summaryrefslogtreecommitdiffstats
path: root/patches/source/kdelibs/patch
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/kdelibs/patch')
-rw-r--r--patches/source/kdelibs/patch/kdelibs.patch17
-rw-r--r--patches/source/kdelibs/patch/kdelibs/coding-style-fixes.patch62
-rw-r--r--patches/source/kdelibs/patch/kdelibs/kdelibs.CVE-2017-8422.diff201
-rw-r--r--patches/source/kdelibs/patch/kdelibs/kdelibs.docbook.patch11
-rw-r--r--patches/source/kdelibs/patch/kdelibs/kdelibs.upnp_conditional.patch15
-rw-r--r--patches/source/kdelibs/patch/kdelibs/return-application-icons-properly.patch56
-rw-r--r--patches/source/kdelibs/patch/kdelibs/return-not-break.-copy-paste-error.patch31
7 files changed, 393 insertions, 0 deletions
diff --git a/patches/source/kdelibs/patch/kdelibs.patch b/patches/source/kdelibs/patch/kdelibs.patch
new file mode 100644
index 00000000..2e31daee
--- /dev/null
+++ b/patches/source/kdelibs/patch/kdelibs.patch
@@ -0,0 +1,17 @@
+# Slackware ships a different version of XML DTDs:
+zcat $CWD/patch/kdelibs/kdelibs.docbook.patch.gz | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+
+# Make uPnP support depend on the environment variable SOLID_UPNP,
+# e.g. by creating an /etc/profile.d/upnp.sh file with the following contents:
+# export SOLID_UPNP=1
+zcat $CWD/patch/kdelibs/kdelibs.upnp_conditional.patch.gz | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+
+# Revert 3 patches which (although they probably follow the FDo spec better),
+# cause incorrect icon overrides:
+zcat $CWD/patch/kdelibs/return-not-break.-copy-paste-error.patch.gz | patch -R -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+zcat $CWD/patch/kdelibs/coding-style-fixes.patch.gz | patch -R -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+zcat $CWD/patch/kdelibs/return-application-icons-properly.patch.gz | patch -R -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+
+# Fix KAuth local root security issue:
+zcat $CWD/patch/kdelibs/kdelibs.CVE-2017-8422.diff.gz | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+
diff --git a/patches/source/kdelibs/patch/kdelibs/coding-style-fixes.patch b/patches/source/kdelibs/patch/kdelibs/coding-style-fixes.patch
new file mode 100644
index 00000000..11108f0a
--- /dev/null
+++ b/patches/source/kdelibs/patch/kdelibs/coding-style-fixes.patch
@@ -0,0 +1,62 @@
+From 2173580f070e806d4715e13048c697c49ec262e2 Mon Sep 17 00:00:00 2001
+From: Aaron Seigo <aseigo@kde.org>
+Date: Thu, 21 Feb 2013 17:59:58 +0100
+Subject: [PATCH 047/111] coding style fixes
+
+---
+ kdeui/icons/kiconloader.cpp | 27 ++++++++++++---------------
+ 1 file changed, 12 insertions(+), 15 deletions(-)
+
+diff --git a/kdeui/icons/kiconloader.cpp b/kdeui/icons/kiconloader.cpp
+index 6fed667..dba474d 100644
+--- a/kdeui/icons/kiconloader.cpp
++++ b/kdeui/icons/kiconloader.cpp
+@@ -938,32 +938,29 @@ K3Icon KIconLoaderPrivate::findMatchingIcon(const QString& name, int size) const
+ }
+ }
+
+- foreach (KIconThemeNode *themeNode, links)
+- {
++ foreach (KIconThemeNode *themeNode, links) {
+ QString currentName = name;
+
+- while (!currentName.isEmpty())
+- {
+-
++ while (!currentName.isEmpty()) {
+ //kDebug(264) << "Looking up" << currentName;
+
+-// The following code has been commented out because the Qt SVG renderer needs
+-// to be improved. If you are going to change/remove some code from this part,
+-// please contact me before (ereslibre@kde.org), or kde-core-devel@kde.org. (ereslibre)
+- for (int i = 0 ; i < 4 ; i++)
+- {
++ for (int i = 0 ; i < 4 ; i++) {
+ icon = themeNode->theme->iconPath(currentName + ext[i], size, KIconLoader::MatchExact);
+- if (icon.isValid())
+- return icon;
++ if (icon.isValid()) {
++ break;
++ }
+
+ icon = themeNode->theme->iconPath(currentName + ext[i], size, KIconLoader::MatchBest);
+- if (icon.isValid())
+- return icon;
++ if (icon.isValid()) {
++ break;
++ }
+ }
++ //kDebug(264) << "Looking up" << currentName;
+
+- if (genericFallback)
++ if (genericFallback) {
+ // we already tested the base name
+ break;
++ }
+
+ int rindex = currentName.lastIndexOf('-');
+ if (rindex > 1) { // > 1 so that we don't split x-content or x-epoc
+--
+1.8.1.4
+
+
diff --git a/patches/source/kdelibs/patch/kdelibs/kdelibs.CVE-2017-8422.diff b/patches/source/kdelibs/patch/kdelibs/kdelibs.CVE-2017-8422.diff
new file mode 100644
index 00000000..221dc8f9
--- /dev/null
+++ b/patches/source/kdelibs/patch/kdelibs/kdelibs.CVE-2017-8422.diff
@@ -0,0 +1,201 @@
+From 264e97625abe2e0334f97de17f6ffb52582888ab Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Wed, 10 May 2017 10:06:07 +0200
+Subject: Verify that whoever is calling us is actually who he says he is
+
+CVE-2017-8422
+---
+ kdecore/auth/AuthBackend.cpp | 5 ++++
+ kdecore/auth/AuthBackend.h | 7 ++++++
+ kdecore/auth/backends/dbus/DBusHelperProxy.cpp | 27 ++++++++++++++++++++--
+ kdecore/auth/backends/dbus/DBusHelperProxy.h | 6 ++++-
+ .../auth/backends/policykit/PolicyKitBackend.cpp | 5 ++++
+ kdecore/auth/backends/policykit/PolicyKitBackend.h | 1 +
+ kdecore/auth/backends/polkit-1/Polkit1Backend.cpp | 5 ++++
+ kdecore/auth/backends/polkit-1/Polkit1Backend.h | 1 +
+ 8 files changed, 54 insertions(+), 3 deletions(-)
+
+diff --git a/kdecore/auth/AuthBackend.cpp b/kdecore/auth/AuthBackend.cpp
+index c953b81..0ba4650 100644
+--- a/kdecore/auth/AuthBackend.cpp
++++ b/kdecore/auth/AuthBackend.cpp
+@@ -54,6 +54,11 @@ void AuthBackend::setCapabilities(AuthBackend::Capabilities capabilities)
+ d->capabilities = capabilities;
+ }
+
++AuthBackend::ExtraCallerIDVerificationMethod AuthBackend::extraCallerIDVerificationMethod() const
++{
++ return NoExtraCallerIDVerificationMethod;
++}
++
+ bool AuthBackend::actionExists(const QString& action)
+ {
+ Q_UNUSED(action);
+diff --git a/kdecore/auth/AuthBackend.h b/kdecore/auth/AuthBackend.h
+index a86732e..6f4b1bc 100644
+--- a/kdecore/auth/AuthBackend.h
++++ b/kdecore/auth/AuthBackend.h
+@@ -43,6 +43,12 @@ public:
+ };
+ Q_DECLARE_FLAGS(Capabilities, Capability)
+
++ enum ExtraCallerIDVerificationMethod {
++ NoExtraCallerIDVerificationMethod,
++ VerifyAgainstDBusServiceName,
++ VerifyAgainstDBusServicePid,
++ };
++
+ AuthBackend();
+ virtual ~AuthBackend();
+ virtual void setupAction(const QString &action) = 0;
+@@ -50,6 +56,7 @@ public:
+ virtual Action::AuthStatus authorizeAction(const QString &action) = 0;
+ virtual Action::AuthStatus actionStatus(const QString &action) = 0;
+ virtual QByteArray callerID() const = 0;
++ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const;
+ virtual bool isCallerAuthorized(const QString &action, QByteArray callerID) = 0;
+ virtual bool actionExists(const QString &action);
+
+diff --git a/kdecore/auth/backends/dbus/DBusHelperProxy.cpp b/kdecore/auth/backends/dbus/DBusHelperProxy.cpp
+index 9557a0f..ca59f1c 100644
+--- a/kdecore/auth/backends/dbus/DBusHelperProxy.cpp
++++ b/kdecore/auth/backends/dbus/DBusHelperProxy.cpp
+@@ -271,6 +271,29 @@ void DBusHelperProxy::performActions(QByteArray blob, const QByteArray &callerID
+ }
+ }
+
++bool DBusHelperProxy::isCallerAuthorized(const QString &action, const QByteArray &callerID)
++{
++ // Check the caller is really who it says it is
++ switch (BackendsManager::authBackend()->extraCallerIDVerificationMethod()) {
++ case AuthBackend::NoExtraCallerIDVerificationMethod:
++ break;
++
++ case AuthBackend::VerifyAgainstDBusServiceName:
++ if (message().service().toUtf8() != callerID) {
++ return false;
++ }
++ break;
++
++ case AuthBackend::VerifyAgainstDBusServicePid:
++ if (connection().interface()->servicePid(message().service()).value() != callerID.toUInt()) {
++ return false;
++ }
++ break;
++ }
++
++ return BackendsManager::authBackend()->isCallerAuthorized(action, callerID);
++}
++
+ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArray &callerID, QByteArray arguments)
+ {
+ if (!responder) {
+@@ -295,7 +318,7 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra
+ QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value<QTimer*>();
+ timer->stop();
+
+- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) {
++ if (isCallerAuthorized(action, callerID)) {
+ QString slotname = action;
+ if (slotname.startsWith(m_name + QLatin1Char('.'))) {
+ slotname = slotname.right(slotname.length() - m_name.length() - 1);
+@@ -338,7 +361,7 @@ uint DBusHelperProxy::authorizeAction(const QString& action, const QByteArray& c
+ QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value<QTimer*>();
+ timer->stop();
+
+- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) {
++ if (isCallerAuthorized(action, callerID)) {
+ retVal = static_cast<uint>(Action::Authorized);
+ } else {
+ retVal = static_cast<uint>(Action::Denied);
+diff --git a/kdecore/auth/backends/dbus/DBusHelperProxy.h b/kdecore/auth/backends/dbus/DBusHelperProxy.h
+index 455cf51..264f6cc 100644
+--- a/kdecore/auth/backends/dbus/DBusHelperProxy.h
++++ b/kdecore/auth/backends/dbus/DBusHelperProxy.h
+@@ -21,6 +21,7 @@
+ #ifndef DBUS_HELPER_PROXY_H
+ #define DBUS_HELPER_PROXY_H
+
++#include <QDBusContext>
+ #include <QVariant>
+ #include "HelperProxy.h"
+ #include "kauthactionreply.h"
+@@ -28,7 +29,7 @@
+ namespace KAuth
+ {
+
+-class DBusHelperProxy : public HelperProxy
++class DBusHelperProxy : public HelperProxy, protected QDBusContext
+ {
+ Q_OBJECT
+ Q_INTERFACES(KAuth::HelperProxy)
+@@ -73,6 +74,9 @@ signals:
+
+ private slots:
+ void remoteSignalReceived(int type, const QString &action, QByteArray blob);
++
++private:
++ bool isCallerAuthorized(const QString &action, const QByteArray &callerID);
+ };
+
+ } // namespace Auth
+diff --git a/kdecore/auth/backends/policykit/PolicyKitBackend.cpp b/kdecore/auth/backends/policykit/PolicyKitBackend.cpp
+index 3be97f2..9d041d1 100644
+--- a/kdecore/auth/backends/policykit/PolicyKitBackend.cpp
++++ b/kdecore/auth/backends/policykit/PolicyKitBackend.cpp
+@@ -78,6 +78,11 @@ QByteArray PolicyKitBackend::callerID() const
+ return a;
+ }
+
++AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const
++{
++ return VerifyAgainstDBusServicePid;
++}
++
+ bool PolicyKitBackend::isCallerAuthorized(const QString &action, QByteArray callerID)
+ {
+ QDataStream s(&callerID, QIODevice::ReadOnly);
+diff --git a/kdecore/auth/backends/policykit/PolicyKitBackend.h b/kdecore/auth/backends/policykit/PolicyKitBackend.h
+index 7154e93..0d3d8f9 100644
+--- a/kdecore/auth/backends/policykit/PolicyKitBackend.h
++++ b/kdecore/auth/backends/policykit/PolicyKitBackend.h
+@@ -40,6 +40,7 @@ public:
+ virtual Action::AuthStatus authorizeAction(const QString&);
+ virtual Action::AuthStatus actionStatus(const QString&);
+ virtual QByteArray callerID() const;
++ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const;
+ virtual bool isCallerAuthorized(const QString &action, QByteArray callerID);
+
+ private Q_SLOTS:
+diff --git a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp
+index 732d2cb..63c0e1e 100644
+--- a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp
++++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp
+@@ -163,6 +163,11 @@ QByteArray Polkit1Backend::callerID() const
+ return QDBusConnection::systemBus().baseService().toUtf8();
+ }
+
++AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const
++{
++ return VerifyAgainstDBusServiceName;
++}
++
+ bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID)
+ {
+ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID));
+diff --git a/kdecore/auth/backends/polkit-1/Polkit1Backend.h b/kdecore/auth/backends/polkit-1/Polkit1Backend.h
+index 18ed1a2..d579da2 100644
+--- a/kdecore/auth/backends/polkit-1/Polkit1Backend.h
++++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.h
+@@ -48,6 +48,7 @@ public:
+ virtual Action::AuthStatus authorizeAction(const QString&);
+ virtual Action::AuthStatus actionStatus(const QString&);
+ virtual QByteArray callerID() const;
++ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const;
+ virtual bool isCallerAuthorized(const QString &action, QByteArray callerID);
+ virtual bool actionExists(const QString& action);
+
+--
+cgit v0.11.2
+
+
diff --git a/patches/source/kdelibs/patch/kdelibs/kdelibs.docbook.patch b/patches/source/kdelibs/patch/kdelibs/kdelibs.docbook.patch
new file mode 100644
index 00000000..6a20cd27
--- /dev/null
+++ b/patches/source/kdelibs/patch/kdelibs/kdelibs.docbook.patch
@@ -0,0 +1,11 @@
+--- kdelibs-4.4.85/cmake/modules/FindDocBookXML.cmake.orig 2010-05-27 19:25:00.000000000 +0200
++++ kdelibs-4.4.85/cmake/modules/FindDocBookXML.cmake 2010-06-07 16:18:35.000000000 +0200
+@@ -12,7 +12,7 @@
+ # Redistribution and use is allowed according to the terms of the BSD license.
+ # For details see the accompanying COPYING-CMAKE-SCRIPTS file.
+
+-set (DOCBOOKXML_CURRENTDTD_VERSION "4.2"
++set (DOCBOOKXML_CURRENTDTD_VERSION "4.5"
+ CACHE INTERNAL "Required version of XML DTDs")
+
+ set (DTD_PATH_LIST
diff --git a/patches/source/kdelibs/patch/kdelibs/kdelibs.upnp_conditional.patch b/patches/source/kdelibs/patch/kdelibs/kdelibs.upnp_conditional.patch
new file mode 100644
index 00000000..3a194477
--- /dev/null
+++ b/patches/source/kdelibs/patch/kdelibs/kdelibs.upnp_conditional.patch
@@ -0,0 +1,15 @@
+--- kdelibs-4.8.0/solid/solid/managerbase.cpp.orig 2011-07-27 20:34:39.000000000 +0200
++++ kdelibs-4.8.0/solid/solid/managerbase.cpp 2012-01-26 09:17:49.409993419 +0100
+@@ -90,7 +90,11 @@
+ # endif
+
+ # if defined (HUPNP_FOUND)
+- m_backends << new Solid::Backends::UPnP::UPnPDeviceManager(0);
++ bool solidUpnpEnabled
++ = QString::fromLocal8Bit(qgetenv("SOLID_UPNP")).toInt()==1;
++ if (solidUpnpEnabled) {
++ m_backends << new Solid::Backends::UPnP::UPnPDeviceManager(0);
++ }
+ # endif
+ }
+ }
diff --git a/patches/source/kdelibs/patch/kdelibs/return-application-icons-properly.patch b/patches/source/kdelibs/patch/kdelibs/return-application-icons-properly.patch
new file mode 100644
index 00000000..2bdb53ad
--- /dev/null
+++ b/patches/source/kdelibs/patch/kdelibs/return-application-icons-properly.patch
@@ -0,0 +1,56 @@
+From 613c951a1157df0d8a907a155a5eaa706816d5f9 Mon Sep 17 00:00:00 2001
+From: Aaron Seigo <aseigo@kde.org>
+Date: Thu, 21 Feb 2013 17:58:11 +0100
+Subject: return application icons properly
+
+BUG:315578
+---
+ kdeui/icons/kiconloader.cpp | 31 ++++++++++++++++++++++++++++++-
+ 1 file changed, 30 insertions(+), 1 deletion(-)
+
+diff --git a/kdeui/icons/kiconloader.cpp b/kdeui/icons/kiconloader.cpp
+index f65e941..6fed667 100644
+--- a/kdeui/icons/kiconloader.cpp
++++ b/kdeui/icons/kiconloader.cpp
+@@ -909,7 +909,36 @@ K3Icon KIconLoaderPrivate::findMatchingIcon(const QString& name, int size) const
+ const char * const ext[4] = { ".png", ".svgz", ".svg", ".xpm" };
+ bool genericFallback = name.endsWith(QLatin1String("-x-generic"));
+
+- foreach(KIconThemeNode *themeNode, links)
++ // Do two passes through themeNodes.
++ //
++ // The first pass looks for an exact match in each themeNode one after the other.
++ // If one is found and it is an app icon then return that icon.
++ //
++ // In the next pass (assuming the first pass failed), it looks for exact matches
++ // and then generic fallbacks in each themeNode one after the other
++ //
++ // The reasoning is that application icons should always match exactly, all other
++ // icons may fallback. Since we do not know what the context is here when we start
++ // looking for it, we can only go by the path found.
++ foreach (KIconThemeNode *themeNode, links) {
++ for (int i = 0 ; i < 4 ; i++) {
++ icon = themeNode->theme->iconPath(name + ext[i], size, KIconLoader::MatchExact);
++ if (icon.isValid()) {
++ break;
++ }
++
++ icon = themeNode->theme->iconPath(name + ext[i], size, KIconLoader::MatchBest);
++ if (icon.isValid()) {
++ break;
++ }
++ }
++
++ if (icon.isValid() && icon.path.contains("/apps/")) {
++ return icon;
++ }
++ }
++
++ foreach (KIconThemeNode *themeNode, links)
+ {
+ QString currentName = name;
+
+--
+1.8.1.4
+
+
diff --git a/patches/source/kdelibs/patch/kdelibs/return-not-break.-copy-paste-error.patch b/patches/source/kdelibs/patch/kdelibs/return-not-break.-copy-paste-error.patch
new file mode 100644
index 00000000..b62818ed
--- /dev/null
+++ b/patches/source/kdelibs/patch/kdelibs/return-not-break.-copy-paste-error.patch
@@ -0,0 +1,31 @@
+From 0edfd42151ad57322a10a24ab4971b638e220e6e Mon Sep 17 00:00:00 2001
+From: Aaron Seigo <aseigo@kde.org>
+Date: Thu, 21 Feb 2013 18:14:54 +0100
+Subject: [PATCH 049/111] return, not break. copy/paste error
+
+---
+ kdeui/icons/kiconloader.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/kdeui/icons/kiconloader.cpp b/kdeui/icons/kiconloader.cpp
+index dba474d..ce6aeea 100644
+--- a/kdeui/icons/kiconloader.cpp
++++ b/kdeui/icons/kiconloader.cpp
+@@ -947,12 +947,12 @@ K3Icon KIconLoaderPrivate::findMatchingIcon(const QString& name, int size) const
+ for (int i = 0 ; i < 4 ; i++) {
+ icon = themeNode->theme->iconPath(currentName + ext[i], size, KIconLoader::MatchExact);
+ if (icon.isValid()) {
+- break;
++ return icon;
+ }
+
+ icon = themeNode->theme->iconPath(currentName + ext[i], size, KIconLoader::MatchBest);
+ if (icon.isValid()) {
+- break;
++ return icon;
+ }
+ }
+ //kDebug(264) << "Looking up" << currentName;
+--
+1.8.1.4
+