From 8ff4f2f51a6cf07fc33742ce3bee81328896e49b Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Fri, 25 May 2018 23:29:36 +0000 Subject: Fri May 25 23:29:36 UTC 2018 patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.1.txz: Rebuilt. Handle removal of US/Pacific-New timezone. If we see that the machine is using this, it will be automatically switched to US/Pacific. --- patches/source/kdelibs/patch/kdelibs.patch | 17 ++ .../kdelibs/patch/kdelibs/coding-style-fixes.patch | 62 +++++++ .../patch/kdelibs/kdelibs.CVE-2017-8422.diff | 201 +++++++++++++++++++++ .../kdelibs/patch/kdelibs/kdelibs.docbook.patch | 11 ++ .../patch/kdelibs/kdelibs.upnp_conditional.patch | 15 ++ .../return-application-icons-properly.patch | 56 ++++++ .../return-not-break.-copy-paste-error.patch | 31 ++++ 7 files changed, 393 insertions(+) create mode 100644 patches/source/kdelibs/patch/kdelibs.patch create mode 100644 patches/source/kdelibs/patch/kdelibs/coding-style-fixes.patch create mode 100644 patches/source/kdelibs/patch/kdelibs/kdelibs.CVE-2017-8422.diff create mode 100644 patches/source/kdelibs/patch/kdelibs/kdelibs.docbook.patch create mode 100644 patches/source/kdelibs/patch/kdelibs/kdelibs.upnp_conditional.patch create mode 100644 patches/source/kdelibs/patch/kdelibs/return-application-icons-properly.patch create mode 100644 patches/source/kdelibs/patch/kdelibs/return-not-break.-copy-paste-error.patch (limited to 'patches/source/kdelibs/patch') diff --git a/patches/source/kdelibs/patch/kdelibs.patch b/patches/source/kdelibs/patch/kdelibs.patch new file mode 100644 index 000000000..2e31daee4 --- /dev/null +++ b/patches/source/kdelibs/patch/kdelibs.patch @@ -0,0 +1,17 @@ +# Slackware ships a different version of XML DTDs: +zcat $CWD/patch/kdelibs/kdelibs.docbook.patch.gz | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } + +# Make uPnP support depend on the environment variable SOLID_UPNP, +# e.g. by creating an /etc/profile.d/upnp.sh file with the following contents: +# export SOLID_UPNP=1 +zcat $CWD/patch/kdelibs/kdelibs.upnp_conditional.patch.gz | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } + +# Revert 3 patches which (although they probably follow the FDo spec better), +# cause incorrect icon overrides: +zcat $CWD/patch/kdelibs/return-not-break.-copy-paste-error.patch.gz | patch -R -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/kdelibs/coding-style-fixes.patch.gz | patch -R -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/kdelibs/return-application-icons-properly.patch.gz | patch -R -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } + +# Fix KAuth local root security issue: +zcat $CWD/patch/kdelibs/kdelibs.CVE-2017-8422.diff.gz | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } + diff --git a/patches/source/kdelibs/patch/kdelibs/coding-style-fixes.patch b/patches/source/kdelibs/patch/kdelibs/coding-style-fixes.patch new file mode 100644 index 000000000..11108f0a4 --- /dev/null +++ b/patches/source/kdelibs/patch/kdelibs/coding-style-fixes.patch @@ -0,0 +1,62 @@ +From 2173580f070e806d4715e13048c697c49ec262e2 Mon Sep 17 00:00:00 2001 +From: Aaron Seigo +Date: Thu, 21 Feb 2013 17:59:58 +0100 +Subject: [PATCH 047/111] coding style fixes + +--- + kdeui/icons/kiconloader.cpp | 27 ++++++++++++--------------- + 1 file changed, 12 insertions(+), 15 deletions(-) + +diff --git a/kdeui/icons/kiconloader.cpp b/kdeui/icons/kiconloader.cpp +index 6fed667..dba474d 100644 +--- a/kdeui/icons/kiconloader.cpp ++++ b/kdeui/icons/kiconloader.cpp +@@ -938,32 +938,29 @@ K3Icon KIconLoaderPrivate::findMatchingIcon(const QString& name, int size) const + } + } + +- foreach (KIconThemeNode *themeNode, links) +- { ++ foreach (KIconThemeNode *themeNode, links) { + QString currentName = name; + +- while (!currentName.isEmpty()) +- { +- ++ while (!currentName.isEmpty()) { + //kDebug(264) << "Looking up" << currentName; + +-// The following code has been commented out because the Qt SVG renderer needs +-// to be improved. If you are going to change/remove some code from this part, +-// please contact me before (ereslibre@kde.org), or kde-core-devel@kde.org. (ereslibre) +- for (int i = 0 ; i < 4 ; i++) +- { ++ for (int i = 0 ; i < 4 ; i++) { + icon = themeNode->theme->iconPath(currentName + ext[i], size, KIconLoader::MatchExact); +- if (icon.isValid()) +- return icon; ++ if (icon.isValid()) { ++ break; ++ } + + icon = themeNode->theme->iconPath(currentName + ext[i], size, KIconLoader::MatchBest); +- if (icon.isValid()) +- return icon; ++ if (icon.isValid()) { ++ break; ++ } + } ++ //kDebug(264) << "Looking up" << currentName; + +- if (genericFallback) ++ if (genericFallback) { + // we already tested the base name + break; ++ } + + int rindex = currentName.lastIndexOf('-'); + if (rindex > 1) { // > 1 so that we don't split x-content or x-epoc +-- +1.8.1.4 + + diff --git a/patches/source/kdelibs/patch/kdelibs/kdelibs.CVE-2017-8422.diff b/patches/source/kdelibs/patch/kdelibs/kdelibs.CVE-2017-8422.diff new file mode 100644 index 000000000..221dc8f98 --- /dev/null +++ b/patches/source/kdelibs/patch/kdelibs/kdelibs.CVE-2017-8422.diff @@ -0,0 +1,201 @@ +From 264e97625abe2e0334f97de17f6ffb52582888ab Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Wed, 10 May 2017 10:06:07 +0200 +Subject: Verify that whoever is calling us is actually who he says he is + +CVE-2017-8422 +--- + kdecore/auth/AuthBackend.cpp | 5 ++++ + kdecore/auth/AuthBackend.h | 7 ++++++ + kdecore/auth/backends/dbus/DBusHelperProxy.cpp | 27 ++++++++++++++++++++-- + kdecore/auth/backends/dbus/DBusHelperProxy.h | 6 ++++- + .../auth/backends/policykit/PolicyKitBackend.cpp | 5 ++++ + kdecore/auth/backends/policykit/PolicyKitBackend.h | 1 + + kdecore/auth/backends/polkit-1/Polkit1Backend.cpp | 5 ++++ + kdecore/auth/backends/polkit-1/Polkit1Backend.h | 1 + + 8 files changed, 54 insertions(+), 3 deletions(-) + +diff --git a/kdecore/auth/AuthBackend.cpp b/kdecore/auth/AuthBackend.cpp +index c953b81..0ba4650 100644 +--- a/kdecore/auth/AuthBackend.cpp ++++ b/kdecore/auth/AuthBackend.cpp +@@ -54,6 +54,11 @@ void AuthBackend::setCapabilities(AuthBackend::Capabilities capabilities) + d->capabilities = capabilities; + } + ++AuthBackend::ExtraCallerIDVerificationMethod AuthBackend::extraCallerIDVerificationMethod() const ++{ ++ return NoExtraCallerIDVerificationMethod; ++} ++ + bool AuthBackend::actionExists(const QString& action) + { + Q_UNUSED(action); +diff --git a/kdecore/auth/AuthBackend.h b/kdecore/auth/AuthBackend.h +index a86732e..6f4b1bc 100644 +--- a/kdecore/auth/AuthBackend.h ++++ b/kdecore/auth/AuthBackend.h +@@ -43,6 +43,12 @@ public: + }; + Q_DECLARE_FLAGS(Capabilities, Capability) + ++ enum ExtraCallerIDVerificationMethod { ++ NoExtraCallerIDVerificationMethod, ++ VerifyAgainstDBusServiceName, ++ VerifyAgainstDBusServicePid, ++ }; ++ + AuthBackend(); + virtual ~AuthBackend(); + virtual void setupAction(const QString &action) = 0; +@@ -50,6 +56,7 @@ public: + virtual Action::AuthStatus authorizeAction(const QString &action) = 0; + virtual Action::AuthStatus actionStatus(const QString &action) = 0; + virtual QByteArray callerID() const = 0; ++ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; + virtual bool isCallerAuthorized(const QString &action, QByteArray callerID) = 0; + virtual bool actionExists(const QString &action); + +diff --git a/kdecore/auth/backends/dbus/DBusHelperProxy.cpp b/kdecore/auth/backends/dbus/DBusHelperProxy.cpp +index 9557a0f..ca59f1c 100644 +--- a/kdecore/auth/backends/dbus/DBusHelperProxy.cpp ++++ b/kdecore/auth/backends/dbus/DBusHelperProxy.cpp +@@ -271,6 +271,29 @@ void DBusHelperProxy::performActions(QByteArray blob, const QByteArray &callerID + } + } + ++bool DBusHelperProxy::isCallerAuthorized(const QString &action, const QByteArray &callerID) ++{ ++ // Check the caller is really who it says it is ++ switch (BackendsManager::authBackend()->extraCallerIDVerificationMethod()) { ++ case AuthBackend::NoExtraCallerIDVerificationMethod: ++ break; ++ ++ case AuthBackend::VerifyAgainstDBusServiceName: ++ if (message().service().toUtf8() != callerID) { ++ return false; ++ } ++ break; ++ ++ case AuthBackend::VerifyAgainstDBusServicePid: ++ if (connection().interface()->servicePid(message().service()).value() != callerID.toUInt()) { ++ return false; ++ } ++ break; ++ } ++ ++ return BackendsManager::authBackend()->isCallerAuthorized(action, callerID); ++} ++ + QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArray &callerID, QByteArray arguments) + { + if (!responder) { +@@ -295,7 +318,7 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra + QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value(); + timer->stop(); + +- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { ++ if (isCallerAuthorized(action, callerID)) { + QString slotname = action; + if (slotname.startsWith(m_name + QLatin1Char('.'))) { + slotname = slotname.right(slotname.length() - m_name.length() - 1); +@@ -338,7 +361,7 @@ uint DBusHelperProxy::authorizeAction(const QString& action, const QByteArray& c + QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value(); + timer->stop(); + +- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { ++ if (isCallerAuthorized(action, callerID)) { + retVal = static_cast(Action::Authorized); + } else { + retVal = static_cast(Action::Denied); +diff --git a/kdecore/auth/backends/dbus/DBusHelperProxy.h b/kdecore/auth/backends/dbus/DBusHelperProxy.h +index 455cf51..264f6cc 100644 +--- a/kdecore/auth/backends/dbus/DBusHelperProxy.h ++++ b/kdecore/auth/backends/dbus/DBusHelperProxy.h +@@ -21,6 +21,7 @@ + #ifndef DBUS_HELPER_PROXY_H + #define DBUS_HELPER_PROXY_H + ++#include + #include + #include "HelperProxy.h" + #include "kauthactionreply.h" +@@ -28,7 +29,7 @@ + namespace KAuth + { + +-class DBusHelperProxy : public HelperProxy ++class DBusHelperProxy : public HelperProxy, protected QDBusContext + { + Q_OBJECT + Q_INTERFACES(KAuth::HelperProxy) +@@ -73,6 +74,9 @@ signals: + + private slots: + void remoteSignalReceived(int type, const QString &action, QByteArray blob); ++ ++private: ++ bool isCallerAuthorized(const QString &action, const QByteArray &callerID); + }; + + } // namespace Auth +diff --git a/kdecore/auth/backends/policykit/PolicyKitBackend.cpp b/kdecore/auth/backends/policykit/PolicyKitBackend.cpp +index 3be97f2..9d041d1 100644 +--- a/kdecore/auth/backends/policykit/PolicyKitBackend.cpp ++++ b/kdecore/auth/backends/policykit/PolicyKitBackend.cpp +@@ -78,6 +78,11 @@ QByteArray PolicyKitBackend::callerID() const + return a; + } + ++AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const ++{ ++ return VerifyAgainstDBusServicePid; ++} ++ + bool PolicyKitBackend::isCallerAuthorized(const QString &action, QByteArray callerID) + { + QDataStream s(&callerID, QIODevice::ReadOnly); +diff --git a/kdecore/auth/backends/policykit/PolicyKitBackend.h b/kdecore/auth/backends/policykit/PolicyKitBackend.h +index 7154e93..0d3d8f9 100644 +--- a/kdecore/auth/backends/policykit/PolicyKitBackend.h ++++ b/kdecore/auth/backends/policykit/PolicyKitBackend.h +@@ -40,6 +40,7 @@ public: + virtual Action::AuthStatus authorizeAction(const QString&); + virtual Action::AuthStatus actionStatus(const QString&); + virtual QByteArray callerID() const; ++ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; + virtual bool isCallerAuthorized(const QString &action, QByteArray callerID); + + private Q_SLOTS: +diff --git a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp +index 732d2cb..63c0e1e 100644 +--- a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp ++++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp +@@ -163,6 +163,11 @@ QByteArray Polkit1Backend::callerID() const + return QDBusConnection::systemBus().baseService().toUtf8(); + } + ++AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const ++{ ++ return VerifyAgainstDBusServiceName; ++} ++ + bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) + { + PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); +diff --git a/kdecore/auth/backends/polkit-1/Polkit1Backend.h b/kdecore/auth/backends/polkit-1/Polkit1Backend.h +index 18ed1a2..d579da2 100644 +--- a/kdecore/auth/backends/polkit-1/Polkit1Backend.h ++++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.h +@@ -48,6 +48,7 @@ public: + virtual Action::AuthStatus authorizeAction(const QString&); + virtual Action::AuthStatus actionStatus(const QString&); + virtual QByteArray callerID() const; ++ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; + virtual bool isCallerAuthorized(const QString &action, QByteArray callerID); + virtual bool actionExists(const QString& action); + +-- +cgit v0.11.2 + + diff --git a/patches/source/kdelibs/patch/kdelibs/kdelibs.docbook.patch b/patches/source/kdelibs/patch/kdelibs/kdelibs.docbook.patch new file mode 100644 index 000000000..6a20cd279 --- /dev/null +++ b/patches/source/kdelibs/patch/kdelibs/kdelibs.docbook.patch @@ -0,0 +1,11 @@ +--- kdelibs-4.4.85/cmake/modules/FindDocBookXML.cmake.orig 2010-05-27 19:25:00.000000000 +0200 ++++ kdelibs-4.4.85/cmake/modules/FindDocBookXML.cmake 2010-06-07 16:18:35.000000000 +0200 +@@ -12,7 +12,7 @@ + # Redistribution and use is allowed according to the terms of the BSD license. + # For details see the accompanying COPYING-CMAKE-SCRIPTS file. + +-set (DOCBOOKXML_CURRENTDTD_VERSION "4.2" ++set (DOCBOOKXML_CURRENTDTD_VERSION "4.5" + CACHE INTERNAL "Required version of XML DTDs") + + set (DTD_PATH_LIST diff --git a/patches/source/kdelibs/patch/kdelibs/kdelibs.upnp_conditional.patch b/patches/source/kdelibs/patch/kdelibs/kdelibs.upnp_conditional.patch new file mode 100644 index 000000000..3a1944774 --- /dev/null +++ b/patches/source/kdelibs/patch/kdelibs/kdelibs.upnp_conditional.patch @@ -0,0 +1,15 @@ +--- kdelibs-4.8.0/solid/solid/managerbase.cpp.orig 2011-07-27 20:34:39.000000000 +0200 ++++ kdelibs-4.8.0/solid/solid/managerbase.cpp 2012-01-26 09:17:49.409993419 +0100 +@@ -90,7 +90,11 @@ + # endif + + # if defined (HUPNP_FOUND) +- m_backends << new Solid::Backends::UPnP::UPnPDeviceManager(0); ++ bool solidUpnpEnabled ++ = QString::fromLocal8Bit(qgetenv("SOLID_UPNP")).toInt()==1; ++ if (solidUpnpEnabled) { ++ m_backends << new Solid::Backends::UPnP::UPnPDeviceManager(0); ++ } + # endif + } + } diff --git a/patches/source/kdelibs/patch/kdelibs/return-application-icons-properly.patch b/patches/source/kdelibs/patch/kdelibs/return-application-icons-properly.patch new file mode 100644 index 000000000..2bdb53adf --- /dev/null +++ b/patches/source/kdelibs/patch/kdelibs/return-application-icons-properly.patch @@ -0,0 +1,56 @@ +From 613c951a1157df0d8a907a155a5eaa706816d5f9 Mon Sep 17 00:00:00 2001 +From: Aaron Seigo +Date: Thu, 21 Feb 2013 17:58:11 +0100 +Subject: return application icons properly + +BUG:315578 +--- + kdeui/icons/kiconloader.cpp | 31 ++++++++++++++++++++++++++++++- + 1 file changed, 30 insertions(+), 1 deletion(-) + +diff --git a/kdeui/icons/kiconloader.cpp b/kdeui/icons/kiconloader.cpp +index f65e941..6fed667 100644 +--- a/kdeui/icons/kiconloader.cpp ++++ b/kdeui/icons/kiconloader.cpp +@@ -909,7 +909,36 @@ K3Icon KIconLoaderPrivate::findMatchingIcon(const QString& name, int size) const + const char * const ext[4] = { ".png", ".svgz", ".svg", ".xpm" }; + bool genericFallback = name.endsWith(QLatin1String("-x-generic")); + +- foreach(KIconThemeNode *themeNode, links) ++ // Do two passes through themeNodes. ++ // ++ // The first pass looks for an exact match in each themeNode one after the other. ++ // If one is found and it is an app icon then return that icon. ++ // ++ // In the next pass (assuming the first pass failed), it looks for exact matches ++ // and then generic fallbacks in each themeNode one after the other ++ // ++ // The reasoning is that application icons should always match exactly, all other ++ // icons may fallback. Since we do not know what the context is here when we start ++ // looking for it, we can only go by the path found. ++ foreach (KIconThemeNode *themeNode, links) { ++ for (int i = 0 ; i < 4 ; i++) { ++ icon = themeNode->theme->iconPath(name + ext[i], size, KIconLoader::MatchExact); ++ if (icon.isValid()) { ++ break; ++ } ++ ++ icon = themeNode->theme->iconPath(name + ext[i], size, KIconLoader::MatchBest); ++ if (icon.isValid()) { ++ break; ++ } ++ } ++ ++ if (icon.isValid() && icon.path.contains("/apps/")) { ++ return icon; ++ } ++ } ++ ++ foreach (KIconThemeNode *themeNode, links) + { + QString currentName = name; + +-- +1.8.1.4 + + diff --git a/patches/source/kdelibs/patch/kdelibs/return-not-break.-copy-paste-error.patch b/patches/source/kdelibs/patch/kdelibs/return-not-break.-copy-paste-error.patch new file mode 100644 index 000000000..b62818ed6 --- /dev/null +++ b/patches/source/kdelibs/patch/kdelibs/return-not-break.-copy-paste-error.patch @@ -0,0 +1,31 @@ +From 0edfd42151ad57322a10a24ab4971b638e220e6e Mon Sep 17 00:00:00 2001 +From: Aaron Seigo +Date: Thu, 21 Feb 2013 18:14:54 +0100 +Subject: [PATCH 049/111] return, not break. copy/paste error + +--- + kdeui/icons/kiconloader.cpp | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/kdeui/icons/kiconloader.cpp b/kdeui/icons/kiconloader.cpp +index dba474d..ce6aeea 100644 +--- a/kdeui/icons/kiconloader.cpp ++++ b/kdeui/icons/kiconloader.cpp +@@ -947,12 +947,12 @@ K3Icon KIconLoaderPrivate::findMatchingIcon(const QString& name, int size) const + for (int i = 0 ; i < 4 ; i++) { + icon = themeNode->theme->iconPath(currentName + ext[i], size, KIconLoader::MatchExact); + if (icon.isValid()) { +- break; ++ return icon; + } + + icon = themeNode->theme->iconPath(currentName + ext[i], size, KIconLoader::MatchBest); + if (icon.isValid()) { +- break; ++ return icon; + } + } + //kDebug(264) << "Looking up" << currentName; +-- +1.8.1.4 + -- cgit v1.2.3