[arch-commits] Commit in kdelibs/trunk (CVE-2014-3494.patch PKGBUILD)
Andrea Scarpino
andrea at nymeria.archlinux.org
Wed Jun 18 21:22:58 UTC 2014
Date: Wednesday, June 18, 2014 @ 23:22:58
Author: andrea
Revision: 215302
upgpkg: kdelibs 4.13.2-3
KMail/KIO POP3 SSL MITM Flaw
Added:
kdelibs/trunk/CVE-2014-3494.patch
Modified:
kdelibs/trunk/PKGBUILD
---------------------+
CVE-2014-3494.patch | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 11 ++++++----
2 files changed, 62 insertions(+), 4 deletions(-)
Added: CVE-2014-3494.patch
===================================================================
--- CVE-2014-3494.patch (rev 0)
+++ CVE-2014-3494.patch 2014-06-18 21:22:58 UTC (rev 215302)
@@ -0,0 +1,55 @@
+From: David Faure <faure at kde.org>
+Date: Wed, 18 Jun 2014 18:29:04 +0000
+Subject: Don't require a job to handle messageboxes.
+X-Git-Url: http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d
+---
+Don't require a job to handle messageboxes.
+
+The POP3 ioslave doesn't have a job when it gets here.
+---
+
+
+--- a/kio/kio/usernotificationhandler.cpp
++++ b/kio/kio/usernotificationhandler.cpp
+@@ -19,7 +19,7 @@
+ #include "usernotificationhandler_p.h"
+
+ #include "slave.h"
+-#include "job_p.h"
++#include "jobuidelegate.h"
+
+ #include <kdebug.h>
+
+@@ -76,19 +76,18 @@
+
+ if (m_cachedResults.contains(key)) {
+ result = *(m_cachedResults[key]);
+- } else if (r->slave->job()) {
+- SimpleJobPrivate* jobPrivate = SimpleJobPrivate::get(r->slave->job());
+- if (jobPrivate) {
+- result = jobPrivate->requestMessageBox(r->type,
+- r->data.value(MSG_TEXT).toString(),
+- r->data.value(MSG_CAPTION).toString(),
+- r->data.value(MSG_YES_BUTTON_TEXT).toString(),
+- r->data.value(MSG_NO_BUTTON_TEXT).toString(),
+- r->data.value(MSG_YES_BUTTON_ICON).toString(),
+- r->data.value(MSG_NO_BUTTON_ICON).toString(),
+- r->data.value(MSG_DONT_ASK_AGAIN).toString(),
+- r->data.value(MSG_META_DATA).toMap());
+- }
++ } else {
++ JobUiDelegate ui;
++ const JobUiDelegate::MessageBoxType type = static_cast<JobUiDelegate::MessageBoxType>(r->type);
++ result = ui.requestMessageBox(type,
++ r->data.value(MSG_TEXT).toString(),
++ r->data.value(MSG_CAPTION).toString(),
++ r->data.value(MSG_YES_BUTTON_TEXT).toString(),
++ r->data.value(MSG_NO_BUTTON_TEXT).toString(),
++ r->data.value(MSG_YES_BUTTON_ICON).toString(),
++ r->data.value(MSG_NO_BUTTON_ICON).toString(),
++ r->data.value(MSG_DONT_ASK_AGAIN).toString(),
++ r->data.value(MSG_META_DATA).toMap());
+ m_cachedResults.insert(key, new int(result));
+ }
+ } else {
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-06-18 21:00:08 UTC (rev 215301)
+++ PKGBUILD 2014-06-18 21:22:58 UTC (rev 215302)
@@ -4,7 +4,7 @@
pkgname=kdelibs
pkgver=4.13.2
-pkgrel=2
+pkgrel=3
pkgdesc="KDE Core Libraries"
arch=('i686' 'x86_64')
url='https://projects.kde.org/projects/kde/kdelibs'
@@ -16,13 +16,16 @@
makedepends=('cmake' 'automoc4' 'avahi' 'libgl' 'hspell' 'mesa')
install=${pkgname}.install
source=("http://download.kde.org/stable/${pkgver}/src/${pkgname}-${pkgver}.tar.xz"
- 'kde-applications-menu.patch' 'archlinux-menu.patch' 'qt4.patch')
+ 'kde-applications-menu.patch' 'archlinux-menu.patch' 'qt4.patch'
+ 'CVE-2014-3494.patch')
sha1sums=('c540edeb7da23f5a8feacb4d775bce43f2060a96'
'86ee8c8660f19de8141ac99cd6943964d97a1ed7'
'63a850ab4196b9d06934f2b4a13acd9f7739bc67'
- 'ed1f57ee661e5c7440efcaba7e51d2554709701c')
+ 'ed1f57ee661e5c7440efcaba7e51d2554709701c'
+ 'c8b4010c68cee6352a68d97da3d5316f52207e83')
prepare() {
+ mkdir build
cd ${pkgname}-${pkgver}
# avoid file conflict with gnome-menus
patch -p1 -i "${srcdir}"/kde-applications-menu.patch
@@ -32,10 +35,10 @@
patch -p1 -i "${srcdir}"/qt4.patch
# fix build with giflib 5.1.0
sed -i "/DGifCloseFile/s:file:&, NULL:g" khtml/imload/decoders/gifloader.cpp
+ patch -p1 -i "${srcdir}"/CVE-2014-3494.patch
}
build() {
- mkdir build
cd build
cmake ../${pkgname}-${pkgver} \
-DCMAKE_BUILD_TYPE=Release \
More information about the arch-commits
mailing list