[SCM] KDE Base Runtime module packaging branch, master, updated. debian/4.14.2-1-4-g328451a

Sat Feb 14 08:20:36 UTC 2015

Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-sc/kde-runtime.git;a=commitdiff;h=8d0dda3

The following commit has been merged in the master branch:
commit 8d0dda30d33d87e2928a3f4c758ec502b3270e73
Author: Maximiliano Curia <maxy at debian.org>
Date:   Wed Dec 10 19:48:40 2014 +0100

    New upstream patch: upstream_sanitize_path, fixes CVE-2014-8600 (Closes: #769632) Thanks to Salvatore Bonaccorso
---
 debian/changelog                      |  4 ++++
 debian/patches/series                 |  1 +
 debian/patches/upstream_sanitize_path | 27 +++++++++++++++++++++++++++
 3 files changed, 32 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 2cfaf35..3d3128e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,10 @@ kde-runtime (4:4.14.2-2) UNRELEASED; urgency=medium
   [ Lisandro Damián Nicanor Pérez Meyer ]
   * Remove myself from Uploaders.
 
+  [ Maximiliano Curia ]
+  * New upstream patch: upstream_sanitize_path, fixes CVE-2014-8600
+    (Closes: #769632) Thanks to Salvatore Bonaccorso
+
  -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>  Sat, 25 Oct 2014 17:30:01 -0300
 
 kde-runtime (4:4.14.2-1) unstable; urgency=medium
diff --git a/debian/patches/series b/debian/patches/series
index 266f66f..c133a57 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@ khelp_htdig.diff
 use_the_correct_locale.patch
 disable_flacky_tests
 disable_kwalletd_autotests
+upstream_sanitize_path
diff --git a/debian/patches/upstream_sanitize_path b/debian/patches/upstream_sanitize_path
new file mode 100644
index 0000000..88cf297
--- /dev/null
+++ b/debian/patches/upstream_sanitize_path
@@ -0,0 +1,27 @@
+commit d68703900edc8416fbcd2550cd336cbbb76decb9
+Author: Martin Sandsmark <martin.sandsmark at kde.org>
+Date:   Thu Nov 13 13:29:01 2014 +0100
+
+    Sanitize path
+
+diff --git a/kioslave/bookmarks/kio_bookmarks.cpp b/kioslave/bookmarks/kio_bookmarks.cpp
+index 750495d..53c8aa3 100644
+--- a/kioslave/bookmarks/kio_bookmarks.cpp
++++ b/kioslave/bookmarks/kio_bookmarks.cpp
+@@ -22,6 +22,7 @@
+ #include <stdlib.h>
+ 
+ #include <qregexp.h>
++#include <qtextdocument.h>
+ 
+ #include <kapplication.h>
+ #include <kcmdlineargs.h>
+@@ -197,7 +198,7 @@ void BookmarksProtocol::get( const KUrl& url )
+     echoImage(regexp.cap(1), regexp.cap(2), url.queryItem("size"));
+   } else {
+     echoHead();
+-    echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
++    echo("<p class=\"message\">" + i18n("Bad request: %1", Qt::escape(Qt::escape(url.prettyUrl()))) + "</p>");
+   }
+   finished();
+ }

-- 
KDE Base Runtime module packaging

