gentoo resync : 18.05.2019

4 files changed, 11 insertions, 81 deletions

diff --git a/kde-frameworks/kauth/Manifest b/kde-frameworks/kauth/Manifest
index dee2569855d5..d3be6a0dccca 100644
--- a/kde-frameworks/kauth/Manifest
+++ b/kde-frameworks/kauth/Manifest
@@ -1,6 +1,5 @@
-AUX kauth-5.54.0-CVE-2019-7443.patch 2448 BLAKE2B b0a9d1e739c5ea66d489157c160db395ec406cafcb098e94ccca8136019a7cb33e3d5d1ff3654e9cfa2c3c003c866fb8dc315305ca5cee79b4bff17973edaa97 SHA512 9cb0e37eedb5cee82c5e6d1b316f92f014c8850c9274a8d0c728f306ceabc35cbbec81b0057ebaf904bd48f3e07d6f83d91b0ef12602a0c1ba66b39a04bb45e4
-DIST kauth-5.54.0.tar.xz 84688 BLAKE2B beba564ccc64af52b772ce827b756fad493e3e4926e6bb8b7b65154bf6b7a1753a211e98dd12c67bba844412610ff08f39b9e34a0aadc6c2fc87f4a25e4090bc SHA512 f75c6f019d708409817a5b64d88033326a7d627cdee00e61280043d5cd8f65731f08d48405f50c7240f18670b25abfeea4b2af5966ebb2ee7e0f56669b5551c2
 DIST kauth-5.57.0.tar.xz 85364 BLAKE2B 24eec6862a3d68e3abb7b16a2ed93d0b04484d782ecf5543092b382dc84e3935ff81073f077d3b87b68ea5fa2b95bfad4f8cc9572fbb2284ff152da3d450123e SHA512 7d5e2aee7c5f60cb1e30b1a54864ba79e61f3b79bda4c9efc8adb58b04e5723412156501583593087ca594a4348f8be7d569e2ef67747d95492b91b3c1cf5fec
-EBUILD kauth-5.54.0-r1.ebuild 877 BLAKE2B 929aba9af56458ff78b2e1fce8155bc4bd676994f2b38a3824055be36b05be2803057577fa4d0258ca4071d4eedc0891e434cf4b35c74f53b2f5727f7b1dae6a SHA512 6928fba45328867836011167a53527a735073d0aad54e7e8d290410ab4c31562e9dfce7f781be72a515301b13717c86bd3bc2a410c1cd4f2eacd913afb3a5ef4
-EBUILD kauth-5.57.0.ebuild 837 BLAKE2B 712f431c7dbd6fb1a00a9731fff4f1c46841996fb1a2a2684bbe907cc50acedc839ff765b055dfd596e46a38c60315e8f5ada9f5c46275a4689e67552f73c5d3 SHA512 77414c4a4851b0650c3e5b52b8027a999ac355781b3f2395b96e0f4f2a574b8f56421ead834da4d54d6deafea647cdb8a460c91d7b135c7cd3a5c98e1a7e447c
+DIST kauth-5.58.0.tar.xz 85388 BLAKE2B 55a02bce3c06b00c1d8cb6422550d170343934a2e339f3d358f8789bcaaf1fcc90c74cc6a5ef38a07f69a38c88af64588f88c1be957aa3cf605285279bbcee0f SHA512 7d337b4b6507dd1b35df118a5a1f9167efcec67386f85d0ed3c7f22dbb6c56fddf7ba4979c7f1c70c11b525f99a2e3e95e3a1d4f9971d8c02ce40e9664ee0cef
+EBUILD kauth-5.57.0.ebuild 835 BLAKE2B 1c1d8a94ee759202e042106e1c70d40887cd7afa71e340f88fbdb095000e0e280e6a9fe4724521fe385ea964085cd060a37e5aec0a6cad9516a1003813ab0913 SHA512 6c2d7cb293b9f4f7fd2c8cc5eae4dfa15b803b37c68dc3675bafb295d18d2caa1408b865a41c812965a843757f48e81fb8f47c20a745c60123ec40f9ba997762
+EBUILD kauth-5.58.0.ebuild 837 BLAKE2B 712f431c7dbd6fb1a00a9731fff4f1c46841996fb1a2a2684bbe907cc50acedc839ff765b055dfd596e46a38c60315e8f5ada9f5c46275a4689e67552f73c5d3 SHA512 77414c4a4851b0650c3e5b52b8027a999ac355781b3f2395b96e0f4f2a574b8f56421ead834da4d54d6deafea647cdb8a460c91d7b135c7cd3a5c98e1a7e447c
 MISC metadata.xml 249 BLAKE2B ad415db89e5dee1627aa77f44ded9d4e1e5b8217d06c7ca25bbaa3fe92ce67c2b1090957c45a821b407d7927e5af798498aa6a5b903895ee1af8ee20a446c7f7 SHA512 76a5a340b13f0053ca3c5e94ed24380ea8d29b45ac8655419e22eaadb1e4a827c04d2e7e36b65145c4964e6526f656618fc6ac144e277ef53cb7373e6239e3c3
diff --git a/kde-frameworks/kauth/files/kauth-5.54.0-CVE-2019-7443.patch b/kde-frameworks/kauth/files/kauth-5.54.0-CVE-2019-7443.patch
deleted file mode 100644
index 5b11cd8f5e98..000000000000
--- a/kde-frameworks/kauth/files/kauth-5.54.0-CVE-2019-7443.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From fc70fb0161c1b9144d26389434d34dd135cd3f4a Mon Sep 17 00:00:00 2001
-From: Albert Astals Cid <aacid@kde.org>
-Date: Sat, 2 Feb 2019 14:35:25 +0100
-Subject: Remove support for passing gui QVariants to KAuth helpers
-
-Supporting gui variants is very dangerous since they can end up triggering
-image loading plugins which are one of the biggest vectors for crashes, which
-for very smart people mean possible code execution, which is very dangerous
-in code that is executed as root.
-
-We've checked all the KAuth helpers inside KDE git and none seems to be using
-gui variants, so we're not actually limiting anything that people wanted to do.
-
-Reviewed by security@kde.org and Aleix Pol
-
-Issue reported by Fabian Vogt
----
- src/backends/dbus/DBusHelperProxy.cpp | 9 +++++++++
- src/kauthaction.h                     | 2 ++
- 2 files changed, 11 insertions(+)
-
-diff --git a/src/backends/dbus/DBusHelperProxy.cpp b/src/backends/dbus/DBusHelperProxy.cpp
-index 10c14c6..8f0d336 100644
---- a/src/backends/dbus/DBusHelperProxy.cpp
-+++ b/src/backends/dbus/DBusHelperProxy.cpp
-@@ -31,6 +31,8 @@
- #include "kf5authadaptor.h"
- #include "kauthdebug.h"
- 
-+extern Q_CORE_EXPORT const QMetaTypeInterface *qMetaTypeGuiHelper;
-+
- namespace KAuth
- {
- 
-@@ -229,10 +231,17 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra
-         return ActionReply::HelperBusyReply().serialized();
-     }
- 
-+    // Make sure we don't try restoring gui variants, in particular QImage/QPixmap/QIcon are super dangerous
-+    // since they end up calling the image loaders and thus are a vector for crashing → executing code
-+    auto origMetaTypeGuiHelper = qMetaTypeGuiHelper;
-+    qMetaTypeGuiHelper = nullptr;
-+
-     QVariantMap args;
-     QDataStream s(&arguments, QIODevice::ReadOnly);
-     s >> args;
- 
-+    qMetaTypeGuiHelper = origMetaTypeGuiHelper;
-+
-     m_currentAction = action;
-     emit remoteSignal(ActionStarted, action, QByteArray());
-     QEventLoop e;
-diff --git a/src/kauthaction.h b/src/kauthaction.h
-index c67a70a..01f3ba1 100644
---- a/src/kauthaction.h
-+++ b/src/kauthaction.h
-@@ -298,6 +298,8 @@ public:
-      * This method sets the variant map that the application
-      * can use to pass arbitrary data to the helper when executing the action.
-      *
-+     * Only non-gui variants are supported.
-+     *
-      * @param arguments The new arguments map
-      */
-     void setArguments(const QVariantMap &arguments);
--- 
-cgit v1.1
-
diff --git a/kde-frameworks/kauth/kauth-5.57.0.ebuild b/kde-frameworks/kauth/kauth-5.57.0.ebuild
index 396d6cb72e1a..13d60d084b33 100644
--- a/kde-frameworks/kauth/kauth-5.57.0.ebuild
+++ b/kde-frameworks/kauth/kauth-5.57.0.ebuild
@@ -8,7 +8,7 @@ inherit kde5
 
 DESCRIPTION="Framework to let applications perform actions as a privileged user"
 LICENSE="LGPL-2.1+"
-KEYWORDS="~amd64 ~arm ~arm64 ~x86"
+KEYWORDS="amd64 ~arm ~arm64 x86"
 IUSE="nls +policykit"
 
 BDEPEND="
diff --git a/kde-frameworks/kauth/kauth-5.54.0-r1.ebuild b/kde-frameworks/kauth/kauth-5.58.0.ebuild
index 864369ed55f6..396d6cb72e1a 100644
--- a/kde-frameworks/kauth/kauth-5.54.0-r1.ebuild
+++ b/kde-frameworks/kauth/kauth-5.58.0.ebuild
@@ -1,30 +1,29 @@
 # Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=6
+EAPI=7
 
 VIRTUALX_REQUIRED="test"
 inherit kde5
 
 DESCRIPTION="Framework to let applications perform actions as a privileged user"
 LICENSE="LGPL-2.1+"
-KEYWORDS="amd64 ~arm ~arm64 x86"
+KEYWORDS="~amd64 ~arm ~arm64 ~x86"
 IUSE="nls +policykit"
 
-RDEPEND="
+BDEPEND="
+	nls? ( $(add_qt_dep linguist-tools) )
+"
+DEPEND="
 	$(add_frameworks_dep kcoreaddons)
 	$(add_qt_dep qtdbus)
 	$(add_qt_dep qtgui)
 	$(add_qt_dep qtwidgets)
 	policykit? ( sys-auth/polkit-qt[qt5(+)] )
 "
-DEPEND="${RDEPEND}
-	nls? ( $(add_qt_dep linguist-tools) )
-"
+RDEPEND="${DEPEND}"
 PDEPEND="policykit? ( kde-plasma/polkit-kde-agent )"
 
-PATCHES=( "${FILESDIR}/${P}-CVE-2019-7443.patch" )
-
 src_configure() {
 	local mycmakeargs=(
 		$(cmake-utils_use_find_package policykit PolkitQt5-1)