[arch-commits] Commit in kdebase-workspace/trunk (3 files)
Andrea Scarpino
andrea at archlinux.org
Mon Nov 24 08:05:16 UTC 2014
Date: Monday, November 24, 2014 @ 09:05:15
Author: andrea
Revision: 227043
upgpkg: kdebase-workspace 4.11.14-1
Upstream release
Modified:
kdebase-workspace/trunk/PKGBUILD
Deleted:
kdebase-workspace/trunk/CVE-2014-8651-2.patch
kdebase-workspace/trunk/CVE-2014-8651.patch
-----------------------+
CVE-2014-8651-2.patch | 30 ------------
CVE-2014-8651.patch | 120 ------------------------------------------------
PKGBUILD | 19 ++-----
3 files changed, 6 insertions(+), 163 deletions(-)
Deleted: CVE-2014-8651-2.patch
===================================================================
--- CVE-2014-8651-2.patch 2014-11-24 08:04:14 UTC (rev 227042)
+++ CVE-2014-8651-2.patch 2014-11-24 08:05:15 UTC (rev 227043)
@@ -1,30 +0,0 @@
-From: David Edmundson <kde at davidedmundson.co.uk>
-Date: Tue, 04 Nov 2014 13:00:54 +0000
-Subject: Validate timezone name before setting
-X-Git-Url: http://quickgit.kde.org/?p=kde-workspace.git&a=commitdiff&h=54d0bfb5effff9c8cf60da890b7728cbe36a454e
----
-Validate timezone name before setting
-
-This patch ensures that the symlink /etc/localtime always points to a
-file in /usr/share/timezones and not an arbitrary file in a user's home
-directory.
----
-
-
---- a/kcontrol/dateandtime/helper.cpp
-+++ b/kcontrol/dateandtime/helper.cpp
-@@ -123,6 +123,13 @@
- int ClockHelper::tz( const QString& selectedzone )
- {
- int ret = 0;
-+
-+ //only allow letters, numbers hyphen underscore plus and forward slash
-+ //allowed pattern taken from time-util.c in systemd
-+ if (!QRegExp("[a-zA-Z0-9-_+/]*").exactMatch(selectedzone)) {
-+ return ret;
-+ }
-+
- #if defined(USE_SOLARIS) // MARCO
-
- KTemporaryFile tf;
-
Deleted: CVE-2014-8651.patch
===================================================================
--- CVE-2014-8651.patch 2014-11-24 08:04:14 UTC (rev 227042)
+++ CVE-2014-8651.patch 2014-11-24 08:05:15 UTC (rev 227043)
@@ -1,120 +0,0 @@
-From: David Edmundson <kde at davidedmundson.co.uk>
-Date: Tue, 04 Nov 2014 12:57:59 +0000
-Subject: Do not pass ntpUtility as an argument to datetime helper
-X-Git-Url: http://quickgit.kde.org/?p=kde-workspace.git&a=commitdiff&h=eebcb17746d9fa86ea8c5a7344709ef6750781cf
----
-Do not pass ntpUtility as an argument to datetime helper
-
-Passing the name of a binary to run to a polkit helper is a security
-risk as it allows any arbitrary process to be executed.
-
-This patch moves the detection of ntp utility location into the helper
-function.
-
-REVIEW: 120977
----
-
-
---- a/kcontrol/dateandtime/dtime.cpp
-+++ b/kcontrol/dateandtime/dtime.cpp
-@@ -142,27 +142,15 @@
- //kclock->setEnabled(enabled);
- }
-
--void Dtime::findNTPutility(){
-- QByteArray envpath = qgetenv("PATH");
-- if (!envpath.isEmpty() && envpath[0] == ':') {
-- envpath = envpath.mid(1);
-- }
--
-- QString path = "/sbin:/usr/sbin:";
-- if (!envpath.isEmpty()) {
-- path += QString::fromLocal8Bit(envpath);
-- } else {
-- path += QLatin1String("/bin:/usr/bin");
-- }
--
-- foreach(const QString &possible_ntputility, QStringList() << "ntpdate" << "rdate" ) {
-- if( !((ntpUtility = KStandardDirs::findExe(possible_ntputility, path)).isEmpty()) ) {
-- kDebug() << "ntpUtility = " << ntpUtility;
-- return;
-- }
-- }
--
-- kDebug() << "ntpUtility not found!";
-+void Dtime::findNTPutility()
-+{
-+ const QString exePath = QLatin1String("/usr/sbin:/usr/bin:/sbin:/bin");
-+ foreach(const QString &possible_ntputility, QStringList() << "ntpdate" << "rdate" ) {
-+ ntpUtility = KStandardDirs::findExe(possible_ntputility, exePath);
-+ if (!ntpUtility.isEmpty()) {
-+ return;
-+ }
-+ }
- }
-
- void Dtime::set_time()
-@@ -238,7 +226,6 @@
- helperargs["ntp"] = true;
- helperargs["ntpServers"] = list;
- helperargs["ntpEnabled"] = setDateTimeAuto->isChecked();
-- helperargs["ntpUtility"] = ntpUtility;
-
- if(setDateTimeAuto->isChecked() && !ntpUtility.isEmpty()){
- // NTP Time setting - done in helper
-
---- a/kcontrol/dateandtime/helper.cpp
-+++ b/kcontrol/dateandtime/helper.cpp
-@@ -52,8 +52,18 @@
- // clears it. So we have to use a reasonable default.
- static const QString exePath = QLatin1String("/usr/sbin:/usr/bin:/sbin:/bin");
-
--int ClockHelper::ntp( const QStringList& ntpServers, bool ntpEnabled,
-- const QString& ntpUtility )
-+static QString findNtpUtility()
-+{
-+ foreach(const QString &possible_ntputility, QStringList() << "ntpdate" << "rdate" ) {
-+ const QString ntpUtility = KStandardDirs::findExe(possible_ntputility, exePath);
-+ if (!ntpUtility.isEmpty()) {
-+ return ntpUtility;
-+ }
-+ }
-+ return QString();
-+}
-+
-+int ClockHelper::ntp( const QStringList& ntpServers, bool ntpEnabled )
- {
- int ret = 0;
-
-@@ -68,6 +78,8 @@
- KConfigGroup config(&_config, "NTP");
- config.writeEntry("servers", ntpServers );
- config.writeEntry("enabled", ntpEnabled );
-+
-+ QString ntpUtility(findNtpUtility());
-
- if ( ntpEnabled && !ntpUtility.isEmpty() ) {
- // NTP Time setting
-@@ -227,7 +239,7 @@
- int ret = 0; // error code
- // The order here is important
- if( _ntp )
-- ret |= ntp( args.value("ntpServers").toStringList(), args.value("ntpEnabled").toBool(), args.value("ntpUtility").toString() );
-+ ret |= ntp( args.value("ntpServers").toStringList(), args.value("ntpEnabled").toBool());
- if( _date )
- ret |= date( args.value("newdate").toString(), args.value("olddate").toString() );
- if( _tz )
-
---- a/kcontrol/dateandtime/helper.h
-+++ b/kcontrol/dateandtime/helper.h
-@@ -42,8 +42,7 @@
- ActionReply save(const QVariantMap &map);
-
- private:
-- int ntp(const QStringList& ntpServers, bool ntpEnabled,
-- const QString& ntpUtility);
-+ int ntp(const QStringList& ntpServers, bool ntpEnabled);
- int date(const QString& newdate, const QString& olddate);
- int tz(const QString& selectedzone);
- int tzreset();
-
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-11-24 08:04:14 UTC (rev 227042)
+++ PKGBUILD 2014-11-24 08:05:15 UTC (rev 227043)
@@ -4,9 +4,9 @@
pkgname=kdebase-workspace
_pkgname=kde-workspace
-pkgver=4.11.13
-_pkgver=4.14.2
-pkgrel=2
+pkgver=4.11.14
+_pkgver=4.14.3
+pkgrel=1
pkgdesc="Provides the interface and basic tools for the KDE workspace"
arch=('i686' 'x86_64')
url='https://projects.kde.org/projects/kde/kde-workspace'
@@ -29,9 +29,8 @@
source=("http://download.kde.org/stable/${_pkgver}/src/${_pkgname}-${pkgver}.tar.xz"
'kde.pam' 'kde-np.pam' 'kscreensaver.pam' 'kdm.service' 'kdm.logrotate'
'etc-scripts.patch' 'terminate-server.patch' 'kdm-xinitrd.patch'
- 'khotkeys-qt4.patch'
- 'CVE-2014-8651.patch' 'CVE-2014-8651-2.patch')
-sha1sums=('34dcc710ad8628fefa1cf0fa8eab4efc98ff138f'
+ 'khotkeys-qt4.patch')
+sha1sums=('ec79a5d638a93b1abbb99b22a7bea52d9a2c26eb'
'660eae40a707d2711d8d7f32a93214865506b795'
'6aeecc9e0e221f0515c6bf544f9a3c11cb6961fe'
'c6afdf8964b2b2c4809b2e8e694729b2661e29df'
@@ -40,9 +39,7 @@
'c079ebd157c836ba996190f0d2bcea1a7828d02c'
'ac7bc292c865bc1ab8c02e6341aa7aeaf1a3eeee'
'd509dac592bd8b310df27991b208c95b6d907514'
- 'aa9d2e5a69986c4c3d47829721ea99edb473be12'
- '9aa1cff4d69317debe83fc9ff1ea07fff350e717'
- '9c025005d7830c54b99674bfcbfbc54155d6ecc1')
+ 'aa9d2e5a69986c4c3d47829721ea99edb473be12')
prepare() {
mkdir build
@@ -58,10 +55,6 @@
# KDEBUG#202629
patch -p0 -i "${srcdir}"/terminate-server.patch
-
- # Fixed in 4.11.14
- patch -p1 -i "${srcdir}"/CVE-2014-8651.patch
- patch -p1 -i "${srcdir}"/CVE-2014-8651-2.patch
}
build() {
More information about the arch-commits
mailing list