Add fix for security bug 425388

(Portage version: 2.2.0_alpha116/cvs/Linux x86_64)
author: Andreas K. Hüttel <dilfridge@gentoo.org> 2012-07-08 22:37:53 +0000
committer: Andreas K. Hüttel <dilfridge@gentoo.org> 2012-07-08 22:37:53 +0000
commit: decac026cfbc9523359ff4f59ee446fd7e26092c (patch)
tree: a7479dfe7413f949a9536c67c08143ebd36e91cd /kde-base
parent: Add the backports tarball to the ebuild (diff)
download: gentoo-2-decac026cfbc9523359ff4f59ee446fd7e26092c.tar.gz
gentoo-2-decac026cfbc9523359ff4f59ee446fd7e26092c.tar.bz2
gentoo-2-decac026cfbc9523359ff4f59ee446fd7e26092c.zip
4 files changed, 131 insertions, 2 deletions
diff --git a/kde-base/kmail/ChangeLog b/kde-base/kmail/ChangeLog
index 2c90af29a233..2c5e20f6909c 100644
--- a/kde-base/kmail/ChangeLog
+++ b/kde-base/kmail/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for kde-base/kmail
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kmail/ChangeLog,v 1.289 2012/06/21 21:54:58 dilfridge Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kmail/ChangeLog,v 1.290 2012/07/08 22:37:53 dilfridge Exp $
+
+*kmail-4.8.4-r1 (08 Jul 2012)
+*kmail-4.8.3-r1 (08 Jul 2012)
+
+  08 Jul 2012; Andreas K. Huettel <dilfridge@gentoo.org>
+  +kmail-4.8.3-r1.ebuild, -kmail-4.8.4.ebuild, +kmail-4.8.4-r1.ebuild,
+  +files/kmail-4.8.4-sec.patch:
+  Add fix for security bug 425388
 
 *kmail-4.8.4 (21 Jun 2012)
 
diff --git a/kde-base/kmail/files/kmail-4.8.4-sec.patch b/kde-base/kmail/files/kmail-4.8.4-sec.patch
new file mode 100644
index 000000000000..0e1aa39a068c
--- /dev/null
+++ b/kde-base/kmail/files/kmail-4.8.4-sec.patch
@@ -0,0 +1,29 @@
+From dbb2f72f4745e00f53031965a9c10b2d6862bd54 Mon Sep 17 00:00:00 2001
+From: Montel Laurent <montel@kde.org>
+Date: Mon, 2 Jul 2012 07:00:53 +0200
+Subject: [PATCH] Security fix found by David yesterday during debug (cherry
+ picked from commit
+ b6a46407d83ad9368a9825c687fa44e660f7104a)
+
+---
+ messageviewer/htmlquotecolorer.cpp |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/messageviewer/htmlquotecolorer.cpp b/messageviewer/htmlquotecolorer.cpp
+index b54e989..67c3062 100644
+--- a/messageviewer/htmlquotecolorer.cpp
++++ b/messageviewer/htmlquotecolorer.cpp
+@@ -40,6 +40,10 @@ QString HTMLQuoteColorer::process( const QString &htmlSource )
+ #ifndef KDEPIM_NO_WEBKIT
+   // Create a DOM Document from the HTML source
+   QWebPage page(0);
++  page.settings()->setAttribute( QWebSettings::JavascriptEnabled, false );
++  page.settings()->setAttribute( QWebSettings::JavaEnabled, false );
++  page.settings()->setAttribute( QWebSettings::PluginsEnabled, false );
++
+   QWebFrame *frame = page.mainFrame();
+   frame->setHtml( htmlSource );
+   
+-- 
+1.7.9.2
+
diff --git a/kde-base/kmail/kmail-4.8.3-r1.ebuild b/kde-base/kmail/kmail-4.8.3-r1.ebuild
new file mode 100644
index 000000000000..b876b5e89790
--- /dev/null
+++ b/kde-base/kmail/kmail-4.8.3-r1.ebuild
@@ -0,0 +1,88 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kmail/kmail-4.8.3-r1.ebuild,v 1.1 2012/07/08 22:37:53 dilfridge Exp $
+
+EAPI=4
+
+KDE_HANDBOOK="optional"
+KMNAME="kdepim"
+KDE_SCM="git"
+VIRTUALX_REQUIRED=test
+inherit flag-o-matic kde4-meta
+
+DESCRIPTION="KMail is the email component of Kontact, the integrated personal information manager of KDE."
+KEYWORDS="~amd64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+IUSE="debug"
+
+DEPEND="
+	$(add_kdebase_dep kdepimlibs 'semantic-desktop')
+	$(add_kdebase_dep korganizer)
+	$(add_kdebase_dep kdepim-common-libs)
+"
+RDEPEND="${DEPEND}"
+
+RESTRICT="test"
+# bug 393147
+
+KMEXTRACTONLY="
+	akonadi_next/
+	calendarsupport/
+	korganizer/
+	kresources/
+	libkleo/
+	libkpgp/
+	libkdepimdbusinterfaces/
+	kdgantt2/
+"
+KMCOMPILEONLY="
+	messagecomposer/
+	messagecore/
+	messagelist/
+	messageviewer/
+	templateparser/
+	incidenceeditor-ng/
+	calendarsupport/
+"
+KMEXTRA="
+	kmailcvt/
+	ksendemail/
+	libksieve/
+	mailcommon/
+	mailfilteragent/
+	ontologies/
+	plugins/messageviewer/
+"
+
+KMLOADLIBS="kdepim-common-libs"
+
+PATCHES=(
+	"${FILESDIR}/${P}-qt47-compat.patch"
+	"${FILESDIR}/${PN}-4.8.4-sec.patch"
+)
+
+src_configure() {
+	# Bug 308903
+	use ppc64 && append-flags -mminimal-toc
+
+	kde4-meta_src_configure
+}
+
+src_compile() {
+	kde4-meta_src_compile kmail_xml
+	kde4-meta_src_compile
+}
+
+pkg_postinst() {
+	kde4-meta_pkg_postinst
+
+	if ! has_version kde-base/kdepim-kresources:${SLOT}; then
+		echo
+		elog "For groupware functionality, please install kde-base/kdepim-kresources:${SLOT}"
+		echo
+	fi
+	if ! has_version kde-base/kleopatra:${SLOT}; then
+		echo
+		elog "For certificate management and the gnupg log viewer, please install kde-base/kleopatra:${SLOT}"
+		echo
+	fi
+}
diff --git a/kde-base/kmail/kmail-4.8.4.ebuild b/kde-base/kmail/kmail-4.8.4-r1.ebuild
index e7b66044da81..aebbcb045598 100644
--- a/kde-base/kmail/kmail-4.8.4.ebuild
+++ b/kde-base/kmail/kmail-4.8.4-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kmail/kmail-4.8.4.ebuild,v 1.1 2012/06/21 21:54:58 dilfridge Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kmail/kmail-4.8.4-r1.ebuild,v 1.1 2012/07/08 22:37:53 dilfridge Exp $
 
 EAPI=4
 
@@ -54,6 +54,10 @@ KMEXTRA="
 
 KMLOADLIBS="kdepim-common-libs"
 
+PATCHES=(
+	"${FILESDIR}/${PN}-4.8.4-sec.patch"
+)
+
 src_configure() {
 	# Bug 308903
 	use ppc64 && append-flags -mminimal-toc
author	Andreas K. Hüttel <dilfridge@gentoo.org>	2012-07-08 22:37:53 +0000
committer	Andreas K. Hüttel <dilfridge@gentoo.org>	2012-07-08 22:37:53 +0000
commit	decac026cfbc9523359ff4f59ee446fd7e26092c (patch)
tree	a7479dfe7413f949a9536c67c08143ebd36e91cd /kde-base
parent	Add the backports tarball to the ebuild (diff)
download	gentoo-2-decac026cfbc9523359ff4f59ee446fd7e26092c.tar.gz gentoo-2-decac026cfbc9523359ff4f59ee446fd7e26092c.tar.bz2 gentoo-2-decac026cfbc9523359ff4f59ee446fd7e26092c.zip