[kde-freebsd] Some security flaws that were recently fixed in KDE 4.3.3

Mon Nov 2 07:59:40 CET 2009

Gentlemen, good day.

I was made aware of the oCERT advisory,
  http://www.ocert.org/advisories/ocert-2009-015.html

that talks about 3 distinct security bugs for the KDE 4.  Advisory
has some details and links to the upstream fixes.  Patch for
kio_help is already integrated to the sources of kdelibs 4.3.1,
but the other two mentioned patches apply to the current sources
of FreeBSD KDE port.

I was able just to test the applicability of the patches and Tinderbox
builds on 7.x and 8.x.  I am not the KDE user and I can't really
validate that everything works as expected.  So I can hand off to
you a half-baked patch for the kdelibs4 and kdebase4-runtime and
VuXML entry for the said vulnerabilities.  If someone will be able
to verify that the patches cause no harm to the KDE ports and
everything works as expected, it will be greatly appreciated.

Thanks!
-- 
Eygene
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook
    {_.-``-'         {_/            #
-------------- next part --------------
A non-text attachment was scrubbed...
Name: oCERT-2009-015-fixes.diff
Type: text/x-diff
Size: 6326 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/kde-freebsd/attachments/20091102/67666d37/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vuln.xml
Type: application/xml
Size: 2231 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/kde-freebsd/attachments/20091102/67666d37/attachment.xpdl 