| 1 |
commit: 9c24f341bc27f6cb5d205210820fe300b5d228a8 |
| 2 |
Author: Michael Palimaka <kensington <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Thu Oct 6 18:47:29 2016 +0000 |
| 4 |
Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Thu Oct 6 18:47:59 2016 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9c24f341 |
| 7 |
|
| 8 |
kde-frameworks/kcoreaddons: revert failing patch |
| 9 |
|
| 10 |
This reverts commit bd38ebeaf7ab220314d81699d0176c0be1600447. |
| 11 |
|
| 12 |
.../files/kcoreaddons-5.26.0-CVE-2016-7966.patch | 122 --------------------- |
| 13 |
.../kcoreaddons/kcoreaddons-5.26.0-r1.ebuild | 33 ------ |
| 14 |
2 files changed, 155 deletions(-) |
| 15 |
|
| 16 |
diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch |
| 17 |
deleted file mode 100644 |
| 18 |
index 8374d5a..00000000 |
| 19 |
--- a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch |
| 20 |
+++ /dev/null |
| 21 |
@@ -1,122 +0,0 @@ |
| 22 |
-From 96e562d9138c100498da38e4c5b4091a226dde12 Mon Sep 17 00:00:00 2001 |
| 23 |
-From: Montel Laurent <montel@×××.org> |
| 24 |
-Date: Fri, 30 Sep 2016 13:21:45 +0200 |
| 25 |
-Subject: [PATCH] Don't convert as url an url which has a " |
| 26 |
- |
| 27 |
---- |
| 28 |
- autotests/ktexttohtmltest.cpp | 6 ++++++ |
| 29 |
- src/lib/text/ktexttohtml.cpp | 25 +++++++++++++++++++------ |
| 30 |
- src/lib/text/ktexttohtml_p.h | 2 +- |
| 31 |
- 3 files changed, 26 insertions(+), 7 deletions(-) |
| 32 |
- |
| 33 |
-diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp |
| 34 |
-index 8fc0c56..c5690e8 100644 |
| 35 |
---- a/autotests/ktexttohtmltest.cpp |
| 36 |
-+++ b/autotests/ktexttohtmltest.cpp |
| 37 |
-@@ -386,6 +386,12 @@ void KTextToHTMLTest::testHtmlConvert_data() |
| 38 |
- QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>" |
| 39 |
- << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
| 40 |
- << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>"; |
| 41 |
-+ |
| 42 |
-+ //Fix url exploit |
| 43 |
-+ QTest::newRow("url-exec-html") << "https://\"><!--" |
| 44 |
-+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
| 45 |
-+ << "https://\"><!--"; |
| 46 |
-+ |
| 47 |
- } |
| 48 |
- |
| 49 |
- |
| 50 |
-diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp |
| 51 |
-index c70d062..97c5eab 100644 |
| 52 |
---- a/src/lib/text/ktexttohtml.cpp |
| 53 |
-+++ b/src/lib/text/ktexttohtml.cpp |
| 54 |
-@@ -156,7 +156,6 @@ bool KTextToHTMLHelper::atUrl() |
| 55 |
- (allowedSpecialChars.indexOf(mText[mPos - 1]) != -1))) { |
| 56 |
- return false; |
| 57 |
- } |
| 58 |
-- |
| 59 |
- QChar ch = mText[mPos]; |
| 60 |
- return |
| 61 |
- (ch == QLatin1Char('h') && (mText.mid(mPos, 7) == QLatin1String("http://") || |
| 62 |
-@@ -192,7 +191,7 @@ bool KTextToHTMLHelper::isEmptyUrl(const QString &url) |
| 63 |
- url == QLatin1String("news://"); |
| 64 |
- } |
| 65 |
- |
| 66 |
--QString KTextToHTMLHelper::getUrl() |
| 67 |
-+QString KTextToHTMLHelper::getUrl(bool *badurl) |
| 68 |
- { |
| 69 |
- QString url; |
| 70 |
- if (atUrl()) { |
| 71 |
-@@ -229,6 +228,7 @@ QString KTextToHTMLHelper::getUrl() |
| 72 |
- url.reserve(mMaxUrlLen); // avoid allocs |
| 73 |
- int start = mPos; |
| 74 |
- bool previousCharIsSpace = false; |
| 75 |
-+ bool previousCharIsADoubleQuote = false; |
| 76 |
- while ((mPos < mText.length()) && |
| 77 |
- (mText[mPos].isPrint() || mText[mPos].isSpace()) && |
| 78 |
- ((afterUrl.isNull() && !mText[mPos].isSpace()) || |
| 79 |
-@@ -241,6 +241,18 @@ QString KTextToHTMLHelper::getUrl() |
| 80 |
- break; |
| 81 |
- } |
| 82 |
- previousCharIsSpace = false; |
| 83 |
-+ if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) { |
| 84 |
-+ //it's an invalid url |
| 85 |
-+ if (badurl) { |
| 86 |
-+ *badurl = true; |
| 87 |
-+ } |
| 88 |
-+ return QString(); |
| 89 |
-+ } |
| 90 |
-+ if (mText[mPos] == QLatin1Char('"')) { |
| 91 |
-+ previousCharIsADoubleQuote = true; |
| 92 |
-+ } else { |
| 93 |
-+ previousCharIsADoubleQuote = false; |
| 94 |
-+ } |
| 95 |
- url.append(mText[mPos]); |
| 96 |
- if (url.length() > mMaxUrlLen) { |
| 97 |
- break; |
| 98 |
-@@ -341,7 +353,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
| 99 |
- QChar ch; |
| 100 |
- int x; |
| 101 |
- bool startOfLine = true; |
| 102 |
-- //qDebug()<<" plainText"<<plainText; |
| 103 |
- |
| 104 |
- for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length(); |
| 105 |
- ++helper.mPos, ++x) { |
| 106 |
-@@ -409,8 +420,11 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
| 107 |
- } else { |
| 108 |
- const int start = helper.mPos; |
| 109 |
- if (!(flags & IgnoreUrls)) { |
| 110 |
-- str = helper.getUrl(); |
| 111 |
-- //qDebug()<<" str"<<str; |
| 112 |
-+ bool badUrl = false; |
| 113 |
-+ str = helper.getUrl(&badUrl); |
| 114 |
-+ if (badUrl) { |
| 115 |
-+ return helper.mText; |
| 116 |
-+ } |
| 117 |
- if (!str.isEmpty()) { |
| 118 |
- QString hyperlink; |
| 119 |
- if (str.left(4) == QLatin1String("www.")) { |
| 120 |
-@@ -464,7 +478,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
| 121 |
- |
| 122 |
- result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude); |
| 123 |
- } |
| 124 |
-- //qDebug()<<" result "<<result; |
| 125 |
- |
| 126 |
- return result; |
| 127 |
- } |
| 128 |
-diff --git a/src/lib/text/ktexttohtml_p.h b/src/lib/text/ktexttohtml_p.h |
| 129 |
-index 74ad7a0..fc43613 100644 |
| 130 |
---- a/src/lib/text/ktexttohtml_p.h |
| 131 |
-+++ b/src/lib/text/ktexttohtml_p.h |
| 132 |
-@@ -49,7 +49,7 @@ public: |
| 133 |
- QString getEmailAddress(); |
| 134 |
- bool atUrl(); |
| 135 |
- bool isEmptyUrl(const QString &url); |
| 136 |
-- QString getUrl(); |
| 137 |
-+ QString getUrl(bool *badurl = Q_NULLPTR); |
| 138 |
- QString pngToDataUrl(const QString &pngPath); |
| 139 |
- QString highlightedText(); |
| 140 |
- |
| 141 |
--- |
| 142 |
-2.7.3 |
| 143 |
- |
| 144 |
|
| 145 |
diff --git a/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild b/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild |
| 146 |
deleted file mode 100644 |
| 147 |
index ebb5cd8..00000000 |
| 148 |
--- a/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild |
| 149 |
+++ /dev/null |
| 150 |
@@ -1,33 +0,0 @@ |
| 151 |
-# Copyright 1999-2016 Gentoo Foundation |
| 152 |
-# Distributed under the terms of the GNU General Public License v2 |
| 153 |
-# $Id$ |
| 154 |
- |
| 155 |
-EAPI=6 |
| 156 |
- |
| 157 |
-inherit kde5 |
| 158 |
- |
| 159 |
-DESCRIPTION="Framework for solving common problems such as caching, randomisation, and more" |
| 160 |
-LICENSE="LGPL-2+" |
| 161 |
-KEYWORDS="~amd64 ~arm ~x86" |
| 162 |
-IUSE="fam nls" |
| 163 |
- |
| 164 |
-RDEPEND=" |
| 165 |
- $(add_qt_dep qtcore 'icu') |
| 166 |
- fam? ( virtual/fam ) |
| 167 |
- !<kde-frameworks/kservice-5.2.0:5 |
| 168 |
-" |
| 169 |
-DEPEND="${RDEPEND} |
| 170 |
- x11-misc/shared-mime-info |
| 171 |
- nls? ( $(add_qt_dep linguist-tools) ) |
| 172 |
-" |
| 173 |
- |
| 174 |
-PATCHES=( "${FILESDIR}/${P}-CVE-2016-7966.patch" ) |
| 175 |
- |
| 176 |
-src_configure() { |
| 177 |
- local mycmakeargs=( |
| 178 |
- -D_KDE4_DEFAULT_HOME_POSTFIX=4 |
| 179 |
- $(cmake-utils_use_find_package fam FAM) |
| 180 |
- ) |
| 181 |
- |
| 182 |
- kde5_src_configure |
| 183 |
-} |
Archives