diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
| commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
| tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /kde-misc/kwebkitpart | |
| download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip | |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'kde-misc/kwebkitpart')
| -rw-r--r-- | kde-misc/kwebkitpart/Manifest | 1 | ||||
| -rw-r--r-- | kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch | 45 | ||||
| -rw-r--r-- | kde-misc/kwebkitpart/kwebkitpart-1.3.4-r1.ebuild | 19 | ||||
| -rw-r--r-- | kde-misc/kwebkitpart/metadata.xml | 5 |
4 files changed, 70 insertions, 0 deletions
diff --git a/kde-misc/kwebkitpart/Manifest b/kde-misc/kwebkitpart/Manifest new file mode 100644 index 000000000000..fd8fd120e6da --- /dev/null +++ b/kde-misc/kwebkitpart/Manifest @@ -0,0 +1 @@ +DIST kwebkitpart-1.3.4.tar.bz2 105696 SHA256 c3eb488104b4fae3a11cb0a93b5a02dcf12ecea14b366338daf8a40456af40f9 SHA512 5b24fe4ef2bb20d17016369fa1450cf333c266e665018be6fb2b923c8680c410e8cb4c6a55b960f14bfb624cf0cce3adc25fe0b533fd9baa059e918e6d4b3be0 WHIRLPOOL c5d89c8f52aefe0f5d971fe739dcfb25f9bc8447d136c351f0881aa7c3adb630d6df1cc221034a074924c3286ea88a428cafcae49b10d7fd681a793eefb68502 diff --git a/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch b/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch new file mode 100644 index 000000000000..f5050abaa5bb --- /dev/null +++ b/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch @@ -0,0 +1,45 @@ +From: Albert Astals Cid <aacid@kde.org> +Date: Thu, 13 Nov 2014 14:06:01 +0000 +Subject: Sanitize html +X-Git-Url: http://quickgit.kde.org/?p=kwebkitpart.git&a=commitdiff&h=641aa7c75631084260ae89aecbdb625e918c6689 +--- +Sanitize html + +As discussed by the security team +--- + + +--- a/src/webpage.cpp ++++ b/src/webpage.cpp +@@ -226,23 +226,26 @@ + doc += QL1S( "<h3>" ); + doc += i18n( "Details of the Request:" ); + doc += QL1S( "</h3><ul><li>" ); +- doc += i18n( "URL: %1", reqUrl.url() ); ++ // escape URL twice: once for i18n, and once for HTML. ++ doc += i18n( "URL: %1", Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ) ); + doc += QL1S( "</li><li>" ); + + const QString protocol (reqUrl.protocol()); + if ( !protocol.isNull() ) { +- doc += i18n( "Protocol: %1", protocol ); ++ // escape protocol twice: once for i18n, and once for HTML. ++ doc += i18n( "Protocol: %1", Qt::escape( Qt::escape( protocol ) ) ); + doc += QL1S( "</li><li>" ); + } + + doc += i18n( "Date and Time: %1", + KGlobal::locale()->formatDateTime(QDateTime::currentDateTime(), KLocale::LongDate) ); + doc += QL1S( "</li><li>" ); +- doc += i18n( "Additional Information: %1" , text ); ++ // escape text twice: once for i18n, and once for HTML. ++ doc += i18n( "Additional Information: %1", Qt::escape( Qt::escape( text ) ) ); + doc += QL1S( "</li></ul><h3>" ); + doc += i18n( "Description:" ); + doc += QL1S( "</h3><p>" ); +- doc += description; ++ doc += Qt::escape( description ); + doc += QL1S( "</p>" ); + + if ( causes.count() ) { + diff --git a/kde-misc/kwebkitpart/kwebkitpart-1.3.4-r1.ebuild b/kde-misc/kwebkitpart/kwebkitpart-1.3.4-r1.ebuild new file mode 100644 index 000000000000..60bfa74cb872 --- /dev/null +++ b/kde-misc/kwebkitpart/kwebkitpart-1.3.4-r1.ebuild @@ -0,0 +1,19 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +WEBKIT_REQUIRED="always" +inherit kde4-base + +DESCRIPTION="A WebKit KPart for Konqueror" +HOMEPAGE="https://projects.kde.org/projects/extragear/base/kwebkitpart" +SRC_URI="http://dev.gentoo.org/~kensington/distfiles/${P}.tar.bz2" + +LICENSE="LGPL-2" +SLOT="4" +KEYWORDS="amd64 ~arm ppc ppc64 x86" +IUSE="debug" + +PATCHES=( "${FILESDIR}/${P}-CVE-2014-8600.patch" ) diff --git a/kde-misc/kwebkitpart/metadata.xml b/kde-misc/kwebkitpart/metadata.xml new file mode 100644 index 000000000000..a23f444b67d6 --- /dev/null +++ b/kde-misc/kwebkitpart/metadata.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>kde</herd> +</pkgmetadata> |