
| 76 |
+KDE_HANDBOOK="optional" |
| 77 |
+OPENGL_REQUIRED="optional" |
| 78 |
+WEBKIT_REQUIRED="optional" |
| 79 |
+inherit kde4-base fdo-mime multilib toolchain-funcs flag-o-matic |
| 80 |
+ |
| 81 |
+APPS_VERSION="16.12.2" # Don't forget to bump this |
| 82 |
+ |
| 83 |
+DESCRIPTION="KDE libraries needed by all KDE programs" |
| 84 |
+[[ ${KDE_BUILD_TYPE} != live ]] && \ |
| 85 |
+SRC_URI="mirror://kde/stable/applications/${APPS_VERSION}/src/${P}.tar.xz" |
| 86 |
+ |
| 87 |
+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" |
| 88 |
+LICENSE="LGPL-2.1" |
| 89 |
+IUSE="cpu_flags_x86_3dnow acl altivec +bzip2 +crypt debug doc fam jpeg2k |
| 90 |
+kerberos libressl lzma cpu_flags_x86_mmx nls openexr +policykit spell |
| 91 |
+cpu_flags_x86_sse cpu_flags_x86_sse2 ssl +udev +udisks +upower zeroconf" |
| 92 |
+ |
| 93 |
+REQUIRED_USE=" |
| 94 |
+ udisks? ( udev ) |
| 95 |
+ upower? ( udev ) |
| 96 |
+" |
| 97 |
+ |
| 98 |
+# needs the kate regression testsuite from svn |
| 99 |
+RESTRICT="test" |
| 100 |
+ |
| 101 |
+COMMONDEPEND=" |
| 102 |
+ app-text/docbook-xml-dtd:4.2 |
| 103 |
+ app-text/docbook-xsl-stylesheets |
| 104 |
+ >=dev-libs/libattica-0.4.2 |
| 105 |
+ dev-libs/libdbusmenu-qt[qt4] |
| 106 |
+ dev-libs/libpcre[unicode] |
| 107 |
+ dev-libs/libxml2 |
| 108 |
+ dev-libs/libxslt |
| 109 |
+ media-libs/fontconfig |
| 110 |
+ media-libs/freetype:2 |
| 111 |
+ media-libs/giflib:= |
| 112 |
+ media-libs/libpng:0= |
| 113 |
+ media-libs/phonon[qt4] |
| 114 |
+ sys-libs/zlib |
| 115 |
+ virtual/jpeg:0 |
| 116 |
+ x11-misc/shared-mime-info |
| 117 |
+ acl? ( virtual/acl ) |
| 118 |
+ !aqua? ( |
| 119 |
+ x11-libs/libICE |
| 120 |
+ x11-libs/libSM |
| 121 |
+ x11-libs/libX11 |
| 122 |
+ x11-libs/libXau |
| 123 |
+ x11-libs/libXcursor |
| 124 |
+ x11-libs/libXdmcp |
| 125 |
+ x11-libs/libXext |
| 126 |
+ x11-libs/libXfixes |
| 127 |
+ x11-libs/libXft |
| 128 |
+ x11-libs/libXpm |
| 129 |
+ x11-libs/libXrender |
| 130 |
+ x11-libs/libXScrnSaver |
| 131 |
+ x11-libs/libXtst |
| 132 |
+ !kernel_SunOS? ( |
| 133 |
+ || ( |
| 134 |
+ sys-libs/libutempter |
| 135 |
+ >=sys-freebsd/freebsd-lib-9.0 |
| 136 |
+ ) |
| 137 |
+ ) |
| 138 |
+ ) |
| 139 |
+ bzip2? ( app-arch/bzip2 ) |
| 140 |
+ crypt? ( app-crypt/qca:2[qt4] ) |
| 141 |
+ fam? ( virtual/fam ) |
| 142 |
+ jpeg2k? ( media-libs/jasper:= ) |
| 143 |
+ kerberos? ( virtual/krb5 ) |
| 144 |
+ openexr? ( |
| 145 |
+ media-libs/openexr:= |
| 146 |
+ media-libs/ilmbase:= |
| 147 |
+ ) |
| 148 |
+ policykit? ( sys-auth/polkit-qt[qt4] ) |
| 149 |
+ spell? ( app-text/enchant ) |
| 150 |
+ ssl? ( |
| 151 |
+ libressl? ( dev-libs/libressl:0= ) |
| 152 |
+ !libressl? ( dev-libs/openssl:0= ) |
| 153 |
+ ) |
| 154 |
+ udev? ( virtual/udev ) |
| 155 |
+ zeroconf? ( net-dns/avahi[mdnsresponder-compat] ) |
| 156 |
+" |
| 157 |
+DEPEND="${COMMONDEPEND} |
| 158 |
+ doc? ( app-doc/doxygen ) |
| 159 |
+ nls? ( virtual/libintl ) |
| 160 |
+" |
| 161 |
+RDEPEND="${COMMONDEPEND} |
| 162 |
+ !dev-qt/qtphonon |
| 163 |
+ >=app-crypt/gnupg-2.0.11 |
| 164 |
+ app-misc/ca-certificates |
| 165 |
+ kde-frameworks/kdelibs-env:4 |
| 166 |
+ sys-apps/dbus[X] |
| 167 |
+ !aqua? ( |
| 168 |
+ udisks? ( sys-fs/udisks:2 ) |
| 169 |
+ x11-apps/iceauth |
| 170 |
+ x11-apps/rgb |
| 171 |
+ x11-misc/xdg-utils |
| 172 |
+ upower? ( || ( >=sys-power/upower-0.9.23 sys-power/upower-pm-utils ) ) |
| 173 |
+ ) |
| 174 |
+ udev? ( app-misc/media-player-info ) |
| 175 |
+" |
| 176 |
+PDEPEND=" |
| 177 |
+ $(add_kdeapps_dep katepart '' 4.14.3) |
| 178 |
+ || ( |
| 179 |
+ $(add_kdeapps_dep kfmclient '' 4.14.3) |
| 180 |
+ x11-misc/xdg-utils |
| 181 |
+ ) |
| 182 |
+ handbook? ( kde-apps/khelpcenter:* ) |
| 183 |
+ policykit? ( || ( |
| 184 |
+ >=sys-auth/polkit-kde-agent-0.99 |
| 185 |
+ kde-plasma/polkit-kde-agent |
| 186 |
+ ) ) |
| 187 |
+" |
| 188 |
+ |
| 189 |
+PATCHES=( |
| 190 |
+ "${FILESDIR}/dist/01_gentoo_set_xdg_menu_prefix-1.patch" |
| 191 |
+ "${FILESDIR}/dist/02_gentoo_append_xdg_config_dirs-1.patch" |
| 192 |
+ "${FILESDIR}/${PN}-4.14.5-fatalwarnings.patch" |
| 193 |
+ "${FILESDIR}/${PN}-4.14.5-mimetypes.patch" |
| 194 |
+ "${FILESDIR}/${PN}-4.4.90-xslt.patch" |
| 195 |
+ "${FILESDIR}/${PN}-4.6.3-no_suid_kdeinit.patch" |
| 196 |
+ "${FILESDIR}/${PN}-4.8.1-norpath.patch" |
| 197 |
+ "${FILESDIR}/${PN}-4.9.3-werror.patch" |
| 198 |
+ "${FILESDIR}/${PN}-4.10.0-udisks.patch" |
| 199 |
+ "${FILESDIR}/${PN}-4.14.20-FindQt4.patch" |
| 200 |
+ "${FILESDIR}/${PN}-4.14.22-webkit.patch" |
| 201 |
+ "${FILESDIR}/${P}-sanitize-url.patch" |
| 202 |
+) |
| 203 |
+ |
| 204 |
+pkg_pretend() { |
| 205 |
+ if [[ ${MERGE_TYPE} != binary ]] && tc-is-gcc; then |
| 206 |
+ [[ $(gcc-major-version) -lt 4 ]] || \ |
| 207 |
+ ( [[ $(gcc-major-version) -eq 4 && $(gcc-minor-version) -le 3 ]] ) \ |
| 208 |
+ && die "Sorry, but gcc-4.3 and earlier won't work for KDE SC 4.6 (see bug #354837)." |
| 209 |
+ fi |
| 210 |
+} |
| 211 |
+ |
| 212 |
+src_prepare() { |
| 213 |
+ kde4-base_src_prepare |
| 214 |
+ |
| 215 |
+ # Rename applications.menu (needs 01_gentoo_set_xdg_menu_prefix-1.patch to work) |
| 216 |
+ sed -e 's|FILES[[:space:]]applications.menu|FILES applications.menu RENAME kde-4-applications.menu|g' \ |
| 217 |
+ -i kded/CMakeLists.txt || die "Sed on CMakeLists.txt for applications.menu failed." |
| 218 |
+ |
| 219 |
+ if use aqua; then |
| 220 |
+ sed -i -e \ |
| 221 |
+ "s:BUNDLE_INSTALL_DIR \"/Applications:BUNDLE_INSTALL_DIR \"${EPREFIX}/${APP_BUNDLE_DIR}:g" \ |
| 222 |
+ cmake/modules/FindKDE4Internal.cmake || die "failed to sed FindKDE4Internal.cmake" |
| 223 |
+ |
| 224 |
+ #if [[ ${CHOST} == *-darwin8 ]]; then |
| 225 |
+ sed -i -e \ |
| 226 |
+ "s:set(_add_executable_param MACOSX_BUNDLE):remove(_add_executable_param MACOSX_BUNDLE):g" \ |
| 227 |
+ cmake/modules/KDE4Macros.cmake || die "failed to sed KDE4Macros.cmake" |
| 228 |
+ #fi |
| 229 |
+ |
| 230 |
+ # solid/solid/backends/iokit doesn't properly link, so disable it. |
| 231 |
+ sed -e "s|\(APPLE\)|(FALSE)|g" -i solid/solid/CMakeLists.txt \ |
| 232 |
+ || die "disabling solid/solid/backends/iokit failed" |
| 233 |
+ sed -e "s|m_backend = .*Backends::IOKit.*;|m_backend = 0;|g" -i solid/solid/managerbase.cpp \ |
| 234 |
+ || die "disabling solid/solid/backends/iokit failed" |
| 235 |
+ |
| 236 |
+ # There's no fdatasync on OSX and the check fails to detect that. |
| 237 |
+ sed -e "/HAVE_FDATASYNC/ d" -i config.h.cmake \ |
| 238 |
+ || die "disabling fdatasync failed" |
| 239 |
+ |
| 240 |
+ # Fix nameser include to nameser8_compat |
| 241 |
+ sed -e "s|nameser8_compat.h|nameser_compat.h|g" -i kio/misc/kpac/discovery.cpp \ |
| 242 |
+ || die "fixing nameser include failed" |
| 243 |
+ append-flags -DHAVE_ARPA_NAMESER8_COMPAT_H=1 |
| 244 |
+ |
| 245 |
+ # Try to fix kkeyserver_mac |
| 246 |
+ epatch "${FILESDIR}"/${PN}-4.3.80-kdeui_util_kkeyserver_mac.patch |
| 247 |
+ fi |
| 248 |
+} |
| 249 |
+ |
| 250 |
+src_configure() { |
| 251 |
+ local mycmakeargs=( |
| 252 |
+ -DWITH_HSPELL=OFF |
| 253 |
+ -DWITH_ASPELL=OFF |
| 254 |
+ -DKDE_DEFAULT_HOME=.kde4 |
| 255 |
+ -DKAUTH_BACKEND=POLKITQT-1 |
| 256 |
+ -DWITH_Soprano=OFF |
| 257 |
+ -DWITH_SharedDesktopOntologies=OFF |
| 258 |
+ -DCMAKE_DISABLE_FIND_PACKAGE_Strigi=ON |
| 259 |
+ -DBUILD_doc=$(usex handbook) |
| 260 |
+ -DHAVE_X86_3DNOW=$(usex cpu_flags_x86_3dnow) |
| 261 |
+ -DHAVE_PPC_ALTIVEC=$(usex altivec) |
| 262 |
+ -DHAVE_X86_MMX=$(usex cpu_flags_x86_mmx) |
| 263 |
+ -DHAVE_X86_SSE=$(usex cpu_flags_x86_sse) |
| 264 |
+ -DHAVE_X86_SSE2=$(usex cpu_flags_x86_sse2) |
| 265 |
+ -DWITH_ACL=$(usex acl) |
| 266 |
+ -DWITH_BZip2=$(usex bzip2) |
| 267 |
+ -DWITH_QCA2=$(usex crypt) |
| 268 |
+ -DWITH_FAM=$(usex fam) |
| 269 |
+ -DWITH_Jasper=$(usex jpeg2k) |
| 270 |
+ -DWITH_GSSAPI=$(usex kerberos) |
| 271 |
+ -DWITH_LibLZMA=$(usex lzma) |
| 272 |
+ -DWITH_Libintl=$(usex nls) |
| 273 |
+ -DWITH_OpenEXR=$(usex openexr) |
| 274 |
+ -DWITH_OpenGL=$(usex opengl) |
| 275 |
+ -DWITH_PolkitQt-1=$(usex policykit) |
| 276 |
+ -DWITH_ENCHANT=$(usex spell) |
| 277 |
+ -DWITH_OpenSSL=$(usex ssl) |
| 278 |
+ -DWITH_UDev=$(usex udev) |
| 279 |
+ -DWITH_SOLID_UDISKS2=$(usex udisks) |
| 280 |
+ -DWITH_Avahi=$(usex zeroconf) |
| 281 |
+ -DWITH_KDEWEBKIT=$(usex webkit) |
| 282 |
+ ) |
| 283 |
+ |
| 284 |
+ use zeroconf || mycmakeargs+=( -DWITH_DNSSD=OFF ) |
| 285 |
+ |
| 286 |
+ kde4-base_src_configure |
| 287 |
+} |
| 288 |
+ |
| 289 |
+src_compile() { |
| 290 |
+ kde4-base_src_compile |
| 291 |
+ |
| 292 |
+ # The building of apidox is not managed anymore by the build system |
| 293 |
+ if use doc; then |
| 294 |
+ einfo "Building API documentation" |
| 295 |
+ cd "${S}"/doc/api/ |
| 296 |
+ ./doxygen.sh "${S}" || die "APIDOX generation failed" |
| 297 |
+ fi |
| 298 |
+} |
| 299 |
+ |
| 300 |
+src_install() { |
| 301 |
+ kde4-base_src_install |
| 302 |
+ |
| 303 |
+ # use system certificates |
| 304 |
+ rm -f "${ED}"/usr/share/apps/kssl/ca-bundle.crt || die |
| 305 |
+ dosym /etc/ssl/certs/ca-certificates.crt /usr/share/apps/kssl/ca-bundle.crt |
| 306 |
+ |
| 307 |
+ if use doc; then |
| 308 |
+ einfo "Installing API documentation. This could take a bit of time." |
| 309 |
+ cd "${S}"/doc/api/ |
| 310 |
+ docinto /HTML/en/kdelibs-apidox |
| 311 |
+ dohtml -r ${P}-apidocs/* |
| 312 |
+ fi |
| 313 |
+ |
| 314 |
+ if use aqua; then |
| 315 |
+ einfo "fixing ${PN} plugins" |
| 316 |
+ |
| 317 |
+ local _PV=${PV:0:3}.0 |
| 318 |
+ local _dir=${EPREFIX}/usr/$(get_libdir)/kde4/plugins/script |
| 319 |
+ |
| 320 |
+ install_name_tool -id \ |
| 321 |
+ "${_dir}/libkrossqtsplugin.${_PV}.dylib" \ |
| 322 |
+ "${D}/${_dir}/libkrossqtsplugin.${_PV}.dylib" \ |
| 323 |
+ || die "failed fixing libkrossqtsplugin.${_PV}.dylib" |
| 324 |
+ |
| 325 |
+ einfo "fixing ${PN} cmake detection files" |
| 326 |
+ #sed -i -e \ |
| 327 |
+ # "s:if (HAVE_XKB):if (HAVE_XKB AND NOT APPLE):g" \ |
| 328 |
+ echo -e "set(XKB_FOUND FALSE)\nset(HAVE_XKB FALSE)" > \ |
| 329 |
+ "${ED}"/usr/share/apps/cmake/modules/FindXKB.cmake \ |
| 330 |
+ || die "failed fixing FindXKB.cmake" |
| 331 |
+ fi |
| 332 |
+ |
| 333 |
+ einfo Installing environment file. |
| 334 |
+ # Since 44qt4 is sourced earlier QT_PLUGIN_PATH is defined. |
| 335 |
+ echo "COLON_SEPARATED=QT_PLUGIN_PATH" > "${T}/77kde" |
| 336 |
+ echo "QT_PLUGIN_PATH=${EPREFIX}/usr/$(get_libdir)/kde4/plugins" >> "${T}/77kde" |
| 337 |
+ doenvd "${T}/77kde" |
| 338 |
+} |
| 339 |
+ |
| 340 |
+pkg_postinst() { |
| 341 |
+ fdo-mime_mime_database_update |
| 342 |
+ |
| 343 |
+ if use zeroconf; then |
| 344 |
+ echo |
| 345 |
+ elog "To make zeroconf support available in KDE make sure that the avahi daemon" |
| 346 |
+ elog "is running." |
| 347 |
+ echo |
| 348 |
+ einfo "If you also want to use zeroconf for hostname resolution, emerge sys-auth/nss-mdns" |
| 349 |
+ einfo "and enable multicast dns lookups by editing the 'hosts:' line in /etc/nsswitch.conf" |
| 350 |
+ einfo "to include 'mdns', e.g.:" |
| 351 |
+ einfo " hosts: files mdns dns" |
| 352 |
+ echo |
| 353 |
+ fi |
| 354 |
+ |
| 355 |
+ kde4-base_pkg_postinst |
| 356 |
+} |
| 357 |
+ |
| 358 |
+pkg_prerm() { |
| 359 |
+ # Remove ksycoca4 global database |
| 360 |
+ rm -f "${EROOT}${PREFIX}"/share/kde4/services/ksycoca4 |
| 361 |
+} |
| 362 |
+ |
| 363 |
+pkg_postrm() { |
| 364 |
+ fdo-mime_mime_database_update |
| 365 |
+ |
| 366 |
+ kde4-base_pkg_postrm |
| 367 |
+} |
Archives