From 77a915275f3a0eab53198187ce48d477c87a94ac Mon Sep 17 00:00:00 2001 From: markd Date: Mon, 11 Apr 2011 10:11:42 +0000 Subject: Fix for CVE-2011-1168. --- x11/kdelibs4/Makefile | 4 ++-- x11/kdelibs4/distinfo | 3 ++- x11/kdelibs4/patches/patch-khtml_khtml_part.cpp | 18 ++++++++++++++++++ 3 files changed, 22 insertions(+), 3 deletions(-) create mode 100644 x11/kdelibs4/patches/patch-khtml_khtml_part.cpp (limited to 'x11/kdelibs4') diff --git a/x11/kdelibs4/Makefile b/x11/kdelibs4/Makefile index 473e7b5fc0a..3a4cdd8ef40 100644 --- a/x11/kdelibs4/Makefile +++ b/x11/kdelibs4/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.23 2011/03/09 16:30:44 drochner Exp $ +# $NetBSD: Makefile,v 1.24 2011/04/11 10:11:42 markd Exp $ DISTNAME= kdelibs-${_KDE_VERSION} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= x11 COMMENT= Support libraries for the KDE integrated X11 desktop diff --git a/x11/kdelibs4/distinfo b/x11/kdelibs4/distinfo index 7280cdfbdd3..d29ecde77a0 100644 --- a/x11/kdelibs4/distinfo +++ b/x11/kdelibs4/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.16 2011/01/23 07:55:17 markd Exp $ +$NetBSD: distinfo,v 1.17 2011/04/11 10:11:42 markd Exp $ SHA1 (kdelibs-4.5.5.tar.bz2) = 127a2b50fe31ff345e05660dd50f7c55ae78d854 RMD160 (kdelibs-4.5.5.tar.bz2) = 7c33afa12379119fbf7d70e8895c3f2ada9a2eba @@ -14,3 +14,4 @@ SHA1 (patch-ak) = 03883c05a2a600737d98a889034a2fb9984a5d58 SHA1 (patch-al) = a3c48e8552ca39496134696f3d415a7b6a4db7d8 SHA1 (patch-am) = da04e0450885dc4bca38a4e9b91822746d936639 SHA1 (patch-an) = b5fe924970772bd8a5b420f8cc638ab8bf892c53 +SHA1 (patch-khtml_khtml_part.cpp) = f8f5977b03463b6de909881178abed3ba351364c diff --git a/x11/kdelibs4/patches/patch-khtml_khtml_part.cpp b/x11/kdelibs4/patches/patch-khtml_khtml_part.cpp new file mode 100644 index 00000000000..51189ee5771 --- /dev/null +++ b/x11/kdelibs4/patches/patch-khtml_khtml_part.cpp @@ -0,0 +1,18 @@ +$NetBSD: patch-khtml_khtml_part.cpp,v 1.1 2011/04/11 10:11:42 markd Exp $ + +Fix for CVE-2011-1168. + +--- khtml/khtml_part.cpp.orig 2010-08-27 08:09:16.000000000 +0000 ++++ khtml/khtml_part.cpp +@@ -1803,7 +1803,10 @@ void KHTMLPart::htmlError( int errorCode + stream >> errorName >> techName >> description >> causes >> solutions; + + QString url, protocol, datetime; +- url = Qt::escape( reqUrl.prettyUrl() ); ++ ++ // This is somewhat confusing, but we have to escape the externally- ++ // controlled URL twice: once for i18n, and once for HTML. ++ url = Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ); + protocol = reqUrl.protocol(); + datetime = KGlobal::locale()->formatDateTime( QDateTime::currentDateTime(), + KLocale::LongDate ); -- cgit v1.2.3