Straight to stable (bug #218933).

Package-Manager: portage-2.1.5_rc6
RepoMan-Options: --force

4 files changed, 326 insertions, 2 deletions

diff --git a/kde-base/kdelibs/ChangeLog b/kde-base/kdelibs/ChangeLog
index 85dfe6acde35..85e32c2fc4c6 100644
--- a/kde-base/kdelibs/ChangeLog
+++ b/kde-base/kdelibs/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for kde-base/kdelibs
 # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/ChangeLog,v 1.522 2008/04/15 05:40:44 philantrop Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/ChangeLog,v 1.523 2008/04/28 12:32:23 jer Exp $
+
+*kdelibs-3.5.8-r4 (28 Apr 2008)
+
+  28 Apr 2008; Jeroen Roovers <jer@gentoo.org>
+  +files/kdelibs-3.5.8-kinit-CVE-2008-1671.patch, +kdelibs-3.5.8-r4.ebuild:
+  Straight to stable (bug #218933).
 
 *kdelibs-3.5.9-r2 (14 Apr 2008)
 
diff --git a/kde-base/kdelibs/Manifest b/kde-base/kdelibs/Manifest
index 336d34195580..bac1d3747d49 100644
--- a/kde-base/kdelibs/Manifest
+++ b/kde-base/kdelibs/Manifest
@@ -1,5 +1,6 @@
 AUX FindXine.cmake 2627 RMD160 e680a4c0998dd0354e429c9e755a00e0ab83c6c0 SHA1 e638a8cf1ab6889c5734cd54879dad808a549d92 SHA256 73c7030144d889d1065fc4bdaf9c640cb04ce40a9a15b8fafeeefbdf1c35e798
 AUX e-tempdir.patch 1413 RMD160 f0a369f929c18770d66a54b605dad8c99d03367c SHA1 779714956d94366a3b05514df19e21b4b3434f5c SHA256 1a7e888cd5173b68039717030119e3ab479675fed8f9df4b5e1d98869d89235a
+AUX kdelibs-3.5.8-kinit-CVE-2008-1671.patch 3964 RMD160 e5e7dc462c88ad45ac7051261aaec5b83c64d59e SHA1 35147db4d6791e4c98d7cec5e72509547813dd98 SHA256 6f7d54983c950300621918259511cb4de1efffcebe9c588607b529e27b462c5c
 AUX kdelibs-3.5.9-bug_203433_khtml.patch 874 RMD160 2d69661af5beb4ef0a1ff685ae38b7c543bb2229 SHA1 149386170b51e38d88c373f9407ca2c2240121b4 SHA256 23c48898e80b0497b6b8c1fe4af40c83b51d229e0f194560290bb42242f9c203
 AUX kdelibs-3.5.9-cursor.patch 427 RMD160 e0d7d41196cdbbb7cfd15c6b4ce94d88142e8ad8 SHA1 6f58f95e642522062ba6f2aaf564b0a8c363e3f0 SHA256 4daac960ff06601fc3d67948983266e27ce5204e37bd1c71f5389c1db8c2088c
 AUX kdelibs-4.0.2-X11-optional.patch 6103 RMD160 ff7c315d65204253cc3ed2fa90e45b5dbef709d8 SHA1 2093a73b17246d39b0518a8ccb1162caed263aee SHA256 398bde6b24e7fb3bf7325ef1f4409f02839baee52ac20bb041f623acd1900b5e
@@ -12,10 +13,11 @@ DIST kdelibs-3.5.9.tar.bz2 15568675 RMD160 9ac02bf2314de387b2aa9664703c72b0613fc
 DIST kdelibs-4.0.2.tar.bz2 9066281 RMD160 ed4cdfc9bead4241e43aefe5cffb9568cb44857e SHA1 ec213d6a7d41083acc322a0f781ffb030a29155a SHA256 ec183ba5e3e9827951f4dc1dacd393f998543db0a39486771cc4ebdd962089ac
 DIST kdelibs-4.0.3.tar.bz2 9069118 RMD160 cbc28bd0784dc575728296c0e87bbea5cc064cf6 SHA1 b8e055f7f8fc883e52c3f65e1923020db69e596f SHA256 2c2e99ee9c517c3e2df009b5de24b622bd755b8a0612a2121b6ca464e95def97
 EBUILD kdelibs-3.5.8-r3.ebuild 6010 RMD160 df84ce126867707d20b83ceeeb09c7fb4f93f343 SHA1 b1eba517036ed63b3b7fb79a3be75f9614948559 SHA256 a97299fa3ce88eaa230a01f3c7b5bf19dd2547a0d56dcd73218b923675f654dc
+EBUILD kdelibs-3.5.8-r4.ebuild 6084 RMD160 e886087056af7691551e7f754b3733114dbe22c7 SHA1 4b244364cf20f22cf12bc1d969988efb5052b9df SHA256 2424eb8804b7f331b539762a00811e7d6e4537e23989d9d2d31a0df4aa366aa4
 EBUILD kdelibs-3.5.9-r1.ebuild 6129 RMD160 5c3374dc64c90656d6cf8f30c7bcf8a95f5f3eeb SHA1 1d307fac7d9a6644d275cd0ccb8be566f01ddc1b SHA256 2f2d844853ed90df74a4c90ebf5f9cdc3e7c4aaf8f906437b09bfa84cf7f6e41
 EBUILD kdelibs-3.5.9-r2.ebuild 6205 RMD160 a751f94f3026c1233e3ed10a110d950e60620f12 SHA1 886b2e2ac989d6f5934f28d7a7accb4bef5e5a35 SHA256 0fab24586d56dc98b53a4cbe934f2ac565b3a55580c206db4c28b19c3076f594
 EBUILD kdelibs-3.5.9.ebuild 6042 RMD160 5402e42899c0e55787f8b7f5650143dcbc4410d7 SHA1 721388ab5fa4ee455bdadb189afa021bd336fc16 SHA256 f7acb5abb483ebeeaee7a8636073b85d4ea0b7e9badcd8f8073d5ac8dcd2167b
 EBUILD kdelibs-4.0.2.ebuild 6415 RMD160 4087b7d5424bd5539ee69d0617b468a89ede652a SHA1 d73664b265158430a1c5cc2a0411ec37d4239ea9 SHA256 39906b1d60e336f13d29e5fb345080aa9f4c100d5b42bbcd6264203eef8c9725
 EBUILD kdelibs-4.0.3.ebuild 6429 RMD160 c8325ef0f1c53022eb6216f466b0f62961f8bff6 SHA1 551085d464bfaa51159947de70a579be812334c4 SHA256 726fed82c034a8889e367179e93daf0cb4fee0c8d2a29393418b43816ffcc69b
-MISC ChangeLog 86188 RMD160 69fe0eb98368337eee3de94121c5143049058dc3 SHA1 06f4578c62743cd76e8f67fb38d7287f72fc3190 SHA256 1d495acda381cda9670d1bb69d2192931cc3e23fdb05eb8934c86f52188297c5
+MISC ChangeLog 86374 RMD160 41ab10cd36e064a783eb026ee2ed552b0e12badc SHA1 3cb52c46f85b4f8dafffa2e49f59a4c8de3123c3 SHA256 9293fd666ad5a9c58d802d5bbd71389097f4b70eff0a845ec2921e9de365fded
 MISC metadata.xml 156 RMD160 ecce3b981f150c45ae1e84e2d208e678d6124259 SHA1 b64f7c0b4e5db816d82ad19848f72118af129d35 SHA256 2f4da28506b9d4185f320f67a6191d30c7a921217ed4447ed46ea0bc4aefc79a
diff --git a/kde-base/kdelibs/files/kdelibs-3.5.8-kinit-CVE-2008-1671.patch b/kde-base/kdelibs/files/kdelibs-3.5.8-kinit-CVE-2008-1671.patch
new file mode 100644
index 000000000000..9ffcd81252f7
--- /dev/null
+++ b/kde-base/kdelibs/files/kdelibs-3.5.8-kinit-CVE-2008-1671.patch
@@ -0,0 +1,113 @@
+--- kinit/start_kdeinit.c
++++ kinit/start_kdeinit.c
+@@ -37,9 +37,10 @@
+  not have this protection, kdeinit will after forking send the new
+  PID using the pipe and wait for a signal. This parent will reset the protection
+  and SIGUSR1 the process to continue.
++ returns 1 if pid is valid
+ */
+ 
+-static void set_protection( pid_t pid, int enable )
++static int set_protection( pid_t pid, int enable )
+ {
+    char buf[ 1024 ];
+    int procfile;
+@@ -49,7 +50,7 @@ static void set_protection( pid_t pid, i
+           belongs to this user. */
+        struct stat st;
+        if( lstat( buf, &st ) < 0 || st.st_uid != getuid())
+-           return;
++           return 0;
+    }
+    procfile = open( buf, O_WRONLY );
+    if( procfile >= 0 ) {
+@@ -59,6 +60,7 @@ static void set_protection( pid_t pid, i
+          write( procfile, "0", sizeof( "0" ));
+       close( procfile );
+    }
++   return 1;
+ }
+ 
+ int main(int argc, char **argv)
+@@ -67,14 +69,14 @@ int main(int argc, char **argv)
+    int new_argc;
+    const char** new_argv;
+    char helper_num[ 1024 ];
+-   int i;
++   unsigned i;
+    char** orig_environ = NULL;
+    char header[ 7 ];
+    if( pipe( pipes ) < 0 ) {
+       perror( "pipe()" );
+       return 1;
+    }
+-   if( argc > 1000 )
++   if( argc < 0 || argc > 1000 )
+        abort(); /* paranoid */
+    set_protection( getpid(), 1 );
+    switch( fork()) {
+@@ -82,29 +84,30 @@ int main(int argc, char **argv)
+          perror( "fork()" );
+          return 1;
+       default: /* parent, drop privileges and exec */
+-#if defined (HAVE_SETEUID) && !defined (HAVE_SETEUID_FAKE) 
+-         seteuid(getuid());
+-#else
+-         setreuid(-1, getuid());
+-#endif
+-         if (geteuid() != getuid()) {
++         if (setgid(getgid())) {
++             perror("setgid()");
++             return 1;
++         }
++         if (setuid(getuid()) || geteuid() != getuid()) {
+             perror("setuid()");
+             return 1;
+          }
+          close( pipes[ 0 ] );
+          /* read original environment passed by start_kdeinit_wrapper */
+          if( read( 0, header, 7 ) == 7 && strncmp( header, "environ", 7 ) == 0 ) {
+-             int count;
+-             if( read( 0, &count, sizeof( int )) == sizeof( int )) {
++             unsigned count;
++             if( read( 0, &count, sizeof( unsigned )) == sizeof( unsigned )
++                 && count && count < (1<<16)) {
+                  char** env = malloc(( count + 1 ) * sizeof( char* ));
+                  int ok = 1;
+                  for( i = 0;
+                       i < count && ok;
+                       ++i ) {
+-                     int len;
+-                     if( read( 0, &len, sizeof( int )) == sizeof( int )) {
++                     unsigned len;
++                     if( read( 0, &len, sizeof( unsigned )) == sizeof( unsigned )
++                         && len && len < (1<<12)) {
+                          env[ i ] = malloc( len + 1 );
+-                         if( read( 0, env[ i ], len ) == len ) {
++                         if( (unsigned) read( 0, env[ i ], len ) == len ) {
+                              env[ i ][ len ] = '\0';
+                          } else {
+                              ok = 0;
+@@ -128,7 +131,7 @@ int main(int argc, char **argv)
+          sprintf( helper_num, "%d", pipes[ 1 ] );
+          new_argv[ 2 ] = helper_num;
+          for( i = 1;
+-              i <= argc;
++              i <= (unsigned) argc;
+               ++i )
+              new_argv[ i + 2 ] = argv[ i ];
+          if( orig_environ )
+@@ -145,10 +148,10 @@ int main(int argc, char **argv)
+             if( ret < 0 && errno == EINTR )
+                continue;
+             if( ret <= 0 ) /* pipe closed or error, exit */
+-               return 0;
++               _exit(0);
+             if( pid != 0 ) {
+-                set_protection( pid, 0 );
+-                kill( pid, SIGUSR1 );
++                if (set_protection( pid, 0 ))
++                    kill( pid, SIGUSR1 );
+             }
+          }
+    }
diff --git a/kde-base/kdelibs/kdelibs-3.5.8-r4.ebuild b/kde-base/kdelibs/kdelibs-3.5.8-r4.ebuild
new file mode 100644
index 000000000000..ffd2adae3fcc
--- /dev/null
+++ b/kde-base/kdelibs/kdelibs-3.5.8-r4.ebuild
@@ -0,0 +1,203 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/kdelibs-3.5.8-r4.ebuild,v 1.1 2008/04/28 12:32:23 jer Exp $
+
+inherit kde flag-o-matic eutils multilib
+set-kdedir 3.5
+
+DESCRIPTION="KDE libraries needed by all KDE programs."
+HOMEPAGE="http://www.kde.org/"
+SRC_URI="mirror://kde/stable/${PV}/src/${P}.tar.bz2
+	mirror://gentoo/kdelibs-3.5-patchset-14.tar.bz2
+	mirror://gentoo/${P}-seli-xinerama.patch.bz2"
+
+LICENSE="GPL-2 LGPL-2"
+SLOT="3.5"
+KEYWORDS="alpha amd64 hppa ia64 ~mips ppc ppc64 sparc x86 ~x86-fbsd"
+IUSE="acl alsa arts bindist branding cups doc jpeg2k kerberos legacyssl utempter openexr spell tiff
+	avahi kernel_linux fam lua kdehiddenvisibility"
+
+# Added aspell-en as dependency to work around bug 131512.
+# Made openssl and zeroconf mandatory dependencies, see bug #172972 and #175984
+RDEPEND="$(qt_min_version 3.3.3)
+	arts? ( >=kde-base/arts-3.5.5 )
+	app-arch/bzip2
+	>=media-libs/freetype-2
+	media-libs/fontconfig
+	>=dev-libs/libxslt-1.1.16
+	>=dev-libs/libxml2-2.6.6
+	>=dev-libs/libpcre-6.6
+	media-libs/libart_lgpl
+	net-dns/libidn
+	>=dev-libs/openssl-0.9.7d
+	acl? ( kernel_linux? ( sys-apps/acl ) )
+	alsa? ( media-libs/alsa-lib )
+	cups? ( >=net-print/cups-1.1.19 )
+	tiff? ( media-libs/tiff )
+	kerberos? ( virtual/krb5 )
+	jpeg2k? ( media-libs/jasper )
+	openexr? ( >=media-libs/openexr-1.2.2-r2 )
+	!avahi? ( !bindist? ( net-misc/mDNSResponder !kde-misc/kdnssd-avahi ) )
+	fam? ( virtual/fam )
+	virtual/ghostscript
+	utempter? ( sys-libs/libutempter )
+	!kde-base/kde-env
+	lua? ( dev-lang/lua )
+	spell? ( >=app-text/aspell-0.60.5 >=app-dicts/aspell-en-6.0.0 )
+	>=sys-apps/portage-2.1.2.11
+	!kde-base/ksync"
+
+DEPEND="${RDEPEND}
+	doc? ( app-doc/doxygen )
+	sys-devel/gettext"
+
+RDEPEND="${RDEPEND}
+	x11-apps/rgb
+	x11-apps/iceauth"
+
+PDEPEND="avahi? ( kde-misc/kdnssd-avahi )
+		bindist? ( kde-misc/kdnssd-avahi )"
+
+# Testing code is rather broken and merely for developer purposes, so disable it.
+RESTRICT="test"
+
+pkg_setup() {
+	if use legacyssl ; then
+		echo ""
+		elog "You have the legacyssl use flag enabled, which fixes issues with some broken"
+		elog "sites, but breaks others instead. It is strongly discouraged to use it."
+		elog "For more information, see bug #128922."
+		echo ""
+	fi
+
+	if ! use utempter ; then
+		echo ""
+		elog "On some setups, which rely on the correct update of utmp records, not using"
+		elog "utempter might not update them correctly. If you experience unexpected"
+		elog "behaviour, try to rebuild kde-base/kdelibs with utempter use-flag enabled."
+		echo ""
+	fi
+
+	if use alsa && ! built_with_use --missing true media-libs/alsa-lib midi; then
+		eerror "The alsa USE flag in this package enables ALSA support"
+		eerror "for libkmid, KDE midi library."
+		eerror "For this reason, you have to merge media-libs/alsa-lib"
+		eerror "with the midi USE flag enabled, or disable alsa USE flag"
+		eerror "for this package."
+		die "Missing midi USE flag on media-libs/alsa-lib"
+	fi
+}
+
+src_unpack() {
+	kde_src_unpack
+
+	if use legacyssl ; then
+		# This patch won't be included upstream, see bug #128922.
+		epatch "${WORKDIR}/patches/kdelibs_3.5.4-kssl-3des.patch"
+	fi
+
+	if use utempter ; then
+		# Bug #135818 is the eternal reference.
+		epatch "${WORKDIR}/patches/kdelibs-3.5_libutempter.patch"
+	fi
+
+	if use branding ; then
+		# Add "(Gentoo)" to khtml user agent.
+		epatch "${WORKDIR}/patches/kdelibs_3.5-cattlebrand.diff"
+	fi
+
+	# Xinerama patch from Lubos Lunak.
+	# http://ktown.kde.org/~seli/xinerama/
+	epatch "${WORKDIR}/${P}-seli-xinerama.patch"
+
+	# Security bug 218933
+	epatch "${FILESDIR}/${P}-kinit-CVE-2008-1671.patch"
+}
+
+src_compile() {
+	rm -f "${S}/configure"
+
+	myconf="--with-distribution=Gentoo --disable-fast-malloc
+			--with-libart --with-libidn --with-ssl
+			--without-hspell
+			$(use_enable fam libfam) $(use_enable kernel_linux dnotify)
+			$(use_with acl) $(use_with alsa)
+			$(use_with arts) $(use_enable cups)
+			$(use_with kerberos gssapi) $(use_with tiff)
+			$(use_with jpeg2k jasper) $(use_with openexr)
+			$(use_with utempter) $(use_with lua)
+			$(use_enable kernel_linux sendfile) --enable-mitshm
+			$(use_with spell aspell)"
+
+	if use avahi || use bindist ; then
+		myconf="${myconf} --disable-dnssd"
+	else
+		myconf="${myconf} --enable-dnssd"
+	fi
+
+	if has_version x11-apps/rgb; then
+		myconf="${myconf} --with-rgbfile=/usr/share/X11/rgb.txt"
+	fi
+
+	# fix bug 58179, bug 85593
+	# kdelibs-3.4.0 needed -fno-gcse; 3.4.1 needs -mminimal-toc; this needs a
+	# closer look... - corsair
+	use ppc64 && append-flags "-mminimal-toc"
+
+	# work around bug #120858, gcc 3.4.x -Os miscompilation
+	use x86 && replace-flags "-Os" "-O2" # see bug #120858
+
+	replace-flags "-O3" "-O2" # see bug #148180
+
+	kde_src_compile
+
+	if use doc; then
+		make apidox || die
+	fi
+}
+
+src_install() {
+	kde_src_install
+
+	if use doc; then
+		make DESTDIR="${D}" install-apidox || die
+	fi
+
+	# Needed to create lib -> lib64 symlink for amd64 2005.0 profile
+	if [ "${SYMLINK_LIB}" = "yes" ]; then
+		dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) ${KDEDIR}/lib
+	fi
+
+	# Get rid of the disabled version of the kdnsd libraries
+	if use avahi || use bindist ; then
+		rm -rf "${D}/${PREFIX}"/$(get_libdir)/libkdnssd.*
+	fi
+
+	dodir /etc/env.d
+
+	# List all the multilib libdirs
+	local libdirs
+	for libdir in $(get_all_libdirs); do
+		libdirs="${libdirs}:${PREFIX}/${libdir}"
+	done
+
+	# Please note that the KDE install path has to be the last value in KDEDIRS.
+	cat <<EOF > "${D}"/etc/env.d/45kdepaths-${SLOT} # number goes down with version upgrade
+PATH=${PREFIX}/bin
+ROOTPATH=${PREFIX}/sbin:${PREFIX}/bin
+LDPATH=${libdirs:1}
+MANPATH=${PREFIX}/share/man
+CONFIG_PROTECT="${PREFIX}/share/config ${PREFIX}/env ${PREFIX}/shutdown /usr/share/config"
+KDEDIRS="/usr:/usr/local:${PREFIX}"
+#KDE_IS_PRELINKED=1
+XDG_DATA_DIRS="/usr/share:${PREFIX}/share:/usr/local/share"
+COLON_SEPARATED="XDG_DATA_DIRS"
+EOF
+
+	# Make sure the target for the revdep-rebuild stuff exists. Fixes bug 184441.
+	dodir /etc/revdep-rebuild
+
+cat <<EOF > "${D}"/etc/revdep-rebuild/50-kde3
+SEARCH_DIRS="${PREFIX}/bin ${PREFIX}/lib*"
+EOF
+}