From: "Alexey Shvetsov" <alexxy@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/kde:master commit in: kde-base/kio-extras/files/, kde-base/kio-extras/
Date: Sun, 16 Nov 2014 10:52:09 +0000 (UTC) [thread overview]
Message-ID: <1416135112.f4e94123dc83802156a14a478f8b809f4bd6ff50.alexxy@gentoo> (raw)
commit: f4e94123dc83802156a14a478f8b809f4bd6ff50
Author: Alexey Shvetsov <alexxy <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 16 10:51:52 2014 +0000
Commit: Alexey Shvetsov <alexxy <AT> gentoo <DOT> org>
CommitDate: Sun Nov 16 10:51:52 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/kde.git;a=commit;h=f4e94123
[kde-base/kio-extras] Update per CVE-2014-8600
Package-Manager: portage-2.2.14
---
| 31 ++++++++++++++++++++++
| 2 ++
2 files changed, 33 insertions(+)
--git a/kde-base/kio-extras/files/kio-extras-5.1.1-CVE-2014-8600.patch b/kde-base/kio-extras/files/kio-extras-5.1.1-CVE-2014-8600.patch
new file mode 100644
index 0000000..b7a5a18
--- /dev/null
+++ b/kde-base/kio-extras/files/kio-extras-5.1.1-CVE-2014-8600.patch
@@ -0,0 +1,31 @@
+From: Martin Sandsmark <martin.sandsmark@kde.org>
+Date: Thu, 13 Nov 2014 12:42:49 +0000
+Subject: Sanitize path
+X-Git-Url: http://quickgit.kde.org/?p=kio-extras.git&a=commitdiff&h=13155c8eb71d1c946bea21c38ea0f8ca7c7013cd
+---
+Sanitize path
+
+Reviewed at security@kde.org
+---
+
+
+--- a/bookmarks/kio_bookmarks.cpp
++++ b/bookmarks/kio_bookmarks.cpp
+@@ -22,6 +22,7 @@
+ #include <stdlib.h>
+
+ #include <qregexp.h>
++#include <qtextdocument.h>
+ #include <qurlquery.h>
+
+ #include <kapplication.h>
+@@ -198,7 +199,7 @@
+ echoImage(regexp.cap(1), regexp.cap(2), QUrlQuery(url).queryItemValue("size"));
+ } else {
+ echoHead();
+- echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
++ echo("<p class=\"message\">" + i18n("Wrong request: %1", Qt::escape(url.toDisplayString())) + "</p>");
+ }
+ finished();
+ }
+
diff --git a/kde-base/kio-extras/kio-extras-5.1.1.ebuild b/kde-base/kio-extras/kio-extras-5.1.1-r1.ebuild
similarity index 97%
rename from kde-base/kio-extras/kio-extras-5.1.1.ebuild
rename to kde-base/kio-extras/kio-extras-5.1.1-r1.ebuild
index ad4b5dd..b8ed91a 100644
--- a/kde-base/kio-extras/kio-extras-5.1.1.ebuild
+++ b/kde-base/kio-extras/kio-extras-5.1.1-r1.ebuild
@@ -59,6 +59,8 @@ DEPEND="${COMMON_DEPEND}
# requires running kde environment
RESTRICT="test"
+PATCHES=( "${FILESDIR}/${P}-CVE-2014-8600.patch" )
+
src_configure() {
local mycmakeargs=(
$(cmake-utils_use_find_package exif Exiv2)
reply other threads:[~2014-11-16 10:52 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1416135112.f4e94123dc83802156a14a478f8b809f4bd6ff50.alexxy@gentoo \
--to=alexxy@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox