diff --git a/0008-Don-t-require-a-job-to-handle-messageboxes.patch b/0008-Don-t-require-a-job-to-handle-messageboxes.patch new file mode 100644 index 0000000..7cad922 --- /dev/null +++ b/0008-Don-t-require-a-job-to-handle-messageboxes.patch @@ -0,0 +1,58 @@ +From bbae87dc1be3ae063796a582774bd5642cacdd5d Mon Sep 17 00:00:00 2001 +From: David Faure +Date: Wed, 18 Jun 2014 20:29:04 +0200 +Subject: [PATCH 08/12] Don't require a job to handle messageboxes. + +The POP3 ioslave doesn't have a job when it gets here. +--- + kio/kio/usernotificationhandler.cpp | 27 +++++++++++++-------------- + 1 file changed, 13 insertions(+), 14 deletions(-) + +diff --git a/kio/kio/usernotificationhandler.cpp b/kio/kio/usernotificationhandler.cpp +index 10043cf..2b2e091 100644 +--- a/kio/kio/usernotificationhandler.cpp ++++ b/kio/kio/usernotificationhandler.cpp +@@ -19,7 +19,7 @@ + #include "usernotificationhandler_p.h" + + #include "slave.h" +-#include "job_p.h" ++#include "jobuidelegate.h" + + #include + +@@ -76,19 +76,18 @@ void UserNotificationHandler::processRequest() + + if (m_cachedResults.contains(key)) { + result = *(m_cachedResults[key]); +- } else if (r->slave->job()) { +- SimpleJobPrivate* jobPrivate = SimpleJobPrivate::get(r->slave->job()); +- if (jobPrivate) { +- result = jobPrivate->requestMessageBox(r->type, +- r->data.value(MSG_TEXT).toString(), +- r->data.value(MSG_CAPTION).toString(), +- r->data.value(MSG_YES_BUTTON_TEXT).toString(), +- r->data.value(MSG_NO_BUTTON_TEXT).toString(), +- r->data.value(MSG_YES_BUTTON_ICON).toString(), +- r->data.value(MSG_NO_BUTTON_ICON).toString(), +- r->data.value(MSG_DONT_ASK_AGAIN).toString(), +- r->data.value(MSG_META_DATA).toMap()); +- } ++ } else { ++ JobUiDelegate ui; ++ const JobUiDelegate::MessageBoxType type = static_cast(r->type); ++ result = ui.requestMessageBox(type, ++ r->data.value(MSG_TEXT).toString(), ++ r->data.value(MSG_CAPTION).toString(), ++ r->data.value(MSG_YES_BUTTON_TEXT).toString(), ++ r->data.value(MSG_NO_BUTTON_TEXT).toString(), ++ r->data.value(MSG_YES_BUTTON_ICON).toString(), ++ r->data.value(MSG_NO_BUTTON_ICON).toString(), ++ r->data.value(MSG_DONT_ASK_AGAIN).toString(), ++ r->data.value(MSG_META_DATA).toMap()); + m_cachedResults.insert(key, new int(result)); + } + } else { +-- +1.8.3.1 + diff --git a/kdelibs.spec b/kdelibs.spec index e9caa2d..83afdce 100644 --- a/kdelibs.spec +++ b/kdelibs.spec @@ -39,7 +39,7 @@ Summary: KDE Libraries Version: 4.13.2 -Release: 3%{?dist} +Release: 4%{?dist} Name: kdelibs Epoch: 6 @@ -174,6 +174,7 @@ Patch092: return-application-icons-properly.patch Patch093: turn-the-packagekit-support-feature-off-by-default.patch ## security fix +Patch158: 0008-Don-t-require-a-job-to-handle-messageboxes.patch # rhel patches @@ -373,6 +374,7 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage %patch093 -p1 -R -b .turn-the-packagekit-support-feature-off-by-default # security fixes +%patch158 -p1 -b .0008 # rhel patches %if ! 0%{?webkit} @@ -629,6 +631,9 @@ gtk-update-icon-cache %{_kde4_iconsdir}/hicolor &> /dev/null || : %changelog +* Thu Jun 19 2014 Rex Dieter 6:4.13.2-4 +- POP3 kiosloave silently accepted invalid SSL certificates (#1111022, #1111023, CVE-2014-3494) + * Mon Jun 09 2014 Rex Dieter - 6:4.13.2-3 - FindKDE4Internal.cmake: define _DEFAULT_SOURCE too (to avoid _BSD_SOURCE deprecation warnings)