diff options
| -rw-r--r-- | kde-base/kio-extras/files/kio-extras-5.1.1-CVE-2014-8600.patch | 31 | ||||
| -rw-r--r-- | kde-base/kio-extras/kio-extras-5.1.1-r1.ebuild (renamed from kde-base/kio-extras/kio-extras-5.1.1.ebuild) | 2 |
2 files changed, 33 insertions, 0 deletions
diff --git a/kde-base/kio-extras/files/kio-extras-5.1.1-CVE-2014-8600.patch b/kde-base/kio-extras/files/kio-extras-5.1.1-CVE-2014-8600.patch new file mode 100644 index 00000000000..b7a5a180672 --- /dev/null +++ b/kde-base/kio-extras/files/kio-extras-5.1.1-CVE-2014-8600.patch @@ -0,0 +1,31 @@ +From: Martin Sandsmark <martin.sandsmark@kde.org> +Date: Thu, 13 Nov 2014 12:42:49 +0000 +Subject: Sanitize path +X-Git-Url: http://quickgit.kde.org/?p=kio-extras.git&a=commitdiff&h=13155c8eb71d1c946bea21c38ea0f8ca7c7013cd +--- +Sanitize path + +Reviewed at security@kde.org +--- + + +--- a/bookmarks/kio_bookmarks.cpp ++++ b/bookmarks/kio_bookmarks.cpp +@@ -22,6 +22,7 @@ + #include <stdlib.h> + + #include <qregexp.h> ++#include <qtextdocument.h> + #include <qurlquery.h> + + #include <kapplication.h> +@@ -198,7 +199,7 @@ + echoImage(regexp.cap(1), regexp.cap(2), QUrlQuery(url).queryItemValue("size")); + } else { + echoHead(); +- echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>"); ++ echo("<p class=\"message\">" + i18n("Wrong request: %1", Qt::escape(url.toDisplayString())) + "</p>"); + } + finished(); + } + diff --git a/kde-base/kio-extras/kio-extras-5.1.1.ebuild b/kde-base/kio-extras/kio-extras-5.1.1-r1.ebuild index ad4b5ddbdc3..b8ed91a5bae 100644 --- a/kde-base/kio-extras/kio-extras-5.1.1.ebuild +++ b/kde-base/kio-extras/kio-extras-5.1.1-r1.ebuild @@ -59,6 +59,8 @@ DEPEND="${COMMON_DEPEND} # requires running kde environment RESTRICT="test" +PATCHES=( "${FILESDIR}/${P}-CVE-2014-8600.patch" ) + src_configure() { local mycmakeargs=( $(cmake-utils_use_find_package exif Exiv2) |