Hello community, here is the log from the commit of package kio-extras5 for openSUSE:Factory checked in at 2014-11-14 09:19:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kio-extras5 (Old) and /work/SRC/openSUSE:Factory/.kio-extras5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kio-extras5" Changes: -------- --- /work/SRC/openSUSE:Factory/kio-extras5/kio-extras5.changes 2014-11-13 09:21:55.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.kio-extras5.new/kio-extras5.changes 2014-11-14 09:19:47.000000000 +0100 @@ -1,0 +2,5 @@ +Thu Nov 13 22:15:00 UTC 2014 - hrvoje.sen...@gmail.com + +- Added sanitize_path.patch from upstream, CVE-2014-8600 + +------------------------------------------------------------------- New: ---- sanitize_path.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kio-extras5.spec ++++++ --- /var/tmp/diff_new_pack.UPSPXF/_old 2014-11-14 09:19:48.000000000 +0100 +++ /var/tmp/diff_new_pack.UPSPXF/_new 2014-11-14 09:19:48.000000000 +0100 @@ -35,6 +35,8 @@ Patch3: 0004-Added-support-for-NFSv3-major-refactoring-fixed-bugs.patch # PATCH-FIX-UPSTREAM 0005-kio_sftp-Use-the-right-type-for-timeout_sec-and-time.patch Patch4: 0005-kio_sftp-Use-the-right-type-for-timeout_sec-and-time.patch +# PATCH-FIX-UPSTREAM sanitize_path.patch +Patch5: sanitize_path.patch BuildRequires: OpenEXR-devel BuildRequires: karchive-devel BuildRequires: kconfig-devel @@ -84,6 +86,7 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 sed -i '/^add_subdirectory( doc )/d' CMakeLists.txt %build ++++++ sanitize_path.patch ++++++ From: Martin Sandsmark <martin.sandsm...@kde.org> Date: Thu, 13 Nov 2014 12:42:49 +0000 Subject: Sanitize path X-Git-Url: http://quickgit.kde.org/?p=kio-extras.git&a=commitdiff&h=13155c8eb71d1c946bea21c38ea0f8ca7c7013cd --- Sanitize path Reviewed at secur...@kde.org --- --- a/bookmarks/kio_bookmarks.cpp +++ b/bookmarks/kio_bookmarks.cpp @@ -22,6 +22,7 @@ #include <stdlib.h> #include <qregexp.h> +#include <qtextdocument.h> #include <qurlquery.h> #include <kapplication.h> @@ -198,7 +199,7 @@ echoImage(regexp.cap(1), regexp.cap(2), QUrlQuery(url).queryItemValue("size")); } else { echoHead(); - echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>"); + echo("<p class=\"message\">" + i18n("Wrong request: %1", Qt::escape(url.toDisplayString())) + "</p>"); } finished(); } -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org