Ark input sanitization errors:
The KDE archiving tool, Ark, performs insufficient validation
which leads to specially crafted archive files, using unknown
MIME types, to be rendered using a KHTML instance, this can
trigger uncontrolled XMLHTTPRequests to remote sites.
IO Slaves input sanitization errors:
KDE protocol handlers perform insufficient input validation, an
attacker can craft malicious URI that would trigger JavaScript
execution. Additionally the 'help://' protocol handler suffer
from directory traversal. It should be noted that the scope of
this issue is limited as the malicious URIs cannot be embedded
in Internet hosted content.
KMail input sanitization errors:
The KDE mail client, KMail, performs insufficient validation which
leads to specially crafted email attachments, using unknown MIME
types, to be rendered using a KHTML instance, this can trigger
uncontrolled XMLHTTPRequests to remote sites.
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> (based on)
Approved by: secteam (myself), portmgr
Security: http://www.vuxml.org/freebsd/6f358f5a-c7ea-11de-a9f3-0030843d3802.html
a bugfix, translation and maintenance update. Release note can be found
at http://kde.org/announcements/announce-4.3.1.php
We would like to thank all our contributors and testers. My personal
thanks to miwi and makc for coaching me through my first KDE commit.
- rework KDE4_BUILDENV
All ports:
- remove needless post-extract target
- make patches relative to ${PATCH_WRKSRC}
- clean up
- bump PORTREVISION when required
databases/akonadi:
- replace dependency on boost-python-libs with boost-libs
(finally, boost-pyhton does not conflict with boost \o/)
deskutils/kdepim*:
- replace boost-python-libs with boost-libs
- reduce dependencies
- respect PREFIX
- fix build with qt3 installed
misc/kdeedu4:
- add dependency on astro/xplanet (for KStars)
misc/kdeutils4:
- add dependency on devel/qca (for okteta)
- make dependency on kdebase non-optional
multimedia/kdemultimedia4:
- add optional support for PulseAudio
x11/kdebase4:
- remove needless dependency on kdebase4-runtime
x11/kdebase4-runtime, x11/kdebase4-workspace
- remove extra CMAKE_ARGS to fix build for qt3/kde3 users
x11/kdelibs4
- remove needless dependencies
- remove extra CMAKE_ARGS to fix build for qt3/kde3 users
for FreeBSD. The official KDE 4.3.0 (Codename: "Caizen") release
notes can be found at:
http://kde.org/announcements/4.3/index.php.
We'd like to say thanks to all helpers and submitters.
Tested by: pointyhat-exp-run (pav/miwi)
- Set INSTALL_TARGET for cmake based ports to install/strip. This solves
problem of installing non-stripped binaries (noticed by delphij for KDE4 ports)
- Fix linking to -lpthread for cmake based ports (KDE4 ports are affected mostly)
for FreeBSD. The official KDE 4.2.0 (Codename: "The Answer") release
notes can be found at:
http://kde.org/announcements/4.2/index.php.
New supported languages include Arabic, Icelandic, Basque,
Hebrew, Romanian, Tajik and several Indian languages (Bengali India,
Gujarati, Kannada, Maithili, Marathi) indicating a rise in popularity in
this part of Asia.
New ports for KDE 4.2.0:
arabic/kde4-l10n Arabic
hebrew/kde4-l10n Hebrew
misc/kde4-l10n-bn_IN Bengali (India)
misc/kde4-l10n-eu Basque
misc/kde4-l10n-gu Gujarati
misc/kde4-l10n-is Icelandic
misc/kde4-l10n-kn Kannada
misc/kde4-l10n-mai Maithili
misc/kde4-l10n-mr Marathi
misc/kde4-l10n-ro Romanian
misc/kde4-l10n-tg Tajik
math/eigen2 Lightweight library for vector and matrix math
graphics/kipi-plugins-kde4 KDE4 kipi graphics plugins
sysutils/policykit-kde PolicyKit manager for KDE
Unfortunately FreeBSD 6.4 support is dropped.
We'd like to say thanks for feedback and help to:
Matt Tosto, Kris Moore, stickibit, David Johnson, Markus Brueffer,
David Naylor, Thomas Schlesinger, Warren Liddell, Thomas Abthorpe,
Diego Depaoli, Mats Andreassen, portmgr for exp-run and repocopies.
net/avahi will be read as net/avahi-app for core library. Also,
with net/avahi-libdns installed, hardwrited dependency for mDNSReponder
lead to conflicts, but KDE 4.1 can use avahi-loibdns instead.
PR: 126494
Submitted by: Dima Panov <fluffy@fluffy.khv.ru>
for FreeBSD. The official KDE 4.1.0 release notes can be found at
http://www.kde.org/announcements/4.1/.
Some note:
* Prefix
KDE4 will be install into a custom prefixes namely ${LOCALBASE}/kde4.
KDE4 and KDE3 can co-exist
* Sound
For sound to work, it is necessary to have dbus and hal enabled
in your system. Please see the respective documentation on how
to enable these.
For more Informations see the HEADS UP at ports@ and kde-freebsd@
or our wiki page http://wiki.freebsd.org/KDE4/Install.
Have fun!
After my change to the CTRL() macro, the kpty code sets improper values
to various control keys. Change the kpty code to use the constants from
<sys/ttydefaults.h>.
Approved by: philip (mentor)
The affected ports are the ones with gettext as a run-dependency
according to ports/INDEX-7 (5007 of them) and the ones with USE_GETTEXT
in Makefile (29 of them).
PR: ports/124340
Submitted by: edwin@
Approved by: portmgr (pav)
- Remove USE_XLIB/USE_X_PREFIX/USE_XPM in favor of USE_XORG
- Remove X11BASE support in favor of LOCALBASE or PREFIX
- Use USE_LDCONFIG instead of INSTALLS_SHLIB
- Remove unneeded USE_GCC 3.4+
Thanks to all Helpers:
Dmitry Marakasov, Chess Griffin, beech@, dinoex, rafan, gahr,
ehaupt, nox, itetcu, flz, pav
PR: 116263
Tested on: pointyhat
Approved by: portmgr (pav)
introduces XSS vulnerabilities in Konqueror and potentially affect any
Qt/KDE applications which deal with URLs or paths from untrusted locations.
Security: CVE-2007-0242
