1 files changed, 0 insertions, 342 deletions

diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966-r1.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966-r1.patch
deleted file mode 100644
index 92e255a4007..00000000000
--- a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966-r1.patch
+++ /dev/null
@@ -1,342 +0,0 @@
-From 2a5142fecf8615ccfa3e7c1f9c088fa6ae5cc2a1 Mon Sep 17 00:00:00 2001
-From: Montel Laurent <montel@kde.org>
-Date: Wed, 21 Sep 2016 07:24:30 +0200
-Subject: [PATCH 1/2] Fix very old bug when we remove space in url as "foo
- <<url> <url>>"
-
----
- autotests/ktexttohtmltest.cpp | 14 ++++++++++++++
- src/lib/text/ktexttohtml.cpp  | 14 ++++++++++++--
- 2 files changed, 26 insertions(+), 2 deletions(-)
-
-diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
-index 474f0ca..8fc0c56 100644
---- a/autotests/ktexttohtmltest.cpp
-+++ b/autotests/ktexttohtmltest.cpp
-@@ -30,6 +30,15 @@ QTEST_MAIN(KTextToHTMLTest)
- 
- Q_DECLARE_METATYPE(KTextToHTML::Options)
- 
-+#ifndef Q_OS_WIN
-+void initLocale()
-+{
-+    setenv("LC_ALL", "en_US.utf-8", 1);
-+}
-+Q_CONSTRUCTOR_FUNCTION(initLocale)
-+#endif
-+
-+
- void KTextToHTMLTest::testGetEmailAddress()
- {
-     // empty input
-@@ -372,6 +381,11 @@ void KTextToHTMLTest::testHtmlConvert_data()
-     QTest::newRow("url-in-parenthesis-3") << "bla (http://www.kde.org - section 5.2)"
-                                           << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-                                           << "bla (<a href=\"http://www.kde.org\">http://www.kde.org</a> - section 5.2)";
-+    
-+   // Fix url as foo <<url> <url>> when we concatened them.
-+   QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>"
-+                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-+                               << "foo &lt;<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a>&lt;<a href=\"http://www.kde.org/\">http://www.kde.org/</a>&gt;&gt;";
- }
- 
- 
-diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp
-index 8ed923d..b181f56 100644
---- a/src/lib/text/ktexttohtml.cpp
-+++ b/src/lib/text/ktexttohtml.cpp
-@@ -228,11 +228,19 @@ QString KTextToHTMLHelper::getUrl()
- 
-         url.reserve(mMaxUrlLen);    // avoid allocs
-         int start = mPos;
-+        bool previousCharIsSpace = false;
-         while ((mPos < mText.length()) &&
-                 (mText[mPos].isPrint() || mText[mPos].isSpace()) &&
-                 ((afterUrl.isNull() && !mText[mPos].isSpace()) ||
-                  (!afterUrl.isNull() && mText[mPos] != afterUrl))) {
--            if (!mText[mPos].isSpace()) {     // skip whitespace
-+            if (mText[mPos].isSpace()) {
-+                previousCharIsSpace = true;
-+            } else { // skip whitespace
-+                if (previousCharIsSpace && mText[mPos] == QLatin1Char('<')) {
-+                    url.append(QLatin1Char(' '));
-+                    break;
-+                }
-+                previousCharIsSpace = false;
-                 url.append(mText[mPos]);
-                 if (url.length() > mMaxUrlLen) {
-                     break;
-@@ -267,7 +275,6 @@ QString KTextToHTMLHelper::getUrl()
-             }
-         } while (url.length() > 1);
-     }
--
-     return url;
- }
- 
-@@ -334,6 +341,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
-     QChar ch;
-     int x;
-     bool startOfLine = true;
-+    //qDebug()<<" plainText"<<plainText;
- 
-     for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length();
-             ++helper.mPos, ++x) {
-@@ -402,6 +410,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
-             const int start = helper.mPos;
-             if (!(flags & IgnoreUrls)) {
-                 str = helper.getUrl();
-+                //qDebug()<<" str"<<str;
-                 if (!str.isEmpty()) {
-                     QString hyperlink;
-                     if (str.left(4) == QLatin1String("www.")) {
-@@ -455,6 +464,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
- 
-         result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude);
-     }
-+    //qDebug()<<" result "<<result;
- 
-     return result;
- }
--- 
-2.7.3
-
-From aa9281b7f95ce970603645d79f6f275d1ae7d2ed Mon Sep 17 00:00:00 2001
-From: Montel Laurent <montel@kde.org>
-Date: Fri, 30 Sep 2016 13:21:45 +0200
-Subject: [PATCH 2/2] Don't convert as url an url which has a "
-
----
- autotests/ktexttohtmltest.cpp |  6 ++++++
- src/lib/text/ktexttohtml.cpp  | 25 +++++++++++++++++++------
- src/lib/text/ktexttohtml_p.h  |  2 +-
- 3 files changed, 26 insertions(+), 7 deletions(-)
-
-diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
-index 8fc0c56..c5690e8 100644
---- a/autotests/ktexttohtmltest.cpp
-+++ b/autotests/ktexttohtmltest.cpp
-@@ -386,6 +386,12 @@ void KTextToHTMLTest::testHtmlConvert_data()
-    QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>"
-                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-                                << "foo &lt;<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a>&lt;<a href=\"http://www.kde.org/\">http://www.kde.org/</a>&gt;&gt;";
-+
-+   //Fix url exploit
-+   QTest::newRow("url-exec-html") << "https://\"><!--"
-+                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-+                               << "https://\"><!--";
-+
- }
- 
- 
-diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp
-index b181f56..09b2483 100644
---- a/src/lib/text/ktexttohtml.cpp
-+++ b/src/lib/text/ktexttohtml.cpp
-@@ -156,7 +156,6 @@ bool KTextToHTMLHelper::atUrl()
-              (allowedSpecialChars.indexOf(mText[mPos - 1]) != -1))) {
-         return false;
-     }
--
-     QChar ch = mText[mPos];
-     return
-         (ch == QLatin1Char('h') && (mText.mid(mPos, 7) == QLatin1String("http://") ||
-@@ -192,7 +191,7 @@ bool KTextToHTMLHelper::isEmptyUrl(const QString &url)
-            url == QLatin1String("news://");
- }
- 
--QString KTextToHTMLHelper::getUrl()
-+QString KTextToHTMLHelper::getUrl(bool *badurl)
- {
-     QString url;
-     if (atUrl()) {
-@@ -229,6 +228,7 @@ QString KTextToHTMLHelper::getUrl()
-         url.reserve(mMaxUrlLen);    // avoid allocs
-         int start = mPos;
-         bool previousCharIsSpace = false;
-+        bool previousCharIsADoubleQuote = false;
-         while ((mPos < mText.length()) &&
-                 (mText[mPos].isPrint() || mText[mPos].isSpace()) &&
-                 ((afterUrl.isNull() && !mText[mPos].isSpace()) ||
-@@ -241,6 +241,18 @@ QString KTextToHTMLHelper::getUrl()
-                     break;
-                 }
-                 previousCharIsSpace = false;
-+                if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) {
-+                    //it's an invalid url
-+                    if (badurl) {
-+                        *badurl = true;
-+                    }
-+                    return QString();
-+                }
-+                if (mText[mPos] == QLatin1Char('"')) {
-+                    previousCharIsADoubleQuote = true;
-+                } else {
-+                    previousCharIsADoubleQuote = false;
-+                }
-                 url.append(mText[mPos]);
-                 if (url.length() > mMaxUrlLen) {
-                     break;
-@@ -341,7 +353,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
-     QChar ch;
-     int x;
-     bool startOfLine = true;
--    //qDebug()<<" plainText"<<plainText;
- 
-     for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length();
-             ++helper.mPos, ++x) {
-@@ -409,8 +420,11 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
-         } else {
-             const int start = helper.mPos;
-             if (!(flags & IgnoreUrls)) {
--                str = helper.getUrl();
--                //qDebug()<<" str"<<str;
-+                bool badUrl = false;
-+                str = helper.getUrl(&badUrl);
-+                if (badUrl) {
-+                    return helper.mText;
-+                }
-                 if (!str.isEmpty()) {
-                     QString hyperlink;
-                     if (str.left(4) == QLatin1String("www.")) {
-@@ -464,7 +478,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
- 
-         result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude);
-     }
--    //qDebug()<<" result "<<result;
- 
-     return result;
- }
-diff --git a/src/lib/text/ktexttohtml_p.h b/src/lib/text/ktexttohtml_p.h
-index 74ad7a0..fc43613 100644
---- a/src/lib/text/ktexttohtml_p.h
-+++ b/src/lib/text/ktexttohtml_p.h
-@@ -49,7 +49,7 @@ public:
-     QString getEmailAddress();
-     bool atUrl();
-     bool isEmptyUrl(const QString &url);
--    QString getUrl();
-+    QString getUrl(bool *badurl = Q_NULLPTR);
-     QString pngToDataUrl(const QString &pngPath);
-     QString highlightedText();
- 
--- 
-2.7.3
-
-From a06cef31cc4c908bc9b76bd9d103fe9c60e0953f Mon Sep 17 00:00:00 2001
-From: Montel Laurent <montel@kde.org>
-Date: Tue, 11 Oct 2016 11:11:08 +0200
-Subject: [PATCH] Add more autotests
-
----
- autotests/ktexttohtmltest.cpp | 15 +++++++++++++++
- 1 file changed, 15 insertions(+)
-
-diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
-index c5690e8..0179a00 100644
---- a/autotests/ktexttohtmltest.cpp
-+++ b/autotests/ktexttohtmltest.cpp
-@@ -392,6 +392,21 @@ void KTextToHTMLTest::testHtmlConvert_data()
-                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-                                << "https://\"><!--";
- 
-+   QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--"
-+                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-+                               << "https://192.168.1.1:\"><!--";
-+
-+   QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--"
-+                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-+                               << "https://<IP>:\"><!--";
-+
-+   QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--"
-+                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-+                               << "https://<IP>:/\"><!--";
-+
-+   QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--"
-+                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-+                               << "https://<IP>:/\"><script>alert(1);</script><!--";
- }
- 
- 
--- 
-2.7.3
-
-From 5e13d2439dbf540fdc840f0b0ab5b3ebf6642c6a Mon Sep 17 00:00:00 2001
-From: Montel Laurent <montel@kde.org>
-Date: Tue, 11 Oct 2016 11:40:10 +0200
-Subject: [PATCH] Display bad url
-
----
- autotests/ktexttohtmltest.cpp | 14 +++++++++-----
- src/lib/text/ktexttohtml.cpp  | 18 +++++++++++++++++-
- 2 files changed, 26 insertions(+), 6 deletions(-)
-
-diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
-index 0179a00..ccac29a 100644
---- a/autotests/ktexttohtmltest.cpp
-+++ b/autotests/ktexttohtmltest.cpp
-@@ -390,23 +390,27 @@ void KTextToHTMLTest::testHtmlConvert_data()
-    //Fix url exploit
-    QTest::newRow("url-exec-html") << "https://\"><!--"
-                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
--                               << "https://\"><!--";
-+                               << "https://&quot;&gt;&lt;!--";
- 
-    QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--"
-                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
--                               << "https://192.168.1.1:\"><!--";
-+                               << "https://192.168.1.1:&quot;&gt;&lt;!--";
- 
-    QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--"
-                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
--                               << "https://<IP>:\"><!--";
-+                               << "https://&lt;IP&gt;:&quot;&gt;&lt;!--";
- 
-    QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--"
-                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
--                               << "https://<IP>:/\"><!--";
-+                               << "https://&lt;IP&gt;:/&quot;&gt;&lt;!--";
- 
-    QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--"
-                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
--                               << "https://<IP>:/\"><script>alert(1);</script><!--";
-+                               << "https://&lt;IP&gt;:/&quot;&gt;&lt;script&gt;alert(1);&lt;/script&gt;&lt;!--";
-+
-+   QTest::newRow("url-exec-html-6") << "https://<IP>:/\"><script>alert(1);</script><!--\nTest2"
-+                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-+                               << "https://&lt;IP&gt;:/&quot;&gt;&lt;script&gt;alert(1);&lt;/script&gt;&lt;!--\nTest2";
- }
- 
- 
-diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp
-index 97c5eab..30e0b5d 100644
---- a/src/lib/text/ktexttohtml.cpp
-+++ b/src/lib/text/ktexttohtml.cpp
-@@ -423,7 +423,23 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
-                 bool badUrl = false;
-                 str = helper.getUrl(&badUrl);
-                 if (badUrl) {
--                    return helper.mText;
-+                    QString resultBadUrl;
-+                    const int helperTextSize(helper.mText.count());
-+                    for (int i = 0; i < helperTextSize; ++i) {
-+                        const QChar chBadUrl = helper.mText[i];
-+                        if (chBadUrl == QLatin1Char('&')) {
-+                            resultBadUrl += QLatin1String("&amp;");
-+                        } else if (chBadUrl == QLatin1Char('"')) {
-+                            resultBadUrl += QLatin1String("&quot;");
-+                        } else if (chBadUrl == QLatin1Char('<')) {
-+                            resultBadUrl += QLatin1String("&lt;");
-+                        } else if (chBadUrl == QLatin1Char('>')) {
-+                            resultBadUrl += QLatin1String("&gt;");
-+                        } else {
-+                            resultBadUrl += chBadUrl;
-+                        }
-+                    }
-+                    return resultBadUrl;
-                 }
-                 if (!str.isEmpty()) {
-                     QString hyperlink;
--- 
-2.7.3
-