* [gentoo-commits] proj/kde:master commit in: kde-base/kio-extras/files/, kde-base/kio-extras/
@ 2014-11-16 10:52 Alexey Shvetsov
0 siblings, 0 replies; only message in thread
From: Alexey Shvetsov @ 2014-11-16 10:52 UTC (permalink / raw
To: gentoo-commits
commit: f4e94123dc83802156a14a478f8b809f4bd6ff50
Author: Alexey Shvetsov <alexxy <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 16 10:51:52 2014 +0000
Commit: Alexey Shvetsov <alexxy <AT> gentoo <DOT> org>
CommitDate: Sun Nov 16 10:51:52 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/kde.git;a=commit;h=f4e94123
[kde-base/kio-extras] Update per CVE-2014-8600
Package-Manager: portage-2.2.14
---
| 31 ++++++++++++++++++++++
| 2 ++
2 files changed, 33 insertions(+)
--git a/kde-base/kio-extras/files/kio-extras-5.1.1-CVE-2014-8600.patch b/kde-base/kio-extras/files/kio-extras-5.1.1-CVE-2014-8600.patch
new file mode 100644
index 0000000..b7a5a18
--- /dev/null
+++ b/kde-base/kio-extras/files/kio-extras-5.1.1-CVE-2014-8600.patch
@@ -0,0 +1,31 @@
+From: Martin Sandsmark <martin.sandsmark@kde.org>
+Date: Thu, 13 Nov 2014 12:42:49 +0000
+Subject: Sanitize path
+X-Git-Url: http://quickgit.kde.org/?p=kio-extras.git&a=commitdiff&h=13155c8eb71d1c946bea21c38ea0f8ca7c7013cd
+---
+Sanitize path
+
+Reviewed at security@kde.org
+---
+
+
+--- a/bookmarks/kio_bookmarks.cpp
++++ b/bookmarks/kio_bookmarks.cpp
+@@ -22,6 +22,7 @@
+ #include <stdlib.h>
+
+ #include <qregexp.h>
++#include <qtextdocument.h>
+ #include <qurlquery.h>
+
+ #include <kapplication.h>
+@@ -198,7 +199,7 @@
+ echoImage(regexp.cap(1), regexp.cap(2), QUrlQuery(url).queryItemValue("size"));
+ } else {
+ echoHead();
+- echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
++ echo("<p class=\"message\">" + i18n("Wrong request: %1", Qt::escape(url.toDisplayString())) + "</p>");
+ }
+ finished();
+ }
+
diff --git a/kde-base/kio-extras/kio-extras-5.1.1.ebuild b/kde-base/kio-extras/kio-extras-5.1.1-r1.ebuild
similarity index 97%
rename from kde-base/kio-extras/kio-extras-5.1.1.ebuild
rename to kde-base/kio-extras/kio-extras-5.1.1-r1.ebuild
index ad4b5dd..b8ed91a 100644
--- a/kde-base/kio-extras/kio-extras-5.1.1.ebuild
+++ b/kde-base/kio-extras/kio-extras-5.1.1-r1.ebuild
@@ -59,6 +59,8 @@ DEPEND="${COMMON_DEPEND}
# requires running kde environment
RESTRICT="test"
+PATCHES=( "${FILESDIR}/${P}-CVE-2014-8600.patch" )
+
src_configure() {
local mycmakeargs=(
$(cmake-utils_use_find_package exif Exiv2)
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2014-11-16 10:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-16 10:52 [gentoo-commits] proj/kde:master commit in: kde-base/kio-extras/files/, kde-base/kio-extras/ Alexey Shvetsov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox