* [gentoo-commits] repo/gentoo:master commit in: kde-frameworks/kcoreaddons/files/, kde-frameworks/kcoreaddons/
@ 2016-04-27 11:51 Johannes Huber
0 siblings, 0 replies; 4+ messages in thread
From: Johannes Huber @ 2016-04-27 11:51 UTC (permalink / raw
To: gentoo-commits
commit: 54fb35c25f20b7dd790c415b604a9163fe80db04
Author: Johannes Huber <johu <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 27 11:50:10 2016 +0000
Commit: Johannes Huber <johu <AT> gentoo <DOT> org>
CommitDate: Wed Apr 27 11:51:08 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=54fb35c2
kde-frameworks/kcoreaddons: Fix weak random number generator
Revision bump adds upstream patch to fix a regression introduced in 5.21.0.
See https://mail.kde.org/pipermail/kde-distro-packagers/2016-April/000157.html.
Gentoo-bug: 581352
Package-Manager: portage-2.2.28
.../files/kcoreaddons-5.21.0-random.patch | 25 ++++++++++++++++
.../kcoreaddons/kcoreaddons-5.21.0-r1.ebuild | 33 ++++++++++++++++++++++
2 files changed, 58 insertions(+)
diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.21.0-random.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.21.0-random.patch
new file mode 100644
index 0000000..6aa913a
--- /dev/null
+++ b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.21.0-random.patch
@@ -0,0 +1,25 @@
+commit 78212436643af95779facd9593c82fb149c2213d
+Author: Albert Astals Cid <aacid@kde.org>
+Date: Tue Apr 26 23:41:27 2016 +0200
+
+ Missing rand() -> qrand
+
+ Fixes regression introduced in 9ae6d765b37135bbfe3a8b936e5a88b8a435e424
+
+ Reviewed by Aleix
+
+ BUGS: 362161
+
+diff --git a/src/lib/randomness/krandom.cpp b/src/lib/randomness/krandom.cpp
+index eef6bf6..eaff71f 100644
+--- a/src/lib/randomness/krandom.cpp
++++ b/src/lib/randomness/krandom.cpp
+@@ -51,7 +51,7 @@ int KRandom::random()
+ }
+ qsrand(seed);
+ }
+- return rand();
++ return qrand();
+ }
+
+ QString KRandom::randomString(int length)
diff --git a/kde-frameworks/kcoreaddons/kcoreaddons-5.21.0-r1.ebuild b/kde-frameworks/kcoreaddons/kcoreaddons-5.21.0-r1.ebuild
new file mode 100644
index 0000000..fb0cc78
--- /dev/null
+++ b/kde-frameworks/kcoreaddons/kcoreaddons-5.21.0-r1.ebuild
@@ -0,0 +1,33 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit kde5
+
+DESCRIPTION="Framework for solving common problems such as caching, randomisation, and more"
+LICENSE="LGPL-2+"
+KEYWORDS="~amd64 ~arm ~x86"
+IUSE="fam nls"
+
+RDEPEND="
+ $(add_qt_dep qtcore 'icu')
+ fam? ( virtual/fam )
+ !<kde-frameworks/kservice-5.2.0:5
+"
+DEPEND="${RDEPEND}
+ x11-misc/shared-mime-info
+ nls? ( $(add_qt_dep linguist-tools) )
+"
+
+PATCHES=( "${FILESDIR}/${P}-random.patch" )
+
+src_configure() {
+ local mycmakeargs=(
+ -D_KDE4_DEFAULT_HOME_POSTFIX=4
+ $(cmake-utils_use_find_package fam FAM)
+ )
+
+ kde5_src_configure
+}
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: kde-frameworks/kcoreaddons/files/, kde-frameworks/kcoreaddons/
@ 2016-10-07 15:54 Michael Palimaka
0 siblings, 0 replies; 4+ messages in thread
From: Michael Palimaka @ 2016-10-07 15:54 UTC (permalink / raw
To: gentoo-commits
commit: d370ca0f6eb6fe7fcbe2978fd1b0cc9036c1c651
Author: Michael Palimaka <kensington <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 7 15:51:13 2016 +0000
Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org>
CommitDate: Fri Oct 7 15:53:48 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d370ca0f
kde-frameworks/kcoreaddons: backport patch from upstream to resolve CVE-2016-7966
This also backports an unrelated bugfix patch (1be7272) as it is required for
the CVE patch (96e562d) to apply cleanly.
Gentoo-bug: 596224
Package-Manager: portage-2.3.1
.../files/kcoreaddons-5.26.0-CVE-2016-7966.patch | 225 +++++++++++++++++++++
...-5.26.0.ebuild => kcoreaddons-5.26.0-r1.ebuild} | 2 +
2 files changed, 227 insertions(+)
diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch
new file mode 100644
index 00000000..71dc769
--- /dev/null
+++ b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch
@@ -0,0 +1,225 @@
+From 2a5142fecf8615ccfa3e7c1f9c088fa6ae5cc2a1 Mon Sep 17 00:00:00 2001
+From: Montel Laurent <montel@kde.org>
+Date: Wed, 21 Sep 2016 07:24:30 +0200
+Subject: [PATCH 1/2] Fix very old bug when we remove space in url as "foo
+ <<url> <url>>"
+
+---
+ autotests/ktexttohtmltest.cpp | 14 ++++++++++++++
+ src/lib/text/ktexttohtml.cpp | 14 ++++++++++++--
+ 2 files changed, 26 insertions(+), 2 deletions(-)
+
+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
+index 474f0ca..8fc0c56 100644
+--- a/autotests/ktexttohtmltest.cpp
++++ b/autotests/ktexttohtmltest.cpp
+@@ -30,6 +30,15 @@ QTEST_MAIN(KTextToHTMLTest)
+
+ Q_DECLARE_METATYPE(KTextToHTML::Options)
+
++#ifndef Q_OS_WIN
++void initLocale()
++{
++ setenv("LC_ALL", "en_US.utf-8", 1);
++}
++Q_CONSTRUCTOR_FUNCTION(initLocale)
++#endif
++
++
+ void KTextToHTMLTest::testGetEmailAddress()
+ {
+ // empty input
+@@ -372,6 +381,11 @@ void KTextToHTMLTest::testHtmlConvert_data()
+ QTest::newRow("url-in-parenthesis-3") << "bla (http://www.kde.org - section 5.2)"
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+ << "bla (<a href=\"http://www.kde.org\">http://www.kde.org</a> - section 5.2)";
++
++ // Fix url as foo <<url> <url>> when we concatened them.
++ QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>"
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
++ << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>";
+ }
+
+
+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp
+index 8ed923d..b181f56 100644
+--- a/src/lib/text/ktexttohtml.cpp
++++ b/src/lib/text/ktexttohtml.cpp
+@@ -228,11 +228,19 @@ QString KTextToHTMLHelper::getUrl()
+
+ url.reserve(mMaxUrlLen); // avoid allocs
+ int start = mPos;
++ bool previousCharIsSpace = false;
+ while ((mPos < mText.length()) &&
+ (mText[mPos].isPrint() || mText[mPos].isSpace()) &&
+ ((afterUrl.isNull() && !mText[mPos].isSpace()) ||
+ (!afterUrl.isNull() && mText[mPos] != afterUrl))) {
+- if (!mText[mPos].isSpace()) { // skip whitespace
++ if (mText[mPos].isSpace()) {
++ previousCharIsSpace = true;
++ } else { // skip whitespace
++ if (previousCharIsSpace && mText[mPos] == QLatin1Char('<')) {
++ url.append(QLatin1Char(' '));
++ break;
++ }
++ previousCharIsSpace = false;
+ url.append(mText[mPos]);
+ if (url.length() > mMaxUrlLen) {
+ break;
+@@ -267,7 +275,6 @@ QString KTextToHTMLHelper::getUrl()
+ }
+ } while (url.length() > 1);
+ }
+-
+ return url;
+ }
+
+@@ -334,6 +341,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
+ QChar ch;
+ int x;
+ bool startOfLine = true;
++ //qDebug()<<" plainText"<<plainText;
+
+ for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length();
+ ++helper.mPos, ++x) {
+@@ -402,6 +410,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
+ const int start = helper.mPos;
+ if (!(flags & IgnoreUrls)) {
+ str = helper.getUrl();
++ //qDebug()<<" str"<<str;
+ if (!str.isEmpty()) {
+ QString hyperlink;
+ if (str.left(4) == QLatin1String("www.")) {
+@@ -455,6 +464,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
+
+ result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude);
+ }
++ //qDebug()<<" result "<<result;
+
+ return result;
+ }
+--
+2.7.3
+
+From aa9281b7f95ce970603645d79f6f275d1ae7d2ed Mon Sep 17 00:00:00 2001
+From: Montel Laurent <montel@kde.org>
+Date: Fri, 30 Sep 2016 13:21:45 +0200
+Subject: [PATCH 2/2] Don't convert as url an url which has a "
+
+---
+ autotests/ktexttohtmltest.cpp | 6 ++++++
+ src/lib/text/ktexttohtml.cpp | 25 +++++++++++++++++++------
+ src/lib/text/ktexttohtml_p.h | 2 +-
+ 3 files changed, 26 insertions(+), 7 deletions(-)
+
+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
+index 8fc0c56..c5690e8 100644
+--- a/autotests/ktexttohtmltest.cpp
++++ b/autotests/ktexttohtmltest.cpp
+@@ -386,6 +386,12 @@ void KTextToHTMLTest::testHtmlConvert_data()
+ QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>"
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+ << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>";
++
++ //Fix url exploit
++ QTest::newRow("url-exec-html") << "https://\"><!--"
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
++ << "https://\"><!--";
++
+ }
+
+
+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp
+index b181f56..09b2483 100644
+--- a/src/lib/text/ktexttohtml.cpp
++++ b/src/lib/text/ktexttohtml.cpp
+@@ -156,7 +156,6 @@ bool KTextToHTMLHelper::atUrl()
+ (allowedSpecialChars.indexOf(mText[mPos - 1]) != -1))) {
+ return false;
+ }
+-
+ QChar ch = mText[mPos];
+ return
+ (ch == QLatin1Char('h') && (mText.mid(mPos, 7) == QLatin1String("http://") ||
+@@ -192,7 +191,7 @@ bool KTextToHTMLHelper::isEmptyUrl(const QString &url)
+ url == QLatin1String("news://");
+ }
+
+-QString KTextToHTMLHelper::getUrl()
++QString KTextToHTMLHelper::getUrl(bool *badurl)
+ {
+ QString url;
+ if (atUrl()) {
+@@ -229,6 +228,7 @@ QString KTextToHTMLHelper::getUrl()
+ url.reserve(mMaxUrlLen); // avoid allocs
+ int start = mPos;
+ bool previousCharIsSpace = false;
++ bool previousCharIsADoubleQuote = false;
+ while ((mPos < mText.length()) &&
+ (mText[mPos].isPrint() || mText[mPos].isSpace()) &&
+ ((afterUrl.isNull() && !mText[mPos].isSpace()) ||
+@@ -241,6 +241,18 @@ QString KTextToHTMLHelper::getUrl()
+ break;
+ }
+ previousCharIsSpace = false;
++ if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) {
++ //it's an invalid url
++ if (badurl) {
++ *badurl = true;
++ }
++ return QString();
++ }
++ if (mText[mPos] == QLatin1Char('"')) {
++ previousCharIsADoubleQuote = true;
++ } else {
++ previousCharIsADoubleQuote = false;
++ }
+ url.append(mText[mPos]);
+ if (url.length() > mMaxUrlLen) {
+ break;
+@@ -341,7 +353,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
+ QChar ch;
+ int x;
+ bool startOfLine = true;
+- //qDebug()<<" plainText"<<plainText;
+
+ for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length();
+ ++helper.mPos, ++x) {
+@@ -409,8 +420,11 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
+ } else {
+ const int start = helper.mPos;
+ if (!(flags & IgnoreUrls)) {
+- str = helper.getUrl();
+- //qDebug()<<" str"<<str;
++ bool badUrl = false;
++ str = helper.getUrl(&badUrl);
++ if (badUrl) {
++ return helper.mText;
++ }
+ if (!str.isEmpty()) {
+ QString hyperlink;
+ if (str.left(4) == QLatin1String("www.")) {
+@@ -464,7 +478,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
+
+ result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude);
+ }
+- //qDebug()<<" result "<<result;
+
+ return result;
+ }
+diff --git a/src/lib/text/ktexttohtml_p.h b/src/lib/text/ktexttohtml_p.h
+index 74ad7a0..fc43613 100644
+--- a/src/lib/text/ktexttohtml_p.h
++++ b/src/lib/text/ktexttohtml_p.h
+@@ -49,7 +49,7 @@ public:
+ QString getEmailAddress();
+ bool atUrl();
+ bool isEmptyUrl(const QString &url);
+- QString getUrl();
++ QString getUrl(bool *badurl = Q_NULLPTR);
+ QString pngToDataUrl(const QString &pngPath);
+ QString highlightedText();
+
+--
+2.7.3
+
diff --git a/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0.ebuild b/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild
similarity index 92%
rename from kde-frameworks/kcoreaddons/kcoreaddons-5.26.0.ebuild
rename to kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild
index 037dde3..ebb5cd8 100644
--- a/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0.ebuild
+++ b/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild
@@ -21,6 +21,8 @@ DEPEND="${RDEPEND}
nls? ( $(add_qt_dep linguist-tools) )
"
+PATCHES=( "${FILESDIR}/${P}-CVE-2016-7966.patch" )
+
src_configure() {
local mycmakeargs=(
-D_KDE4_DEFAULT_HOME_POSTFIX=4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: kde-frameworks/kcoreaddons/files/, kde-frameworks/kcoreaddons/
@ 2016-11-04 8:43 Johannes Huber
0 siblings, 0 replies; 4+ messages in thread
From: Johannes Huber @ 2016-11-04 8:43 UTC (permalink / raw
To: gentoo-commits
commit: 9805f9685e3de42755d769ab31e73e30416cc1ef
Author: Johannes Huber <johu <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 4 08:41:49 2016 +0000
Commit: Johannes Huber <johu <AT> gentoo <DOT> org>
CommitDate: Fri Nov 4 08:43:02 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9805f968
kde-frameworks/kcoreaddons: Remove vulnerable version
Gentoo-bug: 596224
Package-Manager: portage-2.3.2
.../files/kcoreaddons-5.26.0-CVE-2016-7966.patch | 225 ---------------------
.../kcoreaddons/kcoreaddons-5.26.0-r1.ebuild | 33 ---
2 files changed, 258 deletions(-)
diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch
deleted file mode 100644
index 71dc769..00000000
--- a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch
+++ /dev/null
@@ -1,225 +0,0 @@
-From 2a5142fecf8615ccfa3e7c1f9c088fa6ae5cc2a1 Mon Sep 17 00:00:00 2001
-From: Montel Laurent <montel@kde.org>
-Date: Wed, 21 Sep 2016 07:24:30 +0200
-Subject: [PATCH 1/2] Fix very old bug when we remove space in url as "foo
- <<url> <url>>"
-
----
- autotests/ktexttohtmltest.cpp | 14 ++++++++++++++
- src/lib/text/ktexttohtml.cpp | 14 ++++++++++++--
- 2 files changed, 26 insertions(+), 2 deletions(-)
-
-diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
-index 474f0ca..8fc0c56 100644
---- a/autotests/ktexttohtmltest.cpp
-+++ b/autotests/ktexttohtmltest.cpp
-@@ -30,6 +30,15 @@ QTEST_MAIN(KTextToHTMLTest)
-
- Q_DECLARE_METATYPE(KTextToHTML::Options)
-
-+#ifndef Q_OS_WIN
-+void initLocale()
-+{
-+ setenv("LC_ALL", "en_US.utf-8", 1);
-+}
-+Q_CONSTRUCTOR_FUNCTION(initLocale)
-+#endif
-+
-+
- void KTextToHTMLTest::testGetEmailAddress()
- {
- // empty input
-@@ -372,6 +381,11 @@ void KTextToHTMLTest::testHtmlConvert_data()
- QTest::newRow("url-in-parenthesis-3") << "bla (http://www.kde.org - section 5.2)"
- << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
- << "bla (<a href=\"http://www.kde.org\">http://www.kde.org</a> - section 5.2)";
-+
-+ // Fix url as foo <<url> <url>> when we concatened them.
-+ QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>"
-+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-+ << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>";
- }
-
-
-diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp
-index 8ed923d..b181f56 100644
---- a/src/lib/text/ktexttohtml.cpp
-+++ b/src/lib/text/ktexttohtml.cpp
-@@ -228,11 +228,19 @@ QString KTextToHTMLHelper::getUrl()
-
- url.reserve(mMaxUrlLen); // avoid allocs
- int start = mPos;
-+ bool previousCharIsSpace = false;
- while ((mPos < mText.length()) &&
- (mText[mPos].isPrint() || mText[mPos].isSpace()) &&
- ((afterUrl.isNull() && !mText[mPos].isSpace()) ||
- (!afterUrl.isNull() && mText[mPos] != afterUrl))) {
-- if (!mText[mPos].isSpace()) { // skip whitespace
-+ if (mText[mPos].isSpace()) {
-+ previousCharIsSpace = true;
-+ } else { // skip whitespace
-+ if (previousCharIsSpace && mText[mPos] == QLatin1Char('<')) {
-+ url.append(QLatin1Char(' '));
-+ break;
-+ }
-+ previousCharIsSpace = false;
- url.append(mText[mPos]);
- if (url.length() > mMaxUrlLen) {
- break;
-@@ -267,7 +275,6 @@ QString KTextToHTMLHelper::getUrl()
- }
- } while (url.length() > 1);
- }
--
- return url;
- }
-
-@@ -334,6 +341,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
- QChar ch;
- int x;
- bool startOfLine = true;
-+ //qDebug()<<" plainText"<<plainText;
-
- for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length();
- ++helper.mPos, ++x) {
-@@ -402,6 +410,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
- const int start = helper.mPos;
- if (!(flags & IgnoreUrls)) {
- str = helper.getUrl();
-+ //qDebug()<<" str"<<str;
- if (!str.isEmpty()) {
- QString hyperlink;
- if (str.left(4) == QLatin1String("www.")) {
-@@ -455,6 +464,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
-
- result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude);
- }
-+ //qDebug()<<" result "<<result;
-
- return result;
- }
---
-2.7.3
-
-From aa9281b7f95ce970603645d79f6f275d1ae7d2ed Mon Sep 17 00:00:00 2001
-From: Montel Laurent <montel@kde.org>
-Date: Fri, 30 Sep 2016 13:21:45 +0200
-Subject: [PATCH 2/2] Don't convert as url an url which has a "
-
----
- autotests/ktexttohtmltest.cpp | 6 ++++++
- src/lib/text/ktexttohtml.cpp | 25 +++++++++++++++++++------
- src/lib/text/ktexttohtml_p.h | 2 +-
- 3 files changed, 26 insertions(+), 7 deletions(-)
-
-diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
-index 8fc0c56..c5690e8 100644
---- a/autotests/ktexttohtmltest.cpp
-+++ b/autotests/ktexttohtmltest.cpp
-@@ -386,6 +386,12 @@ void KTextToHTMLTest::testHtmlConvert_data()
- QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>"
- << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
- << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>";
-+
-+ //Fix url exploit
-+ QTest::newRow("url-exec-html") << "https://\"><!--"
-+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-+ << "https://\"><!--";
-+
- }
-
-
-diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp
-index b181f56..09b2483 100644
---- a/src/lib/text/ktexttohtml.cpp
-+++ b/src/lib/text/ktexttohtml.cpp
-@@ -156,7 +156,6 @@ bool KTextToHTMLHelper::atUrl()
- (allowedSpecialChars.indexOf(mText[mPos - 1]) != -1))) {
- return false;
- }
--
- QChar ch = mText[mPos];
- return
- (ch == QLatin1Char('h') && (mText.mid(mPos, 7) == QLatin1String("http://") ||
-@@ -192,7 +191,7 @@ bool KTextToHTMLHelper::isEmptyUrl(const QString &url)
- url == QLatin1String("news://");
- }
-
--QString KTextToHTMLHelper::getUrl()
-+QString KTextToHTMLHelper::getUrl(bool *badurl)
- {
- QString url;
- if (atUrl()) {
-@@ -229,6 +228,7 @@ QString KTextToHTMLHelper::getUrl()
- url.reserve(mMaxUrlLen); // avoid allocs
- int start = mPos;
- bool previousCharIsSpace = false;
-+ bool previousCharIsADoubleQuote = false;
- while ((mPos < mText.length()) &&
- (mText[mPos].isPrint() || mText[mPos].isSpace()) &&
- ((afterUrl.isNull() && !mText[mPos].isSpace()) ||
-@@ -241,6 +241,18 @@ QString KTextToHTMLHelper::getUrl()
- break;
- }
- previousCharIsSpace = false;
-+ if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) {
-+ //it's an invalid url
-+ if (badurl) {
-+ *badurl = true;
-+ }
-+ return QString();
-+ }
-+ if (mText[mPos] == QLatin1Char('"')) {
-+ previousCharIsADoubleQuote = true;
-+ } else {
-+ previousCharIsADoubleQuote = false;
-+ }
- url.append(mText[mPos]);
- if (url.length() > mMaxUrlLen) {
- break;
-@@ -341,7 +353,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
- QChar ch;
- int x;
- bool startOfLine = true;
-- //qDebug()<<" plainText"<<plainText;
-
- for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length();
- ++helper.mPos, ++x) {
-@@ -409,8 +420,11 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
- } else {
- const int start = helper.mPos;
- if (!(flags & IgnoreUrls)) {
-- str = helper.getUrl();
-- //qDebug()<<" str"<<str;
-+ bool badUrl = false;
-+ str = helper.getUrl(&badUrl);
-+ if (badUrl) {
-+ return helper.mText;
-+ }
- if (!str.isEmpty()) {
- QString hyperlink;
- if (str.left(4) == QLatin1String("www.")) {
-@@ -464,7 +478,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
-
- result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude);
- }
-- //qDebug()<<" result "<<result;
-
- return result;
- }
-diff --git a/src/lib/text/ktexttohtml_p.h b/src/lib/text/ktexttohtml_p.h
-index 74ad7a0..fc43613 100644
---- a/src/lib/text/ktexttohtml_p.h
-+++ b/src/lib/text/ktexttohtml_p.h
-@@ -49,7 +49,7 @@ public:
- QString getEmailAddress();
- bool atUrl();
- bool isEmptyUrl(const QString &url);
-- QString getUrl();
-+ QString getUrl(bool *badurl = Q_NULLPTR);
- QString pngToDataUrl(const QString &pngPath);
- QString highlightedText();
-
---
-2.7.3
-
diff --git a/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild b/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild
deleted file mode 100644
index 17a05b0..00000000
--- a/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-inherit kde5
-
-DESCRIPTION="Framework for solving common problems such as caching, randomisation, and more"
-LICENSE="LGPL-2+"
-KEYWORDS="amd64 ~arm x86"
-IUSE="fam nls"
-
-RDEPEND="
- $(add_qt_dep qtcore 'icu')
- fam? ( virtual/fam )
- !<kde-frameworks/kservice-5.2.0:5
-"
-DEPEND="${RDEPEND}
- x11-misc/shared-mime-info
- nls? ( $(add_qt_dep linguist-tools) )
-"
-
-PATCHES=( "${FILESDIR}/${P}-CVE-2016-7966.patch" )
-
-src_configure() {
- local mycmakeargs=(
- -D_KDE4_DEFAULT_HOME_POSTFIX=4
- $(cmake-utils_use_find_package fam FAM)
- )
-
- kde5_src_configure
-}
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: kde-frameworks/kcoreaddons/files/, kde-frameworks/kcoreaddons/
@ 2018-06-06 11:56 Andreas Sturmlechner
0 siblings, 0 replies; 4+ messages in thread
From: Andreas Sturmlechner @ 2018-06-06 11:56 UTC (permalink / raw
To: gentoo-commits
commit: 2d400f06bbd72197ac660b93f12b5dc66d2102cb
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 6 11:55:05 2018 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Wed Jun 6 11:55:38 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d400f06
kde-frameworks/kcoreaddons: Add Debian patch for kformattest failure
Closes: https://bugs.gentoo.org/650280
Package-Manager: Portage-2.3.40, Repoman-2.3.9
.../files/kcoreaddons-5.46.0-kformattest.patch | 56 ++++++++++++++++++++++
.../kcoreaddons/kcoreaddons-5.46.0.ebuild | 8 ++++
2 files changed, 64 insertions(+)
diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.46.0-kformattest.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.46.0-kformattest.patch
new file mode 100644
index 00000000000..64031659fdd
--- /dev/null
+++ b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.46.0-kformattest.patch
@@ -0,0 +1,56 @@
+From: Maximiliano Curia <maxy@gnuservers.com.ar>
+Date: Tue, 15 May 2018 13:06:53 +0200
+Subject: fix kformattest plural forms
+
+---
+ autotests/kformattest.cpp | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/autotests/kformattest.cpp b/autotests/kformattest.cpp
+index 15080be..6cc3c52 100644
+--- a/autotests/kformattest.cpp
++++ b/autotests/kformattest.cpp
+@@ -248,8 +248,8 @@ void KFormatTest::formatDecimalDuration()
+ {
+ KFormat format(QLocale::c());
+
+- QCOMPARE(format.formatDecimalDuration(10), QStringLiteral("10 millisecond(s)"));
+- QCOMPARE(format.formatDecimalDuration(10, 3), QStringLiteral("10 millisecond(s)"));
++ QCOMPARE(format.formatDecimalDuration(10), QStringLiteral("10 milliseconds"));
++ QCOMPARE(format.formatDecimalDuration(10, 3), QStringLiteral("10 milliseconds"));
+ QCOMPARE(format.formatDecimalDuration(1 * MSecsInSecond + 10), QStringLiteral("1.01 seconds"));
+ QCOMPARE(format.formatDecimalDuration(1 * MSecsInSecond + 1, 3), QStringLiteral("1.001 seconds"));
+ QCOMPARE(format.formatDecimalDuration(1 * MSecsInMinute + 10 * MSecsInSecond), QStringLiteral("1.17 minutes"));
+@@ -264,22 +264,22 @@ void KFormatTest::formatSpelloutDuration()
+ {
+ KFormat format(QLocale::c());
+
+- QCOMPARE(format.formatSpelloutDuration(1000), QStringLiteral("1 second(s)"));
+- QCOMPARE(format.formatSpelloutDuration(5000), QStringLiteral("5 second(s)"));
+- QCOMPARE(format.formatSpelloutDuration(60000), QStringLiteral("1 minute(s)"));
+- QCOMPARE(format.formatSpelloutDuration(300000), QStringLiteral("5 minute(s)"));
+- QCOMPARE(format.formatSpelloutDuration(3600000), QStringLiteral("1 hour(s)"));
+- QCOMPARE(format.formatSpelloutDuration(18000000), QStringLiteral("5 hour(s)"));
+- QCOMPARE(format.formatSpelloutDuration(75000), QStringLiteral("1 minute(s) and 15 second(s)"));
++ QCOMPARE(format.formatSpelloutDuration(1000), QStringLiteral("1 second"));
++ QCOMPARE(format.formatSpelloutDuration(5000), QStringLiteral("5 seconds"));
++ QCOMPARE(format.formatSpelloutDuration(60000), QStringLiteral("1 minute"));
++ QCOMPARE(format.formatSpelloutDuration(300000), QStringLiteral("5 minutes"));
++ QCOMPARE(format.formatSpelloutDuration(3600000), QStringLiteral("1 hour"));
++ QCOMPARE(format.formatSpelloutDuration(18000000), QStringLiteral("5 hours"));
++ QCOMPARE(format.formatSpelloutDuration(75000), QStringLiteral("1 minute and 15 seconds"));
+ // Problematic case #1 (there is a reference to this case on kformat.cpp)
+- QCOMPARE(format.formatSpelloutDuration(119999), QStringLiteral("2 minute(s)"));
++ QCOMPARE(format.formatSpelloutDuration(119999), QStringLiteral("2 minutes"));
+ // This case is strictly 2 hours, 15 minutes and 59 seconds. However, since the range is
+ // pretty high between hours and seconds, formatSpelloutDuration always omits seconds when there
+ // are hours in scene.
+- QCOMPARE(format.formatSpelloutDuration(8159000), QStringLiteral("2 hour(s) and 15 minute(s)"));
++ QCOMPARE(format.formatSpelloutDuration(8159000), QStringLiteral("2 hours and 15 minutes"));
+ // This case is strictly 1 hour and 10 seconds. For the same reason, formatSpelloutDuration
+ // detects that 10 seconds is just garbage compared to 1 hour, and omits it on the result.
+- QCOMPARE(format.formatSpelloutDuration(3610000), QStringLiteral("1 hour(s)"));
++ QCOMPARE(format.formatSpelloutDuration(3610000), QStringLiteral("1 hour"));
+ }
+
+ void KFormatTest::formatRelativeDate()
diff --git a/kde-frameworks/kcoreaddons/kcoreaddons-5.46.0.ebuild b/kde-frameworks/kcoreaddons/kcoreaddons-5.46.0.ebuild
index 4e70e58a430..1848371366c 100644
--- a/kde-frameworks/kcoreaddons/kcoreaddons-5.46.0.ebuild
+++ b/kde-frameworks/kcoreaddons/kcoreaddons-5.46.0.ebuild
@@ -19,6 +19,14 @@ DEPEND="${RDEPEND}
nls? ( $(add_qt_dep linguist-tools) )
"
+src_prepare() {
+ # bug 650280
+ has_version '<dev-qt/qtcore-5.10.0:5' && \
+ eapply "${FILESDIR}/${P}-kformattest.patch"
+
+ kde5_src_prepare
+}
+
src_configure() {
local mycmakeargs=(
-D_KDE4_DEFAULT_HOME_POSTFIX=4
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-06-06 11:56 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-04-27 11:51 [gentoo-commits] repo/gentoo:master commit in: kde-frameworks/kcoreaddons/files/, kde-frameworks/kcoreaddons/ Johannes Huber
-- strict thread matches above, loose matches on Subject: below --
2016-10-07 15:54 Michael Palimaka
2016-11-04 8:43 Johannes Huber
2018-06-06 11:56 Andreas Sturmlechner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox