From abef251c79402ab0b89a69702741b333afb62caa Mon Sep 17 00:00:00 2001
From: Helmut Pozimski <helmut@pozimski.eu>
Date: Wed, 2 Nov 2016 19:17:00 +0100
Subject: [PATCH] kdepimlibs: add CVE-2016-7966_part2.patch

since the last patch for CVE-2016-7966 did not fix the vulnerability entirely
according to the information released by the KDE project, this commit adds the
second patch released to fix CVE-2016-7966.
---
 .../patches/CVE-2016-7966_part2.patch         | 29 +++++++++++++++++++
 srcpkgs/kdepimlibs/template                   |  2 +-
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/kdepimlibs/patches/CVE-2016-7966_part2.patch

diff --git a/srcpkgs/kdepimlibs/patches/CVE-2016-7966_part2.patch b/srcpkgs/kdepimlibs/patches/CVE-2016-7966_part2.patch
new file mode 100644
index 0000000000..9eb08d8ac2
--- /dev/null
+++ b/srcpkgs/kdepimlibs/patches/CVE-2016-7966_part2.patch
@@ -0,0 +1,29 @@
+--- kpimutils/linklocator.cpp
++++ kpimutils/linklocator.cpp
+@@ -389,7 +389,23 @@
+         bool badUrl = false;
+         str = locator.getUrlAndCheckValidHref(&badUrl);
+         if (badUrl) {
+-            return locator.mText;
++            QString resultBadUrl;
++            const int helperTextSize(locator.mText.count());
++            for (int i = 0; i < helperTextSize; ++i) {
++                const QChar chBadUrl = locator.mText[i];
++                if (chBadUrl == QLatin1Char('&')) {
++                    resultBadUrl += QLatin1String("&amp;");
++                } else if (chBadUrl == QLatin1Char('"')) {
++                    resultBadUrl += QLatin1String("&quot;");
++                } else if (chBadUrl == QLatin1Char('<')) {
++                    resultBadUrl += QLatin1String("&lt;");
++                } else if (chBadUrl == QLatin1Char('>')) {
++                    resultBadUrl += QLatin1String("&gt;");
++                } else {
++                    resultBadUrl += chBadUrl;
++                }
++            }
++            return resultBadUrl;
+         }
+ 
+         if ( !str.isEmpty() ) {
+
+
diff --git a/srcpkgs/kdepimlibs/template b/srcpkgs/kdepimlibs/template
index b150e42e82..b3c1761d1b 100644
--- a/srcpkgs/kdepimlibs/template
+++ b/srcpkgs/kdepimlibs/template
@@ -1,7 +1,7 @@
 # Template file for 'kdepimlibs'
 pkgname=kdepimlibs
 version=4.14.3
-revision=4
+revision=5
 short_desc="KDE PIM Libraries"
 maintainer="Juan RP <xtraeme@voidlinux.eu>"
 license="GPL-2, LGPL-2.1, FDL"