From 30fe734a46dd5363c7e6d1fa89036540b895dd90 Mon Sep 17 00:00:00 2001
From: André Fabian Silva Delgado <emulatorman@parabola.nu>
Date: Thu, 2 Mar 2017 02:14:39 -0300
Subject: kio-5.31.0-2.parabola1: backport security fix

---
 libre/kio/PKGBUILD | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'libre')

diff --git a/libre/kio/PKGBUILD b/libre/kio/PKGBUILD
index 408bda5f0..382f076c7 100644
--- a/libre/kio/PKGBUILD
+++ b/libre/kio/PKGBUILD
@@ -1,11 +1,11 @@
-# $Id: PKGBUILD 288570 2017-02-11 09:58:58Z arojas $
+# $Id: PKGBUILD 289732 2017-02-28 18:46:24Z arojas $
 # Maintainer (Arch): Felix Yan <felixonmars@archlinux.org>
 # Contributor (Arch): Andrea Scarpino <andrea@archlinux.org>
 # Maintainer: André Silva <emulatorman@parabola.nu>
 
 pkgname=kio
 pkgver=5.31.0
-pkgrel=1.parabola1
+pkgrel=2.parabola1
 pkgdesc='Resource and network access abstraction, without non-privacy search engines'
 arch=('i686' 'x86_64' 'armv7h')
 url='https://community.kde.org/Frameworks'
@@ -14,11 +14,13 @@ depends=('solid' 'kjobwidgets' 'kbookmarks' 'libxslt' 'kwallet' 'desktop-file-ut
 makedepends=('extra-cmake-modules' 'kdoctools' 'python')
 optdepends=('kio-extras: extra protocols support (sftp, fish and more)')
 groups=('kf5')
-source=("http://download.kde.org/stable/frameworks/${pkgver%.*}/${pkgname}-${pkgver}.tar.xz"{,.sig}
+source=("https://download.kde.org/stable/frameworks/${pkgver%.*}/${pkgname}-${pkgver}.tar.xz"{,.sig}
+        kio-sanitize-url.patch::"https://cgit.kde.org/kio.git/patch/?id=f9d0cb47"
         'duckduckgo_html.desktop'
         'duckduckgo_lite.desktop')
 md5sums=('62f31e7a9cd0b875fce5b552ec9be3c7'
          'SKIP'
+         '3044fd99f934879390f29ec71e2d795a'
          '59462f450ae72354ab3ca188710e2330'
          '1ca9884d8dc89c5713a1f42033775bcd')
 validpgpkeys=(53E6B47B45CEA3E0D5B7457758D0EE648A48B3BB) # David Faure <faure@kde.org>
@@ -28,6 +30,9 @@ prepare() {
 
   cd ${pkgname}-${pkgver}
 
+  # Sanitize URLs before passing them to FindProxyForURL
+  patch -p1 -i ../kio-sanitize-url.patch
+
   # Removing non-privacy search providers 
   rm -v src/urifilters/ikws/searchproviders/{7digital,acronym,amazon{,_mp3},amg,backports,baidu,bing,blip,cia,dbug,deb,duckduckgo{,_info,_shopping},facebook,ecosia,feedster,flickr,flickrcc,google,google_advanced,google_code,google_groups,google_images,google_lucky,google_maps,google_movie,google_news,google_shopping,imdb,jamendo,jeeves,magnatune,metacrawler,msdn,nl-telephone,nl-teletekst,python,rpmfind,tvtome,uspto,vimeo,voila,yahoo,yahoo_image,yahoo_local,yahoo_shopping,yahoo_video,youtube}.desktop
 
-- 
cgit v1.2.3