[arch-commits] Commit in kdebase-runtime/trunk (CVE-2014-8600.patch PKGBUILD)

Felix Yan fyan at archlinux.org
Wed Nov 19 16:31:46 UTC 2014 

    Date: Wednesday, November 19, 2014 @ 17:31:45
  Author: fyan
Revision: 226406

upgpkg: kdebase-runtime 4.14.3-1

- upstream new release
- add patch for CVE-2014-8600 (FS#42777)

Added:
  kdebase-runtime/trunk/CVE-2014-8600.patch
Modified:
  kdebase-runtime/trunk/PKGBUILD

---------------------+
 CVE-2014-8600.patch |   20 ++++++++++++++++++++
 PKGBUILD            |   11 ++++++++---
 2 files changed, 28 insertions(+), 3 deletions(-)

Added: CVE-2014-8600.patch
===================================================================
--- CVE-2014-8600.patch	                        (rev 0)
+++ CVE-2014-8600.patch	2014-11-19 16:31:45 UTC (rev 226406)
@@ -0,0 +1,20 @@
+--- a/kioslave/bookmarks/kio_bookmarks.cpp
++++ b/kioslave/bookmarks/kio_bookmarks.cpp
+@@ -22,6 +22,7 @@
+ #include <stdlib.h>
+ 
+ #include <qregexp.h>
++#include <qtextdocument.h>
+ 
+ #include <kapplication.h>
+ #include <kcmdlineargs.h>
+@@ -197,7 +198,7 @@
+     echoImage(regexp.cap(1), regexp.cap(2), url.queryItem("size"));
+   } else {
+     echoHead();
+-    echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
++    echo("<p class=\"message\">" + i18n("Bad request: %1", Qt::escape(Qt::escape(url.prettyUrl()))) + "</p>");
+   }
+   finished();
+ }
+

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2014-11-19 16:29:50 UTC (rev 226405)
+++ PKGBUILD	2014-11-19 16:31:45 UTC (rev 226406)
@@ -3,7 +3,7 @@
 # Contributor: Pierre Schmitz <pierre at archlinux.de>
 
 pkgname=kdebase-runtime
-pkgver=4.14.2
+pkgver=4.14.3
 pkgrel=1
 pkgdesc="Plugins and applications necessary for the running of KDE applications"
 arch=('i686' 'x86_64')
@@ -19,11 +19,16 @@
             'rarian: needed by KHelpCenter')
 provides=('khelpcenter' 'notification-daemon')
 install="${pkgname}.install"
-source=("http://download.kde.org/stable/${pkgver}/src/kde-runtime-${pkgver}.tar.xz")
-sha1sums=('150ad9b8484b0f519f5e9fcdb710ffe8944006a8')
+source=("http://download.kde.org/stable/${pkgver}/src/kde-runtime-${pkgver}.tar.xz"
+        CVE-2014-8600.patch)
+sha1sums=('d25357bf7e5d3922ce0c9b60921fb2fd738b7251'
+          '63588c9843c68c9b59e5b5e24dbc62c690ce68ce')
 
 prepare() {
   mkdir build
+
+  cd kde-runtime-${pkgver}
+  patch -p1 -i ../CVE-2014-8600.patch
 }
 
 build() {

More information about the arch-commits mailing list