Ark input sanitization errors:
The KDE archiving tool, Ark, performs insufficient validation
which leads to specially crafted archive files, using unknown
MIME types, to be rendered using a KHTML instance, this can
trigger uncontrolled XMLHTTPRequests to remote sites.
IO Slaves input sanitization errors:
KDE protocol handlers perform insufficient input validation, an
attacker can craft malicious URI that would trigger JavaScript
execution. Additionally the 'help://' protocol handler suffer
from directory traversal. It should be noted that the scope of
this issue is limited as the malicious URIs cannot be embedded
in Internet hosted content.
KMail input sanitization errors:
The KDE mail client, KMail, performs insufficient validation which
leads to specially crafted email attachments, using unknown MIME
types, to be rendered using a KHTML instance, this can trigger
uncontrolled XMLHTTPRequests to remote sites.
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> (based on)
Approved by: secteam (myself), portmgr
Security: http://www.vuxml.org/freebsd/6f358f5a-c7ea-11de-a9f3-0030843d3802.html
- rework KDE4_BUILDENV
All ports:
- remove needless post-extract target
- make patches relative to ${PATCH_WRKSRC}
- clean up
- bump PORTREVISION when required
databases/akonadi:
- replace dependency on boost-python-libs with boost-libs
(finally, boost-pyhton does not conflict with boost \o/)
deskutils/kdepim*:
- replace boost-python-libs with boost-libs
- reduce dependencies
- respect PREFIX
- fix build with qt3 installed
misc/kdeedu4:
- add dependency on astro/xplanet (for KStars)
misc/kdeutils4:
- add dependency on devel/qca (for okteta)
- make dependency on kdebase non-optional
multimedia/kdemultimedia4:
- add optional support for PulseAudio
x11/kdebase4:
- remove needless dependency on kdebase4-runtime
x11/kdebase4-runtime, x11/kdebase4-workspace
- remove extra CMAKE_ARGS to fix build for qt3/kde3 users
x11/kdelibs4
- remove needless dependencies
- remove extra CMAKE_ARGS to fix build for qt3/kde3 users
for FreeBSD. The official KDE 4.3.0 (Codename: "Caizen") release
notes can be found at:
http://kde.org/announcements/4.3/index.php.
We'd like to say thanks to all helpers and submitters.
Tested by: pointyhat-exp-run (pav/miwi)
- Set INSTALL_TARGET for cmake based ports to install/strip. This solves
problem of installing non-stripped binaries (noticed by delphij for KDE4 ports)
- Fix linking to -lpthread for cmake based ports (KDE4 ports are affected mostly)
multimedia/phonon port has been split into phonon itself, phonon-xine
and phono-gstreamer backends. After updating phonon port you have
to install at least one backend. phonon-xine backend is recommended
for KDE.
for FreeBSD. The official KDE 4.2.0 (Codename: "The Answer") release
notes can be found at:
http://kde.org/announcements/4.2/index.php.
New supported languages include Arabic, Icelandic, Basque,
Hebrew, Romanian, Tajik and several Indian languages (Bengali India,
Gujarati, Kannada, Maithili, Marathi) indicating a rise in popularity in
this part of Asia.
New ports for KDE 4.2.0:
arabic/kde4-l10n Arabic
hebrew/kde4-l10n Hebrew
misc/kde4-l10n-bn_IN Bengali (India)
misc/kde4-l10n-eu Basque
misc/kde4-l10n-gu Gujarati
misc/kde4-l10n-is Icelandic
misc/kde4-l10n-kn Kannada
misc/kde4-l10n-mai Maithili
misc/kde4-l10n-mr Marathi
misc/kde4-l10n-ro Romanian
misc/kde4-l10n-tg Tajik
math/eigen2 Lightweight library for vector and matrix math
graphics/kipi-plugins-kde4 KDE4 kipi graphics plugins
sysutils/policykit-kde PolicyKit manager for KDE
Unfortunately FreeBSD 6.4 support is dropped.
We'd like to say thanks for feedback and help to:
Matt Tosto, Kris Moore, stickibit, David Johnson, Markus Brueffer,
David Naylor, Thomas Schlesinger, Warren Liddell, Thomas Abthorpe,
Diego Depaoli, Mats Andreassen, portmgr for exp-run and repocopies.
for FreeBSD. The official KDE 4.1.1 release notes can be found at
http://www.kde.org/announcements/changelogs/changelog4_1to4_1_1.php.
KDE Community ships sirst translation and service release of the 4.1
dree desktop, containing numerous bugfixes, Performance Improvements
and Translation Updates.
Pretty much all applications have received the developers' attention,
resulting in a long list of bugfixes and improvements. The most significant
changes are:
* Significant performance, interaction and rendering correctness
improvements in KHTML and Konqueror, KDE's web browser
* User interaction, rendering and stability fixes in Plasma,
the KDE4 desktop shell
* PDF backend fixes in the document viewer Okular
* Fixes in Gwenview, the image viewer's thumbnailing, more
robust retrieval and display of images with broken metadata
* Stability and interaction fixes in KMail
New Ports:
- graphics/kcoloredit
* KColorEdit is a palette files editor. It can be used
for editing color palettes and for color choosing and
naming.
- graphics/kgraphviewer
* KGraphViewer is a GraphViz DOT graph viewer for KDE. The
GraphViz programs are free-software layout engines for graphs.
KGraphViewer displays the graphs in a modern, user-friendly GUI
with all the power of a well integrated KDE application.
- graphics/kiconedit
* KIconEdit is designed to help create icons for KDE using the standard
icon palette.
- graphics/skanlite
* Skanlite is a simple image scanning application that does nothing
more than scan and save images. Skanlite can open a save dialog for
every image scanned or save the images immediately in a specified
directory with auto-generated names and format. The user can also
choose to show the scanned image before saving.
for FreeBSD. The official KDE 4.1.0 release notes can be found at
http://www.kde.org/announcements/4.1/.
Some note:
* Prefix
KDE4 will be install into a custom prefixes namely ${LOCALBASE}/kde4.
KDE4 and KDE3 can co-exist
* Sound
For sound to work, it is necessary to have dbus and hal enabled
in your system. Please see the respective documentation on how
to enable these.
For more Informations see the HEADS UP at ports@ and kde-freebsd@
or our wiki page http://wiki.freebsd.org/KDE4/Install.
Have fun!
After my change to the CTRL() macro, the kpty code sets improper values
to various control keys. Change the kpty code to use the constants from
<sys/ttydefaults.h>.
Approved by: philip (mentor)
introduces XSS vulnerabilities in Konqueror and potentially affect any
Qt/KDE applications which deal with URLs or paths from untrusted locations.
Security: CVE-2007-0242
by Konqueror and other parts of KDE, that allowed a heap based buffer over-
flow when decoding specially crafted UTF-8 encoded URI sequencesi.
Possible impact included executing arbitrary code and crashing the web browser.
Security: http://www.kde.org/info/security/advisory-20060119-1.txt
Security: CVE-2006-0019
