Bug#1107943: unblock: kweathercore/25.04.2-1
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: kweathercore@packages.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Control: affects -1 + src:kweathercore
User: release.debian.org@packages.debian.org
Usertags: unblock
Dear Release Team,
please unblock package kweathercore.
[ Reason ]
It contains the following changes:
* New upstream release (25.04.1).
- Harden the CAP polygon parser against creative input.
- Fix: Add virtual destructor for ReplyPrivate.
[ Tests ]
- Upstream test suite passes in sbuild.
[ Risks ]
Upstream point releases only contain targetted commits. Further fixes
can easily be backported or the changes reverted.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
Thanks!
unblock kweathercore/25.04.2-1
diff -Nru kweathercore-25.04.0/autotests/capdata/il-488abaaf-cad5-4d2b-93b2-703016878453.xml kweathercore-25.04.2/autotests/capdata/il-488abaaf-cad5-4d2b-93b2-703016878453.xml
--- kweathercore-25.04.0/autotests/capdata/il-488abaaf-cad5-4d2b-93b2-703016878453.xml 1970-01-01 01:00:00.000000000 +0100
+++ kweathercore-25.04.2/autotests/capdata/il-488abaaf-cad5-4d2b-93b2-703016878453.xml 2025-06-02 22:02:13.000000000 +0200
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes" ?>
+<alert xmlns="urn:oasis:names:tc:emergency:cap:1.2">
+ <identifier>2.49.0.0.376.0.250306145512.48636</identifier>
+ <sender>ims.gov.il</sender>
+ <sent>2025-03-06T14:55:12+02:00</sent>
+ <status>Actual</status>
+ <msgType>Alert</msgType>
+ <scope>Public</scope>
+ <info>
+ <language>en-GB</language>
+ <category>Met</category>
+ <event>FLOOD</event>
+ <urgency>Future</urgency>
+ <severity>Severe</severity>
+ <certainty>Possible</certainty>
+ <effective>2025-03-06T14:55:12+02:00</effective>
+ <onset>2025-03-06T22:00:00+02:00</onset>
+ <expires>2025-03-07T14:00:00+02:00</expires>
+ <senderName>Israel Meteorological Service</senderName>
+ <headline>Flash Floods</headline>
+ <description>Yellow Early Warning of FLASH FLOODS in Judea Desert Dead Sea, in North Eastern Negev and in Northern Arava from 06/03 22 until 07/03 14 LT. For further details: https://ims.gov.il/he/IMSwarnings .</description>
+ <web>https://ims.gov.il/en/IMSWarnings</web>
+ <parameter>
+ <valueName>awareness_level</valueName>
+ <value>2; yellow; Moderate</value>
+ </parameter>
+ <parameter>
+ <valueName>awareness_type</valueName>
+ <value>12; flooding</value>
+ </parameter>
+ <area>
+ <areaDesc>South Judea Desert Dead Sea</areaDesc>
+ <polygon/>
+ <geocode>
+ <valueName>EMMA_ID</valueName>
+ <value>IL043</value>
+ </geocode>
+ </area>
+ <area>
+ <areaDesc>North Eastern Negev</areaDesc>
+ <polygon/>
+ <geocode>
+ <valueName>EMMA_ID</valueName>
+ <value>IL042</value>
+ </geocode>
+ </area>
+ <area>
+ <areaDesc>Northern Arava</areaDesc>
+ <polygon/>
+ <geocode>
+ <valueName>EMMA_ID</valueName>
+ <value>IL045</value>
+ </geocode>
+ </area>
+ </info>
+ <info>
+ <language>he-IL</language>
+ <category>Met</category>
+ <event>FLOOD</event>
+ <urgency>Future</urgency>
+ <severity>Severe</severity>
+ <certainty>Possible</certainty>
+ <effective>2025-03-06T14:55:12+02:00</effective>
+ <onset>2025-03-06T22:00:00+02:00</onset>
+ <expires>2025-03-07T14:00:00+02:00</expires>
+ <senderName>Israel Meteorological Service</senderName>
+ <headline>שטפונות בזק</headline>
+ <description>התראה מוקדמת צהובה על שטפונות בזק במדבר יהודה וים המלח, בצפון מזרח הנגב ובצפון הערבה מ-06/03 ב-22 עד 07/03 ב-14. באזורים המצויינים קיים חשש משטפונות בזק מקומיים בשל ממטרים מקומיים בשעות המצויינות. לפרטים נוספים: https://ims.gov.il/he/IMSwarnings .</description>
+ <web>https://ims.gov.il/he/IMSWarnings</web>
+ <parameter>
+ <valueName>awareness_level</valueName>
+ <value>2; yellow; Moderate</value>
+ </parameter>
+ <parameter>
+ <valueName>awareness_type</valueName>
+ <value>12; flooding</value>
+ </parameter>
+ <area>
+ <areaDesc>South Judea Desert Dead Sea</areaDesc>
+ <polygon/>
+ <geocode>
+ <valueName>EMMA_ID</valueName>
+ <value>IL043</value>
+ </geocode>
+ </area>
+ <area>
+ <areaDesc>North Eastern Negev</areaDesc>
+ <polygon/>
+ <geocode>
+ <valueName>EMMA_ID</valueName>
+ <value>IL042</value>
+ </geocode>
+ </area>
+ <area>
+ <areaDesc>Northern Arava</areaDesc>
+ <polygon/>
+ <geocode>
+ <valueName>EMMA_ID</valueName>
+ <value>IL045</value>
+ </geocode>
+ </area>
+ </info>
+</alert>
diff -Nru kweathercore-25.04.0/autotests/capdata/mo-cap_monsoon.xml kweathercore-25.04.2/autotests/capdata/mo-cap_monsoon.xml
--- kweathercore-25.04.0/autotests/capdata/mo-cap_monsoon.xml 1970-01-01 01:00:00.000000000 +0100
+++ kweathercore-25.04.2/autotests/capdata/mo-cap_monsoon.xml 2025-06-02 22:02:13.000000000 +0200
@@ -0,0 +1,256 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<alert xmlns="urn:oasis:names:tc:emergency:cap:1.2">
+<identifier>SMG-Weather_MS_2025_006_03</identifier>
+<sender>meteo@smg.gov.mo</sender>
+<sent>2025-04-13T05:52:12+08:00</sent>
+<status>Actual</status>
+<msgType>Update</msgType>
+<scope>Public</scope>
+<references>meteo@smg.gov.mo,SMG-Weather_MS_2025_006_03,2025-04-13T05:52:12+08:00</references>
+<info>
+<language>zh-mo</language>
+<category>Met</category>
+<event>強烈季候風信號</event>
+<responseType>AllClear</responseType>
+<urgency>Past</urgency>
+<severity>Moderate</severity>
+<certainty>Observed</certainty>
+<effective>2025-04-13T06:00:00+08:00</effective>
+<senderName>澳門特別行政區政府地球物理氣象局</senderName>
+<headline>強烈季候風(即黑球)信號於 2025年04月13日06時00分 取消。</headline>
+<description>強烈季候風(即黑球)信號於 2025年04月13日06時00分 取消。</description>
+<instruction></instruction>
+<web>https://www.smg.gov.mo/zh/subpage/35/monsoon-main</web>
+<contact>meteo@smg.gov.mo</contact>
+<area>
+ <areaDesc>澳門特別行政區行政區域圖</areaDesc>
+ <polygon>22.0766,113.5709
+ 22.0766,113.6102
+ 22.1088,113.6301
+ 22.1656,113.6301
+ 22.2041,113.6052
+ 22.2040,113.5710
+ 22.2090,113.5689
+ 22.2122,113.5622
+ 22.2160,113.5520
+ 22.2153,113.5509
+ 22.2155,113.5507
+ 22.2156,113.5507
+ 22.2170,113.5508
+ 22.2169,113.5500
+ 22.2167,113.5496
+ 22.2166,113.5492
+ 22.2166,113.5487
+ 22.2166,113.5477
+ 22.2165,113.5476
+ 22.2167,113.5470
+ 22.2167,113.5465
+ 22.2167,113.5465
+ 22.2168,113.5454
+ 22.2169,113.5451
+ 22.2169,113.5443
+ 22.2163,113.5433
+ 22.2144,113.5424
+ 22.2142,113.5424
+ 22.2136,113.5420
+ 22.2136,113.5419
+ 22.2132,113.5417
+ 22.2133,113.5415
+ 22.2130,113.5413
+ 22.2130,113.5411
+ 22.2130,113.5409
+ 22.2136,113.5381
+ 22.2136,113.5363
+ 22.2135,113.5357
+ 22.2134,113.5354
+ 22.2134,113.5352
+ 22.2135,113.5349
+ 22.2123,113.5330
+ 22.2096,113.5339
+ 22.2073,113.5346
+ 22.2066,113.5353
+ 22.2023,113.5356
+ 22.1945,113.5336
+ 22.1885,113.5292
+ 22.1879,113.5301
+ 22.1865,113.5291
+ 22.1845,113.5283
+ 22.1821,113.5281
+ 22.1770,113.5294
+ 22.1754,113.5305
+ 22.1733,113.5319
+ 22.1720,113.5321
+ 22.1570,113.5395
+ 22.1507,113.5452
+ 22.1453,113.5495
+ 22.1155,113.5483
+ 22.1088,113.5496
+ 22.0988,113.5709
+ 22.0766,113.5709</polygon>
+</area>
+</info>
+<info>
+<language>pt-PT</language>
+<category>Met</category>
+<event>VENTOS FORTES DE MONÇÃO</event>
+<responseType>AllClear</responseType>
+<urgency>Past</urgency>
+<severity>Moderate</severity>
+<certainty>Observed</certainty>
+<effective>2025-04-13T06:00:00+08:00</effective>
+<senderName>DIRECÇÃO DOS SERVIÇOS METEOROLÓGICOS E GEOFÍSICOS</senderName>
+<headline>O sinal de ventos fortes de monção(bola preta) foi cancelado às 06:00, de 13-04-2025.</headline>
+<description>O sinal de ventos fortes de monção(bola preta) foi cancelado às 06:00, de 13-04-2025.</description>
+<instruction></instruction>
+<web>https://www.smg.gov.mo/pt/subpage/35/monsoon-main</web>
+<contact>meteo@smg.gov.mo</contact>
+<area>
+ <areaDesc>Mapa da Divisão Administrativa da RAEM</areaDesc>
+ <polygon>22.0766,113.5709
+ 22.0766,113.6102
+ 22.1088,113.6301
+ 22.1656,113.6301
+ 22.2041,113.6052
+ 22.2040,113.5710
+ 22.2090,113.5689
+ 22.2122,113.5622
+ 22.2160,113.5520
+ 22.2153,113.5509
+ 22.2155,113.5507
+ 22.2156,113.5507
+ 22.2170,113.5508
+ 22.2169,113.5500
+ 22.2167,113.5496
+ 22.2166,113.5492
+ 22.2166,113.5487
+ 22.2166,113.5477
+ 22.2165,113.5476
+ 22.2167,113.5470
+ 22.2167,113.5465
+ 22.2167,113.5465
+ 22.2168,113.5454
+ 22.2169,113.5451
+ 22.2169,113.5443
+ 22.2163,113.5433
+ 22.2144,113.5424
+ 22.2142,113.5424
+ 22.2136,113.5420
+ 22.2136,113.5419
+ 22.2132,113.5417
+ 22.2133,113.5415
+ 22.2130,113.5413
+ 22.2130,113.5411
+ 22.2130,113.5409
+ 22.2136,113.5381
+ 22.2136,113.5363
+ 22.2135,113.5357
+ 22.2134,113.5354
+ 22.2134,113.5352
+ 22.2135,113.5349
+ 22.2123,113.5330
+ 22.2096,113.5339
+ 22.2073,113.5346
+ 22.2066,113.5353
+ 22.2023,113.5356
+ 22.1945,113.5336
+ 22.1885,113.5292
+ 22.1879,113.5301
+ 22.1865,113.5291
+ 22.1845,113.5283
+ 22.1821,113.5281
+ 22.1770,113.5294
+ 22.1754,113.5305
+ 22.1733,113.5319
+ 22.1720,113.5321
+ 22.1570,113.5395
+ 22.1507,113.5452
+ 22.1453,113.5495
+ 22.1155,113.5483
+ 22.1088,113.5496
+ 22.0988,113.5709
+ 22.0766,113.5709</polygon>
+</area>
+</info>
+<info>
+<language>en-US</language>
+<category>Met</category>
+<event>STRONG MONSOON SIGNAL</event>
+<responseType>AllClear</responseType>
+<urgency>Past</urgency>
+<severity>Moderate</severity>
+<certainty>Observed</certainty>
+<effective>2025-04-13T06:00:00+08:00</effective>
+<senderName>Macao Meteorological and Geophysical Bureau</senderName>
+<headline>Strong monsoon signal(Black ball) was cancelled at 2025-04-13 06:00.</headline>
+<description>Strong monsoon signal(Black ball) was cancelled at 2025-04-13 06:00.</description>
+<instruction></instruction>
+<web>https://www.smg.gov.mo/en/subpage/35/monsoon-main</web>
+<contact>meteo@smg.gov.mo</contact>
+<area>
+ <areaDesc>Macao Special Administrative Region Administrative Area Map</areaDesc>
+ <polygon>22.0766,113.5709
+ 22.0766,113.6102
+ 22.1088,113.6301
+ 22.1656,113.6301
+ 22.2041,113.6052
+ 22.2040,113.5710
+ 22.2090,113.5689
+ 22.2122,113.5622
+ 22.2160,113.5520
+ 22.2153,113.5509
+ 22.2155,113.5507
+ 22.2156,113.5507
+ 22.2170,113.5508
+ 22.2169,113.5500
+ 22.2167,113.5496
+ 22.2166,113.5492
+ 22.2166,113.5487
+ 22.2166,113.5477
+ 22.2165,113.5476
+ 22.2167,113.5470
+ 22.2167,113.5465
+ 22.2167,113.5465
+ 22.2168,113.5454
+ 22.2169,113.5451
+ 22.2169,113.5443
+ 22.2163,113.5433
+ 22.2144,113.5424
+ 22.2142,113.5424
+ 22.2136,113.5420
+ 22.2136,113.5419
+ 22.2132,113.5417
+ 22.2133,113.5415
+ 22.2130,113.5413
+ 22.2130,113.5411
+ 22.2130,113.5409
+ 22.2136,113.5381
+ 22.2136,113.5363
+ 22.2135,113.5357
+ 22.2134,113.5354
+ 22.2134,113.5352
+ 22.2135,113.5349
+ 22.2123,113.5330
+ 22.2096,113.5339
+ 22.2073,113.5346
+ 22.2066,113.5353
+ 22.2023,113.5356
+ 22.1945,113.5336
+ 22.1885,113.5292
+ 22.1879,113.5301
+ 22.1865,113.5291
+ 22.1845,113.5283
+ 22.1821,113.5281
+ 22.1770,113.5294
+ 22.1754,113.5305
+ 22.1733,113.5319
+ 22.1720,113.5321
+ 22.1570,113.5395
+ 22.1507,113.5452
+ 22.1453,113.5495
+ 22.1155,113.5483
+ 22.1088,113.5496
+ 22.0988,113.5709
+ 22.0766,113.5709</polygon>
+</area>
+</info>
+</alert>
diff -Nru kweathercore-25.04.0/autotests/capparsertest.cpp kweathercore-25.04.2/autotests/capparsertest.cpp
--- kweathercore-25.04.0/autotests/capparsertest.cpp 2025-04-07 22:47:47.000000000 +0200
+++ kweathercore-25.04.2/autotests/capparsertest.cpp 2025-06-02 22:02:13.000000000 +0200
@@ -12,6 +12,8 @@
#include <QFile>
#include <QTest>
+using namespace Qt::Literals;
+
class CapParserTest : public QObject
{
Q_OBJECT
@@ -185,6 +187,48 @@
QCOMPARE(area.altitude(), 0.0f);
QCOMPARE(area.ceiling(), 9842.5197f);
}
+
+ void testTabCoordinateSeparator()
+ {
+ QFile f(QFINDTESTDATA("capdata/mo-cap_monsoon.xml"));
+ QVERIFY(f.open(QFile::ReadOnly));
+ KWeatherCore::CAPParser parser(f.readAll());
+ auto alert = parser.parse();
+
+ QCOMPARE(alert.status(), KWeatherCore::CAPAlertMessage::Status::Actual);
+ QCOMPARE(alert.messageType(), KWeatherCore::CAPAlertMessage::MessageType::Update);
+ QCOMPARE(alert.references().size(), 1);
+ auto ref = alert.references()[0];
+ QCOMPARE(ref.sender(), "meteo@smg.gov.mo"_L1);
+ QCOMPARE(ref.identifier(), "SMG-Weather_MS_2025_006_03"_L1);
+ QCOMPARE(ref.sent(), QDateTime({2025, 4, 13}, {5, 52, 12}, QTimeZone::fromSecondsAheadOfUtc(8 * 60 * 60)));
+
+ QCOMPARE(alert.alertInfos().size(), 3);
+ const auto info = alert.alertInfos()[0];
+ QCOMPARE(info.areas().size(), 1);
+ const auto area = info.areas()[0];
+ QCOMPARE(area.description(), u"澳門特別行政區行政區域圖");
+ QCOMPARE(area.polygons().size(), 1);
+ const auto poly = area.polygons()[0];
+ QCOMPARE(poly.size(), 63);
+ }
+
+ void testEmptyPolygon()
+ {
+ QFile f(QFINDTESTDATA("capdata/il-488abaaf-cad5-4d2b-93b2-703016878453.xml"));
+ QVERIFY(f.open(QFile::ReadOnly));
+ KWeatherCore::CAPParser parser(f.readAll());
+ auto alert = parser.parse();
+
+ QCOMPARE(alert.status(), KWeatherCore::CAPAlertMessage::Status::Actual);
+ QCOMPARE(alert.alertInfos().size(), 2);
+ const auto info = alert.alertInfos()[0];
+ QCOMPARE(info.areas().size(), 3);
+ const auto area = info.areas()[0];
+ QVERIFY(!area.description().isEmpty());
+ QCOMPARE(area.geoCodes().size(), 1);
+ QCOMPARE(area.polygons().size(), 0);
+ }
};
QTEST_GUILESS_MAIN(CapParserTest)
diff -Nru kweathercore-25.04.0/CMakeLists.txt kweathercore-25.04.2/CMakeLists.txt
--- kweathercore-25.04.0/CMakeLists.txt 2025-04-07 22:47:47.000000000 +0200
+++ kweathercore-25.04.2/CMakeLists.txt 2025-06-02 22:02:13.000000000 +0200
@@ -3,7 +3,7 @@
# KDE Application Version, managed by release script
set (RELEASE_SERVICE_VERSION_MAJOR "25")
set (RELEASE_SERVICE_VERSION_MINOR "04")
-set (RELEASE_SERVICE_VERSION_MICRO "0")
+set (RELEASE_SERVICE_VERSION_MICRO "2")
set (RELEASE_SERVICE_VERSION "${RELEASE_SERVICE_VERSION_MAJOR}.${RELEASE_SERVICE_VERSION_MINOR}.${RELEASE_SERVICE_VERSION_MICRO}")
project(KWeatherCore VERSION ${RELEASE_SERVICE_VERSION})
diff -Nru kweathercore-25.04.0/debian/changelog kweathercore-25.04.2/debian/changelog
--- kweathercore-25.04.0/debian/changelog 2025-04-26 01:01:37.000000000 +0200
+++ kweathercore-25.04.2/debian/changelog 2025-06-09 23:00:38.000000000 +0200
@@ -1,3 +1,12 @@
+kweathercore (25.04.2-1) unstable; urgency=medium
+
+ [ Aurélien COUDERC ]
+ * New upstream release (25.04.1).
+ - Harden the CAP polygon parser against creative input.
+ - Fix: Add virtual destructor for ReplyPrivate.
+
+ -- Aurélien COUDERC <coucouf@debian.org> Mon, 09 Jun 2025 23:00:38 +0200
+
kweathercore (25.04.0-1) unstable; urgency=medium
[ Aurélien COUDERC ]
diff -Nru kweathercore-25.04.0/src/capparser.cpp kweathercore-25.04.2/src/capparser.cpp
--- kweathercore-25.04.0/src/capparser.cpp 2025-04-07 22:47:47.000000000 +0200
+++ kweathercore-25.04.2/src/capparser.cpp 2025-06-02 22:02:13.000000000 +0200
@@ -175,11 +175,29 @@
{"Unlikely", CAPAlertInfo::Certainty::Unlikely},
};
+[[nodiscard]] static QStringView nextCoordinate(QStringView &input)
+{
+ const auto beginIt = std::find_if(input.constBegin(), input.constEnd(), [](auto c) {
+ return !c.isSpace();
+ });
+ if (beginIt == input.constEnd()) {
+ input = {};
+ return {};
+ }
+ const auto endIt = std::find_if(std::next(beginIt), input.constEnd(), [](auto c) {
+ return c.isSpace();
+ });
+ auto s = input.sliced(std::distance(input.constBegin(), beginIt), std::distance(beginIt, endIt));
+ input.slice(std::distance(input.constBegin(), endIt));
+ return s;
+}
+
[[nodiscard]] static CAPPolygon stringToPolygon(QStringView str)
{
CAPPolygon res;
- for (auto coordinate : QStringTokenizer(str, ' '_L1, Qt::SkipEmptyParts)) {
+ do {
+ auto coordinate = nextCoordinate(str);
const auto idx = coordinate.indexOf(','_L1);
if (idx < 0) {
continue;
@@ -189,7 +207,7 @@
if (!latOk || !lonOk) {
res.pop_back();
}
- }
+ } while (!str.isEmpty());
return res;
}
@@ -400,7 +418,10 @@
} else if (m_xml.name() == QLatin1String("geocode") && !m_xml.isEndElement()) {
area.addGeoCode(parseNamedValue());
} else if (m_xml.name() == QLatin1String("polygon") && !m_xml.isEndElement()) {
- area.addPolygon(stringToPolygon(m_xml.readElementText()));
+ auto poly = stringToPolygon(m_xml.readElementText());
+ if (poly.size() >= 4) {
+ area.addPolygon(std::move(poly));
+ }
} else if (m_xml.name() == QLatin1String("circle") && !m_xml.isEndElement()) {
const auto t = m_xml.readElementText();
const auto commaIdx = t.indexOf(QLatin1Char(','));
diff -Nru kweathercore-25.04.0/src/reply_p.h kweathercore-25.04.2/src/reply_p.h
--- kweathercore-25.04.0/src/reply_p.h 2025-04-07 22:47:47.000000000 +0200
+++ kweathercore-25.04.2/src/reply_p.h 2025-06-02 22:02:13.000000000 +0200
@@ -16,6 +16,7 @@
class ReplyPrivate
{
public:
+ virtual ~ReplyPrivate() = default;
void setError(Reply::Error error, const QString &msg = {});
Reply::Error m_error = Reply::NoError;
Reply to: