gentoo resync : 28.04.2021

author: V3n3RiX <venerix@redcorelinux.org> 2021-04-28 20:21:43 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2021-04-28 20:21:43 +0100
commit: 40aaaa64e86ba6710bbeb31c4615a6ce80e75e11 (patch)
tree: 758c221bad35c9288d0bd6df9c7dfc226728e52c /kde-plasma/discover
parent: 8d5dbd847cbc704a6a06405856e94b461011afe3 (diff)
5 files changed, 88 insertions, 3 deletions
diff --git a/kde-plasma/discover/Manifest b/kde-plasma/discover/Manifest
index d3d886ce7038..cbe8e25c9ec5 100644
--- a/kde-plasma/discover/Manifest
+++ b/kde-plasma/discover/Manifest
@@ -1,5 +1,7 @@
+AUX discover-5.20.5-CVE-2021-28117.patch 1434 BLAKE2B c31d0032cdfe3f8d96ad5e7f736c92c2dfcd6cc8e2b8c9b9e90a4a3d41159d961b80427d14ff6a22caa06e6dbdc17535be6243180d439e04879bbd957309859c SHA512 1059cce1be5f8f24a4345488c60decb2e4782fdc11f02ef625111164b6f8b32343528282ec4d03a015e36aa076cd6f9fcfa24e9b7d5c02fe25295cf03c7511a3
+AUX discover-5.21.4-missing-link.patch 2141 BLAKE2B 23b81f9f4e0daa05183ed3a31e98d8c1f3ac3ecfdb08511c3fb14bbf726a14086c5c834d3c7b7cc3f575500eb86f4cc85e141c48361597329a62c47c45807956 SHA512 f8201dad0e00e1a36338ab9dc956cd1baa7268ce4dd23c3d2b5a7ba9c9922da216697115396b7c32c3656faa60a107da62343af3b7a250d64e6d51c43768a9ae
 DIST discover-5.20.5.tar.xz 10305280 BLAKE2B fe47718014d420947c1509577e28ec642ccdc975d2b9fa6d2000bfd190880aff4fa1f2ca4597a77980995209847647cc5fb5963bb1c0a88a8010fc1b198c49b7 SHA512 e33f1027a09c8c7733c0b9da81ee82f0c90237c736435ad93cfdb127d79e0ddee0d4d8214774032c81a4078613d278688f0fddbf287aa03a5192cfcdb1eeffa7
-DIST discover-5.21.3.tar.xz 8425596 BLAKE2B c56dbafbbbc5aceb5915d39ed291e262af6d6fc713b7ed683d775c7f12a4faac501a4cad7e3d908268101b5789090c14902d37f0b67f608d5c6dff1d5c015493 SHA512 871bc2cdc7d628f76ce18a391899864344e1db1077bb29c91526ca38680f32f280c18199850418b9fadf62a682fce4fa4d94ab2177986fd4e9d99fdf3d9d824a
-EBUILD discover-5.20.5.ebuild 2090 BLAKE2B 1827c172905a2f72feff67fe2c2581fb4e5de133b04b5ecc07ef9bbff64e321954f5a23f072ed3c58d528540f50bd99f02a781239319fca55d0a98b206b0adb8 SHA512 1c4f19424f1403912d9a2ada4b001e7bd67924393c3f4ecde7199674d0b7dc130362fced07ad684955c6cc3a2a94b412948fed762e9c0ee7d7e3eba4817f5687
-EBUILD discover-5.21.3.ebuild 2143 BLAKE2B e283005809d09d563e2c29f860354b7fa790902c071c97e82311ee64f9af7a7f600e4091f6fa9501a083a3b69e6eeeee21e38c00c287fa77f517dd8aaa675275 SHA512 b8360c3ad884f3713afc9f110eb4a65d92883f7a809885a9a99571e7ea1bfabfec50d2285812cb110b0788a8cf9b6a94daa232e766912351f8aea6ee5e9b807c
+DIST discover-5.21.4.tar.xz 8425820 BLAKE2B ebaa1742e2f4571530aa47f1c82f56f53992fb1ee1b96467cae2a71c5ec43e2ad344c0157d8ea664e8d9d3727a2b61407a904e28935dbe47f70a72514f854645 SHA512 8389cc2328935fc6556e47d4221ee2c2a7122dd4d9bb78cb61073832304438be7598f122d6838964ac5b01c9f33d8bd94809087c3b64381a2c83099a641a346e
+EBUILD discover-5.20.5-r1.ebuild 2156 BLAKE2B c42d272b725c7aa53583682394dc7be444145cde58f67c25ec1cf7857c5d402609d53fd13a53faab01b84e119007db5791859a2131927449c24a33236ec8a46f SHA512 59c70091143747bb0fc150e16c8aa46a5a0a464761abeccadda0e315d977d51bf99e4fd196084cf51a854d95ae943fe9cce2ae02ed04997c9a887909d0e26e5b
+EBUILD discover-5.21.4.ebuild 2284 BLAKE2B c08b37b3fa5b49f6bc57362d4f24e39f354249fd91d7fde2bcf34a7c87bd16a0de16b2c7e7075f93af591670dc9cbe6188138a4120d7fedc4b02557a3e648675 SHA512 b55aa627427be6deb6f2ad334df49cd4f4c7efeb7fc3454c8800c69e98956e55905b7b087344354fc09dde2b7d7352d2e42eee6eec1ad4a4ce21608abc47204b
 MISC metadata.xml 468 BLAKE2B cd98862045ebe78aecaf3dc74526afd4ff2bd377816993e2a0aa4d61cd4f14f7b3e5779d5892244233cbef03b9aba6404aa9fe9aa161f2fc868e369df6ea626f SHA512 a8807c50a9ab4b8e9fe2876fe159a3880bbaeb36a84ad7e7fed55cf6367b1c17ed7e0af135a579685bd4a5d8b550f38b240ac31c00e463befc22de35fd67b2ff
diff --git a/kde-plasma/discover/discover-5.20.5.ebuild b/kde-plasma/discover/discover-5.20.5-r1.ebuild
index 6acdfc13dd6a..bf393487d62e 100644
--- a/kde-plasma/discover/discover-5.20.5.ebuild
+++ b/kde-plasma/discover/discover-5.20.5-r1.ebuild
@@ -53,6 +53,8 @@ RDEPEND="${DEPEND}
 	>=kde-frameworks/kirigami-${KFMIN}:5
 "
 
+PATCHES=( "${FILESDIR}/${P}-CVE-2021-28117.patch" ) # bug 777777
+
 src_prepare() {
 	ecm_src_prepare
 	# we don't need it with PackageKitBackend off
diff --git a/kde-plasma/discover/discover-5.21.3.ebuild b/kde-plasma/discover/discover-5.21.4.ebuild
index 1b2b39717b58..2c50bd9597f0 100644
--- a/kde-plasma/discover/discover-5.21.3.ebuild
+++ b/kde-plasma/discover/discover-5.21.4.ebuild
@@ -28,6 +28,7 @@ DEPEND="
 	>=dev-qt/qtx11extras-${QTMIN}:5
 	>=dev-qt/qtxml-${QTMIN}:5
 	>=kde-frameworks/attica-${KFMIN}:5
+	>=kde-frameworks/kcmutils-${KFMIN}:5
 	>=kde-frameworks/kconfig-${KFMIN}:5
 	>=kde-frameworks/kconfigwidgets-${KFMIN}:5
 	>=kde-frameworks/kcoreaddons-${KFMIN}:5
@@ -35,6 +36,7 @@ DEPEND="
 	>=kde-frameworks/kdbusaddons-${KFMIN}:5
 	>=kde-frameworks/kdeclarative-${KFMIN}:5
 	>=kde-frameworks/ki18n-${KFMIN}:5
+	>=kde-frameworks/kidletime-${KFMIN}:5
 	>=kde-frameworks/kio-${KFMIN}:5
 	>=kde-frameworks/kirigami-${KFMIN}:5
 	>=kde-frameworks/kitemmodels-${KFMIN}:5
@@ -54,6 +56,8 @@ RDEPEND="${DEPEND}
 	>=kde-frameworks/kirigami-${KFMIN}:5
 "
 
+PATCHES=( "${FILESDIR}/${P}-missing-link.patch" ) # bug 785457
+
 src_prepare() {
 	ecm_src_prepare
 	# we don't need it with PackageKitBackend off
diff --git a/kde-plasma/discover/files/discover-5.20.5-CVE-2021-28117.patch b/kde-plasma/discover/files/discover-5.20.5-CVE-2021-28117.patch
new file mode 100644
index 000000000000..1a2685dbc8d1
--- /dev/null
+++ b/kde-plasma/discover/files/discover-5.20.5-CVE-2021-28117.patch
@@ -0,0 +1,28 @@
+From 94478827aab63d2e2321f0ca9ec5553718798e60 Mon Sep 17 00:00:00 2001
+From: Aleix Pol <aleixpol@kde.org>
+Date: Wed, 10 Mar 2021 21:48:53 +0100
+Subject: [PATCH] Only turn http[s] links into clickable links
+
+CVE-2021-28117
+
+(cherry picked from commit d375031ff0262cedac7d6ee2b26d6a164ddebb67)
+---
+ libdiscover/backends/KNSBackend/KNSResource.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libdiscover/backends/KNSBackend/KNSResource.cpp b/libdiscover/backends/KNSBackend/KNSResource.cpp
+index 4394d5df..f7670c55 100644
+--- a/libdiscover/backends/KNSBackend/KNSResource.cpp
++++ b/libdiscover/backends/KNSBackend/KNSResource.cpp
+@@ -87,7 +87,7 @@ QString KNSResource::longDescription()
+     ret.remove(QRegularExpression(QStringLiteral("\\[\\/?[a-z]*\\]")));
+     // Find anything that looks like a link (but which also is not some html
+     // tag value or another already) and make it a link
+-    static const QRegularExpression urlRegExp(QStringLiteral("(^|\\s)([-a-zA-Z0-9@:%_\\+.~#?&//=]{2,256}\\.[a-z]{2,4}\\b(\\/[-a-zA-Z0-9@:;%_\\+.~#?&//=]*)?)"), QRegularExpression::CaseInsensitiveOption);
++    static const QRegularExpression urlRegExp(QStringLiteral("(^|\\s)(http[-a-zA-Z0-9@:%_\\+.~#?&//=]{2,256}\\.[a-z]{2,4}\\b(\\/[-a-zA-Z0-9@:;%_\\+.~#?&//=]*)?)"), QRegularExpression::CaseInsensitiveOption);
+     ret.replace(urlRegExp, QStringLiteral("<a href=\"\\2\">\\2</a>"));
+     return ret;
+ }
+-- 
+GitLab
+
diff --git a/kde-plasma/discover/files/discover-5.21.4-missing-link.patch b/kde-plasma/discover/files/discover-5.21.4-missing-link.patch
new file mode 100644
index 000000000000..c8c8b152ea7c
--- /dev/null
+++ b/kde-plasma/discover/files/discover-5.21.4-missing-link.patch
@@ -0,0 +1,49 @@
+From 3c578beeb5d3748d9fdacae4ace42fe6098d9184 Mon Sep 17 00:00:00 2001
+From: Andreas Sturmlechner <asturm@gentoo.org>
+Date: Sun, 25 Apr 2021 00:26:12 +0200
+Subject: [PATCH] Add missing Qt5Concurrent to target_link_libraries
+
+This was working as long as it was implicitly provided by KIO.
+Other backends are fine.
+
+Fixes:
+- DiscoverCommon w/ AppStreamQt
+- packagekit-backend
+
+See also: https://invent.kde.org/frameworks/kio/-/merge_requests/426
+
+Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
+---
+ libdiscover/CMakeLists.txt                            | 2 +-
+ libdiscover/backends/PackageKitBackend/CMakeLists.txt | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libdiscover/CMakeLists.txt b/libdiscover/CMakeLists.txt
+index 1097ea84..3e2a6c9c 100644
+--- a/libdiscover/CMakeLists.txt
++++ b/libdiscover/CMakeLists.txt
+@@ -48,7 +48,7 @@ if(TARGET AppStreamQt)
+         appstream/AppStreamIntegration.cpp
+         appstream/AppStreamUtils.cpp
+     )
+-    target_link_libraries(DiscoverCommon PRIVATE AppStreamQt)
++    target_link_libraries(DiscoverCommon PRIVATE Qt5::Concurrent AppStreamQt)
+ 
+     if(AppStreamQt_VERSION VERSION_GREATER 0.12.4)
+         target_compile_definitions(DiscoverCommon PRIVATE -DAPPSTREAM_HAS_SPDX=1)
+diff --git a/libdiscover/backends/PackageKitBackend/CMakeLists.txt b/libdiscover/backends/PackageKitBackend/CMakeLists.txt
+index cfeb38f1..466dbc49 100644
+--- a/libdiscover/backends/PackageKitBackend/CMakeLists.txt
++++ b/libdiscover/backends/PackageKitBackend/CMakeLists.txt
+@@ -19,7 +19,7 @@ ecm_qt_declare_logging_category(packagekit-backend_SRCS HEADER libdiscover_backe
+ 
+ add_library(packagekit-backend MODULE ${packagekit-backend_SRCS})
+ 
+-target_link_libraries(packagekit-backend PRIVATE Discover::Common Qt5::Core PK::packagekitqt5 KF5::ConfigGui KF5::KIOCore KF5::Archive AppStreamQt)
++target_link_libraries(packagekit-backend PRIVATE Discover::Common Qt5::Core Qt5::Concurrent PK::packagekitqt5 KF5::ConfigGui KF5::KIOCore KF5::Archive AppStreamQt)
+ install(TARGETS packagekit-backend DESTINATION ${PLUGIN_INSTALL_DIR}/discover)
+ 
+ if(TARGET PkgConfig::Markdown)
+-- 
+2.31.1
+
author	V3n3RiX <venerix@redcorelinux.org>	2021-04-28 20:21:43 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2021-04-28 20:21:43 +0100
commit	40aaaa64e86ba6710bbeb31c4615a6ce80e75e11 (patch)
tree	758c221bad35c9288d0bd6df9c7dfc226728e52c /kde-plasma/discover
parent	8d5dbd847cbc704a6a06405856e94b461011afe3 (diff)