[kdelibs/f19] POP3 kiosloave silently accepted invalid SSL certificates (#1111022, #1111023, CVE-2014-3494)
Rex Dieter
rdieter at fedoraproject.org
Thu Jun 19 13:44:42 UTC 2014
commit 910418c3e4892ec131b9ee3af2dd70a2613d4559
Author: Rex Dieter <rdieter at math.unl.edu>
Date: Thu Jun 19 08:44:40 2014 -0500
POP3 kiosloave silently accepted invalid SSL certificates (#1111022, #1111023, CVE-2014-3494)
...on-t-require-a-job-to-handle-messageboxes.patch | 58 ++++++++++++++++++++
kdelibs.spec | 7 ++-
2 files changed, 64 insertions(+), 1 deletions(-)
---
diff --git a/0008-Don-t-require-a-job-to-handle-messageboxes.patch b/0008-Don-t-require-a-job-to-handle-messageboxes.patch
new file mode 100644
index 0000000..7cad922
--- /dev/null
+++ b/0008-Don-t-require-a-job-to-handle-messageboxes.patch
@@ -0,0 +1,58 @@
+From bbae87dc1be3ae063796a582774bd5642cacdd5d Mon Sep 17 00:00:00 2001
+From: David Faure <faure at kde.org>
+Date: Wed, 18 Jun 2014 20:29:04 +0200
+Subject: [PATCH 08/12] Don't require a job to handle messageboxes.
+
+The POP3 ioslave doesn't have a job when it gets here.
+---
+ kio/kio/usernotificationhandler.cpp | 27 +++++++++++++--------------
+ 1 file changed, 13 insertions(+), 14 deletions(-)
+
+diff --git a/kio/kio/usernotificationhandler.cpp b/kio/kio/usernotificationhandler.cpp
+index 10043cf..2b2e091 100644
+--- a/kio/kio/usernotificationhandler.cpp
++++ b/kio/kio/usernotificationhandler.cpp
+@@ -19,7 +19,7 @@
+ #include "usernotificationhandler_p.h"
+
+ #include "slave.h"
+-#include "job_p.h"
++#include "jobuidelegate.h"
+
+ #include <kdebug.h>
+
+@@ -76,19 +76,18 @@ void UserNotificationHandler::processRequest()
+
+ if (m_cachedResults.contains(key)) {
+ result = *(m_cachedResults[key]);
+- } else if (r->slave->job()) {
+- SimpleJobPrivate* jobPrivate = SimpleJobPrivate::get(r->slave->job());
+- if (jobPrivate) {
+- result = jobPrivate->requestMessageBox(r->type,
+- r->data.value(MSG_TEXT).toString(),
+- r->data.value(MSG_CAPTION).toString(),
+- r->data.value(MSG_YES_BUTTON_TEXT).toString(),
+- r->data.value(MSG_NO_BUTTON_TEXT).toString(),
+- r->data.value(MSG_YES_BUTTON_ICON).toString(),
+- r->data.value(MSG_NO_BUTTON_ICON).toString(),
+- r->data.value(MSG_DONT_ASK_AGAIN).toString(),
+- r->data.value(MSG_META_DATA).toMap());
+- }
++ } else {
++ JobUiDelegate ui;
++ const JobUiDelegate::MessageBoxType type = static_cast<JobUiDelegate::MessageBoxType>(r->type);
++ result = ui.requestMessageBox(type,
++ r->data.value(MSG_TEXT).toString(),
++ r->data.value(MSG_CAPTION).toString(),
++ r->data.value(MSG_YES_BUTTON_TEXT).toString(),
++ r->data.value(MSG_NO_BUTTON_TEXT).toString(),
++ r->data.value(MSG_YES_BUTTON_ICON).toString(),
++ r->data.value(MSG_NO_BUTTON_ICON).toString(),
++ r->data.value(MSG_DONT_ASK_AGAIN).toString(),
++ r->data.value(MSG_META_DATA).toMap());
+ m_cachedResults.insert(key, new int(result));
+ }
+ } else {
+--
+1.8.3.1
+
diff --git a/kdelibs.spec b/kdelibs.spec
index c08a771..5d1518c 100644
--- a/kdelibs.spec
+++ b/kdelibs.spec
@@ -39,7 +39,7 @@
Summary: KDE Libraries
Version: 4.11.5
-Release: 2%{?dist}
+Release: 3%{?dist}
Name: kdelibs
Epoch: 6
@@ -170,6 +170,7 @@ Patch092: return-application-icons-properly.patch
Patch093: turn-the-packagekit-support-feature-off-by-default.patch
## security fix
+Patch158: 0008-Don-t-require-a-job-to-handle-messageboxes.patch
# rhel patches
@@ -368,6 +369,7 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
%patch093 -p1 -R -b .turn-the-packagekit-support-feature-off-by-default
# security fixes
+%patch158 -p1 -b .0008
# rhel patches
%if ! 0%{?webkit}
@@ -624,6 +626,9 @@ gtk-update-icon-cache %{_kde4_iconsdir}/hicolor &> /dev/null || :
%changelog
+* Thu Jun 19 2014 Rex Dieter <rdieter at fedoraproject.org> - 6:4.11.5-3
+- POP3 kiosloave silently accepted invalid SSL certificates (#1111022, #1111023, CVE-2014-3494)
+
* Sun Feb 16 2014 Kevin Kofler <Kevin at tigcc.ticalc.org> - 6:4.11.5-2
- Plasma PackageKit integration: fix plasmapkg to not query Plasma for available
script engines if component is not Plasma/*, but e.g. KWin/Script (#1065688)
More information about the scm-commits
mailing list