Bug#859420: unblock: kcoreaddons/5.28.0-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Dear release team,
I've backported three fixes in kcoreaddons for stretch that I consider
important enough, as they affect other programs or leak resources. The fixes
are:
+ Fix Bug 343275 - [1] added at the end of a hyperlink (e51bb21)
KDE#343275, this affects kmail composer insert hyperlink action
+ Fix Bug 363427 - unsafe characters incorrectly parsed as part of URL
(c6671aa) KDE#363427, this affects kmail when parsing an url the text
message
+ KDirWatch: fix memory leak on destruction (9e50bf2)
And uploaded 5.28.0-2 to unstable with this patches, also 5.28.0-2 already
built in all the release architectures.
I'm attaching the corresponding debdiff.
Happy hacking,
Please unblock package kcoreaddons
unblock kcoreaddons/5.28.0-2
-- System Information:
Debian Release: 9.0
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'testing'), (500, 'stable'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf
Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
diff -Nru kcoreaddons-5.28.0/debian/changelog kcoreaddons-5.28.0/debian/changelog
--- kcoreaddons-5.28.0/debian/changelog 2016-11-18 16:01:12.000000000 +0100
+++ kcoreaddons-5.28.0/debian/changelog 2017-03-31 15:53:53.000000000 +0200
@@ -1,3 +1,13 @@
+kcoreaddons (5.28.0-2) unstable; urgency=medium
+
+ * Add new upstream patch:
+ Fix-Bug-343275-1-added-at-the-end-of-a-hyperlink.patch
+ * Add new upstream patch:
+ Fix-Bug-363427-unsafe-characters-incorrectly-parsed-as-pa.patch
+ * Add new upstream patch: KDirWatch-fix-memory-leak-on-destruction.patch
+
+ -- Maximiliano Curia <maxy@debian.org> Fri, 31 Mar 2017 15:53:53 +0200
+
kcoreaddons (5.28.0-1) unstable; urgency=medium
[ Automatic packaging ]
diff -Nru kcoreaddons-5.28.0/debian/patches/Fix-Bug-343275-1-added-at-the-end-of-a-hyperlink.patch kcoreaddons-5.28.0/debian/patches/Fix-Bug-343275-1-added-at-the-end-of-a-hyperlink.patch
--- kcoreaddons-5.28.0/debian/patches/Fix-Bug-343275-1-added-at-the-end-of-a-hyperlink.patch 1970-01-01 01:00:00.000000000 +0100
+++ kcoreaddons-5.28.0/debian/patches/Fix-Bug-343275-1-added-at-the-end-of-a-hyperlink.patch 2017-03-31 15:53:53.000000000 +0200
@@ -0,0 +1,57 @@
+From: Montel Laurent <montel@kde.org>
+Date: Wed, 23 Nov 2016 08:07:25 +0100
+Subject: Fix Bug 343275 - [1] added at the end of a hyperlink
+
+FIXED-IN: 5.29
+BUG: 343275
+---
+ autotests/ktexttohtmltest.cpp | 5 +++++
+ src/lib/text/ktexttohtml.cpp | 6 ++++++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
+index ccac29a..f48a31c 100644
+--- a/autotests/ktexttohtmltest.cpp
++++ b/autotests/ktexttohtmltest.cpp
+@@ -411,6 +411,11 @@ void KTextToHTMLTest::testHtmlConvert_data()
+ QTest::newRow("url-exec-html-6") << "https://<IP>:/\"><script>alert(1);</script><!--\nTest2"
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+ << "https://<IP>:/"><script>alert(1);</script><!--\nTest2";
++
++
++ QTest::newRow("url-with-ref-in-[") << "https://www.kde.org[1]";
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
++ << "<a href=\"https://www.kde.org\";>https://www.kde.org</a>[1]";
+ }
+
+
+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp
+index 30e0b5d..ecc1d22 100644
+--- a/src/lib/text/ktexttohtml.cpp
++++ b/src/lib/text/ktexttohtml.cpp
+@@ -229,12 +229,15 @@ QString KTextToHTMLHelper::getUrl(bool *badurl)
+ int start = mPos;
+ bool previousCharIsSpace = false;
+ bool previousCharIsADoubleQuote = false;
++ bool previousIsAnAnchor = false;
+ while ((mPos < mText.length()) &&
+ (mText[mPos].isPrint() || mText[mPos].isSpace()) &&
+ ((afterUrl.isNull() && !mText[mPos].isSpace()) ||
+ (!afterUrl.isNull() && mText[mPos] != afterUrl))) {
+ if (mText[mPos].isSpace()) {
+ previousCharIsSpace = true;
++ } else if (!previousIsAnAnchor && mText[mPos] == QLatin1Char('[')) {
++ break;
+ } else { // skip whitespace
+ if (previousCharIsSpace && mText[mPos] == QLatin1Char('<')) {
+ url.append(QLatin1Char(' '));
+@@ -253,6 +256,9 @@ QString KTextToHTMLHelper::getUrl(bool *badurl)
+ } else {
+ previousCharIsADoubleQuote = false;
+ }
++ if (mText[mPos] == QLatin1Char('#')) {
++ previousIsAnAnchor = true;
++ }
+ url.append(mText[mPos]);
+ if (url.length() > mMaxUrlLen) {
+ break;
diff -Nru kcoreaddons-5.28.0/debian/patches/Fix-Bug-363427-unsafe-characters-incorrectly-parsed-as-pa.patch kcoreaddons-5.28.0/debian/patches/Fix-Bug-363427-unsafe-characters-incorrectly-parsed-as-pa.patch
--- kcoreaddons-5.28.0/debian/patches/Fix-Bug-363427-unsafe-characters-incorrectly-parsed-as-pa.patch 1970-01-01 01:00:00.000000000 +0100
+++ kcoreaddons-5.28.0/debian/patches/Fix-Bug-363427-unsafe-characters-incorrectly-parsed-as-pa.patch 2017-03-31 15:53:53.000000000 +0200
@@ -0,0 +1,43 @@
+From: Montel Laurent <montel@kde.org>
+Date: Tue, 17 Jan 2017 07:41:53 +0100
+Subject: Fix Bug 363427 - unsafe characters incorrectly parsed as part of URL
+
+Fix [Please visit our booth 24-25 http://example.com/]
+CCBUG:363427
+---
+ autotests/ktexttohtmltest.cpp | 8 ++++++++
+ src/lib/text/ktexttohtml.cpp | 2 ++
+ 2 files changed, 10 insertions(+)
+
+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
+index f48a31c..0c14623 100644
+--- a/autotests/ktexttohtmltest.cpp
++++ b/autotests/ktexttohtmltest.cpp
+@@ -416,6 +416,14 @@ void KTextToHTMLTest::testHtmlConvert_data()
+ QTest::newRow("url-with-ref-in-[") << "https://www.kde.org[1]";
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+ << "<a href=\"https://www.kde.org\";>https://www.kde.org</a>[1]";
++
++ QTest::newRow("url-with-ref-in-[2") << "[http://www.example.org/][whatever]";
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
++ << "[<a href=\"http://www.example.org/\";>http://www.example.org/</a>][whatever]";
++
++ QTest::newRow("url-with-ref-in-]") << "[Please visit our booth 24-25 http://example.com/]";
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
++ << "[Please visit our booth 24-25 <a href=\"http://example.com/\";>http://example.com/</a>]";
+ }
+
+
+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp
+index ecc1d22..d6c1f1c 100644
+--- a/src/lib/text/ktexttohtml.cpp
++++ b/src/lib/text/ktexttohtml.cpp
+@@ -238,6 +238,8 @@ QString KTextToHTMLHelper::getUrl(bool *badurl)
+ previousCharIsSpace = true;
+ } else if (!previousIsAnAnchor && mText[mPos] == QLatin1Char('[')) {
+ break;
++ } else if (!previousIsAnAnchor && mText[mPos] == QLatin1Char(']')) {
++ break;
+ } else { // skip whitespace
+ if (previousCharIsSpace && mText[mPos] == QLatin1Char('<')) {
+ url.append(QLatin1Char(' '));
diff -Nru kcoreaddons-5.28.0/debian/patches/KDirWatch-fix-memory-leak-on-destruction.patch kcoreaddons-5.28.0/debian/patches/KDirWatch-fix-memory-leak-on-destruction.patch
--- kcoreaddons-5.28.0/debian/patches/KDirWatch-fix-memory-leak-on-destruction.patch 1970-01-01 01:00:00.000000000 +0100
+++ kcoreaddons-5.28.0/debian/patches/KDirWatch-fix-memory-leak-on-destruction.patch 2017-03-31 15:53:53.000000000 +0200
@@ -0,0 +1,75 @@
+From: David Faure <faure@kde.org>
+Date: Sun, 5 Feb 2017 11:49:07 +0100
+Subject: KDirWatch: fix memory leak on destruction.
+
+Summary:
+The Entry class owns the Client instances, so it should delete the
+remaining instances in its destructor, for the case where they haven't
+been removed one by one. The line of code removeEntries(nullptr) was
+probably means to remove them one by one, but it was a no-op (the code
+for that method doesn't expect nullptr as argument) and it would be
+slow anyway. We don't need to call inotify_remove for every path,
+when we're just cleaning up in a global static after qApp destruction.
+
+Detected by a clang-sanitizer build on http://ci-logs.kde.flaska.net
+and reproduced locally with valgrind.
+
+Test Plan:
+./kdirwatch_*_unittest now passes in valgrind without memory
+leaks being reported
+
+Reviewers: aacid, mpyne
+
+Reviewed By: aacid, mpyne
+
+Subscribers: markg, #frameworks
+
+Tags: #frameworks
+
+Differential Revision: https://phabricator.kde.org/D4439
+---
+ src/lib/io/kdirwatch.cpp | 8 +++++---
+ src/lib/io/kdirwatch_p.h | 3 ++-
+ 2 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/src/lib/io/kdirwatch.cpp b/src/lib/io/kdirwatch.cpp
+index 241aeec..99da809 100644
+--- a/src/lib/io/kdirwatch.cpp
++++ b/src/lib/io/kdirwatch.cpp
+@@ -244,9 +244,6 @@ KDirWatchPrivate::~KDirWatchPrivate()
+ {
+ timer.stop();
+
+- /* remove all entries being watched */
+- removeEntries(0);
+-
+ #if HAVE_FAM
+ if (use_fam && sn) {
+ FAMClose(&fc);
+@@ -452,6 +449,11 @@ void KDirWatchPrivate::inotifyEventReceived()
+ #endif
+ }
+
++KDirWatchPrivate::Entry::~Entry()
++{
++ qDeleteAll(m_clients);
++}
++
+ /* In FAM mode, only entries which are marked dirty are scanned.
+ * We first need to mark all yet nonexistent, but possible created
+ * entries as dirty...
+diff --git a/src/lib/io/kdirwatch_p.h b/src/lib/io/kdirwatch_p.h
+index 8a7da91..33e2404 100644
+--- a/src/lib/io/kdirwatch_p.h
++++ b/src/lib/io/kdirwatch_p.h
+@@ -83,8 +83,9 @@ public:
+ class Entry
+ {
+ public:
++ ~Entry();
+ // instances interested in events
+- QList<Client *> m_clients;
++ QList<Client *> m_clients; // owned by Entry
+ // nonexistent entries of this directory
+ QList<Entry *> m_entries;
+ QString path;
diff -Nru kcoreaddons-5.28.0/debian/patches/series kcoreaddons-5.28.0/debian/patches/series
--- kcoreaddons-5.28.0/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ kcoreaddons-5.28.0/debian/patches/series 2017-03-31 15:53:53.000000000 +0200
@@ -0,0 +1,3 @@
+Fix-Bug-343275-1-added-at-the-end-of-a-hyperlink.patch
+Fix-Bug-363427-unsafe-characters-incorrectly-parsed-as-pa.patch
+KDirWatch-fix-memory-leak-on-destruction.patch
Reply to: