From 15b9626a3df5c453941c78729e5f825147a594b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Wed, 10 Dec 2014 19:38:50 +0100
Subject: [PATCH] kde: fix CVE-2014-8600 by upstream patches

https://www.kde.org/info/security/advisory-20141113-1.txt
I couldn't find kio-extras, so I hope we don't have it disguised somewhere.
---
 .../browsers/kwebkitpart/CVE-2014-8600.diff   | 33 +++++++++++++++++++
 .../browsers/kwebkitpart/default.nix          |  2 ++
 pkgs/desktops/kde-4.14/CVE-2014-8600.diff     | 19 +++++++++++
 pkgs/desktops/kde-4.14/kde-runtime.nix        |  2 ++
 4 files changed, 56 insertions(+)
 create mode 100644 pkgs/applications/networking/browsers/kwebkitpart/CVE-2014-8600.diff
 create mode 100644 pkgs/desktops/kde-4.14/CVE-2014-8600.diff

diff --git a/pkgs/applications/networking/browsers/kwebkitpart/CVE-2014-8600.diff b/pkgs/applications/networking/browsers/kwebkitpart/CVE-2014-8600.diff
new file mode 100644
index 00000000000..0c65e68f216
--- /dev/null
+++ b/pkgs/applications/networking/browsers/kwebkitpart/CVE-2014-8600.diff
@@ -0,0 +1,33 @@
+--- a/src/webpage.cpp
++++ b/src/webpage.cpp
+@@ -226,23 +226,26 @@
+     doc += QL1S( "<h3>" );
+     doc += i18n( "Details of the Request:" );
+     doc += QL1S( "</h3><ul><li>" );
+-    doc += i18n( "URL: %1", reqUrl.url() );
++    // escape URL twice: once for i18n, and once for HTML.
++    doc += i18n( "URL: %1", Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ) );
+     doc += QL1S( "</li><li>" );
+ 
+     const QString protocol (reqUrl.protocol());
+     if ( !protocol.isNull() ) {
+-        doc += i18n( "Protocol: %1", protocol );
++        // escape protocol twice: once for i18n, and once for HTML.
++        doc += i18n( "Protocol: %1", Qt::escape( Qt::escape( protocol ) ) );
+         doc += QL1S( "</li><li>" );
+     }
+ 
+     doc += i18n( "Date and Time: %1",
+                  KGlobal::locale()->formatDateTime(QDateTime::currentDateTime(), KLocale::LongDate) );
+     doc += QL1S( "</li><li>" );
+-    doc += i18n( "Additional Information: %1" ,  text );
++    // escape text twice: once for i18n, and once for HTML.
++    doc += i18n( "Additional Information: %1", Qt::escape( Qt::escape( text ) ) );
+     doc += QL1S( "</li></ul><h3>" );
+     doc += i18n( "Description:" );
+     doc += QL1S( "</h3><p>" );
+-    doc += description;
++    doc += Qt::escape( description );
+     doc += QL1S( "</p>" );
+ 
+     if ( causes.count() ) {
diff --git a/pkgs/applications/networking/browsers/kwebkitpart/default.nix b/pkgs/applications/networking/browsers/kwebkitpart/default.nix
index 5ced048fe64..cb3a0e9eac4 100644
--- a/pkgs/applications/networking/browsers/kwebkitpart/default.nix
+++ b/pkgs/applications/networking/browsers/kwebkitpart/default.nix
@@ -10,6 +10,8 @@ stdenv.mkDerivation rec {
     sha256 = "0kszffgg3zpf319lmzlmdba5gq8kdr5xwb69xwy4s2abc9nvwvbi";
   };
 
+  patches = [ ./CVE-2014-8600.diff ];
+
   buildInputs = [ kdelibs ];
 
   meta = with stdenv.lib; {
diff --git a/pkgs/desktops/kde-4.14/CVE-2014-8600.diff b/pkgs/desktops/kde-4.14/CVE-2014-8600.diff
new file mode 100644
index 00000000000..1fe26484605
--- /dev/null
+++ b/pkgs/desktops/kde-4.14/CVE-2014-8600.diff
@@ -0,0 +1,19 @@
+--- a/kioslave/bookmarks/kio_bookmarks.cpp
++++ b/kioslave/bookmarks/kio_bookmarks.cpp
+@@ -22,6 +22,7 @@
+ #include <stdlib.h>
+ 
+ #include <qregexp.h>
++#include <qtextdocument.h>
+ 
+ #include <kapplication.h>
+ #include <kcmdlineargs.h>
+@@ -197,7 +198,7 @@
+     echoImage(regexp.cap(1), regexp.cap(2), url.queryItem("size"));
+   } else {
+     echoHead();
+-    echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
++    echo("<p class=\"message\">" + i18n("Bad request: %1", Qt::escape(Qt::escape(url.prettyUrl()))) + "</p>");
+   }
+   finished();
+ }
diff --git a/pkgs/desktops/kde-4.14/kde-runtime.nix b/pkgs/desktops/kde-4.14/kde-runtime.nix
index 1c9706f4f4b..2b8df4757de 100644
--- a/pkgs/desktops/kde-4.14/kde-runtime.nix
+++ b/pkgs/desktops/kde-4.14/kde-runtime.nix
@@ -4,6 +4,8 @@
 }:
 
 kde {
+  patches = [ ./CVE-2014-8600.diff ];
+
   buildInputs = [
     kdelibs attica xz bzip2 libssh libjpeg exiv2 ntrack
     qca2 samba libcanberra pulseaudio gpgme