Security: CVE-2006-0301,
http://www.kde.org/info/security/advisory-20060202-1.txt
kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
a heap based buffer overflow in the splash rasterizer engine that
can crash kpdf or even execute arbitrary code.
- Shared lib version and PORTREVISION bumb for all affected ports.
While I'm here:
- Remove USE_MESA knob where it was (35 ports).
It marked as depricated for 2 years.
PR: ports/90247
Submitted by: Ermal Lu?i <eri--@albabsd.org>
Security: CAN-2005-3193
Security: http://www.kde.org/info/security/advisory-20051207-1.txt
Security: kpdf, the KDE pdf viewer and KOffice' pdf filter share code with
xpdf. xpdf contains multiple integer overflow vulnerabilities that
allow specially crafted pdf files, when opened, to overflow a heap
allocated buffer and execute arbitrary code.
into separate ports. The OPTIONS will remain as of yet and trigger dependencies
now, for easy transition.
Update KOffice to version 1.3.2.
Add patches to fix a number of issues, including:
- fix kxkb on Xorg
- fix kdemultimedia WITH_MPEGLIB (now mpeglib_artsplug) compilation on gcc 3.4.2
with optimizations greater than -O
Add security related patches and entries to portaudit.txt.
Important changes:
==================
KDE:
- Audio/arts does not install artswrapper anymore, instead it is provided by
audio/artswrapper. See UPDATING.
- misc/kdeaddons3 is now a metaport with
editors/kate-plugins
editors/vimpart
games/atlantikdesigner
misc/kaddressbook-plugins
misc/kfile-plugins
misc/kicker-applets
misc/knewsticker-scripts
misc/konq-plugins
misc/ksig
misc/renamedlgplugins
multimedia/noatun-plugins
net/kontact-plugins
as slave ports.
- A number of KDE ports now uses OPTIONS do make various WITH_* options more
visible.
- Plist fixes
- devel/kdevelop should be able to detect FreeBSD's autoconf/automake now for
newly created projects.
- kdebase will no longer remove previous KDM configurations. This won't take
effect during the update from 3.2.0 to 3.2.1 (as deinstalling 3.2.0 will still
remove the configuration), but subsequent updates will merge old configs.
QT:
- Previous versions of QT could be compiled with debugging-support enabled by
defining DEBUG. This switch has been renamed to the more unambiguous
WANT_QT_DEBUG (similar to WANT_KDE_DEBUG in the KDE ports).
Important changes:
==================
- Kmail and knode have been moved from kdenetwork to kdepim. This
means you will have to install kdepim if you want to continue using
kmail or knode. This is to ease integration with korganizer, in
the new 'Kontact' application.
- The arabic translations for KDE and KOffice have been moved from
misc to the arabic category.
- There is a new module called kdeaccessibility in the accessibility
category. It contains a few utilities for disabled users like a
magnification lens and a text-to-speech frontend.
- In KDM, you need to select the 'CUSTOM' session profile in order
to have your .xsession executed. This is particularly important if
you're using the aegypten tools
(http://freebsd.kde.org/howtos/aegypten-kmail.php).
- We have started making more parts of the ports optional. In kdepim,
both Kandy and KPilot can be turned off with ports-knobs. This
process will continue in the 3.2 series.
patch involved patching the core auto* routines in KDE to accept the
PTHREAD_* variables in the environment, with fallbacks. We decided the
easiest way to implement this in ports was to generate configure instead
of risking incorrect generation at port configure time.
Said patch has already been committed to HEAD in KDE and as such will be
removed with the 3.2 upgrade once it is released.
Ports using Makefile.kde that shouldn't be using them (i.e. non-KDE
modules) have this support commented out due to lack of patch.
Helped out: Adriaan de Groot <adridg@cs.kun.nl>
Lauri Watts <lauri@kde.org>
Andy Fawcett <andy@athame.co.uk>
Official KDE 3.1.3 announcement:
http://www.kde.org/announcements/announce-3.1.3.php
(may not work until a few hours after this commit - we jumped the gun a little
in order to have the update in place at the time the security notifications for
KDE 3.1.2 will be released together with the announcement of KDE 3.1.3).
Changelog from 3.1.2 to 3.1.3 release:
http://www.kde.org/announcements/changelogs/changelog3_1_2to3_1_3.php
Thanks and credits need to go to the whole KDE-FreeBSD team, as well
as everyone on kde@freebsd.org for providing feedback, reporting bugs
and just using the KDE ports.
Approved by: will (real mentor asleep)