Add upstream patch for CVE-2014-8600 (insufficient input validation).

MFH: 2014Q4 Security: 890b6b22-70fa-11e4-91ae-5453ed2e2b49
svn path=/head/; revision=372966
2014-11-20 21:31:54 +00:00 · 2014-11-20 21:31:54 +00:00 · 9234af2077 · 2021-03-31 03:12:20 +00:00
commit 9234af2077
parent 9943ac9e1f
2 changed files with 26 additions and 1 deletions
--- a/x11/kde4-runtime/Makefile
+++ b/x11/kde4-runtime/Makefile
@ -2,7 +2,7 @@

 PORTNAME=	kde-runtime
 PORTVERSION=	${KDE4_VERSION}
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	x11 kde
 MASTER_SITES=	KDE/${KDE4_BRANCH}/${PORTVERSION}/src
 DIST_SUBDIR=	KDE/${PORTVERSION}
--- a/x11/kde4-runtime/files/patch-kioslavebookmarkskio_bookmarks.cpp
+++ b/x11/kde4-runtime/files/patch-kioslavebookmarkskio_bookmarks.cpp
@ -0,0 +1,25 @@
+commit d68703900edc8416fbcd2550cd336cbbb76decb9
+Author: Martin Sandsmark <martin.sandsmark@kde.org>
+Date:   Thu Nov 13 13:29:01 2014 +0100
+
+    Sanitize path
+
+--- kioslave/bookmarks/kio_bookmarks.cpp
+++ kioslave/bookmarks/kio_bookmarks.cpp
+@@ -22,6 +22,7 @@
+ #include <stdlib.h>
+ 
+ #include <qregexp.h>
+#include <qtextdocument.h>
+ 
+ #include <kapplication.h>
+ #include <kcmdlineargs.h>
+@@ -197,7 +198,7 @@ void BookmarksProtocol::get( const KUrl& url )
+     echoImage(regexp.cap(1), regexp.cap(2), url.queryItem("size"));
+   } else {
+     echoHead();
+-    echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
+    echo("<p class=\"message\">" + i18n("Bad request: %1", Qt::escape(Qt::escape(url.prettyUrl()))) + "</p>");
+   }
+   finished();
+ }