From 24c4e53f1f645b93f51fd229d3f0d6f3fed1cb4f Mon Sep 17 00:00:00 2001 From: rakuco Date: Thu, 20 Nov 2014 21:31:54 +0000 Subject: Add upstream patch for CVE-2014-8600 (insufficient input validation). MFH: 2014Q4 Security: 890b6b22-70fa-11e4-91ae-5453ed2e2b49 --- x11/kde4-runtime/Makefile | 2 +- .../patch-kioslave__bookmarks__kio_bookmarks.cpp | 25 ++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 x11/kde4-runtime/files/patch-kioslave__bookmarks__kio_bookmarks.cpp diff --git a/x11/kde4-runtime/Makefile b/x11/kde4-runtime/Makefile index 0801c0f..f6273cd 100644 --- a/x11/kde4-runtime/Makefile +++ b/x11/kde4-runtime/Makefile @@ -2,7 +2,7 @@ PORTNAME= kde-runtime PORTVERSION= ${KDE4_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= x11 kde MASTER_SITES= KDE/${KDE4_BRANCH}/${PORTVERSION}/src DIST_SUBDIR= KDE/${PORTVERSION} diff --git a/x11/kde4-runtime/files/patch-kioslave__bookmarks__kio_bookmarks.cpp b/x11/kde4-runtime/files/patch-kioslave__bookmarks__kio_bookmarks.cpp new file mode 100644 index 0000000..7fb7b14 --- /dev/null +++ b/x11/kde4-runtime/files/patch-kioslave__bookmarks__kio_bookmarks.cpp @@ -0,0 +1,25 @@ +commit d68703900edc8416fbcd2550cd336cbbb76decb9 +Author: Martin Sandsmark +Date: Thu Nov 13 13:29:01 2014 +0100 + + Sanitize path + +--- kioslave/bookmarks/kio_bookmarks.cpp ++++ kioslave/bookmarks/kio_bookmarks.cpp +@@ -22,6 +22,7 @@ + #include + + #include ++#include + + #include + #include +@@ -197,7 +198,7 @@ void BookmarksProtocol::get( const KUrl& url ) + echoImage(regexp.cap(1), regexp.cap(2), url.queryItem("size")); + } else { + echoHead(); +- echo("

" + i18n("Wrong request: %1",path) + "

"); ++ echo("

" + i18n("Bad request: %1", Qt::escape(Qt::escape(url.prettyUrl()))) + "

"); + } + finished(); + } -- cgit v1.1