diff options
| author |   Andreas K. Hüttel <dilfridge@gentoo.org> | 2011-03-27 13:44:12 +0000 |
|---|---|---|
| committer | Andreas K. Hüttel <dilfridge@gentoo.org> | 2011-03-27 13:44:12 +0000 |
| commit | 9ba0ae28b22dc7e645c6571c30c646819c395bf6 (patch) | |
| tree | 3e02324a429241543beba3790c27b945ac29ff3a /kde-base/kdelibs/files | |
| parent | old (diff) | |
| download | gentoo-2-9ba0ae28b22dc7e645c6571c30c646819c395bf6.tar.gz gentoo-2-9ba0ae28b22dc7e645c6571c30c646819c395bf6.tar.bz2 gentoo-2-9ba0ae28b22dc7e645c6571c30c646819c395bf6.zip | |
Revision bump: added untested security patch from upstream, CVE-2011-1168
(Portage version: 2.1.9.44/cvs/Linux x86_64)
Diffstat (limited to 'kde-base/kdelibs/files')
3 files changed, 42 insertions, 0 deletions
diff --git a/kde-base/kdelibs/files/kdelibs-4.4.5-cve20111168.patch b/kde-base/kdelibs/files/kdelibs-4.4.5-cve20111168.patch new file mode 100644 index 000000000000..9a81db700566 --- /dev/null +++ b/kde-base/kdelibs/files/kdelibs-4.4.5-cve20111168.patch @@ -0,0 +1,14 @@ +--- a/khtml/khtml_part.cpp ++++ b/khtml/khtml_part.cpp +@@ -1848,7 +1848,10 @@ void KHTMLPart::htmlError( int errorCode + stream >> errorName >> techName >> description >> causes >> solutions; + + QString url, protocol, datetime; +- url = Qt::escape( reqUrl.prettyUrl() ); ++ ++ // This is somewhat confusing, but we have to escape the externally- ++ // controlled URL twice: once for i18n, and once for HTML. ++ url = Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ); + protocol = reqUrl.protocol(); + datetime = KGlobal::locale()->formatDateTime( QDateTime::currentDateTime(), + KLocale::LongDate ); diff --git a/kde-base/kdelibs/files/kdelibs-4.5.5-cve20111168.patch b/kde-base/kdelibs/files/kdelibs-4.5.5-cve20111168.patch new file mode 100644 index 000000000000..356f30a61046 --- /dev/null +++ b/kde-base/kdelibs/files/kdelibs-4.5.5-cve20111168.patch @@ -0,0 +1,14 @@ +--- a/khtml/khtml_part.cpp ++++ b/khtml/khtml_part.cpp +@@ -1803,7 +1803,10 @@ void KHTMLPart::htmlError( int errorCode + stream >> errorName >> techName >> description >> causes >> solutions; + + QString url, protocol, datetime; +- url = Qt::escape( reqUrl.prettyUrl() ); ++ ++ // This is somewhat confusing, but we have to escape the externally- ++ // controlled URL twice: once for i18n, and once for HTML. ++ url = Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ); + protocol = reqUrl.protocol(); + datetime = KGlobal::locale()->formatDateTime( QDateTime::currentDateTime(), + KLocale::LongDate ); diff --git a/kde-base/kdelibs/files/kdelibs-4.6.1-cve20111168.patch b/kde-base/kdelibs/files/kdelibs-4.6.1-cve20111168.patch new file mode 100644 index 000000000000..007eef91085c --- /dev/null +++ b/kde-base/kdelibs/files/kdelibs-4.6.1-cve20111168.patch @@ -0,0 +1,14 @@ +--- a/khtml/khtml_part.cpp ++++ b/khtml/khtml_part.cpp +@@ -1804,7 +1804,10 @@ void KHTMLPart::htmlError( int errorCode + stream >> errorName >> techName >> description >> causes >> solutions; + + QString url, protocol, datetime; +- url = Qt::escape( reqUrl.prettyUrl() ); ++ ++ // This is somewhat confusing, but we have to escape the externally- ++ // controlled URL twice: once for i18n, and once for HTML. ++ url = Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ); + protocol = reqUrl.protocol(); + datetime = KGlobal::locale()->formatDateTime( QDateTime::currentDateTime(), + KLocale::LongDate ); |