From 82e6ff7e0cb38be439633cd8fc07f3accb6d34ad Mon Sep 17 00:00:00 2001
From: Alexey Shvetsov <alexxy@gentoo.org>
Date: Sun, 16 Nov 2014 10:48:18 +0000
Subject: Update per CVE-2014-8600

(Portage version: 2.2.14/cvs/Linux x86_64, signed Manifest commit with key F82F92E6)
---
 kde-misc/kwebkitpart/ChangeLog                     |  6 ++-
 .../files/kwebkitpart-1.3.4-CVE-2014-8600.patch    | 45 ++++++++++++++++++++++
 2 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100644 kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch

diff --git a/kde-misc/kwebkitpart/ChangeLog b/kde-misc/kwebkitpart/ChangeLog
index c919e9b4205c..1693e7cf4345 100644
--- a/kde-misc/kwebkitpart/ChangeLog
+++ b/kde-misc/kwebkitpart/ChangeLog
@@ -1,6 +1,10 @@
 # ChangeLog for kde-misc/kwebkitpart
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-misc/kwebkitpart/ChangeLog,v 1.40 2014/11/03 09:41:16 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-misc/kwebkitpart/ChangeLog,v 1.41 2014/11/16 10:48:18 alexxy Exp $
+
+  16 Nov 2014; Alexey Shvetsov <alexxy@gentoo.org>
+  +files/kwebkitpart-1.3.4-CVE-2014-8600.patch:
+  Update per CVE-2014-8600
 
   03 Nov 2014; Agostino Sarubbo <ago@gentoo.org> kwebkitpart-1.3.4.ebuild:
   Stable for x86, wrt bug #527438
diff --git a/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch b/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch
new file mode 100644
index 000000000000..f5050abaa5bb
--- /dev/null
+++ b/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch
@@ -0,0 +1,45 @@
+From: Albert Astals Cid <aacid@kde.org>
+Date: Thu, 13 Nov 2014 14:06:01 +0000
+Subject: Sanitize html
+X-Git-Url: http://quickgit.kde.org/?p=kwebkitpart.git&a=commitdiff&h=641aa7c75631084260ae89aecbdb625e918c6689
+---
+Sanitize html
+
+As discussed by the security team
+---
+
+
+--- a/src/webpage.cpp
++++ b/src/webpage.cpp
+@@ -226,23 +226,26 @@
+     doc += QL1S( "<h3>" );
+     doc += i18n( "Details of the Request:" );
+     doc += QL1S( "</h3><ul><li>" );
+-    doc += i18n( "URL: %1", reqUrl.url() );
++    // escape URL twice: once for i18n, and once for HTML.
++    doc += i18n( "URL: %1", Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ) );
+     doc += QL1S( "</li><li>" );
+ 
+     const QString protocol (reqUrl.protocol());
+     if ( !protocol.isNull() ) {
+-        doc += i18n( "Protocol: %1", protocol );
++        // escape protocol twice: once for i18n, and once for HTML.
++        doc += i18n( "Protocol: %1", Qt::escape( Qt::escape( protocol ) ) );
+         doc += QL1S( "</li><li>" );
+     }
+ 
+     doc += i18n( "Date and Time: %1",
+                  KGlobal::locale()->formatDateTime(QDateTime::currentDateTime(), KLocale::LongDate) );
+     doc += QL1S( "</li><li>" );
+-    doc += i18n( "Additional Information: %1" ,  text );
++    // escape text twice: once for i18n, and once for HTML.
++    doc += i18n( "Additional Information: %1", Qt::escape( Qt::escape( text ) ) );
+     doc += QL1S( "</li></ul><h3>" );
+     doc += i18n( "Description:" );
+     doc += QL1S( "</h3><p>" );
+-    doc += description;
++    doc += Qt::escape( description );
+     doc += QL1S( "</p>" );
+ 
+     if ( causes.count() ) {
+
-- 
cgit v1.2.3-65-gdbad