1 |
commit: 9b4b314b09abdf8166816004850cf357eb48d904 |
2 |
Author: Johannes Huber <johu <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Feb 28 20:47:34 2017 +0000 |
4 |
Commit: Johannes Huber <johu <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Feb 28 20:47:43 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b4b314b |
7 |
|
8 |
kde-frameworks/kdelibs: Fix information leak |
9 |
|
10 |
Revision bump backports upstream patch to fix a information leak when accessing |
11 |
https when using a malicious PAC file |
12 |
https://www.kde.org/info/security/advisory-20170228-1.txt |
13 |
|
14 |
Gentoo-bug: 611254 |
15 |
|
16 |
Package-Manager: Portage-2.3.3, Repoman-2.3.1 |
17 |
|
18 |
.../files/kdelibs-4.14.29-sanitize-url.patch | 34 +++ |
19 |
kde-frameworks/kdelibs/kdelibs-4.14.29-r1.ebuild | 299 +++++++++++++++++++++ |
20 |
2 files changed, 333 insertions(+) |
21 |
|
22 |
diff --git a/kde-frameworks/kdelibs/files/kdelibs-4.14.29-sanitize-url.patch b/kde-frameworks/kdelibs/files/kdelibs-4.14.29-sanitize-url.patch |
23 |
new file mode 100644 |
24 |
index 00000000000..d063f8b598d |
25 |
--- /dev/null |
26 |
+++ b/kde-frameworks/kdelibs/files/kdelibs-4.14.29-sanitize-url.patch |
27 |
@@ -0,0 +1,34 @@ |
28 |
+commit 1804c2fde7bf4e432c6cf5bb8cce5701c7010559 |
29 |
+Author: Albert Astals Cid <aacid@×××.org> |
30 |
+Date: Tue Feb 28 19:08:50 2017 +0100 |
31 |
+ |
32 |
+ Sanitize URLs before passing them to FindProxyForURL |
33 |
+ |
34 |
+ Remove user/password information |
35 |
+ For https: remove path and query |
36 |
+ |
37 |
+ Backport from kio f9d0cb47cf94e209f6171ac0e8d774e68156a6e4 |
38 |
+ |
39 |
+diff --git a/kio/misc/kpac/script.cpp b/kio/misc/kpac/script.cpp |
40 |
+index a595301307..9ab360a0b5 100644 |
41 |
+--- a/kio/misc/kpac/script.cpp |
42 |
++++ b/kio/misc/kpac/script.cpp |
43 |
+@@ -754,9 +754,16 @@ namespace KPAC |
44 |
+ } |
45 |
+ } |
46 |
+ |
47 |
++ KUrl cleanUrl = url; |
48 |
++ cleanUrl.setUserInfo(QString()); |
49 |
++ if (cleanUrl.scheme().toLower() == QLatin1String("https")) { |
50 |
++ cleanUrl.setPath(QString()); |
51 |
++ cleanUrl.setQuery(QString()); |
52 |
++ } |
53 |
++ |
54 |
+ QScriptValueList args; |
55 |
+- args << url.url(); |
56 |
+- args << url.host(); |
57 |
++ args << cleanUrl.url(); |
58 |
++ args << cleanUrl.host(); |
59 |
+ |
60 |
+ QScriptValue result = func.call(QScriptValue(), args); |
61 |
+ if (result.isError()) { |
62 |
|
63 |
diff --git a/kde-frameworks/kdelibs/kdelibs-4.14.29-r1.ebuild b/kde-frameworks/kdelibs/kdelibs-4.14.29-r1.ebuild |
64 |
new file mode 100644 |
65 |
index 00000000000..29d0e1ef251 |
66 |
--- /dev/null |
67 |
+++ b/kde-frameworks/kdelibs/kdelibs-4.14.29-r1.ebuild |
68 |
@@ -0,0 +1,299 @@ |
69 |
+# Copyright 1999-2017 Gentoo Foundation |
70 |
+# Distributed under the terms of the GNU General Public License v2 |
71 |
+ |
72 |
+EAPI=6 |
73 |
+ |
74 |
+CPPUNIT_REQUIRED="optional" |
75 |
+DECLARATIVE_REQUIRED="always" |
76 |
+KDE_HANDBOOK="optional" |
77 |
+OPENGL_REQUIRED="optional" |
78 |
+WEBKIT_REQUIRED="optional" |
79 |
+inherit kde4-base fdo-mime multilib toolchain-funcs flag-o-matic |
80 |
+ |
81 |
+APPS_VERSION="16.12.2" # Don't forget to bump this |
82 |
+ |
83 |
+DESCRIPTION="KDE libraries needed by all KDE programs" |
84 |
+[[ ${KDE_BUILD_TYPE} != live ]] && \ |
85 |
+SRC_URI="mirror://kde/stable/applications/${APPS_VERSION}/src/${P}.tar.xz" |
86 |
+ |
87 |
+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" |
88 |
+LICENSE="LGPL-2.1" |
89 |
+IUSE="cpu_flags_x86_3dnow acl altivec +bzip2 +crypt debug doc fam jpeg2k |
90 |
+kerberos libressl lzma cpu_flags_x86_mmx nls openexr +policykit spell |
91 |
+cpu_flags_x86_sse cpu_flags_x86_sse2 ssl +udev +udisks +upower zeroconf" |
92 |
+ |
93 |
+REQUIRED_USE=" |
94 |
+ udisks? ( udev ) |
95 |
+ upower? ( udev ) |
96 |
+" |
97 |
+ |
98 |
+# needs the kate regression testsuite from svn |
99 |
+RESTRICT="test" |
100 |
+ |
101 |
+COMMONDEPEND=" |
102 |
+ app-text/docbook-xml-dtd:4.2 |
103 |
+ app-text/docbook-xsl-stylesheets |
104 |
+ >=dev-libs/libattica-0.4.2 |
105 |
+ dev-libs/libdbusmenu-qt[qt4] |
106 |
+ dev-libs/libpcre[unicode] |
107 |
+ dev-libs/libxml2 |
108 |
+ dev-libs/libxslt |
109 |
+ media-libs/fontconfig |
110 |
+ media-libs/freetype:2 |
111 |
+ media-libs/giflib:= |
112 |
+ media-libs/libpng:0= |
113 |
+ media-libs/phonon[qt4] |
114 |
+ sys-libs/zlib |
115 |
+ virtual/jpeg:0 |
116 |
+ x11-misc/shared-mime-info |
117 |
+ acl? ( virtual/acl ) |
118 |
+ !aqua? ( |
119 |
+ x11-libs/libICE |
120 |
+ x11-libs/libSM |
121 |
+ x11-libs/libX11 |
122 |
+ x11-libs/libXau |
123 |
+ x11-libs/libXcursor |
124 |
+ x11-libs/libXdmcp |
125 |
+ x11-libs/libXext |
126 |
+ x11-libs/libXfixes |
127 |
+ x11-libs/libXft |
128 |
+ x11-libs/libXpm |
129 |
+ x11-libs/libXrender |
130 |
+ x11-libs/libXScrnSaver |
131 |
+ x11-libs/libXtst |
132 |
+ !kernel_SunOS? ( |
133 |
+ || ( |
134 |
+ sys-libs/libutempter |
135 |
+ >=sys-freebsd/freebsd-lib-9.0 |
136 |
+ ) |
137 |
+ ) |
138 |
+ ) |
139 |
+ bzip2? ( app-arch/bzip2 ) |
140 |
+ crypt? ( app-crypt/qca:2[qt4] ) |
141 |
+ fam? ( virtual/fam ) |
142 |
+ jpeg2k? ( media-libs/jasper:= ) |
143 |
+ kerberos? ( virtual/krb5 ) |
144 |
+ openexr? ( |
145 |
+ media-libs/openexr:= |
146 |
+ media-libs/ilmbase:= |
147 |
+ ) |
148 |
+ policykit? ( sys-auth/polkit-qt[qt4] ) |
149 |
+ spell? ( app-text/enchant ) |
150 |
+ ssl? ( |
151 |
+ libressl? ( dev-libs/libressl:0= ) |
152 |
+ !libressl? ( dev-libs/openssl:0= ) |
153 |
+ ) |
154 |
+ udev? ( virtual/udev ) |
155 |
+ zeroconf? ( net-dns/avahi[mdnsresponder-compat] ) |
156 |
+" |
157 |
+DEPEND="${COMMONDEPEND} |
158 |
+ doc? ( app-doc/doxygen ) |
159 |
+ nls? ( virtual/libintl ) |
160 |
+" |
161 |
+RDEPEND="${COMMONDEPEND} |
162 |
+ !dev-qt/qtphonon |
163 |
+ >=app-crypt/gnupg-2.0.11 |
164 |
+ app-misc/ca-certificates |
165 |
+ kde-frameworks/kdelibs-env:4 |
166 |
+ sys-apps/dbus[X] |
167 |
+ !aqua? ( |
168 |
+ udisks? ( sys-fs/udisks:2 ) |
169 |
+ x11-apps/iceauth |
170 |
+ x11-apps/rgb |
171 |
+ x11-misc/xdg-utils |
172 |
+ upower? ( || ( >=sys-power/upower-0.9.23 sys-power/upower-pm-utils ) ) |
173 |
+ ) |
174 |
+ udev? ( app-misc/media-player-info ) |
175 |
+" |
176 |
+PDEPEND=" |
177 |
+ $(add_kdeapps_dep katepart '' 4.14.3) |
178 |
+ || ( |
179 |
+ $(add_kdeapps_dep kfmclient '' 4.14.3) |
180 |
+ x11-misc/xdg-utils |
181 |
+ ) |
182 |
+ handbook? ( kde-apps/khelpcenter:* ) |
183 |
+ policykit? ( || ( |
184 |
+ >=sys-auth/polkit-kde-agent-0.99 |
185 |
+ kde-plasma/polkit-kde-agent |
186 |
+ ) ) |
187 |
+" |
188 |
+ |
189 |
+PATCHES=( |
190 |
+ "${FILESDIR}/dist/01_gentoo_set_xdg_menu_prefix-1.patch" |
191 |
+ "${FILESDIR}/dist/02_gentoo_append_xdg_config_dirs-1.patch" |
192 |
+ "${FILESDIR}/${PN}-4.14.5-fatalwarnings.patch" |
193 |
+ "${FILESDIR}/${PN}-4.14.5-mimetypes.patch" |
194 |
+ "${FILESDIR}/${PN}-4.4.90-xslt.patch" |
195 |
+ "${FILESDIR}/${PN}-4.6.3-no_suid_kdeinit.patch" |
196 |
+ "${FILESDIR}/${PN}-4.8.1-norpath.patch" |
197 |
+ "${FILESDIR}/${PN}-4.9.3-werror.patch" |
198 |
+ "${FILESDIR}/${PN}-4.10.0-udisks.patch" |
199 |
+ "${FILESDIR}/${PN}-4.14.20-FindQt4.patch" |
200 |
+ "${FILESDIR}/${PN}-4.14.22-webkit.patch" |
201 |
+ "${FILESDIR}/${P}-sanitize-url.patch" |
202 |
+) |
203 |
+ |
204 |
+pkg_pretend() { |
205 |
+ if [[ ${MERGE_TYPE} != binary ]] && tc-is-gcc; then |
206 |
+ [[ $(gcc-major-version) -lt 4 ]] || \ |
207 |
+ ( [[ $(gcc-major-version) -eq 4 && $(gcc-minor-version) -le 3 ]] ) \ |
208 |
+ && die "Sorry, but gcc-4.3 and earlier won't work for KDE SC 4.6 (see bug #354837)." |
209 |
+ fi |
210 |
+} |
211 |
+ |
212 |
+src_prepare() { |
213 |
+ kde4-base_src_prepare |
214 |
+ |
215 |
+ # Rename applications.menu (needs 01_gentoo_set_xdg_menu_prefix-1.patch to work) |
216 |
+ sed -e 's|FILES[[:space:]]applications.menu|FILES applications.menu RENAME kde-4-applications.menu|g' \ |
217 |
+ -i kded/CMakeLists.txt || die "Sed on CMakeLists.txt for applications.menu failed." |
218 |
+ |
219 |
+ if use aqua; then |
220 |
+ sed -i -e \ |
221 |
+ "s:BUNDLE_INSTALL_DIR \"/Applications:BUNDLE_INSTALL_DIR \"${EPREFIX}/${APP_BUNDLE_DIR}:g" \ |
222 |
+ cmake/modules/FindKDE4Internal.cmake || die "failed to sed FindKDE4Internal.cmake" |
223 |
+ |
224 |
+ #if [[ ${CHOST} == *-darwin8 ]]; then |
225 |
+ sed -i -e \ |
226 |
+ "s:set(_add_executable_param MACOSX_BUNDLE):remove(_add_executable_param MACOSX_BUNDLE):g" \ |
227 |
+ cmake/modules/KDE4Macros.cmake || die "failed to sed KDE4Macros.cmake" |
228 |
+ #fi |
229 |
+ |
230 |
+ # solid/solid/backends/iokit doesn't properly link, so disable it. |
231 |
+ sed -e "s|\(APPLE\)|(FALSE)|g" -i solid/solid/CMakeLists.txt \ |
232 |
+ || die "disabling solid/solid/backends/iokit failed" |
233 |
+ sed -e "s|m_backend = .*Backends::IOKit.*;|m_backend = 0;|g" -i solid/solid/managerbase.cpp \ |
234 |
+ || die "disabling solid/solid/backends/iokit failed" |
235 |
+ |
236 |
+ # There's no fdatasync on OSX and the check fails to detect that. |
237 |
+ sed -e "/HAVE_FDATASYNC/ d" -i config.h.cmake \ |
238 |
+ || die "disabling fdatasync failed" |
239 |
+ |
240 |
+ # Fix nameser include to nameser8_compat |
241 |
+ sed -e "s|nameser8_compat.h|nameser_compat.h|g" -i kio/misc/kpac/discovery.cpp \ |
242 |
+ || die "fixing nameser include failed" |
243 |
+ append-flags -DHAVE_ARPA_NAMESER8_COMPAT_H=1 |
244 |
+ |
245 |
+ # Try to fix kkeyserver_mac |
246 |
+ epatch "${FILESDIR}"/${PN}-4.3.80-kdeui_util_kkeyserver_mac.patch |
247 |
+ fi |
248 |
+} |
249 |
+ |
250 |
+src_configure() { |
251 |
+ local mycmakeargs=( |
252 |
+ -DWITH_HSPELL=OFF |
253 |
+ -DWITH_ASPELL=OFF |
254 |
+ -DKDE_DEFAULT_HOME=.kde4 |
255 |
+ -DKAUTH_BACKEND=POLKITQT-1 |
256 |
+ -DWITH_Soprano=OFF |
257 |
+ -DWITH_SharedDesktopOntologies=OFF |
258 |
+ -DCMAKE_DISABLE_FIND_PACKAGE_Strigi=ON |
259 |
+ -DBUILD_doc=$(usex handbook) |
260 |
+ -DHAVE_X86_3DNOW=$(usex cpu_flags_x86_3dnow) |
261 |
+ -DHAVE_PPC_ALTIVEC=$(usex altivec) |
262 |
+ -DHAVE_X86_MMX=$(usex cpu_flags_x86_mmx) |
263 |
+ -DHAVE_X86_SSE=$(usex cpu_flags_x86_sse) |
264 |
+ -DHAVE_X86_SSE2=$(usex cpu_flags_x86_sse2) |
265 |
+ -DWITH_ACL=$(usex acl) |
266 |
+ -DWITH_BZip2=$(usex bzip2) |
267 |
+ -DWITH_QCA2=$(usex crypt) |
268 |
+ -DWITH_FAM=$(usex fam) |
269 |
+ -DWITH_Jasper=$(usex jpeg2k) |
270 |
+ -DWITH_GSSAPI=$(usex kerberos) |
271 |
+ -DWITH_LibLZMA=$(usex lzma) |
272 |
+ -DWITH_Libintl=$(usex nls) |
273 |
+ -DWITH_OpenEXR=$(usex openexr) |
274 |
+ -DWITH_OpenGL=$(usex opengl) |
275 |
+ -DWITH_PolkitQt-1=$(usex policykit) |
276 |
+ -DWITH_ENCHANT=$(usex spell) |
277 |
+ -DWITH_OpenSSL=$(usex ssl) |
278 |
+ -DWITH_UDev=$(usex udev) |
279 |
+ -DWITH_SOLID_UDISKS2=$(usex udisks) |
280 |
+ -DWITH_Avahi=$(usex zeroconf) |
281 |
+ -DWITH_KDEWEBKIT=$(usex webkit) |
282 |
+ ) |
283 |
+ |
284 |
+ use zeroconf || mycmakeargs+=( -DWITH_DNSSD=OFF ) |
285 |
+ |
286 |
+ kde4-base_src_configure |
287 |
+} |
288 |
+ |
289 |
+src_compile() { |
290 |
+ kde4-base_src_compile |
291 |
+ |
292 |
+ # The building of apidox is not managed anymore by the build system |
293 |
+ if use doc; then |
294 |
+ einfo "Building API documentation" |
295 |
+ cd "${S}"/doc/api/ |
296 |
+ ./doxygen.sh "${S}" || die "APIDOX generation failed" |
297 |
+ fi |
298 |
+} |
299 |
+ |
300 |
+src_install() { |
301 |
+ kde4-base_src_install |
302 |
+ |
303 |
+ # use system certificates |
304 |
+ rm -f "${ED}"/usr/share/apps/kssl/ca-bundle.crt || die |
305 |
+ dosym /etc/ssl/certs/ca-certificates.crt /usr/share/apps/kssl/ca-bundle.crt |
306 |
+ |
307 |
+ if use doc; then |
308 |
+ einfo "Installing API documentation. This could take a bit of time." |
309 |
+ cd "${S}"/doc/api/ |
310 |
+ docinto /HTML/en/kdelibs-apidox |
311 |
+ dohtml -r ${P}-apidocs/* |
312 |
+ fi |
313 |
+ |
314 |
+ if use aqua; then |
315 |
+ einfo "fixing ${PN} plugins" |
316 |
+ |
317 |
+ local _PV=${PV:0:3}.0 |
318 |
+ local _dir=${EPREFIX}/usr/$(get_libdir)/kde4/plugins/script |
319 |
+ |
320 |
+ install_name_tool -id \ |
321 |
+ "${_dir}/libkrossqtsplugin.${_PV}.dylib" \ |
322 |
+ "${D}/${_dir}/libkrossqtsplugin.${_PV}.dylib" \ |
323 |
+ || die "failed fixing libkrossqtsplugin.${_PV}.dylib" |
324 |
+ |
325 |
+ einfo "fixing ${PN} cmake detection files" |
326 |
+ #sed -i -e \ |
327 |
+ # "s:if (HAVE_XKB):if (HAVE_XKB AND NOT APPLE):g" \ |
328 |
+ echo -e "set(XKB_FOUND FALSE)\nset(HAVE_XKB FALSE)" > \ |
329 |
+ "${ED}"/usr/share/apps/cmake/modules/FindXKB.cmake \ |
330 |
+ || die "failed fixing FindXKB.cmake" |
331 |
+ fi |
332 |
+ |
333 |
+ einfo Installing environment file. |
334 |
+ # Since 44qt4 is sourced earlier QT_PLUGIN_PATH is defined. |
335 |
+ echo "COLON_SEPARATED=QT_PLUGIN_PATH" > "${T}/77kde" |
336 |
+ echo "QT_PLUGIN_PATH=${EPREFIX}/usr/$(get_libdir)/kde4/plugins" >> "${T}/77kde" |
337 |
+ doenvd "${T}/77kde" |
338 |
+} |
339 |
+ |
340 |
+pkg_postinst() { |
341 |
+ fdo-mime_mime_database_update |
342 |
+ |
343 |
+ if use zeroconf; then |
344 |
+ echo |
345 |
+ elog "To make zeroconf support available in KDE make sure that the avahi daemon" |
346 |
+ elog "is running." |
347 |
+ echo |
348 |
+ einfo "If you also want to use zeroconf for hostname resolution, emerge sys-auth/nss-mdns" |
349 |
+ einfo "and enable multicast dns lookups by editing the 'hosts:' line in /etc/nsswitch.conf" |
350 |
+ einfo "to include 'mdns', e.g.:" |
351 |
+ einfo " hosts: files mdns dns" |
352 |
+ echo |
353 |
+ fi |
354 |
+ |
355 |
+ kde4-base_pkg_postinst |
356 |
+} |
357 |
+ |
358 |
+pkg_prerm() { |
359 |
+ # Remove ksycoca4 global database |
360 |
+ rm -f "${EROOT}${PREFIX}"/share/kde4/services/ksycoca4 |
361 |
+} |
362 |
+ |
363 |
+pkg_postrm() { |
364 |
+ fdo-mime_mime_database_update |
365 |
+ |
366 |
+ kde4-base_pkg_postrm |
367 |
+} |