pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/net/messagelib
Module Name: pkgsrc
Committed By: markd
Date: Thu Jan 8 18:51:35 UTC 2026
Modified Files:
pkgsrc/net/messagelib: Makefile distinfo
Added Files:
pkgsrc/net/messagelib/patches:
patch-src_checkphishingurl_checkphishingurljob.cpp
patch-src_checkphishingurl_checkphishingurljob.h
patch-src_checkphishingurl_createphishingurldatabasejob.cpp
patch-src_checkphishingurl_createphishingurldatabasejob.h
patch-src_checkphishingurl_searchfullhashjob.cpp
patch-src_checkphishingurl_searchfullhashjob.h
Log Message:
messagelib: Don't unconditionally ignore SSL errors from Google's phishing API
CVE-2025-69412
https://invent.kde.org/pim/messagelib/-/commit/df525dc91498423f3c45e143efab1c7102776652
To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 pkgsrc/net/messagelib/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/messagelib/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_checkphishingurljob.cpp \
pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_checkphishingurljob.h \
pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_createphishingurldatabasejob.cpp \
pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_createphishingurldatabasejob.h \
pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_searchfullhashjob.cpp \
pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_searchfullhashjob.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/net/messagelib/Makefile
diff -u pkgsrc/net/messagelib/Makefile:1.20 pkgsrc/net/messagelib/Makefile:1.21
--- pkgsrc/net/messagelib/Makefile:1.20 Wed Jan 7 08:48:23 2026
+++ pkgsrc/net/messagelib/Makefile Thu Jan 8 18:51:35 2026
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.20 2026/01/07 08:48:23 wiz Exp $
+# $NetBSD: Makefile,v 1.21 2026/01/08 18:51:35 markd Exp $
DISTNAME= messagelib-${KAPPSVER}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= net
HOMEPAGE= https://kontact.kde.org/
Index: pkgsrc/net/messagelib/distinfo
diff -u pkgsrc/net/messagelib/distinfo:1.3 pkgsrc/net/messagelib/distinfo:1.4
--- pkgsrc/net/messagelib/distinfo:1.3 Sun Dec 21 15:12:21 2025
+++ pkgsrc/net/messagelib/distinfo Thu Jan 8 18:51:35 2026
@@ -1,5 +1,11 @@
-$NetBSD: distinfo,v 1.3 2025/12/21 15:12:21 markd Exp $
+$NetBSD: distinfo,v 1.4 2026/01/08 18:51:35 markd Exp $
BLAKE2s (messagelib-25.08.3.tar.xz) = 7b066b3a05f84e561c521a49019b159231239045a6137d91215b124b0d2116db
SHA512 (messagelib-25.08.3.tar.xz) = f96f14e413d3192be0780016063c4da44e5750791df0da349eb275417b2820bf75e4fcc1af11180f8df5e713adac5d3564e00ac9ffb74a3785bc94772563f22e
Size (messagelib-25.08.3.tar.xz) = 7445392 bytes
+SHA1 (patch-src_checkphishingurl_checkphishingurljob.cpp) = 27c4550682c1664efeaedbc02d1e39648d37c008
+SHA1 (patch-src_checkphishingurl_checkphishingurljob.h) = 9f5752798f79e32a2f004c43cb2c4efaf748d611
+SHA1 (patch-src_checkphishingurl_createphishingurldatabasejob.cpp) = 990710fc221bb8202d6e520b6e8b002bbeee5640
+SHA1 (patch-src_checkphishingurl_createphishingurldatabasejob.h) = 84f4cd7756f844c38c7bcdddb12c0c43e58be2a0
+SHA1 (patch-src_checkphishingurl_searchfullhashjob.cpp) = 8e43c7c59737744614398d651fcbfe771959c521
+SHA1 (patch-src_checkphishingurl_searchfullhashjob.h) = cf1bdb6a326465583ce393be63f91cc4bd9e7de8
Added files:
Index: pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_checkphishingurljob.cpp
diff -u /dev/null pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_checkphishingurljob.cpp:1.1
--- /dev/null Thu Jan 8 18:51:35 2026
+++ pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_checkphishingurljob.cpp Thu Jan 8 18:51:35 2026
@@ -0,0 +1,26 @@
+$NetBSD: patch-src_checkphishingurl_checkphishingurljob.cpp,v 1.1 2026/01/08 18:51:35 markd Exp $
+
+Don't unconditionally ignore SSL errors from Google's phishing API
+CVE-2025-69412
+https://invent.kde.org/pim/messagelib/-/commit/df525dc91498423f3c45e143efab1c7102776652
+
+--- webengineviewer/src/checkphishingurl/checkphishingurljob.cpp.orig 2025-10-27 12:55:28.000000000 +0000
++++ webengineviewer/src/checkphishingurl/checkphishingurljob.cpp
+@@ -37,17 +37,10 @@ CheckPhishingUrlJob::CheckPhishingUrlJob
+ d->mNetworkAccessManager->enableStrictTransportSecurityStore(true);
+
+ connect(d->mNetworkAccessManager, &QNetworkAccessManager::finished, this, &CheckPhishingUrlJob::slotCheckUrlFinished);
+- connect(d->mNetworkAccessManager, &QNetworkAccessManager::sslErrors, this, &CheckPhishingUrlJob::slotSslErrors);
+ }
+
+ CheckPhishingUrlJob::~CheckPhishingUrlJob() = default;
+
+-void CheckPhishingUrlJob::slotSslErrors(QNetworkReply *reply, const QList<QSslError> &error)
+-{
+- qCDebug(WEBENGINEVIEWER_LOG) << " void CheckPhishingUrlJob::slotSslErrors(QNetworkReply *reply, const QList<QSslError> &error)" << error.count();
+- reply->ignoreSslErrors(error);
+-}
+-
+ void CheckPhishingUrlJob::parse(const QByteArray &replyStr)
+ {
+ QJsonDocument document = QJsonDocument::fromJson(replyStr);
Index: pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_checkphishingurljob.h
diff -u /dev/null pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_checkphishingurljob.h:1.1
--- /dev/null Thu Jan 8 18:51:35 2026
+++ pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_checkphishingurljob.h Thu Jan 8 18:51:35 2026
@@ -0,0 +1,16 @@
+$NetBSD: patch-src_checkphishingurl_checkphishingurljob.h,v 1.1 2026/01/08 18:51:35 markd Exp $
+
+Don't unconditionally ignore SSL errors from Google's phishing API
+CVE-2025-69412
+https://invent.kde.org/pim/messagelib/-/commit/df525dc91498423f3c45e143efab1c7102776652
+
+--- webengineviewer/src/checkphishingurl/checkphishingurljob.h.orig 2025-10-27 12:55:28.000000000 +0000
++++ webengineviewer/src/checkphishingurl/checkphishingurljob.h
+@@ -40,7 +40,6 @@ Q_SIGNALS:
+ void debugJson(const QByteArray &ba);
+
+ private:
+- WEBENGINEVIEWER_NO_EXPORT void slotSslErrors(QNetworkReply *reply, const QList<QSslError> &error);
+ WEBENGINEVIEWER_NO_EXPORT void slotError(QNetworkReply::NetworkError error);
+ WEBENGINEVIEWER_NO_EXPORT void slotCheckUrlFinished(QNetworkReply *reply);
+ std::unique_ptr<CheckPhishingUrlJobPrivate> const d;
Index: pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_createphishingurldatabasejob.cpp
diff -u /dev/null pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_createphishingurldatabasejob.cpp:1.1
--- /dev/null Thu Jan 8 18:51:35 2026
+++ pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_createphishingurldatabasejob.cpp Thu Jan 8 18:51:35 2026
@@ -0,0 +1,26 @@
+$NetBSD: patch-src_checkphishingurl_createphishingurldatabasejob.cpp,v 1.1 2026/01/08 18:51:35 markd Exp $
+
+Don't unconditionally ignore SSL errors from Google's phishing API
+CVE-2025-69412
+https://invent.kde.org/pim/messagelib/-/commit/df525dc91498423f3c45e143efab1c7102776652
+
+--- webengineviewer/src/checkphishingurl/createphishingurldatabasejob.cpp.orig 2025-10-27 12:55:28.000000000 +0000
++++ webengineviewer/src/checkphishingurl/createphishingurldatabasejob.cpp
+@@ -42,17 +42,10 @@ CreatePhishingUrlDataBaseJob::CreatePhis
+ d->mNetworkAccessManager->enableStrictTransportSecurityStore(true);
+
+ connect(d->mNetworkAccessManager, &QNetworkAccessManager::finished, this, &CreatePhishingUrlDataBaseJob::slotDownloadDataBaseFinished);
+- connect(d->mNetworkAccessManager, &QNetworkAccessManager::sslErrors, this, &CreatePhishingUrlDataBaseJob::slotSslErrors);
+ }
+
+ CreatePhishingUrlDataBaseJob::~CreatePhishingUrlDataBaseJob() = default;
+
+-void CreatePhishingUrlDataBaseJob::slotSslErrors(QNetworkReply *reply, const QList<QSslError> &error)
+-{
+- qCDebug(WEBENGINEVIEWER_LOG) << " void CreatePhishingUrlDataBaseJob::slotSslErrors(QNetworkReply *reply, const QList<QSslError> &error)" << error.count();
+- reply->ignoreSslErrors(error);
+-}
+-
+ void CreatePhishingUrlDataBaseJob::start()
+ {
+ if (!PimCommon::NetworkManager::self()->isOnline()) {
Index: pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_createphishingurldatabasejob.h
diff -u /dev/null pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_createphishingurldatabasejob.h:1.1
--- /dev/null Thu Jan 8 18:51:35 2026
+++ pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_createphishingurldatabasejob.h Thu Jan 8 18:51:35 2026
@@ -0,0 +1,16 @@
+$NetBSD: patch-src_checkphishingurl_createphishingurldatabasejob.h,v 1.1 2026/01/08 18:51:35 markd Exp $
+
+Don't unconditionally ignore SSL errors from Google's phishing API
+CVE-2025-69412
+https://invent.kde.org/pim/messagelib/-/commit/df525dc91498423f3c45e143efab1c7102776652
+
+--- webengineviewer/src/checkphishingurl/createphishingurldatabasejob.h.orig 2025-10-27 12:55:28.000000000 +0000
++++ webengineviewer/src/checkphishingurl/createphishingurldatabasejob.h
+@@ -63,7 +63,6 @@ Q_SIGNALS:
+
+ private:
+ WEBENGINEVIEWER_NO_EXPORT void slotDownloadDataBaseFinished(QNetworkReply *reply);
+- WEBENGINEVIEWER_NO_EXPORT void slotSslErrors(QNetworkReply *reply, const QList<QSslError> &error);
+ WEBENGINEVIEWER_NO_EXPORT void slotError(QNetworkReply::NetworkError error);
+
+ std::unique_ptr<CreatePhishingUrlDataBaseJobPrivate> const d;
Index: pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_searchfullhashjob.cpp
diff -u /dev/null pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_searchfullhashjob.cpp:1.1
--- /dev/null Thu Jan 8 18:51:35 2026
+++ pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_searchfullhashjob.cpp Thu Jan 8 18:51:35 2026
@@ -0,0 +1,26 @@
+$NetBSD: patch-src_checkphishingurl_searchfullhashjob.cpp,v 1.1 2026/01/08 18:51:35 markd Exp $
+
+Don't unconditionally ignore SSL errors from Google's phishing API
+CVE-2025-69412
+https://invent.kde.org/pim/messagelib/-/commit/df525dc91498423f3c45e143efab1c7102776652
+
+--- webengineviewer/src/checkphishingurl/searchfullhashjob.cpp.orig 2025-10-27 12:55:28.000000000 +0000
++++ webengineviewer/src/checkphishingurl/searchfullhashjob.cpp
+@@ -39,17 +39,10 @@ SearchFullHashJob::SearchFullHashJob(QOb
+ d->mNetworkAccessManager->enableStrictTransportSecurityStore(true);
+
+ connect(d->mNetworkAccessManager, &QNetworkAccessManager::finished, this, &SearchFullHashJob::slotCheckUrlFinished);
+- connect(d->mNetworkAccessManager, &QNetworkAccessManager::sslErrors, this, &SearchFullHashJob::slotSslErrors);
+ }
+
+ SearchFullHashJob::~SearchFullHashJob() = default;
+
+-void SearchFullHashJob::slotSslErrors(QNetworkReply *reply, const QList<QSslError> &error)
+-{
+- qCDebug(WEBENGINEVIEWER_LOG) << " void SearchFullHashJob::slotSslErrors(QNetworkReply *reply, const QList<QSslError> &error)" << error.count();
+- reply->ignoreSslErrors(error);
+-}
+-
+ void SearchFullHashJob::parse(const QByteArray &replyStr)
+ {
+ /*
Index: pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_searchfullhashjob.h
diff -u /dev/null pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_searchfullhashjob.h:1.1
--- /dev/null Thu Jan 8 18:51:35 2026
+++ pkgsrc/net/messagelib/patches/patch-src_checkphishingurl_searchfullhashjob.h Thu Jan 8 18:51:35 2026
@@ -0,0 +1,16 @@
+$NetBSD: patch-src_checkphishingurl_searchfullhashjob.h,v 1.1 2026/01/08 18:51:35 markd Exp $
+
+Don't unconditionally ignore SSL errors from Google's phishing API
+CVE-2025-69412
+https://invent.kde.org/pim/messagelib/-/commit/df525dc91498423f3c45e143efab1c7102776652
+
+--- webengineviewer/src/checkphishingurl/searchfullhashjob.h.orig 2025-10-27 12:55:28.000000000 +0000
++++ webengineviewer/src/checkphishingurl/searchfullhashjob.h
+@@ -41,7 +41,6 @@ Q_SIGNALS:
+ void debugJson(const QByteArray &ba);
+
+ private:
+- WEBENGINEVIEWER_NO_EXPORT void slotSslErrors(QNetworkReply *reply, const QList<QSslError> &error);
+ WEBENGINEVIEWER_NO_EXPORT void slotError(QNetworkReply::NetworkError error);
+ WEBENGINEVIEWER_NO_EXPORT void slotCheckUrlFinished(QNetworkReply *reply);
+
Home |
Main Index |
Thread Index |
Old Index