Date: Mon, 12 Nov 2018 19:09:19 +0000 (UTC) From: "Tobias C. Berner" <tcberner@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r484818 - head/devel/kio-extras Message-ID: <201811121909.wACJ9JlC004668@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tcberner Date: Mon Nov 12 19:09:19 2018 New Revision: 484818 URL: https://svnweb.freebsd.org/changeset/ports/484818 Log: devel/kio-extras: Remove the htmlthumbnailer. Albert Astals Cids reports: The HTML thumbnailer was incorrectly accessing some content of remote URLs listed in HTML files. This meant that the owners of the servers referred in HTML files in your system could have seen in their access logs your IP address every time the thumbnailer tried to create the thumbnail. Use the suggested workaround, and remove the htmlthumbnailer. MFC after: 2018Q4 Security: 1460aa25-e6ab-11e8-a733-e0d55e2a8bf9 Security: CVE-2018-19120 Modified: head/devel/kio-extras/Makefile head/devel/kio-extras/pkg-plist Modified: head/devel/kio-extras/Makefile ============================================================================== --- head/devel/kio-extras/Makefile Mon Nov 12 19:03:48 2018 (r484817) +++ head/devel/kio-extras/Makefile Mon Nov 12 19:09:19 2018 (r484818) @@ -2,7 +2,7 @@ PORTNAME= kio-extras DISTVERSION= ${KDE_APPLICATIONS_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= devel kde kde-applications # kde kde-applications-plasma MAINTAINER= kde@FreeBSD.org @@ -24,8 +24,11 @@ USE_QT= core dbus declarative gui location network ph buildtools_build qmake_build SHEBANG_FILES= info/kde-info2html -OPTIONS_DEFINE= SAMBA MTP EXR EXIV SLP SSH WEBENGINE TAGLIB DOCS -OPTIONS_DEFAULT=SAMBA MTP EXR EXIV SLP SSH WEBENGINE TAGLIB +# CVE-2018-19120 +CMAKE_ON= CMAKE_DISABLE_FIND_PACKAGE_Qt5WebEngineWidget + +OPTIONS_DEFINE= SAMBA MTP EXR EXIV SLP SSH TAGLIB DOCS +OPTIONS_DEFAULT=SAMBA MTP EXR EXIV SLP SSH TAGLIB OPTIONS_SUB= yes SAMBA_DESC= Needed to build the SMB kioslave @@ -56,10 +59,5 @@ SSH_LIB_DEPENDS= libssh.so:security/libssh TAGLIB_DESC= Needed to build the audio thumbnail kioslave TAGLIB_CMAKE_BOOL_OFF= CMAKE_DISABLE_FIND_PACKAGE_Taglib TAGLIB_LIB_DEPENDS= libtag.so:audio/taglib - -WEBENGINE_DESC= Needed to build the html thumbnailer -WEBENGINE_CMAKE_BOOL_OFF= CMAKE_DISABLE_FIND_PACKAGE_Qt5WebEngineWidget -WEBENGINE_USES= qt:5 -WEBENGINE_USE= QT=webengine .include <bsd.port.mk> Modified: head/devel/kio-extras/pkg-plist ============================================================================== --- head/devel/kio-extras/pkg-plist Mon Nov 12 19:03:48 2018 (r484817) +++ head/devel/kio-extras/pkg-plist Mon Nov 12 19:09:19 2018 (r484818) @@ -12,7 +12,6 @@ lib/libmolletnetwork5.so.%%KDE_APPLICATIONS_VERSION%% %%QT_PLUGINDIR%%/comicbookthumbnail.so %%QT_PLUGINDIR%%/djvuthumbnail.so %%EXR%%%%QT_PLUGINDIR%%/exrthumbnail.so -%%WEBENGINE%%%%QT_PLUGINDIR%%/htmlthumbnail.so %%QT_PLUGINDIR%%/imagethumbnail.so %%QT_PLUGINDIR%%/jpegthumbnail.so %%QT_PLUGINDIR%%/kactivitymanagerd_fileitem_linking_plugin.so @@ -66,7 +65,6 @@ share/kservices5/djvuthumbnail.desktop share/kservices5/filenamesearch.protocol share/kservices5/fish.protocol share/kservices5/gzip.protocol -%%WEBENGINE%%share/kservices5/htmlthumbnail.desktop share/kservices5/imagethumbnail.desktop share/kservices5/info.protocol share/kservices5/jpegthumbnail.desktop
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811121909.wACJ9JlC004668>