From 70d803dbbd07c2d0037d93608cc67b2b27c025fd Mon Sep 17 00:00:00 2001 From: Carsten Lohrke Date: Sat, 31 Mar 2007 14:05:08 +0000 Subject: [PATCH] Fix for bug #172527. Package-Manager: portage-2.1.2.3 --- kde-base/kdelibs/ChangeLog | 8 +- kde-base/kdelibs/Manifest | 19 +- .../files/CVE-2007-1564-kdelibs-3.5.6.diff | 81 +++++++ .../kdelibs/files/digest-kdelibs-3.5.5-r10 | 9 + kde-base/kdelibs/kdelibs-3.5.5-r10.ebuild | 213 ++++++++++++++++++ 5 files changed, 325 insertions(+), 5 deletions(-) create mode 100644 kde-base/kdelibs/files/CVE-2007-1564-kdelibs-3.5.6.diff create mode 100644 kde-base/kdelibs/files/digest-kdelibs-3.5.5-r10 create mode 100644 kde-base/kdelibs/kdelibs-3.5.5-r10.ebuild diff --git a/kde-base/kdelibs/ChangeLog b/kde-base/kdelibs/ChangeLog index 0249921a1830..55d17a0b7cd0 100644 --- a/kde-base/kdelibs/ChangeLog +++ b/kde-base/kdelibs/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for kde-base/kdelibs # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/ChangeLog,v 1.439 2007/03/30 12:56:29 caleb Exp $ +# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/ChangeLog,v 1.440 2007/03/31 14:05:08 carlo Exp $ + +*kdelibs-3.5.5-r10 (31 Mar 2007) + + 31 Mar 2007; Carsten Lohrke + +files/CVE-2007-1564-kdelibs-3.5.6.diff, +kdelibs-3.5.5-r10.ebuild: + Fix for bug #172527. *kdelibs-3.5.6-r4 (30 Mar 2007) diff --git a/kde-base/kdelibs/Manifest b/kde-base/kdelibs/Manifest index 3d0bb5352455..288ceb051d6f 100644 --- a/kde-base/kdelibs/Manifest +++ b/kde-base/kdelibs/Manifest @@ -1,3 +1,7 @@ +AUX CVE-2007-1564-kdelibs-3.5.6.diff 2835 RMD160 894a9c5f51da21022b9448da957893a57384c065 SHA1 a296f0dff11007f835bdbca23b259ad8483aa4c9 SHA256 2def5a86817220df9c701d9ad22059c9ef884273a44fee3e12d7b269d8b8e52c +MD5 62872147c2d369feb3d9077e9b32b03d files/CVE-2007-1564-kdelibs-3.5.6.diff 2835 +RMD160 894a9c5f51da21022b9448da957893a57384c065 files/CVE-2007-1564-kdelibs-3.5.6.diff 2835 +SHA256 2def5a86817220df9c701d9ad22059c9ef884273a44fee3e12d7b269d8b8e52c files/CVE-2007-1564-kdelibs-3.5.6.diff 2835 AUX kdelibs-3.5.5-CVE-2007-0537.patch 1232 RMD160 a15192ccbbb27c323de2188b2a5a945c253b53ac SHA1 4c7f05af310bda28f97117e72b08ebb18a36252b SHA256 f83289c67c66de5d6afe78d1149d2f28514d0ce26841c36a67efdd1d2f7f451d MD5 287cfc385b261e687aa32908033d2112 files/kdelibs-3.5.5-CVE-2007-0537.patch 1232 RMD160 a15192ccbbb27c323de2188b2a5a945c253b53ac files/kdelibs-3.5.5-CVE-2007-0537.patch 1232 @@ -38,6 +42,10 @@ DIST kdelibs-3.5-patchset-05.tar.bz2 36423 RMD160 684bb235f3b5b3cb900632e11aa912 DIST kdelibs-3.5.5-seli-xinerama.patch.bz2 5470 RMD160 46ed378f1ff2f7e2fa113aa0bf51eae1758264f9 SHA1 1f1e7a02e0dfc35fd2d27d8983a16e53e42397c0 SHA256 8d002a55954aabdb91a534a1b1f1f37c706faebbae0398fb5a2ff29eeb66954c DIST kdelibs-3.5.5.tar.bz2 15486690 RMD160 8e389869f9a53445754c76a0f7535ef2fffc6d03 SHA1 7961818e41e22cce7c58219c4eb63ed5fbb94307 SHA256 e487cdd56aa14eec3e100501a5e14658c6329fac30ea0ce812c860e3564c31e3 DIST kdelibs-3.5.6.tar.bz2 15509460 RMD160 ce8c088e13f0e59238719600da9c768eac58b57d SHA1 2cc15499bd2191bd9333cfd1892b5ecf1199fbfd SHA256 06766202c6ae21277b7879f363ed88fde8016586ec8c94deb59be260f2231b5c +EBUILD kdelibs-3.5.5-r10.ebuild 6565 RMD160 58ab5563c8e10cdb647f06c834a9c364ae5a9deb SHA1 7f59ebd43782ca89591ac765c634b522b587267b SHA256 f7aaad95e7a48a3edcc70c7571ea8008f1e92fd7710eb4d38e640da909464c55 +MD5 463d5c024d2b4050c438c7a8514756f3 kdelibs-3.5.5-r10.ebuild 6565 +RMD160 58ab5563c8e10cdb647f06c834a9c364ae5a9deb kdelibs-3.5.5-r10.ebuild 6565 +SHA256 f7aaad95e7a48a3edcc70c7571ea8008f1e92fd7710eb4d38e640da909464c55 kdelibs-3.5.5-r10.ebuild 6565 EBUILD kdelibs-3.5.5-r4.ebuild 5767 RMD160 58acf609fa886fb766fe43d7ba5a9d1752e60dcb SHA1 38991d19ea8405f29e107eca4c0e36fce8e4faa3 SHA256 7f55628729b20f19631ce165949bb0b14340452179187491680b70cca5788f4f MD5 439f043cecd598d8a00fa077bbf7af51 kdelibs-3.5.5-r4.ebuild 5767 RMD160 58acf609fa886fb766fe43d7ba5a9d1752e60dcb kdelibs-3.5.5-r4.ebuild 5767 @@ -74,14 +82,17 @@ EBUILD kdelibs-3.5.6-r4.ebuild 6095 RMD160 99e40946bb1b1f4f97418c009315ed6699697 MD5 95410947a63ed7933013dc1a3b52b8ed kdelibs-3.5.6-r4.ebuild 6095 RMD160 99e40946bb1b1f4f97418c009315ed6699697f42 kdelibs-3.5.6-r4.ebuild 6095 SHA256 7a5d657746e6e0786edfe4370662c1271bd1c71b884413c0aeab6a3af474e616 kdelibs-3.5.6-r4.ebuild 6095 -MISC ChangeLog 71300 RMD160 a3ee22c550ded19a4c6d5c91b8ae1d918d678953 SHA1 bf0d10a59a67dc102f1d188f8ba6d2db111af38d SHA256 6998e0ec9df5d6bc82c64778740eed7eebcd429f5e78b14dc9b438783915adf5 -MD5 3f952bf77b61194c0be08fa95a9d7f36 ChangeLog 71300 -RMD160 a3ee22c550ded19a4c6d5c91b8ae1d918d678953 ChangeLog 71300 -SHA256 6998e0ec9df5d6bc82c64778740eed7eebcd429f5e78b14dc9b438783915adf5 ChangeLog 71300 +MISC ChangeLog 71477 RMD160 b9e220c0ced512ef0ebc6183f0ebc5ba57f237ee SHA1 4a8c9fecec24946ed5a170aad8c0cecdfcbea33f SHA256 d673a6b3b5eb5ff8fd2abbe4897fafebed95424724a76af642c4f0401200a42e +MD5 f705b8d4113e0e314a75df1351e46794 ChangeLog 71477 +RMD160 b9e220c0ced512ef0ebc6183f0ebc5ba57f237ee ChangeLog 71477 +SHA256 d673a6b3b5eb5ff8fd2abbe4897fafebed95424724a76af642c4f0401200a42e ChangeLog 71477 MISC metadata.xml 156 RMD160 ecce3b981f150c45ae1e84e2d208e678d6124259 SHA1 b64f7c0b4e5db816d82ad19848f72118af129d35 SHA256 2f4da28506b9d4185f320f67a6191d30c7a921217ed4447ed46ea0bc4aefc79a MD5 acc03a4b12bb0433a57e95bd253b9501 metadata.xml 156 RMD160 ecce3b981f150c45ae1e84e2d208e678d6124259 metadata.xml 156 SHA256 2f4da28506b9d4185f320f67a6191d30c7a921217ed4447ed46ea0bc4aefc79a metadata.xml 156 +MD5 b3407b1b16a060400ebc8b3bcd89eef4 files/digest-kdelibs-3.5.5-r10 807 +RMD160 65dd009a5c3e9f9b44e7d277d761a586184f1c20 files/digest-kdelibs-3.5.5-r10 807 +SHA256 9180e5499945c7011b584d592a892bc3ecc4a2cfcc703ede9619ab6238639387 files/digest-kdelibs-3.5.5-r10 807 MD5 4e084c981a53be48eb4df82f46649e60 files/digest-kdelibs-3.5.5-r4 521 RMD160 b35a8ed3374893328cf91746946b98d833051692 files/digest-kdelibs-3.5.5-r4 521 SHA256 8c59629509a40001ff71b42db7096bb8c7a4f78bb8e43b60baf2e205cd843c81 files/digest-kdelibs-3.5.5-r4 521 diff --git a/kde-base/kdelibs/files/CVE-2007-1564-kdelibs-3.5.6.diff b/kde-base/kdelibs/files/CVE-2007-1564-kdelibs-3.5.6.diff new file mode 100644 index 000000000000..b026d67a3db0 --- /dev/null +++ b/kde-base/kdelibs/files/CVE-2007-1564-kdelibs-3.5.6.diff @@ -0,0 +1,81 @@ +--- khtml/ecma/kjs_html.cpp ++++ khtml/ecma/kjs_html.cpp +@@ -1866,9 +1866,11 @@ Value KJS::HTMLElement::getValueProperty + getDOMNode(exec, frameElement.contentDocument()) : Undefined(); + case FrameContentWindow: { + KHTMLPart* part = static_cast(frameElement.handle())->contentPart(); +- if (part) +- return Value(Window::retrieveWindow(part)); +- else ++ if (part) { ++ Window *w = Window::retrieveWindow(part); ++ if (w) ++ return Value(w); ++ } + return Undefined(); + } + case FrameFrameBorder: return String(frameElement.frameBorder()); +@@ -1899,9 +1901,11 @@ Value KJS::HTMLElement::getValueProperty + getDOMNode(exec, iFrame.contentDocument()) : Undefined(); + case IFrameContentWindow: { + KHTMLPart* part = static_cast(iFrame.handle())->contentPart(); +- if (part) +- return Value(Window::retrieveWindow(part)); +- else ++ if (part) { ++ Window *w = Window::retrieveWindow(part); ++ if (w) ++ return Value(w); ++ } + return Undefined(); + } + case IFrameFrameBorder: return String(iFrame.frameBorder()); +--- kioslave/ftp/ftp.cc ++++ kioslave/ftp/ftp.cc +@@ -58,6 +58,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -835,7 +836,6 @@ bool Ftp::ftpSendCmd( const QCString& cm + return true; + } + +- + /* + * ftpOpenPASVDataConnection - set up data connection, using PASV mode + * +@@ -853,6 +853,8 @@ int Ftp::ftpOpenPASVDataConnection() + if (sa != NULL && sa->family() != PF_INET) + return ERR_INTERNAL; // no PASV for non-PF_INET connections + ++ const KInetSocketAddress *sin = static_cast(sa); ++ + if (m_extControl & pasvUnknown) + return ERR_INTERNAL; // already tried and got "unknown command" + +@@ -886,14 +888,17 @@ int Ftp::ftpOpenPASVDataConnection() + } + + // Make hostname and port number ... +- QString host; +- host.sprintf("%d.%d.%d.%d", i[0], i[1], i[2], i[3]); + int port = i[4] << 8 | i[5]; + ++ // we ignore the host part on purpose for two reasons ++ // a) it might be wrong anyway ++ // b) it would make us being suceptible to a port scanning attack ++ + // now connect the data socket ... + m_data = new FtpSocket("PASV"); +- m_data->setAddress(host, port); +- kdDebug(7102) << "Connecting to " << host << " on port " << port << endl; ++ m_data->setAddress(sin->nodeName(), port); ++ ++ kdDebug(7102) << "Connecting to " << sin->nodeName() << " on port " << port << endl; + return m_data->connectSocket(connectTimeout(), false); + } + diff --git a/kde-base/kdelibs/files/digest-kdelibs-3.5.5-r10 b/kde-base/kdelibs/files/digest-kdelibs-3.5.5-r10 new file mode 100644 index 000000000000..cec88e0f63b8 --- /dev/null +++ b/kde-base/kdelibs/files/digest-kdelibs-3.5.5-r10 @@ -0,0 +1,9 @@ +MD5 6f8254317dd43af7aea2a347656f552a kdelibs-3.5-patchset-05.tar.bz2 36423 +RMD160 684bb235f3b5b3cb900632e11aa912670f641b96 kdelibs-3.5-patchset-05.tar.bz2 36423 +SHA256 f237ccd3a35c629740355fbcf69b0d706690acac832a4d35db5c0d3a30235e0a kdelibs-3.5-patchset-05.tar.bz2 36423 +MD5 d8ce997461cb1aa2255032f02fd14326 kdelibs-3.5.5-seli-xinerama.patch.bz2 5470 +RMD160 46ed378f1ff2f7e2fa113aa0bf51eae1758264f9 kdelibs-3.5.5-seli-xinerama.patch.bz2 5470 +SHA256 8d002a55954aabdb91a534a1b1f1f37c706faebbae0398fb5a2ff29eeb66954c kdelibs-3.5.5-seli-xinerama.patch.bz2 5470 +MD5 2cba792e3b0a766431b837c8ef924117 kdelibs-3.5.5.tar.bz2 15486690 +RMD160 8e389869f9a53445754c76a0f7535ef2fffc6d03 kdelibs-3.5.5.tar.bz2 15486690 +SHA256 e487cdd56aa14eec3e100501a5e14658c6329fac30ea0ce812c860e3564c31e3 kdelibs-3.5.5.tar.bz2 15486690 diff --git a/kde-base/kdelibs/kdelibs-3.5.5-r10.ebuild b/kde-base/kdelibs/kdelibs-3.5.5-r10.ebuild new file mode 100644 index 000000000000..c450f0fac7b8 --- /dev/null +++ b/kde-base/kdelibs/kdelibs-3.5.5-r10.ebuild @@ -0,0 +1,213 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/kdelibs-3.5.5-r10.ebuild,v 1.1 2007/03/31 14:05:08 carlo Exp $ + +inherit kde flag-o-matic eutils multilib +set-kdedir 3.5 + +DESCRIPTION="KDE libraries needed by all KDE programs." +HOMEPAGE="http://www.kde.org/" +SRC_URI="mirror://kde/stable/${PV}/src/${P}.tar.bz2 + mirror://gentoo/kdelibs-3.5-patchset-05.tar.bz2 + mirror://gentoo/${P}-seli-xinerama.patch.bz2" + +LICENSE="GPL-2 LGPL-2" +SLOT="3.5" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="acl alsa arts cups doc jpeg2k kerberos legacyssl utempter openexr spell ssl tiff +zeroconf avahi kernel_linux fam lua linguas_he kdehiddenvisibility" + +# kde.eclass has kdelibs in DEPEND, and we can't have that in here. +# so we recreate the entire DEPEND from scratch. + +# Added aspell-en as dependency to work around bug 131512. +RDEPEND="$(qt_min_version 3.3.3) + arts? ( ~kde-base/arts-${PV} ) + app-arch/bzip2 + >=media-libs/freetype-2 + media-libs/fontconfig + >=dev-libs/libxslt-1.1.16 + >=dev-libs/libxml2-2.6.6 + >=dev-libs/libpcre-4.2 + media-libs/libart_lgpl + net-dns/libidn + acl? ( kernel_linux? ( sys-apps/acl ) ) + ssl? ( >=dev-libs/openssl-0.9.7d ) + alsa? ( media-libs/alsa-lib ) + cups? ( >=net-print/cups-1.1.19 ) + tiff? ( media-libs/tiff ) + kerberos? ( virtual/krb5 ) + jpeg2k? ( media-libs/jasper ) + openexr? ( >=media-libs/openexr-1.2.2-r2 ) + zeroconf? ( !avahi? ( net-misc/mDNSResponder !kde-misc/kdnssd-avahi ) ) + fam? ( virtual/fam ) + virtual/ghostscript + utempter? ( sys-libs/libutempter ) + !kde-base/kde-env + lua? ( dev-lang/lua ) + spell? ( app-text/aspell app-dicts/aspell-en + linguas_he? ( >=app-text/hspell-1.0 ) )" + +DEPEND="${RDEPEND} + doc? ( app-doc/doxygen ) + sys-devel/gettext" + +RDEPEND="${RDEPEND} + || ( ( x11-apps/rgb x11-apps/iceauth ) lib64 symlink for amd64 2005.0 profile + if [ "${SYMLINK_LIB}" = "yes" ]; then + dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) ${KDEDIR}/lib + fi + + # Get rid of the disabled version of the kdnsd libraries + if use zeroconf && use avahi; then + rm -rf "${D}/${PREFIX}"/$(get_libdir)/libkdnssd.* + fi + + dodir /etc/env.d + + # List all the multilib libdirs + local libdirs + for libdir in $(get_all_libdirs); do + libdirs="${libdirs}:${PREFIX}/${libdir}" + done + + cat < "${D}"/etc/env.d/45kdepaths-${SLOT} # number goes down with version upgrade +PATH=${PREFIX}/bin +ROOTPATH=${PREFIX}/sbin:${PREFIX}/bin +LDPATH=${libdirs:1} +CONFIG_PROTECT="${PREFIX}/share/config ${PREFIX}/env ${PREFIX}/shutdown /usr/share/config" +KDEDIRS="${PREFIX}:/usr:/usr/local" +#KDE_IS_PRELINKED=1 +EOF +} + +pkg_postinst() { + if use zeroconf; then + echo + elog "To make zeroconf support available in KDE make sure that the 'mdnsd' daemon" + elog "is running. Make sure also that multicast dns lookups are enabled by editing" + elog "the 'hosts:' line in /etc/nsswitch.conf to include 'mdns', e.g.:" + elog " hosts: files mdns dns" + echo + fi +} -- 2.26.2