[arch-commits] Commit in kcoreaddons/repos (6 files)
Antonio Rojas
arojas at archlinux.org
Fri Oct 7 06:19:26 UTC 2016
Date: Friday, October 7, 2016 @ 06:19:25
Author: arojas
Revision: 277861
archrelease: copy trunk to extra-i686, extra-x86_64
Added:
kcoreaddons/repos/extra-i686/CVE-2016-7966.patch
(from rev 277860, kcoreaddons/trunk/CVE-2016-7966.patch)
kcoreaddons/repos/extra-i686/PKGBUILD
(from rev 277860, kcoreaddons/trunk/PKGBUILD)
kcoreaddons/repos/extra-x86_64/CVE-2016-7966.patch
(from rev 277860, kcoreaddons/trunk/CVE-2016-7966.patch)
kcoreaddons/repos/extra-x86_64/PKGBUILD
(from rev 277860, kcoreaddons/trunk/PKGBUILD)
Deleted:
kcoreaddons/repos/extra-i686/PKGBUILD
kcoreaddons/repos/extra-x86_64/PKGBUILD
----------------------------------+
/PKGBUILD | 80 +++++++++++++++++++++++++++++++++++++
extra-i686/CVE-2016-7966.patch | 71 ++++++++++++++++++++++++++++++++
extra-i686/PKGBUILD | 36 ----------------
extra-x86_64/CVE-2016-7966.patch | 71 ++++++++++++++++++++++++++++++++
extra-x86_64/PKGBUILD | 36 ----------------
5 files changed, 222 insertions(+), 72 deletions(-)
Copied: kcoreaddons/repos/extra-i686/CVE-2016-7966.patch (from rev 277860, kcoreaddons/trunk/CVE-2016-7966.patch)
===================================================================
--- extra-i686/CVE-2016-7966.patch (rev 0)
+++ extra-i686/CVE-2016-7966.patch 2016-10-07 06:19:25 UTC (rev 277861)
@@ -0,0 +1,71 @@
+diff --git a/autotests/kjobtest.cpp b/autotests/kjobtest.cpp
+index 88be4ac..139b9be 100644
+--- a/autotests/kjobtest.cpp
++++ b/autotests/kjobtest.cpp
+@@ -276,6 +276,7 @@ void KJobTest::testDelegateUsage()
+ TestJob *job1 = new TestJob;
+ TestJob *job2 = new TestJob;
+ TestJobUiDelegate *delegate = new TestJobUiDelegate;
++ QPointer<TestJobUiDelegate> guard(delegate);
+
+ QVERIFY(job1->uiDelegate() == 0);
+ job1->setUiDelegate(delegate);
+@@ -284,6 +285,10 @@ void KJobTest::testDelegateUsage()
+ QVERIFY(job2->uiDelegate() == 0);
+ job2->setUiDelegate(delegate);
+ QVERIFY(job2->uiDelegate() == 0);
++
++ delete job1;
++ delete job2;
++ QVERIFY(guard.isNull()); // deleted by job1
+ }
+
+ void KJobTest::testNestedExec()
+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
+index 474f0ca..c5690e8 100644
+--- a/autotests/ktexttohtmltest.cpp
++++ b/autotests/ktexttohtmltest.cpp
+@@ -30,6 +30,15 @@ QTEST_MAIN(KTextToHTMLTest)
+
+ Q_DECLARE_METATYPE(KTextToHTML::Options)
+
++#ifndef Q_OS_WIN
++void initLocale()
++{
++ setenv("LC_ALL", "en_US.utf-8", 1);
++}
++Q_CONSTRUCTOR_FUNCTION(initLocale)
++#endif
++
++
+ void KTextToHTMLTest::testGetEmailAddress()
+ {
+ // empty input
+@@ -372,6 +381,17 @@ void KTextToHTMLTest::testHtmlConvert_data()
+ QTest::newRow("url-in-parenthesis-3") << "bla (http://www.kde.org - section 5.2)"
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+ << "bla (<a href=\"http://www.kde.org\">http://www.kde.org</a> - section 5.2)";
++
++ // Fix url as foo <<url> <url>> when we concatened them.
++ QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>"
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
++ << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>";
++
++ //Fix url exploit
++ QTest::newRow("url-exec-html") << "https://\"><!--"
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
++ << "https://\"><!--";
++
+ }
+
+
+diff --git a/autotests/kurlmimedatatest.cpp b/autotests/kurlmimedatatest.cpp
+index 5e55d9e..264879f 100644
+--- a/autotests/kurlmimedatatest.cpp
++++ b/autotests/kurlmimedatatest.cpp
+@@ -135,4 +135,5 @@ void KUrlMimeDataTest::testMostLocalUrlList()
+ QCOMPARE(qurls[i], static_cast<QUrl>(localUrls[i]));
+ }
+
++ delete mimeData;
+ }
Deleted: extra-i686/PKGBUILD
===================================================================
--- extra-i686/PKGBUILD 2016-10-07 06:18:57 UTC (rev 277860)
+++ extra-i686/PKGBUILD 2016-10-07 06:19:25 UTC (rev 277861)
@@ -1,36 +0,0 @@
-# $Id$
-# Maintainer: Felix Yan <felixonmars at archlinux.org>
-# Contributor: Andrea Scarpino <andrea at archlinux.org>
-
-pkgname=kcoreaddons
-pkgver=5.26.0
-pkgrel=1
-pkgdesc='Addons to QtCore'
-arch=('i686' 'x86_64')
-url='https://community.kde.org/Frameworks'
-license=('LGPL')
-depends=('qt5-base' 'shared-mime-info')
-makedepends=('extra-cmake-modules' 'qt5-tools')
-groups=('kf5')
-source=("http://download.kde.org/stable/frameworks/${pkgver%.*}/${pkgname}-${pkgver}.tar.xz")
-md5sums=('263530a26fd0b80238827d2d97225e7b')
-
-prepare() {
- mkdir -p build
-}
-
-build() {
- cd build
- cmake ../${pkgname}-${pkgver} \
- -DCMAKE_BUILD_TYPE=Release \
- -DCMAKE_INSTALL_PREFIX=/usr \
- -DKDE_INSTALL_LIBDIR=lib \
- -D_KDE4_DEFAULT_HOME_POSTFIX=4 \
- -DBUILD_TESTING=OFF
- make
-}
-
-package() {
- cd build
- make DESTDIR="${pkgdir}" install
-}
Copied: kcoreaddons/repos/extra-i686/PKGBUILD (from rev 277860, kcoreaddons/trunk/PKGBUILD)
===================================================================
--- extra-i686/PKGBUILD (rev 0)
+++ extra-i686/PKGBUILD 2016-10-07 06:19:25 UTC (rev 277861)
@@ -0,0 +1,40 @@
+# $Id$
+# Maintainer: Felix Yan <felixonmars at archlinux.org>
+# Contributor: Andrea Scarpino <andrea at archlinux.org>
+
+pkgname=kcoreaddons
+pkgver=5.26.0
+pkgrel=2
+pkgdesc='Addons to QtCore'
+arch=('i686' 'x86_64')
+url='https://community.kde.org/Frameworks'
+license=('LGPL')
+depends=('qt5-base' 'shared-mime-info')
+makedepends=('extra-cmake-modules' 'qt5-tools')
+groups=('kf5')
+source=("http://download.kde.org/stable/frameworks/${pkgver%.*}/${pkgname}-${pkgver}.tar.xz" CVE-2016-7966.patch)
+md5sums=('263530a26fd0b80238827d2d97225e7b'
+ '2078f5ef9f761df6f7701ba96c046125')
+
+prepare() {
+ mkdir -p build
+
+ cd $pkgname-$pkgver
+ patch -p1 -i ../CVE-2016-7966.patch # https://www.kde.org/info/security/advisory-20161006-1.txt
+}
+
+build() {
+ cd build
+ cmake ../${pkgname}-${pkgver} \
+ -DCMAKE_BUILD_TYPE=Release \
+ -DCMAKE_INSTALL_PREFIX=/usr \
+ -DKDE_INSTALL_LIBDIR=lib \
+ -D_KDE4_DEFAULT_HOME_POSTFIX=4 \
+ -DBUILD_TESTING=OFF
+ make
+}
+
+package() {
+ cd build
+ make DESTDIR="${pkgdir}" install
+}
Copied: kcoreaddons/repos/extra-x86_64/CVE-2016-7966.patch (from rev 277860, kcoreaddons/trunk/CVE-2016-7966.patch)
===================================================================
--- extra-x86_64/CVE-2016-7966.patch (rev 0)
+++ extra-x86_64/CVE-2016-7966.patch 2016-10-07 06:19:25 UTC (rev 277861)
@@ -0,0 +1,71 @@
+diff --git a/autotests/kjobtest.cpp b/autotests/kjobtest.cpp
+index 88be4ac..139b9be 100644
+--- a/autotests/kjobtest.cpp
++++ b/autotests/kjobtest.cpp
+@@ -276,6 +276,7 @@ void KJobTest::testDelegateUsage()
+ TestJob *job1 = new TestJob;
+ TestJob *job2 = new TestJob;
+ TestJobUiDelegate *delegate = new TestJobUiDelegate;
++ QPointer<TestJobUiDelegate> guard(delegate);
+
+ QVERIFY(job1->uiDelegate() == 0);
+ job1->setUiDelegate(delegate);
+@@ -284,6 +285,10 @@ void KJobTest::testDelegateUsage()
+ QVERIFY(job2->uiDelegate() == 0);
+ job2->setUiDelegate(delegate);
+ QVERIFY(job2->uiDelegate() == 0);
++
++ delete job1;
++ delete job2;
++ QVERIFY(guard.isNull()); // deleted by job1
+ }
+
+ void KJobTest::testNestedExec()
+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
+index 474f0ca..c5690e8 100644
+--- a/autotests/ktexttohtmltest.cpp
++++ b/autotests/ktexttohtmltest.cpp
+@@ -30,6 +30,15 @@ QTEST_MAIN(KTextToHTMLTest)
+
+ Q_DECLARE_METATYPE(KTextToHTML::Options)
+
++#ifndef Q_OS_WIN
++void initLocale()
++{
++ setenv("LC_ALL", "en_US.utf-8", 1);
++}
++Q_CONSTRUCTOR_FUNCTION(initLocale)
++#endif
++
++
+ void KTextToHTMLTest::testGetEmailAddress()
+ {
+ // empty input
+@@ -372,6 +381,17 @@ void KTextToHTMLTest::testHtmlConvert_data()
+ QTest::newRow("url-in-parenthesis-3") << "bla (http://www.kde.org - section 5.2)"
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+ << "bla (<a href=\"http://www.kde.org\">http://www.kde.org</a> - section 5.2)";
++
++ // Fix url as foo <<url> <url>> when we concatened them.
++ QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>"
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
++ << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>";
++
++ //Fix url exploit
++ QTest::newRow("url-exec-html") << "https://\"><!--"
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
++ << "https://\"><!--";
++
+ }
+
+
+diff --git a/autotests/kurlmimedatatest.cpp b/autotests/kurlmimedatatest.cpp
+index 5e55d9e..264879f 100644
+--- a/autotests/kurlmimedatatest.cpp
++++ b/autotests/kurlmimedatatest.cpp
+@@ -135,4 +135,5 @@ void KUrlMimeDataTest::testMostLocalUrlList()
+ QCOMPARE(qurls[i], static_cast<QUrl>(localUrls[i]));
+ }
+
++ delete mimeData;
+ }
Deleted: extra-x86_64/PKGBUILD
===================================================================
--- extra-x86_64/PKGBUILD 2016-10-07 06:18:57 UTC (rev 277860)
+++ extra-x86_64/PKGBUILD 2016-10-07 06:19:25 UTC (rev 277861)
@@ -1,36 +0,0 @@
-# $Id$
-# Maintainer: Felix Yan <felixonmars at archlinux.org>
-# Contributor: Andrea Scarpino <andrea at archlinux.org>
-
-pkgname=kcoreaddons
-pkgver=5.26.0
-pkgrel=1
-pkgdesc='Addons to QtCore'
-arch=('i686' 'x86_64')
-url='https://community.kde.org/Frameworks'
-license=('LGPL')
-depends=('qt5-base' 'shared-mime-info')
-makedepends=('extra-cmake-modules' 'qt5-tools')
-groups=('kf5')
-source=("http://download.kde.org/stable/frameworks/${pkgver%.*}/${pkgname}-${pkgver}.tar.xz")
-md5sums=('263530a26fd0b80238827d2d97225e7b')
-
-prepare() {
- mkdir -p build
-}
-
-build() {
- cd build
- cmake ../${pkgname}-${pkgver} \
- -DCMAKE_BUILD_TYPE=Release \
- -DCMAKE_INSTALL_PREFIX=/usr \
- -DKDE_INSTALL_LIBDIR=lib \
- -D_KDE4_DEFAULT_HOME_POSTFIX=4 \
- -DBUILD_TESTING=OFF
- make
-}
-
-package() {
- cd build
- make DESTDIR="${pkgdir}" install
-}
Copied: kcoreaddons/repos/extra-x86_64/PKGBUILD (from rev 277860, kcoreaddons/trunk/PKGBUILD)
===================================================================
--- extra-x86_64/PKGBUILD (rev 0)
+++ extra-x86_64/PKGBUILD 2016-10-07 06:19:25 UTC (rev 277861)
@@ -0,0 +1,40 @@
+# $Id$
+# Maintainer: Felix Yan <felixonmars at archlinux.org>
+# Contributor: Andrea Scarpino <andrea at archlinux.org>
+
+pkgname=kcoreaddons
+pkgver=5.26.0
+pkgrel=2
+pkgdesc='Addons to QtCore'
+arch=('i686' 'x86_64')
+url='https://community.kde.org/Frameworks'
+license=('LGPL')
+depends=('qt5-base' 'shared-mime-info')
+makedepends=('extra-cmake-modules' 'qt5-tools')
+groups=('kf5')
+source=("http://download.kde.org/stable/frameworks/${pkgver%.*}/${pkgname}-${pkgver}.tar.xz" CVE-2016-7966.patch)
+md5sums=('263530a26fd0b80238827d2d97225e7b'
+ '2078f5ef9f761df6f7701ba96c046125')
+
+prepare() {
+ mkdir -p build
+
+ cd $pkgname-$pkgver
+ patch -p1 -i ../CVE-2016-7966.patch # https://www.kde.org/info/security/advisory-20161006-1.txt
+}
+
+build() {
+ cd build
+ cmake ../${pkgname}-${pkgver} \
+ -DCMAKE_BUILD_TYPE=Release \
+ -DCMAKE_INSTALL_PREFIX=/usr \
+ -DKDE_INSTALL_LIBDIR=lib \
+ -D_KDE4_DEFAULT_HOME_POSTFIX=4 \
+ -DBUILD_TESTING=OFF
+ make
+}
+
+package() {
+ cd build
+ make DESTDIR="${pkgdir}" install
+}
More information about the arch-commits
mailing list