security update: x11/kde4/libs

Thu, 19 Jun 2014 11:02:02 -0700 

heads up @ports,

securiry fix for kde4 libs.

http://www.kde.org/info/security/advisory-20140618-1.txt

Cheers, Rafael

Index: Makefile
===================================================================
RCS file: /cvs/ports/x11/kde4/libs/Makefile,v
retrieving revision 1.51
diff -u -p -u -r1.51 Makefile
--- Makefile    30 Apr 2014 09:36:04 -0000      1.51
+++ Makefile    19 Jun 2014 15:05:42 -0000
@@ -11,7 +11,7 @@ PKGNAME-langlist =    kde4-langlist-${MODKD
 PKG_ARCH-en_US =       *
 PKG_ARCH-langlist =    *
 PKGSPEC-main =         kdelibs->=4
-REVISION-main =                8
+REVISION-main =                9

 DPB_PROPERTIES =       parallel tag:kde4

Index: patches/patch-kio_kio_usernotificationhandler_cpp
===================================================================
RCS file: patches/patch-kio_kio_usernotificationhandler_cpp
diff -N patches/patch-kio_kio_usernotificationhandler_cpp
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-kio_kio_usernotificationhandler_cpp   19 Jun 2014 15:05:42 
-0000
@@ -0,0 +1,47 @@
+$OpenBSD$
+
+fix CVE-2014-3494
+
+--- kio/kio/usernotificationhandler.cpp.orig   Thu Jan  2 20:26:52 2014
++++ kio/kio/usernotificationhandler.cpp        Thu Jun 19 17:00:27 2014
+@@ -19,7 +19,7 @@
+ #include "usernotificationhandler_p.h"
+
+ #include "slave.h"
+-#include "job_p.h"
++#include "jobuidelegate.h"
+
+ #include <kdebug.h>
+
+@@ -76,19 +76,18 @@ void UserNotificationHandler::processRequest()
+
+         if (m_cachedResults.contains(key)) {
+             result = *(m_cachedResults[key]);
+-        } else if (r->slave->job()) {
+-            SimpleJobPrivate* jobPrivate = 
SimpleJobPrivate::get(r->slave->job());
+-            if (jobPrivate) {
+-                result = jobPrivate->requestMessageBox(r->type,
+-                                                      
r->data.value(MSG_TEXT).toString(),
+-                                                      
r->data.value(MSG_CAPTION).toString(),
+-                                                      
r->data.value(MSG_YES_BUTTON_TEXT).toString(),
+-                                                      
r->data.value(MSG_NO_BUTTON_TEXT).toString(),
+-                                                      
r->data.value(MSG_YES_BUTTON_ICON).toString(),
+-                                                      
r->data.value(MSG_NO_BUTTON_ICON).toString(),
+-                                                      
r->data.value(MSG_DONT_ASK_AGAIN).toString(),
+-                                                      
r->data.value(MSG_META_DATA).toMap());
+-            }
++        } else {
++            JobUiDelegate ui;
++            const JobUiDelegate::MessageBoxType type = 
static_cast<JobUiDelegate::MessageBoxType>(r->type);
++            result = ui.requestMessageBox(type,
++                                          r->data.value(MSG_TEXT).toString(),
++                                          
r->data.value(MSG_CAPTION).toString(),
++                                          
r->data.value(MSG_YES_BUTTON_TEXT).toString(),
++                                          
r->data.value(MSG_NO_BUTTON_TEXT).toString(),
++                                          
r->data.value(MSG_YES_BUTTON_ICON).toString(),
++                                          
r->data.value(MSG_NO_BUTTON_ICON).toString(),
++                                          
r->data.value(MSG_DONT_ASK_AGAIN).toString(),
++                                          
r->data.value(MSG_META_DATA).toMap());
+             m_cachedResults.insert(key, new int(result));
+         }
+     } else {

Reply via email to