From f70a1bfc721336d4fc7dfb711c2f518a6b18cf16 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 30 Sep 2020 17:27:54 +0100 Subject: gentoo resync : 30.09.2020 --- kde-apps/ark/Manifest | 4 +- kde-apps/ark/ark-20.04.3-r2.ebuild | 84 ++++++++++++++++++++++ kde-apps/ark/ark-20.08.1.ebuild | 45 +++++------- .../ark/files/ark-20.04.3-CVE-2020-24654.patch | 53 ++++++++++++++ 4 files changed, 158 insertions(+), 28 deletions(-) create mode 100644 kde-apps/ark/ark-20.04.3-r2.ebuild create mode 100644 kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch (limited to 'kde-apps/ark') diff --git a/kde-apps/ark/Manifest b/kde-apps/ark/Manifest index 1b9c02a63ccb..7a9182064a92 100644 --- a/kde-apps/ark/Manifest +++ b/kde-apps/ark/Manifest @@ -1,6 +1,8 @@ AUX ark-20.04.3-CVE-2020-16116.patch 1819 BLAKE2B 878e3046b1096bb5c9ec1ba64fcb2350b025f87295350182df435ad05302415ac486c51be39ac4c561d41930998a0b8b0031d5240dbcf085f275375e453eb640 SHA512 953ca28531a92198f9d5e429cea85e2887b88e5132093845c3f52615e7f736b592bea8d80c98a7c198685062ef47efc463e5cecacca5470cf920f00bfc461e41 +AUX ark-20.04.3-CVE-2020-24654.patch 1848 BLAKE2B d82b80b5d7b6491460a7f87cc82d3d6db3e7615d1aa0282d83dc62465a9c27310b69b5150332930ded525e9846d3748c5fda0553971bc8d282f45d377a964077 SHA512 c8ab491d58bea0c6fe81df7ec2c89ab8351f3d1a89c5632b1db669b418671715e7f10e96058b783672d5f0cad6b6c959f10130eda264859d951859622f59f2e4 DIST ark-20.04.3.tar.xz 2586436 BLAKE2B 98343a4bc91fd13a33ba9dd69487c27433435d4bff722245c2cde02191017f4fa0b2d15213b97a86c3ecd87a17bf59e62a80b63c6684c813845bec9bab58f441 SHA512 6274483bc7cad9b8b3842a622a3f243fd5756aec147624eb9041459efd5c833e203c286412185bb105133d8c83a7503c8c7e519b8cb9cbd13830793c3429e142 DIST ark-20.08.1.tar.xz 2709500 BLAKE2B 8147433916cab11b784260e235b313ca3fce515b012e851759b65baeb11682721bcfa83bd8c5844befbdc7c7c21afde5518636df61f7d2676d52ee07274967ea SHA512 1fae786d17a6e576e64b5b72e7d6886900a2fee3eedad41db174382dc70cb858c5c192c20896e5c2b6ec3c07f07d155fa5f52654496876808650a279b39eaa86 EBUILD ark-20.04.3-r1.ebuild 2259 BLAKE2B 52cf0ce440871bf16f91936bf7164d669358c505112a57391fcf4b73f38d0bc45d67424934e712181a21755b2e7e642d74d7d5ca649d4534f16ca4f78d4a6a2b SHA512 50f97838ce7467483eae5f0d55a5e664f43e48a5598ade916774272b57daa9a2ab10824067935a4a2ffe3a5626634514e5f599a846aea5444d5dd2f379b3dbee -EBUILD ark-20.08.1.ebuild 2387 BLAKE2B 0c58879925012a1acbed65e2db14a6cb5147d8d282d809d8a1602a4fa9753c3d89aeeeaa3b5bb249df127acbf8e0d72215a87d28d3c29fd84e79803f256123c3 SHA512 c9948412e3db37bc93ee93c15aebc8e081442fb82ff655ea41316cad7f4a8fbf06094da1f8aeb313a06cb814c2b05cd0faf0d5852cdfce6bbffcff750a714085 +EBUILD ark-20.04.3-r2.ebuild 2089 BLAKE2B e775bf6eb60fd1c351a01e661a1a5739ea4b3fbba6f94f8b0e03f0ec9858dd4471098dca6429484a703d9f0b5d7eec03abbbab655df4531727e347f3fbbb7212 SHA512 2b7573196d3c40ae1ba9e473b4e10be5ea571f30f446d9896c3a6a156a1331daeaa65df919756f815928c8d175d8d941b52d1812ee526024e396a8487f028f43 +EBUILD ark-20.08.1.ebuild 1995 BLAKE2B b16597d7a6852fecd3f16935cad6161337b8758d7a8c67b37be17b299855badbf775537b4deacb818dfaba3e422ece157c4023a17c7d14833432a91cb6d7366a SHA512 e91daa641b690c9e31ba10041c698e0997d79096b934415f26d6468c310d640905a34e0fb1c25843abb512f24b3cca86a317018e672fd7647a40e8d3fa0062de MISC metadata.xml 348 BLAKE2B 89cd42a24774f85082d025bc18402e0d4a36e07ab62155b67474a14c7294de3875d078167521f6cc4496f97f311de9264ff8c41e78477101a80d0ae2a034dcaf SHA512 447d60adfaec4e52c25d7a61a281b8b044c9a786a0600b8a8260a150f6842047f45b981aabb75e56255d05a918370113f6d2552fec1b88f661141453e003c472 diff --git a/kde-apps/ark/ark-20.04.3-r2.ebuild b/kde-apps/ark/ark-20.04.3-r2.ebuild new file mode 100644 index 000000000000..14b1322ed480 --- /dev/null +++ b/kde-apps/ark/ark-20.04.3-r2.ebuild @@ -0,0 +1,84 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +ECM_HANDBOOK="forceoptional" +ECM_TEST="optional" +KFMIN=5.70.0 +QTMIN=5.14.2 +VIRTUALX_REQUIRED="test" +inherit ecm kde.org optfeature + +DESCRIPTION="File archiver by KDE" +HOMEPAGE="https://kde.org/applications/en/ark +https://utils.kde.org/projects/ark/" + +LICENSE="GPL-2" # TODO: CHECK +SLOT="5" +KEYWORDS="~amd64 arm64 ~ppc64 ~x86" +IUSE="zip" + +BDEPEND=" + sys-devel/gettext +" +RDEPEND=" + app-arch/libarchive:=[bzip2,lzma,zlib] + >=dev-qt/qtdbus-${QTMIN}:5 + >=dev-qt/qtgui-${QTMIN}:5 + >=dev-qt/qtwidgets-${QTMIN}:5 + >=kde-frameworks/karchive-${KFMIN}:5 + >=kde-frameworks/kcompletion-${KFMIN}:5 + >=kde-frameworks/kconfig-${KFMIN}:5 + >=kde-frameworks/kconfigwidgets-${KFMIN}:5 + >=kde-frameworks/kcoreaddons-${KFMIN}:5 + >=kde-frameworks/kcrash-${KFMIN}:5 + >=kde-frameworks/kdbusaddons-${KFMIN}:5 + >=kde-frameworks/ki18n-${KFMIN}:5 + >=kde-frameworks/kio-${KFMIN}:5 + >=kde-frameworks/kitemmodels-${KFMIN}:5 + >=kde-frameworks/kjobwidgets-${KFMIN}:5 + >=kde-frameworks/kparts-${KFMIN}:5 + >=kde-frameworks/kpty-${KFMIN}:5 + >=kde-frameworks/kservice-${KFMIN}:5 + >=kde-frameworks/kwidgetsaddons-${KFMIN}:5 + >=kde-frameworks/kxmlgui-${KFMIN}:5 + sys-libs/zlib + zip? ( >=dev-libs/libzip-1.2.0:= ) +" +DEPEND="${RDEPEND} + >=dev-qt/qtconcurrent-${QTMIN}:5 +" + +PATCHES=( + "${FILESDIR}/${P}-CVE-2020-16116.patch" + "${FILESDIR}/${P}-CVE-2020-24654.patch" +) + +src_configure() { + local mycmakeargs=( + $(cmake_use_find_package zip LibZip) + ) + + ecm_src_configure +} + +src_test() { + local myctestargs=( + -E "(plugins-clirartest)" + ) + + ecm_src_test +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + elog "Optional dependencies:" + optfeature "rar archive creation/extraction" app-arch/rar + optfeature "rar archive extraction only" app-arch/unar app-arch/unrar + optfeature "7-Zip archive support" app-arch/p7zip + optfeature "lrz archive support" app-arch/lrzip + optfeature "markdown support in text previews" kde-misc/markdownpart:${SLOT} kde-misc/kmarkdownwebview:${SLOT} + fi + ecm_pkg_postinst +} diff --git a/kde-apps/ark/ark-20.08.1.ebuild b/kde-apps/ark/ark-20.08.1.ebuild index d96ecd65de21..d683f2a50092 100644 --- a/kde-apps/ark/ark-20.08.1.ebuild +++ b/kde-apps/ark/ark-20.08.1.ebuild @@ -8,10 +8,10 @@ ECM_TEST="optional" KFMIN=5.72.0 QTMIN=5.14.2 VIRTUALX_REQUIRED="test" -inherit ecm kde.org +inherit ecm kde.org optfeature -DESCRIPTION="KDE Archiving tool" -HOMEPAGE="https://kde.org/applications/utilities/org.kde.ark +DESCRIPTION="File archiver by KDE" +HOMEPAGE="https://kde.org/applications/en/ark https://utils.kde.org/projects/ark/" LICENSE="GPL-2" # TODO: CHECK @@ -50,9 +50,6 @@ DEPEND="${RDEPEND} >=dev-qt/qtconcurrent-${QTMIN}:5 " -# bug #560548, last checked with 16.04.1 -RESTRICT+=" test" - src_configure() { local mycmakeargs=( $(cmake_use_find_package zip LibZip) @@ -61,28 +58,22 @@ src_configure() { ecm_src_configure } -pkg_postinst() { - ecm_pkg_postinst - - if [[ -z "${REPLACING_VERSIONS}" ]]; then - if ! has_version app-arch/rar; then - elog "For creating/extracting rar archives, installing app-arch/rar is required." - if ! has_version app-arch/unar && ! has_version app-arch/unrar; then - elog "Alternatively, for only extracting rar archives, install app-arch/unar (free) or app-arch/unrar (non-free)." - fi - fi - - has_version app-arch/p7zip || \ - elog "For handling 7-Zip archives, install app-arch/p7zip." +src_test() { + local myctestargs=( + -E "(plugins-clirartest)" + ) - has_version app-arch/lrzip || \ - elog "For handling lrz archives, install app-arch/lrzip." + ecm_src_test +} - if ! has_version kde-misc/markdownpart:${SLOT} || - ! has_version kde-misc/kmarkdownwebview:${SLOT} ; then - elog "For markdown support in text previews, install one of:" - elog " kde-misc/markdownpart:${SLOT}" - elog " kde-misc/kmarkdownwebview:${SLOT}" - fi +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + elog "Optional dependencies:" + optfeature "rar archive creation/extraction" app-arch/rar + optfeature "rar archive extraction only" app-arch/unar app-arch/unrar + optfeature "7-Zip archive support" app-arch/p7zip + optfeature "lrz archive support" app-arch/lrzip + optfeature "markdown support in text previews" kde-misc/markdownpart:${SLOT} kde-misc/kmarkdownwebview:${SLOT} fi + ecm_pkg_postinst } diff --git a/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch b/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch new file mode 100644 index 000000000000..8b3821893ef3 --- /dev/null +++ b/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch @@ -0,0 +1,53 @@ +From 8bf8c5ef07b0ac5e914d752681e470dea403a5bd Mon Sep 17 00:00:00 2001 +From: Fabian Vogt +Date: Tue, 25 Aug 2020 22:14:37 +0200 +Subject: [PATCH] Pass the ARCHIVE_EXTRACT_SECURE_SYMLINKS flag to libarchive + +There are archive types which allow to first create a symlink and then +later on dereference it. If the symlink points outside of the archive, +this results in writing outside of the destination directory. + +With the ARCHIVE_EXTRACT_SECURE_SYMLINKS option set, libarchive avoids +this situation by verifying that none of the target path components are +symlinks before writing. + +Remove the commented out code in the method, which would actually +misbehave if enabled again. + +Signed-off-by: Fabian Vogt +--- + plugins/libarchive/libarchiveplugin.cpp | 18 +++--------------- + 1 file changed, 3 insertions(+), 15 deletions(-) + +diff --git a/plugins/libarchive/libarchiveplugin.cpp b/plugins/libarchive/libarchiveplugin.cpp +index 50e81da1..8a0fed21 100644 +--- a/plugins/libarchive/libarchiveplugin.cpp ++++ b/plugins/libarchive/libarchiveplugin.cpp +@@ -509,21 +509,9 @@ void LibarchivePlugin::emitEntryFromArchiveEntry(struct archive_entry *aentry) + + int LibarchivePlugin::extractionFlags() const + { +- int result = ARCHIVE_EXTRACT_TIME; +- result |= ARCHIVE_EXTRACT_SECURE_NODOTDOT; +- +- // TODO: Don't use arksettings here +- /*if ( ArkSettings::preservePerms() ) +- { +- result &= ARCHIVE_EXTRACT_PERM; +- } +- +- if ( !ArkSettings::extractOverwrite() ) +- { +- result &= ARCHIVE_EXTRACT_NO_OVERWRITE; +- }*/ +- +- return result; ++ return ARCHIVE_EXTRACT_TIME ++ | ARCHIVE_EXTRACT_SECURE_NODOTDOT ++ | ARCHIVE_EXTRACT_SECURE_SYMLINKS; + } + + void LibarchivePlugin::copyData(const QString& filename, struct archive *dest, bool partialprogress) +-- +GitLab + -- cgit v1.2.3