kde: fix CVE-2014-8600 by upstream patches

https://www.kde.org/info/security/advisory-20141113-1.txt
I couldn't find kio-extras, so I hope we don't have it disguised somewhere.

2 files changed, 21 insertions, 0 deletions

diff --git a/pkgs/desktops/kde-4.14/CVE-2014-8600.diff b/pkgs/desktops/kde-4.14/CVE-2014-8600.diff
new file mode 100644
index 000000000000..1fe26484605e
--- /dev/null
+++ b/pkgs/desktops/kde-4.14/CVE-2014-8600.diff
@@ -0,0 +1,19 @@
+--- a/kioslave/bookmarks/kio_bookmarks.cpp
++++ b/kioslave/bookmarks/kio_bookmarks.cpp
+@@ -22,6 +22,7 @@
+ #include <stdlib.h>
+ 
+ #include <qregexp.h>
++#include <qtextdocument.h>
+ 
+ #include <kapplication.h>
+ #include <kcmdlineargs.h>
+@@ -197,7 +198,7 @@
+     echoImage(regexp.cap(1), regexp.cap(2), url.queryItem("size"));
+   } else {
+     echoHead();
+-    echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
++    echo("<p class=\"message\">" + i18n("Bad request: %1", Qt::escape(Qt::escape(url.prettyUrl()))) + "</p>");
+   }
+   finished();
+ }
diff --git a/pkgs/desktops/kde-4.14/kde-runtime.nix b/pkgs/desktops/kde-4.14/kde-runtime.nix
index 1c9706f4f4bf..2b8df4757de0 100644
--- a/pkgs/desktops/kde-4.14/kde-runtime.nix
+++ b/pkgs/desktops/kde-4.14/kde-runtime.nix
@@ -4,6 +4,8 @@
 }:
 
 kde {
+  patches = [ ./CVE-2014-8600.diff ];
+
   buildInputs = [
     kdelibs attica xz bzip2 libssh libjpeg exiv2 ntrack
     qca2 samba libcanberra pulseaudio gpgme