From owner-svn-ports-head@FreeBSD.ORG  Thu Nov 20 21:31:19 2014
Return-Path: <owner-svn-ports-head@FreeBSD.ORG>
Delivered-To: svn-ports-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id F0A63DF;
 Thu, 20 Nov 2014 21:31:18 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C48EDF54;
 Thu, 20 Nov 2014 21:31:18 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sAKLVIYk098696;
 Thu, 20 Nov 2014 21:31:18 GMT (envelope-from rakuco@FreeBSD.org)
Received: (from rakuco@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id sAKLVIrg098688;
 Thu, 20 Nov 2014 21:31:18 GMT (envelope-from rakuco@FreeBSD.org)
Message-Id: <201411202131.sAKLVIrg098688@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: rakuco set sender to
 rakuco@FreeBSD.org using -f
From: Raphael Kubo da Costa <rakuco@FreeBSD.org>
Date: Thu, 20 Nov 2014 21:31:18 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r372965 - in head/www/kwebkitpart: . files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Nov 2014 21:31:19 -0000

Author: rakuco
Date: Thu Nov 20 21:31:17 2014
New Revision: 372965
URL: https://svnweb.freebsd.org/changeset/ports/372965
QAT: https://qat.redports.org/buildarchive/r372965/

Log:
  Add upstream patch for CVE-2014-8600 (insufficient input validation).
  
  MFH:		2014Q4
  Security:	890b6b22-70fa-11e4-91ae-5453ed2e2b49

Added:
  head/www/kwebkitpart/files/
  head/www/kwebkitpart/files/patch-src__webpage.cpp   (contents, props changed)
Modified:
  head/www/kwebkitpart/Makefile

Modified: head/www/kwebkitpart/Makefile
==============================================================================
--- head/www/kwebkitpart/Makefile	Thu Nov 20 21:30:29 2014	(r372964)
+++ head/www/kwebkitpart/Makefile	Thu Nov 20 21:31:17 2014	(r372965)
@@ -2,7 +2,7 @@
 
 PORTNAME=	kwebkitpart
 PORTVERSION=	1.3.2
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	www kde
 MASTER_SITES=	LOCAL/makc
 

Added: head/www/kwebkitpart/files/patch-src__webpage.cpp
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/kwebkitpart/files/patch-src__webpage.cpp	Thu Nov 20 21:31:17 2014	(r372965)
@@ -0,0 +1,41 @@
+commit 641aa7c75631084260ae89aecbdb625e918c6689
+Author: Albert Astals Cid <aacid@kde.org>
+Date:   Thu Nov 13 15:06:01 2014 +0100
+
+    Sanitize html
+    
+    As discussed by the security team
+
+--- src/webpage.cpp
++++ src/webpage.cpp
+@@ -226,23 +226,26 @@ QString WebPage::errorPage(int code, const QString& text, const KUrl& reqUrl) co
+     doc += QL1S( "<h3>" );
+     doc += i18n( "Details of the Request:" );
+     doc += QL1S( "</h3><ul><li>" );
+-    doc += i18n( "URL: %1", reqUrl.url() );
++    // escape URL twice: once for i18n, and once for HTML.
++    doc += i18n( "URL: %1", Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ) );
+     doc += QL1S( "</li><li>" );
+ 
+     const QString protocol (reqUrl.protocol());
+     if ( !protocol.isNull() ) {
+-        doc += i18n( "Protocol: %1", protocol );
++        // escape protocol twice: once for i18n, and once for HTML.
++        doc += i18n( "Protocol: %1", Qt::escape( Qt::escape( protocol ) ) );
+         doc += QL1S( "</li><li>" );
+     }
+ 
+     doc += i18n( "Date and Time: %1",
+                  KGlobal::locale()->formatDateTime(QDateTime::currentDateTime(), KLocale::LongDate) );
+     doc += QL1S( "</li><li>" );
+-    doc += i18n( "Additional Information: %1" ,  text );
++    // escape text twice: once for i18n, and once for HTML.
++    doc += i18n( "Additional Information: %1", Qt::escape( Qt::escape( text ) ) );
+     doc += QL1S( "</li></ul><h3>" );
+     doc += i18n( "Description:" );
+     doc += QL1S( "</h3><p>" );
+-    doc += description;
++    doc += Qt::escape( description );
+     doc += QL1S( "</p>" );
+ 
+     if ( causes.count() ) {