diff options
| author | rakuco <rakuco@FreeBSD.org> | 2014-11-21 05:31:17 +0800 |
|---|---|---|
| committer | rakuco <rakuco@FreeBSD.org> | 2014-11-21 05:31:17 +0800 |
| commit | ac16a0641f6481c766c4bd605d9e042824bd313d (patch) | |
| tree | d14d466ada8c77b5b5a2386948d22e841740dcf6 /www | |
| parent | 9894592aafe9bedd2381a526a8006f570c5d748a (diff) | |
| download | freebsd-ports-gnome-ac16a0641f6481c766c4bd605d9e042824bd313d.tar.gz freebsd-ports-gnome-ac16a0641f6481c766c4bd605d9e042824bd313d.tar.zst freebsd-ports-gnome-ac16a0641f6481c766c4bd605d9e042824bd313d.zip | |
Add upstream patch for CVE-2014-8600 (insufficient input validation).
MFH: 2014Q4
Security: 890b6b22-70fa-11e4-91ae-5453ed2e2b49
Diffstat (limited to 'www')
| -rw-r--r-- | www/kwebkitpart/Makefile | 2 | ||||
| -rw-r--r-- | www/kwebkitpart/files/patch-src__webpage.cpp | 41 |
2 files changed, 42 insertions, 1 deletions
diff --git a/www/kwebkitpart/Makefile b/www/kwebkitpart/Makefile index c2ef6891982f..e9d474a3449d 100644 --- a/www/kwebkitpart/Makefile +++ b/www/kwebkitpart/Makefile @@ -2,7 +2,7 @@ PORTNAME= kwebkitpart PORTVERSION= 1.3.2 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= www kde MASTER_SITES= LOCAL/makc diff --git a/www/kwebkitpart/files/patch-src__webpage.cpp b/www/kwebkitpart/files/patch-src__webpage.cpp new file mode 100644 index 000000000000..231c5a304710 --- /dev/null +++ b/www/kwebkitpart/files/patch-src__webpage.cpp @@ -0,0 +1,41 @@ +commit 641aa7c75631084260ae89aecbdb625e918c6689 +Author: Albert Astals Cid <aacid@kde.org> +Date: Thu Nov 13 15:06:01 2014 +0100 + + Sanitize html + + As discussed by the security team + +--- src/webpage.cpp ++++ src/webpage.cpp +@@ -226,23 +226,26 @@ QString WebPage::errorPage(int code, const QString& text, const KUrl& reqUrl) co + doc += QL1S( "<h3>" ); + doc += i18n( "Details of the Request:" ); + doc += QL1S( "</h3><ul><li>" ); +- doc += i18n( "URL: %1", reqUrl.url() ); ++ // escape URL twice: once for i18n, and once for HTML. ++ doc += i18n( "URL: %1", Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ) ); + doc += QL1S( "</li><li>" ); + + const QString protocol (reqUrl.protocol()); + if ( !protocol.isNull() ) { +- doc += i18n( "Protocol: %1", protocol ); ++ // escape protocol twice: once for i18n, and once for HTML. ++ doc += i18n( "Protocol: %1", Qt::escape( Qt::escape( protocol ) ) ); + doc += QL1S( "</li><li>" ); + } + + doc += i18n( "Date and Time: %1", + KGlobal::locale()->formatDateTime(QDateTime::currentDateTime(), KLocale::LongDate) ); + doc += QL1S( "</li><li>" ); +- doc += i18n( "Additional Information: %1" , text ); ++ // escape text twice: once for i18n, and once for HTML. ++ doc += i18n( "Additional Information: %1", Qt::escape( Qt::escape( text ) ) ); + doc += QL1S( "</li></ul><h3>" ); + doc += i18n( "Description:" ); + doc += QL1S( "</h3><p>" ); +- doc += description; ++ doc += Qt::escape( description ); + doc += QL1S( "</p>" ); + + if ( causes.count() ) { |