summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Huber <johu@gentoo.org>2017-02-28 21:47:34 +0100
committerJohannes Huber <johu@gentoo.org>2017-02-28 21:47:43 +0100
commit9b4b314b09abdf8166816004850cf357eb48d904 (patch)
tree6d1ca5ccdcb836719cd3e22a5243f440ede52066 /kde-frameworks/kdelibs
parentDrop remaining $Id$ and $Header$ from files. (diff)
downloadgentoo-9b4b314b09abdf8166816004850cf357eb48d904.tar.gz
gentoo-9b4b314b09abdf8166816004850cf357eb48d904.tar.bz2
gentoo-9b4b314b09abdf8166816004850cf357eb48d904.zip
kde-frameworks/kdelibs: Fix information leak
Revision bump backports upstream patch to fix a information leak when accessing https when using a malicious PAC file https://www.kde.org/info/security/advisory-20170228-1.txt Gentoo-bug: 611254 Package-Manager: Portage-2.3.3, Repoman-2.3.1
Diffstat (limited to 'kde-frameworks/kdelibs')
-rw-r--r--kde-frameworks/kdelibs/files/kdelibs-4.14.29-sanitize-url.patch34
-rw-r--r--kde-frameworks/kdelibs/kdelibs-4.14.29-r1.ebuild299
2 files changed, 333 insertions, 0 deletions
diff --git a/kde-frameworks/kdelibs/files/kdelibs-4.14.29-sanitize-url.patch b/kde-frameworks/kdelibs/files/kdelibs-4.14.29-sanitize-url.patch
new file mode 100644
index 000000000000..d063f8b598d8
--- /dev/null
+++ b/kde-frameworks/kdelibs/files/kdelibs-4.14.29-sanitize-url.patch
@@ -0,0 +1,34 @@
+commit 1804c2fde7bf4e432c6cf5bb8cce5701c7010559
+Author: Albert Astals Cid <aacid@kde.org>
+Date: Tue Feb 28 19:08:50 2017 +0100
+
+ Sanitize URLs before passing them to FindProxyForURL
+
+ Remove user/password information
+ For https: remove path and query
+
+ Backport from kio f9d0cb47cf94e209f6171ac0e8d774e68156a6e4
+
+diff --git a/kio/misc/kpac/script.cpp b/kio/misc/kpac/script.cpp
+index a595301307..9ab360a0b5 100644
+--- a/kio/misc/kpac/script.cpp
++++ b/kio/misc/kpac/script.cpp
+@@ -754,9 +754,16 @@ namespace KPAC
+ }
+ }
+
++ KUrl cleanUrl = url;
++ cleanUrl.setUserInfo(QString());
++ if (cleanUrl.scheme().toLower() == QLatin1String("https")) {
++ cleanUrl.setPath(QString());
++ cleanUrl.setQuery(QString());
++ }
++
+ QScriptValueList args;
+- args << url.url();
+- args << url.host();
++ args << cleanUrl.url();
++ args << cleanUrl.host();
+
+ QScriptValue result = func.call(QScriptValue(), args);
+ if (result.isError()) {
diff --git a/kde-frameworks/kdelibs/kdelibs-4.14.29-r1.ebuild b/kde-frameworks/kdelibs/kdelibs-4.14.29-r1.ebuild
new file mode 100644
index 000000000000..29d0e1ef251a
--- /dev/null
+++ b/kde-frameworks/kdelibs/kdelibs-4.14.29-r1.ebuild
@@ -0,0 +1,299 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+CPPUNIT_REQUIRED="optional"
+DECLARATIVE_REQUIRED="always"
+KDE_HANDBOOK="optional"
+OPENGL_REQUIRED="optional"
+WEBKIT_REQUIRED="optional"
+inherit kde4-base fdo-mime multilib toolchain-funcs flag-o-matic
+
+APPS_VERSION="16.12.2" # Don't forget to bump this
+
+DESCRIPTION="KDE libraries needed by all KDE programs"
+[[ ${KDE_BUILD_TYPE} != live ]] && \
+SRC_URI="mirror://kde/stable/applications/${APPS_VERSION}/src/${P}.tar.xz"
+
+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux"
+LICENSE="LGPL-2.1"
+IUSE="cpu_flags_x86_3dnow acl altivec +bzip2 +crypt debug doc fam jpeg2k
+kerberos libressl lzma cpu_flags_x86_mmx nls openexr +policykit spell
+cpu_flags_x86_sse cpu_flags_x86_sse2 ssl +udev +udisks +upower zeroconf"
+
+REQUIRED_USE="
+ udisks? ( udev )
+ upower? ( udev )
+"
+
+# needs the kate regression testsuite from svn
+RESTRICT="test"
+
+COMMONDEPEND="
+ app-text/docbook-xml-dtd:4.2
+ app-text/docbook-xsl-stylesheets
+ >=dev-libs/libattica-0.4.2
+ dev-libs/libdbusmenu-qt[qt4]
+ dev-libs/libpcre[unicode]
+ dev-libs/libxml2
+ dev-libs/libxslt
+ media-libs/fontconfig
+ media-libs/freetype:2
+ media-libs/giflib:=
+ media-libs/libpng:0=
+ media-libs/phonon[qt4]
+ sys-libs/zlib
+ virtual/jpeg:0
+ x11-misc/shared-mime-info
+ acl? ( virtual/acl )
+ !aqua? (
+ x11-libs/libICE
+ x11-libs/libSM
+ x11-libs/libX11
+ x11-libs/libXau
+ x11-libs/libXcursor
+ x11-libs/libXdmcp
+ x11-libs/libXext
+ x11-libs/libXfixes
+ x11-libs/libXft
+ x11-libs/libXpm
+ x11-libs/libXrender
+ x11-libs/libXScrnSaver
+ x11-libs/libXtst
+ !kernel_SunOS? (
+ || (
+ sys-libs/libutempter
+ >=sys-freebsd/freebsd-lib-9.0
+ )
+ )
+ )
+ bzip2? ( app-arch/bzip2 )
+ crypt? ( app-crypt/qca:2[qt4] )
+ fam? ( virtual/fam )
+ jpeg2k? ( media-libs/jasper:= )
+ kerberos? ( virtual/krb5 )
+ openexr? (
+ media-libs/openexr:=
+ media-libs/ilmbase:=
+ )
+ policykit? ( sys-auth/polkit-qt[qt4] )
+ spell? ( app-text/enchant )
+ ssl? (
+ libressl? ( dev-libs/libressl:0= )
+ !libressl? ( dev-libs/openssl:0= )
+ )
+ udev? ( virtual/udev )
+ zeroconf? ( net-dns/avahi[mdnsresponder-compat] )
+"
+DEPEND="${COMMONDEPEND}
+ doc? ( app-doc/doxygen )
+ nls? ( virtual/libintl )
+"
+RDEPEND="${COMMONDEPEND}
+ !dev-qt/qtphonon
+ >=app-crypt/gnupg-2.0.11
+ app-misc/ca-certificates
+ kde-frameworks/kdelibs-env:4
+ sys-apps/dbus[X]
+ !aqua? (
+ udisks? ( sys-fs/udisks:2 )
+ x11-apps/iceauth
+ x11-apps/rgb
+ x11-misc/xdg-utils
+ upower? ( || ( >=sys-power/upower-0.9.23 sys-power/upower-pm-utils ) )
+ )
+ udev? ( app-misc/media-player-info )
+"
+PDEPEND="
+ $(add_kdeapps_dep katepart '' 4.14.3)
+ || (
+ $(add_kdeapps_dep kfmclient '' 4.14.3)
+ x11-misc/xdg-utils
+ )
+ handbook? ( kde-apps/khelpcenter:* )
+ policykit? ( || (
+ >=sys-auth/polkit-kde-agent-0.99
+ kde-plasma/polkit-kde-agent
+ ) )
+"
+
+PATCHES=(
+ "${FILESDIR}/dist/01_gentoo_set_xdg_menu_prefix-1.patch"
+ "${FILESDIR}/dist/02_gentoo_append_xdg_config_dirs-1.patch"
+ "${FILESDIR}/${PN}-4.14.5-fatalwarnings.patch"
+ "${FILESDIR}/${PN}-4.14.5-mimetypes.patch"
+ "${FILESDIR}/${PN}-4.4.90-xslt.patch"
+ "${FILESDIR}/${PN}-4.6.3-no_suid_kdeinit.patch"
+ "${FILESDIR}/${PN}-4.8.1-norpath.patch"
+ "${FILESDIR}/${PN}-4.9.3-werror.patch"
+ "${FILESDIR}/${PN}-4.10.0-udisks.patch"
+ "${FILESDIR}/${PN}-4.14.20-FindQt4.patch"
+ "${FILESDIR}/${PN}-4.14.22-webkit.patch"
+ "${FILESDIR}/${P}-sanitize-url.patch"
+)
+
+pkg_pretend() {
+ if [[ ${MERGE_TYPE} != binary ]] && tc-is-gcc; then
+ [[ $(gcc-major-version) -lt 4 ]] || \
+ ( [[ $(gcc-major-version) -eq 4 && $(gcc-minor-version) -le 3 ]] ) \
+ && die "Sorry, but gcc-4.3 and earlier won't work for KDE SC 4.6 (see bug #354837)."
+ fi
+}
+
+src_prepare() {
+ kde4-base_src_prepare
+
+ # Rename applications.menu (needs 01_gentoo_set_xdg_menu_prefix-1.patch to work)
+ sed -e 's|FILES[[:space:]]applications.menu|FILES applications.menu RENAME kde-4-applications.menu|g' \
+ -i kded/CMakeLists.txt || die "Sed on CMakeLists.txt for applications.menu failed."
+
+ if use aqua; then
+ sed -i -e \
+ "s:BUNDLE_INSTALL_DIR \"/Applications:BUNDLE_INSTALL_DIR \"${EPREFIX}/${APP_BUNDLE_DIR}:g" \
+ cmake/modules/FindKDE4Internal.cmake || die "failed to sed FindKDE4Internal.cmake"
+
+ #if [[ ${CHOST} == *-darwin8 ]]; then
+ sed -i -e \
+ "s:set(_add_executable_param MACOSX_BUNDLE):remove(_add_executable_param MACOSX_BUNDLE):g" \
+ cmake/modules/KDE4Macros.cmake || die "failed to sed KDE4Macros.cmake"
+ #fi
+
+ # solid/solid/backends/iokit doesn't properly link, so disable it.
+ sed -e "s|\(APPLE\)|(FALSE)|g" -i solid/solid/CMakeLists.txt \
+ || die "disabling solid/solid/backends/iokit failed"
+ sed -e "s|m_backend = .*Backends::IOKit.*;|m_backend = 0;|g" -i solid/solid/managerbase.cpp \
+ || die "disabling solid/solid/backends/iokit failed"
+
+ # There's no fdatasync on OSX and the check fails to detect that.
+ sed -e "/HAVE_FDATASYNC/ d" -i config.h.cmake \
+ || die "disabling fdatasync failed"
+
+ # Fix nameser include to nameser8_compat
+ sed -e "s|nameser8_compat.h|nameser_compat.h|g" -i kio/misc/kpac/discovery.cpp \
+ || die "fixing nameser include failed"
+ append-flags -DHAVE_ARPA_NAMESER8_COMPAT_H=1
+
+ # Try to fix kkeyserver_mac
+ epatch "${FILESDIR}"/${PN}-4.3.80-kdeui_util_kkeyserver_mac.patch
+ fi
+}
+
+src_configure() {
+ local mycmakeargs=(
+ -DWITH_HSPELL=OFF
+ -DWITH_ASPELL=OFF
+ -DKDE_DEFAULT_HOME=.kde4
+ -DKAUTH_BACKEND=POLKITQT-1
+ -DWITH_Soprano=OFF
+ -DWITH_SharedDesktopOntologies=OFF
+ -DCMAKE_DISABLE_FIND_PACKAGE_Strigi=ON
+ -DBUILD_doc=$(usex handbook)
+ -DHAVE_X86_3DNOW=$(usex cpu_flags_x86_3dnow)
+ -DHAVE_PPC_ALTIVEC=$(usex altivec)
+ -DHAVE_X86_MMX=$(usex cpu_flags_x86_mmx)
+ -DHAVE_X86_SSE=$(usex cpu_flags_x86_sse)
+ -DHAVE_X86_SSE2=$(usex cpu_flags_x86_sse2)
+ -DWITH_ACL=$(usex acl)
+ -DWITH_BZip2=$(usex bzip2)
+ -DWITH_QCA2=$(usex crypt)
+ -DWITH_FAM=$(usex fam)
+ -DWITH_Jasper=$(usex jpeg2k)
+ -DWITH_GSSAPI=$(usex kerberos)
+ -DWITH_LibLZMA=$(usex lzma)
+ -DWITH_Libintl=$(usex nls)
+ -DWITH_OpenEXR=$(usex openexr)
+ -DWITH_OpenGL=$(usex opengl)
+ -DWITH_PolkitQt-1=$(usex policykit)
+ -DWITH_ENCHANT=$(usex spell)
+ -DWITH_OpenSSL=$(usex ssl)
+ -DWITH_UDev=$(usex udev)
+ -DWITH_SOLID_UDISKS2=$(usex udisks)
+ -DWITH_Avahi=$(usex zeroconf)
+ -DWITH_KDEWEBKIT=$(usex webkit)
+ )
+
+ use zeroconf || mycmakeargs+=( -DWITH_DNSSD=OFF )
+
+ kde4-base_src_configure
+}
+
+src_compile() {
+ kde4-base_src_compile
+
+ # The building of apidox is not managed anymore by the build system
+ if use doc; then
+ einfo "Building API documentation"
+ cd "${S}"/doc/api/
+ ./doxygen.sh "${S}" || die "APIDOX generation failed"
+ fi
+}
+
+src_install() {
+ kde4-base_src_install
+
+ # use system certificates
+ rm -f "${ED}"/usr/share/apps/kssl/ca-bundle.crt || die
+ dosym /etc/ssl/certs/ca-certificates.crt /usr/share/apps/kssl/ca-bundle.crt
+
+ if use doc; then
+ einfo "Installing API documentation. This could take a bit of time."
+ cd "${S}"/doc/api/
+ docinto /HTML/en/kdelibs-apidox
+ dohtml -r ${P}-apidocs/*
+ fi
+
+ if use aqua; then
+ einfo "fixing ${PN} plugins"
+
+ local _PV=${PV:0:3}.0
+ local _dir=${EPREFIX}/usr/$(get_libdir)/kde4/plugins/script
+
+ install_name_tool -id \
+ "${_dir}/libkrossqtsplugin.${_PV}.dylib" \
+ "${D}/${_dir}/libkrossqtsplugin.${_PV}.dylib" \
+ || die "failed fixing libkrossqtsplugin.${_PV}.dylib"
+
+ einfo "fixing ${PN} cmake detection files"
+ #sed -i -e \
+ # "s:if (HAVE_XKB):if (HAVE_XKB AND NOT APPLE):g" \
+ echo -e "set(XKB_FOUND FALSE)\nset(HAVE_XKB FALSE)" > \
+ "${ED}"/usr/share/apps/cmake/modules/FindXKB.cmake \
+ || die "failed fixing FindXKB.cmake"
+ fi
+
+ einfo Installing environment file.
+ # Since 44qt4 is sourced earlier QT_PLUGIN_PATH is defined.
+ echo "COLON_SEPARATED=QT_PLUGIN_PATH" > "${T}/77kde"
+ echo "QT_PLUGIN_PATH=${EPREFIX}/usr/$(get_libdir)/kde4/plugins" >> "${T}/77kde"
+ doenvd "${T}/77kde"
+}
+
+pkg_postinst() {
+ fdo-mime_mime_database_update
+
+ if use zeroconf; then
+ echo
+ elog "To make zeroconf support available in KDE make sure that the avahi daemon"
+ elog "is running."
+ echo
+ einfo "If you also want to use zeroconf for hostname resolution, emerge sys-auth/nss-mdns"
+ einfo "and enable multicast dns lookups by editing the 'hosts:' line in /etc/nsswitch.conf"
+ einfo "to include 'mdns', e.g.:"
+ einfo " hosts: files mdns dns"
+ echo
+ fi
+
+ kde4-base_pkg_postinst
+}
+
+pkg_prerm() {
+ # Remove ksycoca4 global database
+ rm -f "${EROOT}${PREFIX}"/share/kde4/services/ksycoca4
+}
+
+pkg_postrm() {
+ fdo-mime_mime_database_update
+
+ kde4-base_pkg_postrm
+}