Index: head/deskutils/kdepimlibs4/Makefile =================================================================== --- head/deskutils/kdepimlibs4/Makefile (revision 435959) +++ head/deskutils/kdepimlibs4/Makefile (revision 435960) @@ -1,41 +1,41 @@ # Created by: arved # $FreeBSD$ PORTNAME= kdepimlibs PORTVERSION= ${KDE4_KDELIBS_VERSION} -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= deskutils kde MASTER_SITES= KDE/${KDE4_APPLICATIONS_BRANCH}/applications/${KDE4_APPLICATIONS_VERSION}/src DIST_SUBDIR= KDE/${PORTVERSION} MAINTAINER= kde@FreeBSD.org COMMENT= KDE PIM Libraries BUILD_DEPENDS= xsltproc:textproc/libxslt LIB_DEPENDS= libgpgme.so:security/gpgme \ libsasl2.so:security/cyrus-sasl2 \ libboost_thread.so:devel/boost-libs \ libical.so:devel/libical \ libuuid.so:misc/e2fsprogs-libuuid \ libprison.so:graphics/prison \ libqjson.so:devel/qjson USES= cmake:outsource kde:4 shared-mime-info shebangfix tar:xz USE_KDE= kdelibs akonadi \ automoc4 ontologies soprano SHEBANG_FILES= mailtransport/kconf_update/migrate-transports.pl USE_OPENLDAP= yes USE_QT4= corelib dbus declarative designer_build gui network sql xml \ qmake_build moc_build rcc_build uic_build USE_LDCONFIG= yes post-patch: ${REINPLACE_CMD} -e 's|/usr/local|${LOCALBASE}|g' \ ${PATCH_WRKSRC}/cmake/modules/*.cmake ${REINPLACE_CMD} -e 's|%%KDE_PREFIX%%|${KDE_PREFIX}|g' \ ${PATCH_WRKSRC}/cmake/modules/FindQGpgme.cmake # Prevent updating MIME during build. ${REINPLACE_CMD} -e '/^update_xdg_mimetypes/ d' \ ${PATCH_WRKSRC}/CMakeLists.txt .include Index: head/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp =================================================================== --- head/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp (nonexistent) +++ head/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp (revision 435960) @@ -0,0 +1,38 @@ +Fix for https://www.kde.org/info/security/advisory-20170227-1.txt +--- ktnef/ktnefparser.cpp.orig 2017-03-11 20:23:43 UTC ++++ ktnef/ktnefparser.cpp +@@ -40,7 +40,9 @@ + + #include + #include ++#include + #include ++#include + #include + #include + +@@ -446,7 +448,9 @@ bool KTNEFParser::extractFile( const QSt + bool KTNEFParser::ParserPrivate::extractAttachmentTo( KTNEFAttach *att, + const QString &dirname ) + { +- QString filename = dirname + '/'; ++ const QString destDir( QDir( dirname ).absolutePath() ); // get directory path without any "." or ".." ++ ++ QString filename = destDir + '/'; + if ( !att->fileName().isEmpty()) { + filename += att->fileName(); + } else { +@@ -462,6 +466,13 @@ bool KTNEFParser::ParserPrivate::extract + if ( !device_->seek( att->offset() ) ) { + return false; + } ++ const QFileInfo fi( filename ); ++ if ( !fi.absoluteFilePath().startsWith( destDir ) ) { ++ kWarning() << "Attempted extract into" << fi.absoluteFilePath() ++ << "which is outside of the extraction root folder" << destDir << "." ++ << "Changing export of contained files to extraction root folder."; ++ filename = destDir + QLatin1Char( '/' ) + fi.fileName(); ++ } + KSaveFile outfile( filename ); + if ( !outfile.open() ) { + return false; Property changes on: head/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property