From owner-svn-ports-all@freebsd.org Mon Nov 12 19:09:21 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 24DDF110EF3B; Mon, 12 Nov 2018 19:09:21 +0000 (UTC) (envelope-from tcberner@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 231287E32F; Mon, 12 Nov 2018 19:09:20 +0000 (UTC) (envelope-from tcberner@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D800624D6E; Mon, 12 Nov 2018 19:09:19 +0000 (UTC) (envelope-from tcberner@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wACJ9JnQ004670; Mon, 12 Nov 2018 19:09:19 GMT (envelope-from tcberner@FreeBSD.org) Received: (from tcberner@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wACJ9JlC004668; Mon, 12 Nov 2018 19:09:19 GMT (envelope-from tcberner@FreeBSD.org) Message-Id: <201811121909.wACJ9JlC004668@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tcberner set sender to tcberner@FreeBSD.org using -f From: "Tobias C. Berner" Date: Mon, 12 Nov 2018 19:09:19 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r484818 - head/devel/kio-extras X-SVN-Group: ports-head X-SVN-Commit-Author: tcberner X-SVN-Commit-Paths: head/devel/kio-extras X-SVN-Commit-Revision: 484818 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 231287E32F X-Spamd-Result: default: False [-106.88 / 200.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; ALLOW_DOMAIN_WHITELIST(-100.00)[FreeBSD.org]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; HAS_XAW(0.00)[]; R_SPF_SOFTFAIL(0.00)[~all]; DMARC_NA(0.00)[FreeBSD.org]; RCVD_COUNT_THREE(0.00)[4]; MX_GOOD(-0.01)[cached: mx1.FreeBSD.org]; NEURAL_HAM_SHORT(-1.00)[-1.000,0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; IP_SCORE(-3.77)[ip: (-9.91), ipnet: 2610:1c1:1::/48(-4.93), asn: 11403(-3.90), country: US(-0.09)] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2018 19:09:21 -0000 Author: tcberner Date: Mon Nov 12 19:09:19 2018 New Revision: 484818 URL: https://svnweb.freebsd.org/changeset/ports/484818 Log: devel/kio-extras: Remove the htmlthumbnailer. Albert Astals Cids reports: The HTML thumbnailer was incorrectly accessing some content of remote URLs listed in HTML files. This meant that the owners of the servers referred in HTML files in your system could have seen in their access logs your IP address every time the thumbnailer tried to create the thumbnail. Use the suggested workaround, and remove the htmlthumbnailer. MFC after: 2018Q4 Security: 1460aa25-e6ab-11e8-a733-e0d55e2a8bf9 Security: CVE-2018-19120 Modified: head/devel/kio-extras/Makefile head/devel/kio-extras/pkg-plist Modified: head/devel/kio-extras/Makefile ============================================================================== --- head/devel/kio-extras/Makefile Mon Nov 12 19:03:48 2018 (r484817) +++ head/devel/kio-extras/Makefile Mon Nov 12 19:09:19 2018 (r484818) @@ -2,7 +2,7 @@ PORTNAME= kio-extras DISTVERSION= ${KDE_APPLICATIONS_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= devel kde kde-applications # kde kde-applications-plasma MAINTAINER= kde@FreeBSD.org @@ -24,8 +24,11 @@ USE_QT= core dbus declarative gui location network ph buildtools_build qmake_build SHEBANG_FILES= info/kde-info2html -OPTIONS_DEFINE= SAMBA MTP EXR EXIV SLP SSH WEBENGINE TAGLIB DOCS -OPTIONS_DEFAULT=SAMBA MTP EXR EXIV SLP SSH WEBENGINE TAGLIB +# CVE-2018-19120 +CMAKE_ON= CMAKE_DISABLE_FIND_PACKAGE_Qt5WebEngineWidget + +OPTIONS_DEFINE= SAMBA MTP EXR EXIV SLP SSH TAGLIB DOCS +OPTIONS_DEFAULT=SAMBA MTP EXR EXIV SLP SSH TAGLIB OPTIONS_SUB= yes SAMBA_DESC= Needed to build the SMB kioslave @@ -56,10 +59,5 @@ SSH_LIB_DEPENDS= libssh.so:security/libssh TAGLIB_DESC= Needed to build the audio thumbnail kioslave TAGLIB_CMAKE_BOOL_OFF= CMAKE_DISABLE_FIND_PACKAGE_Taglib TAGLIB_LIB_DEPENDS= libtag.so:audio/taglib - -WEBENGINE_DESC= Needed to build the html thumbnailer -WEBENGINE_CMAKE_BOOL_OFF= CMAKE_DISABLE_FIND_PACKAGE_Qt5WebEngineWidget -WEBENGINE_USES= qt:5 -WEBENGINE_USE= QT=webengine .include Modified: head/devel/kio-extras/pkg-plist ============================================================================== --- head/devel/kio-extras/pkg-plist Mon Nov 12 19:03:48 2018 (r484817) +++ head/devel/kio-extras/pkg-plist Mon Nov 12 19:09:19 2018 (r484818) @@ -12,7 +12,6 @@ lib/libmolletnetwork5.so.%%KDE_APPLICATIONS_VERSION%% %%QT_PLUGINDIR%%/comicbookthumbnail.so %%QT_PLUGINDIR%%/djvuthumbnail.so %%EXR%%%%QT_PLUGINDIR%%/exrthumbnail.so -%%WEBENGINE%%%%QT_PLUGINDIR%%/htmlthumbnail.so %%QT_PLUGINDIR%%/imagethumbnail.so %%QT_PLUGINDIR%%/jpegthumbnail.so %%QT_PLUGINDIR%%/kactivitymanagerd_fileitem_linking_plugin.so @@ -66,7 +65,6 @@ share/kservices5/djvuthumbnail.desktop share/kservices5/filenamesearch.protocol share/kservices5/fish.protocol share/kservices5/gzip.protocol -%%WEBENGINE%%share/kservices5/htmlthumbnail.desktop share/kservices5/imagethumbnail.desktop share/kservices5/info.protocol share/kservices5/jpegthumbnail.desktop