gentoo resync : 25.11.2020

author: V3n3RiX <venerix@redcorelinux.org> 2020-11-25 22:39:15 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2020-11-25 22:39:15 +0000
commit: d934827bf44b7cfcf6711964418148fa60877668 (patch)
tree: 0625f358789b5e015e49db139cc1dbc9be00428f /kde-apps/ark
parent: 2e34d110f164bf74d55fced27fe0000201b3eec5 (diff)
6 files changed, 6 insertions, 280 deletions
diff --git a/kde-apps/ark/Manifest b/kde-apps/ark/Manifest
index 7a9182064a92..842c3f909360 100644
--- a/kde-apps/ark/Manifest
+++ b/kde-apps/ark/Manifest
@@ -1,8 +1,3 @@
-AUX ark-20.04.3-CVE-2020-16116.patch 1819 BLAKE2B 878e3046b1096bb5c9ec1ba64fcb2350b025f87295350182df435ad05302415ac486c51be39ac4c561d41930998a0b8b0031d5240dbcf085f275375e453eb640 SHA512 953ca28531a92198f9d5e429cea85e2887b88e5132093845c3f52615e7f736b592bea8d80c98a7c198685062ef47efc463e5cecacca5470cf920f00bfc461e41
-AUX ark-20.04.3-CVE-2020-24654.patch 1848 BLAKE2B d82b80b5d7b6491460a7f87cc82d3d6db3e7615d1aa0282d83dc62465a9c27310b69b5150332930ded525e9846d3748c5fda0553971bc8d282f45d377a964077 SHA512 c8ab491d58bea0c6fe81df7ec2c89ab8351f3d1a89c5632b1db669b418671715e7f10e96058b783672d5f0cad6b6c959f10130eda264859d951859622f59f2e4
-DIST ark-20.04.3.tar.xz 2586436 BLAKE2B 98343a4bc91fd13a33ba9dd69487c27433435d4bff722245c2cde02191017f4fa0b2d15213b97a86c3ecd87a17bf59e62a80b63c6684c813845bec9bab58f441 SHA512 6274483bc7cad9b8b3842a622a3f243fd5756aec147624eb9041459efd5c833e203c286412185bb105133d8c83a7503c8c7e519b8cb9cbd13830793c3429e142
-DIST ark-20.08.1.tar.xz 2709500 BLAKE2B 8147433916cab11b784260e235b313ca3fce515b012e851759b65baeb11682721bcfa83bd8c5844befbdc7c7c21afde5518636df61f7d2676d52ee07274967ea SHA512 1fae786d17a6e576e64b5b72e7d6886900a2fee3eedad41db174382dc70cb858c5c192c20896e5c2b6ec3c07f07d155fa5f52654496876808650a279b39eaa86
-EBUILD ark-20.04.3-r1.ebuild 2259 BLAKE2B 52cf0ce440871bf16f91936bf7164d669358c505112a57391fcf4b73f38d0bc45d67424934e712181a21755b2e7e642d74d7d5ca649d4534f16ca4f78d4a6a2b SHA512 50f97838ce7467483eae5f0d55a5e664f43e48a5598ade916774272b57daa9a2ab10824067935a4a2ffe3a5626634514e5f599a846aea5444d5dd2f379b3dbee
-EBUILD ark-20.04.3-r2.ebuild 2089 BLAKE2B e775bf6eb60fd1c351a01e661a1a5739ea4b3fbba6f94f8b0e03f0ec9858dd4471098dca6429484a703d9f0b5d7eec03abbbab655df4531727e347f3fbbb7212 SHA512 2b7573196d3c40ae1ba9e473b4e10be5ea571f30f446d9896c3a6a156a1331daeaa65df919756f815928c8d175d8d941b52d1812ee526024e396a8487f028f43
-EBUILD ark-20.08.1.ebuild 1995 BLAKE2B b16597d7a6852fecd3f16935cad6161337b8758d7a8c67b37be17b299855badbf775537b4deacb818dfaba3e422ece157c4023a17c7d14833432a91cb6d7366a SHA512 e91daa641b690c9e31ba10041c698e0997d79096b934415f26d6468c310d640905a34e0fb1c25843abb512f24b3cca86a317018e672fd7647a40e8d3fa0062de
+DIST ark-20.08.3.tar.xz 2711708 BLAKE2B c486320f113ab3d12b67aec7589e7973a022415da5dbe01754a9e454c74bb59d2b6556c6934aafd7b5c0ee685e2eca7feee276ad3ebb8a0c6f57aea5bc666a0f SHA512 41ab1498b77f9d152f900eba9e784e8ed28127c849796e42c18db5beb963b0c8f2a1ef1c408d37db02fb21577e5d8e08d8561b72b14042e079a5f1baffa01a01
+EBUILD ark-20.08.3.ebuild 1984 BLAKE2B 39c49bf07dd81ef82c1ec4696c1baad53fc3ce4a27785b17414dae84e60064a5731dbed505d4af8e3231d715ccbdf8c2386d8170114a25236ccb888ff300a031 SHA512 7e82c9ae8b6077833143ebfd256ce04786d84f04da1a1dff3626ae1d9b3a212adc031338ad6fd92018719f4219ed2c9dc30950d18034ea1b70337afe9185dd4e
 MISC metadata.xml 348 BLAKE2B 89cd42a24774f85082d025bc18402e0d4a36e07ab62155b67474a14c7294de3875d078167521f6cc4496f97f311de9264ff8c41e78477101a80d0ae2a034dcaf SHA512 447d60adfaec4e52c25d7a61a281b8b044c9a786a0600b8a8260a150f6842047f45b981aabb75e56255d05a918370113f6d2552fec1b88f661141453e003c472
diff --git a/kde-apps/ark/ark-20.04.3-r1.ebuild b/kde-apps/ark/ark-20.04.3-r1.ebuild
deleted file mode 100644
index a06c99dee9c0..000000000000
--- a/kde-apps/ark/ark-20.04.3-r1.ebuild
+++ /dev/null
@@ -1,85 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-ECM_HANDBOOK="forceoptional"
-ECM_TEST="optional"
-KFMIN=5.70.0
-QTMIN=5.14.2
-VIRTUALX_REQUIRED="test"
-inherit ecm kde.org
-
-DESCRIPTION="KDE Archiving tool"
-HOMEPAGE="https://kde.org/applications/utilities/org.kde.ark
-https://utils.kde.org/projects/ark/"
-
-LICENSE="GPL-2" # TODO: CHECK
-SLOT="5"
-KEYWORDS="amd64 arm64 ~ppc64 x86"
-IUSE="bzip2 lzma zip"
-
-BDEPEND="
-	sys-devel/gettext
-"
-RDEPEND="
-	app-arch/libarchive:=[bzip2?,lzma?,zlib]
-	>=dev-qt/qtdbus-${QTMIN}:5
-	>=dev-qt/qtgui-${QTMIN}:5
-	>=dev-qt/qtwidgets-${QTMIN}:5
-	>=kde-frameworks/karchive-${KFMIN}:5
-	>=kde-frameworks/kcompletion-${KFMIN}:5
-	>=kde-frameworks/kconfig-${KFMIN}:5
-	>=kde-frameworks/kconfigwidgets-${KFMIN}:5
-	>=kde-frameworks/kcoreaddons-${KFMIN}:5
-	>=kde-frameworks/kcrash-${KFMIN}:5
-	>=kde-frameworks/kdbusaddons-${KFMIN}:5
-	>=kde-frameworks/ki18n-${KFMIN}:5
-	>=kde-frameworks/kio-${KFMIN}:5
-	>=kde-frameworks/kitemmodels-${KFMIN}:5
-	>=kde-frameworks/kjobwidgets-${KFMIN}:5
-	>=kde-frameworks/kparts-${KFMIN}:5
-	>=kde-frameworks/kpty-${KFMIN}:5
-	>=kde-frameworks/kservice-${KFMIN}:5
-	>=kde-frameworks/kwidgetsaddons-${KFMIN}:5
-	>=kde-frameworks/kxmlgui-${KFMIN}:5
-	sys-libs/zlib
-	zip? ( >=dev-libs/libzip-1.2.0:= )
-"
-DEPEND="${RDEPEND}
-	>=dev-qt/qtconcurrent-${QTMIN}:5
-"
-
-# bug #560548, last checked with 16.04.1
-RESTRICT+=" test"
-
-PATCHES=( "${FILESDIR}/${P}-CVE-2020-16116.patch" )
-
-src_configure() {
-	local mycmakeargs=(
-		$(cmake_use_find_package bzip2 BZip2)
-		$(cmake_use_find_package lzma LibLZMA)
-		$(cmake_use_find_package zip LibZip)
-	)
-
-	ecm_src_configure
-}
-
-pkg_postinst() {
-	ecm_pkg_postinst
-
-	if [[ -z "${REPLACING_VERSIONS}" ]]; then
-		if ! has_version app-arch/rar; then
-			elog "For creating/extracting rar archives, installing app-arch/rar is required."
-			if ! has_version app-arch/unar && ! has_version app-arch/unrar; then
-				elog "Alternatively, for only extracting rar archives, install app-arch/unar (free) or app-arch/unrar (non-free)."
-			fi
-		fi
-
-		has_version app-arch/p7zip || \
-			elog "For handling 7-Zip archives, install app-arch/p7zip."
-
-		has_version app-arch/lrzip || \
-			elog "For handling lrz archives, install app-arch/lrzip."
-	fi
-}
diff --git a/kde-apps/ark/ark-20.04.3-r2.ebuild b/kde-apps/ark/ark-20.04.3-r2.ebuild
deleted file mode 100644
index 14b1322ed480..000000000000
--- a/kde-apps/ark/ark-20.04.3-r2.ebuild
+++ /dev/null
@@ -1,84 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-ECM_HANDBOOK="forceoptional"
-ECM_TEST="optional"
-KFMIN=5.70.0
-QTMIN=5.14.2
-VIRTUALX_REQUIRED="test"
-inherit ecm kde.org optfeature
-
-DESCRIPTION="File archiver by KDE"
-HOMEPAGE="https://kde.org/applications/en/ark
-https://utils.kde.org/projects/ark/"
-
-LICENSE="GPL-2" # TODO: CHECK
-SLOT="5"
-KEYWORDS="~amd64 arm64 ~ppc64 ~x86"
-IUSE="zip"
-
-BDEPEND="
-	sys-devel/gettext
-"
-RDEPEND="
-	app-arch/libarchive:=[bzip2,lzma,zlib]
-	>=dev-qt/qtdbus-${QTMIN}:5
-	>=dev-qt/qtgui-${QTMIN}:5
-	>=dev-qt/qtwidgets-${QTMIN}:5
-	>=kde-frameworks/karchive-${KFMIN}:5
-	>=kde-frameworks/kcompletion-${KFMIN}:5
-	>=kde-frameworks/kconfig-${KFMIN}:5
-	>=kde-frameworks/kconfigwidgets-${KFMIN}:5
-	>=kde-frameworks/kcoreaddons-${KFMIN}:5
-	>=kde-frameworks/kcrash-${KFMIN}:5
-	>=kde-frameworks/kdbusaddons-${KFMIN}:5
-	>=kde-frameworks/ki18n-${KFMIN}:5
-	>=kde-frameworks/kio-${KFMIN}:5
-	>=kde-frameworks/kitemmodels-${KFMIN}:5
-	>=kde-frameworks/kjobwidgets-${KFMIN}:5
-	>=kde-frameworks/kparts-${KFMIN}:5
-	>=kde-frameworks/kpty-${KFMIN}:5
-	>=kde-frameworks/kservice-${KFMIN}:5
-	>=kde-frameworks/kwidgetsaddons-${KFMIN}:5
-	>=kde-frameworks/kxmlgui-${KFMIN}:5
-	sys-libs/zlib
-	zip? ( >=dev-libs/libzip-1.2.0:= )
-"
-DEPEND="${RDEPEND}
-	>=dev-qt/qtconcurrent-${QTMIN}:5
-"
-
-PATCHES=(
-	"${FILESDIR}/${P}-CVE-2020-16116.patch"
-	"${FILESDIR}/${P}-CVE-2020-24654.patch"
-)
-
-src_configure() {
-	local mycmakeargs=(
-		$(cmake_use_find_package zip LibZip)
-	)
-
-	ecm_src_configure
-}
-
-src_test() {
-	local myctestargs=(
-		-E "(plugins-clirartest)"
-	)
-
-	ecm_src_test
-}
-
-pkg_postinst() {
-	if [[ -z "${REPLACING_VERSIONS}" ]]; then
-		elog "Optional dependencies:"
-		optfeature "rar archive creation/extraction" app-arch/rar
-		optfeature "rar archive extraction only" app-arch/unar app-arch/unrar
-		optfeature "7-Zip archive support" app-arch/p7zip
-		optfeature "lrz archive support" app-arch/lrzip
-		optfeature "markdown support in text previews" kde-misc/markdownpart:${SLOT} kde-misc/kmarkdownwebview:${SLOT}
-	fi
-	ecm_pkg_postinst
-}
diff --git a/kde-apps/ark/ark-20.08.1.ebuild b/kde-apps/ark/ark-20.08.3.ebuild
index d683f2a50092..c9ef36a81bf1 100644
--- a/kde-apps/ark/ark-20.08.1.ebuild
+++ b/kde-apps/ark/ark-20.08.3.ebuild
@@ -5,18 +5,17 @@ EAPI=7
 
 ECM_HANDBOOK="forceoptional"
 ECM_TEST="optional"
-KFMIN=5.72.0
-QTMIN=5.14.2
+KFMIN=5.74.0
+QTMIN=5.15.1
 VIRTUALX_REQUIRED="test"
 inherit ecm kde.org optfeature
 
 DESCRIPTION="File archiver by KDE"
-HOMEPAGE="https://kde.org/applications/en/ark
-https://utils.kde.org/projects/ark/"
+HOMEPAGE="https://apps.kde.org/en/ark https://utils.kde.org/projects/ark/"
 
 LICENSE="GPL-2" # TODO: CHECK
 SLOT="5"
-KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86"
+KEYWORDS="amd64 arm64 ~ppc64 x86"
 IUSE="zip"
 
 BDEPEND="
diff --git a/kde-apps/ark/files/ark-20.04.3-CVE-2020-16116.patch b/kde-apps/ark/files/ark-20.04.3-CVE-2020-16116.patch
deleted file mode 100644
index 79129c7be6e1..000000000000
--- a/kde-apps/ark/files/ark-20.04.3-CVE-2020-16116.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 0df592524fed305d6fbe74ddf8a196bc9ffdb92f Mon Sep 17 00:00:00 2001
-From: Elvis Angelaccio <elvis.angelaccio@kde.org>
-Date: Wed, 29 Jul 2020 23:45:30 +0200
-Subject: [PATCH] Fix vulnerability to path traversal attacks
-
-Ark was vulnerable to directory traversal attacks because of
-missing validation of file paths in the archive.
-
-More details about this attack are available at:
-https://github.com/snyk/zip-slip-vulnerability
-
-Job::onEntry() is the only place where we can safely check the path of
-every entry in the archive. There shouldn't be a valid reason
-to have a "../" in an archive path, so we can just play safe and abort
-the LoadJob if we detect such an entry. This makes impossibile to
-extract this kind of malicious archives and perform the attack.
-
-Thanks to Albert Astals Cid for suggesting to use QDir::cleanPath()
-so that we can still allow loading of legitimate archives that
-contain "../" in their paths but still resolve inside the extraction folder.
----
- kerfuffle/jobs.cpp | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/kerfuffle/jobs.cpp b/kerfuffle/jobs.cpp
-index fdaa48695..f73b56f86 100644
---- a/kerfuffle/jobs.cpp
-+++ b/kerfuffle/jobs.cpp
-@@ -180,6 +180,14 @@ void Job::onError(const QString & message, const QString & details)
- 
- void Job::onEntry(Archive::Entry *entry)
- {
-+    const QString entryFullPath = entry->fullPath();
-+    if (QDir::cleanPath(entryFullPath).contains(QLatin1String("../"))) {
-+        qCWarning(ARK) << "Possibly malicious archive. Detected entry that could lead to a directory traversal attack:" << entryFullPath;
-+        onError(i18n("Could not load the archive because it contains ill-formed entries and might be a malicious archive."), QString());
-+        onFinished(false);
-+        return;
-+    }
-+
-     emit newEntry(entry);
- }
- 
--- 
-GitLab
-
diff --git a/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch b/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch
deleted file mode 100644
index 8b3821893ef3..000000000000
--- a/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 8bf8c5ef07b0ac5e914d752681e470dea403a5bd Mon Sep 17 00:00:00 2001
-From: Fabian Vogt <fabian@ritter-vogt.de>
-Date: Tue, 25 Aug 2020 22:14:37 +0200
-Subject: [PATCH] Pass the ARCHIVE_EXTRACT_SECURE_SYMLINKS flag to libarchive
-
-There are archive types which allow to first create a symlink and then
-later on dereference it. If the symlink points outside of the archive,
-this results in writing outside of the destination directory.
-
-With the ARCHIVE_EXTRACT_SECURE_SYMLINKS option set, libarchive avoids
-this situation by verifying that none of the target path components are
-symlinks before writing.
-
-Remove the commented out code in the method, which would actually
-misbehave if enabled again.
-
-Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de>
----
- plugins/libarchive/libarchiveplugin.cpp | 18 +++---------------
- 1 file changed, 3 insertions(+), 15 deletions(-)
-
-diff --git a/plugins/libarchive/libarchiveplugin.cpp b/plugins/libarchive/libarchiveplugin.cpp
-index 50e81da1..8a0fed21 100644
---- a/plugins/libarchive/libarchiveplugin.cpp
-+++ b/plugins/libarchive/libarchiveplugin.cpp
-@@ -509,21 +509,9 @@ void LibarchivePlugin::emitEntryFromArchiveEntry(struct archive_entry *aentry)
- 
- int LibarchivePlugin::extractionFlags() const
- {
--    int result = ARCHIVE_EXTRACT_TIME;
--    result |= ARCHIVE_EXTRACT_SECURE_NODOTDOT;
--
--    // TODO: Don't use arksettings here
--    /*if ( ArkSettings::preservePerms() )
--    {
--        result &= ARCHIVE_EXTRACT_PERM;
--    }
--
--    if ( !ArkSettings::extractOverwrite() )
--    {
--        result &= ARCHIVE_EXTRACT_NO_OVERWRITE;
--    }*/
--
--    return result;
-+    return ARCHIVE_EXTRACT_TIME
-+           | ARCHIVE_EXTRACT_SECURE_NODOTDOT
-+           | ARCHIVE_EXTRACT_SECURE_SYMLINKS;
- }
- 
- void LibarchivePlugin::copyData(const QString& filename, struct archive *dest, bool partialprogress)
--- 
-GitLab
-
author	V3n3RiX <venerix@redcorelinux.org>	2020-11-25 22:39:15 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2020-11-25 22:39:15 +0000
commit	d934827bf44b7cfcf6711964418148fa60877668 (patch)
tree	0625f358789b5e015e49db139cc1dbc9be00428f /kde-apps/ark
parent	2e34d110f164bf74d55fced27fe0000201b3eec5 (diff)