mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-23 07:23:20 +00:00
kde: fix CVE-2014-8600 by upstream patches
https://www.kde.org/info/security/advisory-20141113-1.txt I couldn't find kio-extras, so I hope we don't have it disguised somewhere.
This commit is contained in:
parent
c8a53923fc
commit
15b9626a3d
@ -0,0 +1,33 @@
|
||||
--- a/src/webpage.cpp
|
||||
+++ b/src/webpage.cpp
|
||||
@@ -226,23 +226,26 @@
|
||||
doc += QL1S( "<h3>" );
|
||||
doc += i18n( "Details of the Request:" );
|
||||
doc += QL1S( "</h3><ul><li>" );
|
||||
- doc += i18n( "URL: %1", reqUrl.url() );
|
||||
+ // escape URL twice: once for i18n, and once for HTML.
|
||||
+ doc += i18n( "URL: %1", Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ) );
|
||||
doc += QL1S( "</li><li>" );
|
||||
|
||||
const QString protocol (reqUrl.protocol());
|
||||
if ( !protocol.isNull() ) {
|
||||
- doc += i18n( "Protocol: %1", protocol );
|
||||
+ // escape protocol twice: once for i18n, and once for HTML.
|
||||
+ doc += i18n( "Protocol: %1", Qt::escape( Qt::escape( protocol ) ) );
|
||||
doc += QL1S( "</li><li>" );
|
||||
}
|
||||
|
||||
doc += i18n( "Date and Time: %1",
|
||||
KGlobal::locale()->formatDateTime(QDateTime::currentDateTime(), KLocale::LongDate) );
|
||||
doc += QL1S( "</li><li>" );
|
||||
- doc += i18n( "Additional Information: %1" , text );
|
||||
+ // escape text twice: once for i18n, and once for HTML.
|
||||
+ doc += i18n( "Additional Information: %1", Qt::escape( Qt::escape( text ) ) );
|
||||
doc += QL1S( "</li></ul><h3>" );
|
||||
doc += i18n( "Description:" );
|
||||
doc += QL1S( "</h3><p>" );
|
||||
- doc += description;
|
||||
+ doc += Qt::escape( description );
|
||||
doc += QL1S( "</p>" );
|
||||
|
||||
if ( causes.count() ) {
|
@ -10,6 +10,8 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "0kszffgg3zpf319lmzlmdba5gq8kdr5xwb69xwy4s2abc9nvwvbi";
|
||||
};
|
||||
|
||||
patches = [ ./CVE-2014-8600.diff ];
|
||||
|
||||
buildInputs = [ kdelibs ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
19
pkgs/desktops/kde-4.14/CVE-2014-8600.diff
Normal file
19
pkgs/desktops/kde-4.14/CVE-2014-8600.diff
Normal file
@ -0,0 +1,19 @@
|
||||
--- a/kioslave/bookmarks/kio_bookmarks.cpp
|
||||
+++ b/kioslave/bookmarks/kio_bookmarks.cpp
|
||||
@@ -22,6 +22,7 @@
|
||||
#include <stdlib.h>
|
||||
|
||||
#include <qregexp.h>
|
||||
+#include <qtextdocument.h>
|
||||
|
||||
#include <kapplication.h>
|
||||
#include <kcmdlineargs.h>
|
||||
@@ -197,7 +198,7 @@
|
||||
echoImage(regexp.cap(1), regexp.cap(2), url.queryItem("size"));
|
||||
} else {
|
||||
echoHead();
|
||||
- echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
|
||||
+ echo("<p class=\"message\">" + i18n("Bad request: %1", Qt::escape(Qt::escape(url.prettyUrl()))) + "</p>");
|
||||
}
|
||||
finished();
|
||||
}
|
@ -4,6 +4,8 @@
|
||||
}:
|
||||
|
||||
kde {
|
||||
patches = [ ./CVE-2014-8600.diff ];
|
||||
|
||||
buildInputs = [
|
||||
kdelibs attica xz bzip2 libssh libjpeg exiv2 ntrack
|
||||
qca2 samba libcanberra pulseaudio gpgme
|
||||
|
Loading…
Reference in New Issue
Block a user