6 files changed, 152 insertions, 3 deletions

diff --git a/x11/kde4-runtime/Makefile b/x11/kde4-runtime/Makefile
index fd89157e1731..1a7c749095dc 100644
--- a/x11/kde4-runtime/Makefile
+++ b/x11/kde4-runtime/Makefile
@@ -8,7 +8,7 @@
 
 PORTNAME=	kdebase-runtime
 PORTVERSION=	${KDE4_VERSION}
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	x11 kde
 MASTER_SITES=	${MASTER_SITE_KDE}
 MASTER_SITE_SUBDIR=	${KDE4_BRANCH}/${PORTVERSION}/src
diff --git a/x11/kde4-runtime/files/patch-ocert-2009-015-kioslave b/x11/kde4-runtime/files/patch-ocert-2009-015-kioslave
new file mode 100644
index 000000000000..0024b941e34d
--- /dev/null
+++ b/x11/kde4-runtime/files/patch-ocert-2009-015-kioslave
@@ -0,0 +1,16 @@
+--- ./kioslave/info/info.cc	2009/10/02 15:51:26	1030578
++++ ./kioslave/info/info.cc	2009/10/02 15:53:30	1030579
+@@ -89,6 +89,13 @@
+         return;
+     }
+ 
++    // '<' in the path looks suspicious, someone is trying info:/dir/<script>alert('xss')</script>
++    if (url.path().contains('<'))
++    {
++        error(KIO::ERR_DOES_NOT_EXIST, url.url());
++        return;
++    }
++
+     mimeType("text/html");
+     // extract the path and node from url
+     decodeURL( url );
diff --git a/x11/kdebase4-runtime/Makefile b/x11/kdebase4-runtime/Makefile
index fd89157e1731..1a7c749095dc 100644
--- a/x11/kdebase4-runtime/Makefile
+++ b/x11/kdebase4-runtime/Makefile
@@ -8,7 +8,7 @@
 
 PORTNAME=	kdebase-runtime
 PORTVERSION=	${KDE4_VERSION}
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	x11 kde
 MASTER_SITES=	${MASTER_SITE_KDE}
 MASTER_SITE_SUBDIR=	${KDE4_BRANCH}/${PORTVERSION}/src
diff --git a/x11/kdebase4-runtime/files/patch-ocert-2009-015-kioslave b/x11/kdebase4-runtime/files/patch-ocert-2009-015-kioslave
new file mode 100644
index 000000000000..0024b941e34d
--- /dev/null
+++ b/x11/kdebase4-runtime/files/patch-ocert-2009-015-kioslave
@@ -0,0 +1,16 @@
+--- ./kioslave/info/info.cc	2009/10/02 15:51:26	1030578
++++ ./kioslave/info/info.cc	2009/10/02 15:53:30	1030579
+@@ -89,6 +89,13 @@
+         return;
+     }
+ 
++    // '<' in the path looks suspicious, someone is trying info:/dir/<script>alert('xss')</script>
++    if (url.path().contains('<'))
++    {
++        error(KIO::ERR_DOES_NOT_EXIST, url.url());
++        return;
++    }
++
+     mimeType("text/html");
+     // extract the path and node from url
+     decodeURL( url );
diff --git a/x11/kdelibs4/Makefile b/x11/kdelibs4/Makefile
index 61a57b3a91bd..5a07de5f6bcc 100644
--- a/x11/kdelibs4/Makefile
+++ b/x11/kdelibs4/Makefile
@@ -8,7 +8,7 @@
 
 PORTNAME=	kdelibs
 PORTVERSION=	${KDE4_VERSION}
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	x11 kde ipv6
 MASTER_SITES=	${MASTER_SITE_KDE}
 MASTER_SITE_SUBDIR=	${KDE4_BRANCH}/${PORTVERSION}/src
diff --git a/x11/kdelibs4/files/patch-ocert-2009-015-khtml b/x11/kdelibs4/files/patch-ocert-2009-015-khtml
new file mode 100644
index 000000000000..8e0e82c3534c
--- /dev/null
+++ b/x11/kdelibs4/files/patch-ocert-2009-015-khtml
@@ -0,0 +1,117 @@
+--- ./khtml/ecma/xmlhttprequest.cpp	2009/10/15 10:13:41	1035538
++++ ./khtml/ecma/xmlhttprequest.cpp	2009/10/15 10:14:38	1035539
+@@ -49,7 +49,7 @@
+ 
+ using namespace KJS;
+ using namespace DOM;
+-// 
++//
+ ////////////////////// XMLHttpRequest Object ////////////////////////
+ 
+ /* Source for XMLHttpRequestProtoTable.
+@@ -269,7 +269,7 @@
+ static bool canSetRequestHeader(const QString& name)
+ {
+     static QSet<CaseInsensitiveString> forbiddenHeaders;
+-    
++
+     if (forbiddenHeaders.isEmpty()) {
+ 	static const char* hdrs[] = {
+ 	    "accept-charset",
+@@ -298,12 +298,12 @@
+ 	    "transfer-encoding",
+ 	    "unlock",
+ 	    "upgrade",
+-	    "via" 
++	    "via"
+ 	};
+ 	for (size_t i = 0; i < sizeof(hdrs)/sizeof(char*); ++i)
+ 	    forbiddenHeaders.insert(CaseInsensitiveString(hdrs[i]));
+     }
+-    
++
+     return !forbiddenHeaders.contains(name);
+ }
+ 
+@@ -326,9 +326,9 @@
+ 
+ XMLHttpRequest::~XMLHttpRequest()
+ {
+-  if (onLoadListener) 
++  if (onLoadListener)
+       onLoadListener->deref();
+-  if (onReadyStateChangeListener) 
++  if (onReadyStateChangeListener)
+       onReadyStateChangeListener->deref();
+   delete qObject;
+   qObject = 0;
+@@ -412,17 +412,18 @@
+       return;
+   }
+ 
+-  if (method == "post") {
+-    QString protocol = url.protocol().toLower();
++  const QString protocol = url.protocol().toLower();
++  // Abandon the request when the protocol is other than "http",
++  // instead of blindly doing a KIO::get on other protocols like file:/.
++  if (!protocol.startsWith(QLatin1String("http")) &&
++      !protocol.startsWith(QLatin1String("webdav")))
++  {
++    ec = DOMException::INVALID_ACCESS_ERR;
++    abort();
++    return;
++  }
+ 
+-    // Abondon the request when the protocol is other than "http",
+-    // instead of blindly changing it to a "get" request.
+-    if (!protocol.startsWith(QLatin1String("http")) &&
+-        !protocol.startsWith(QLatin1String("webdav")))
+-    {
+-      abort();
+-      return;
+-    }
++  if (method == "post") {
+ 
+     // FIXME: determine post encoding correctly by looking in headers
+     // for charset.
+@@ -580,7 +581,7 @@
+       ec = DOMException::INVALID_STATE_ERR;
+       return jsString("");
+   }
+-  
++
+   // ### test error flag, return jsNull
+ 
+   if (responseHeaders.isEmpty()) {
+@@ -809,7 +810,7 @@
+       setDOMException(exec, ec);
+       return ret;
+     }
+-  case XMLHttpRequest::GetResponseHeader: 
++  case XMLHttpRequest::GetResponseHeader:
+     {
+       if (args.size() < 1)
+           return throwError(exec, SyntaxError, "Not enough arguments");
+@@ -852,11 +853,11 @@
+         DOM::NodeImpl* docNode = toNode(args[0]);
+         if (docNode && docNode->isDocumentNode()) {
+           DOM::DocumentImpl *doc = static_cast<DOM::DocumentImpl *>(docNode);
+-          
++
+           try {
+             body = doc->toString().string();
+             // FIXME: also need to set content type, including encoding!
+-  
++
+           } catch(DOM::DOMException&) {
+             return throwError(exec, GeneralError, "Exception serializing document");
+           }
+@@ -866,7 +867,7 @@
+       }
+ 
+       request->send(body, ec);
+-      setDOMException(exec, ec);  
++      setDOMException(exec, ec);
+       return jsUndefined();
+     }
+   case XMLHttpRequest::SetRequestHeader: