testing/qbittorrent-nox: upgrade to 4.2.1

2 files changed, 11 insertions, 39 deletions

diff --git a/testing/qbittorrent-nox/APKBUILD b/testing/qbittorrent-nox/APKBUILD
index 36602fa5675..6bce2c0799c 100644
--- a/testing/qbittorrent-nox/APKBUILD
+++ b/testing/qbittorrent-nox/APKBUILD
@@ -1,9 +1,8 @@
 # Contributor: Jan Tatje <jan@jnt.io>
 # Maintainer: Jan Tatje <jan@jnt.io>
 pkgname=qbittorrent-nox
-pkgver=4.1.6
-pkgrel=4
-_commit=1831f71cc452b164224d8b6399a8130d6d5b1c24
+pkgver=4.2.1
+pkgrel=0
 pkgdesc="qBittorrent client (webui only)"
 url="https://www.qbittorrent.org/"
 arch="all"
@@ -13,20 +12,21 @@ depends="boost qt5-qtbase libtorrent-rasterbar"
 makedepends="boost-dev qt5-qtbase-dev qt5-qttools-dev libtorrent-rasterbar-dev"
 install="$pkgname.pre-install"
 subpackages="$pkgname-openrc $pkgname-doc"
-source="
+source="$pkgname-$pkgver.tar.gz::https://github.com/qbittorrent/qBittorrent/archive/release-$pkgver.tar.gz
 	qbittorrent-nox.initd
 	qbittorrent-nox.confd
-	https://github.com/qbittorrent/qBittorrent/archive/$_commit.tar.gz
-	CVE-2019-13640.patch
 	"
-builddir="$srcdir/qBittorrent-$_commit"
+builddir="$srcdir/qBittorrent-release-$pkgver"
 
 # secfixes:
 #   4.1.6-r3:
 #     - CVE-2019-13640
 
 build() {
-	./configure --disable-gui --disable-qt-dbus --prefix=/usr
+	./configure \
+		--prefix=/usr \
+		--disable-gui \
+		--disable-qt-dbus
 	make
 }
 
@@ -39,7 +39,6 @@ package() {
 		"$pkgdir"/etc/conf.d/$pkgname
 }
 
-sha512sums="310df13ca8249e2ed57b7490ffa8f6beb0b273d856a62eeb87d47b7c20c531224c03c07124c3b9ac287c00dd9c139180c39933ee33dcb1a8a6ec1f67605dcede  qbittorrent-nox.initd
-999e58bcf0a528f88655611cb7d0ec2bd5f0a1aed1696b71be27e24a1708112540afa7fb37688ec865de1d9c7af6e7a2293773790bd8941bb94a1dc1f9ebe95e  qbittorrent-nox.confd
-5f6abfd8a9345e9972554ee55d79c2263ca80880ad3357540f13c6bd9337780d836a0b1c287b6c051f466eb98e380e6cee5b9381a1f2430cbc37643cd2386a40  1831f71cc452b164224d8b6399a8130d6d5b1c24.tar.gz
-7fdaa5d0984e072db0f29b0904e19a43999f4766a4342da525ef793443a9f66329cf2822932d8547ef381af08906a72cf5426a47b1a01878c52dba9414d5a5cc  CVE-2019-13640.patch"
+sha512sums="345c702a49d284fe28b45e52719a79195a784ba07339ea49c340d10d387482d3ba59335b2e41616de97e3813531e808c41239e597ef4b710fcebceb0c837483c  qbittorrent-nox-4.2.1.tar.gz
+310df13ca8249e2ed57b7490ffa8f6beb0b273d856a62eeb87d47b7c20c531224c03c07124c3b9ac287c00dd9c139180c39933ee33dcb1a8a6ec1f67605dcede  qbittorrent-nox.initd
+999e58bcf0a528f88655611cb7d0ec2bd5f0a1aed1696b71be27e24a1708112540afa7fb37688ec865de1d9c7af6e7a2293773790bd8941bb94a1dc1f9ebe95e  qbittorrent-nox.confd"
diff --git a/testing/qbittorrent-nox/CVE-2019-13640.patch b/testing/qbittorrent-nox/CVE-2019-13640.patch
deleted file mode 100644
index 2f938bd820f..00000000000
--- a/testing/qbittorrent-nox/CVE-2019-13640.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From a610c8567e55516231d199b551e0e7e2dca70cbf Mon Sep 17 00:00:00 2001
-From: Chocobo1 <Chocobo1@users.noreply.github.com>
-Date: Thu, 18 Jul 2019 22:36:40 +0800
-Subject: [PATCH] Prevent command injection via "Run external program" function
-
-Closes #10925.
----
- src/app/application.cpp | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/src/app/application.cpp b/src/app/application.cpp
-index a124f2a3d9..19b8823d22 100644
---- a/src/app/application.cpp
-+++ b/src/app/application.cpp
-@@ -335,7 +335,11 @@ void Application::runExternalProgram(const BitTorrent::TorrentHandle *torrent) c
- 
-     ::LocalFree(args);
- #else
--    QProcess::startDetached(QLatin1String("/bin/sh"), {QLatin1String("-c"), program});
-+    // Cannot give users shell environment by default, as doing so could
-+    // enable command injection via torrent name and other arguments
-+    // (especially when some automated download mechanism has been setup).
-+    // See: https://github.com/qbittorrent/qBittorrent/issues/10925
-+    QProcess::startDetached(program);
- #endif
- }
-