Fix for CVE-2011-1168.

x11/kdelibs4/Makefile

@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.23 2011/03/09 16:30:44 drochner Exp $
+# $NetBSD: Makefile,v 1.24 2011/04/11 10:11:42 markd Exp $
 
 DISTNAME=	kdelibs-${_KDE_VERSION}
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	x11
 COMMENT=	Support libraries for the KDE integrated X11 desktop
 

x11/kdelibs4/distinfo

@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.16 2011/01/23 07:55:17 markd Exp $
+$NetBSD: distinfo,v 1.17 2011/04/11 10:11:42 markd Exp $
 
 SHA1 (kdelibs-4.5.5.tar.bz2) = 127a2b50fe31ff345e05660dd50f7c55ae78d854
 RMD160 (kdelibs-4.5.5.tar.bz2) = 7c33afa12379119fbf7d70e8895c3f2ada9a2eba
@@ -14,3 +14,4 @@ SHA1 (patch-ak) = 03883c05a2a600737d98a889034a2fb9984a5d58
 SHA1 (patch-al) = a3c48e8552ca39496134696f3d415a7b6a4db7d8
 SHA1 (patch-am) = da04e0450885dc4bca38a4e9b91822746d936639
 SHA1 (patch-an) = b5fe924970772bd8a5b420f8cc638ab8bf892c53
+SHA1 (patch-khtml_khtml_part.cpp) = f8f5977b03463b6de909881178abed3ba351364c

x11/kdelibs4/patches/patch-khtml_khtml_part.cpp

@@ -0,0 +1,18 @@
+$NetBSD: patch-khtml_khtml_part.cpp,v 1.1 2011/04/11 10:11:42 markd Exp $
+
+Fix for CVE-2011-1168.
+
+--- khtml/khtml_part.cpp.orig	2010-08-27 08:09:16.000000000 +0000
++++ khtml/khtml_part.cpp
+@@ -1803,7 +1803,10 @@ void KHTMLPart::htmlError( int errorCode
+   stream >> errorName >> techName >> description >> causes >> solutions;
+ 
+   QString url, protocol, datetime;
+-  url = Qt::escape( reqUrl.prettyUrl() );
++
++  // This is somewhat confusing, but we have to escape the externally-
++  // controlled URL twice: once for i18n, and once for HTML.
++  url = Qt::escape( Qt::escape( reqUrl.prettyUrl() ) );
+   protocol = reqUrl.protocol();
+   datetime = KGlobal::locale()->formatDateTime( QDateTime::currentDateTime(),
+                                                 KLocale::LongDate );