gentoo resync : 28.04.2021

author: V3n3RiX <venerix@redcorelinux.org> 2021-04-28 20:21:43 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2021-04-28 20:21:43 +0100
commit: 40aaaa64e86ba6710bbeb31c4615a6ce80e75e11 (patch)
tree: 758c221bad35c9288d0bd6df9c7dfc226728e52c /kde-plasma/discover/files
parent: 8d5dbd847cbc704a6a06405856e94b461011afe3 (diff)
2 files changed, 77 insertions, 0 deletions
diff --git a/kde-plasma/discover/files/discover-5.20.5-CVE-2021-28117.patch b/kde-plasma/discover/files/discover-5.20.5-CVE-2021-28117.patch
new file mode 100644
index 000000000000..1a2685dbc8d1
--- /dev/null
+++ b/kde-plasma/discover/files/discover-5.20.5-CVE-2021-28117.patch
@@ -0,0 +1,28 @@
+From 94478827aab63d2e2321f0ca9ec5553718798e60 Mon Sep 17 00:00:00 2001
+From: Aleix Pol <aleixpol@kde.org>
+Date: Wed, 10 Mar 2021 21:48:53 +0100
+Subject: [PATCH] Only turn http[s] links into clickable links
+
+CVE-2021-28117
+
+(cherry picked from commit d375031ff0262cedac7d6ee2b26d6a164ddebb67)
+---
+ libdiscover/backends/KNSBackend/KNSResource.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libdiscover/backends/KNSBackend/KNSResource.cpp b/libdiscover/backends/KNSBackend/KNSResource.cpp
+index 4394d5df..f7670c55 100644
+--- a/libdiscover/backends/KNSBackend/KNSResource.cpp
++++ b/libdiscover/backends/KNSBackend/KNSResource.cpp
+@@ -87,7 +87,7 @@ QString KNSResource::longDescription()
+     ret.remove(QRegularExpression(QStringLiteral("\\[\\/?[a-z]*\\]")));
+     // Find anything that looks like a link (but which also is not some html
+     // tag value or another already) and make it a link
+-    static const QRegularExpression urlRegExp(QStringLiteral("(^|\\s)([-a-zA-Z0-9@:%_\\+.~#?&//=]{2,256}\\.[a-z]{2,4}\\b(\\/[-a-zA-Z0-9@:;%_\\+.~#?&//=]*)?)"), QRegularExpression::CaseInsensitiveOption);
++    static const QRegularExpression urlRegExp(QStringLiteral("(^|\\s)(http[-a-zA-Z0-9@:%_\\+.~#?&//=]{2,256}\\.[a-z]{2,4}\\b(\\/[-a-zA-Z0-9@:;%_\\+.~#?&//=]*)?)"), QRegularExpression::CaseInsensitiveOption);
+     ret.replace(urlRegExp, QStringLiteral("<a href=\"\\2\">\\2</a>"));
+     return ret;
+ }
+-- 
+GitLab
+
diff --git a/kde-plasma/discover/files/discover-5.21.4-missing-link.patch b/kde-plasma/discover/files/discover-5.21.4-missing-link.patch
new file mode 100644
index 000000000000..c8c8b152ea7c
--- /dev/null
+++ b/kde-plasma/discover/files/discover-5.21.4-missing-link.patch
@@ -0,0 +1,49 @@
+From 3c578beeb5d3748d9fdacae4ace42fe6098d9184 Mon Sep 17 00:00:00 2001
+From: Andreas Sturmlechner <asturm@gentoo.org>
+Date: Sun, 25 Apr 2021 00:26:12 +0200
+Subject: [PATCH] Add missing Qt5Concurrent to target_link_libraries
+
+This was working as long as it was implicitly provided by KIO.
+Other backends are fine.
+
+Fixes:
+- DiscoverCommon w/ AppStreamQt
+- packagekit-backend
+
+See also: https://invent.kde.org/frameworks/kio/-/merge_requests/426
+
+Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
+---
+ libdiscover/CMakeLists.txt                            | 2 +-
+ libdiscover/backends/PackageKitBackend/CMakeLists.txt | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libdiscover/CMakeLists.txt b/libdiscover/CMakeLists.txt
+index 1097ea84..3e2a6c9c 100644
+--- a/libdiscover/CMakeLists.txt
++++ b/libdiscover/CMakeLists.txt
+@@ -48,7 +48,7 @@ if(TARGET AppStreamQt)
+         appstream/AppStreamIntegration.cpp
+         appstream/AppStreamUtils.cpp
+     )
+-    target_link_libraries(DiscoverCommon PRIVATE AppStreamQt)
++    target_link_libraries(DiscoverCommon PRIVATE Qt5::Concurrent AppStreamQt)
+ 
+     if(AppStreamQt_VERSION VERSION_GREATER 0.12.4)
+         target_compile_definitions(DiscoverCommon PRIVATE -DAPPSTREAM_HAS_SPDX=1)
+diff --git a/libdiscover/backends/PackageKitBackend/CMakeLists.txt b/libdiscover/backends/PackageKitBackend/CMakeLists.txt
+index cfeb38f1..466dbc49 100644
+--- a/libdiscover/backends/PackageKitBackend/CMakeLists.txt
++++ b/libdiscover/backends/PackageKitBackend/CMakeLists.txt
+@@ -19,7 +19,7 @@ ecm_qt_declare_logging_category(packagekit-backend_SRCS HEADER libdiscover_backe
+ 
+ add_library(packagekit-backend MODULE ${packagekit-backend_SRCS})
+ 
+-target_link_libraries(packagekit-backend PRIVATE Discover::Common Qt5::Core PK::packagekitqt5 KF5::ConfigGui KF5::KIOCore KF5::Archive AppStreamQt)
++target_link_libraries(packagekit-backend PRIVATE Discover::Common Qt5::Core Qt5::Concurrent PK::packagekitqt5 KF5::ConfigGui KF5::KIOCore KF5::Archive AppStreamQt)
+ install(TARGETS packagekit-backend DESTINATION ${PLUGIN_INSTALL_DIR}/discover)
+ 
+ if(TARGET PkgConfig::Markdown)
+-- 
+2.31.1
+
author	V3n3RiX <venerix@redcorelinux.org>	2021-04-28 20:21:43 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2021-04-28 20:21:43 +0100
commit	40aaaa64e86ba6710bbeb31c4615a6ce80e75e11 (patch)
tree	758c221bad35c9288d0bd6df9c7dfc226728e52c /kde-plasma/discover/files
parent	8d5dbd847cbc704a6a06405856e94b461011afe3 (diff)