rpms
/
kdelibs
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

POP3 kiosloave silently accepted invalid SSL certificates (#1111022, #1111023, CVE-2014-3494)

This commit is contained in:
Rex Dieter 2014-06-19 08:42:59 -05:00
parent d98238726d
commit a202c166f0
2 changed files with 64 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
0008-Don-t-require-a-job-to-handle-messageboxes.patch Normal file
View File

@ -0,0 +1,58 @@
From bbae87dc1be3ae063796a582774bd5642cacdd5d Mon Sep 17 00:00:00 2001
From: David Faure <faure@kde.org>
Date: Wed, 18 Jun 2014 20:29:04 +0200
Subject: [PATCH 08/12] Don't require a job to handle messageboxes.
The POP3 ioslave doesn't have a job when it gets here.
---
kio/kio/usernotificationhandler.cpp | 27 +++++++++++++--------------
1 file changed, 13 insertions(+), 14 deletions(-)
diff --git a/kio/kio/usernotificationhandler.cpp b/kio/kio/usernotificationhandler.cpp
index 10043cf..2b2e091 100644
--- a/kio/kio/usernotificationhandler.cpp
+++ b/kio/kio/usernotificationhandler.cpp
@@ -19,7 +19,7 @@
#include "usernotificationhandler_p.h"
#include "slave.h"
-#include "job_p.h"
+#include "jobuidelegate.h"
#include <kdebug.h>
@@ -76,19 +76,18 @@ void UserNotificationHandler::processRequest()
if (m_cachedResults.contains(key)) {
result = *(m_cachedResults[key]);
- } else if (r->slave->job()) {
- SimpleJobPrivate* jobPrivate = SimpleJobPrivate::get(r->slave->job());
- if (jobPrivate) {
- result = jobPrivate->requestMessageBox(r->type,
- r->data.value(MSG_TEXT).toString(),
- r->data.value(MSG_CAPTION).toString(),
- r->data.value(MSG_YES_BUTTON_TEXT).toString(),
- r->data.value(MSG_NO_BUTTON_TEXT).toString(),
- r->data.value(MSG_YES_BUTTON_ICON).toString(),
- r->data.value(MSG_NO_BUTTON_ICON).toString(),
- r->data.value(MSG_DONT_ASK_AGAIN).toString(),
- r->data.value(MSG_META_DATA).toMap());
- }
+ } else {
+ JobUiDelegate ui;
+ const JobUiDelegate::MessageBoxType type = static_cast<JobUiDelegate::MessageBoxType>(r->type);
+ result = ui.requestMessageBox(type,
+ r->data.value(MSG_TEXT).toString(),
+ r->data.value(MSG_CAPTION).toString(),
+ r->data.value(MSG_YES_BUTTON_TEXT).toString(),
+ r->data.value(MSG_NO_BUTTON_TEXT).toString(),
+ r->data.value(MSG_YES_BUTTON_ICON).toString(),
+ r->data.value(MSG_NO_BUTTON_ICON).toString(),
+ r->data.value(MSG_DONT_ASK_AGAIN).toString(),
+ r->data.value(MSG_META_DATA).toMap());
m_cachedResults.insert(key, new int(result));
}
} else {
--
1.8.3.1

7
kdelibs.spec
View File

@ -39,7 +39,7 @@
Summary: KDE Libraries
Version: 4.12.5
Release: 2%{?dist}
Release: 3%{?dist}
Name: kdelibs
Epoch: 6
@ -170,6 +170,7 @@ Patch092: return-application-icons-properly.patch
Patch093: turn-the-packagekit-support-feature-off-by-default.patch
## security fix
Patch158: 0008-Don-t-require-a-job-to-handle-messageboxes.patch
# rhel patches
@ -368,6 +369,7 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
%patch093 -p1 -R -b .turn-the-packagekit-support-feature-off-by-default
# security fixes
%patch158 -p1 -b .0008
# rhel patches
%if ! 0%{?webkit}
@ -624,6 +626,9 @@ gtk-update-icon-cache %{_kde4_iconsdir}/hicolor &> /dev/null || :
%changelog
* Thu Jun 19 2014 Rex Dieter <rdieter@fedoraproject.org> 4.12.5-3
- POP3 kiosloave silently accepted invalid SSL certificates (#1111022, #1111023, CVE-2014-3494)
* Tue Apr 29 2014 Rex Dieter <rdieter@fedoraproject.org> 4.12.5-2
- respin