From: Arkadiusz Miśkiewicz Date: Thu, 19 Jun 2014 10:11:07 +0000 (+0200) Subject: - rel 2; fixes CVE-2014-3494 X-Git-Tag: auto/th/kde4-kdelibs-4.13.2-2 X-Git-Url: http://git.pld-linux.org/gitweb.cgi?a=commitdiff_plain;h=7ab4b26aad9f475c8c99a868016adb744d301613;p=packages%2Fkde4-kdelibs.git - rel 2; fixes CVE-2014-3494 --- diff --git a/kde4-kdelibs-ssl.patch b/kde4-kdelibs-ssl.patch new file mode 100644 index 0000000..648d4fd --- /dev/null +++ b/kde4-kdelibs-ssl.patch @@ -0,0 +1,55 @@ +From: David Faure +Date: Wed, 18 Jun 2014 18:29:04 +0000 +Subject: Don't require a job to handle messageboxes. +X-Git-Url: http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d +--- +Don't require a job to handle messageboxes. + +The POP3 ioslave doesn't have a job when it gets here. +--- + + +--- a/kio/kio/usernotificationhandler.cpp ++++ b/kio/kio/usernotificationhandler.cpp +@@ -19,7 +19,7 @@ + #include "usernotificationhandler_p.h" + + #include "slave.h" +-#include "job_p.h" ++#include "jobuidelegate.h" + + #include + +@@ -76,19 +76,18 @@ + + if (m_cachedResults.contains(key)) { + result = *(m_cachedResults[key]); +- } else if (r->slave->job()) { +- SimpleJobPrivate* jobPrivate = SimpleJobPrivate::get(r->slave->job()); +- if (jobPrivate) { +- result = jobPrivate->requestMessageBox(r->type, +- r->data.value(MSG_TEXT).toString(), +- r->data.value(MSG_CAPTION).toString(), +- r->data.value(MSG_YES_BUTTON_TEXT).toString(), +- r->data.value(MSG_NO_BUTTON_TEXT).toString(), +- r->data.value(MSG_YES_BUTTON_ICON).toString(), +- r->data.value(MSG_NO_BUTTON_ICON).toString(), +- r->data.value(MSG_DONT_ASK_AGAIN).toString(), +- r->data.value(MSG_META_DATA).toMap()); +- } ++ } else { ++ JobUiDelegate ui; ++ const JobUiDelegate::MessageBoxType type = static_cast(r->type); ++ result = ui.requestMessageBox(type, ++ r->data.value(MSG_TEXT).toString(), ++ r->data.value(MSG_CAPTION).toString(), ++ r->data.value(MSG_YES_BUTTON_TEXT).toString(), ++ r->data.value(MSG_NO_BUTTON_TEXT).toString(), ++ r->data.value(MSG_YES_BUTTON_ICON).toString(), ++ r->data.value(MSG_NO_BUTTON_ICON).toString(), ++ r->data.value(MSG_DONT_ASK_AGAIN).toString(), ++ r->data.value(MSG_META_DATA).toMap()); + m_cachedResults.insert(key, new int(result)); + } + } else { + diff --git a/kde4-kdelibs.spec b/kde4-kdelibs.spec index b30e036..5857397 100644 --- a/kde4-kdelibs.spec +++ b/kde4-kdelibs.spec @@ -17,7 +17,7 @@ Summary(ru.UTF-8): K Desktop Environment - Библиотеки Summary(uk.UTF-8): K Desktop Environment - Бібліотеки Name: kde4-kdelibs Version: 4.13.2 -Release: 1 +Release: 2 License: LGPL Group: X11/Libraries Source0: ftp://ftp.kde.org/pub/kde/%{_state}/%{version}/src/%{orgname}-%{version}.tar.xz @@ -31,6 +31,7 @@ Patch3: %{name}-aboutPLD.patch Patch4: %{name}-devicemanager_remove.patch Patch5: kde4-kdelibs-sync.patch Patch6: kde4-kdelibs-pld-flags.patch +Patch7: %{name}-ssl.patch URL: http://www.kde.org/ BuildRequires: OpenEXR-devel >= 1.2.2 BuildRequires: Qt3Support-devel >= %{qtver} @@ -244,6 +245,7 @@ KDE. %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 %if "%{pld_release}" == "ti" sed -i -e 's#PLDLINUX_VERSION#PLD/Titanium#g' kio/kio/kprotocolmanager.cpp