diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2020-11-25 22:39:15 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2020-11-25 22:39:15 +0000 |
commit | d934827bf44b7cfcf6711964418148fa60877668 (patch) | |
tree | 0625f358789b5e015e49db139cc1dbc9be00428f /kde-apps/ark | |
parent | 2e34d110f164bf74d55fced27fe0000201b3eec5 (diff) |
gentoo resync : 25.11.2020
Diffstat (limited to 'kde-apps/ark')
-rw-r--r-- | kde-apps/ark/Manifest | 9 | ||||
-rw-r--r-- | kde-apps/ark/ark-20.04.3-r1.ebuild | 85 | ||||
-rw-r--r-- | kde-apps/ark/ark-20.04.3-r2.ebuild | 84 | ||||
-rw-r--r-- | kde-apps/ark/ark-20.08.3.ebuild (renamed from kde-apps/ark/ark-20.08.1.ebuild) | 9 | ||||
-rw-r--r-- | kde-apps/ark/files/ark-20.04.3-CVE-2020-16116.patch | 46 | ||||
-rw-r--r-- | kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch | 53 |
6 files changed, 6 insertions, 280 deletions
diff --git a/kde-apps/ark/Manifest b/kde-apps/ark/Manifest index 7a9182064a92..842c3f909360 100644 --- a/kde-apps/ark/Manifest +++ b/kde-apps/ark/Manifest @@ -1,8 +1,3 @@ -AUX ark-20.04.3-CVE-2020-16116.patch 1819 BLAKE2B 878e3046b1096bb5c9ec1ba64fcb2350b025f87295350182df435ad05302415ac486c51be39ac4c561d41930998a0b8b0031d5240dbcf085f275375e453eb640 SHA512 953ca28531a92198f9d5e429cea85e2887b88e5132093845c3f52615e7f736b592bea8d80c98a7c198685062ef47efc463e5cecacca5470cf920f00bfc461e41 -AUX ark-20.04.3-CVE-2020-24654.patch 1848 BLAKE2B d82b80b5d7b6491460a7f87cc82d3d6db3e7615d1aa0282d83dc62465a9c27310b69b5150332930ded525e9846d3748c5fda0553971bc8d282f45d377a964077 SHA512 c8ab491d58bea0c6fe81df7ec2c89ab8351f3d1a89c5632b1db669b418671715e7f10e96058b783672d5f0cad6b6c959f10130eda264859d951859622f59f2e4 -DIST ark-20.04.3.tar.xz 2586436 BLAKE2B 98343a4bc91fd13a33ba9dd69487c27433435d4bff722245c2cde02191017f4fa0b2d15213b97a86c3ecd87a17bf59e62a80b63c6684c813845bec9bab58f441 SHA512 6274483bc7cad9b8b3842a622a3f243fd5756aec147624eb9041459efd5c833e203c286412185bb105133d8c83a7503c8c7e519b8cb9cbd13830793c3429e142 -DIST ark-20.08.1.tar.xz 2709500 BLAKE2B 8147433916cab11b784260e235b313ca3fce515b012e851759b65baeb11682721bcfa83bd8c5844befbdc7c7c21afde5518636df61f7d2676d52ee07274967ea SHA512 1fae786d17a6e576e64b5b72e7d6886900a2fee3eedad41db174382dc70cb858c5c192c20896e5c2b6ec3c07f07d155fa5f52654496876808650a279b39eaa86 -EBUILD ark-20.04.3-r1.ebuild 2259 BLAKE2B 52cf0ce440871bf16f91936bf7164d669358c505112a57391fcf4b73f38d0bc45d67424934e712181a21755b2e7e642d74d7d5ca649d4534f16ca4f78d4a6a2b SHA512 50f97838ce7467483eae5f0d55a5e664f43e48a5598ade916774272b57daa9a2ab10824067935a4a2ffe3a5626634514e5f599a846aea5444d5dd2f379b3dbee -EBUILD ark-20.04.3-r2.ebuild 2089 BLAKE2B e775bf6eb60fd1c351a01e661a1a5739ea4b3fbba6f94f8b0e03f0ec9858dd4471098dca6429484a703d9f0b5d7eec03abbbab655df4531727e347f3fbbb7212 SHA512 2b7573196d3c40ae1ba9e473b4e10be5ea571f30f446d9896c3a6a156a1331daeaa65df919756f815928c8d175d8d941b52d1812ee526024e396a8487f028f43 -EBUILD ark-20.08.1.ebuild 1995 BLAKE2B b16597d7a6852fecd3f16935cad6161337b8758d7a8c67b37be17b299855badbf775537b4deacb818dfaba3e422ece157c4023a17c7d14833432a91cb6d7366a SHA512 e91daa641b690c9e31ba10041c698e0997d79096b934415f26d6468c310d640905a34e0fb1c25843abb512f24b3cca86a317018e672fd7647a40e8d3fa0062de +DIST ark-20.08.3.tar.xz 2711708 BLAKE2B c486320f113ab3d12b67aec7589e7973a022415da5dbe01754a9e454c74bb59d2b6556c6934aafd7b5c0ee685e2eca7feee276ad3ebb8a0c6f57aea5bc666a0f SHA512 41ab1498b77f9d152f900eba9e784e8ed28127c849796e42c18db5beb963b0c8f2a1ef1c408d37db02fb21577e5d8e08d8561b72b14042e079a5f1baffa01a01 +EBUILD ark-20.08.3.ebuild 1984 BLAKE2B 39c49bf07dd81ef82c1ec4696c1baad53fc3ce4a27785b17414dae84e60064a5731dbed505d4af8e3231d715ccbdf8c2386d8170114a25236ccb888ff300a031 SHA512 7e82c9ae8b6077833143ebfd256ce04786d84f04da1a1dff3626ae1d9b3a212adc031338ad6fd92018719f4219ed2c9dc30950d18034ea1b70337afe9185dd4e MISC metadata.xml 348 BLAKE2B 89cd42a24774f85082d025bc18402e0d4a36e07ab62155b67474a14c7294de3875d078167521f6cc4496f97f311de9264ff8c41e78477101a80d0ae2a034dcaf SHA512 447d60adfaec4e52c25d7a61a281b8b044c9a786a0600b8a8260a150f6842047f45b981aabb75e56255d05a918370113f6d2552fec1b88f661141453e003c472 diff --git a/kde-apps/ark/ark-20.04.3-r1.ebuild b/kde-apps/ark/ark-20.04.3-r1.ebuild deleted file mode 100644 index a06c99dee9c0..000000000000 --- a/kde-apps/ark/ark-20.04.3-r1.ebuild +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -ECM_HANDBOOK="forceoptional" -ECM_TEST="optional" -KFMIN=5.70.0 -QTMIN=5.14.2 -VIRTUALX_REQUIRED="test" -inherit ecm kde.org - -DESCRIPTION="KDE Archiving tool" -HOMEPAGE="https://kde.org/applications/utilities/org.kde.ark -https://utils.kde.org/projects/ark/" - -LICENSE="GPL-2" # TODO: CHECK -SLOT="5" -KEYWORDS="amd64 arm64 ~ppc64 x86" -IUSE="bzip2 lzma zip" - -BDEPEND=" - sys-devel/gettext -" -RDEPEND=" - app-arch/libarchive:=[bzip2?,lzma?,zlib] - >=dev-qt/qtdbus-${QTMIN}:5 - >=dev-qt/qtgui-${QTMIN}:5 - >=dev-qt/qtwidgets-${QTMIN}:5 - >=kde-frameworks/karchive-${KFMIN}:5 - >=kde-frameworks/kcompletion-${KFMIN}:5 - >=kde-frameworks/kconfig-${KFMIN}:5 - >=kde-frameworks/kconfigwidgets-${KFMIN}:5 - >=kde-frameworks/kcoreaddons-${KFMIN}:5 - >=kde-frameworks/kcrash-${KFMIN}:5 - >=kde-frameworks/kdbusaddons-${KFMIN}:5 - >=kde-frameworks/ki18n-${KFMIN}:5 - >=kde-frameworks/kio-${KFMIN}:5 - >=kde-frameworks/kitemmodels-${KFMIN}:5 - >=kde-frameworks/kjobwidgets-${KFMIN}:5 - >=kde-frameworks/kparts-${KFMIN}:5 - >=kde-frameworks/kpty-${KFMIN}:5 - >=kde-frameworks/kservice-${KFMIN}:5 - >=kde-frameworks/kwidgetsaddons-${KFMIN}:5 - >=kde-frameworks/kxmlgui-${KFMIN}:5 - sys-libs/zlib - zip? ( >=dev-libs/libzip-1.2.0:= ) -" -DEPEND="${RDEPEND} - >=dev-qt/qtconcurrent-${QTMIN}:5 -" - -# bug #560548, last checked with 16.04.1 -RESTRICT+=" test" - -PATCHES=( "${FILESDIR}/${P}-CVE-2020-16116.patch" ) - -src_configure() { - local mycmakeargs=( - $(cmake_use_find_package bzip2 BZip2) - $(cmake_use_find_package lzma LibLZMA) - $(cmake_use_find_package zip LibZip) - ) - - ecm_src_configure -} - -pkg_postinst() { - ecm_pkg_postinst - - if [[ -z "${REPLACING_VERSIONS}" ]]; then - if ! has_version app-arch/rar; then - elog "For creating/extracting rar archives, installing app-arch/rar is required." - if ! has_version app-arch/unar && ! has_version app-arch/unrar; then - elog "Alternatively, for only extracting rar archives, install app-arch/unar (free) or app-arch/unrar (non-free)." - fi - fi - - has_version app-arch/p7zip || \ - elog "For handling 7-Zip archives, install app-arch/p7zip." - - has_version app-arch/lrzip || \ - elog "For handling lrz archives, install app-arch/lrzip." - fi -} diff --git a/kde-apps/ark/ark-20.04.3-r2.ebuild b/kde-apps/ark/ark-20.04.3-r2.ebuild deleted file mode 100644 index 14b1322ed480..000000000000 --- a/kde-apps/ark/ark-20.04.3-r2.ebuild +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -ECM_HANDBOOK="forceoptional" -ECM_TEST="optional" -KFMIN=5.70.0 -QTMIN=5.14.2 -VIRTUALX_REQUIRED="test" -inherit ecm kde.org optfeature - -DESCRIPTION="File archiver by KDE" -HOMEPAGE="https://kde.org/applications/en/ark -https://utils.kde.org/projects/ark/" - -LICENSE="GPL-2" # TODO: CHECK -SLOT="5" -KEYWORDS="~amd64 arm64 ~ppc64 ~x86" -IUSE="zip" - -BDEPEND=" - sys-devel/gettext -" -RDEPEND=" - app-arch/libarchive:=[bzip2,lzma,zlib] - >=dev-qt/qtdbus-${QTMIN}:5 - >=dev-qt/qtgui-${QTMIN}:5 - >=dev-qt/qtwidgets-${QTMIN}:5 - >=kde-frameworks/karchive-${KFMIN}:5 - >=kde-frameworks/kcompletion-${KFMIN}:5 - >=kde-frameworks/kconfig-${KFMIN}:5 - >=kde-frameworks/kconfigwidgets-${KFMIN}:5 - >=kde-frameworks/kcoreaddons-${KFMIN}:5 - >=kde-frameworks/kcrash-${KFMIN}:5 - >=kde-frameworks/kdbusaddons-${KFMIN}:5 - >=kde-frameworks/ki18n-${KFMIN}:5 - >=kde-frameworks/kio-${KFMIN}:5 - >=kde-frameworks/kitemmodels-${KFMIN}:5 - >=kde-frameworks/kjobwidgets-${KFMIN}:5 - >=kde-frameworks/kparts-${KFMIN}:5 - >=kde-frameworks/kpty-${KFMIN}:5 - >=kde-frameworks/kservice-${KFMIN}:5 - >=kde-frameworks/kwidgetsaddons-${KFMIN}:5 - >=kde-frameworks/kxmlgui-${KFMIN}:5 - sys-libs/zlib - zip? ( >=dev-libs/libzip-1.2.0:= ) -" -DEPEND="${RDEPEND} - >=dev-qt/qtconcurrent-${QTMIN}:5 -" - -PATCHES=( - "${FILESDIR}/${P}-CVE-2020-16116.patch" - "${FILESDIR}/${P}-CVE-2020-24654.patch" -) - -src_configure() { - local mycmakeargs=( - $(cmake_use_find_package zip LibZip) - ) - - ecm_src_configure -} - -src_test() { - local myctestargs=( - -E "(plugins-clirartest)" - ) - - ecm_src_test -} - -pkg_postinst() { - if [[ -z "${REPLACING_VERSIONS}" ]]; then - elog "Optional dependencies:" - optfeature "rar archive creation/extraction" app-arch/rar - optfeature "rar archive extraction only" app-arch/unar app-arch/unrar - optfeature "7-Zip archive support" app-arch/p7zip - optfeature "lrz archive support" app-arch/lrzip - optfeature "markdown support in text previews" kde-misc/markdownpart:${SLOT} kde-misc/kmarkdownwebview:${SLOT} - fi - ecm_pkg_postinst -} diff --git a/kde-apps/ark/ark-20.08.1.ebuild b/kde-apps/ark/ark-20.08.3.ebuild index d683f2a50092..c9ef36a81bf1 100644 --- a/kde-apps/ark/ark-20.08.1.ebuild +++ b/kde-apps/ark/ark-20.08.3.ebuild @@ -5,18 +5,17 @@ EAPI=7 ECM_HANDBOOK="forceoptional" ECM_TEST="optional" -KFMIN=5.72.0 -QTMIN=5.14.2 +KFMIN=5.74.0 +QTMIN=5.15.1 VIRTUALX_REQUIRED="test" inherit ecm kde.org optfeature DESCRIPTION="File archiver by KDE" -HOMEPAGE="https://kde.org/applications/en/ark -https://utils.kde.org/projects/ark/" +HOMEPAGE="https://apps.kde.org/en/ark https://utils.kde.org/projects/ark/" LICENSE="GPL-2" # TODO: CHECK SLOT="5" -KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86" +KEYWORDS="amd64 arm64 ~ppc64 x86" IUSE="zip" BDEPEND=" diff --git a/kde-apps/ark/files/ark-20.04.3-CVE-2020-16116.patch b/kde-apps/ark/files/ark-20.04.3-CVE-2020-16116.patch deleted file mode 100644 index 79129c7be6e1..000000000000 --- a/kde-apps/ark/files/ark-20.04.3-CVE-2020-16116.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 0df592524fed305d6fbe74ddf8a196bc9ffdb92f Mon Sep 17 00:00:00 2001 -From: Elvis Angelaccio <elvis.angelaccio@kde.org> -Date: Wed, 29 Jul 2020 23:45:30 +0200 -Subject: [PATCH] Fix vulnerability to path traversal attacks - -Ark was vulnerable to directory traversal attacks because of -missing validation of file paths in the archive. - -More details about this attack are available at: -https://github.com/snyk/zip-slip-vulnerability - -Job::onEntry() is the only place where we can safely check the path of -every entry in the archive. There shouldn't be a valid reason -to have a "../" in an archive path, so we can just play safe and abort -the LoadJob if we detect such an entry. This makes impossibile to -extract this kind of malicious archives and perform the attack. - -Thanks to Albert Astals Cid for suggesting to use QDir::cleanPath() -so that we can still allow loading of legitimate archives that -contain "../" in their paths but still resolve inside the extraction folder. ---- - kerfuffle/jobs.cpp | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/kerfuffle/jobs.cpp b/kerfuffle/jobs.cpp -index fdaa48695..f73b56f86 100644 ---- a/kerfuffle/jobs.cpp -+++ b/kerfuffle/jobs.cpp -@@ -180,6 +180,14 @@ void Job::onError(const QString & message, const QString & details) - - void Job::onEntry(Archive::Entry *entry) - { -+ const QString entryFullPath = entry->fullPath(); -+ if (QDir::cleanPath(entryFullPath).contains(QLatin1String("../"))) { -+ qCWarning(ARK) << "Possibly malicious archive. Detected entry that could lead to a directory traversal attack:" << entryFullPath; -+ onError(i18n("Could not load the archive because it contains ill-formed entries and might be a malicious archive."), QString()); -+ onFinished(false); -+ return; -+ } -+ - emit newEntry(entry); - } - --- -GitLab - diff --git a/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch b/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch deleted file mode 100644 index 8b3821893ef3..000000000000 --- a/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 8bf8c5ef07b0ac5e914d752681e470dea403a5bd Mon Sep 17 00:00:00 2001 -From: Fabian Vogt <fabian@ritter-vogt.de> -Date: Tue, 25 Aug 2020 22:14:37 +0200 -Subject: [PATCH] Pass the ARCHIVE_EXTRACT_SECURE_SYMLINKS flag to libarchive - -There are archive types which allow to first create a symlink and then -later on dereference it. If the symlink points outside of the archive, -this results in writing outside of the destination directory. - -With the ARCHIVE_EXTRACT_SECURE_SYMLINKS option set, libarchive avoids -this situation by verifying that none of the target path components are -symlinks before writing. - -Remove the commented out code in the method, which would actually -misbehave if enabled again. - -Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de> ---- - plugins/libarchive/libarchiveplugin.cpp | 18 +++--------------- - 1 file changed, 3 insertions(+), 15 deletions(-) - -diff --git a/plugins/libarchive/libarchiveplugin.cpp b/plugins/libarchive/libarchiveplugin.cpp -index 50e81da1..8a0fed21 100644 ---- a/plugins/libarchive/libarchiveplugin.cpp -+++ b/plugins/libarchive/libarchiveplugin.cpp -@@ -509,21 +509,9 @@ void LibarchivePlugin::emitEntryFromArchiveEntry(struct archive_entry *aentry) - - int LibarchivePlugin::extractionFlags() const - { -- int result = ARCHIVE_EXTRACT_TIME; -- result |= ARCHIVE_EXTRACT_SECURE_NODOTDOT; -- -- // TODO: Don't use arksettings here -- /*if ( ArkSettings::preservePerms() ) -- { -- result &= ARCHIVE_EXTRACT_PERM; -- } -- -- if ( !ArkSettings::extractOverwrite() ) -- { -- result &= ARCHIVE_EXTRACT_NO_OVERWRITE; -- }*/ -- -- return result; -+ return ARCHIVE_EXTRACT_TIME -+ | ARCHIVE_EXTRACT_SECURE_NODOTDOT -+ | ARCHIVE_EXTRACT_SECURE_SYMLINKS; - } - - void LibarchivePlugin::copyData(const QString& filename, struct archive *dest, bool partialprogress) --- -GitLab - |