[gentoo-commits] repo/gentoo:master commit in: kde-frameworks/kcoreaddons/, kde-frameworks/kcoreaddons/files/ - gentoo-commits

From:	Michael Palimaka <kensington@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: kde-frameworks/kcoreaddons/, kde-frameworks/kcoreaddons/files/
Date:	Wed, 02 Nov 2016 11:29:01
Message-Id:	`1478086118.b77bfbf1331d5dfcce3cf6ebe084a76197238767.kensington@gentoo`

1

commit:     b77bfbf1331d5dfcce3cf6ebe084a76197238767

2

Author:     Michael Palimaka <kensington <AT> gentoo <DOT> org>

3

AuthorDate: Wed Nov  2 11:25:46 2016 +0000

4

Commit:     Michael Palimaka <kensington <AT> gentoo <DOT> org>

5

CommitDate: Wed Nov  2 11:28:38 2016 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b77bfbf1

7

8

kde-frameworks/kcoreaddons: backport additional commits from upstream to resolve CVE-2016-7966

9

10

Gentoo-bug: 596224

11

12

Package-Manager: portage-2.3.2

13

14

 .../kcoreaddons-5.26.0-CVE-2016-7966-r1.patch      | 342 +++++++++++++++++++++

15

 .../files/kcoreaddons-5.27.0-CVE-2016-7966.patch   | 117 +++++++

16

 ...-5.27.0.ebuild => kcoreaddons-5.26.0-r2.ebuild} |   2 +

17

 ...-5.27.0.ebuild => kcoreaddons-5.27.0-r1.ebuild} |   2 +

18

 4 files changed, 463 insertions(+)

19

20

diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966-r1.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966-r1.patch

21

new file mode 100644

22

index 00000000..92e255a

23

--- /dev/null

24

+++ b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966-r1.patch

25

@@ -0,0 +1,342 @@

26

+From 2a5142fecf8615ccfa3e7c1f9c088fa6ae5cc2a1 Mon Sep 17 00:00:00 2001

27

+From: Montel Laurent <montel@×××.org>

28

+Date: Wed, 21 Sep 2016 07:24:30 +0200

29

+Subject: [PATCH 1/2] Fix very old bug when we remove space in url as "foo

30

+ <<url> <url>>"

31

+

32

+---

33

+ autotests/ktexttohtmltest.cpp | 14 ++++++++++++++

34

+ src/lib/text/ktexttohtml.cpp  | 14 ++++++++++++--

35

+ 2 files changed, 26 insertions(+), 2 deletions(-)

36

+

37

+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp

38

+index 474f0ca..8fc0c56 100644

39

+--- a/autotests/ktexttohtmltest.cpp

40

++++ b/autotests/ktexttohtmltest.cpp

41

+@@ -30,6 +30,15 @@ QTEST_MAIN(KTextToHTMLTest)

42

+

43

+ Q_DECLARE_METATYPE(KTextToHTML::Options)

44

+

45

++#ifndef Q_OS_WIN

46

++void initLocale()

47

++{

48

++    setenv("LC_ALL", "en_US.utf-8", 1);

49

++}

50

++Q_CONSTRUCTOR_FUNCTION(initLocale)

51

++#endif

52

++

53

++

54

+ void KTextToHTMLTest::testGetEmailAddress()

55

+ {

56

+     // empty input

57

+@@ -372,6 +381,11 @@ void KTextToHTMLTest::testHtmlConvert_data()

58

+     QTest::newRow("url-in-parenthesis-3") << "bla (http://www.kde.org - section 5.2)"

59

+                                           << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

60

+                                           << "bla (<a href=\"http://www.kde.org\">http://www.kde.org</a> - section 5.2)";

61

++

62

++   // Fix url as foo <<url> <url>> when we concatened them.

63

++   QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>"

64

++                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

65

++                               << "foo &lt;<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a>&lt;<a href=\"http://www.kde.org/\">http://www.kde.org/</a>&gt;&gt;";

66

+ }

67

+

68

+

69

+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp

70

+index 8ed923d..b181f56 100644

71

+--- a/src/lib/text/ktexttohtml.cpp

72

++++ b/src/lib/text/ktexttohtml.cpp

73

+@@ -228,11 +228,19 @@ QString KTextToHTMLHelper::getUrl()

74

+

75

+         url.reserve(mMaxUrlLen);    // avoid allocs

76

+         int start = mPos;

77

++        bool previousCharIsSpace = false;

78

+         while ((mPos < mText.length()) &&

79

+                 (mText[mPos].isPrint() || mText[mPos].isSpace()) &&

80

+                 ((afterUrl.isNull() && !mText[mPos].isSpace()) ||

81

+                  (!afterUrl.isNull() && mText[mPos] != afterUrl))) {

82

+-            if (!mText[mPos].isSpace()) {     // skip whitespace

83

++            if (mText[mPos].isSpace()) {

84

++                previousCharIsSpace = true;

85

++            } else { // skip whitespace

86

++                if (previousCharIsSpace && mText[mPos] == QLatin1Char('<')) {

87

++                    url.append(QLatin1Char(' '));

88

++                    break;

89

++                }

90

++                previousCharIsSpace = false;

91

+                 url.append(mText[mPos]);

92

+                 if (url.length() > mMaxUrlLen) {

93

+                     break;

94

+@@ -267,7 +275,6 @@ QString KTextToHTMLHelper::getUrl()

95

+             }

96

+         } while (url.length() > 1);

97

+     }

98

+-

99

+     return url;

100

+ }

101

+

102

+@@ -334,6 +341,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::

103

+     QChar ch;

104

+     int x;

105

+     bool startOfLine = true;

106

++    //qDebug()<<" plainText"<<plainText;

107

+

108

+     for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length();

109

+             ++helper.mPos, ++x) {

110

+@@ -402,6 +410,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::

111

+             const int start = helper.mPos;

112

+             if (!(flags & IgnoreUrls)) {

113

+                 str = helper.getUrl();

114

++                //qDebug()<<" str"<<str;

115

+                 if (!str.isEmpty()) {

116

+                     QString hyperlink;

117

+                     if (str.left(4) == QLatin1String("www.")) {

118

+@@ -455,6 +464,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::

119

+

120

+         result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude);

121

+     }

122

++    //qDebug()<<" result "<<result;

123

+

124

+     return result;

125

+ }

126

+--

127

+2.7.3

128

+

129

+From aa9281b7f95ce970603645d79f6f275d1ae7d2ed Mon Sep 17 00:00:00 2001

130

+From: Montel Laurent <montel@×××.org>

131

+Date: Fri, 30 Sep 2016 13:21:45 +0200

132

+Subject: [PATCH 2/2] Don't convert as url an url which has a "

133

+

134

+---

135

+ autotests/ktexttohtmltest.cpp |  6 ++++++

136

+ src/lib/text/ktexttohtml.cpp  | 25 +++++++++++++++++++------

137

+ src/lib/text/ktexttohtml_p.h  |  2 +-

138

+ 3 files changed, 26 insertions(+), 7 deletions(-)

139

+

140

+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp

141

+index 8fc0c56..c5690e8 100644

142

+--- a/autotests/ktexttohtmltest.cpp

143

++++ b/autotests/ktexttohtmltest.cpp

144

+@@ -386,6 +386,12 @@ void KTextToHTMLTest::testHtmlConvert_data()

145

+    QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>"

146

+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

147

+                                << "foo &lt;<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a>&lt;<a href=\"http://www.kde.org/\">http://www.kde.org/</a>&gt;&gt;";

148

++

149

++   //Fix url exploit

150

++   QTest::newRow("url-exec-html") << "https://\"><!--"

151

++                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

152

++                               << "https://\"><!--";

153

++

154

+ }

155

+

156

+

157

+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp

158

+index b181f56..09b2483 100644

159

+--- a/src/lib/text/ktexttohtml.cpp

160

++++ b/src/lib/text/ktexttohtml.cpp

161

+@@ -156,7 +156,6 @@ bool KTextToHTMLHelper::atUrl()

162

+              (allowedSpecialChars.indexOf(mText[mPos - 1]) != -1))) {

163

+         return false;

164

+     }

165

+-

166

+     QChar ch = mText[mPos];

167

+     return

168

+         (ch == QLatin1Char('h') && (mText.mid(mPos, 7) == QLatin1String("http://") ||

169

+@@ -192,7 +191,7 @@ bool KTextToHTMLHelper::isEmptyUrl(const QString &url)

170

+            url == QLatin1String("news://");

171

+ }

172

+

173

+-QString KTextToHTMLHelper::getUrl()

174

++QString KTextToHTMLHelper::getUrl(bool *badurl)

175

+ {

176

+     QString url;

177

+     if (atUrl()) {

178

+@@ -229,6 +228,7 @@ QString KTextToHTMLHelper::getUrl()

179

+         url.reserve(mMaxUrlLen);    // avoid allocs

180

+         int start = mPos;

181

+         bool previousCharIsSpace = false;

182

++        bool previousCharIsADoubleQuote = false;

183

+         while ((mPos < mText.length()) &&

184

+                 (mText[mPos].isPrint() || mText[mPos].isSpace()) &&

185

+                 ((afterUrl.isNull() && !mText[mPos].isSpace()) ||

186

+@@ -241,6 +241,18 @@ QString KTextToHTMLHelper::getUrl()

187

+                     break;

188

+                 }

189

+                 previousCharIsSpace = false;

190

++                if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) {

191

++                    //it's an invalid url

192

++                    if (badurl) {

193

++                        *badurl = true;

194

++                    }

195

++                    return QString();

196

++                }

197

++                if (mText[mPos] == QLatin1Char('"')) {

198

++                    previousCharIsADoubleQuote = true;

199

++                } else {

200

++                    previousCharIsADoubleQuote = false;

201

++                }

202

+                 url.append(mText[mPos]);

203

+                 if (url.length() > mMaxUrlLen) {

204

+                     break;

205

+@@ -341,7 +353,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::

206

+     QChar ch;

207

+     int x;

208

+     bool startOfLine = true;

209

+-    //qDebug()<<" plainText"<<plainText;

210

+

211

+     for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length();

212

+             ++helper.mPos, ++x) {

213

+@@ -409,8 +420,11 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::

214

+         } else {

215

+             const int start = helper.mPos;

216

+             if (!(flags & IgnoreUrls)) {

217

+-                str = helper.getUrl();

218

+-                //qDebug()<<" str"<<str;

219

++                bool badUrl = false;

220

++                str = helper.getUrl(&badUrl);

221

++                if (badUrl) {

222

++                    return helper.mText;

223

++                }

224

+                 if (!str.isEmpty()) {

225

+                     QString hyperlink;

226

+                     if (str.left(4) == QLatin1String("www.")) {

227

+@@ -464,7 +478,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::

228

+

229

+         result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude);

230

+     }

231

+-    //qDebug()<<" result "<<result;

232

+

233

+     return result;

234

+ }

235

+diff --git a/src/lib/text/ktexttohtml_p.h b/src/lib/text/ktexttohtml_p.h

236

+index 74ad7a0..fc43613 100644

237

+--- a/src/lib/text/ktexttohtml_p.h

238

++++ b/src/lib/text/ktexttohtml_p.h

239

+@@ -49,7 +49,7 @@ public:

240

+     QString getEmailAddress();

241

+     bool atUrl();

242

+     bool isEmptyUrl(const QString &url);

243

+-    QString getUrl();

244

++    QString getUrl(bool *badurl = Q_NULLPTR);

245

+     QString pngToDataUrl(const QString &pngPath);

246

+     QString highlightedText();

247

+

248

+--

249

+2.7.3

250

+

251

+From a06cef31cc4c908bc9b76bd9d103fe9c60e0953f Mon Sep 17 00:00:00 2001

252

+From: Montel Laurent <montel@×××.org>

253

+Date: Tue, 11 Oct 2016 11:11:08 +0200

254

+Subject: [PATCH] Add more autotests

255

+

256

+---

257

+ autotests/ktexttohtmltest.cpp | 15 +++++++++++++++

258

+ 1 file changed, 15 insertions(+)

259

+

260

+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp

261

+index c5690e8..0179a00 100644

262

+--- a/autotests/ktexttohtmltest.cpp

263

++++ b/autotests/ktexttohtmltest.cpp

264

+@@ -392,6 +392,21 @@ void KTextToHTMLTest::testHtmlConvert_data()

265

+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

266

+                                << "https://\"><!--";

267

+

268

++   QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--"

269

++                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

270

++                               << "https://192.168.1.1:\"><!--";

271

++

272

++   QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--"

273

++                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

274

++                               << "https://<IP>:\"><!--";

275

++

276

++   QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--"

277

++                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

278

++                               << "https://<IP>:/\"><!--";

279

++

280

++   QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--"

281

++                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

282

++                               << "https://<IP>:/\"><script>alert(1);</script><!--";

283

+ }

284

+

285

+

286

+--

287

+2.7.3

288

+

289

+From 5e13d2439dbf540fdc840f0b0ab5b3ebf6642c6a Mon Sep 17 00:00:00 2001

290

+From: Montel Laurent <montel@×××.org>

291

+Date: Tue, 11 Oct 2016 11:40:10 +0200

292

+Subject: [PATCH] Display bad url

293

+

294

+---

295

+ autotests/ktexttohtmltest.cpp | 14 +++++++++-----

296

+ src/lib/text/ktexttohtml.cpp  | 18 +++++++++++++++++-

297

+ 2 files changed, 26 insertions(+), 6 deletions(-)

298

+

299

+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp

300

+index 0179a00..ccac29a 100644

301

+--- a/autotests/ktexttohtmltest.cpp

302

++++ b/autotests/ktexttohtmltest.cpp

303

+@@ -390,23 +390,27 @@ void KTextToHTMLTest::testHtmlConvert_data()

304

+    //Fix url exploit

305

+    QTest::newRow("url-exec-html") << "https://\"><!--"

306

+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

307

+-                               << "https://\"><!--";

308

++                               << "https://&quot;&gt;&lt;!--";

309

+

310

+    QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--"

311

+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

312

+-                               << "https://192.168.1.1:\"><!--";

313

++                               << "https://192.168.1.1:&quot;&gt;&lt;!--";

314

+

315

+    QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--"

316

+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

317

+-                               << "https://<IP>:\"><!--";

318

++                               << "https://&lt;IP&gt;:&quot;&gt;&lt;!--";

319

+

320

+    QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--"

321

+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

322

+-                               << "https://<IP>:/\"><!--";

323

++                               << "https://&lt;IP&gt;:/&quot;&gt;&lt;!--";

324

+

325

+    QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--"

326

+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

327

+-                               << "https://<IP>:/\"><script>alert(1);</script><!--";

328

++                               << "https://&lt;IP&gt;:/&quot;&gt;&lt;script&gt;alert(1);&lt;/script&gt;&lt;!--";

329

++

330

++   QTest::newRow("url-exec-html-6") << "https://<IP>:/\"><script>alert(1);</script><!--\nTest2"

331

++                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

332

++                               << "https://&lt;IP&gt;:/&quot;&gt;&lt;script&gt;alert(1);&lt;/script&gt;&lt;!--\nTest2";

333

+ }

334

+

335

+

336

+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp

337

+index 97c5eab..30e0b5d 100644

338

+--- a/src/lib/text/ktexttohtml.cpp

339

++++ b/src/lib/text/ktexttohtml.cpp

340

+@@ -423,7 +423,23 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::

341

+                 bool badUrl = false;

342

+                 str = helper.getUrl(&badUrl);

343

+                 if (badUrl) {

344

+-                    return helper.mText;

345

++                    QString resultBadUrl;

346

++                    const int helperTextSize(helper.mText.count());

347

++                    for (int i = 0; i < helperTextSize; ++i) {

348

++                        const QChar chBadUrl = helper.mText[i];

349

++                        if (chBadUrl == QLatin1Char('&')) {

350

++                            resultBadUrl += QLatin1String("&amp;");

351

++                        } else if (chBadUrl == QLatin1Char('"')) {

352

++                            resultBadUrl += QLatin1String("&quot;");

353

++                        } else if (chBadUrl == QLatin1Char('<')) {

354

++                            resultBadUrl += QLatin1String("&lt;");

355

++                        } else if (chBadUrl == QLatin1Char('>')) {

356

++                            resultBadUrl += QLatin1String("&gt;");

357

++                        } else {

358

++                            resultBadUrl += chBadUrl;

359

++                        }

360

++                    }

361

++                    return resultBadUrl;

362

+                 }

363

+                 if (!str.isEmpty()) {

364

+                     QString hyperlink;

365

+--

366

+2.7.3

367

+

368

369

diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch

370

new file mode 100644

371

index 00000000..4fbd5e3

372

--- /dev/null

373

+++ b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch

374

@@ -0,0 +1,117 @@

375

+From a06cef31cc4c908bc9b76bd9d103fe9c60e0953f Mon Sep 17 00:00:00 2001

376

+From: Montel Laurent <montel@×××.org>

377

+Date: Tue, 11 Oct 2016 11:11:08 +0200

378

+Subject: [PATCH] Add more autotests

379

+

380

+---

381

+ autotests/ktexttohtmltest.cpp | 15 +++++++++++++++

382

+ 1 file changed, 15 insertions(+)

383

+

384

+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp

385

+index c5690e8..0179a00 100644

386

+--- a/autotests/ktexttohtmltest.cpp

387

++++ b/autotests/ktexttohtmltest.cpp

388

+@@ -392,6 +392,21 @@ void KTextToHTMLTest::testHtmlConvert_data()

389

+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

390

+                                << "https://\"><!--";

391

+

392

++   QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--"

393

++                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

394

++                               << "https://192.168.1.1:\"><!--";

395

++

396

++   QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--"

397

++                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

398

++                               << "https://<IP>:\"><!--";

399

++

400

++   QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--"

401

++                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

402

++                               << "https://<IP>:/\"><!--";

403

++

404

++   QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--"

405

++                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

406

++                               << "https://<IP>:/\"><script>alert(1);</script><!--";

407

+ }

408

+

409

+

410

+--

411

+2.7.3

412

+

413

+From 5e13d2439dbf540fdc840f0b0ab5b3ebf6642c6a Mon Sep 17 00:00:00 2001

414

+From: Montel Laurent <montel@×××.org>

415

+Date: Tue, 11 Oct 2016 11:40:10 +0200

416

+Subject: [PATCH] Display bad url

417

+

418

+---

419

+ autotests/ktexttohtmltest.cpp | 14 +++++++++-----

420

+ src/lib/text/ktexttohtml.cpp  | 18 +++++++++++++++++-

421

+ 2 files changed, 26 insertions(+), 6 deletions(-)

422

+

423

+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp

424

+index 0179a00..ccac29a 100644

425

+--- a/autotests/ktexttohtmltest.cpp

426

++++ b/autotests/ktexttohtmltest.cpp

427

+@@ -390,23 +390,27 @@ void KTextToHTMLTest::testHtmlConvert_data()

428

+    //Fix url exploit

429

+    QTest::newRow("url-exec-html") << "https://\"><!--"

430

+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

431

+-                               << "https://\"><!--";

432

++                               << "https://&quot;&gt;&lt;!--";

433

+

434

+    QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--"

435

+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

436

+-                               << "https://192.168.1.1:\"><!--";

437

++                               << "https://192.168.1.1:&quot;&gt;&lt;!--";

438

+

439

+    QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--"

440

+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

441

+-                               << "https://<IP>:\"><!--";

442

++                               << "https://&lt;IP&gt;:&quot;&gt;&lt;!--";

443

+

444

+    QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--"

445

+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

446

+-                               << "https://<IP>:/\"><!--";

447

++                               << "https://&lt;IP&gt;:/&quot;&gt;&lt;!--";

448

+

449

+    QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--"

450

+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

451

+-                               << "https://<IP>:/\"><script>alert(1);</script><!--";

452

++                               << "https://&lt;IP&gt;:/&quot;&gt;&lt;script&gt;alert(1);&lt;/script&gt;&lt;!--";

453

++

454

++   QTest::newRow("url-exec-html-6") << "https://<IP>:/\"><script>alert(1);</script><!--\nTest2"

455

++                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)

456

++                               << "https://&lt;IP&gt;:/&quot;&gt;&lt;script&gt;alert(1);&lt;/script&gt;&lt;!--\nTest2";

457

+ }

458

+

459

+

460

+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp

461

+index 97c5eab..30e0b5d 100644

462

+--- a/src/lib/text/ktexttohtml.cpp

463

++++ b/src/lib/text/ktexttohtml.cpp

464

+@@ -423,7 +423,23 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::

465

+                 bool badUrl = false;

466

+                 str = helper.getUrl(&badUrl);

467

+                 if (badUrl) {

468

+-                    return helper.mText;

469

++                    QString resultBadUrl;

470

++                    const int helperTextSize(helper.mText.count());

471

++                    for (int i = 0; i < helperTextSize; ++i) {

472

++                        const QChar chBadUrl = helper.mText[i];

473

++                        if (chBadUrl == QLatin1Char('&')) {

474

++                            resultBadUrl += QLatin1String("&amp;");

475

++                        } else if (chBadUrl == QLatin1Char('"')) {

476

++                            resultBadUrl += QLatin1String("&quot;");

477

++                        } else if (chBadUrl == QLatin1Char('<')) {

478

++                            resultBadUrl += QLatin1String("&lt;");

479

++                        } else if (chBadUrl == QLatin1Char('>')) {

480

++                            resultBadUrl += QLatin1String("&gt;");

481

++                        } else {

482

++                            resultBadUrl += chBadUrl;

483

++                        }

484

++                    }

485

++                    return resultBadUrl;

486

+                 }

487

+                 if (!str.isEmpty()) {

488

+                     QString hyperlink;

489

+--

490

+2.7.3

491

+

492

493

diff --git a/kde-frameworks/kcoreaddons/kcoreaddons-5.27.0.ebuild b/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r2.ebuild

494

similarity index 91%

495

copy from kde-frameworks/kcoreaddons/kcoreaddons-5.27.0.ebuild

496

copy to kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r2.ebuild

497

index 037dde3..9db44a0 100644

498

--- a/kde-frameworks/kcoreaddons/kcoreaddons-5.27.0.ebuild

499

+++ b/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r2.ebuild

500

@@ -21,6 +21,8 @@ DEPEND="${RDEPEND}

501

 	nls? ( $(add_qt_dep linguist-tools) )

502

"

503

504

+PATCHES=( "${FILESDIR}/${P}-CVE-2016-7966-r1.patch" )

505

+

506

 src_configure() {

507

 	local mycmakeargs=(

508

 		-D_KDE4_DEFAULT_HOME_POSTFIX=4

509

510

diff --git a/kde-frameworks/kcoreaddons/kcoreaddons-5.27.0.ebuild b/kde-frameworks/kcoreaddons/kcoreaddons-5.27.0-r1.ebuild

511

similarity index 92%

512

rename from kde-frameworks/kcoreaddons/kcoreaddons-5.27.0.ebuild

513

rename to kde-frameworks/kcoreaddons/kcoreaddons-5.27.0-r1.ebuild

514

index 037dde3..ebb5cd8 100644

515

--- a/kde-frameworks/kcoreaddons/kcoreaddons-5.27.0.ebuild

516

+++ b/kde-frameworks/kcoreaddons/kcoreaddons-5.27.0-r1.ebuild

517

@@ -21,6 +21,8 @@ DEPEND="${RDEPEND}

518

 	nls? ( $(add_qt_dep linguist-tools) )

519

"

520

521

+PATCHES=( "${FILESDIR}/${P}-CVE-2016-7966.patch" )

522

+

523

 src_configure() {

524

 	local mycmakeargs=(

525

 		-D_KDE4_DEFAULT_HOME_POSTFIX=4

1	commit: b77bfbf1331d5dfcce3cf6ebe084a76197238767
2	Author: Michael Palimaka <kensington <AT> gentoo <DOT> org>
3	AuthorDate: Wed Nov 2 11:25:46 2016 +0000
4	Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org>
5	CommitDate: Wed Nov 2 11:28:38 2016 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b77bfbf1
7
8	kde-frameworks/kcoreaddons: backport additional commits from upstream to resolve CVE-2016-7966
9
10	Gentoo-bug: 596224
11
12	Package-Manager: portage-2.3.2
13
14	.../kcoreaddons-5.26.0-CVE-2016-7966-r1.patch \| 342 +++++++++++++++++++++
15	.../files/kcoreaddons-5.27.0-CVE-2016-7966.patch \| 117 +++++++
16	...-5.27.0.ebuild => kcoreaddons-5.26.0-r2.ebuild} \| 2 +
17	...-5.27.0.ebuild => kcoreaddons-5.27.0-r1.ebuild} \| 2 +
18	4 files changed, 463 insertions(+)
19
20	diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966-r1.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966-r1.patch
21	new file mode 100644
22	index 00000000..92e255a
23	--- /dev/null
24	+++ b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966-r1.patch
25	@@ -0,0 +1,342 @@
26	+From 2a5142fecf8615ccfa3e7c1f9c088fa6ae5cc2a1 Mon Sep 17 00:00:00 2001
27	+From: Montel Laurent <montel@×××.org>
28	+Date: Wed, 21 Sep 2016 07:24:30 +0200
29	+Subject: [PATCH 1/2] Fix very old bug when we remove space in url as "foo
30	+ <<url> <url>>"
31	+
32	+---
33	+ autotests/ktexttohtmltest.cpp \| 14 ++++++++++++++
34	+ src/lib/text/ktexttohtml.cpp \| 14 ++++++++++++--
35	+ 2 files changed, 26 insertions(+), 2 deletions(-)
36	+
37	+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
38	+index 474f0ca..8fc0c56 100644
39	+--- a/autotests/ktexttohtmltest.cpp
40	++++ b/autotests/ktexttohtmltest.cpp
41	+@@ -30,6 +30,15 @@ QTEST_MAIN(KTextToHTMLTest)
42	+
43	+ Q_DECLARE_METATYPE(KTextToHTML::Options)
44	+
45	++#ifndef Q_OS_WIN
46	++void initLocale()
47	++{
48	++ setenv("LC_ALL", "en_US.utf-8", 1);
49	++}
50	++Q_CONSTRUCTOR_FUNCTION(initLocale)
51	++#endif
52	++
53	++
54	+ void KTextToHTMLTest::testGetEmailAddress()
55	+ {
56	+ // empty input
57	+@@ -372,6 +381,11 @@ void KTextToHTMLTest::testHtmlConvert_data()
58	+ QTest::newRow("url-in-parenthesis-3") << "bla (http://www.kde.org - section 5.2)"
59	+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
60	+ << "bla (<a href=\"http://www.kde.org\">http://www.kde.org</a> - section 5.2)";
61	++
62	++ // Fix url as foo <<url> <url>> when we concatened them.
63	++ QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>"
64	++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
65	++ << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>";
66	+ }
67	+
68	+
69	+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp
70	+index 8ed923d..b181f56 100644
71	+--- a/src/lib/text/ktexttohtml.cpp
72	++++ b/src/lib/text/ktexttohtml.cpp
73	+@@ -228,11 +228,19 @@ QString KTextToHTMLHelper::getUrl()
74	+
75	+ url.reserve(mMaxUrlLen); // avoid allocs
76	+ int start = mPos;
77	++ bool previousCharIsSpace = false;
78	+ while ((mPos < mText.length()) &&
79	+ (mText[mPos].isPrint() \|\| mText[mPos].isSpace()) &&
80	+ ((afterUrl.isNull() && !mText[mPos].isSpace()) \|\|
81	+ (!afterUrl.isNull() && mText[mPos] != afterUrl))) {
82	+- if (!mText[mPos].isSpace()) { // skip whitespace
83	++ if (mText[mPos].isSpace()) {
84	++ previousCharIsSpace = true;
85	++ } else { // skip whitespace
86	++ if (previousCharIsSpace && mText[mPos] == QLatin1Char('<')) {
87	++ url.append(QLatin1Char(' '));
88	++ break;
89	++ }
90	++ previousCharIsSpace = false;
91	+ url.append(mText[mPos]);
92	+ if (url.length() > mMaxUrlLen) {
93	+ break;
94	+@@ -267,7 +275,6 @@ QString KTextToHTMLHelper::getUrl()
95	+ }
96	+ } while (url.length() > 1);
97	+ }
98	+-
99	+ return url;
100	+ }
101	+
102	+@@ -334,6 +341,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
103	+ QChar ch;
104	+ int x;
105	+ bool startOfLine = true;
106	++ //qDebug()<<" plainText"<<plainText;
107	+
108	+ for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length();
109	+ ++helper.mPos, ++x) {
110	+@@ -402,6 +410,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
111	+ const int start = helper.mPos;
112	+ if (!(flags & IgnoreUrls)) {
113	+ str = helper.getUrl();
114	++ //qDebug()<<" str"<<str;
115	+ if (!str.isEmpty()) {
116	+ QString hyperlink;
117	+ if (str.left(4) == QLatin1String("www.")) {
118	+@@ -455,6 +464,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
119	+
120	+ result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude);
121	+ }
122	++ //qDebug()<<" result "<<result;
123	+
124	+ return result;
125	+ }
126	+--
127	+2.7.3
128	+
129	+From aa9281b7f95ce970603645d79f6f275d1ae7d2ed Mon Sep 17 00:00:00 2001
130	+From: Montel Laurent <montel@×××.org>
131	+Date: Fri, 30 Sep 2016 13:21:45 +0200
132	+Subject: [PATCH 2/2] Don't convert as url an url which has a "
133	+
134	+---
135	+ autotests/ktexttohtmltest.cpp \| 6 ++++++
136	+ src/lib/text/ktexttohtml.cpp \| 25 +++++++++++++++++++------
137	+ src/lib/text/ktexttohtml_p.h \| 2 +-
138	+ 3 files changed, 26 insertions(+), 7 deletions(-)
139	+
140	+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
141	+index 8fc0c56..c5690e8 100644
142	+--- a/autotests/ktexttohtmltest.cpp
143	++++ b/autotests/ktexttohtmltest.cpp
144	+@@ -386,6 +386,12 @@ void KTextToHTMLTest::testHtmlConvert_data()
145	+ QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>"
146	+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
147	+ << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>";
148	++
149	++ //Fix url exploit
150	++ QTest::newRow("url-exec-html") << "https://\"><!--"
151	++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
152	++ << "https://\"><!--";
153	++
154	+ }
155	+
156	+
157	+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp
158	+index b181f56..09b2483 100644
159	+--- a/src/lib/text/ktexttohtml.cpp
160	++++ b/src/lib/text/ktexttohtml.cpp
161	+@@ -156,7 +156,6 @@ bool KTextToHTMLHelper::atUrl()
162	+ (allowedSpecialChars.indexOf(mText[mPos - 1]) != -1))) {
163	+ return false;
164	+ }
165	+-
166	+ QChar ch = mText[mPos];
167	+ return
168	+ (ch == QLatin1Char('h') && (mText.mid(mPos, 7) == QLatin1String("http://") \|\|
169	+@@ -192,7 +191,7 @@ bool KTextToHTMLHelper::isEmptyUrl(const QString &url)
170	+ url == QLatin1String("news://");
171	+ }
172	+
173	+-QString KTextToHTMLHelper::getUrl()
174	++QString KTextToHTMLHelper::getUrl(bool *badurl)
175	+ {
176	+ QString url;
177	+ if (atUrl()) {
178	+@@ -229,6 +228,7 @@ QString KTextToHTMLHelper::getUrl()
179	+ url.reserve(mMaxUrlLen); // avoid allocs
180	+ int start = mPos;
181	+ bool previousCharIsSpace = false;
182	++ bool previousCharIsADoubleQuote = false;
183	+ while ((mPos < mText.length()) &&
184	+ (mText[mPos].isPrint() \|\| mText[mPos].isSpace()) &&
185	+ ((afterUrl.isNull() && !mText[mPos].isSpace()) \|\|
186	+@@ -241,6 +241,18 @@ QString KTextToHTMLHelper::getUrl()
187	+ break;
188	+ }
189	+ previousCharIsSpace = false;
190	++ if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) {
191	++ //it's an invalid url
192	++ if (badurl) {
193	++ *badurl = true;
194	++ }
195	++ return QString();
196	++ }
197	++ if (mText[mPos] == QLatin1Char('"')) {
198	++ previousCharIsADoubleQuote = true;
199	++ } else {
200	++ previousCharIsADoubleQuote = false;
201	++ }
202	+ url.append(mText[mPos]);
203	+ if (url.length() > mMaxUrlLen) {
204	+ break;
205	+@@ -341,7 +353,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
206	+ QChar ch;
207	+ int x;
208	+ bool startOfLine = true;
209	+- //qDebug()<<" plainText"<<plainText;
210	+
211	+ for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length();
212	+ ++helper.mPos, ++x) {
213	+@@ -409,8 +420,11 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
214	+ } else {
215	+ const int start = helper.mPos;
216	+ if (!(flags & IgnoreUrls)) {
217	+- str = helper.getUrl();
218	+- //qDebug()<<" str"<<str;
219	++ bool badUrl = false;
220	++ str = helper.getUrl(&badUrl);
221	++ if (badUrl) {
222	++ return helper.mText;
223	++ }
224	+ if (!str.isEmpty()) {
225	+ QString hyperlink;
226	+ if (str.left(4) == QLatin1String("www.")) {
227	+@@ -464,7 +478,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
228	+
229	+ result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude);
230	+ }
231	+- //qDebug()<<" result "<<result;
232	+
233	+ return result;
234	+ }
235	+diff --git a/src/lib/text/ktexttohtml_p.h b/src/lib/text/ktexttohtml_p.h
236	+index 74ad7a0..fc43613 100644
237	+--- a/src/lib/text/ktexttohtml_p.h
238	++++ b/src/lib/text/ktexttohtml_p.h
239	+@@ -49,7 +49,7 @@ public:
240	+ QString getEmailAddress();
241	+ bool atUrl();
242	+ bool isEmptyUrl(const QString &url);
243	+- QString getUrl();
244	++ QString getUrl(bool *badurl = Q_NULLPTR);
245	+ QString pngToDataUrl(const QString &pngPath);
246	+ QString highlightedText();
247	+
248	+--
249	+2.7.3
250	+
251	+From a06cef31cc4c908bc9b76bd9d103fe9c60e0953f Mon Sep 17 00:00:00 2001
252	+From: Montel Laurent <montel@×××.org>
253	+Date: Tue, 11 Oct 2016 11:11:08 +0200
254	+Subject: [PATCH] Add more autotests
255	+
256	+---
257	+ autotests/ktexttohtmltest.cpp \| 15 +++++++++++++++
258	+ 1 file changed, 15 insertions(+)
259	+
260	+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
261	+index c5690e8..0179a00 100644
262	+--- a/autotests/ktexttohtmltest.cpp
263	++++ b/autotests/ktexttohtmltest.cpp
264	+@@ -392,6 +392,21 @@ void KTextToHTMLTest::testHtmlConvert_data()
265	+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
266	+ << "https://\"><!--";
267	+
268	++ QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--"
269	++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
270	++ << "https://192.168.1.1:\"><!--";
271	++
272	++ QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--"
273	++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
274	++ << "https://<IP>:\"><!--";
275	++
276	++ QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--"
277	++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
278	++ << "https://<IP>:/\"><!--";
279	++
280	++ QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--"
281	++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
282	++ << "https://<IP>:/\"><script>alert(1);</script><!--";
283	+ }
284	+
285	+
286	+--
287	+2.7.3
288	+
289	+From 5e13d2439dbf540fdc840f0b0ab5b3ebf6642c6a Mon Sep 17 00:00:00 2001
290	+From: Montel Laurent <montel@×××.org>
291	+Date: Tue, 11 Oct 2016 11:40:10 +0200
292	+Subject: [PATCH] Display bad url
293	+
294	+---
295	+ autotests/ktexttohtmltest.cpp \| 14 +++++++++-----
296	+ src/lib/text/ktexttohtml.cpp \| 18 +++++++++++++++++-
297	+ 2 files changed, 26 insertions(+), 6 deletions(-)
298	+
299	+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
300	+index 0179a00..ccac29a 100644
301	+--- a/autotests/ktexttohtmltest.cpp
302	++++ b/autotests/ktexttohtmltest.cpp
303	+@@ -390,23 +390,27 @@ void KTextToHTMLTest::testHtmlConvert_data()
304	+ //Fix url exploit
305	+ QTest::newRow("url-exec-html") << "https://\"><!--"
306	+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
307	+- << "https://\"><!--";
308	++ << "https://"><!--";
309	+
310	+ QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--"
311	+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
312	+- << "https://192.168.1.1:\"><!--";
313	++ << "https://192.168.1.1:"><!--";
314	+
315	+ QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--"
316	+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
317	+- << "https://<IP>:\"><!--";
318	++ << "https://<IP>:"><!--";
319	+
320	+ QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--"
321	+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
322	+- << "https://<IP>:/\"><!--";
323	++ << "https://<IP>:/"><!--";
324	+
325	+ QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--"
326	+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
327	+- << "https://<IP>:/\"><script>alert(1);</script><!--";
328	++ << "https://<IP>:/"><script>alert(1);</script><!--";
329	++
330	++ QTest::newRow("url-exec-html-6") << "https://<IP>:/\"><script>alert(1);</script><!--\nTest2"
331	++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
332	++ << "https://<IP>:/"><script>alert(1);</script><!--\nTest2";
333	+ }
334	+
335	+
336	+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp
337	+index 97c5eab..30e0b5d 100644
338	+--- a/src/lib/text/ktexttohtml.cpp
339	++++ b/src/lib/text/ktexttohtml.cpp
340	+@@ -423,7 +423,23 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
341	+ bool badUrl = false;
342	+ str = helper.getUrl(&badUrl);
343	+ if (badUrl) {
344	+- return helper.mText;
345	++ QString resultBadUrl;
346	++ const int helperTextSize(helper.mText.count());
347	++ for (int i = 0; i < helperTextSize; ++i) {
348	++ const QChar chBadUrl = helper.mText[i];
349	++ if (chBadUrl == QLatin1Char('&')) {
350	++ resultBadUrl += QLatin1String("&");
351	++ } else if (chBadUrl == QLatin1Char('"')) {
352	++ resultBadUrl += QLatin1String(""");
353	++ } else if (chBadUrl == QLatin1Char('<')) {
354	++ resultBadUrl += QLatin1String("<");
355	++ } else if (chBadUrl == QLatin1Char('>')) {
356	++ resultBadUrl += QLatin1String(">");
357	++ } else {
358	++ resultBadUrl += chBadUrl;
359	++ }
360	++ }
361	++ return resultBadUrl;
362	+ }
363	+ if (!str.isEmpty()) {
364	+ QString hyperlink;
365	+--
366	+2.7.3
367	+
368
369	diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch
370	new file mode 100644
371	index 00000000..4fbd5e3
372	--- /dev/null
373	+++ b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch
374	@@ -0,0 +1,117 @@
375	+From a06cef31cc4c908bc9b76bd9d103fe9c60e0953f Mon Sep 17 00:00:00 2001
376	+From: Montel Laurent <montel@×××.org>
377	+Date: Tue, 11 Oct 2016 11:11:08 +0200
378	+Subject: [PATCH] Add more autotests
379	+
380	+---
381	+ autotests/ktexttohtmltest.cpp \| 15 +++++++++++++++
382	+ 1 file changed, 15 insertions(+)
383	+
384	+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
385	+index c5690e8..0179a00 100644
386	+--- a/autotests/ktexttohtmltest.cpp
387	++++ b/autotests/ktexttohtmltest.cpp
388	+@@ -392,6 +392,21 @@ void KTextToHTMLTest::testHtmlConvert_data()
389	+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
390	+ << "https://\"><!--";
391	+
392	++ QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--"
393	++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
394	++ << "https://192.168.1.1:\"><!--";
395	++
396	++ QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--"
397	++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
398	++ << "https://<IP>:\"><!--";
399	++
400	++ QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--"
401	++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
402	++ << "https://<IP>:/\"><!--";
403	++
404	++ QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--"
405	++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
406	++ << "https://<IP>:/\"><script>alert(1);</script><!--";
407	+ }
408	+
409	+
410	+--
411	+2.7.3
412	+
413	+From 5e13d2439dbf540fdc840f0b0ab5b3ebf6642c6a Mon Sep 17 00:00:00 2001
414	+From: Montel Laurent <montel@×××.org>
415	+Date: Tue, 11 Oct 2016 11:40:10 +0200
416	+Subject: [PATCH] Display bad url
417	+
418	+---
419	+ autotests/ktexttohtmltest.cpp \| 14 +++++++++-----
420	+ src/lib/text/ktexttohtml.cpp \| 18 +++++++++++++++++-
421	+ 2 files changed, 26 insertions(+), 6 deletions(-)
422	+
423	+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
424	+index 0179a00..ccac29a 100644
425	+--- a/autotests/ktexttohtmltest.cpp
426	++++ b/autotests/ktexttohtmltest.cpp
427	+@@ -390,23 +390,27 @@ void KTextToHTMLTest::testHtmlConvert_data()
428	+ //Fix url exploit
429	+ QTest::newRow("url-exec-html") << "https://\"><!--"
430	+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
431	+- << "https://\"><!--";
432	++ << "https://"><!--";
433	+
434	+ QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--"
435	+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
436	+- << "https://192.168.1.1:\"><!--";
437	++ << "https://192.168.1.1:"><!--";
438	+
439	+ QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--"
440	+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
441	+- << "https://<IP>:\"><!--";
442	++ << "https://<IP>:"><!--";
443	+
444	+ QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--"
445	+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
446	+- << "https://<IP>:/\"><!--";
447	++ << "https://<IP>:/"><!--";
448	+
449	+ QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--"
450	+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
451	+- << "https://<IP>:/\"><script>alert(1);</script><!--";
452	++ << "https://<IP>:/"><script>alert(1);</script><!--";
453	++
454	++ QTest::newRow("url-exec-html-6") << "https://<IP>:/\"><script>alert(1);</script><!--\nTest2"
455	++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
456	++ << "https://<IP>:/"><script>alert(1);</script><!--\nTest2";
457	+ }
458	+
459	+
460	+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp
461	+index 97c5eab..30e0b5d 100644
462	+--- a/src/lib/text/ktexttohtml.cpp
463	++++ b/src/lib/text/ktexttohtml.cpp
464	+@@ -423,7 +423,23 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
465	+ bool badUrl = false;
466	+ str = helper.getUrl(&badUrl);
467	+ if (badUrl) {
468	+- return helper.mText;
469	++ QString resultBadUrl;
470	++ const int helperTextSize(helper.mText.count());
471	++ for (int i = 0; i < helperTextSize; ++i) {
472	++ const QChar chBadUrl = helper.mText[i];
473	++ if (chBadUrl == QLatin1Char('&')) {
474	++ resultBadUrl += QLatin1String("&");
475	++ } else if (chBadUrl == QLatin1Char('"')) {
476	++ resultBadUrl += QLatin1String(""");
477	++ } else if (chBadUrl == QLatin1Char('<')) {
478	++ resultBadUrl += QLatin1String("<");
479	++ } else if (chBadUrl == QLatin1Char('>')) {
480	++ resultBadUrl += QLatin1String(">");
481	++ } else {
482	++ resultBadUrl += chBadUrl;
483	++ }
484	++ }
485	++ return resultBadUrl;
486	+ }
487	+ if (!str.isEmpty()) {
488	+ QString hyperlink;
489	+--
490	+2.7.3
491	+
492
493	diff --git a/kde-frameworks/kcoreaddons/kcoreaddons-5.27.0.ebuild b/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r2.ebuild
494	similarity index 91%
495	copy from kde-frameworks/kcoreaddons/kcoreaddons-5.27.0.ebuild
496	copy to kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r2.ebuild
497	index 037dde3..9db44a0 100644
498	--- a/kde-frameworks/kcoreaddons/kcoreaddons-5.27.0.ebuild
499	+++ b/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r2.ebuild
500	@@ -21,6 +21,8 @@ DEPEND="${RDEPEND}
501	nls? ( $(add_qt_dep linguist-tools) )
502	"
503
504	+PATCHES=( "${FILESDIR}/${P}-CVE-2016-7966-r1.patch" )
505	+
506	src_configure() {
507	local mycmakeargs=(
508	-D_KDE4_DEFAULT_HOME_POSTFIX=4
509
510	diff --git a/kde-frameworks/kcoreaddons/kcoreaddons-5.27.0.ebuild b/kde-frameworks/kcoreaddons/kcoreaddons-5.27.0-r1.ebuild
511	similarity index 92%
512	rename from kde-frameworks/kcoreaddons/kcoreaddons-5.27.0.ebuild
513	rename to kde-frameworks/kcoreaddons/kcoreaddons-5.27.0-r1.ebuild
514	index 037dde3..ebb5cd8 100644
515	--- a/kde-frameworks/kcoreaddons/kcoreaddons-5.27.0.ebuild
516	+++ b/kde-frameworks/kcoreaddons/kcoreaddons-5.27.0-r1.ebuild
517	@@ -21,6 +21,8 @@ DEPEND="${RDEPEND}
518	nls? ( $(add_qt_dep linguist-tools) )
519	"
520
521	+PATCHES=( "${FILESDIR}/${P}-CVE-2016-7966.patch" )
522	+
523	src_configure() {
524	local mycmakeargs=(
525	-D_KDE4_DEFAULT_HOME_POSTFIX=4

Gentoo Archives: gentoo-commits