diff --git a/kdelibs-4.3.1-CVE-2009-2702.patch b/kdelibs-4.3.1-CVE-2009-2702.patch
new file mode 100644
index 0000000..d95a012
--- /dev/null
+++ b/kdelibs-4.3.1-CVE-2009-2702.patch
@@ -0,0 +1,69 @@
+diff -Nur kdelibs-4.3.1.orig/kio/kssl/kopenssl.cpp kdelibs-4.3.1/kio/kssl/kopenssl.cpp
+--- kdelibs-4.3.1.orig/kio/kssl/kopenssl.cpp	2008-10-23 01:05:00.000000000 +0200
++++ kdelibs-4.3.1/kio/kssl/kopenssl.cpp	2009-09-04 14:09:22.000000000 +0200
+@@ -196,6 +196,7 @@
+ static X509_NAME *(*K_X509_NAME_new)() = 0L;
+ static int (*K_X509_REQ_set_subject_name)(X509_REQ*,X509_NAME*) = 0L;
+ static unsigned char *(*K_ASN1_STRING_data)(ASN1_STRING*) = 0L;
++static int (*K_ASN1_STRING_length)(ASN1_STRING*) = 0L;
+ static STACK_OF(SSL_CIPHER) *(*K_SSL_get_ciphers)(const SSL *ssl) = 0L;
+ 
+ #endif
+@@ -530,6 +531,7 @@
+       K_X509_NAME_new = (X509_NAME *(*)()) d->cryptoLib->resolveFunction("X509_NAME_new");
+       K_X509_REQ_set_subject_name = (int (*)(X509_REQ*,X509_NAME*)) d->cryptoLib->resolveFunction("X509_REQ_set_subject_name");
+       K_ASN1_STRING_data = (unsigned char *(*)(ASN1_STRING*)) d->cryptoLib->resolveFunction("ASN1_STRING_data");
++      K_ASN1_STRING_length = (int (*)(ASN1_STRING*)) d->cryptoLib->resolveFunction("ASN1_STRING_length");
+ #endif
+    }
+ 
+@@ -1577,6 +1579,13 @@
+    return 0L;
+ }
+ 
++
++int KOpenSSLProxy::ASN1_STRING_length(ASN1_STRING *x) {
++   if (K_ASN1_STRING_length) return (K_ASN1_STRING_length)(x);
++   return 0L;
++}
++
++
+ STACK_OF(SSL_CIPHER) *KOpenSSLProxy::SSL_get_ciphers(const SSL* ssl) {
+   if (K_SSL_get_ciphers) return (K_SSL_get_ciphers)(ssl);
+   return 0L;
+diff -Nur kdelibs-4.3.1.orig/kio/kssl/kopenssl.h kdelibs-4.3.1/kio/kssl/kopenssl.h
+--- kdelibs-4.3.1.orig/kio/kssl/kopenssl.h	2009-05-19 14:06:53.000000000 +0200
++++ kdelibs-4.3.1/kio/kssl/kopenssl.h	2009-09-04 14:09:22.000000000 +0200
+@@ -589,13 +589,17 @@
+     */
+    void ASN1_INTEGER_free(ASN1_INTEGER *x);
+ 
+-
+    /*
+     *  ASN1_STRING_data
+     */
+    unsigned char *ASN1_STRING_data(ASN1_STRING *x);
+ 
+    /*
++    * ASN1_STRING_length
++    */
++   int ASN1_STRING_length(ASN1_STRING *x);
++
++   /*
+     *
+     */
+    int OBJ_obj2nid(ASN1_OBJECT *o);
+diff -Nur kdelibs-4.3.1.orig/kio/kssl/ksslcertificate.cpp kdelibs-4.3.1/kio/kssl/ksslcertificate.cpp
+--- kdelibs-4.3.1.orig/kio/kssl/ksslcertificate.cpp	2009-01-16 16:07:05.000000000 +0100
++++ kdelibs-4.3.1/kio/kssl/ksslcertificate.cpp	2009-09-04 14:09:22.000000000 +0200
+@@ -1305,7 +1305,9 @@
+         }
+ 
+         QString s = (const char *)d->kossl->ASN1_STRING_data(val->d.ia5);
+-        if (!s.isEmpty()) {
++        if (!s.isEmpty()  &&
++                /* skip subjectAltNames with embedded NULs */
++                s.length() == d->kossl->ASN1_STRING_length(val->d.ia5)) {
+             rc += s;
+         }
+     }
diff --git a/kdelibs.spec b/kdelibs.spec
index 23f486d..1bb9453 100644
--- a/kdelibs.spec
+++ b/kdelibs.spec
@@ -4,17 +4,13 @@
 
 Summary: K Desktop Environment 4 - Libraries
 Version: 4.3.1
-Release: 2%{?dist}
+Release: 3%{?dist}
 
-%if 0%{?fedora} > 8
 Name: kdelibs
 Epoch: 6
 Obsoletes: kdelibs4 < %{version}-%{release}
 Provides:  kdelibs4 = %{version}-%{release}
 %{?_isa:Provides: kdelibs4%{?_isa} = %{version}-%{release}}
-%else
-Name: kdelibs4
-%endif
 
 # http://techbase.kde.org/Policies/Licensing_Policy
 License: LGPLv2+
@@ -41,12 +37,8 @@ Requires: kde-filesystem >= 4-23
 Requires: kde-settings
 %{?_kde4_macros_api:Requires: kde4-macros(api) = %{_kde4_macros_api} }
 Requires: shared-mime-info
-%if "%{name}" == "kdelibs"
 Requires: kdelibs-common
-%endif
-%if 0%{?fedora} >= 9
 Requires: hunspell
-%endif
 Requires: phonon%{?_isa} >= %{phonon_ver} 
 Requires: soprano%{?_isa} >= %{soprano_ver} 
 Requires: strigi-libs%{?_isa} >= %{strigi_ver} 
@@ -80,12 +72,16 @@ Patch14: kdelibs-4.2.85-libexecdir.patch
 # kstandarddirs changes: search /etc/kde, find /usr/libexec/kde4
 Patch18: kdelibs-4.1.72-kstandarddirs.patch
 Patch20: kdelibs-4.1.70-cmake.patch
+Patch21: kdelibs-4.3.1-ossl-1.x.patch
 # patch to fix keditbookmarks crash (kde#160679)
 Patch22: kdelibs-4.3.0-bookmarks.patch
 
 # upstream
 # 4.3 branch
 
+# security fix
+Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
+
 BuildRequires: qt4-devel >= 4.5.0
 # qt4%{_?_isa} isn't provided yet -- Rex
 #Requires: qt4%{?_isa} >= %{_qt4_version}
@@ -95,10 +91,6 @@ Requires(post): /sbin/ldconfig
 Requires(postun): /sbin/ldconfig
 
 BuildRequires: alsa-lib-devel
-%if 0%{?fedora} < 9
-# we don't want a hard dependency on aspell on F9+, use enchant only
-BuildRequires: aspell-devel
-%endif
 BuildRequires: automoc4 >= 0.9.88
 BuildRequires: avahi-devel
 BuildRequires: bzip2-devel
@@ -145,13 +137,11 @@ Provides: kross(qtscript) = %{version}-%{release}
 %description
 Libraries for the K Desktop Environment 4.
 
-%if "%{name}" == "kdelibs"
 %package common
 Group: System Environment/Libraries
 Summary: Common files for KDE 3 and KDE 4 libraries
 %description common
 This package includes the common files for the KDE 3 and KDE 4 libraries.
-%endif
 
 %package devel
 Group: Development/Libraries
@@ -161,10 +151,8 @@ Conflicts: kdebase-runtime < 4.2.90
 Conflicts: kdebase-workspace-devel < 4.2.90
 Provides: plasma-devel = %{version}-%{release}
 Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
-%if "%{name}" != "kdelibs4"
 Obsoletes: kdelibs4-devel < %{version}-%{release}
 Provides:  kdelibs4-devel = %{version}-%{release}
-%endif
 Requires: cmake >= 2.6.2-3
 Requires: automoc4 >= 0.9.88
 Requires: qt4-devel
@@ -184,14 +172,7 @@ Summary: KDE 4 API documentation
 # Not strictly required -- Rex
 # Requires: %{name} = %{?epoch:%{epoch}:}%{version}
 Requires: kde-filesystem
-%if "%{name}" != "kdelibs4"
 Provides: kdelibs4-apidocs = %{version}-%{release}
-#else
-# Don't do that for now, we'd need to make sure all Requires: kdelibs-apidocs
-# (in kdevelop etc.) are fixed to kdelibs3-apidocs first and it may not be
-# worth it anyway.
-#Provides: kdelibs-apidocs = 6:%{version}-%{release}
-%endif
 
 %description apidocs
 This package includes the KDE 4 API documentation in HTML
@@ -211,11 +192,14 @@ format for easy browsing.
 %patch14 -p1 -b .libexecdir
 %patch18 -p1 -b .kstandarddirs
 %patch20 -p1 -b .xxcmake
+%patch21 -p1 -b .ossl-1.x
 %patch22 -p1 -b .bookmarks
 
 # upstream patches
 # 4.3
 
+# security fix
+%patch200 -p1 -b .CVE-2009-2702
 
 %build
 
@@ -400,11 +384,15 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Fri Sep 04 2009 Than Ngo <than@redhat.com> - 4.3.1-3
+- security fix for -CVE-2009-2702
+
 * Wed Sep 02 2009 Ben Boeckel <MathStuf@gmail.com> - 4.3.1-2
 - Patch for kde#160679
 
 * Fri Aug 28 2009 Than Ngo <than@redhat.com> - 4.3.1-1
 - 4.3.1
+- openssl-1.0 build fixes
 
 * Wed Aug 26 2009 Rex Dieter <rdieter@fedoraproject.org> - 4.3.0-8
 - BR: xz-devel