Date: Wed, 16 Jul 2014 20:13:17 +0000 (UTC) From: Raphael Kubo da Costa <rakuco@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r362104 - in head/x11/kdelibs4: . files Message-ID: <201407162013.s6GKDHYP083324@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rakuco Date: Wed Jul 16 20:13:17 2014 New Revision: 362104 URL: http://svnweb.freebsd.org/changeset/ports/362104 QAT: https://qat.redports.org/buildarchive/r362104/ Log: Add patch to fix a SSL MITM vulnerability in the POP3 ioslave. MFH: 2014Q3 Security: 4a114331-0d24-11e4-8dd2-5453ed2e2b49 Added: head/x11/kdelibs4/files/patch-CVE-2014-3494 (contents, props changed) Modified: head/x11/kdelibs4/Makefile Modified: head/x11/kdelibs4/Makefile ============================================================================== --- head/x11/kdelibs4/Makefile Wed Jul 16 20:12:28 2014 (r362103) +++ head/x11/kdelibs4/Makefile Wed Jul 16 20:13:17 2014 (r362104) @@ -3,7 +3,7 @@ PORTNAME= kdelibs PORTVERSION= ${KDE4_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= x11 kde MASTER_SITES= KDE/${KDE4_BRANCH}/${PORTVERSION}/src DIST_SUBDIR= KDE/${PORTVERSION} Added: head/x11/kdelibs4/files/patch-CVE-2014-3494 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/x11/kdelibs4/files/patch-CVE-2014-3494 Wed Jul 16 20:13:17 2014 (r362104) @@ -0,0 +1,56 @@ +From: David Faure <faure@kde.org> +Date: Wed, 18 Jun 2014 18:29:04 +0000 +Subject: Don't require a job to handle messageboxes. +X-Git-Tag: v4.13.3 +X-Git-Url: http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d +--- +Don't require a job to handle messageboxes. + +The POP3 ioslave doesn't have a job when it gets here. +--- + + +--- kio/kio/usernotificationhandler.cpp ++++ kio/kio/usernotificationhandler.cpp +@@ -19,7 +19,7 @@ + #include "usernotificationhandler_p.h" + + #include "slave.h" +-#include "job_p.h" ++#include "jobuidelegate.h" + + #include <kdebug.h> + +@@ -76,19 +76,18 @@ + + if (m_cachedResults.contains(key)) { + result = *(m_cachedResults[key]); +- } else if (r->slave->job()) { +- SimpleJobPrivate* jobPrivate = SimpleJobPrivate::get(r->slave->job()); +- if (jobPrivate) { +- result = jobPrivate->requestMessageBox(r->type, +- r->data.value(MSG_TEXT).toString(), +- r->data.value(MSG_CAPTION).toString(), +- r->data.value(MSG_YES_BUTTON_TEXT).toString(), +- r->data.value(MSG_NO_BUTTON_TEXT).toString(), +- r->data.value(MSG_YES_BUTTON_ICON).toString(), +- r->data.value(MSG_NO_BUTTON_ICON).toString(), +- r->data.value(MSG_DONT_ASK_AGAIN).toString(), +- r->data.value(MSG_META_DATA).toMap()); +- } ++ } else { ++ JobUiDelegate ui; ++ const JobUiDelegate::MessageBoxType type = static_cast<JobUiDelegate::MessageBoxType>(r->type); ++ result = ui.requestMessageBox(type, ++ r->data.value(MSG_TEXT).toString(), ++ r->data.value(MSG_CAPTION).toString(), ++ r->data.value(MSG_YES_BUTTON_TEXT).toString(), ++ r->data.value(MSG_NO_BUTTON_TEXT).toString(), ++ r->data.value(MSG_YES_BUTTON_ICON).toString(), ++ r->data.value(MSG_NO_BUTTON_ICON).toString(), ++ r->data.value(MSG_DONT_ASK_AGAIN).toString(), ++ r->data.value(MSG_META_DATA).toMap()); + m_cachedResults.insert(key, new int(result)); + } + } else { +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201407162013.s6GKDHYP083324>