From 4b33531050756c2f5107fb0b5cc3a8a93eae728fb624a84c426a09edf46a048f Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Fri, 14 Nov 2014 08:19:33 +0000 Subject: [PATCH] Accepting request 261513 from KDE:Frameworks5 Added sanitize_path.patch from upstream, CVE-2014-8600 OBS-URL: https://build.opensuse.org/request/show/261513 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/kio-extras5?expand=0&rev=13 --- kio-extras5.changes | 5 +++++ kio-extras5.spec | 3 +++ sanitize_path.patch | 31 +++++++++++++++++++++++++++++++ 3 files changed, 39 insertions(+) create mode 100644 sanitize_path.patch diff --git a/kio-extras5.changes b/kio-extras5.changes index 5b697aa..06ca8a2 100644 --- a/kio-extras5.changes +++ b/kio-extras5.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Nov 13 22:15:00 UTC 2014 - hrvoje.senjan@gmail.com + +- Added sanitize_path.patch from upstream, CVE-2014-8600 + ------------------------------------------------------------------- Thu Nov 6 20:14:13 UTC 2014 - hrvoje.senjan@gmail.com diff --git a/kio-extras5.spec b/kio-extras5.spec index 83b1612..93b7626 100644 --- a/kio-extras5.spec +++ b/kio-extras5.spec @@ -35,6 +35,8 @@ Patch2: 0003-don-t-screw-up-the-filenames.patch Patch3: 0004-Added-support-for-NFSv3-major-refactoring-fixed-bugs.patch # PATCH-FIX-UPSTREAM 0005-kio_sftp-Use-the-right-type-for-timeout_sec-and-time.patch Patch4: 0005-kio_sftp-Use-the-right-type-for-timeout_sec-and-time.patch +# PATCH-FIX-UPSTREAM sanitize_path.patch +Patch5: sanitize_path.patch BuildRequires: OpenEXR-devel BuildRequires: karchive-devel BuildRequires: kconfig-devel @@ -84,6 +86,7 @@ Additional KIO-slaves for KDE applications. %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 sed -i '/^add_subdirectory( doc )/d' CMakeLists.txt %build diff --git a/sanitize_path.patch b/sanitize_path.patch new file mode 100644 index 0000000..2d17527 --- /dev/null +++ b/sanitize_path.patch @@ -0,0 +1,31 @@ +From: Martin Sandsmark +Date: Thu, 13 Nov 2014 12:42:49 +0000 +Subject: Sanitize path +X-Git-Url: http://quickgit.kde.org/?p=kio-extras.git&a=commitdiff&h=13155c8eb71d1c946bea21c38ea0f8ca7c7013cd +--- +Sanitize path + +Reviewed at security@kde.org +--- + + +--- a/bookmarks/kio_bookmarks.cpp ++++ b/bookmarks/kio_bookmarks.cpp +@@ -22,6 +22,7 @@ + #include + + #include ++#include + #include + + #include +@@ -198,7 +199,7 @@ + echoImage(regexp.cap(1), regexp.cap(2), QUrlQuery(url).queryItemValue("size")); + } else { + echoHead(); +- echo("

" + i18n("Wrong request: %1",path) + "

"); ++ echo("

" + i18n("Wrong request: %1", Qt::escape(url.toDisplayString())) + "

"); + } + finished(); + } +