diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2019-08-08 05:25:56 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2019-08-08 17:59:45 +0200 |
| commit | 850107940f28c76e783f86fa9f6a9643e4b49ad1 (patch) | |
| tree | db4ab552f75e57c501d08b6ec52b7b074260ad48 /source/kde/patch/kdelibs.patch | |
| parent | 527faada86a6c302b1f9e72da1cb87b70d83141c (diff) | |
| download | current-850107940f28c76e783f86fa9f6a9643e4b49ad1.tar.gz current-850107940f28c76e783f86fa9f6a9643e4b49ad1.tar.xz | |
Thu Aug 8 05:25:56 UTC 201920190808052556
kde/kdelibs-4.14.38-x86_64-4.txz: Rebuilt.
kconfig: malicious .desktop files (and others) would execute code.
For more information, see:
https://mail.kde.org/pipermail/kde-announce/2019-August/000047.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14744
(* Security fix *)
Diffstat (limited to 'source/kde/patch/kdelibs.patch')
| -rw-r--r-- | source/kde/patch/kdelibs.patch | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/source/kde/patch/kdelibs.patch b/source/kde/patch/kdelibs.patch index 7dea979f3..00b4ebc80 100644 --- a/source/kde/patch/kdelibs.patch +++ b/source/kde/patch/kdelibs.patch @@ -15,3 +15,6 @@ zcat $CWD/patch/kdelibs/return-application-icons-properly.patch.gz | patch -R -p # Support OpenSSL-1.1.x: zcat $CWD/patch/kdelibs/kdelibs-openssl-1.1.patch.gz | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +# Security: remove support for $(...) in config keys with [$e] marker. (CVE-2019-14744) +zcat $CWD/patch/kdelibs/kdelibs.2c3762feddf7e66cf6b64d9058f625a715694a00.patch.gz | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } + |