git » ktexteditor.git » commit 59a6a90

Fix CVE-2022-23853

author Antonio Rojas
2022-01-31 15:19:50 UTC
committer Antonio Rojas
2022-01-31 15:19:50 UTC
parent 64f58f62aa75673f39c7fc562c057ce43786b1a7
Fix CVE-2022-23853
PKGBUILD +13 -3 
diff --git a/PKGBUILD b/PKGBUILD
index d4a548c..d179ae7 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -4,7 +4,7 @@
 
 pkgname=ktexteditor
 pkgver=5.90.0
-pkgrel=1
+pkgrel=2
 pkgdesc='Advanced embeddable text editor'
 arch=(x86_64)
 url='https://community.kde.org/Frameworks'
@@ -13,11 +13,21 @@ depends=(kparts syntax-highlighting editorconfig-core-c)
 makedepends=(extra-cmake-modules doxygen qt5-tools qt5-doc)
 optdepends=('git: git integration')
 groups=(kf5)
-source=(https://download.kde.org/stable/frameworks/${pkgver%.*}/$pkgname-$pkgver.tar.xz{,.sig})
+source=(https://download.kde.org/stable/frameworks/${pkgver%.*}/$pkgname-$pkgver.tar.xz{,.sig}
+        https://invent.kde.org/frameworks/ktexteditor/-/commit/804e4944.patch
+        https://invent.kde.org/frameworks/ktexteditor/-/commit/c80f935c.patch)
 sha256sums=('56088115827ae406dcd383e3c3fdf408950f351887259e41965fe4b7929f2dbc'
-            'SKIP')
+            'SKIP'
+            'b8f6794535b63747bf2e73a9afece4c570ee9b560d3152dbcb1f748025f15fb9'
+            '19baa3c5b1c694edefbc518e07255a9c0acde62b6d6316ee2a2805c2d429ad1c')
 validpgpkeys=(53E6B47B45CEA3E0D5B7457758D0EE648A48B3BB) # David Faure <faure@kde.org>
 
+prepare() {
+# CVE-2022-23853
+  patch -d $pkgname-$pkgver -p1 < 804e4944.patch
+  patch -d $pkgname-$pkgver -p1 < c80f935c.patch
+}
+
 build() {
   cmake -B build -S $pkgname-$pkgver \
     -DBUILD_TESTING=OFF \