Security: CAN-2005-3193
Security: http://www.kde.org/info/security/advisory-20051207-1.txt
Security: kpdf, the KDE pdf viewer and KOffice' pdf filter share code with
xpdf. xpdf contains multiple integer overflow vulnerabilities that
allow specially crafted pdf files, when opened, to overflow a heap
allocated buffer and execute arbitrary code.
into separate ports. The OPTIONS will remain as of yet and trigger dependencies
now, for easy transition.
Update KOffice to version 1.3.2.
Add patches to fix a number of issues, including:
- fix kxkb on Xorg
- fix kdemultimedia WITH_MPEGLIB (now mpeglib_artsplug) compilation on gcc 3.4.2
with optimizations greater than -O
Add security related patches and entries to portaudit.txt.
Important changes:
==================
- Kmail and knode have been moved from kdenetwork to kdepim. This
means you will have to install kdepim if you want to continue using
kmail or knode. This is to ease integration with korganizer, in
the new 'Kontact' application.
- The arabic translations for KDE and KOffice have been moved from
misc to the arabic category.
- There is a new module called kdeaccessibility in the accessibility
category. It contains a few utilities for disabled users like a
magnification lens and a text-to-speech frontend.
- In KDM, you need to select the 'CUSTOM' session profile in order
to have your .xsession executed. This is particularly important if
you're using the aegypten tools
(http://freebsd.kde.org/howtos/aegypten-kmail.php).
- We have started making more parts of the ports optional. In kdepim,
both Kandy and KPilot can be turned off with ports-knobs. This
process will continue in the 3.2 series.
patch involved patching the core auto* routines in KDE to accept the
PTHREAD_* variables in the environment, with fallbacks. We decided the
easiest way to implement this in ports was to generate configure instead
of risking incorrect generation at port configure time.
Said patch has already been committed to HEAD in KDE and as such will be
removed with the 3.2 upgrade once it is released.
Ports using Makefile.kde that shouldn't be using them (i.e. non-KDE
modules) have this support commented out due to lack of patch.
Helped out: Adriaan de Groot <adridg@cs.kun.nl>
Lauri Watts <lauri@kde.org>
Andy Fawcett <andy@athame.co.uk>
Official KDE 3.1.3 announcement:
http://www.kde.org/announcements/announce-3.1.3.php
(may not work until a few hours after this commit - we jumped the gun a little
in order to have the update in place at the time the security notifications for
KDE 3.1.2 will be released together with the announcement of KDE 3.1.3).
Changelog from 3.1.2 to 3.1.3 release:
http://www.kde.org/announcements/changelogs/changelog3_1_2to3_1_3.php
Thanks and credits need to go to the whole KDE-FreeBSD team, as well
as everyone on kde@freebsd.org for providing feedback, reporting bugs
and just using the KDE ports.
Approved by: will (real mentor asleep)
