svn commit: r484818 - head/devel/kio-extras
Tobias C. Berner
tcberner at FreeBSD.org
Mon Nov 12 19:09:21 UTC 2018
Author: tcberner
Date: Mon Nov 12 19:09:19 2018
New Revision: 484818
URL: https://svnweb.freebsd.org/changeset/ports/484818
Log:
devel/kio-extras: Remove the htmlthumbnailer.
Albert Astals Cids reports:
The HTML thumbnailer was incorrectly accessing some content of
remote URLs listed in HTML files. This meant that the owners of the servers
referred in HTML files in your system could have seen in their access logs
your IP address every time the thumbnailer tried to create the thumbnail.
Use the suggested workaround, and remove the htmlthumbnailer.
MFC after: 2018Q4
Security: 1460aa25-e6ab-11e8-a733-e0d55e2a8bf9
Security: CVE-2018-19120
Modified:
head/devel/kio-extras/Makefile
head/devel/kio-extras/pkg-plist
Modified: head/devel/kio-extras/Makefile
==============================================================================
--- head/devel/kio-extras/Makefile Mon Nov 12 19:03:48 2018 (r484817)
+++ head/devel/kio-extras/Makefile Mon Nov 12 19:09:19 2018 (r484818)
@@ -2,7 +2,7 @@
PORTNAME= kio-extras
DISTVERSION= ${KDE_APPLICATIONS_VERSION}
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= devel kde kde-applications # kde kde-applications-plasma
MAINTAINER= kde at FreeBSD.org
@@ -24,8 +24,11 @@ USE_QT= core dbus declarative gui location network ph
buildtools_build qmake_build
SHEBANG_FILES= info/kde-info2html
-OPTIONS_DEFINE= SAMBA MTP EXR EXIV SLP SSH WEBENGINE TAGLIB DOCS
-OPTIONS_DEFAULT=SAMBA MTP EXR EXIV SLP SSH WEBENGINE TAGLIB
+# CVE-2018-19120
+CMAKE_ON= CMAKE_DISABLE_FIND_PACKAGE_Qt5WebEngineWidget
+
+OPTIONS_DEFINE= SAMBA MTP EXR EXIV SLP SSH TAGLIB DOCS
+OPTIONS_DEFAULT=SAMBA MTP EXR EXIV SLP SSH TAGLIB
OPTIONS_SUB= yes
SAMBA_DESC= Needed to build the SMB kioslave
@@ -56,10 +59,5 @@ SSH_LIB_DEPENDS= libssh.so:security/libssh
TAGLIB_DESC= Needed to build the audio thumbnail kioslave
TAGLIB_CMAKE_BOOL_OFF= CMAKE_DISABLE_FIND_PACKAGE_Taglib
TAGLIB_LIB_DEPENDS= libtag.so:audio/taglib
-
-WEBENGINE_DESC= Needed to build the html thumbnailer
-WEBENGINE_CMAKE_BOOL_OFF= CMAKE_DISABLE_FIND_PACKAGE_Qt5WebEngineWidget
-WEBENGINE_USES= qt:5
-WEBENGINE_USE= QT=webengine
.include <bsd.port.mk>
Modified: head/devel/kio-extras/pkg-plist
==============================================================================
--- head/devel/kio-extras/pkg-plist Mon Nov 12 19:03:48 2018 (r484817)
+++ head/devel/kio-extras/pkg-plist Mon Nov 12 19:09:19 2018 (r484818)
@@ -12,7 +12,6 @@ lib/libmolletnetwork5.so.%%KDE_APPLICATIONS_VERSION%%
%%QT_PLUGINDIR%%/comicbookthumbnail.so
%%QT_PLUGINDIR%%/djvuthumbnail.so
%%EXR%%%%QT_PLUGINDIR%%/exrthumbnail.so
-%%WEBENGINE%%%%QT_PLUGINDIR%%/htmlthumbnail.so
%%QT_PLUGINDIR%%/imagethumbnail.so
%%QT_PLUGINDIR%%/jpegthumbnail.so
%%QT_PLUGINDIR%%/kactivitymanagerd_fileitem_linking_plugin.so
@@ -66,7 +65,6 @@ share/kservices5/djvuthumbnail.desktop
share/kservices5/filenamesearch.protocol
share/kservices5/fish.protocol
share/kservices5/gzip.protocol
-%%WEBENGINE%%share/kservices5/htmlthumbnail.desktop
share/kservices5/imagethumbnail.desktop
share/kservices5/info.protocol
share/kservices5/jpegthumbnail.desktop
More information about the svn-ports-all
mailing list