Date: Sunday, October 9, 2016 @ 17:12:05 Author: felixonmars Revision: 277983
upgpkg: kcoreaddons 5.27.0-1 Upstream release Modified: kcoreaddons/trunk/PKGBUILD Deleted: kcoreaddons/trunk/CVE-2016-7966.patch ---------------------+ CVE-2016-7966.patch | 71 -------------------------------------------------- PKGBUILD | 12 ++------ 2 files changed, 4 insertions(+), 79 deletions(-) Deleted: CVE-2016-7966.patch =================================================================== --- CVE-2016-7966.patch 2016-10-09 17:11:58 UTC (rev 277982) +++ CVE-2016-7966.patch 2016-10-09 17:12:05 UTC (rev 277983) @@ -1,71 +0,0 @@ -diff --git a/autotests/kjobtest.cpp b/autotests/kjobtest.cpp -index 88be4ac..139b9be 100644 ---- a/autotests/kjobtest.cpp -+++ b/autotests/kjobtest.cpp -@@ -276,6 +276,7 @@ void KJobTest::testDelegateUsage() - TestJob *job1 = new TestJob; - TestJob *job2 = new TestJob; - TestJobUiDelegate *delegate = new TestJobUiDelegate; -+ QPointer<TestJobUiDelegate> guard(delegate); - - QVERIFY(job1->uiDelegate() == 0); - job1->setUiDelegate(delegate); -@@ -284,6 +285,10 @@ void KJobTest::testDelegateUsage() - QVERIFY(job2->uiDelegate() == 0); - job2->setUiDelegate(delegate); - QVERIFY(job2->uiDelegate() == 0); -+ -+ delete job1; -+ delete job2; -+ QVERIFY(guard.isNull()); // deleted by job1 - } - - void KJobTest::testNestedExec() -diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp -index 474f0ca..c5690e8 100644 ---- a/autotests/ktexttohtmltest.cpp -+++ b/autotests/ktexttohtmltest.cpp -@@ -30,6 +30,15 @@ QTEST_MAIN(KTextToHTMLTest) - - Q_DECLARE_METATYPE(KTextToHTML::Options) - -+#ifndef Q_OS_WIN -+void initLocale() -+{ -+ setenv("LC_ALL", "en_US.utf-8", 1); -+} -+Q_CONSTRUCTOR_FUNCTION(initLocale) -+#endif -+ -+ - void KTextToHTMLTest::testGetEmailAddress() - { - // empty input -@@ -372,6 +381,17 @@ void KTextToHTMLTest::testHtmlConvert_data() - QTest::newRow("url-in-parenthesis-3") << "bla (http://www.kde.org - section 5.2)" - << KTextToHTML::Options(KTextToHTML::PreserveSpaces) - << "bla (<a href=\"http://www.kde.org\">http://www.kde.org</a> - section 5.2)"; -+ -+ // Fix url as foo <<url> <url>> when we concatened them. -+ QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>" -+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -+ << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>"; -+ -+ //Fix url exploit -+ QTest::newRow("url-exec-html") << "https://\"><!--" -+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -+ << "https://\"><!--"; -+ - } - - -diff --git a/autotests/kurlmimedatatest.cpp b/autotests/kurlmimedatatest.cpp -index 5e55d9e..264879f 100644 ---- a/autotests/kurlmimedatatest.cpp -+++ b/autotests/kurlmimedatatest.cpp -@@ -135,4 +135,5 @@ void KUrlMimeDataTest::testMostLocalUrlList() - QCOMPARE(qurls[i], static_cast<QUrl>(localUrls[i])); - } - -+ delete mimeData; - } Modified: PKGBUILD =================================================================== --- PKGBUILD 2016-10-09 17:11:58 UTC (rev 277982) +++ PKGBUILD 2016-10-09 17:12:05 UTC (rev 277983) @@ -3,8 +3,8 @@ # Contributor: Andrea Scarpino <and...@archlinux.org> pkgname=kcoreaddons -pkgver=5.26.0 -pkgrel=2 +pkgver=5.27.0 +pkgrel=1 pkgdesc='Addons to QtCore' arch=('i686' 'x86_64') url='https://community.kde.org/Frameworks' @@ -12,15 +12,11 @@ depends=('qt5-base' 'shared-mime-info') makedepends=('extra-cmake-modules' 'qt5-tools') groups=('kf5') -source=("http://download.kde.org/stable/frameworks/${pkgver%.*}/${pkgname}-${pkgver}.tar.xz" CVE-2016-7966.patch) -md5sums=('263530a26fd0b80238827d2d97225e7b' - '2078f5ef9f761df6f7701ba96c046125') +source=("http://download.kde.org/stable/frameworks/${pkgver%.*}/${pkgname}-${pkgver}.tar.xz") +md5sums=('3dc2ded3c06cbf5d0dcf41a96e9a03bb') prepare() { mkdir -p build - - cd $pkgname-$pkgver - patch -p1 -i ../CVE-2016-7966.patch # https://www.kde.org/info/security/advisory-20161006-1.txt } build() {