[arch-commits] Commit in kio-extras/trunk (PKGBUILD sanitize-input.patch)

Andrea Scarpino andrea at archlinux.org
Fri Nov 14 13:08:23 UTC 2014


    Date: Friday, November 14, 2014 @ 14:08:23
  Author: andrea
Revision: 226235

upgpkg: kio-extras 5.1.1-2

Sanitize input

Added:
  kio-extras/trunk/sanitize-input.patch
Modified:
  kio-extras/trunk/PKGBUILD

----------------------+
 PKGBUILD             |   11 ++++++++---
 sanitize-input.patch |   31 +++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2014-11-14 13:03:48 UTC (rev 226234)
+++ PKGBUILD	2014-11-14 13:08:23 UTC (rev 226235)
@@ -4,7 +4,7 @@
 
 pkgname=kio-extras
 pkgver=5.1.1
-pkgrel=1
+pkgrel=2
 pkgdesc="Additional components to increase the functionality of KIO"
 arch=('i686' 'x86_64')
 url='https://projects.kde.org/projects/kde/workspace/kio-extras'
@@ -13,11 +13,16 @@
 makedepends=('extra-cmake-modules' 'kdoctools' 'python')
 options=('!buildflags')
 install="${pkgname}.install"
-source=("http://download.kde.org/stable/plasma/${pkgver}/$pkgname-$pkgver.tar.xz")
-md5sums=('831fb9bc8960932233cf6042f6097751')
+source=("http://download.kde.org/stable/plasma/${pkgver}/$pkgname-$pkgver.tar.xz"
+        'sanitize-input.patch')
+md5sums=('831fb9bc8960932233cf6042f6097751'
+         '6462465f886decd5c7706d09bc71b2b8')
 
 prepare() {
   mkdir -p build
+
+  cd ${pkgname}-${pkgver}
+  patch -p1 -i "${srcdir}"/sanitize-input.patch
 }
 
 build() {

Added: sanitize-input.patch
===================================================================
--- sanitize-input.patch	                        (rev 0)
+++ sanitize-input.patch	2014-11-14 13:08:23 UTC (rev 226235)
@@ -0,0 +1,31 @@
+From: Martin Sandsmark <martin.sandsmark at kde.org>
+Date: Thu, 13 Nov 2014 12:42:49 +0000
+Subject: Sanitize path
+X-Git-Url: http://quickgit.kde.org/?p=kio-extras.git&a=commitdiff&h=13155c8eb71d1c946bea21c38ea0f8ca7c7013cd
+---
+Sanitize path
+
+Reviewed at security at kde.org
+---
+
+
+--- a/bookmarks/kio_bookmarks.cpp
++++ b/bookmarks/kio_bookmarks.cpp
+@@ -22,6 +22,7 @@
+ #include <stdlib.h>
+ 
+ #include <qregexp.h>
++#include <qtextdocument.h>
+ #include <qurlquery.h>
+ 
+ #include <kapplication.h>
+@@ -198,7 +199,7 @@
+     echoImage(regexp.cap(1), regexp.cap(2), QUrlQuery(url).queryItemValue("size"));
+   } else {
+     echoHead();
+-    echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
++    echo("<p class=\"message\">" + i18n("Wrong request: %1", Qt::escape(url.toDisplayString())) + "</p>");
+   }
+   finished();
+ }
+



More information about the arch-commits mailing list