[SCM] kcoreaddons packaging branch, master, updated. debian/5.37.0-2-101-ga15783a
Maximiliano Curia
maxy at moszumanska.debian.org
Tue Jan 2 18:34:28 UTC 2018
Gitweb-URL: http://git.debian.org/?p=pkg-kde/frameworks/kcoreaddons.git;a=commitdiff;h=8752778
The following commit has been merged in the master branch:
commit 8752778f93cef0a9c1c54e72caa474cc3eef6f01
Author: Jonathan Riddell <jr at jriddell.org>
Date: Thu Oct 6 23:25:35 2016 +0100
take a diff from master cos the official patch doesn't apply
---
debian/patches/kde_01_CVE-2016-7966.diff | 158 +++++++++++--------------------
1 file changed, 57 insertions(+), 101 deletions(-)
diff --git a/debian/patches/kde_01_CVE-2016-7966.diff b/debian/patches/kde_01_CVE-2016-7966.diff
index c1f0443..c1bf19c 100644
--- a/debian/patches/kde_01_CVE-2016-7966.diff
+++ b/debian/patches/kde_01_CVE-2016-7966.diff
@@ -1,19 +1,55 @@
-From: Montel Laurent <montel at kde.org>
-Date: Fri, 30 Sep 2016 11:21:45 +0000
-Subject: Don't convert as url an url which has a "
-X-Git-Tag: v5.27.0-rc1
-X-Git-Url: http://quickgit.kde.org/?p=kcoreaddons.git&a=commitdiff&h=96e562d9138c100498da38e4c5b4091a226dde12
----
-Don't convert as url an url which has a "
----
-
-
+diff --git a/autotests/kjobtest.cpp b/autotests/kjobtest.cpp
+index 88be4ac..139b9be 100644
+--- a/autotests/kjobtest.cpp
++++ b/autotests/kjobtest.cpp
+@@ -276,6 +276,7 @@ void KJobTest::testDelegateUsage()
+ TestJob *job1 = new TestJob;
+ TestJob *job2 = new TestJob;
+ TestJobUiDelegate *delegate = new TestJobUiDelegate;
++ QPointer<TestJobUiDelegate> guard(delegate);
+
+ QVERIFY(job1->uiDelegate() == 0);
+ job1->setUiDelegate(delegate);
+@@ -284,6 +285,10 @@ void KJobTest::testDelegateUsage()
+ QVERIFY(job2->uiDelegate() == 0);
+ job2->setUiDelegate(delegate);
+ QVERIFY(job2->uiDelegate() == 0);
++
++ delete job1;
++ delete job2;
++ QVERIFY(guard.isNull()); // deleted by job1
+ }
+
+ void KJobTest::testNestedExec()
+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
+index 474f0ca..c5690e8 100644
--- a/autotests/ktexttohtmltest.cpp
+++ b/autotests/ktexttohtmltest.cpp
-@@ -386,6 +386,12 @@
- QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>"
- << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
- << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>";
+@@ -30,6 +30,15 @@ QTEST_MAIN(KTextToHTMLTest)
+
+ Q_DECLARE_METATYPE(KTextToHTML::Options)
+
++#ifndef Q_OS_WIN
++void initLocale()
++{
++ setenv("LC_ALL", "en_US.utf-8", 1);
++}
++Q_CONSTRUCTOR_FUNCTION(initLocale)
++#endif
++
++
+ void KTextToHTMLTest::testGetEmailAddress()
+ {
+ // empty input
+@@ -372,6 +381,17 @@ void KTextToHTMLTest::testHtmlConvert_data()
+ QTest::newRow("url-in-parenthesis-3") << "bla (http://www.kde.org - section 5.2)"
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+ << "bla (<a href=\"http://www.kde.org\">http://www.kde.org</a> - section 5.2)";
++
++ // Fix url as foo <<url> <url>> when we concatened them.
++ QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>"
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
++ << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>";
+
+ //Fix url exploit
+ QTest::newRow("url-exec-html") << "https://\"><!--"
@@ -23,93 +59,13 @@ Don't convert as url an url which has a "
}
-
---- a/src/lib/text/ktexttohtml.cpp
-+++ b/src/lib/text/ktexttohtml.cpp
-@@ -156,7 +156,6 @@
- (allowedSpecialChars.indexOf(mText[mPos - 1]) != -1))) {
- return false;
- }
--
- QChar ch = mText[mPos];
- return
- (ch == QLatin1Char('h') && (mText.mid(mPos, 7) == QLatin1String("http://") ||
-@@ -192,7 +191,7 @@
- url == QLatin1String("news://");
- }
-
--QString KTextToHTMLHelper::getUrl()
-+QString KTextToHTMLHelper::getUrl(bool *badurl)
- {
- QString url;
- if (atUrl()) {
-@@ -229,6 +228,7 @@
- url.reserve(mMaxUrlLen); // avoid allocs
- int start = mPos;
- bool previousCharIsSpace = false;
-+ bool previousCharIsADoubleQuote = false;
- while ((mPos < mText.length()) &&
- (mText[mPos].isPrint() || mText[mPos].isSpace()) &&
- ((afterUrl.isNull() && !mText[mPos].isSpace()) ||
-@@ -241,6 +241,18 @@
- break;
- }
- previousCharIsSpace = false;
-+ if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) {
-+ //it's an invalid url
-+ if (badurl) {
-+ *badurl = true;
-+ }
-+ return QString();
-+ }
-+ if (mText[mPos] == QLatin1Char('"')) {
-+ previousCharIsADoubleQuote = true;
-+ } else {
-+ previousCharIsADoubleQuote = false;
-+ }
- url.append(mText[mPos]);
- if (url.length() > mMaxUrlLen) {
- break;
-@@ -341,7 +353,6 @@
- QChar ch;
- int x;
- bool startOfLine = true;
-- //qDebug()<<" plainText"<<plainText;
-
- for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length();
- ++helper.mPos, ++x) {
-@@ -409,8 +420,11 @@
- } else {
- const int start = helper.mPos;
- if (!(flags & IgnoreUrls)) {
-- str = helper.getUrl();
-- //qDebug()<<" str"<<str;
-+ bool badUrl = false;
-+ str = helper.getUrl(&badUrl);
-+ if (badUrl) {
-+ return helper.mText;
-+ }
- if (!str.isEmpty()) {
- QString hyperlink;
- if (str.left(4) == QLatin1String("www.")) {
-@@ -464,7 +478,6 @@
-
- result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude);
+diff --git a/autotests/kurlmimedatatest.cpp b/autotests/kurlmimedatatest.cpp
+index 5e55d9e..264879f 100644
+--- a/autotests/kurlmimedatatest.cpp
++++ b/autotests/kurlmimedatatest.cpp
+@@ -135,4 +135,5 @@ void KUrlMimeDataTest::testMostLocalUrlList()
+ QCOMPARE(qurls[i], static_cast<QUrl>(localUrls[i]));
}
-- //qDebug()<<" result "<<result;
- return result;
++ delete mimeData;
}
-
---- a/src/lib/text/ktexttohtml_p.h
-+++ b/src/lib/text/ktexttohtml_p.h
-@@ -49,7 +49,7 @@
- QString getEmailAddress();
- bool atUrl();
- bool isEmptyUrl(const QString &url);
-- QString getUrl();
-+ QString getUrl(bool *badurl = Q_NULLPTR);
- QString pngToDataUrl(const QString &pngPath);
- QString highlightedText();
-
-
--
kcoreaddons packaging
More information about the pkg-kde-commits
mailing list