From fe6cc7105868cdd1a33428cd7948c859380e173f Mon Sep 17 00:00:00 2001 From: Matthew Dawson Date: Mon, 4 Aug 2014 00:33:09 -0400 Subject: [PATCH 2/6] Allow kdelibs to use an appropriately setup khelpcenter:5 khelpcenter:5 with the kde4_compat flag can work as the khelpcenter:4 package. Allow kdelibs to use this. --- kde-base/kdelibs/Manifest | 1 + .../files/kdelibs-4.13.1-kio-diskfree.patch | 49 ++++ .../files/kdelibs-4.13.2-CVE-2014-3494.patch | 55 ++++ .../files/kdelibs-4.13.3-CVE-2014-5033.patch | 53 ++++ kde-base/kdelibs/kdelibs-4.13.3-r1.ebuild | 305 +++++++++++++++++++++ 5 files changed, 463 insertions(+) create mode 100644 kde-base/kdelibs/files/kdelibs-4.13.1-kio-diskfree.patch create mode 100644 kde-base/kdelibs/files/kdelibs-4.13.2-CVE-2014-3494.patch create mode 100644 kde-base/kdelibs/files/kdelibs-4.13.3-CVE-2014-5033.patch create mode 100644 kde-base/kdelibs/kdelibs-4.13.3-r1.ebuild diff --git a/kde-base/kdelibs/Manifest b/kde-base/kdelibs/Manifest index 8234d41..dd2589c 100644 --- a/kde-base/kdelibs/Manifest +++ b/kde-base/kdelibs/Manifest @@ -1 +1,2 @@ +DIST kdelibs-4.13.3.tar.xz 11557152 SHA256 d291b4bc159a3f686ad93ff3dfbe90a0a7e33600357e8390c84154ec050efc82 SHA512 9bc6f154cbf1b6e8b46ee255ce099d9ba9e530dd478d4a1bf2d24f8f9a063221da3a938f9520ad9149c6b82c4135dc72ab652c410bd82ad4b7100e16fff7a661 WHIRLPOOL c4f4872d27244d84112ced58bfc1fbde3e1d9e6b13d77c2209a968145c35d3151ba0526279a8f8bd8007d992e762b8902f9cacfb49789992501c7ccc4d497532 DIST kdelibs-4.13.97.tar.xz 11589028 SHA256 ab8d13d2f1871c47206f31c310458010c91aa8f36d7c082e2d377d3f5bc513e4 SHA512 c1064f6a6d55841f7f2e38382282dccf55967b48f823e40e43d42a23253e720613837c79ae4c227574f9cbdf0cddfddc5794b1bc5ba956e02c3983c30e0ba645 WHIRLPOOL 9e19d8ea9ed2d05072467fa8127220341d6015226be74a5e3d8e054ad3f9359c5c087eeaf41fa7b5a6ad51f93e2da47bdcf9ed5e72041e482b48ad0dccca5ce4 diff --git a/kde-base/kdelibs/files/kdelibs-4.13.1-kio-diskfree.patch b/kde-base/kdelibs/files/kdelibs-4.13.1-kio-diskfree.patch new file mode 100644 index 0000000..98bae45 --- /dev/null +++ b/kde-base/kdelibs/files/kdelibs-4.13.1-kio-diskfree.patch @@ -0,0 +1,49 @@ +commit 9a8426ae2ed35ac900b89a623618fc158d24ee6a +Author: Tomáš Trnka +Date: Sun May 25 16:12:36 2014 +0200 + + Revert "Avoid unnecessary automounting in KDiskFreeSpaceInfo::freeSpaceInfo" + + This reverts commit 6246e99b43f3d1a9e15d563fbb5e173ed50ba5e5. + + It breaks KIO on CIFS mounts as the check for automounts copied over + from frameworks/kfileitem.cpp isDirectoryMounted() apparently matches + CIFS as well (and for some weird reason KIO checks for available space + before trying to copy files). + + We'll probably have to return to v1 of the abovementioned commit, i.e. + checking for "autofs" explicitly. However, more testing is apparently + necessary to avoid further nasty surprises. + + REVIEW: 117044 + BUG: 334776 + FIXED-IN: 4.13.2 + +diff --git a/kio/kfile/kdiskfreespaceinfo.cpp b/kio/kfile/kdiskfreespaceinfo.cpp +index 5c1fa72..f11eb09 100644 +--- a/kio/kfile/kdiskfreespaceinfo.cpp ++++ b/kio/kfile/kdiskfreespaceinfo.cpp +@@ -33,7 +33,6 @@ + #include + #include + #else +-#include + #include + #endif + +@@ -131,15 +130,6 @@ KDiskFreeSpaceInfo KDiskFreeSpaceInfo::freeSpaceInfo( const QString& path ) + #else + struct statvfs statvfs_buf; + +- // Ignore autofs mountpoints as statvfs would trigger (expensive) automounting +- // This also matches "special" filesystems like /proc where free space has no meaning +- if (mp) { +- QFileInfo fi(info.d->mountPoint); +- if (fi.isDir() && fi.size() == 0) { +- return info; +- } +- } +- + // Prefer mountPoint if available, so that it even works with non-existing files. + const QString pathArg = info.d->mountPoint.isEmpty() ? path : info.d->mountPoint; + if (!statvfs(QFile::encodeName(pathArg).constData(), &statvfs_buf)) { diff --git a/kde-base/kdelibs/files/kdelibs-4.13.2-CVE-2014-3494.patch b/kde-base/kdelibs/files/kdelibs-4.13.2-CVE-2014-3494.patch new file mode 100644 index 0000000..648d4fd --- /dev/null +++ b/kde-base/kdelibs/files/kdelibs-4.13.2-CVE-2014-3494.patch @@ -0,0 +1,55 @@ +From: David Faure +Date: Wed, 18 Jun 2014 18:29:04 +0000 +Subject: Don't require a job to handle messageboxes. +X-Git-Url: http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d +--- +Don't require a job to handle messageboxes. + +The POP3 ioslave doesn't have a job when it gets here. +--- + + +--- a/kio/kio/usernotificationhandler.cpp ++++ b/kio/kio/usernotificationhandler.cpp +@@ -19,7 +19,7 @@ + #include "usernotificationhandler_p.h" + + #include "slave.h" +-#include "job_p.h" ++#include "jobuidelegate.h" + + #include + +@@ -76,19 +76,18 @@ + + if (m_cachedResults.contains(key)) { + result = *(m_cachedResults[key]); +- } else if (r->slave->job()) { +- SimpleJobPrivate* jobPrivate = SimpleJobPrivate::get(r->slave->job()); +- if (jobPrivate) { +- result = jobPrivate->requestMessageBox(r->type, +- r->data.value(MSG_TEXT).toString(), +- r->data.value(MSG_CAPTION).toString(), +- r->data.value(MSG_YES_BUTTON_TEXT).toString(), +- r->data.value(MSG_NO_BUTTON_TEXT).toString(), +- r->data.value(MSG_YES_BUTTON_ICON).toString(), +- r->data.value(MSG_NO_BUTTON_ICON).toString(), +- r->data.value(MSG_DONT_ASK_AGAIN).toString(), +- r->data.value(MSG_META_DATA).toMap()); +- } ++ } else { ++ JobUiDelegate ui; ++ const JobUiDelegate::MessageBoxType type = static_cast(r->type); ++ result = ui.requestMessageBox(type, ++ r->data.value(MSG_TEXT).toString(), ++ r->data.value(MSG_CAPTION).toString(), ++ r->data.value(MSG_YES_BUTTON_TEXT).toString(), ++ r->data.value(MSG_NO_BUTTON_TEXT).toString(), ++ r->data.value(MSG_YES_BUTTON_ICON).toString(), ++ r->data.value(MSG_NO_BUTTON_ICON).toString(), ++ r->data.value(MSG_DONT_ASK_AGAIN).toString(), ++ r->data.value(MSG_META_DATA).toMap()); + m_cachedResults.insert(key, new int(result)); + } + } else { + diff --git a/kde-base/kdelibs/files/kdelibs-4.13.3-CVE-2014-5033.patch b/kde-base/kdelibs/files/kdelibs-4.13.3-CVE-2014-5033.patch new file mode 100644 index 0000000..6d059b5 --- /dev/null +++ b/kde-base/kdelibs/files/kdelibs-4.13.3-CVE-2014-5033.patch @@ -0,0 +1,53 @@ +From c36bf4f314e6ee1203898697abe294ed0c8dcb32 Mon Sep 17 00:00:00 2001 +From: "Martin T. H. Sandsmark" +Date: Mon, 21 Jul 2014 22:52:40 +0200 +Subject: [PATCH] Use dbus system bus name instead of PID for authentication. + +Using the PID for authentication is prone to a PID reuse +race condition, and a security issue. + +REVIEW: 119323 +--- + kdecore/auth/backends/polkit-1/Polkit1Backend.cpp | 15 +++------------ + 1 file changed, 3 insertions(+), 12 deletions(-) + +diff --git a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp +index cd7f6f3..732d2cb 100644 +--- a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp ++++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp +@@ -144,7 +144,7 @@ void Polkit1Backend::setupAction(const QString &action) + + Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) + { +- PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid()); ++ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID())); + PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject, + PolkitQt1::Authority::None); + switch (r) { +@@ -160,21 +160,12 @@ Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) + + QByteArray Polkit1Backend::callerID() const + { +- QByteArray a; +- QDataStream s(&a, QIODevice::WriteOnly); +- s << QCoreApplication::applicationPid(); +- +- return a; ++ return QDBusConnection::systemBus().baseService().toUtf8(); + } + + bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) + { +- QDataStream s(&callerID, QIODevice::ReadOnly); +- qint64 pid; +- +- s >> pid; +- +- PolkitQt1::UnixProcessSubject subject(pid); ++ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); + PolkitQt1::Authority *authority = PolkitQt1::Authority::instance(); + + PolkitResultEventLoop e; +-- +1.8.5.5 + diff --git a/kde-base/kdelibs/kdelibs-4.13.3-r1.ebuild b/kde-base/kdelibs/kdelibs-4.13.3-r1.ebuild new file mode 100644 index 0000000..cd0e84b --- /dev/null +++ b/kde-base/kdelibs/kdelibs-4.13.3-r1.ebuild @@ -0,0 +1,305 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/kdelibs-4.13.3-r1.ebuild,v 1.1 2014/07/23 11:07:59 kensington Exp $ + +EAPI=5 + +CPPUNIT_REQUIRED="optional" +DECLARATIVE_REQUIRED="always" +OPENGL_REQUIRED="optional" +KDE_HANDBOOK="optional" +inherit kde4-base fdo-mime multilib toolchain-funcs flag-o-matic + +EGIT_BRANCH="KDE/4.13" + +DESCRIPTION="KDE libraries needed by all KDE programs." + +KEYWORDS=" ~amd64 ~arm ~ppc ~ppc64 ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" +LICENSE="LGPL-2.1" +IUSE="3dnow acl alsa altivec +bzip2 debug doc fam jpeg2k kerberos lzma mmx +nepomuk nls openexr +policykit spell sse sse2 ssl +udev +udisks +upower +zeroconf" + +REQUIRED_USE=" + udisks? ( udev ) + upower? ( udev ) +" + +# needs the kate regression testsuite from svn +RESTRICT="test" + +COMMONDEPEND=" + app-crypt/qca:2 + >=app-misc/strigi-0.7.7 + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xsl-stylesheets + >=dev-libs/libattica-0.4.2 + >=dev-libs/libdbusmenu-qt-0.3.2 + dev-libs/libpcre[unicode] + dev-libs/libxml2 + dev-libs/libxslt + media-libs/fontconfig + media-libs/freetype:2 + media-libs/giflib + media-libs/libpng:0= + >=media-libs/phonon-4.4.3 + sys-libs/zlib + virtual/jpeg:0 + >=x11-misc/shared-mime-info-0.60 + acl? ( virtual/acl ) + alsa? ( media-libs/alsa-lib ) + !aqua? ( + x11-libs/libICE + x11-libs/libSM + x11-libs/libX11 + x11-libs/libXau + x11-libs/libXcursor + x11-libs/libXdmcp + x11-libs/libXext + x11-libs/libXfixes + x11-libs/libXft + x11-libs/libXpm + x11-libs/libXrender + x11-libs/libXScrnSaver + x11-libs/libXtst + !kernel_SunOS? ( + || ( + sys-libs/libutempter + >=sys-freebsd/freebsd-lib-9.0 + ) + ) + ) + bzip2? ( app-arch/bzip2 ) + fam? ( virtual/fam ) + jpeg2k? ( media-libs/jasper ) + kerberos? ( virtual/krb5 ) + nepomuk? ( + >=dev-libs/shared-desktop-ontologies-0.11.0 + >=dev-libs/soprano-2.9.0[dbus,raptor,redland] + ) + openexr? ( + media-libs/openexr:= + media-libs/ilmbase:= + ) + policykit? ( >=sys-auth/polkit-qt-0.103.0 ) + spell? ( app-text/enchant ) + ssl? ( dev-libs/openssl ) + udev? ( virtual/udev ) + zeroconf? ( net-dns/avahi[mdnsresponder-compat] ) +" +DEPEND="${COMMONDEPEND} + doc? ( app-doc/doxygen ) + nls? ( virtual/libintl ) +" +RDEPEND="${COMMONDEPEND} + !dev-qt/qtphonon + !<=kde-base/plasma-workspace-4.7.1:4 + !<=kde-base/kcontrol-4.4.50:4 + >=app-crypt/gnupg-2.0.11 + app-misc/ca-certificates + $(add_kdebase_dep kde-env) + sys-apps/dbus[X] + !aqua? ( + udisks? ( sys-fs/udisks:2 ) + x11-apps/iceauth + x11-apps/rgb + >=x11-misc/xdg-utils-1.0.2-r3 + upower? ( || ( >=sys-power/upower-0.9.23 sys-power/upower-pm-utils ) ) + ) + udev? ( app-misc/media-player-info ) +" +PDEPEND=" + $(add_kdebase_dep katepart) + || ( + $(add_kdebase_dep kfmclient) + x11-misc/xdg-utils + ) + handbook? ( + || ( + $(add_kdebase_dep khelpcenter) + kde-base/khelpcenter:5[kde4_compat] + ) + ) + nepomuk? ( + $(add_kdebase_dep nepomuk-core) + $(add_kdebase_dep nepomuk-widgets) + ) + policykit? ( + >=sys-auth/polkit-kde-agent-0.99 + ) +" + +PATCHES=( + "${FILESDIR}/dist/01_gentoo_set_xdg_menu_prefix-1.patch" + "${FILESDIR}/dist/02_gentoo_append_xdg_config_dirs-1.patch" + "${FILESDIR}/${PN}-4.7.96-mimetypes.patch" + "${FILESDIR}/${PN}-4.4.90-xslt.patch" + "${FILESDIR}/${PN}-4.6.2-armlinking.patch" + "${FILESDIR}/${PN}-4.6.3-no_suid_kdeinit.patch" + "${FILESDIR}/${PN}-4.8.1-norpath.patch" + "${FILESDIR}/${PN}-4.9.3-werror.patch" + "${FILESDIR}/${PN}-4.10.0-udisks.patch" + "${FILESDIR}/${PN}-4.13.3-CVE-2014-5033.patch" +) + +pkg_pretend() { + if [[ ${MERGE_TYPE} != binary ]]; then + [[ $(gcc-major-version) -lt 4 ]] || \ + ( [[ $(gcc-major-version) -eq 4 && $(gcc-minor-version) -le 3 ]] ) \ + && die "Sorry, but gcc-4.3 and earlier won't work for KDE SC 4.6 (see bug #354837)." + fi +} + +src_prepare() { + kde4-base_src_prepare + + # Rename applications.menu (needs 01_gentoo_set_xdg_menu_prefix-1.patch to work) + sed -e 's|FILES[[:space:]]applications.menu|FILES applications.menu RENAME kde-4-applications.menu|g' \ + -i kded/CMakeLists.txt || die "Sed on CMakeLists.txt for applications.menu failed." + + if use aqua; then + sed -i -e \ + "s:BUNDLE_INSTALL_DIR \"/Applications:BUNDLE_INSTALL_DIR \"${EPREFIX}/${APP_BUNDLE_DIR}:g" \ + cmake/modules/FindKDE4Internal.cmake || die "failed to sed FindKDE4Internal.cmake" + + #if [[ ${CHOST} == *-darwin8 ]]; then + sed -i -e \ + "s:set(_add_executable_param MACOSX_BUNDLE):remove(_add_executable_param MACOSX_BUNDLE):g" \ + cmake/modules/KDE4Macros.cmake || die "failed to sed KDE4Macros.cmake" + #fi + + # solid/solid/backends/iokit doesn't properly link, so disable it. + sed -e "s|\(APPLE\)|(FALSE)|g" -i solid/solid/CMakeLists.txt \ + || die "disabling solid/solid/backends/iokit failed" + sed -e "s|m_backend = .*Backends::IOKit.*;|m_backend = 0;|g" -i solid/solid/managerbase.cpp \ + || die "disabling solid/solid/backends/iokit failed" + + # There's no fdatasync on OSX and the check fails to detect that. + sed -e "/HAVE_FDATASYNC/ d" -i config.h.cmake \ + || die "disabling fdatasync failed" + + # Fix nameser include to nameser8_compat + sed -e "s|nameser8_compat.h|nameser_compat.h|g" -i kio/misc/kpac/discovery.cpp \ + || die "fixing nameser include failed" + append-flags -DHAVE_ARPA_NAMESER8_COMPAT_H=1 + + # Try to fix kkeyserver_mac + epatch "${FILESDIR}"/${PN}-4.3.80-kdeui_util_kkeyserver_mac.patch + fi +} + +src_configure() { + local mycmakeargs=( + -DWITH_HSPELL=OFF + -DWITH_ASPELL=OFF + -DWITH_DNSSD=OFF + -DKDE_DEFAULT_HOME=.kde4 + -DKAUTH_BACKEND=POLKITQT-1 + -DBUILD_libkactivities=OFF + $(cmake-utils_use_build handbook doc) + $(cmake-utils_use_has 3dnow X86_3DNOW) + $(cmake-utils_use_has altivec PPC_ALTIVEC) + $(cmake-utils_use_has mmx X86_MMX) + $(cmake-utils_use_has sse X86_SSE) + $(cmake-utils_use_has sse2 X86_SSE2) + $(cmake-utils_use_with acl) + $(cmake-utils_use_with alsa) + $(cmake-utils_use_with bzip2 BZip2) + $(cmake-utils_use_with fam) + $(cmake-utils_use_with jpeg2k Jasper) + $(cmake-utils_use_with kerberos GSSAPI) + $(cmake-utils_use_with lzma LibLZMA) + $(cmake-utils_use_with nepomuk Soprano) + $(cmake-utils_use_with nepomuk SharedDesktopOntologies) + $(cmake-utils_use_with nls Libintl) + $(cmake-utils_use_with openexr OpenEXR) + $(cmake-utils_use_with opengl OpenGL) + $(cmake-utils_use_with policykit PolkitQt-1) + $(cmake-utils_use_with spell ENCHANT) + $(cmake-utils_use_with ssl OpenSSL) + $(cmake-utils_use_with udev UDev) + $(cmake-utils_use_with udisks SOLID_UDISKS2) + $(cmake-utils_use_with zeroconf Avahi) + ) + kde4-base_src_configure +} + +src_compile() { + kde4-base_src_compile + + # The building of apidox is not managed anymore by the build system + if use doc; then + einfo "Building API documentation" + cd "${S}"/doc/api/ + ./doxygen.sh "${S}" || die "APIDOX generation failed" + fi +} + +src_install() { + kde4-base_src_install + + # use system certificates + rm -f "${ED}"/usr/share/apps/kssl/ca-bundle.crt || die + dosym /etc/ssl/certs/ca-certificates.crt /usr/share/apps/kssl/ca-bundle.crt + + if use doc; then + einfo "Installing API documentation. This could take a bit of time." + cd "${S}"/doc/api/ + docinto /HTML/en/kdelibs-apidox + dohtml -r ${P}-apidocs/* + fi + + if use aqua; then + einfo "fixing ${PN} plugins" + + local _PV=${PV:0:3}.0 + local _dir=${EPREFIX}/usr/$(get_libdir)/kde4/plugins/script + + install_name_tool -id \ + "${_dir}/libkrossqtsplugin.${_PV}.dylib" \ + "${D}/${_dir}/libkrossqtsplugin.${_PV}.dylib" \ + || die "failed fixing libkrossqtsplugin.${_PV}.dylib" + + einfo "fixing ${PN} cmake detection files" + #sed -i -e \ + # "s:if (HAVE_XKB):if (HAVE_XKB AND NOT APPLE):g" \ + echo -e "set(XKB_FOUND FALSE)\nset(HAVE_XKB FALSE)" > \ + "${ED}"/usr/share/apps/cmake/modules/FindXKB.cmake \ + || die "failed fixing FindXKB.cmake" + fi + + einfo Installing environment file. + # Since 44qt4 is sourced earlier QT_PLUGIN_PATH is defined. + echo "COLON_SEPARATED=QT_PLUGIN_PATH" > "${T}/77kde" + echo "QT_PLUGIN_PATH=${EPREFIX}/usr/$(get_libdir)/kde4/plugins" >> "${T}/77kde" + doenvd "${T}/77kde" +} + +pkg_postinst() { + fdo-mime_mime_database_update + + if use zeroconf; then + echo + elog "To make zeroconf support available in KDE make sure that the avahi daemon" + elog "is running." + echo + einfo "If you also want to use zeroconf for hostname resolution, emerge sys-auth/nss-mdns" + einfo "and enable multicast dns lookups by editing the 'hosts:' line in /etc/nsswitch.conf" + einfo "to include 'mdns', e.g.:" + einfo " hosts: files mdns dns" + echo + fi + + kde4-base_pkg_postinst +} + +pkg_prerm() { + # Remove ksycoca4 global database + rm -f "${EROOT}${PREFIX}"/share/kde4/services/ksycoca4 +} + +pkg_postrm() { + fdo-mime_mime_database_update + + kde4-base_pkg_postrm +} -- 1.8.5.5