git » kcoreaddons.git » commit fbc8395

Upstream release

author Felix Yan
2016-10-09 17:12:05 UTC
committer Felix Yan
2016-10-09 17:12:05 UTC
parent 9c9a599b6507ac15b411f5f4bd1eafad1564bd13
Upstream release
CVE-2016-7966.patch +0 -71
PKGBUILD +4 -8 
diff --git a/CVE-2016-7966.patch b/CVE-2016-7966.patch
deleted file mode 100644
index c1bf19c..0000000
--- a/CVE-2016-7966.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-diff --git a/autotests/kjobtest.cpp b/autotests/kjobtest.cpp
-index 88be4ac..139b9be 100644
---- a/autotests/kjobtest.cpp
-+++ b/autotests/kjobtest.cpp
-@@ -276,6 +276,7 @@ void KJobTest::testDelegateUsage()
-     TestJob *job1 = new TestJob;
-     TestJob *job2 = new TestJob;
-     TestJobUiDelegate *delegate = new TestJobUiDelegate;
-+    QPointer<TestJobUiDelegate> guard(delegate);
- 
-     QVERIFY(job1->uiDelegate() == 0);
-     job1->setUiDelegate(delegate);
-@@ -284,6 +285,10 @@ void KJobTest::testDelegateUsage()
-     QVERIFY(job2->uiDelegate() == 0);
-     job2->setUiDelegate(delegate);
-     QVERIFY(job2->uiDelegate() == 0);
-+
-+    delete job1;
-+    delete job2;
-+    QVERIFY(guard.isNull()); // deleted by job1
- }
- 
- void KJobTest::testNestedExec()
-diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
-index 474f0ca..c5690e8 100644
---- a/autotests/ktexttohtmltest.cpp
-+++ b/autotests/ktexttohtmltest.cpp
-@@ -30,6 +30,15 @@ QTEST_MAIN(KTextToHTMLTest)
- 
- Q_DECLARE_METATYPE(KTextToHTML::Options)
- 
-+#ifndef Q_OS_WIN
-+void initLocale()
-+{
-+    setenv("LC_ALL", "en_US.utf-8", 1);
-+}
-+Q_CONSTRUCTOR_FUNCTION(initLocale)
-+#endif
-+
-+
- void KTextToHTMLTest::testGetEmailAddress()
- {
-     // empty input
-@@ -372,6 +381,17 @@ void KTextToHTMLTest::testHtmlConvert_data()
-     QTest::newRow("url-in-parenthesis-3") << "bla (http://www.kde.org - section 5.2)"
-                                           << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-                                           << "bla (<a href=\"http://www.kde.org\">http://www.kde.org</a> - section 5.2)";
-+    
-+   // Fix url as foo <<url> <url>> when we concatened them.
-+   QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>"
-+                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-+                               << "foo &lt;<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a>&lt;<a href=\"http://www.kde.org/\">http://www.kde.org/</a>&gt;&gt;";
-+
-+   //Fix url exploit
-+   QTest::newRow("url-exec-html") << "https://\"><!--"
-+                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-+                               << "https://\"><!--";
-+
- }
- 
- 
-diff --git a/autotests/kurlmimedatatest.cpp b/autotests/kurlmimedatatest.cpp
-index 5e55d9e..264879f 100644
---- a/autotests/kurlmimedatatest.cpp
-+++ b/autotests/kurlmimedatatest.cpp
-@@ -135,4 +135,5 @@ void KUrlMimeDataTest::testMostLocalUrlList()
-         QCOMPARE(qurls[i], static_cast<QUrl>(localUrls[i]));
-     }
- 
-+    delete mimeData;
- }
diff --git a/PKGBUILD b/PKGBUILD
index 32d4774..1dad495 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,8 +2,8 @@
 # Contributor: Andrea Scarpino <andrea@archlinux.org>
 
 pkgname=kcoreaddons
-pkgver=5.26.0
-pkgrel=2
+pkgver=5.27.0
+pkgrel=1
 pkgdesc='Addons to QtCore'
 arch=('i686' 'x86_64')
 url='https://community.kde.org/Frameworks'
@@ -11,15 +11,11 @@ license=('LGPL')
 depends=('qt5-base' 'shared-mime-info')
 makedepends=('extra-cmake-modules' 'qt5-tools')
 groups=('kf5')
-source=("http://download.kde.org/stable/frameworks/${pkgver%.*}/${pkgname}-${pkgver}.tar.xz" CVE-2016-7966.patch)
-md5sums=('263530a26fd0b80238827d2d97225e7b'
-         '2078f5ef9f761df6f7701ba96c046125')
+source=("http://download.kde.org/stable/frameworks/${pkgver%.*}/${pkgname}-${pkgver}.tar.xz")
+md5sums=('3dc2ded3c06cbf5d0dcf41a96e9a03bb')
 
 prepare() {
   mkdir -p build
-
-  cd $pkgname-$pkgver
-  patch -p1 -i ../CVE-2016-7966.patch # https://www.kde.org/info/security/advisory-20161006-1.txt
 }
 
 build() {