diff options
author | Michael Palimaka <kensington@gentoo.org> | 2016-10-07 05:47:29 +1100 |
---|---|---|
committer | Michael Palimaka <kensington@gentoo.org> | 2016-10-07 05:47:59 +1100 |
commit | 9c24f341bc27f6cb5d205210820fe300b5d228a8 (patch) | |
tree | 2bb6cae24f0b00f6cb63a3d56d5cda8b604023ab | |
parent | app-admin/glance: cleanup (diff) | |
download | gentoo-9c24f341bc27f6cb5d205210820fe300b5d228a8.tar.gz gentoo-9c24f341bc27f6cb5d205210820fe300b5d228a8.tar.bz2 gentoo-9c24f341bc27f6cb5d205210820fe300b5d228a8.zip |
kde-frameworks/kcoreaddons: revert failing patch
This reverts commit bd38ebeaf7ab220314d81699d0176c0be1600447.
-rw-r--r-- | kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch | 122 | ||||
-rw-r--r-- | kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild | 33 |
2 files changed, 0 insertions, 155 deletions
diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch deleted file mode 100644 index 8374d5a1a4bd..000000000000 --- a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch +++ /dev/null @@ -1,122 +0,0 @@ -From 96e562d9138c100498da38e4c5b4091a226dde12 Mon Sep 17 00:00:00 2001 -From: Montel Laurent <montel@kde.org> -Date: Fri, 30 Sep 2016 13:21:45 +0200 -Subject: [PATCH] Don't convert as url an url which has a " - ---- - autotests/ktexttohtmltest.cpp | 6 ++++++ - src/lib/text/ktexttohtml.cpp | 25 +++++++++++++++++++------ - src/lib/text/ktexttohtml_p.h | 2 +- - 3 files changed, 26 insertions(+), 7 deletions(-) - -diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp -index 8fc0c56..c5690e8 100644 ---- a/autotests/ktexttohtmltest.cpp -+++ b/autotests/ktexttohtmltest.cpp -@@ -386,6 +386,12 @@ void KTextToHTMLTest::testHtmlConvert_data() - QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>" - << KTextToHTML::Options(KTextToHTML::PreserveSpaces) - << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>"; -+ -+ //Fix url exploit -+ QTest::newRow("url-exec-html") << "https://\"><!--" -+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -+ << "https://\"><!--"; -+ - } - - -diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp -index c70d062..97c5eab 100644 ---- a/src/lib/text/ktexttohtml.cpp -+++ b/src/lib/text/ktexttohtml.cpp -@@ -156,7 +156,6 @@ bool KTextToHTMLHelper::atUrl() - (allowedSpecialChars.indexOf(mText[mPos - 1]) != -1))) { - return false; - } -- - QChar ch = mText[mPos]; - return - (ch == QLatin1Char('h') && (mText.mid(mPos, 7) == QLatin1String("http://") || -@@ -192,7 +191,7 @@ bool KTextToHTMLHelper::isEmptyUrl(const QString &url) - url == QLatin1String("news://"); - } - --QString KTextToHTMLHelper::getUrl() -+QString KTextToHTMLHelper::getUrl(bool *badurl) - { - QString url; - if (atUrl()) { -@@ -229,6 +228,7 @@ QString KTextToHTMLHelper::getUrl() - url.reserve(mMaxUrlLen); // avoid allocs - int start = mPos; - bool previousCharIsSpace = false; -+ bool previousCharIsADoubleQuote = false; - while ((mPos < mText.length()) && - (mText[mPos].isPrint() || mText[mPos].isSpace()) && - ((afterUrl.isNull() && !mText[mPos].isSpace()) || -@@ -241,6 +241,18 @@ QString KTextToHTMLHelper::getUrl() - break; - } - previousCharIsSpace = false; -+ if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) { -+ //it's an invalid url -+ if (badurl) { -+ *badurl = true; -+ } -+ return QString(); -+ } -+ if (mText[mPos] == QLatin1Char('"')) { -+ previousCharIsADoubleQuote = true; -+ } else { -+ previousCharIsADoubleQuote = false; -+ } - url.append(mText[mPos]); - if (url.length() > mMaxUrlLen) { - break; -@@ -341,7 +353,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: - QChar ch; - int x; - bool startOfLine = true; -- //qDebug()<<" plainText"<<plainText; - - for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length(); - ++helper.mPos, ++x) { -@@ -409,8 +420,11 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: - } else { - const int start = helper.mPos; - if (!(flags & IgnoreUrls)) { -- str = helper.getUrl(); -- //qDebug()<<" str"<<str; -+ bool badUrl = false; -+ str = helper.getUrl(&badUrl); -+ if (badUrl) { -+ return helper.mText; -+ } - if (!str.isEmpty()) { - QString hyperlink; - if (str.left(4) == QLatin1String("www.")) { -@@ -464,7 +478,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: - - result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude); - } -- //qDebug()<<" result "<<result; - - return result; - } -diff --git a/src/lib/text/ktexttohtml_p.h b/src/lib/text/ktexttohtml_p.h -index 74ad7a0..fc43613 100644 ---- a/src/lib/text/ktexttohtml_p.h -+++ b/src/lib/text/ktexttohtml_p.h -@@ -49,7 +49,7 @@ public: - QString getEmailAddress(); - bool atUrl(); - bool isEmptyUrl(const QString &url); -- QString getUrl(); -+ QString getUrl(bool *badurl = Q_NULLPTR); - QString pngToDataUrl(const QString &pngPath); - QString highlightedText(); - --- -2.7.3 - diff --git a/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild b/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild deleted file mode 100644 index ebb5cd8d7bf5..000000000000 --- a/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=6 - -inherit kde5 - -DESCRIPTION="Framework for solving common problems such as caching, randomisation, and more" -LICENSE="LGPL-2+" -KEYWORDS="~amd64 ~arm ~x86" -IUSE="fam nls" - -RDEPEND=" - $(add_qt_dep qtcore 'icu') - fam? ( virtual/fam ) - !<kde-frameworks/kservice-5.2.0:5 -" -DEPEND="${RDEPEND} - x11-misc/shared-mime-info - nls? ( $(add_qt_dep linguist-tools) ) -" - -PATCHES=( "${FILESDIR}/${P}-CVE-2016-7966.patch" ) - -src_configure() { - local mycmakeargs=( - -D_KDE4_DEFAULT_HOME_POSTFIX=4 - $(cmake-utils_use_find_package fam FAM) - ) - - kde5_src_configure -} |