kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add upstream patch for CVE-2014-8600 (insufficient input validation).

Browse source 
MFH:		2014Q4
Security:	890b6b22-70fa-11e4-91ae-5453ed2e2b49
This commit is contained in:
Raphael Kubo da Costa 2014-11-20 21:31:54 +00:00
parent 9943ac9e1f
commit 9234af2077
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=372966
2 changed files with 26 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
x11/kde4-runtime/Makefile
View file

@ -2,7 +2,7 @@
PORTNAME= kde-runtime PORTNAME= kde-runtime
PORTVERSION= ${KDE4_VERSION} PORTVERSION= ${KDE4_VERSION}
PORTREVISION= 1 PORTREVISION= 2
CATEGORIES= x11 kde CATEGORIES= x11 kde
MASTER_SITES= KDE/${KDE4_BRANCH}/${PORTVERSION}/src MASTER_SITES= KDE/${KDE4_BRANCH}/${PORTVERSION}/src
DIST_SUBDIR= KDE/${PORTVERSION} DIST_SUBDIR= KDE/${PORTVERSION}

25
x11/kde4-runtime/files/patch-kioslave__bookmarks__kio_bookmarks.cpp Normal file
View file

@ -0,0 +1,25 @@
commit d68703900edc8416fbcd2550cd336cbbb76decb9
Author: Martin Sandsmark <martin.sandsmark@kde.org>
Date: Thu Nov 13 13:29:01 2014 +0100
Sanitize path
--- kioslave/bookmarks/kio_bookmarks.cpp
+++ kioslave/bookmarks/kio_bookmarks.cpp
@@ -22,6 +22,7 @@
#include <stdlib.h>
#include <qregexp.h>
+#include <qtextdocument.h>
#include <kapplication.h>
#include <kcmdlineargs.h>
@@ -197,7 +198,7 @@ void BookmarksProtocol::get( const KUrl& url )
echoImage(regexp.cap(1), regexp.cap(2), url.queryItem("size"));
} else {
echoHead();
- echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
+ echo("<p class=\"message\">" + i18n("Bad request: %1", Qt::escape(Qt::escape(url.prettyUrl()))) + "</p>");
}
finished();
}