Update per CVE-2014-8600

Package-Manager: portage-2.2.14/cvs/Linux x86_64
Manifest-Sign-Key: 0xF82F92E6

3 files changed, 72 insertions, 3 deletions

diff --git a/kde-misc/kwebkitpart/ChangeLog b/kde-misc/kwebkitpart/ChangeLog
index c919e9b4205c..1693e7cf4345 100644
--- a/kde-misc/kwebkitpart/ChangeLog
+++ b/kde-misc/kwebkitpart/ChangeLog
@@ -1,6 +1,10 @@
 # ChangeLog for kde-misc/kwebkitpart
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-misc/kwebkitpart/ChangeLog,v 1.40 2014/11/03 09:41:16 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-misc/kwebkitpart/ChangeLog,v 1.41 2014/11/16 10:48:18 alexxy Exp $
+
+  16 Nov 2014; Alexey Shvetsov <alexxy@gentoo.org>
+  +files/kwebkitpart-1.3.4-CVE-2014-8600.patch:
+  Update per CVE-2014-8600
 
   03 Nov 2014; Agostino Sarubbo <ago@gentoo.org> kwebkitpart-1.3.4.ebuild:
   Stable for x86, wrt bug #527438
diff --git a/kde-misc/kwebkitpart/Manifest b/kde-misc/kwebkitpart/Manifest
index 3286021b2840..82fd591cfe8e 100644
--- a/kde-misc/kwebkitpart/Manifest
+++ b/kde-misc/kwebkitpart/Manifest
@@ -1,8 +1,28 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
 AUX kwebkitpart-1.3.4-CVE-2014-8600.patch 1601 SHA256 fb83345761306d9480252b719a0f9d503d9c89b50259058114d32b27441a7c7b SHA512 6216c331e713b048de193bd33eb9603a8e8baf5498f1bcd3eb17cef16deb3a6539f831725a72cee948206400b58a9111bab7c1df7ec4cf5d4462578a0ecbd3db WHIRLPOOL 3d2be0f5700f33cad2198e78db224d0e721c334fe43c77a30010cbd074434816af7e95e7bd2d311039e15ec89a50f624b04511aecf88f52d6bf64b56b5735a50
 DIST kwebkitpart-1.3.3.tar.xz 101648 SHA256 149d5a7cc697c5a4750e8a4bdcda0dcb3695a5dce62740707adb192842877486 SHA512 b7507023e006f20bfe9d271724f9b28499e3bd8738812ab25bcb9ff032d2efea12a961748d45ff80100e5340039c04e156689bf048f409b6eacd0d9fbcb885f0 WHIRLPOOL c8fd973c318ce32b5c115d8810e5b32d14650ae795bb42571b37959c6e1b39d8f2c642f90152ed9e415a4940dbb84515f76ac05f001a5f9eeea7ce6cc6929713
 DIST kwebkitpart-1.3.4.tar.bz2 105696 SHA256 c3eb488104b4fae3a11cb0a93b5a02dcf12ecea14b366338daf8a40456af40f9 SHA512 5b24fe4ef2bb20d17016369fa1450cf333c266e665018be6fb2b923c8680c410e8cb4c6a55b960f14bfb624cf0cce3adc25fe0b533fd9baa059e918e6d4b3be0 WHIRLPOOL c5d89c8f52aefe0f5d971fe739dcfb25f9bc8447d136c351f0881aa7c3adb630d6df1cc221034a074924c3286ea88a428cafcae49b10d7fd681a793eefb68502
 EBUILD kwebkitpart-1.3.3.ebuild 528 SHA256 6293b14102bf58c483ace45e27ad583eb2c2651fbba2c448272e5bf7e5777b80 SHA512 3481539f434c6fd07eb6f3ae307155045bfa47353c3c84e9618e06089817fd0475079e39246f6188c40a84817e71801ad3c8e96ce8622cafba06b5a60188c7b9 WHIRLPOOL f9c5260e3b7110c7609a90a218ea3935f9da2e28d56f9c6c6a5e7945be2206ba13e7e8b51ec3aef82f1525fc94325fa7dad64b07d703e029a98e02d57943f4aa
-EBUILD kwebkitpart-1.3.4-r1.ebuild 591 SHA256 748a3c157e91f0703dbdaecacf7230e205e327e183bfdbf7cb6e97d232f0d90e SHA512 c3b64534eab94361735f600890232888dc7bd578404f846aeb105f69fdbd823e50bb2cd618dbc50c5cd8e9e7a1a8ee73e2de76168772ecf39932fbfb826ce355 WHIRLPOOL 0f903169d9c12a7f6a7dc33d5628b9d4486865f2ac4bd32e275fac7d7232ee5e13c474ae7d72ddd659423ebf52239b095afa82d2d01e6432038360b11059670d
+EBUILD kwebkitpart-1.3.4-r1.ebuild 597 SHA256 da161ea671c54c6eee58f6862d901845404246ee1b9d14754e5aa99c594f34b5 SHA512 08c76bbf071701a728cf19273bdb0bf6a5690f8926ead4f37b76b0c3076cb8212cccb5735960d2edff2cf250449c809fb32c1a2d656f4e5b5feed6e0ee464eb2 WHIRLPOOL 8c34808f8a8b6bb79ced6414a724a13e708f113ffd4a2a3e45f8684a4f87c25c28f4ab9c55f6915d6ffd74548a9be42e4a0f67e6f778647bd5844460bad7a583
 EBUILD kwebkitpart-1.3.4.ebuild 535 SHA256 969c4295830de2fc95b52f33ab9f8870d702b9da2445d5d87ecc9e91080c1134 SHA512 23db6384e3e4caf753896213b7c276a87d77431a4b83b9b3902089400b73852b6eaec23a1a3c3cfa477b5b34312ed80f5239304325dea44015dbb42363639db9 WHIRLPOOL 42bccf54c7b5cbd66b41f8b195c0bac76f8ccc892a8b12d7013b038390231a8db34563f0593d4f84fb50333e5d93a3e62b82fc19dbda61f4e61c8c547929f657
-MISC ChangeLog 4980 SHA256 d35a6084e70e4e53fbafc6dac367f6aee14a02ebfcc8f452c82d53132e458218 SHA512 340d8cc5c7f1cb065e8a2d2d4669297c017ed43714737062a4619b643f31dc66b1b849890550657debcff5793b28995432641b4025dfc6c140e670fc3d9165c1 WHIRLPOOL 1b869e588304f39abead40a859b514e753ca29b7fd35e2aa63940bb3ca9a3d60fb73deed0818c3a38e7efb8e7c4b1fa3185ee0f31d5870c639a96238dba0588b
+MISC ChangeLog 5110 SHA256 aa313084f407881c09f0adbc78ab757e14aef6d5f7c3d1aee7dbf735586823a8 SHA512 b90928a44152931ad01fd934b27402a3126bd5033d76c2f113f6fe08625f622912f9994fffc6b7f4a8d425415746f3ce6cd3200e98ae0e489d22856e2da70336 WHIRLPOOL b6080eddc326974af3bb4ce2e591d71a5d632fe74fd0471f69937cb05174e46a35259350f23351d368a14af9b21f2065ccf04de5c6780e9a78e58d2852569ea8
 MISC metadata.xml 157 SHA256 01f6fa4357ce08e8b0f7900a51fa78c7f060fefc7c7da98acaec1e283dd59892 SHA512 657d6b0a31ceb7ac10bedfd5cbd634d4ff47938bd2f321203f0233e53686f7e0fd460e81f82793804895c7e97cfa472c1ca44b93314574262ee8cc5745a3efd0 WHIRLPOOL 785331909f1834cdd5d797ad484ea0e35c3e44c79a8a7517a6fb5de926acd181abd57910c8d960fb2e11ea38ddea336bca309af16fcc2df68fe4b602bca120b3
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iQIcBAEBCAAGBQJUaID5AAoJEOf+E+/4L5LmTX0P/33ktcmd/ulcmjkhpnZGBMfR
+CYCrQ8N77Zkut/Al895Cmv6zLU5jMGLeViURJWOisc7iRDUEOsSbS1eXbEmXKp8Q
+SphgoitlC118uZSksnBKlrO6pspSVoaGvitF4Yj5NgsSmu7XvGX9BCE6lSdcClea
+mgrg3qk775+DLzOkX5mExXZZKJQzevkXRbZQqBiDVGNaFr8reYxTLe5i1OYDzb8s
+T/Z48TxfKpLdmLuajAj5EOmhH2C6B5sI6l/GNzljZUbrT1Ug97yqj7YzDMFWMd2L
+vjyeRcNGMSZE8AHs5wxuM2BTLmkB+P06qeAZjV+yjkErHDgxV3ist5Az/sTJDoCr
+L8iShTmFB4Y0CBKeCCqAp/txQIz8hhJZqilGVRvMS5MPK1DAp5QGcQJM1FwJ7um6
+9vdgN66lqkuRlqDTLiNYfYlcfBcBo2QIYGkWmRdayCLEqE33a4LojDoki09cQMkm
+zKI/m0NG0as8XsvMBr+RHvpwBxDWOrpkCVrj4praLUUNi/BSMLz/wRxUurvkGT35
+JNiKxdmMPkkuXUtNAdOG7DEnG+VCwJo+T3xwpqA1KoFhXlsw4QCL3LObLnreDzGG
+NvOkjQe/y+2Xai3kOiQQF3TEeay7WdTOgfg0yiKgHdhtCzWBuegm0BUiez4fEtl+
+2MTAum91JrxgptS7JNdo
+=EXtR
+-----END PGP SIGNATURE-----
diff --git a/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch b/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch
new file mode 100644
index 000000000000..f5050abaa5bb
--- /dev/null
+++ b/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch
@@ -0,0 +1,45 @@
+From: Albert Astals Cid <aacid@kde.org>
+Date: Thu, 13 Nov 2014 14:06:01 +0000
+Subject: Sanitize html
+X-Git-Url: http://quickgit.kde.org/?p=kwebkitpart.git&a=commitdiff&h=641aa7c75631084260ae89aecbdb625e918c6689
+---
+Sanitize html
+
+As discussed by the security team
+---
+
+
+--- a/src/webpage.cpp
++++ b/src/webpage.cpp
+@@ -226,23 +226,26 @@
+     doc += QL1S( "<h3>" );
+     doc += i18n( "Details of the Request:" );
+     doc += QL1S( "</h3><ul><li>" );
+-    doc += i18n( "URL: %1", reqUrl.url() );
++    // escape URL twice: once for i18n, and once for HTML.
++    doc += i18n( "URL: %1", Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ) );
+     doc += QL1S( "</li><li>" );
+ 
+     const QString protocol (reqUrl.protocol());
+     if ( !protocol.isNull() ) {
+-        doc += i18n( "Protocol: %1", protocol );
++        // escape protocol twice: once for i18n, and once for HTML.
++        doc += i18n( "Protocol: %1", Qt::escape( Qt::escape( protocol ) ) );
+         doc += QL1S( "</li><li>" );
+     }
+ 
+     doc += i18n( "Date and Time: %1",
+                  KGlobal::locale()->formatDateTime(QDateTime::currentDateTime(), KLocale::LongDate) );
+     doc += QL1S( "</li><li>" );
+-    doc += i18n( "Additional Information: %1" ,  text );
++    // escape text twice: once for i18n, and once for HTML.
++    doc += i18n( "Additional Information: %1", Qt::escape( Qt::escape( text ) ) );
+     doc += QL1S( "</li></ul><h3>" );
+     doc += i18n( "Description:" );
+     doc += QL1S( "</h3><p>" );
+-    doc += description;
++    doc += Qt::escape( description );
+     doc += QL1S( "</p>" );
+ 
+     if ( causes.count() ) {
+