Add patch to fix security bug #165606.

(Portage version: 2.1.2-r8)
author: Diego Elio Pettenò <flameeyes@gentoo.org> 2007-02-06 15:24:13 +0000
committer: Diego Elio Pettenò <flameeyes@gentoo.org> 2007-02-06 15:24:13 +0000
commit: 585901f862b7940edb49b50d3b4ca457bd0e725d (patch)
tree: 4dbab860b0274203726c6bf59f0ed9f6f3035f5d /kde-base/kdelibs
parent: Version bump (diff)
download: gentoo-2-585901f862b7940edb49b50d3b4ca457bd0e725d.tar.gz
gentoo-2-585901f862b7940edb49b50d3b4ca457bd0e725d.tar.bz2
gentoo-2-585901f862b7940edb49b50d3b4ca457bd0e725d.zip
4 files changed, 247 insertions, 1 deletions
diff --git a/kde-base/kdelibs/ChangeLog b/kde-base/kdelibs/ChangeLog
index fe7cbced5db8..3a6401f6c10e 100644
--- a/kde-base/kdelibs/ChangeLog
+++ b/kde-base/kdelibs/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for kde-base/kdelibs
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/ChangeLog,v 1.421 2007/02/05 12:40:14 flameeyes Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/ChangeLog,v 1.422 2007/02/06 15:24:13 flameeyes Exp $
+
+*kdelibs-3.5.5-r8 (06 Feb 2007)
+
+  06 Feb 2007; Diego Pettenò <flameeyes@gentoo.org>
+  +files/kdelibs-3.5.5-CVE-2007-0537.patch, +kdelibs-3.5.5-r8.ebuild:
+  Add patch to fix security bug #165606.
 
   05 Feb 2007; Diego Pettenò <flameeyes@gentoo.org>
   -files/kdelibs-3.5.0-bindnow.patch,
diff --git a/kde-base/kdelibs/files/digest-kdelibs-3.5.5-r8 b/kde-base/kdelibs/files/digest-kdelibs-3.5.5-r8
new file mode 100644
index 000000000000..cec88e0f63b8
--- /dev/null
+++ b/kde-base/kdelibs/files/digest-kdelibs-3.5.5-r8
@@ -0,0 +1,9 @@
+MD5 6f8254317dd43af7aea2a347656f552a kdelibs-3.5-patchset-05.tar.bz2 36423
+RMD160 684bb235f3b5b3cb900632e11aa912670f641b96 kdelibs-3.5-patchset-05.tar.bz2 36423
+SHA256 f237ccd3a35c629740355fbcf69b0d706690acac832a4d35db5c0d3a30235e0a kdelibs-3.5-patchset-05.tar.bz2 36423
+MD5 d8ce997461cb1aa2255032f02fd14326 kdelibs-3.5.5-seli-xinerama.patch.bz2 5470
+RMD160 46ed378f1ff2f7e2fa113aa0bf51eae1758264f9 kdelibs-3.5.5-seli-xinerama.patch.bz2 5470
+SHA256 8d002a55954aabdb91a534a1b1f1f37c706faebbae0398fb5a2ff29eeb66954c kdelibs-3.5.5-seli-xinerama.patch.bz2 5470
+MD5 2cba792e3b0a766431b837c8ef924117 kdelibs-3.5.5.tar.bz2 15486690
+RMD160 8e389869f9a53445754c76a0f7535ef2fffc6d03 kdelibs-3.5.5.tar.bz2 15486690
+SHA256 e487cdd56aa14eec3e100501a5e14658c6329fac30ea0ce812c860e3564c31e3 kdelibs-3.5.5.tar.bz2 15486690
diff --git a/kde-base/kdelibs/files/kdelibs-3.5.5-CVE-2007-0537.patch b/kde-base/kdelibs/files/kdelibs-3.5.5-CVE-2007-0537.patch
new file mode 100644
index 000000000000..c6332ee01e43
--- /dev/null
+++ b/kde-base/kdelibs/files/kdelibs-3.5.5-CVE-2007-0537.patch
@@ -0,0 +1,22 @@
+Index: kdelibs/khtml/html/htmltokenizer.cpp
+===================================================================
+--- kdelibs/khtml/html/htmltokenizer.cpp	(revision 626790)
++++ kdelibs/khtml/html/htmltokenizer.cpp	(revision 626791)
+@@ -316,7 +316,7 @@
+     while ( !src.isEmpty() ) {
+         checkScriptBuffer();
+         unsigned char ch = src->latin1();
+-        if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && !title && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
++        if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
+             comment = true;
+             scriptCode[ scriptCodeSize++ ] = ch;
+             ++src;
+@@ -495,7 +495,7 @@
+ 
+             if (canClose || handleBrokenComments || scriptEnd ){
+                 ++src;
+-                if ( !( script || xmp || textarea || style) ) {
++                if ( !( title || script || xmp || textarea || style) ) {
+ #ifdef COMMENTS_IN_DOM
+                     checkScriptBuffer();
+                     scriptCode[ scriptCodeSize ] = 0;
diff --git a/kde-base/kdelibs/kdelibs-3.5.5-r8.ebuild b/kde-base/kdelibs/kdelibs-3.5.5-r8.ebuild
new file mode 100644
index 000000000000..396cae4d7440
--- /dev/null
+++ b/kde-base/kdelibs/kdelibs-3.5.5-r8.ebuild
@@ -0,0 +1,209 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/kdelibs-3.5.5-r8.ebuild,v 1.1 2007/02/06 15:24:13 flameeyes Exp $
+
+inherit kde flag-o-matic eutils multilib
+set-kdedir 3.5
+
+DESCRIPTION="KDE libraries needed by all KDE programs."
+HOMEPAGE="http://www.kde.org/"
+SRC_URI="mirror://kde/stable/${PV}/src/${P}.tar.bz2
+	mirror://gentoo/kdelibs-3.5-patchset-05.tar.bz2
+	mirror://gentoo/${P}-seli-xinerama.patch.bz2"
+
+LICENSE="GPL-2 LGPL-2"
+SLOT="3.5"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="acl alsa arts cups doc jpeg2k kerberos legacyssl utempter openexr spell ssl tiff
+zeroconf avahi kernel_linux fam lua linguas_he kdehiddenvisibility"
+
+# kde.eclass has kdelibs in DEPEND, and we can't have that in here.
+# so we recreate the entire DEPEND from scratch.
+
+# Added aspell-en as dependency to work around bug 131512.
+RDEPEND="$(qt_min_version 3.3.3)
+	arts? ( ~kde-base/arts-${PV} )
+	app-arch/bzip2
+	>=media-libs/freetype-2
+	media-libs/fontconfig
+	>=dev-libs/libxslt-1.1.16
+	>=dev-libs/libxml2-2.6.6
+	>=dev-libs/libpcre-4.2
+	media-libs/libart_lgpl
+	net-dns/libidn
+	acl? ( kernel_linux? ( sys-apps/acl ) )
+	ssl? ( >=dev-libs/openssl-0.9.7d )
+	alsa? ( media-libs/alsa-lib )
+	cups? ( >=net-print/cups-1.1.19 )
+	tiff? ( media-libs/tiff )
+	kerberos? ( virtual/krb5 )
+	jpeg2k? ( media-libs/jasper )
+	openexr? ( >=media-libs/openexr-1.2.2-r2 )
+	zeroconf? (	!avahi? ( net-misc/mDNSResponder !kde-misc/kdnssd-avahi ) )
+	fam? ( virtual/fam )
+	virtual/ghostscript
+	utempter? ( sys-libs/libutempter )
+	!kde-base/kde-env
+	lua? ( dev-lang/lua )
+	spell? ( app-text/aspell app-dicts/aspell-en
+		linguas_he? ( >=app-text/hspell-1.0 ) )"
+
+DEPEND="${RDEPEND}
+	doc? ( app-doc/doxygen )
+	sys-devel/gettext"
+
+RDEPEND="${RDEPEND}
+	|| ( ( x11-apps/rgb x11-apps/iceauth ) <virtual/x11-7 ) "
+
+PDEPEND="zeroconf? ( avahi? ( kde-misc/kdnssd-avahi ) )"
+
+# Testing code is rather broken and merely for developer purposes, so disable it.
+RESTRICT="test"
+
+pkg_setup() {
+	if use legacyssl ; then
+		echo ""
+		elog "You have the legacyssl use flag enabled, which fixes issues with some broken"
+		elog "sites, but breaks others instead. It is strongly discouraged to use it."
+		elog "For more information, see bug #128922."
+		echo ""
+	fi
+	if ! use utempter ; then
+		echo ""
+		elog "On some setups that relies on the correct update of utmp records, not using"
+		elog "utempter might not update them correctly. If you experience unexpected"
+		elog "behaviour, try to rebuild kde-base/kdelibs with utempter use-flag enabled."
+		echo ""
+	fi
+
+	if use alsa && ! built_with_use --missing true media-libs/alsa-lib midi; then
+		eerror "The alsa USE flag in this package enables ALSA support"
+		eerror "for libkmid, KDE midi library."
+		eerror "For this reason, you have to merge media-libs/alsa-lib"
+		eerror "with the midi USE flag enabled, or disable alsa USE flag"
+		eerror "for this package."
+		die "Missing midi USE flag on media-libs/alsa-lib"
+	fi
+}
+
+src_unpack() {
+	kde_src_unpack
+	if use legacyssl ; then
+		# This patch won't be included upstream, see bug #128922
+		epatch "${WORKDIR}/patches/kdelibs_3.5.4-kssl-3des.patch" || die "Patch did not apply."
+	fi
+
+	# Apply the following patch on the next revision of kdelibs-3.5.5 (fixes kde
+	# bug #135409), which corrects a nasty regression in the cstyle indenter.
+	epatch "${FILESDIR}/${P}-kate-cstyle-indenter-fix.diff"
+
+	# Fix kdeprint timeout when trying to connect to cupsd. Bug #151261.
+	epatch "${FILESDIR}/${P}-kdeprint-cupsd-timeout-fix.patch"
+
+	# Fix rendering (see upstream bug #135639).
+	epatch "${FILESDIR}/${P}-khtml.patch"
+
+	# Allow notification with arts disabled
+	epatch "${FILESDIR}/${P}-noarts.patch"
+	epatch "${FILESDIR}/${P}-noarts-2.patch"
+
+	# xinerama patch from Lubos Lunak
+	# http://ktown.kde.org/~seli/xinerama/
+	epatch "${DISTDIR}/${P}-seli-xinerama.patch.bz2"
+
+	epatch "${FILESDIR}/${P}-CVE-2007-0537.patch"
+}
+
+src_compile() {
+	rm -f "${S}/configure"
+
+	myconf="--with-distribution=Gentoo --disable-fast-malloc
+			$(use_enable fam libfam) $(use_enable kernel_linux dnotify)
+			--with-libart --with-libidn
+			$(use_with acl) $(use_with ssl)
+			$(use_with alsa) $(use_with arts)
+			$(use_with kerberos gssapi) $(use_with tiff)
+			$(use_with jpeg2k jasper) $(use_with openexr)
+			$(use_enable cups)
+			$(use_with utempter) $(use_with lua)
+			$(use_enable kernel_linux sendfile) --enable-mitshm
+			$(use_with spell aspell)"
+
+	if use zeroconf && ! use avahi; then
+		myconf="${myconf} --enable-dnssd"
+	else
+		myconf="${myconf} --disable-dnssd"
+	fi
+
+	if use spell; then
+		myconf="${myconf} $(use_with linguas_he hspell)"
+	else
+		myconf="${myconf} --without-hspell"
+	fi
+
+	if has_version x11-apps/rgb; then
+		myconf="${myconf} --with-rgbfile=/usr/share/X11/rgb.txt"
+	fi
+
+	# fix bug 58179, bug 85593
+	# kdelibs-3.4.0 needed -fno-gcse; 3.4.1 needs -mminimal-toc; this needs a
+	# closer look... - corsair
+	use ppc64 && append-flags "-mminimal-toc"
+
+	# work around bug #120858, gcc 3.4.x -Os miscompilation
+	use x86 && replace-flags "-Os" "-O2" # see bug #120858
+
+	export BINDNOW_FLAGS="$(bindnow-flags)"
+
+	kde_src_compile
+
+	if use doc; then
+		make apidox || die
+	fi
+}
+
+src_install() {
+	kde_src_install
+
+	if use doc; then
+		make DESTDIR="${D}" install-apidox || die
+	fi
+
+	# Needed to create lib -> lib64 symlink for amd64 2005.0 profile
+	if [ "${SYMLINK_LIB}" = "yes" ]; then
+		dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) ${KDEDIR}/lib
+	fi
+
+	# Get rid of the disabled version of the kdnsd libraries
+	if use zeroconf && use avahi; then
+		rm -rf "${D}/${PREFIX}"/$(get_libdir)/libkdnssd.*
+	fi
+
+	dodir /etc/env.d
+
+	# List all the multilib libdirs
+	local libdirs
+	for libdir in $(get_all_libdirs); do
+		libdirs="${libdirs}:${PREFIX}/${libdir}"
+	done
+
+	cat <<EOF > "${D}"/etc/env.d/45kdepaths-${SLOT} # number goes down with version upgrade
+PATH=${PREFIX}/bin
+ROOTPATH=${PREFIX}/sbin:${PREFIX}/bin
+LDPATH=${libdirs:1}
+CONFIG_PROTECT="${PREFIX}/share/config ${PREFIX}/env ${PREFIX}/shutdown /usr/share/config"
+KDEDIRS="${PREFIX}:/usr:/usr/local"
+#KDE_IS_PRELINKED=1
+EOF
+}
+
+pkg_postinst() {
+	if use zeroconf; then
+		echo
+		elog "To make zeroconf support available in KDE make sure that the 'mdnsd' daemon"
+		elog "is running. Make sure also that multicast dns lookups are enabled by editing"
+		elog "the 'hosts:' line in /etc/nsswitch.conf to include 'mdns', e.g.:"
+		elog "	hosts: files mdns dns"
+		echo
+	fi
+}
author	Diego Elio Pettenò <flameeyes@gentoo.org>	2007-02-06 15:24:13 +0000
committer	Diego Elio Pettenò <flameeyes@gentoo.org>	2007-02-06 15:24:13 +0000
commit	585901f862b7940edb49b50d3b4ca457bd0e725d (patch)
tree	4dbab860b0274203726c6bf59f0ed9f6f3035f5d /kde-base/kdelibs
parent	Version bump (diff)
download	gentoo-2-585901f862b7940edb49b50d3b4ca457bd0e725d.tar.gz gentoo-2-585901f862b7940edb49b50d3b4ca457bd0e725d.tar.bz2 gentoo-2-585901f862b7940edb49b50d3b4ca457bd0e725d.zip