Added two security patches for konqueror. Fixes bug 185603.

(Portage version: 2.1.3.9)

6 files changed, 175 insertions, 51 deletions

diff --git a/kde-base/kdelibs/ChangeLog b/kde-base/kdelibs/ChangeLog
index 4ec07f8ad5e6..c239de1e41a7 100644
--- a/kde-base/kdelibs/ChangeLog
+++ b/kde-base/kdelibs/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for kde-base/kdelibs
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/ChangeLog,v 1.482 2007/08/30 22:22:46 philantrop Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/ChangeLog,v 1.483 2007/09/12 23:18:53 philantrop Exp $
+
+*kdelibs-3.5.7-r3 (12 Sep 2007)
+
+  12 Sep 2007; Wulf C. Krueger <philantrop@gentoo.org>
+  +files/konqueror-3.5.7-185603-spoofing.diff,
+  +files/kdelibs-3.5.7-kcookiejar.diff, -kdelibs-3.5.5-r4.ebuild,
+  +kdelibs-3.5.7-r3.ebuild:
+  Added two security patches for konqueror. Fixes bug 185603. Removed obsolete
+  version.
 
   30 Aug 2007; Wulf C. Krueger <philantrop@gentoo.org>
   kdelibs-3.5.5-r10.ebuild:
diff --git a/kde-base/kdelibs/files/digest-kdelibs-3.5.5-r4 b/kde-base/kdelibs/files/digest-kdelibs-3.5.5-r4
deleted file mode 100644
index 79c37c4a8348..000000000000
--- a/kde-base/kdelibs/files/digest-kdelibs-3.5.5-r4
+++ /dev/null
@@ -1,6 +0,0 @@
-MD5 6f8254317dd43af7aea2a347656f552a kdelibs-3.5-patchset-05.tar.bz2 36423
-RMD160 684bb235f3b5b3cb900632e11aa912670f641b96 kdelibs-3.5-patchset-05.tar.bz2 36423
-SHA256 f237ccd3a35c629740355fbcf69b0d706690acac832a4d35db5c0d3a30235e0a kdelibs-3.5-patchset-05.tar.bz2 36423
-MD5 2cba792e3b0a766431b837c8ef924117 kdelibs-3.5.5.tar.bz2 15486690
-RMD160 8e389869f9a53445754c76a0f7535ef2fffc6d03 kdelibs-3.5.5.tar.bz2 15486690
-SHA256 e487cdd56aa14eec3e100501a5e14658c6329fac30ea0ce812c860e3564c31e3 kdelibs-3.5.5.tar.bz2 15486690
diff --git a/kde-base/kdelibs/files/digest-kdelibs-3.5.7-r3 b/kde-base/kdelibs/files/digest-kdelibs-3.5.7-r3
new file mode 100644
index 000000000000..78f590de0575
--- /dev/null
+++ b/kde-base/kdelibs/files/digest-kdelibs-3.5.7-r3
@@ -0,0 +1,9 @@
+MD5 1ebab8b66b53b8469e92752f128802ce kdelibs-3.5-patchset-10.tar.bz2 19407
+RMD160 ae0617dbff497751b51859d55ae45a756e69b0c0 kdelibs-3.5-patchset-10.tar.bz2 19407
+SHA256 6fca1c1718bb628c5980da797858eeef003e57ae0f1ba89ffbd1afe20d9df975 kdelibs-3.5-patchset-10.tar.bz2 19407
+MD5 34110d31ae3f56fb37c8a789bffdf65d kdelibs-3.5.7-seli-xinerama.patch.bz2 5226
+RMD160 9eab19cc60cb71d66c0e074242b691c5e8c0c391 kdelibs-3.5.7-seli-xinerama.patch.bz2 5226
+SHA256 6f710ca8d0b3c4789751a1e4630442d04830a8f5aef163d9fd6823bbd6e4e202 kdelibs-3.5.7-seli-xinerama.patch.bz2 5226
+MD5 50ed644f2ec91963570fe2b155652957 kdelibs-3.5.7.tar.bz2 15576038
+RMD160 006c57ef85956ed3903749cace254bdfdf2f347e kdelibs-3.5.7.tar.bz2 15576038
+SHA256 05bc5d0d18b787d964f7c45cc078b047d450d3ddc28b1bde839a26a2eda2c5d9 kdelibs-3.5.7.tar.bz2 15576038
diff --git a/kde-base/kdelibs/files/kdelibs-3.5.7-kcookiejar.diff b/kde-base/kdelibs/files/kdelibs-3.5.7-kcookiejar.diff
new file mode 100644
index 000000000000..5ff4a8da3686
--- /dev/null
+++ b/kde-base/kdelibs/files/kdelibs-3.5.7-kcookiejar.diff
@@ -0,0 +1,59 @@
+Index: kcookiejar.cpp
+===================================================================
+--- kdelibs-3.5.7.orig/kioslave/http/kcookiejar/kcookiejar.cpp	(revision 707307)
++++ kdelibs-3.5.7/kioslave/http/kcookiejar/kcookiejar.cpp	(working copy)
+@@ -981,44 +981,27 @@
+ //
+ KCookieAdvice KCookieJar::cookieAdvice(KHttpCookiePtr cookiePtr)
+ {
+-    QStringList domains;
+-
+     if (m_rejectCrossDomainCookies && cookiePtr->isCrossDomain())
+        return KCookieReject;
+ 
+-    if (m_autoAcceptSessionCookies && (cookiePtr->expireDate() == 0 ||
+-        m_ignoreCookieExpirationDate))
+-       return KCookieAccept;
++    QStringList domains;
+ 
+     extractDomains(cookiePtr->host(), domains);
+ 
+-    // If the cookie specifies a domain, check whether it is valid and
+-    // correct otherwise.
++    // If the cookie specifies a domain, check whether it is valid. Otherwise,
++    // accept the cookie anyways but removes the domain="" value to prevent
++    // cross-site cookie injection.
+     if (!cookiePtr->domain().isEmpty())
+     {
+-       bool valid = false;
+-
+-       // This checks whether the cookie is valid based on
+-       // what ::extractDomains returns
+-       if (!valid)
+-       {
+-          if (domains.contains(cookiePtr->domain()))
+-             valid = true;
+-       }
+-
+-       if (!valid)
+-       {
+-          // Maybe it points to a sub-domain
+-          if (cookiePtr->domain().endsWith("."+cookiePtr->host()))
+-             valid = true;
+-       }
+-
+-       if (!valid)
+-       {
++      if (!domains.contains(cookiePtr->domain()) && 
++          !cookiePtr->domain().endsWith("."+cookiePtr->host()))
+           cookiePtr->fixDomain(QString::null);
+-       }
+     }
+ 
++    if (m_autoAcceptSessionCookies && (cookiePtr->expireDate() == 0 ||
++        m_ignoreCookieExpirationDate))
++       return KCookieAccept;
++
+     KCookieAdvice advice = KCookieDunno;
+     bool isFQDN = true; // First is FQDN
+     QStringList::Iterator it = domains.begin(); // Start with FQDN which first in the list.
diff --git a/kde-base/kdelibs/files/konqueror-3.5.7-185603-spoofing.diff b/kde-base/kdelibs/files/konqueror-3.5.7-185603-spoofing.diff
new file mode 100644
index 000000000000..50a9ed17e1dc
--- /dev/null
+++ b/kde-base/kdelibs/files/konqueror-3.5.7-185603-spoofing.diff
@@ -0,0 +1,34 @@
+--- kdecore/kurl.cpp
++++ kdecore/kurl.cpp
+@@ -30,6 +30,7 @@
+ #include <kglobal.h>
+ #include <kidna.h>
+ #include <kprotocolinfo.h>
++#include <kstringhandler.h>
+ #endif
+ 
+ #include <stdio.h>
+@@ -183,7 +184,7 @@ static QString lazy_encode( const QStrin
+         (character == '?') || // Start of query delimiter
+         ((character == '@') && encodeAt) || // Username delimiter
+         (character == '#') || // Start of reference delimiter
+-        ((character == 32) && (i+1 == old_length))) // A trailing space
++        ((character == 32) && (i+1 == old_length || segment[i+1] == ' '))) // A trailing space
+     {
+       new_segment[ new_length++ ] = '%';
+ 
+@@ -1540,7 +1541,13 @@ QString KURL::prettyURL( int _trailing )
+     u += "//";
+     if ( hasUser() )
+     {
+-      u += lazy_encode(m_strUser);
++      QString s = m_strUser;
++#ifndef KDE_QT_ONLY
++      // shorten the username, its unlikely to be valid without password anyway
++      if (!hasPass())
++          s = KStringHandler::csqueeze(s, 16);
++#endif
++      u += encode(s, 0, 0);
+       // Don't show password!
+       u += "@";
+     }
diff --git a/kde-base/kdelibs/kdelibs-3.5.5-r4.ebuild b/kde-base/kdelibs/kdelibs-3.5.7-r3.ebuild
index eb46efc1650a..8f21eb7594ab 100644
--- a/kde-base/kdelibs/kdelibs-3.5.5-r4.ebuild
+++ b/kde-base/kdelibs/kdelibs-3.5.7-r3.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/kdelibs-3.5.5-r4.ebuild,v 1.12 2007/07/22 10:50:03 calchan Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/kdelibs-3.5.7-r3.ebuild,v 1.1 2007/09/12 23:18:53 philantrop Exp $
 
 inherit kde flag-o-matic eutils multilib
 set-kdedir 3.5
@@ -8,43 +8,44 @@ set-kdedir 3.5
 DESCRIPTION="KDE libraries needed by all KDE programs."
 HOMEPAGE="http://www.kde.org/"
 SRC_URI="mirror://kde/stable/${PV}/src/${P}.tar.bz2
-	mirror://gentoo/kdelibs-3.5-patchset-05.tar.bz2"
+	mirror://gentoo/kdelibs-3.5-patchset-10.tar.bz2
+	mirror://gentoo/${PN}-3.5.7-seli-xinerama.patch.bz2"
 
 LICENSE="GPL-2 LGPL-2"
 SLOT="3.5"
-KEYWORDS="alpha ~amd64 ~hppa ia64 mips ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
-IUSE="acl alsa arts cups doc jpeg2k kerberos legacyssl utempter openexr spell ssl tiff
-zeroconf kernel_linux fam lua kdehiddenvisibility"
-
-# kde.eclass has kdelibs in DEPEND, and we can't have that in here.
-# so we recreate the entire DEPEND from scratch.
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="acl alsa arts branding cups doc jpeg2k kerberos legacyssl utempter openexr spell tiff
+avahi kernel_linux fam lua kdehiddenvisibility"
 
 # Added aspell-en as dependency to work around bug 131512.
+# Made openssl and zeroconf mandatory dependencies, see bug #172972 and #175984
 RDEPEND="$(qt_min_version 3.3.3)
-	arts? ( ~kde-base/arts-${PV} )
+	arts? ( >=kde-base/arts-3.5.5 )
 	app-arch/bzip2
 	>=media-libs/freetype-2
 	media-libs/fontconfig
-	>=dev-libs/libxslt-1.1.15
+	>=dev-libs/libxslt-1.1.16
 	>=dev-libs/libxml2-2.6.6
-	>=dev-libs/libpcre-4.2
+	>=dev-libs/libpcre-6.6
 	media-libs/libart_lgpl
 	net-dns/libidn
+	>=dev-libs/openssl-0.9.7d
 	acl? ( kernel_linux? ( sys-apps/acl ) )
-	ssl? ( >=dev-libs/openssl-0.9.7d )
 	alsa? ( media-libs/alsa-lib )
 	cups? ( >=net-print/cups-1.1.19 )
 	tiff? ( media-libs/tiff )
 	kerberos? ( virtual/krb5 )
 	jpeg2k? ( media-libs/jasper )
 	openexr? ( >=media-libs/openexr-1.2.2-r2 )
-	zeroconf? (	net-misc/mDNSResponder !kde-misc/kdnssd-avahi )
+	!avahi? ( net-misc/mDNSResponder !kde-misc/kdnssd-avahi )
 	fam? ( virtual/fam )
 	virtual/ghostscript
 	utempter? ( sys-libs/libutempter )
 	!kde-base/kde-env
 	lua? ( dev-lang/lua )
-	spell? ( app-text/aspell app-dicts/aspell-en )"
+	spell? ( >=app-text/aspell-0.60.5 >=app-dicts/aspell-en-6.0.0 )
+	>=sys-apps/portage-2.1.2.11
+	!kde-base/ksync"
 
 DEPEND="${RDEPEND}
 	doc? ( app-doc/doxygen )
@@ -54,9 +55,14 @@ RDEPEND="${RDEPEND}
 	x11-apps/rgb
 	x11-apps/iceauth"
 
+PDEPEND="avahi? ( kde-misc/kdnssd-avahi )"
+
 # Testing code is rather broken and merely for developer purposes, so disable it.
 RESTRICT="test"
 
+PATCHES="${FILESDIR}/konqueror-3.5.7-185603-spoofing.diff
+		${FILESDIR}/${P}-kcookiejar.diff"
+
 pkg_setup() {
 	if use legacyssl ; then
 		echo ""
@@ -65,9 +71,10 @@ pkg_setup() {
 		elog "For more information, see bug #128922."
 		echo ""
 	fi
+
 	if ! use utempter ; then
 		echo ""
-		elog "On some setups that relies on the correct update of utmp records, not using"
+		elog "On some setups, which rely on the correct update of utmp records, not using"
 		elog "utempter might not update them correctly. If you experience unexpected"
 		elog "behaviour, try to rebuild kde-base/kdelibs with utempter use-flag enabled."
 		echo ""
@@ -85,40 +92,47 @@ pkg_setup() {
 
 src_unpack() {
 	kde_src_unpack
+
 	if use legacyssl ; then
-		# This patch won't be included upstream, see bug #128922
-		epatch "${WORKDIR}/patches/kdelibs_3.5.4-kssl-3des.patch" || die "Patch did not apply."
+		# This patch won't be included upstream, see bug #128922.
+		epatch "${WORKDIR}/patches/kdelibs_3.5.4-kssl-3des.patch"
 	fi
 
-	# Apply the following patch on the next revision of kdelibs-3.5.5 (fixes kde
-	# bug #135409), which corrects a nasty regression in the cstyle indenter.
-	epatch "${FILESDIR}/${P}-kate-cstyle-indenter-fix.diff"
-
-	# Fix kdeprint timeout when trying to connect to cupsd. Bug #151261.
-	epatch "${FILESDIR}/${P}-kdeprint-cupsd-timeout-fix.patch"
+	if use utempter ; then
+		# Bug #135818 is the eternal reference.
+		epatch "${WORKDIR}/patches/kdelibs-3.5_libutempter.patch"
+	fi
 
-	# Fix rendering (see upstream bug #135639).
-	epatch "${FILESDIR}/${P}-khtml.patch"
+	if use branding ; then
+		# Add "(Gentoo)" to khtml user agent.
+		epatch "${WORKDIR}/patches/kdelibs_3.5-cattlebrand.diff"
+	fi
 
-	# Allow notification with arts disabled
-	epatch "${FILESDIR}/${P}-noarts.patch"
-	epatch "${FILESDIR}/${P}-noarts-2.patch"
+	# Xinerama patch from Lubos Lunak.
+	# http://ktown.kde.org/~seli/xinerama/
+	epatch "${DISTDIR}/${PN}-3.5.7-seli-xinerama.patch.bz2"
 }
 
 src_compile() {
 	rm -f "${S}/configure"
 
 	myconf="--with-distribution=Gentoo --disable-fast-malloc
+			--with-libart --with-libidn --with-ssl
+			--without-hspell
 			$(use_enable fam libfam) $(use_enable kernel_linux dnotify)
-			--with-libart --with-libidn
-			$(use_with acl) $(use_with ssl)
-			$(use_with alsa) $(use_with arts)
+			$(use_with acl) $(use_with alsa)
+			$(use_with arts) $(use_enable cups)
 			$(use_with kerberos gssapi) $(use_with tiff)
 			$(use_with jpeg2k jasper) $(use_with openexr)
-			$(use_enable cups) $(use_enable zeroconf dnssd)
 			$(use_with utempter) $(use_with lua)
 			$(use_enable kernel_linux sendfile) --enable-mitshm
-			$(use_with spell aspell) --without-hspell"
+			$(use_with spell aspell)"
+
+	if ! use avahi; then
+		myconf="${myconf} --enable-dnssd"
+	else
+		myconf="${myconf} --disable-dnssd"
+	fi
 
 	if has_version x11-apps/rgb; then
 		myconf="${myconf} --with-rgbfile=/usr/share/X11/rgb.txt"
@@ -155,6 +169,11 @@ src_install() {
 		dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) ${KDEDIR}/lib
 	fi
 
+	# Get rid of the disabled version of the kdnsd libraries
+	if use avahi; then
+		rm -rf "${D}/${PREFIX}"/$(get_libdir)/libkdnssd.*
+	fi
+
 	dodir /etc/env.d
 
 	# List all the multilib libdirs
@@ -163,23 +182,23 @@ src_install() {
 		libdirs="${libdirs}:${PREFIX}/${libdir}"
 	done
 
+	# Please note that the KDE install path has to be the last value in KDEDIRS.
 	cat <<EOF > "${D}"/etc/env.d/45kdepaths-${SLOT} # number goes down with version upgrade
 PATH=${PREFIX}/bin
 ROOTPATH=${PREFIX}/sbin:${PREFIX}/bin
 LDPATH=${libdirs:1}
+MANPATH=${PREFIX}/share/man
 CONFIG_PROTECT="${PREFIX}/share/config ${PREFIX}/env ${PREFIX}/shutdown /usr/share/config"
-KDEDIRS="${PREFIX}:/usr:/usr/local"
+KDEDIRS="/usr:/usr/local:${PREFIX}"
 #KDE_IS_PRELINKED=1
+XDG_DATA_DIRS="/usr/share:${PREFIX}/share:/usr/local/share"
+COLON_SEPARATED="XDG_DATA_DIRS"
 EOF
-}
 
-pkg_postinst() {
-	if use zeroconf; then
-		echo
-		elog "To make zeroconf support available in KDE make sure that the 'mdnsd' daemon"
-		elog "is running. Make sure also that multicast dns lookups are enabled by editing"
-		elog "the 'hosts:' line in /etc/nsswitch.conf to include 'mdns', e.g.:"
-		elog "	hosts: files mdns dns"
-		echo
-	fi
+	# Make sure the target for the revdep-rebuild stuff exists. Fixes bug 184441.
+	dodir /etc/revdep-rebuild
+
+cat <<EOF > "${D}"/etc/revdep-rebuild/50-kde3
+SEARCH_DIRS="${PREFIX}/bin ${PREFIX}/lib*"
+EOF
 }