There is a KHTML/KJS cross-site scripting vulnerability in kdelibs-3.0.3.
This update fixes that, as well as merges some other fixes from KDE's CVS.
PLEASE! UPDATE YOUR KDELIBS3 PORT INSTALLATION NOW!
certificates as invalid that have been signed by an issuer who
is not allowed to do so. A patch for this problem has been commited
to both the CVS HEAD branch and the KDE_3_0_BRANCH" from message
by [1]
o Bump PORTREVISION
Submitted by: Andy Fawcett <andy@athame.co.uk>,
Waldo Bastian <bastian@kde.org> [1]
Reviewed by: kde
Approved by: kde
Obtained from: KDE CVS HEAD
2. Fix distinfo file md5 mismatch caused by KDE rerolling the distfiles to
incorporate some late patches.
Submitted by: alane@freebsd.org and the kde-freebsd mailing list.
rigorous testing performed on the part of the KDE/FreeBSD Project
over the last three weeks. Thanks to everyone who helped test!
General changes:
[1] Follow KDE2 style by moving KDE core specific macros and
the like to x11/kde3/Makefile.kde.
[2] Fix a variety of comments or miscellaneous data to reflect
that this is KDE3 and not KDE2.
[3] Account for more empty directories in the PLISTs.
deskutils/kdepim3:
[4] More #include <malloc.h> -> #include <stdlib.h>.
audio/arts:
[5] Upgrade to 1.0.1.
[6] Point at MASTER_SITE_KDE not my own mirror.
audio/kdemultimedia3:
[7] Account for the removal of the <machine/soundcard.h> symlink.
Simply point all such includes at <sys/soundcard.h>.
editors/koffice-kde3:
[8] Get rid of #include <values.h> preemptively.
devel/kdesdk3:
[9] Remove cervisia from build if building on -CURRENT due to
C++-unsafe sys/wait.h. The header is believed to have been
fixed in newer -CURRENT (>= Jun 5) but we have not tested that.
devel/kdevelop:
[10] Upgrade to 2.1.1 and use KDE 3 version.
[11] Remove a number of suggested dependencies that no longer fit.
[12] Account for where the docs for Qt went since they got moved
to fit in hier(7) better.
graphics/kdegraphics3:
[13] Turn off kuickshow by default because it depends on imlib,
which in turn depends on gtk/glib. This will be revisited
when we split up the KDE ports a bit.
games/kdegames3:
[14] Fix compile error on -CURRENT where kpat/freecell-solver/md5.h
tried to define uint32_t after sys/types.h already had.
sysutils/kdeadmin3:
No particular changes.
misc/kdeaddons3:
No particular changes.
misc/kdeedu3:
[15] Re-add the huge number of missing @dirrm's.
misc/kdeutils3:
No particular changes.
misc/kde3-i18n-* and */kde3-i18n:
For the most part, no particular changes. A huge number of I18N
message updates went into this release, though.
french/kde3-i18n:
[16] Fix build Makefile error due to tarball builder's env.
net/kdenetwork3:
No particular changes.
x11-clocks/kdetoys3:
No particular changes.
x11/kdebase3:
[17] Account for mkfontdir "soft" build-time dependency. If
mkfontdir is available, use it to build fonts.dir where
kdebase installs fonts. Otherwise, don't bother.
[18] Patch ElectricEyes.desktop to use the name of the program
that FreeBSD uses when you install the port for it.
[19] Patches for KDM merged into KDE 3.0.1.
[20] Properly fix kdm/backend/xdmcp.c string format error.
x11/kdelibs3:
[21] Support the KDE3 version check to make sure no one
tries to install KDE2 then KDE3. The 'kde-version-check'
target is centralized in x11/kde3/Makefile.kde.
[22] Remove patch for kdeprint/configure.in.in.
[23] Add patch to fix critical icon loader bug.
x11/kde3:
[24] Add Makefile.kde for centralizing KDE core-specific macros
that don't belong in bsd.kde.mk.
x11-toolkits/qt30:
[25] Mark broken on any XFree86 version < 4 due to packing list
related problems if we tried to support XFree86 3.
[26] Error out if the user has Qt2 installed already.
x11-wm/kdeartwork3:
[27] Add USE_MESA to explicitly support the 3D screensavers.
[28] Re-add a large number of missing @dirrm's.
Credits:
[1] [4] [5] [6] [7]
[9] [10] [14] [16]
[21] [22] [24] [26]: will
[2] [3] [8] [15] [17]
[19] [25] [27] [28]: alane
[11] [12]
Submitted by: Lauri Watts <lauri@kde.org>
[13] Found by: mi
Removed by: will
[18] [23]
Submitted by: Andy Fawcett <andy@athame.co.uk>
Tested by: [in addition to the above, in no particular order]
knu
Mattias Douhan <matt@athame.co.uk>
Bradley T. Hughes <bhughes@trolltech.com>
Erik H. Bakke <ebakke@trolltech.com>
David Johnson <david@usermode.org>
JJ Behrens <jj@nttmcl.com>
Michael W. Collette <metrol@metrol.net>
Adriaan de Groot <adridg@sci.kun.nl>
Mark Rowlands <mark.rowlands@minmail.net>
Mark Stosberg <mark@summersault.com>
Dave Cantrell <phaedrus@alltel.net>
Mark Miller <joup@bigfoot.com>
Wesley Morgan <morganw@chemikals.org>
Arjan van Leeuwen <avl@operamail.com>
Waldo Bastian for their work towards fixing this both in 2.2.2/ports
and KDE3 CVS. Bump PORTREVISION to make sure people get *this* fix and
not the previous broken one.
PR: 32549 (for real this time)
Submitted by: Alan Eldridge <alane@geeksrus.net>,
Waldo Bastian <bastian@kde.org>
- Move all stuff specific to kde core ports to x11/kde2/Makefile.kde.
+ Default to compile optimized for speed, not debugging, in ports
builds, not just packages. We don't really get that many backtraces
or debugging information, and there's a better way to provide these
things to people willing to spend some time working on KDE. It's
at (as announced before): http://freebsd.kde.org/.
- Remove teTeX dependency for kdegraphics2 upon request, and being unable
to find any reason not to. Apparently, kdegraphics still compiles
libkdvi and kdvi -- I guess dvips is merely a runtime dependency.
Therefore to enable its use one just needs to add the teTeX package.
Bump PORTREVISION to reflect dependency change.
- Fix koffice port by removing PYTHON_VERSION, which is unnecessary.
PR: 33650 (part of)
Submitted by: John Merryweather Cooper <jmcoopr@johncoop.MSHOME.bmi.net>
Reviewed by: kde-freebsd@lists.csociety.org (teTeX dep removal, and
optimizing for speed, not debugging capability)
--enable-debug and turn off stripping of binaries so we actually get all
the debugging we're supposed to get. :)
Submitted by: Alan Eldridge <alane@geeksrus.net>
the environment vars like DISPLAY etc. Bump PORTREVISION.
Alan and I still suspect the problem is somewhere else, but this at least
gets kdesu working. He feels I should back it out, but I'm going to keep
it since it's better than what we had last: a broken kdesu.
Submitted by: Alan Eldridge <alane@geeksrus.net>
not be the correct fix -- discussion on kde-core-devel@kde.org ensuing.
Bump PORTREVISION to accomodate this important fix.
PR: 32549
Reported by: Kenneth Culver <culverk@wam.umd.edu>
Fixed with help of: Ryan Cumming <bodnar42@phalynx.dhs.org>
make sure that the "autoconf" and "automake" binaries KDE looked for were
found and were autoconf213 and automake14 (as there are issues with the
latest versions), but the logic in setting $PATH was wrong. This puts
${WRKSRC}/auto-bin before the rest of the users $PATH. This fixes KDE
auto* problems if automake14 and automake-1.5 are both installed.
PR: 32512
Submitted by: Alan Eldridge <alane@geeksrus.net>
Approved by: will
* General:
- Support for objprelink.
- Hack for autoconf 2.13/automake 1.4. Note that we can't use
the standard USE_AUTO* because they change things in work/*;
KDE has its own way of doing that.
- Light cleanup of extra dirs in the PLISTs provided by
my mkplistpkg[1] script.
- Speedups of both compile and runtime through the usage of
--disable-debug and --enable-final. The latter did not work
with the kdemultimedia package, unfortunately.
- Patch updates.
* audio/kdemultimedia2:
- Patch to fix KSCD on FreeBSD[2]. It works very well now.
* deskutils/kdepim:
- Enable kpilot[3]. Pull in the latest pilot-link stuff.
* devel/kdesdk,
* devel/kdevelop:
- No specific changes.
* devel/qt-designer:
- Make this port depend almost entirely on qt23 to make it more
maintainable, so I don't have to keep hacking the patches to
get them to apply.
* editors/koffice,
* games/kdegames,
* graphics/kdegraphics:
- No specific changes.
* misc/kdeaddons:
- SDL is required now. Cull SDL PLIST_SUB and such.
- Fix breakage from hardcoding "sdl-config".
* misc/kdeutils2:
- Fix problem with klaptopdaemon[4] where it didn't properly
display the battery time. This patch is untested, but applied.
* net/kdenetwork2:
- Fix DCC for KSIRC[5].
- Remove ktalkd from the build. It requires some weird thing
in the configure script that I don't have time to look at.
* sysutils/kdeadmin:
- No specific changes.
* textproc/kdoc:
- Remove bogus requirement that kdoc requires Perl 5.6.0; it sure
seems to operate fine with >= 5.005. But I'll let time tell.
* www/quanta:
- No specific changes (--disable-debug support only).
* x11/kde2:
- No specific changes.
* x11/kdebase2:
- Fix ksysguard compile by merging the files from the HEAD branch
of KDE CVS that were missing at release time for FreeBSD[6]. :\
* x11/kdelibs2:
- Recognize CUPS' spinoff[7].
- Add libxslt dependency since it was removed from kdelibs.
- Fix libxml compile problems[8] (accomplished by upgrading).
- Remove libkformula from port Makefile; this library has been
spun off into koffice.
- Fix mode problems with DCOP[9]. This allows you to save files
properly. It also seems to be a FreeBSD specific problem.
- Fix bashisms in kdeprint/imagetops script[10].
* x11-clocks/kdetoys2:
- No specific changes.
* x11-toolkits/qt23:
- Do NOT upgrade to QT 2.3.2[11].
- Allow devel/qt-designer to depend on this port entirely for the
patches by adding a perlre to accomplish this.
* x11-wm/kdeartwork:
- No specific changes.
Thanks to the FreeBSD/KDE[1] team[12] who helped me test these out!
[1] http://freebsd.kde.org/;
http://www.databits.net/cgi-bin/cvsweb.cgi/scripts/portbuild/mkplistpkg
[2] Submitted by: Matthew Holmes <matt@speakeasy.net>
[3] PR: 31914
Submitted by: Alan Eldridge <alane@geeksrus.net>
[4] PR: 28475
Submitted by: Arun Sharma <arun@sharmas.dhs.org>
[5] Submitted by: Luc Morin <luc_m@videotron.ca>
[6] Found at: http://webcvs.kde.org/kdebase/ksysguard/ksysguardd/FreeBSD/
[7] PR: 32321
Reported by: gad
Submitted by: James A. Halstead <jah4007@cs.rit.edu>
[8] PR: 32055
Reported by: William Richard <wrichard@trivalley.com>, others
[9] PR: 31629
Submitted by: Alan Eldridge <alane@geeksrus.net>
[10] PR: 32358
Submitted by: Alexander N. Kabaev <ak03@gte.com>
[11] PR: 31809
Requested by: Nathan Ahlstrom <nrahlstr@winternet.com> (denied)
[12] http://freebsd.kde.org/contact.shtml;
http://lists.csociety.org/pipermail/kde-freebsd;
http://lists.csociety.org/listinfo/kde-freebsd
Bump PORTREVISION just in case this is needed.
From Mikhail Teterin:
> Well, for the same reason the xslt.cpp sometimes works -- in fact, it
> worked for everyone, until someone tried it on current.
>
> In essence, the code reads the whole file into a buffer. It then tries
> to turn that buffer into one of qt's string-objects (QCString). The
> class' constructor they chose assumes, it is passed a valid (aka
> \0-terminated) string and goes through the buffer looking for the first
> 0-byte. The file itself does not contain any, so it happily wonders
> behind the real end of the buffer until it either finds a stray 0-byte,
> or seg-faults, trying to read a wrong page.
>
> Apparently, more often than not, some stray 0-byte is there -- no
> surprise. But it will usually create a string that's longer than the
> file size -- unless the 0-byte happens to be right there at the end of
> the buffer. Apparently, the lamer, who wrote it, noticed something
> strange, so he/she explicitly truncates the created QCString object to
> the known size of the file after instantiation:
>
> contents.truncate(xmlFile.size())
>
> My patch modifies the code to use the correct QCString constructor --
> the one, that accepts the maximum size of the string. This does the
> right thing -- once it reaches the end of the buffer, it stops,
> allocates the private storage (I hate C++ for all this buffer copying),
> appends the 0-byte and creates the object of the expected size. No
> truncation is needed....
Thanks to Mikhail for his debugging on this problem; this patch further
removes the hazard of meinproc coredumps.
Submitted by: mi