community/kde-frameworks: upgrade to 5.61.0

2 files changed, 4 insertions, 153 deletions

diff --git a/community/kconfig/APKBUILD b/community/kconfig/APKBUILD
index 1fd51bfbcf..2f9c3034dd 100644
--- a/community/kconfig/APKBUILD
+++ b/community/kconfig/APKBUILD
@@ -1,16 +1,15 @@
 # Contributor: Bart Ribbers <bribbers@disroot.org>
 # Maintainer: Bart Ribbers <bribbers@disroot.org>
 pkgname=kconfig
-pkgver=5.60.0
-pkgrel=1
+pkgver=5.61.0
+pkgrel=0
 pkgdesc="Configuration system"
 arch="all"
 url="https://community.kde.org/Frameworks"
 license="LGPL-2.0-or-later AND LGPL-2.0-only AND LGPL-2.1-or-later"
 makedepends="extra-cmake-modules qt5-qttools-dev doxygen"
 checkdepends="xvfb-run"
-source="https://download.kde.org/stable/frameworks/${pkgver%.*}/$pkgname-$pkgver.tar.xz
-	CVE-2019-14744.patch"
+source="https://download.kde.org/stable/frameworks/${pkgver%.*}/$pkgname-$pkgver.tar.xz"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
 
 # secfixes:
@@ -34,5 +33,4 @@ package() {
 	DESTDIR="$pkgdir" make install
 }
 
-sha512sums="76aa15e9e1630c687ff7cc6b77060c74472f307442d07ae09d5f4aa61d7b6f29f3f1d270218c6d7fea8e86eb9dda43c96821d19d827a781c7f71da6135d98753  kconfig-5.60.0.tar.xz
-0265a6e02e1ac6a7bb30e75eb169c83a69237e2dd2f80a4be18b47ecd758aa27dbcecc45d2e18a52df049b32313dfd5b5432bfcfa39611279194d2c9b48dc35e  CVE-2019-14744.patch"
+sha512sums="38a1e9d4cfc1ca692b9721c56536cb8f19cbd3b75ec9ccb400c811dddcefe78f5147d6fccc99a4202aa78ab9d1a68028312c7202103397164983bd02f59fd705  kconfig-5.61.0.tar.xz"
diff --git a/community/kconfig/CVE-2019-14744.patch b/community/kconfig/CVE-2019-14744.patch
deleted file mode 100644
index e8a799ca5d..0000000000
--- a/community/kconfig/CVE-2019-14744.patch
+++ /dev/null
@@ -1,147 +0,0 @@
-From 5d3e71b1d2ecd2cb2f910036e614ffdfc895aa22 Mon Sep 17 00:00:00 2001
-From: David Faure <faure@kde.org>
-Date: Wed, 7 Aug 2019 09:35:36 +0200
-Subject: Security: remove support for $(...) in config keys with [$e] marker.
-
-Summary:
-It is very unclear at this point what a valid use case for this feature
-would possibly be. The old documentation only mentions $(hostname) as
-an example, which can be done with $HOSTNAME instead.
-
-Note that $(...) is still supported in Exec lines of desktop files,
-this does not require [$e] anyway (and actually works better without it,
-otherwise the $ signs need to be doubled to obey kconfig $e escaping rules...).
-
-Test Plan:
-ctest passes; various testcases with $(...) in desktop files,
-directory files, and config files, no longer execute commands.
-
-Reviewers: mdawson, aacid, broulik, davidedmundson, kossebau, apol, sitter, security-team
-
-Reviewed By: mdawson, davidedmundson
-
-Subscribers: ZaWertun, rikmills, fvogt, ngraham, kde-frameworks-devel
-
-Tags: #frameworks
-
-Differential Revision: https://phabricator.kde.org/D22979
----
- autotests/kconfigtest.cpp | 10 ++--------
- docs/options.md           | 11 ++++-------
- src/core/kconfig.cpp      | 37 +------------------------------------
- 3 files changed, 7 insertions(+), 51 deletions(-)
-
-diff --git a/autotests/kconfigtest.cpp b/autotests/kconfigtest.cpp
-index 410b5b8..9af3b46 100644
---- a/autotests/kconfigtest.cpp
-+++ b/autotests/kconfigtest.cpp
-@@ -38,7 +38,7 @@
- #include <utime.h>
- #endif
- #ifndef Q_OS_WIN
--#include <unistd.h> // gethostname
-+#include <unistd.h> // getuid
- #endif
- 
- KCONFIGGROUP_DECLARE_ENUM_QOBJECT(KConfigTest, Testing)
-@@ -546,14 +546,8 @@ void KConfigTest::testPath()
-     QCOMPARE(group.readPathEntry("withBraces", QString()), QString("file://" + HOMEPATH));
-     QVERIFY(group.hasKey("URL"));
-     QCOMPARE(group.readEntry("URL", QString()), QString("file://" + HOMEPATH));
--#if !defined(Q_OS_WIN32) && !defined(Q_OS_MAC)
--    // I don't know if this will work on windows
--    // This test hangs on OS X
-     QVERIFY(group.hasKey("hostname"));
--    char hostname[256];
--    QVERIFY(::gethostname(hostname, sizeof(hostname)) == 0);
--    QCOMPARE(group.readEntry("hostname", QString()), QString::fromLatin1(hostname));
--#endif
-+    QCOMPARE(group.readEntry("hostname", QString()), QStringLiteral("(hostname)")); // the $ got removed because empty var name
-     QVERIFY(group.hasKey("noeol"));
-     QCOMPARE(group.readEntry("noeol", QString()), QString("foo"));
- 
-diff --git a/docs/options.md b/docs/options.md
-index c634c00..4a6e9bc 100644
---- a/docs/options.md
-+++ b/docs/options.md
-@@ -67,18 +67,15 @@ environment variables (and `XDG_CONFIG_HOME` in particular).
- Shell Expansion
- ---------------
- 
--If an entry is marked with `$e`, environment variables and shell commands will
--be expanded.
-+If an entry is marked with `$e`, environment variables will be expanded.
- 
-     Name[$e]=$USER
--    Host[$e]=$(hostname)
- 
- When the "Name" entry is read `$USER` will be replaced with the value of the
--`$USER` environment variable, and `$(hostname)` will be replaced with the output
--of the `hostname` command.
-+`$USER` environment variable.
- 
--Note that the application will replace `$USER` and `$(hostname)` with their
--respective expanded values after saving. To prevent this combine the `$e` option
-+Note that the application will replace `$USER` with its
-+expanded value after saving. To prevent this combine the `$e` option
- with `$i` (immmutable) option.  For example:
- 
-     Name[$ei]=$USER
-diff --git a/src/core/kconfig.cpp b/src/core/kconfig.cpp
-index e1b11ed..f6824ce 100644
---- a/src/core/kconfig.cpp
-+++ b/src/core/kconfig.cpp
-@@ -28,19 +28,6 @@
- #include <cstdlib>
- #include <fcntl.h>
- 
--#ifdef _MSC_VER
--static inline FILE *popen(const char *cmd, const char *mode)
--{
--    return _popen(cmd, mode);
--}
--static inline int pclose(FILE *stream)
--{
--    return _pclose(stream);
--}
--#else
--#include <unistd.h>
--#endif
--
- #include "kconfigbackend_p.h"
- #include "kconfiggroup.h"
- 
-@@ -183,29 +170,7 @@ QString KConfigPrivate::expandString(const QString &value)
-     int nDollarPos = aValue.indexOf(QLatin1Char('$'));
-     while (nDollarPos != -1 && nDollarPos + 1 < aValue.length()) {
-         // there is at least one $
--        if (aValue[nDollarPos + 1] == QLatin1Char('(')) {
--            int nEndPos = nDollarPos + 1;
--            // the next character is not $
--            while ((nEndPos <= aValue.length()) && (aValue[nEndPos] != QLatin1Char(')'))) {
--                nEndPos++;
--            }
--            nEndPos++;
--            QString cmd = aValue.mid(nDollarPos + 2, nEndPos - nDollarPos - 3);
--
--            QString result;
--
--// FIXME: wince does not have pipes
--#ifndef _WIN32_WCE
--            FILE *fs = popen(QFile::encodeName(cmd).data(), "r");
--            if (fs) {
--                QTextStream ts(fs, QIODevice::ReadOnly);
--                result = ts.readAll().trimmed();
--                pclose(fs);
--            }
--#endif
--            aValue.replace(nDollarPos, nEndPos - nDollarPos, result);
--            nDollarPos += result.length();
--        } else if (aValue[nDollarPos + 1] != QLatin1Char('$')) {
-+        if (aValue[nDollarPos + 1] != QLatin1Char('$')) {
-             int nEndPos = nDollarPos + 1;
-             // the next character is not $
-             QStringRef aVarName;
--- 
-cgit v1.1
-