Package: release.debian.org Severity: normal X-Debbugs-Cc: kweatherc...@packages.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Control: affects -1 + src:kweathercore User: release.debian....@packages.debian.org Usertags: unblock
Dear Release Team, please unblock package kweathercore. [ Reason ] It contains the following changes: * New upstream release (25.04.1). - Harden the CAP polygon parser against creative input. - Fix: Add virtual destructor for ReplyPrivate. [ Tests ] - Upstream test suite passes in sbuild. [ Risks ] Upstream point releases only contain targetted commits. Further fixes can easily be backported or the changes reverted. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing Thanks! unblock kweathercore/25.04.2-1
diff -Nru kweathercore-25.04.0/autotests/capdata/il-488abaaf-cad5-4d2b-93b2-703016878453.xml kweathercore-25.04.2/autotests/capdata/il-488abaaf-cad5-4d2b-93b2-703016878453.xml --- kweathercore-25.04.0/autotests/capdata/il-488abaaf-cad5-4d2b-93b2-703016878453.xml 1970-01-01 01:00:00.000000000 +0100 +++ kweathercore-25.04.2/autotests/capdata/il-488abaaf-cad5-4d2b-93b2-703016878453.xml 2025-06-02 22:02:13.000000000 +0200 @@ -0,0 +1,103 @@ +<?xml version="1.0" encoding="utf-8" standalone="yes" ?> +<alert xmlns="urn:oasis:names:tc:emergency:cap:1.2"> + <identifier>2.49.0.0.376.0.250306145512.48636</identifier> + <sender>ims.gov.il</sender> + <sent>2025-03-06T14:55:12+02:00</sent> + <status>Actual</status> + <msgType>Alert</msgType> + <scope>Public</scope> + <info> + <language>en-GB</language> + <category>Met</category> + <event>FLOOD</event> + <urgency>Future</urgency> + <severity>Severe</severity> + <certainty>Possible</certainty> + <effective>2025-03-06T14:55:12+02:00</effective> + <onset>2025-03-06T22:00:00+02:00</onset> + <expires>2025-03-07T14:00:00+02:00</expires> + <senderName>Israel Meteorological Service</senderName> + <headline>Flash Floods</headline> + <description>Yellow Early Warning of FLASH FLOODS in Judea Desert Dead Sea, in North Eastern Negev and in Northern Arava from 06/03 22 until 07/03 14 LT. For further details: https://ims.gov.il/he/IMSwarnings .</description> + <web>https://ims.gov.il/en/IMSWarnings</web> + <parameter> + <valueName>awareness_level</valueName> + <value>2; yellow; Moderate</value> + </parameter> + <parameter> + <valueName>awareness_type</valueName> + <value>12; flooding</value> + </parameter> + <area> + <areaDesc>South Judea Desert Dead Sea</areaDesc> + <polygon/> + <geocode> + <valueName>EMMA_ID</valueName> + <value>IL043</value> + </geocode> + </area> + <area> + <areaDesc>North Eastern Negev</areaDesc> + <polygon/> + <geocode> + <valueName>EMMA_ID</valueName> + <value>IL042</value> + </geocode> + </area> + <area> + <areaDesc>Northern Arava</areaDesc> + <polygon/> + <geocode> + <valueName>EMMA_ID</valueName> + <value>IL045</value> + </geocode> + </area> + </info> + <info> + <language>he-IL</language> + <category>Met</category> + <event>FLOOD</event> + <urgency>Future</urgency> + <severity>Severe</severity> + <certainty>Possible</certainty> + <effective>2025-03-06T14:55:12+02:00</effective> + <onset>2025-03-06T22:00:00+02:00</onset> + <expires>2025-03-07T14:00:00+02:00</expires> + <senderName>Israel Meteorological Service</senderName> + <headline>שטפונות בזק</headline> + <description>התראה מוקדמת צהובה על שטפונות בזק במדבר יהודה וים המלח, בצפון מזרח הנגב ובצפון הערבה מ-06/03 ב-22 עד 07/03 ב-14. באזורים המצויינים קיים חשש משטפונות בזק מקומיים בשל ממטרים מקומיים בשעות המצויינות. לפרטים נוספים: https://ims.gov.il/he/IMSwarnings .</description> + <web>https://ims.gov.il/he/IMSWarnings</web> + <parameter> + <valueName>awareness_level</valueName> + <value>2; yellow; Moderate</value> + </parameter> + <parameter> + <valueName>awareness_type</valueName> + <value>12; flooding</value> + </parameter> + <area> + <areaDesc>South Judea Desert Dead Sea</areaDesc> + <polygon/> + <geocode> + <valueName>EMMA_ID</valueName> + <value>IL043</value> + </geocode> + </area> + <area> + <areaDesc>North Eastern Negev</areaDesc> + <polygon/> + <geocode> + <valueName>EMMA_ID</valueName> + <value>IL042</value> + </geocode> + </area> + <area> + <areaDesc>Northern Arava</areaDesc> + <polygon/> + <geocode> + <valueName>EMMA_ID</valueName> + <value>IL045</value> + </geocode> + </area> + </info> +</alert> diff -Nru kweathercore-25.04.0/autotests/capdata/mo-cap_monsoon.xml kweathercore-25.04.2/autotests/capdata/mo-cap_monsoon.xml --- kweathercore-25.04.0/autotests/capdata/mo-cap_monsoon.xml 1970-01-01 01:00:00.000000000 +0100 +++ kweathercore-25.04.2/autotests/capdata/mo-cap_monsoon.xml 2025-06-02 22:02:13.000000000 +0200 @@ -0,0 +1,256 @@ +<?xml version="1.0" encoding="UTF-8"?> +<alert xmlns="urn:oasis:names:tc:emergency:cap:1.2"> +<identifier>SMG-Weather_MS_2025_006_03</identifier> +<sender>me...@smg.gov.mo</sender> +<sent>2025-04-13T05:52:12+08:00</sent> +<status>Actual</status> +<msgType>Update</msgType> +<scope>Public</scope> +<references>me...@smg.gov.mo,SMG-Weather_MS_2025_006_03,2025-04-13T05:52:12+08:00</references> +<info> +<language>zh-mo</language> +<category>Met</category> +<event>強烈季候風信號</event> +<responseType>AllClear</responseType> +<urgency>Past</urgency> +<severity>Moderate</severity> +<certainty>Observed</certainty> +<effective>2025-04-13T06:00:00+08:00</effective> +<senderName>澳門特別行政區政府地球物理氣象局</senderName> +<headline>強烈季候風(即黑球)信號於 2025年04月13日06時00分 取消。</headline> +<description>強烈季候風(即黑球)信號於 2025年04月13日06時00分 取消。</description> +<instruction></instruction> +<web>https://www.smg.gov.mo/zh/subpage/35/monsoon-main</web> +<contact>me...@smg.gov.mo</contact> +<area> + <areaDesc>澳門特別行政區行政區域圖</areaDesc> + <polygon>22.0766,113.5709 + 22.0766,113.6102 + 22.1088,113.6301 + 22.1656,113.6301 + 22.2041,113.6052 + 22.2040,113.5710 + 22.2090,113.5689 + 22.2122,113.5622 + 22.2160,113.5520 + 22.2153,113.5509 + 22.2155,113.5507 + 22.2156,113.5507 + 22.2170,113.5508 + 22.2169,113.5500 + 22.2167,113.5496 + 22.2166,113.5492 + 22.2166,113.5487 + 22.2166,113.5477 + 22.2165,113.5476 + 22.2167,113.5470 + 22.2167,113.5465 + 22.2167,113.5465 + 22.2168,113.5454 + 22.2169,113.5451 + 22.2169,113.5443 + 22.2163,113.5433 + 22.2144,113.5424 + 22.2142,113.5424 + 22.2136,113.5420 + 22.2136,113.5419 + 22.2132,113.5417 + 22.2133,113.5415 + 22.2130,113.5413 + 22.2130,113.5411 + 22.2130,113.5409 + 22.2136,113.5381 + 22.2136,113.5363 + 22.2135,113.5357 + 22.2134,113.5354 + 22.2134,113.5352 + 22.2135,113.5349 + 22.2123,113.5330 + 22.2096,113.5339 + 22.2073,113.5346 + 22.2066,113.5353 + 22.2023,113.5356 + 22.1945,113.5336 + 22.1885,113.5292 + 22.1879,113.5301 + 22.1865,113.5291 + 22.1845,113.5283 + 22.1821,113.5281 + 22.1770,113.5294 + 22.1754,113.5305 + 22.1733,113.5319 + 22.1720,113.5321 + 22.1570,113.5395 + 22.1507,113.5452 + 22.1453,113.5495 + 22.1155,113.5483 + 22.1088,113.5496 + 22.0988,113.5709 + 22.0766,113.5709</polygon> +</area> +</info> +<info> +<language>pt-PT</language> +<category>Met</category> +<event>VENTOS FORTES DE MONÇÃO</event> +<responseType>AllClear</responseType> +<urgency>Past</urgency> +<severity>Moderate</severity> +<certainty>Observed</certainty> +<effective>2025-04-13T06:00:00+08:00</effective> +<senderName>DIRECÇÃO DOS SERVIÇOS METEOROLÓGICOS E GEOFÍSICOS</senderName> +<headline>O sinal de ventos fortes de monção(bola preta) foi cancelado às 06:00, de 13-04-2025.</headline> +<description>O sinal de ventos fortes de monção(bola preta) foi cancelado às 06:00, de 13-04-2025.</description> +<instruction></instruction> +<web>https://www.smg.gov.mo/pt/subpage/35/monsoon-main</web> +<contact>me...@smg.gov.mo</contact> +<area> + <areaDesc>Mapa da Divisão Administrativa da RAEM</areaDesc> + <polygon>22.0766,113.5709 + 22.0766,113.6102 + 22.1088,113.6301 + 22.1656,113.6301 + 22.2041,113.6052 + 22.2040,113.5710 + 22.2090,113.5689 + 22.2122,113.5622 + 22.2160,113.5520 + 22.2153,113.5509 + 22.2155,113.5507 + 22.2156,113.5507 + 22.2170,113.5508 + 22.2169,113.5500 + 22.2167,113.5496 + 22.2166,113.5492 + 22.2166,113.5487 + 22.2166,113.5477 + 22.2165,113.5476 + 22.2167,113.5470 + 22.2167,113.5465 + 22.2167,113.5465 + 22.2168,113.5454 + 22.2169,113.5451 + 22.2169,113.5443 + 22.2163,113.5433 + 22.2144,113.5424 + 22.2142,113.5424 + 22.2136,113.5420 + 22.2136,113.5419 + 22.2132,113.5417 + 22.2133,113.5415 + 22.2130,113.5413 + 22.2130,113.5411 + 22.2130,113.5409 + 22.2136,113.5381 + 22.2136,113.5363 + 22.2135,113.5357 + 22.2134,113.5354 + 22.2134,113.5352 + 22.2135,113.5349 + 22.2123,113.5330 + 22.2096,113.5339 + 22.2073,113.5346 + 22.2066,113.5353 + 22.2023,113.5356 + 22.1945,113.5336 + 22.1885,113.5292 + 22.1879,113.5301 + 22.1865,113.5291 + 22.1845,113.5283 + 22.1821,113.5281 + 22.1770,113.5294 + 22.1754,113.5305 + 22.1733,113.5319 + 22.1720,113.5321 + 22.1570,113.5395 + 22.1507,113.5452 + 22.1453,113.5495 + 22.1155,113.5483 + 22.1088,113.5496 + 22.0988,113.5709 + 22.0766,113.5709</polygon> +</area> +</info> +<info> +<language>en-US</language> +<category>Met</category> +<event>STRONG MONSOON SIGNAL</event> +<responseType>AllClear</responseType> +<urgency>Past</urgency> +<severity>Moderate</severity> +<certainty>Observed</certainty> +<effective>2025-04-13T06:00:00+08:00</effective> +<senderName>Macao Meteorological and Geophysical Bureau</senderName> +<headline>Strong monsoon signal(Black ball) was cancelled at 2025-04-13 06:00.</headline> +<description>Strong monsoon signal(Black ball) was cancelled at 2025-04-13 06:00.</description> +<instruction></instruction> +<web>https://www.smg.gov.mo/en/subpage/35/monsoon-main</web> +<contact>me...@smg.gov.mo</contact> +<area> + <areaDesc>Macao Special Administrative Region Administrative Area Map</areaDesc> + <polygon>22.0766,113.5709 + 22.0766,113.6102 + 22.1088,113.6301 + 22.1656,113.6301 + 22.2041,113.6052 + 22.2040,113.5710 + 22.2090,113.5689 + 22.2122,113.5622 + 22.2160,113.5520 + 22.2153,113.5509 + 22.2155,113.5507 + 22.2156,113.5507 + 22.2170,113.5508 + 22.2169,113.5500 + 22.2167,113.5496 + 22.2166,113.5492 + 22.2166,113.5487 + 22.2166,113.5477 + 22.2165,113.5476 + 22.2167,113.5470 + 22.2167,113.5465 + 22.2167,113.5465 + 22.2168,113.5454 + 22.2169,113.5451 + 22.2169,113.5443 + 22.2163,113.5433 + 22.2144,113.5424 + 22.2142,113.5424 + 22.2136,113.5420 + 22.2136,113.5419 + 22.2132,113.5417 + 22.2133,113.5415 + 22.2130,113.5413 + 22.2130,113.5411 + 22.2130,113.5409 + 22.2136,113.5381 + 22.2136,113.5363 + 22.2135,113.5357 + 22.2134,113.5354 + 22.2134,113.5352 + 22.2135,113.5349 + 22.2123,113.5330 + 22.2096,113.5339 + 22.2073,113.5346 + 22.2066,113.5353 + 22.2023,113.5356 + 22.1945,113.5336 + 22.1885,113.5292 + 22.1879,113.5301 + 22.1865,113.5291 + 22.1845,113.5283 + 22.1821,113.5281 + 22.1770,113.5294 + 22.1754,113.5305 + 22.1733,113.5319 + 22.1720,113.5321 + 22.1570,113.5395 + 22.1507,113.5452 + 22.1453,113.5495 + 22.1155,113.5483 + 22.1088,113.5496 + 22.0988,113.5709 + 22.0766,113.5709</polygon> +</area> +</info> +</alert> diff -Nru kweathercore-25.04.0/autotests/capparsertest.cpp kweathercore-25.04.2/autotests/capparsertest.cpp --- kweathercore-25.04.0/autotests/capparsertest.cpp 2025-04-07 22:47:47.000000000 +0200 +++ kweathercore-25.04.2/autotests/capparsertest.cpp 2025-06-02 22:02:13.000000000 +0200 @@ -12,6 +12,8 @@ #include <QFile> #include <QTest> +using namespace Qt::Literals; + class CapParserTest : public QObject { Q_OBJECT @@ -185,6 +187,48 @@ QCOMPARE(area.altitude(), 0.0f); QCOMPARE(area.ceiling(), 9842.5197f); } + + void testTabCoordinateSeparator() + { + QFile f(QFINDTESTDATA("capdata/mo-cap_monsoon.xml")); + QVERIFY(f.open(QFile::ReadOnly)); + KWeatherCore::CAPParser parser(f.readAll()); + auto alert = parser.parse(); + + QCOMPARE(alert.status(), KWeatherCore::CAPAlertMessage::Status::Actual); + QCOMPARE(alert.messageType(), KWeatherCore::CAPAlertMessage::MessageType::Update); + QCOMPARE(alert.references().size(), 1); + auto ref = alert.references()[0]; + QCOMPARE(ref.sender(), "me...@smg.gov.mo"_L1); + QCOMPARE(ref.identifier(), "SMG-Weather_MS_2025_006_03"_L1); + QCOMPARE(ref.sent(), QDateTime({2025, 4, 13}, {5, 52, 12}, QTimeZone::fromSecondsAheadOfUtc(8 * 60 * 60))); + + QCOMPARE(alert.alertInfos().size(), 3); + const auto info = alert.alertInfos()[0]; + QCOMPARE(info.areas().size(), 1); + const auto area = info.areas()[0]; + QCOMPARE(area.description(), u"澳門特別行政區行政區域圖"); + QCOMPARE(area.polygons().size(), 1); + const auto poly = area.polygons()[0]; + QCOMPARE(poly.size(), 63); + } + + void testEmptyPolygon() + { + QFile f(QFINDTESTDATA("capdata/il-488abaaf-cad5-4d2b-93b2-703016878453.xml")); + QVERIFY(f.open(QFile::ReadOnly)); + KWeatherCore::CAPParser parser(f.readAll()); + auto alert = parser.parse(); + + QCOMPARE(alert.status(), KWeatherCore::CAPAlertMessage::Status::Actual); + QCOMPARE(alert.alertInfos().size(), 2); + const auto info = alert.alertInfos()[0]; + QCOMPARE(info.areas().size(), 3); + const auto area = info.areas()[0]; + QVERIFY(!area.description().isEmpty()); + QCOMPARE(area.geoCodes().size(), 1); + QCOMPARE(area.polygons().size(), 0); + } }; QTEST_GUILESS_MAIN(CapParserTest) diff -Nru kweathercore-25.04.0/CMakeLists.txt kweathercore-25.04.2/CMakeLists.txt --- kweathercore-25.04.0/CMakeLists.txt 2025-04-07 22:47:47.000000000 +0200 +++ kweathercore-25.04.2/CMakeLists.txt 2025-06-02 22:02:13.000000000 +0200 @@ -3,7 +3,7 @@ # KDE Application Version, managed by release script set (RELEASE_SERVICE_VERSION_MAJOR "25") set (RELEASE_SERVICE_VERSION_MINOR "04") -set (RELEASE_SERVICE_VERSION_MICRO "0") +set (RELEASE_SERVICE_VERSION_MICRO "2") set (RELEASE_SERVICE_VERSION "${RELEASE_SERVICE_VERSION_MAJOR}.${RELEASE_SERVICE_VERSION_MINOR}.${RELEASE_SERVICE_VERSION_MICRO}") project(KWeatherCore VERSION ${RELEASE_SERVICE_VERSION}) diff -Nru kweathercore-25.04.0/debian/changelog kweathercore-25.04.2/debian/changelog --- kweathercore-25.04.0/debian/changelog 2025-04-26 01:01:37.000000000 +0200 +++ kweathercore-25.04.2/debian/changelog 2025-06-09 23:00:38.000000000 +0200 @@ -1,3 +1,12 @@ +kweathercore (25.04.2-1) unstable; urgency=medium + + [ Aurélien COUDERC ] + * New upstream release (25.04.1). + - Harden the CAP polygon parser against creative input. + - Fix: Add virtual destructor for ReplyPrivate. + + -- Aurélien COUDERC <couc...@debian.org> Mon, 09 Jun 2025 23:00:38 +0200 + kweathercore (25.04.0-1) unstable; urgency=medium [ Aurélien COUDERC ] diff -Nru kweathercore-25.04.0/src/capparser.cpp kweathercore-25.04.2/src/capparser.cpp --- kweathercore-25.04.0/src/capparser.cpp 2025-04-07 22:47:47.000000000 +0200 +++ kweathercore-25.04.2/src/capparser.cpp 2025-06-02 22:02:13.000000000 +0200 @@ -175,11 +175,29 @@ {"Unlikely", CAPAlertInfo::Certainty::Unlikely}, }; +[[nodiscard]] static QStringView nextCoordinate(QStringView &input) +{ + const auto beginIt = std::find_if(input.constBegin(), input.constEnd(), [](auto c) { + return !c.isSpace(); + }); + if (beginIt == input.constEnd()) { + input = {}; + return {}; + } + const auto endIt = std::find_if(std::next(beginIt), input.constEnd(), [](auto c) { + return c.isSpace(); + }); + auto s = input.sliced(std::distance(input.constBegin(), beginIt), std::distance(beginIt, endIt)); + input.slice(std::distance(input.constBegin(), endIt)); + return s; +} + [[nodiscard]] static CAPPolygon stringToPolygon(QStringView str) { CAPPolygon res; - for (auto coordinate : QStringTokenizer(str, ' '_L1, Qt::SkipEmptyParts)) { + do { + auto coordinate = nextCoordinate(str); const auto idx = coordinate.indexOf(','_L1); if (idx < 0) { continue; @@ -189,7 +207,7 @@ if (!latOk || !lonOk) { res.pop_back(); } - } + } while (!str.isEmpty()); return res; } @@ -400,7 +418,10 @@ } else if (m_xml.name() == QLatin1String("geocode") && !m_xml.isEndElement()) { area.addGeoCode(parseNamedValue()); } else if (m_xml.name() == QLatin1String("polygon") && !m_xml.isEndElement()) { - area.addPolygon(stringToPolygon(m_xml.readElementText())); + auto poly = stringToPolygon(m_xml.readElementText()); + if (poly.size() >= 4) { + area.addPolygon(std::move(poly)); + } } else if (m_xml.name() == QLatin1String("circle") && !m_xml.isEndElement()) { const auto t = m_xml.readElementText(); const auto commaIdx = t.indexOf(QLatin1Char(',')); diff -Nru kweathercore-25.04.0/src/reply_p.h kweathercore-25.04.2/src/reply_p.h --- kweathercore-25.04.0/src/reply_p.h 2025-04-07 22:47:47.000000000 +0200 +++ kweathercore-25.04.2/src/reply_p.h 2025-06-02 22:02:13.000000000 +0200 @@ -16,6 +16,7 @@ class ReplyPrivate { public: + virtual ~ReplyPrivate() = default; void setError(Reply::Error error, const QString &msg = {}); Reply::Error m_error = Reply::NoError;
