[pkgsrc/pkgsrc-2004Q2]: pkgsrc Pullup ticket 102 to the pkgsrc-2004Q2 branch,...

[agc <agc%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/b70851d9204a
branches:  pkgsrc-2004Q2
changeset: 476761:b70851d9204a
user:      agc <agc%pkgsrc.org@localhost>
date:      Fri Aug 13 13:05:04 2004 +0000

description:
Pullup ticket 102 to the pkgsrc-2004Q2 branch, requested by Mark Davies

Security fix for kdelibs3


        Module Name:    pkgsrc
        Committed By:   markd
        Date:           Wed Aug 11 13:51:14 UTC 2004

        Modified Files:
                pkgsrc/x11/kdelibs3: Makefile distinfo
                pkgsrc/x11/kdelibs3/patches: patch-an
        Added Files:
                pkgsrc/x11/kdelibs3/patches: patch-ap patch-aq patch-ar patch-as
                    patch-at patch-au patch-av patch-aw patch-ax patch-ay

        Log Message:
        Fix some issues related to html frames, cookie handling and temporary
         filenames. From KDE cvs.
        Bump PKGREVISION.

diffstat:

 doc/CHANGES-pkgsrc-2004Q2     |    5 +-
 x11/kdelibs3/Makefile         |    3 +-
 x11/kdelibs3/distinfo         |   14 +-
 x11/kdelibs3/patches/patch-an |   32 ++++-
 x11/kdelibs3/patches/patch-ap |  187 ++++++++++++++++++++++++++++
 x11/kdelibs3/patches/patch-aq |   72 +++++++++++
 x11/kdelibs3/patches/patch-ar |   37 +++++
 x11/kdelibs3/patches/patch-as |   37 +++++
 x11/kdelibs3/patches/patch-at |   29 ++++
 x11/kdelibs3/patches/patch-au |   19 ++
 x11/kdelibs3/patches/patch-av |  272 ++++++++++++++++++++++++++++++++++++++++++
 x11/kdelibs3/patches/patch-aw |   52 ++++++++
 x11/kdelibs3/patches/patch-ax |   27 ++++
 x11/kdelibs3/patches/patch-ay |   47 +++++++
 14 files changed, 827 insertions(+), 6 deletions(-)

diffs (truncated from 917 to 300 lines):

diff -r 92e7d880f1b9 -r b70851d9204a doc/CHANGES-pkgsrc-2004Q2
--- a/doc/CHANGES-pkgsrc-2004Q2 Fri Jul 30 18:32:20 2004 +0000
+++ b/doc/CHANGES-pkgsrc-2004Q2 Fri Aug 13 13:05:04 2004 +0000
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES-pkgsrc-2004Q2,v 1.1.2.54 2004/07/30 18:32:20 agc Exp $
+$NetBSD: CHANGES-pkgsrc-2004Q2,v 1.1.2.55 2004/08/13 13:05:04 agc Exp $
 
 Changes to the packages collection and infrastructure on the
 pkgsrc-2004Q2 branch:
@@ -104,4 +104,5 @@
        Build fix for gnutls
 Pullup ticket 92, requested by Grant Beattie [agc 2004-07-30]
        Bulk build fix
-
+Pullup ticket 102, requested by Mark Davies [agc 2004-08-13]
+       Security fix for kdelibs3
diff -r 92e7d880f1b9 -r b70851d9204a x11/kdelibs3/Makefile
--- a/x11/kdelibs3/Makefile     Fri Jul 30 18:32:20 2004 +0000
+++ b/x11/kdelibs3/Makefile     Fri Aug 13 13:05:04 2004 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.61 2004/06/10 11:39:50 markd Exp $
+# $NetBSD: Makefile,v 1.61.2.1 2004/08/13 13:05:04 agc Exp $
 
 DISTNAME=      kdelibs-${_KDE_VERSION}
+PKGREVISION=   2
 CATEGORIES=    x11
 COMMENT=       Support libraries for the KDE integrated X11 desktop
 
diff -r 92e7d880f1b9 -r b70851d9204a x11/kdelibs3/distinfo
--- a/x11/kdelibs3/distinfo     Fri Jul 30 18:32:20 2004 +0000
+++ b/x11/kdelibs3/distinfo     Fri Aug 13 13:05:04 2004 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.38 2004/06/10 11:39:50 markd Exp $
+$NetBSD: distinfo,v 1.38.2.1 2004/08/13 13:05:04 agc Exp $
 
 SHA1 (kdelibs-3.2.3.tar.bz2) = 33df00cb44694db306c29504f6ee5f3bd4a71c7d
 Size (kdelibs-3.2.3.tar.bz2) = 12737024 bytes
@@ -7,7 +7,17 @@
 SHA1 (patch-ae) = 238f16203cd101a5944ff01aa965956392c5b16d
 SHA1 (patch-af) = 7fbb3abcbf56020e3827ddf9d056beab9d1f3cd7
 SHA1 (patch-ag) = e471fdf5428e0f515ef3fe5427622854886ef952
-SHA1 (patch-an) = 41d2721bd55d060cde630771dad0377dbe770d73
+SHA1 (patch-an) = 443560cbbca3d29d2e436ac94b4920da081c99f9
+SHA1 (patch-ap) = 807a36fc910679431115f0d03208977d8cae7bc6
+SHA1 (patch-aq) = 26627136717b912e3c1ec884db4e9712398904cd
+SHA1 (patch-ar) = af4fe2fe875f91095aa024c23e17b4144ade283c
+SHA1 (patch-as) = e208b595c0f39094a8db16e6aa6b00c0d90420d2
+SHA1 (patch-at) = 9b114f66dd8b9134e884334d3d2217dd1f6e217e
+SHA1 (patch-au) = 20bebf25372adcb61065927adb093ddd10ec1b00
+SHA1 (patch-av) = 26c026a500f49847eedd56b143317d6661bf2f54
+SHA1 (patch-aw) = 4514ec04885709cfc402e387346c0c5f72408385
+SHA1 (patch-ax) = 36f21f6b3bb42f43deecd837095318d3f4e3b125
+SHA1 (patch-ay) = 27cf47be52f2f643f808d7092a6fe33458b67fc5
 SHA1 (patch-bc) = 434a48d290aa9716b8c6e372419460ebd33cf8ea
 SHA1 (patch-bd) = f233a73d0a8148e1ae7f4e777c3f5d50b56d768f
 SHA1 (patch-bu) = 65aca46f30be04c0d8177498eac149437b21ba56
diff -r 92e7d880f1b9 -r b70851d9204a x11/kdelibs3/patches/patch-an
--- a/x11/kdelibs3/patches/patch-an     Fri Jul 30 18:32:20 2004 +0000
+++ b/x11/kdelibs3/patches/patch-an     Fri Aug 13 13:05:04 2004 +0000
@@ -1,7 +1,37 @@
-$NetBSD: patch-an,v 1.3 2004/02/04 13:58:39 markd Exp $
+$NetBSD: patch-an,v 1.3.4.1 2004/08/13 13:05:04 agc Exp $
 
 --- kdecore/kstandarddirs.cpp.orig     2004-01-26 06:24:42.000000000 +1300
 +++ kdecore/kstandarddirs.cpp
+@@ -651,7 +651,28 @@ void KStandardDirs::createSpecialResourc
+    char link[1024];
+    link[1023] = 0;
+    int result = readlink(QFile::encodeName(dir).data(), link, 1023);
+-   if ((result == -1) && (errno == ENOENT))
++   bool relink = (result == -1) && (errno == ENOENT);
++   if ((result > 0) && (link[0] == '/'))
++   {
++      link[result] = 0;
++      struct stat stat_buf;
++      int res = lstat(link, &stat_buf);
++      if ((res == -1) && (errno == ENOENT))
++      {
++         relink = true;
++      }
++      else if ((res == -1) || (!S_ISDIR(stat_buf.st_mode)))
++      {
++         fprintf(stderr, "Error: \"%s\" is not a directory.\n", link);
++         relink = true;
++      }
++      else if (stat_buf.st_uid != getuid())
++      {
++         fprintf(stderr, "Error: \"%s\" is owned by uid %d instead of uid %d.\n", link, stat_buf.st_uid, getuid());
++         relink = true;
++      }
++   }
++   if (relink)
+    {
+       QString srv = findExe(QString::fromLatin1("lnusertemp"), KDEDIR+QString::fromLatin1("/bin"));
+       if (srv.isEmpty())
 @@ -847,33 +847,33 @@ static int tokenize( QStringList& tokens
  
  QString KStandardDirs::kde_default(const char *type) {
diff -r 92e7d880f1b9 -r b70851d9204a x11/kdelibs3/patches/patch-ap
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-ap     Fri Aug 13 13:05:04 2004 +0000
@@ -0,0 +1,187 @@
+$NetBSD: patch-ap,v 1.7.4.1 2004/08/13 13:05:05 agc Exp $
+
+Index: dcopserver.cpp
+===================================================================
+RCS file: /home/kde/kdelibs/dcop/dcopserver.cpp,v
+retrieving revision 1.160.2.3
+diff -u -p -r1.160.2.3 dcopserver.cpp
+--- dcop/dcopserver.cpp        30 Apr 2004 15:00:08 -0000      1.160.2.3
++++ dcop/dcopserver.cpp        26 Jul 2004 09:03:06 -0000
+@@ -443,35 +443,78 @@ write_iceauth (FILE *addfp, IceAuthDataE
+     fprintf (addfp, "\n");
+ }
+ 
++#ifndef HAVE_MKSTEMPS
++#include <string.h>
++#include <strings.h>
+ 
+-#ifndef HAVE_MKSTEMP
+-static char *unique_filename (const char *path, const char *prefix)
+-#else
+-static char *unique_filename (const char *path, const char *prefix, int *pFd)
+-#endif
++/* this is based on code taken from the GNU libc, distributed under the LGPL license */
++
++/* Generate a unique temporary file name from TEMPLATE.
++
++   TEMPLATE has the form:
++
++   <path>/ccXXXXXX<suffix>
++
++   SUFFIX_LEN tells us how long <suffix> is (it can be zero length).
++
++   The last six characters of TEMPLATE before <suffix> must be "XXXXXX";
++   they are replaced with a string that makes the filename unique.
++
++   Returns a file descriptor open on the file for reading and writing.  */
++
++int mkstemps (char* _template, int suffix_len)
+ {
+-#ifndef HAVE_MKSTEMP
+-#ifndef X_NOT_POSIX
+-    return ((char *) tempnam (path, prefix));
+-#else
+-    char tempFile[PATH_MAX];
+-    char *tmp;
++  static const char letters[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
++  char *XXXXXX;
++  int len;
++  int count;
++  int value;
++
++  len = strlen (_template);
++
++  if ((int) len < 6 + suffix_len || strncmp (&_template[len - 6 - suffix_len], "XXXXXX", 6))
++      return -1;
++
++  XXXXXX = &_template[len - 6 - suffix_len];
++
++  value = rand();
++  for (count = 0; count < 256; ++count)
++  {
++      int v = value;
++      int fd;
++
++      /* Fill in the random bits.  */
++      XXXXXX[0] = letters[v % 62];
++      v /= 62;
++      XXXXXX[1] = letters[v % 62];
++      v /= 62;
++      XXXXXX[2] = letters[v % 62];
++      v /= 62;
++      XXXXXX[3] = letters[v % 62];
++      v /= 62;
++      XXXXXX[4] = letters[v % 62];
++      v /= 62;
++      XXXXXX[5] = letters[v % 62];
++
++      fd = open (_template, O_RDWR|O_CREAT|O_EXCL, 0600);
++      if (fd >= 0)
++      /* The file does not exist.  */
++      return fd;
++
++      /* This is a random value.  It is only necessary that the next
++       TMP_MAX values generated by adding 7777 to VALUE are different
++       with (module 2^32).  */
++      value += 7777;
++    }
++  /* We return the null string if we can't find a unique file name.  */
++  _template[0] = '\0';
++  return -1;
++}
+ 
+-    snprintf (tempFile, PATH_MAX, "%s/%sXXXXXX", path, prefix);
+-    tmp = (char *) mktemp (tempFile);
+-    if (tmp)
+-      {
+-          char *ptr = (char *) malloc (strlen (tmp) + 1);
+-        if (ptr != NULL)
+-        {
+-              strcpy (ptr, tmp);
+-        }
+-          return (ptr);
+-      }
+-    else
+-      return (NULL);
+ #endif
+-#else
++
++static char *unique_filename (const char *path, const char *prefix, int *pFd)
++{
+     char tempFile[PATH_MAX];
+     char *ptr;
+ 
+@@ -480,43 +523,10 @@ static char *unique_filename (const char
+     if (ptr != NULL)
+       {
+           strcpy(ptr, tempFile);
+-          *pFd =  mkstemp(ptr);
++          *pFd =  mkstemps(ptr, 0);
+       }
+     return ptr;
+-#endif
+-}
+-
+-#if 0
+-Status SetAuthentication_local (int count, IceListenObj *listenObjs)
+-{
+-    int i;
+-    for (i = 0; i < count; i ++) {
+-      char *prot = IceGetListenConnectionString(listenObjs[i]);
+-      if (!prot) continue;
+-      char *host = strchr(prot, '/');
+-      char *sock = 0;
+-      if (host) {
+-          *host=0;
+-          host++;
+-          sock = strchr(host, ':');
+-          if (sock) {
+-              *sock = 0;
+-              sock++;
+-          }
+-      }
+-#ifndef NDEBUG
+-      qDebug("DCOPServer: SetAProc_loc: conn %d, prot=%s, file=%s",
+-              (unsigned)i, prot, sock);
+-#endif
+-      if (sock && !strcmp(prot, "local")) {
+-          chmod(sock, 0700);
+-      }
+-      IceSetHostBasedAuthProc (listenObjs[i], HostBasedAuthProc);
+-      free(prot);
+-    }
+-    return 1;
+ }
+-#endif
+ 
+ #define MAGIC_COOKIE_LEN 16
+ 
+@@ -529,28 +539,19 @@ SetAuthentication (int count, IceListenO
+     int         original_umask;
+     int         i;
+     QCString command;    
+-#ifdef HAVE_MKSTEMP
+     int         fd;
+-#endif
+ 
+     original_umask = umask (0077);      /* disallow non-owner access */
+ 
+     path = getenv ("DCOP_SAVE_DIR");
+     if (!path)
+       path = "/tmp";
+-#ifndef HAVE_MKSTEMP
+-    if ((addAuthFile = unique_filename (path, "dcop")) == NULL)
+-      goto bad;
+ 
+-    if (!(addfp = fopen (addAuthFile, "w")))
+-      goto bad;
+-#else
+     if ((addAuthFile = unique_filename (path, "dcop", &fd)) == NULL)
+       goto bad;
+ 
+     if (!(addfp = fdopen(fd, "wb")))
+       goto bad;
+-#endif
+ 
+     if ((*_authDataEntries = static_cast<IceAuthDataEntry *>(malloc (count * 2 * sizeof (IceAuthDataEntry)))) == NULL)
+       goto bad;
diff -r 92e7d880f1b9 -r b70851d9204a x11/kdelibs3/patches/patch-aq
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-aq     Fri Aug 13 13:05:04 2004 +0000
@@ -0,0 +1,72 @@
+$NetBSD: patch-aq,v 1.4.4.1 2004/08/13 13:05:05 agc Exp $
+
+Index: kioslave/http/kcookiejar/kcookiejar.cpp
+===================================================================
+RCS file: /home/kde/kdelibs/kioslave/http/kcookiejar/kcookiejar.cpp,v
+retrieving revision 1.116
+retrieving revision 1.117