[arch-commits] Commit in kwebkitpart/trunk (PKGBUILD sanitize-input.patch)
Andrea Scarpino
andrea at archlinux.org
Fri Nov 14 13:09:19 UTC 2014
Date: Friday, November 14, 2014 @ 14:09:18
Author: andrea
Revision: 226237
upgpkg: kwebkitpart 1.3.4-3
Sanitize input
Added:
kwebkitpart/trunk/sanitize-input.patch
Modified:
kwebkitpart/trunk/PKGBUILD
----------------------+
PKGBUILD | 20 ++++++++++++++------
sanitize-input.patch | 45 +++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 59 insertions(+), 6 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-11-14 13:09:09 UTC (rev 226236)
+++ PKGBUILD 2014-11-14 13:09:18 UTC (rev 226237)
@@ -3,7 +3,7 @@
pkgname=kwebkitpart
pkgver=1.3.4
-pkgrel=2
+pkgrel=3
pkgdesc="A WebKit browser component for KDE"
url="https://projects.kde.org/projects/extragear/base/kwebkitpart/"
arch=('i686' 'x86_64')
@@ -12,13 +12,21 @@
makedepends=('cmake' 'automoc4')
install=${pkgname}.install
# Generate using kde releaseme scripts
-source=("ftp://ftp.archlinux.org/other/packages/${pkgname}/${pkgname}-${pkgver}.tar.xz")
-md5sums=('0a3e176a7c24f00e22c92a7b105585f8')
+source=("ftp://ftp.archlinux.org/other/packages/${pkgname}/${pkgname}-${pkgver}.tar.xz"
+ 'sanitize-input.patch')
+md5sums=('0a3e176a7c24f00e22c92a7b105585f8'
+ 'f9ae9520069ffac4c5da1f408fd4bbdf')
+prepare() {
+ mkdir build
+
+ cd ${pkgname}-${pkgver}
+ patch -p1 -i "${srcdir}"/sanitize-input.patch
+
+ sed -i '/add_subdirectory(kdelauncher)/d' CMakeLists.txt
+}
+
build() {
- sed -i '/add_subdirectory(kdelauncher)/d' ${pkgname}-${pkgver}/CMakeLists.txt
-
- mkdir build
cd build
cmake ../${pkgname}-${pkgver} \
-DCMAKE_INSTALL_PREFIX=/usr \
Added: sanitize-input.patch
===================================================================
--- sanitize-input.patch (rev 0)
+++ sanitize-input.patch 2014-11-14 13:09:18 UTC (rev 226237)
@@ -0,0 +1,45 @@
+From: Albert Astals Cid <aacid at kde.org>
+Date: Thu, 13 Nov 2014 14:06:01 +0000
+Subject: Sanitize html
+X-Git-Url: http://quickgit.kde.org/?p=kwebkitpart.git&a=commitdiff&h=641aa7c75631084260ae89aecbdb625e918c6689
+---
+Sanitize html
+
+As discussed by the security team
+---
+
+
+--- a/src/webpage.cpp
++++ b/src/webpage.cpp
+@@ -226,23 +226,26 @@
+ doc += QL1S( "<h3>" );
+ doc += i18n( "Details of the Request:" );
+ doc += QL1S( "</h3><ul><li>" );
+- doc += i18n( "URL: %1", reqUrl.url() );
++ // escape URL twice: once for i18n, and once for HTML.
++ doc += i18n( "URL: %1", Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ) );
+ doc += QL1S( "</li><li>" );
+
+ const QString protocol (reqUrl.protocol());
+ if ( !protocol.isNull() ) {
+- doc += i18n( "Protocol: %1", protocol );
++ // escape protocol twice: once for i18n, and once for HTML.
++ doc += i18n( "Protocol: %1", Qt::escape( Qt::escape( protocol ) ) );
+ doc += QL1S( "</li><li>" );
+ }
+
+ doc += i18n( "Date and Time: %1",
+ KGlobal::locale()->formatDateTime(QDateTime::currentDateTime(), KLocale::LongDate) );
+ doc += QL1S( "</li><li>" );
+- doc += i18n( "Additional Information: %1" , text );
++ // escape text twice: once for i18n, and once for HTML.
++ doc += i18n( "Additional Information: %1", Qt::escape( Qt::escape( text ) ) );
+ doc += QL1S( "</li></ul><h3>" );
+ doc += i18n( "Description:" );
+ doc += QL1S( "</h3><p>" );
+- doc += description;
++ doc += Qt::escape( description );
+ doc += QL1S( "</p>" );
+
+ if ( causes.count() ) {
+
More information about the arch-commits
mailing list