Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/kde-base
diff options
context:
space:
mode:
authorMichael Palimaka <kensington@gentoo.org>2013-06-04 16:48:52 +0000
committerMichael Palimaka <kensington@gentoo.org>2013-06-04 16:48:52 +0000
commit5090afc24c814d92b26ffdd555d45551936b17cf (patch)
treee61776f80e328cc97e2e365a7b8b80931532fa74 /kde-base
parentStable for amd64 wrt bug #470396 (diff)
downloadhistorical-5090afc24c814d92b26ffdd555d45551936b17cf.tar.gz
historical-5090afc24c814d92b26ffdd555d45551936b17cf.tar.bz2
historical-5090afc24c814d92b26ffdd555d45551936b17cf.zip
Backport patch from upstream to fix CVE-2013-2120 wrt bug #471904.
Package-Manager: portage-2.1.12.2/cvs/Linux x86_64 Manifest-Sign-Key: 0x675D0D2C
Diffstat (limited to 'kde-base')
-rw-r--r--kde-base/kdeplasma-addons/ChangeLog9
-rw-r--r--kde-base/kdeplasma-addons/Manifest26
-rw-r--r--kde-base/kdeplasma-addons/files/kdeplasma-addons-4.10.3-cve-2013-2120.patch81
-rw-r--r--kde-base/kdeplasma-addons/kdeplasma-addons-4.10.3-r1.ebuild66
4 files changed, 166 insertions, 16 deletions
diff --git a/kde-base/kdeplasma-addons/ChangeLog b/kde-base/kdeplasma-addons/ChangeLog
index 2a989e16e0f7..d027dc1af4ed 100644
--- a/kde-base/kdeplasma-addons/ChangeLog
+++ b/kde-base/kdeplasma-addons/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for kde-base/kdeplasma-addons
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kdeplasma-addons/ChangeLog,v 1.185 2013/06/04 13:05:54 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdeplasma-addons/ChangeLog,v 1.186 2013/06/04 16:48:31 kensington Exp $
+
+*kdeplasma-addons-4.10.3-r1 (04 Jun 2013)
+
+ 04 Jun 2013; Michael Palimaka <kensington@gentoo.org>
+ +files/kdeplasma-addons-4.10.3-cve-2013-2120.patch,
+ +kdeplasma-addons-4.10.3-r1.ebuild:
+ Backport patch from upstream to fix CVE-2013-2120 wrt bug #471904.
04 Jun 2013; Agostino Sarubbo <ago@gentoo.org> kdeplasma-addons-4.10.3.ebuild:
Stable for amd64, wrt to bug #471392
diff --git a/kde-base/kdeplasma-addons/Manifest b/kde-base/kdeplasma-addons/Manifest
index e5f52c971933..a0c3b4a6080f 100644
--- a/kde-base/kdeplasma-addons/Manifest
+++ b/kde-base/kdeplasma-addons/Manifest
@@ -1,26 +1,22 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
+AUX kdeplasma-addons-4.10.3-cve-2013-2120.patch 2356 SHA256 2cceedef39e0902ccbaece46cf0a6b1fb550f6c91f8928a1260c4373e4d11cea SHA512 5b1a7f36db6acd02c7dcbf52ff918b80809000fb4e4f9f68deafd3676be27c00161eb670d327b514ff98c8fd9ab54dd88d432fb39a583fe2ff21d419f70d0ea0 WHIRLPOOL eca31d2346a40255f9e57cd012db9dbf33cca87ee454d75b7e2503af55adca89f67da072d911a649d841fdefbb9f5972889dedc94c1abb8f6532e9f6c69ae602
DIST kdeplasma-addons-4.10.2.tar.xz 1785252 SHA256 3a8889d7d591da865427409c14e74de1f95371d0f8ab2aade37a709c43563ed8 SHA512 a7574f55e2ba349494f0d36b88e0e8c41d58eaa7b24110fa519c1e11a2c245549f54423fab134df767f6e1a7c2170170c5d99602ceaa76915eb8b1ddb15730d4 WHIRLPOOL 4e3a89dcbd8ee3dc68e3460d884e391f0f0c4285be4f9532e08bd1c7c3ba9ea523d10f24bdc1a75d03ed859153d6289842cdffe4ff80ca373c1a51057c5d1819
DIST kdeplasma-addons-4.10.3.tar.xz 1784208 SHA256 0a8bc8f35cbc13f866124f960a241dd788b0e2a65c69483ee0dc5e851aec39e8 SHA512 fadc48a4dc7f1394cb7a52bb820048cf8c6eeed08811d390413e92ff772a364f63b331ceb58e89461065800dc64c57b890af4c066c697c924b987f8482d2b978 WHIRLPOOL b2cd4a34e534e24e5c12679716ac8814dcffd674bf1d10e5a3fafae549bbff22f23a3840196460375d7047c9c783e1d6d52f8a3269c6a3aeaa61ea61387d74eb
EBUILD kdeplasma-addons-4.10.2.ebuild 1903 SHA256 585b6d3ac591ac259375f6ded413979ba528890b8300dd958ebb3d9ed011cf33 SHA512 c61bcc37cc604b4150255351e6ffe9ecd2ed71176b67ed008d2977c1a6d3a47f39062c73aa20d4c0c31d14b4156106e65451e7618f80e5bd2822ad37480ee8dc WHIRLPOOL c78929ec3af2d6adc8dbe081f696e6a29eb1a2bb23fdca32fb03a1dbfc6543bc1f2bfa025618bd833d5b5664b2107340ada64b86b2f8a01d6209b05d87050d67
+EBUILD kdeplasma-addons-4.10.3-r1.ebuild 1962 SHA256 ea7d5c9252e62f09f7398c70a0bf1fd95caf9e2e946e4b4c09325e81660cacb3 SHA512 34bdde94f4265e730ba498d19b4a3a19918c465b171ea98912237ab99e75419fe6d4056172e1204889c4cb119283d4ba65448fb959c28a038791e01a580566ff WHIRLPOOL c3d37374969336b413392aa12e541237864f3f3ff9ac4fa196ed1a3decc25e3b08b05b9b16362c9ffc8637956a74a4df321f98c9e7c7d4a3d513770dca0fe5ec
EBUILD kdeplasma-addons-4.10.3.ebuild 1899 SHA256 9006e185d567c2dafd8bba292377e13b11c9ca00ad7465094c845c55637ed9ff SHA512 a17d8078d0c8f5d226905e33b812240d185cdb0983c7df5c93f1fae0bc64c38b477f2853e1d0240ccc77fd7887b3332bc996716e15a278f9faa489565f4d2aa0 WHIRLPOOL b097bff3b75eb5b2e375f2a8aba77be19a3248d2ca65ddf63075bbcf9bb3cdd5f8fee07df139edca0f7b591ea4dfc95b5c5ac0c7f8908f93ae76c130cea4bf8f
-MISC ChangeLog 26084 SHA256 88b42882a79a8b8bfb506e307dffcb61e4c258ffc22511212f1d37dc82aeee4d SHA512 4da6de60d1a335dc2f74a9c6d84bd750023e71200b1288d53ce685aa407b4f4bf4e8dd33bfd8e7835b95810772337aa905efca06abc2881629ac8145bdf47cf2 WHIRLPOOL 9dea0e21340cea4f2dc21d397903db770629ea731a3cb4ce1d1121a06d6dc4daec4da10f37483663fed1755fc3d509595dd0f3be8d47991fd11fd9c9cb2d3c88
+MISC ChangeLog 26352 SHA256 c45a8a947dc5b7511b93d76d54cb7918b0c6d0d34c10e7a137972f157e1f06a1 SHA512 87c0978c8def27eea7bc8d6edb3b875cfd207dfe0395c918a25b4279286cbdac307f0fcf47568b6fc8d365dc1061172a571917bf09bc000212f33926db818b00 WHIRLPOOL 018fc8cadcc33f43ad1e0d125b58c6d4e3a19611ab23e2284a52b5f009503e61d683d131b3f8e5b7613a5067be2ef53e0f9236fdfe954780ff116c57d46e6e29
MISC metadata.xml 902 SHA256 8ad805248edd55aa85c63be7f913d767f2472dde758f5dc0afcd660c50324678 SHA512 1ed8fc2a73986e2673c146267e2c7dc7048e8865a2d4bec44f7882ff4ea38e1bfa47197e98ac212f00cd637aeca1546bdbfb117cb232bdc7e640c0c4ef733ba3 WHIRLPOOL f2b980d92f1ee250ab59472db049033280fcde1ab0c069119cf5679c9c5db898bfd9d38031e36ce295d296b1b74ec541bd2d83a88b73bf4aed7e6c056710bdb7
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.19 (GNU/Linux)
+Version: GnuPG v2.0.20 (GNU/Linux)
-iQIcBAEBCAAGBQJRrebKAAoJELp701BxlEWfOQIQAJ8nHs6SnN3Ud8nhAlEz1N61
-v4N1gKTDiC3aSVkL/ESQRYjvQdov5XR5mV+/WXwPqwow+DzdZFlwdnfNGpbjzGK6
-zv/RQ2idLzoEWuTSqzDTtQ+Hnz6ZAtSJYsk23+zSLV2RLcY3tMN0vKsPubE9citc
-eTjTt/VSD2TRTqFC0ymL57Yb1PZjAXLQKQr6ma6X/XK4LM6DeMCrzn82LRFF86sI
-j829j+nHD0zsqpSGp/09zdp//QJYmOvnmYGpfgc1Xn0dXfatXWeyUnUnp3cJx8Lh
-J+tVvSQ7BW/p+rf8KkTJ0dEYr3/pn0foUh3o5uCU+sUSsXmQsUMfretoTBAJ/IiB
-VMJlLfDlGsvtZbLZS5QjcIQNNQUghrPS3G/ey4GREi5GRI5GaZ6H08mo19edYWeg
-1R3IQaOgaxhkYo6vtf6aCShJsN6Hcvy7plpSso+XCXBODLgPrLf6VyLcpzQql8al
-Vq1MKGBojonVuZ6Eiz4XITE/Z09teMmWLPT1OjKPuR3+ZS7WhCkqVrNibS9E94c5
-2y86PLTzBtNbJ/1oRP/NMq84XcAIpDtcxYJ5aP7d3pHMKE6b8r6Xnv9B3MH7q/qV
-Xf+hAuQSTJNICa/BmJq2QlUZiDTmlsSnhkOI47g0bzXHoVxE1Op0zFzekH4PAO50
-b6+bHpBnuMuNHLM7UUsd
-=PrV9
+iQEcBAEBCAAGBQJRrhoPAAoJEMbwO6tnXQ0sXLMH/AhHQ7+Y8zfwNjf802gJj1ch
+F0FrKtoIdUBzDA79DCp2uc6EAXt1OtKX3ti6WLbbj1NI5uc/GwQAnq2LyOKf2o0b
+PBhuKpJ/WlZokvPy6CGjkZKna9MlO9XhwpFmQ+1KGU1mvqgfNlG+kSGHeT9Kg9/8
+wJrYotUz/kF6M+sdIIvCwtuQ74PkMRLg5gFvtkR+Kz4wJyiPPBiMnDLQzIuZmvZr
+u6yN2yDumDiW/yGvVGrZuW9CfE9sKhMPVQGLLiaReTDqw0ohMnbx6eS5DoZeq9Xc
+FoSz4IBlGvu3niYbU1XwT6Pq4Du1s/wyaAY1v8DcMwaI3lg2lX1ykOAclB+3qsA=
+=/McT
-----END PGP SIGNATURE-----
diff --git a/kde-base/kdeplasma-addons/files/kdeplasma-addons-4.10.3-cve-2013-2120.patch b/kde-base/kdeplasma-addons/files/kdeplasma-addons-4.10.3-cve-2013-2120.patch
new file mode 100644
index 000000000000..88d78794a5ea
--- /dev/null
+++ b/kde-base/kdeplasma-addons/files/kdeplasma-addons-4.10.3-cve-2013-2120.patch
@@ -0,0 +1,81 @@
+From d84015218bf78b707650cf5426ae1a469d37c29d Mon Sep 17 00:00:00 2001
+From: Aaron Seigo <aseigo@kde.org>
+Date: Mon, 3 Jun 2013 19:16:32 +0200
+Subject: [PATCH] use KRandom, avoid modulo bias
+
+---
+ applets/paste/pastemacroexpander.cpp | 29 ++++++++++++++++++++++-------
+ 1 file changed, 22 insertions(+), 7 deletions(-)
+
+diff --git a/applets/paste/pastemacroexpander.cpp b/applets/paste/pastemacroexpander.cpp
+index ea6163f..d0a8b49 100644
+--- a/applets/paste/pastemacroexpander.cpp
++++ b/applets/paste/pastemacroexpander.cpp
+@@ -27,6 +27,7 @@
+ #include <KDebug>
+ #include <KLocale>
+ #include <KMessageBox>
++#include <KRandom>
+
+ class PasteMacroExpanderSingleton
+ {
+@@ -142,35 +143,49 @@ QString PasteMacroExpander::password(const QString& args)
+ << "01234567890"
+ << "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~";
+
+- int charCount;
++ int charCount = 8;
+ QString chars;
+ QString result;
+
+ if (a.count() > 0) {
+- charCount = qMax(a[0].trimmed().toInt(), 1);
+- } else {
+- charCount = 8;
++ charCount = qMax(a[0].trimmed().toInt(), 8);
+ }
++
+ if (a.count() < 2) {
+ chars = characterSets.join("");
+ }
++
+ if (a.count() > 1) {
+ chars += (a[1].trimmed() == "true") ? characterSets[0] : "";
+ }
++
+ if (a.count() > 2) {
+ chars += (a[2].trimmed() == "true") ? characterSets[1] : "";
+ }
++
+ if (a.count() > 3) {
+ chars += (a[3].trimmed() == "true") ? characterSets[2] : "";
+ }
++
+ if (a.count() > 4) {
+ chars += (a[4].trimmed() == "true") ? characterSets[3] : "";
+ }
+
+- QDateTime now = QDateTime::currentDateTime();
+- qsrand(now.toTime_t() / now.time().msec());
++ const int setSize = chars.count();
++ const int top = (RAND_MAX / setSize) * setSize;
++ kDebug() << "topping out at " << setSize << RAND_MAX << top;
+ for (int i = 0; i < charCount; ++i) {
+- result += chars[qrand() % chars.count()];
++ // to prevent modulo bias, discard random numbers at the
++ // 'top end' of INT_MAX
++ int rand = -1;
++ do {
++ if (rand > 0) {
++ kDebug() << "Ha!" << rand;
++ }
++ rand = KRandom::random();
++ } while (rand >= top);
++
++ result += chars[rand % setSize];
+ }
+ //kDebug() << result;
+ return result;
+--
+1.8.2.1
+
diff --git a/kde-base/kdeplasma-addons/kdeplasma-addons-4.10.3-r1.ebuild b/kde-base/kdeplasma-addons/kdeplasma-addons-4.10.3-r1.ebuild
new file mode 100644
index 000000000000..fc7b97f1c54d
--- /dev/null
+++ b/kde-base/kdeplasma-addons/kdeplasma-addons-4.10.3-r1.ebuild
@@ -0,0 +1,66 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdeplasma-addons/kdeplasma-addons-4.10.3-r1.ebuild,v 1.1 2013/06/04 16:48:31 kensington Exp $
+
+EAPI=5
+
+inherit kde4-base
+
+DESCRIPTION="Extra Plasma applets and engines"
+LICENSE="GPL-2 LGPL-2"
+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+IUSE="attica debug desktopglobe exif fcitx ibus json oauth qalculate qwt scim
+semantic-desktop"
+
+RESTRICT=test
+# tests hang
+
+# krunner is only needed to generate dbus interface for lancelot
+COMMON_DEPEND="
+ app-crypt/qca:2
+ app-crypt/qca-ossl:2
+ $(add_kdebase_dep kdelibs 'semantic-desktop(+)?')
+ $(add_kdebase_dep krunner)
+ $(add_kdebase_dep plasma-workspace 'semantic-desktop(+)?')
+ x11-misc/shared-mime-info
+ attica? ( dev-libs/libattica )
+ desktopglobe? ( $(add_kdebase_dep marble) )
+ exif? ( $(add_kdebase_dep libkexiv2) )
+ fcitx? ( app-i18n/fcitx[dbus(+)] )
+ ibus? ( app-i18n/ibus )
+ json? ( dev-libs/qjson )
+ oauth? ( dev-libs/qoauth )
+ qalculate? ( sci-libs/libqalculate )
+ qwt? ( x11-libs/qwt:5 )
+ scim? ( app-i18n/scim )
+ semantic-desktop? (
+ $(add_kdebase_dep kdepimlibs 'semantic-desktop(+)')
+ $(add_kdebase_dep plasma-workspace 'rss')
+ )
+"
+DEPEND="${COMMON_DEPEND}
+ dev-cpp/eigen:2
+"
+RDEPEND="${COMMON_DEPEND}
+"
+
+PATCHES=( "${FILESDIR}/${P}-cve-2013-2120.patch" )
+
+src_configure() {
+ mycmakeargs=(
+ -DDBUS_INTERFACES_INSTALL_DIR="${EPREFIX}/usr/share/dbus-1/interfaces/"
+ $(cmake-utils_use_with attica LibAttica)
+ $(cmake-utils_use_with desktopglobe Marble)
+ $(cmake-utils_use_with exif Kexiv2)
+ $(cmake-utils_use_with ibus)
+ $(cmake-utils_use_with json QJSON)
+ $(cmake-utils_use_with oauth QtOAuth)
+ $(cmake-utils_use_with qalculate)
+ $(cmake-utils_use_with qwt)
+ $(cmake-utils_use_with semantic-desktop KdepimLibs)
+ $(cmake-utils_use_with semantic-desktop Nepomuk)
+ $(cmake-utils_use_with scim)
+ )
+
+ kde4-base_src_configure
+}