svn commit: r362104 - in head/x11/kdelibs4: . files

Wed Jul 16 20:13:18 UTC 2014

Author: rakuco
Date: Wed Jul 16 20:13:17 2014
New Revision: 362104
URL: http://svnweb.freebsd.org/changeset/ports/362104
QAT: https://qat.redports.org/buildarchive/r362104/

Log:
  Add patch to fix a SSL MITM vulnerability in the POP3 ioslave.
  
  MFH:		2014Q3
  Security:	4a114331-0d24-11e4-8dd2-5453ed2e2b49

Added:
  head/x11/kdelibs4/files/patch-CVE-2014-3494   (contents, props changed)
Modified:
  head/x11/kdelibs4/Makefile

Modified: head/x11/kdelibs4/Makefile
==============================================================================

--- head/x11/kdelibs4/Makefile	Wed Jul 16 20:12:28 2014	(r362103)
+++ head/x11/kdelibs4/Makefile	Wed Jul 16 20:13:17 2014	(r362104)
@@ -3,7 +3,7 @@
 
 PORTNAME=	kdelibs
 PORTVERSION=	${KDE4_VERSION}
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	x11 kde
 MASTER_SITES=	KDE/${KDE4_BRANCH}/${PORTVERSION}/src
 DIST_SUBDIR=	KDE/${PORTVERSION}

Added: head/x11/kdelibs4/files/patch-CVE-2014-3494
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/x11/kdelibs4/files/patch-CVE-2014-3494	Wed Jul 16 20:13:17 2014	(r362104)
@@ -0,0 +1,56 @@
+From: David Faure <faure at kde.org>
+Date: Wed, 18 Jun 2014 18:29:04 +0000
+Subject: Don't require a job to handle messageboxes.
+X-Git-Tag: v4.13.3
+X-Git-Url: http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d
+---
+Don't require a job to handle messageboxes.
+
+The POP3 ioslave doesn't have a job when it gets here.
+---
+
+
+--- kio/kio/usernotificationhandler.cpp
++++ kio/kio/usernotificationhandler.cpp
+@@ -19,7 +19,7 @@
+ #include "usernotificationhandler_p.h"
+ 
+ #include "slave.h"
+-#include "job_p.h"
++#include "jobuidelegate.h"
+ 
+ #include <kdebug.h>
+ 
+@@ -76,19 +76,18 @@
+ 
+         if (m_cachedResults.contains(key)) {
+             result = *(m_cachedResults[key]);
+-        } else if (r->slave->job()) {
+-            SimpleJobPrivate* jobPrivate = SimpleJobPrivate::get(r->slave->job());
+-            if (jobPrivate) {
+-                result = jobPrivate->requestMessageBox(r->type,
+-                                                      r->data.value(MSG_TEXT).toString(),
+-                                                      r->data.value(MSG_CAPTION).toString(),
+-                                                      r->data.value(MSG_YES_BUTTON_TEXT).toString(),
+-                                                      r->data.value(MSG_NO_BUTTON_TEXT).toString(),
+-                                                      r->data.value(MSG_YES_BUTTON_ICON).toString(),
+-                                                      r->data.value(MSG_NO_BUTTON_ICON).toString(),
+-                                                      r->data.value(MSG_DONT_ASK_AGAIN).toString(),
+-                                                      r->data.value(MSG_META_DATA).toMap());
+-            }
++        } else {
++            JobUiDelegate ui;
++            const JobUiDelegate::MessageBoxType type = static_cast<JobUiDelegate::MessageBoxType>(r->type);
++            result = ui.requestMessageBox(type,
++                                          r->data.value(MSG_TEXT).toString(),
++                                          r->data.value(MSG_CAPTION).toString(),
++                                          r->data.value(MSG_YES_BUTTON_TEXT).toString(),
++                                          r->data.value(MSG_NO_BUTTON_TEXT).toString(),
++                                          r->data.value(MSG_YES_BUTTON_ICON).toString(),
++                                          r->data.value(MSG_NO_BUTTON_ICON).toString(),
++                                          r->data.value(MSG_DONT_ASK_AGAIN).toString(),
++                                          r->data.value(MSG_META_DATA).toMap());
+             m_cachedResults.insert(key, new int(result));
+         }
+     } else {
+
