commit: 4b7826b1c6186fe0dea304ff3108cf9610210925 Author: Michael Palimaka <kensington <AT> gentoo <DOT> org> AuthorDate: Sat Dec 1 02:37:24 2018 +0000 Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org> CommitDate: Sat Dec 1 02:37:58 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b7826b1
kde-apps/messagelib: revision bump resolving CVE-2018-19516 Bug: https://bugs.gentoo.org/672312 Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Michael Palimaka <kensington <AT> gentoo.org> .../files/messagelib-18.04.3-CVE-2018-19516.patch | 17 +++++ .../files/messagelib-18.08.3-CVE-2018-19516.patch | 29 +++++++++ kde-apps/messagelib/messagelib-18.04.3-r1.ebuild | 72 +++++++++++++++++++++ kde-apps/messagelib/messagelib-18.08.3-r2.ebuild | 74 ++++++++++++++++++++++ 4 files changed, 192 insertions(+) diff --git a/kde-apps/messagelib/files/messagelib-18.04.3-CVE-2018-19516.patch b/kde-apps/messagelib/files/messagelib-18.04.3-CVE-2018-19516.patch new file mode 100644 index 00000000000..4d3fac7334b --- /dev/null +++ b/kde-apps/messagelib/files/messagelib-18.04.3-CVE-2018-19516.patch @@ -0,0 +1,17 @@ +diff --git a/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp b/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp +index 0d209524..0dad4174 100644 +--- a/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp ++++ b/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp +@@ -299,6 +299,12 @@ QString processHtml(const QString &htmlSource, QString &extraHead) + return htmlSource; + } + extraHead = s.mid(6, idx - 6); ++ ++ //Don't authorize to refresh content. ++ if (s.contains(QStringLiteral("http-equiv=\"REFRESH\""), Qt::CaseInsensitive)) { ++ extraHead.clear(); ++ } ++ + s = s.mid(idx + 7).trimmed(); + } + diff --git a/kde-apps/messagelib/files/messagelib-18.08.3-CVE-2018-19516.patch b/kde-apps/messagelib/files/messagelib-18.08.3-CVE-2018-19516.patch new file mode 100644 index 00000000000..21108ae1fb6 --- /dev/null +++ b/kde-apps/messagelib/files/messagelib-18.08.3-CVE-2018-19516.patch @@ -0,0 +1,29 @@ +From 1fd737870f5a9c5bf44ad9fbd153ab4cf44e135d Mon Sep 17 00:00:00 2001 +From: Laurent Montel <[email protected]> +Date: Fri, 23 Nov 2018 07:37:02 +0100 +Subject: [PATCH] Exclude Refresh from MetaData (Not necessary) + +--- + .../src/messagepartthemes/default/defaultrenderer.cpp | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp b/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp +index a7ffe824..d5d41cf6 100644 +--- a/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp ++++ b/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp +@@ -308,6 +308,12 @@ QString processHtml(const QString &htmlSource, QString &extraHead) + return htmlSource; + } + extraHead = s.mid(startIndex + 6 , endIndex - startIndex - 6); ++ ++ //Don't authorize to refresh content. ++ if (s.contains(QStringLiteral("http-equiv=\"REFRESH\""), Qt::CaseInsensitive)) { ++ extraHead.clear(); ++ } ++ + s = s.mid(endIndex + 7).trimmed(); + } + +-- +2.19.2 + diff --git a/kde-apps/messagelib/messagelib-18.04.3-r1.ebuild b/kde-apps/messagelib/messagelib-18.04.3-r1.ebuild new file mode 100644 index 00000000000..05699236352 --- /dev/null +++ b/kde-apps/messagelib/messagelib-18.04.3-r1.ebuild @@ -0,0 +1,72 @@ +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +KDE_TEST="forceoptional-recursive" +VIRTUALX_REQUIRED="test" +inherit kde5 + +DESCRIPTION="Libraries for messaging functions" +LICENSE="GPL-2+ LGPL-2.1+" +KEYWORDS="~amd64 ~x86" +IUSE="" + +DEPEND=" + $(add_frameworks_dep karchive) + $(add_frameworks_dep kcodecs) + $(add_frameworks_dep kcompletion) + $(add_frameworks_dep kconfig) + $(add_frameworks_dep kconfigwidgets) + $(add_frameworks_dep kcoreaddons) + $(add_frameworks_dep kdbusaddons) + $(add_frameworks_dep ki18n) + $(add_frameworks_dep kiconthemes) + $(add_frameworks_dep kio) + $(add_frameworks_dep kitemmodels) + $(add_frameworks_dep kitemviews) + $(add_frameworks_dep kjobwidgets) + $(add_frameworks_dep knotifications) + $(add_frameworks_dep kservice) + $(add_frameworks_dep ktextwidgets) + $(add_frameworks_dep kwidgetsaddons) + $(add_frameworks_dep kwindowsystem) + $(add_frameworks_dep kxmlgui) + $(add_frameworks_dep sonnet) + $(add_frameworks_dep syntax-highlighting) + $(add_kdeapps_dep akonadi) + $(add_kdeapps_dep akonadi-contacts) + $(add_kdeapps_dep akonadi-mime) + $(add_kdeapps_dep grantleetheme) + $(add_kdeapps_dep incidenceeditor) + $(add_kdeapps_dep kcalcore) + $(add_kdeapps_dep kcontacts) + $(add_kdeapps_dep kdepim-apps-libs) + $(add_kdeapps_dep kidentitymanagement) + $(add_kdeapps_dep kldap) + $(add_kdeapps_dep kmailtransport) + $(add_kdeapps_dep kmbox) + $(add_kdeapps_dep kmime) + $(add_kdeapps_dep kpimtextedit) + $(add_kdeapps_dep libgravatar) + $(add_kdeapps_dep libkdepim) + $(add_kdeapps_dep libkleo) + $(add_qt_dep qtgui) + $(add_qt_dep qtnetwork) + $(add_qt_dep qtprintsupport) + $(add_qt_dep qtwebengine 'widgets') + $(add_qt_dep qtwidgets) + >=app-crypt/gpgme-1.8.0-r1[cxx,qt5] + >=dev-libs/grantlee-5.1.0:5 +" +RDEPEND="${DEPEND} + !<kde-apps/kdepim-addons-16.08.50:5 + !kde-apps/kdepim-common-libs:4 + !kde-apps/kdepim-l10n + !=kde-apps/kmail-4.4*:4 +" + +# bug 579630 +RESTRICT+=" test" + +PATCHES=( "${FILESDIR}/${P}-CVE-2018-19516.patch" ) diff --git a/kde-apps/messagelib/messagelib-18.08.3-r2.ebuild b/kde-apps/messagelib/messagelib-18.08.3-r2.ebuild new file mode 100644 index 00000000000..6056ee7e12e --- /dev/null +++ b/kde-apps/messagelib/messagelib-18.08.3-r2.ebuild @@ -0,0 +1,74 @@ +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +KDE_TEST="forceoptional" +VIRTUALX_REQUIRED="test" +inherit kde5 + +DESCRIPTION="Libraries for messaging functions" +LICENSE="GPL-2+ LGPL-2.1+" +KEYWORDS="~amd64 ~x86" +IUSE="" + +DEPEND=" + $(add_frameworks_dep karchive) + $(add_frameworks_dep kcodecs) + $(add_frameworks_dep kcompletion) + $(add_frameworks_dep kconfig) + $(add_frameworks_dep kconfigwidgets) + $(add_frameworks_dep kcoreaddons) + $(add_frameworks_dep kdbusaddons) + $(add_frameworks_dep ki18n) + $(add_frameworks_dep kiconthemes) + $(add_frameworks_dep kio) + $(add_frameworks_dep kitemmodels) + $(add_frameworks_dep kitemviews) + $(add_frameworks_dep kjobwidgets) + $(add_frameworks_dep knotifications) + $(add_frameworks_dep kservice) + $(add_frameworks_dep ktextwidgets) + $(add_frameworks_dep kwidgetsaddons) + $(add_frameworks_dep kwindowsystem) + $(add_frameworks_dep kxmlgui) + $(add_frameworks_dep sonnet) + $(add_frameworks_dep syntax-highlighting) + $(add_kdeapps_dep akonadi) + $(add_kdeapps_dep akonadi-contacts) + $(add_kdeapps_dep akonadi-mime) + $(add_kdeapps_dep grantleetheme) + $(add_kdeapps_dep incidenceeditor) + $(add_kdeapps_dep kcalcore) + $(add_kdeapps_dep kcontacts) + $(add_kdeapps_dep kdepim-apps-libs) + $(add_kdeapps_dep kidentitymanagement) + $(add_kdeapps_dep kldap) + $(add_kdeapps_dep kmailtransport) + $(add_kdeapps_dep kmbox) + $(add_kdeapps_dep kmime) + $(add_kdeapps_dep kpimtextedit) + $(add_kdeapps_dep libgravatar) + $(add_kdeapps_dep libkdepim) + $(add_kdeapps_dep libkleo) + $(add_qt_dep qtgui) + $(add_qt_dep qtnetwork) + $(add_qt_dep qtprintsupport) + $(add_qt_dep qtwebengine 'widgets') + $(add_qt_dep qtwidgets) + >=app-crypt/gpgme-1.8.0-r1[cxx,qt5] + >=dev-libs/grantlee-5.1.0:5 +" +RDEPEND="${DEPEND} + !kde-apps/kdepim-common-libs:4 + !kde-apps/kdepim-l10n + !=kde-apps/kmail-4.4*:4 +" + +# bug 579630 +RESTRICT+=" test" + +PATCHES=( + "${FILESDIR}/${P}-newmail-crash.patch" + "${FILESDIR}/${PN}-18.08.3-CVE-2018-19516.patch" +)
