[gentoo-commits] repo/gentoo:master commit in: kde-apps/ark/files/, kde-apps/ark/

[gentoo-commits] repo/gentoo:master commit in: kde-apps/ark/files/, kde-apps/ark/

[Michael Palimaka]

commit:     4bff875eca703cebcba799cca535f86a604c34fe
Author:     Andreas Sturmlechner <andreas.sturmlechner <AT> gmail <DOT> com>
AuthorDate: Tue Dec 15 18:44:24 2015 +0000
Commit:     Michael Palimaka <kensington <AT> gentoo <DOT> org>
CommitDate: Wed Dec 16 12:27:53 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4bff875e

kde-apps/ark: Fix bug with kde-frameworks 5.17

A change in kxmlgui causes lingering ark processes in the background.

Package-Manager: portage-2.2.24

 kde-apps/ark/ark-15.08.3-r1.ebuild                 | 63 ++++++++++++++++++++++
 .../ark-15.08.3-fix-lingering-processes.patch      | 42 +++++++++++++++
 2 files changed, 105 insertions(+)

diff --git a/kde-apps/ark/ark-15.08.3-r1.ebuild b/kde-apps/ark/ark-15.08.3-r1.ebuild
new file mode 100644
index 0000000..358abb3
--- /dev/null
+++ b/kde-apps/ark/ark-15.08.3-r1.ebuild
@@ -0,0 +1,63 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+KDE_HANDBOOK="forceoptional"
+KDE_TEST="forceoptional"
+inherit kde5
+
+DESCRIPTION="KDE Archiving tool"
+HOMEPAGE="https://www.kde.org/applications/utilities/ark
+https://utils.kde.org/projects/ark"
+KEYWORDS=" ~amd64 ~x86"
+IUSE="bzip2 lzma zlib"
+
+RDEPEND="
+	$(add_frameworks_dep karchive)
+	$(add_frameworks_dep kconfig)
+	$(add_frameworks_dep kcompletion)
+	$(add_frameworks_dep kconfigwidgets)
+	$(add_frameworks_dep kcoreaddons)
+	$(add_frameworks_dep kcrash)
+	$(add_frameworks_dep kdbusaddons)
+	$(add_frameworks_dep khtml)
+	$(add_frameworks_dep ki18n)
+	$(add_frameworks_dep kiconthemes)
+	$(add_frameworks_dep kio)
+	$(add_frameworks_dep kjobwidgets)
+	$(add_frameworks_dep kparts)
+	$(add_frameworks_dep kpty)
+	$(add_frameworks_dep kservice)
+	$(add_frameworks_dep kwidgetsaddons)
+	$(add_frameworks_dep kxmlgui)
+	>=app-arch/libarchive-3.0.0[bzip2?,lzma?,zlib?]
+	dev-qt/qtdbus:5
+	dev-qt/qtgui:5
+	dev-qt/qtwidgets:5
+"
+DEPEND="${RDEPEND}
+	sys-devel/gettext
+"
+
+PATCHES=( "${FILESDIR}/${PN}-15.08.3-fix-lingering-processes.patch" )
+
+src_configure() {
+	local mycmakeargs=(
+		$(cmake-utils_use_find_package bzip2 BZip2)
+		$(cmake-utils_use_find_package lzma LibLZMA)
+		$(cmake-utils_use_find_package test Qt5Test)
+		$(cmake-utils_use_find_package zlib ZLIB)
+	)
+
+	kde5_src_configure
+}
+
+pkg_postinst() {
+	kde5_pkg_postinst
+
+	if ! has_version app-arch/rar ; then
+		elog "For creating rar archives, install app-arch/rar"
+	fi
+}

diff --git a/kde-apps/ark/files/ark-15.08.3-fix-lingering-processes.patch b/kde-apps/ark/files/ark-15.08.3-fix-lingering-processes.patch
new file mode 100644
index 0000000..3d83c1b
--- /dev/null
+++ b/kde-apps/ark/files/ark-15.08.3-fix-lingering-processes.patch
@@ -0,0 +1,42 @@
+From: Weng Xuetian <wengxt@gmail.com>
+Date: Tue, 15 Dec 2015 07:40:43 +0000
+Subject: Fix ark doesn't exit with kxmlgui 5.17.
+X-Git-Url: http://quickgit.kde.org/?p=ark.git&a=commitdiff&h=f7312a26d31cdc31776a09df600327ca86d3daea
+---
+Fix ark doesn't exit with kxmlgui 5.17.
+
+Previously setQuitOnLastWindowClosed is reset by KMainWindow::init but
+now it's removed in 5.17. Change to use setQuitOnLastWindowClosed in ark
+only when it's using a kjob and connect quit() to finished signal.
+
+REVIEW: 126358
+---
+
+
+--- a/app/main.cpp
++++ b/app/main.cpp
+@@ -119,7 +119,6 @@
+                         QStringLiteral("http://littlesvr.ca/misc/contactandrew.php"));
+ 
+     application.setWindowIcon(QIcon::fromTheme(QStringLiteral("ark")));
+-    application.setQuitOnLastWindowClosed(false);
+ 
+     QCommandLineParser parser;
+     parser.setApplicationDescription(aboutData.shortDescription());
+@@ -196,6 +195,7 @@
+             parser.isSet(QStringLiteral("add-to"))) {
+ 
+             AddToArchive *addToArchiveJob = new AddToArchive(&application);
++            application.setQuitOnLastWindowClosed(false);
+             application.connect(addToArchiveJob, SIGNAL(result(KJob*)), SLOT(quit()), Qt::QueuedConnection);
+ 
+             if (parser.isSet(QStringLiteral("changetofirstpath"))) {
+@@ -233,6 +233,7 @@
+         } else if (parser.isSet(QStringLiteral("batch"))) {
+ 
+             BatchExtract *batchJob = new BatchExtract(&application);
++            application.setQuitOnLastWindowClosed(false);
+             application.connect(batchJob, SIGNAL(result(KJob*)), SLOT(quit()), Qt::QueuedConnection);
+ 
+             for (int i = 0; i < urls.count(); ++i) {
+

[gentoo-commits] repo/gentoo:master commit in: kde-apps/ark/files/, kde-apps/ark/

[Andreas Sturmlechner]

commit:     2cf4f014d8881fd140be957d5de57ddbbd1e3974
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Sat Jan  7 13:01:36 2017 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Sat Jan  7 13:01:36 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2cf4f014

kde-apps/ark: Disable shell script execution

Gentoo-bug: 604846

Package-Manager: portage-2.3.0

 kde-apps/ark/ark-16.08.3-r1.ebuild                 | 70 ++++++++++++++++++++++
 kde-apps/ark/ark-16.12.0-r1.ebuild                 | 70 ++++++++++++++++++++++
 .../files/ark-16.12.0-disable-executables.patch    | 25 ++++++++
 3 files changed, 165 insertions(+)

diff --git a/kde-apps/ark/ark-16.08.3-r1.ebuild b/kde-apps/ark/ark-16.08.3-r1.ebuild
new file mode 100644
index 00000000..5c128ad
--- /dev/null
+++ b/kde-apps/ark/ark-16.08.3-r1.ebuild
@@ -0,0 +1,70 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+KDE_HANDBOOK="forceoptional"
+KDE_TEST="optional"
+VIRTUALX_REQUIRED="test"
+inherit kde5
+
+DESCRIPTION="KDE Archiving tool"
+HOMEPAGE="https://www.kde.org/applications/utilities/ark
+https://utils.kde.org/projects/ark"
+KEYWORDS="~amd64 ~x86"
+IUSE="bzip2 lzma zlib"
+
+RDEPEND="
+	$(add_frameworks_dep karchive)
+	$(add_frameworks_dep kcompletion)
+	$(add_frameworks_dep kconfig)
+	$(add_frameworks_dep kconfigwidgets)
+	$(add_frameworks_dep kcoreaddons)
+	$(add_frameworks_dep kcrash)
+	$(add_frameworks_dep kdbusaddons)
+	$(add_frameworks_dep ki18n)
+	$(add_frameworks_dep kiconthemes)
+	$(add_frameworks_dep kio)
+	$(add_frameworks_dep kjobwidgets)
+	$(add_frameworks_dep kparts)
+	$(add_frameworks_dep kpty)
+	$(add_frameworks_dep kservice)
+	$(add_frameworks_dep kwidgetsaddons)
+	$(add_frameworks_dep kxmlgui)
+	$(add_qt_dep qtdbus)
+	$(add_qt_dep qtgui)
+	$(add_qt_dep qtwidgets)
+	>=app-arch/libarchive-3.1.0[bzip2?,lzma?,zlib?]
+"
+DEPEND="${RDEPEND}
+	$(add_qt_dep qtconcurrent)
+	sys-devel/gettext
+"
+
+# bug #560548, last checked with 16.04.1
+RESTRICT="test"
+
+PATCHES=( "${FILESDIR}/${PN}-16.12.0-disable-executables.patch" )
+
+src_configure() {
+	local mycmakeargs=(
+		$(cmake-utils_use_find_package bzip2 BZip2)
+		$(cmake-utils_use_find_package lzma LibLZMA)
+		$(cmake-utils_use_find_package zlib ZLIB)
+	)
+
+	kde5_src_configure
+}
+
+pkg_postinst() {
+	kde5_pkg_postinst
+
+	if ! has_version app-arch/unar ; then
+		elog "For handling rar archives, install app-arch/unar"
+	fi
+
+	if ! has_version app-arch/p7zip ; then
+		elog "For handling 7-Zip archives, install app-arch/p7zip"
+	fi
+}

diff --git a/kde-apps/ark/ark-16.12.0-r1.ebuild b/kde-apps/ark/ark-16.12.0-r1.ebuild
new file mode 100644
index 00000000..a00cb57
--- /dev/null
+++ b/kde-apps/ark/ark-16.12.0-r1.ebuild
@@ -0,0 +1,70 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+KDE_HANDBOOK="forceoptional"
+KDE_TEST="optional"
+VIRTUALX_REQUIRED="test"
+inherit kde5
+
+DESCRIPTION="KDE Archiving tool"
+HOMEPAGE="https://www.kde.org/applications/utilities/ark
+https://utils.kde.org/projects/ark"
+KEYWORDS="~amd64 ~x86"
+IUSE="bzip2 lzma zlib"
+
+RDEPEND="
+	$(add_frameworks_dep karchive)
+	$(add_frameworks_dep kcompletion)
+	$(add_frameworks_dep kconfig)
+	$(add_frameworks_dep kconfigwidgets)
+	$(add_frameworks_dep kcoreaddons)
+	$(add_frameworks_dep kcrash)
+	$(add_frameworks_dep kdbusaddons)
+	$(add_frameworks_dep ki18n)
+	$(add_frameworks_dep kiconthemes)
+	$(add_frameworks_dep kio)
+	$(add_frameworks_dep kjobwidgets)
+	$(add_frameworks_dep kparts)
+	$(add_frameworks_dep kpty)
+	$(add_frameworks_dep kservice)
+	$(add_frameworks_dep kwidgetsaddons)
+	$(add_frameworks_dep kxmlgui)
+	$(add_qt_dep qtdbus)
+	$(add_qt_dep qtgui)
+	$(add_qt_dep qtwidgets)
+	>=app-arch/libarchive-3.1.0[bzip2?,lzma?,zlib?]
+"
+DEPEND="${RDEPEND}
+	$(add_qt_dep qtconcurrent)
+	sys-devel/gettext
+"
+
+# bug #560548, last checked with 16.04.1
+RESTRICT+=" test"
+
+PATCHES=( "${FILESDIR}/${P}-disable-executables.patch" )
+
+src_configure() {
+	local mycmakeargs=(
+		$(cmake-utils_use_find_package bzip2 BZip2)
+		$(cmake-utils_use_find_package lzma LibLZMA)
+		$(cmake-utils_use_find_package zlib ZLIB)
+	)
+
+	kde5_src_configure
+}
+
+pkg_postinst() {
+	kde5_pkg_postinst
+
+	if ! has_version app-arch/unar ; then
+		elog "For handling rar archives, install app-arch/unar"
+	fi
+
+	if ! has_version app-arch/p7zip ; then
+		elog "For handling 7-Zip archives, install app-arch/p7zip"
+	fi
+}

diff --git a/kde-apps/ark/files/ark-16.12.0-disable-executables.patch b/kde-apps/ark/files/ark-16.12.0-disable-executables.patch
new file mode 100644
index 00000000..35cd304
--- /dev/null
+++ b/kde-apps/ark/files/ark-16.12.0-disable-executables.patch
@@ -0,0 +1,25 @@
+commit 82fdfd24d46966a117fa625b68784735a40f9065
+Author: Elvis Angelaccio <elvis.angelaccio@kde.org>
+Date:   Fri Jan 6 15:35:46 2017 +0100
+
+    Stop running executables when opening urls
+    
+    This is a security risk because it's not clear when an entry in an
+    archive is an executable.
+    
+    BUG: 374572
+    FIXED-IN: 16.12.1
+
+diff --git a/part/part.cpp b/part/part.cpp
+index f1adf21..80f657b 100644
+--- a/part/part.cpp
++++ b/part/part.cpp
+@@ -988,7 +988,7 @@ void Part::slotOpenExtractedEntry(KJob *job)
+         } else {
+             KRun::runUrl(QUrl::fromUserInput(fullName, QString(), QUrl::AssumeLocalFile),
+                          QMimeDatabase().mimeTypeForFile(fullName).name(),
+-                         widget());
++                         widget(), false, false);
+         }
+     } else if (job->error() != KJob::KilledJobError) {
+         KMessageBox::error(widget(), job->errorString());

[gentoo-commits] repo/gentoo:master commit in: kde-apps/ark/files/, kde-apps/ark/

[Andreas Sturmlechner]

commit:     883fa01165178a1b9a9d5a9b3c5957296f0b5c1a
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 14 15:05:14 2017 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Sat Jan 14 15:05:14 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=883fa011

kde-apps/ark: Backport runtime crash fix, add lrz postinst info

Reported-by: Arfrever

Also added subslot operator to libarchive RDEPEND.

Package-Manager: portage-2.3.0

 kde-apps/ark/ark-16.12.1-r1.ebuild             | 74 ++++++++++++++++++++++++++
 kde-apps/ark/files/ark-16.12.1-fix-crash.patch | 21 ++++++++
 2 files changed, 95 insertions(+)

diff --git a/kde-apps/ark/ark-16.12.1-r1.ebuild b/kde-apps/ark/ark-16.12.1-r1.ebuild
new file mode 100644
index 00000000..8fdad66
--- /dev/null
+++ b/kde-apps/ark/ark-16.12.1-r1.ebuild
@@ -0,0 +1,74 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+KDE_HANDBOOK="forceoptional"
+KDE_TEST="optional"
+VIRTUALX_REQUIRED="test"
+inherit kde5
+
+DESCRIPTION="KDE Archiving tool"
+HOMEPAGE="https://www.kde.org/applications/utilities/ark
+https://utils.kde.org/projects/ark"
+KEYWORDS="~amd64 ~x86"
+IUSE="bzip2 lzma zlib"
+
+RDEPEND="
+	$(add_frameworks_dep karchive)
+	$(add_frameworks_dep kcompletion)
+	$(add_frameworks_dep kconfig)
+	$(add_frameworks_dep kconfigwidgets)
+	$(add_frameworks_dep kcoreaddons)
+	$(add_frameworks_dep kcrash)
+	$(add_frameworks_dep kdbusaddons)
+	$(add_frameworks_dep ki18n)
+	$(add_frameworks_dep kiconthemes)
+	$(add_frameworks_dep kio)
+	$(add_frameworks_dep kjobwidgets)
+	$(add_frameworks_dep kparts)
+	$(add_frameworks_dep kpty)
+	$(add_frameworks_dep kservice)
+	$(add_frameworks_dep kwidgetsaddons)
+	$(add_frameworks_dep kxmlgui)
+	$(add_qt_dep qtdbus)
+	$(add_qt_dep qtgui)
+	$(add_qt_dep qtwidgets)
+	app-arch/libarchive:=[bzip2?,lzma?,zlib?]
+"
+DEPEND="${RDEPEND}
+	$(add_qt_dep qtconcurrent)
+	sys-devel/gettext
+"
+
+# bug #560548, last checked with 16.04.1
+RESTRICT+=" test"
+
+PATCHES=( "${FILESDIR}/${P}-fix-crash.patch" )
+
+src_configure() {
+	local mycmakeargs=(
+		$(cmake-utils_use_find_package bzip2 BZip2)
+		$(cmake-utils_use_find_package lzma LibLZMA)
+		$(cmake-utils_use_find_package zlib ZLIB)
+	)
+
+	kde5_src_configure
+}
+
+pkg_postinst() {
+	kde5_pkg_postinst
+
+	if ! has_version app-arch/unar ; then
+		elog "For handling rar archives, install app-arch/unar"
+	fi
+
+	if ! has_version app-arch/p7zip ; then
+		elog "For handling 7-Zip archives, install app-arch/p7zip"
+	fi
+
+	if ! has_version app-arch/lrzip ; then
+		elog "For handling lrz archives, install app-arch/lrzip"
+	fi
+}

diff --git a/kde-apps/ark/files/ark-16.12.1-fix-crash.patch b/kde-apps/ark/files/ark-16.12.1-fix-crash.patch
new file mode 100644
index 00000000..b416783
--- /dev/null
+++ b/kde-apps/ark/files/ark-16.12.1-fix-crash.patch
@@ -0,0 +1,21 @@
+commit b5e59a044d392ede62af23076bbf0a154d00bf60
+Author: Elvis Angelaccio <elvis.angelaccio@kde.org>
+Date:   Fri Jan 13 16:14:35 2017 +0100
+
+    Stop crashing when loading the konqueror's webengine part
+    
+    QtWebEngine requires this attribute set before the QGuiApplication
+    instance is created.
+
+diff --git a/app/main.cpp b/app/main.cpp
+index d375d79..d3a60b1 100644
+--- a/app/main.cpp
++++ b/app/main.cpp
+@@ -42,6 +42,7 @@ using Kerfuffle::AddToArchive;
+ 
+ int main(int argc, char **argv)
+ {
++    QCoreApplication::setAttribute(Qt::AA_ShareOpenGLContexts); // Required for the webengine part.
+     QApplication application(argc, argv);
+ 
+     /**

[gentoo-commits] repo/gentoo:master commit in: kde-apps/ark/files/, kde-apps/ark/

[Andreas Sturmlechner]

commit:     55a42a5c7060468e5406884bfa4294b3cdc824c7
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Sat Aug  1 15:41:53 2020 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Sat Aug  1 22:57:17 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55a42a5c

kde-apps/ark: Fix CVE-2020-16116

Bug: https://bugs.gentoo.org/734622
Package-Manager: Portage-3.0.1, Repoman-2.3.23
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>

 kde-apps/ark/ark-20.04.3-r1.ebuild                 | 85 ++++++++++++++++++++++
 .../ark/files/ark-20.04.3-CVE-2020-16116.patch     | 46 ++++++++++++
 2 files changed, 131 insertions(+)

diff --git a/kde-apps/ark/ark-20.04.3-r1.ebuild b/kde-apps/ark/ark-20.04.3-r1.ebuild
new file mode 100644
index 00000000000..0777dc7a6bc
--- /dev/null
+++ b/kde-apps/ark/ark-20.04.3-r1.ebuild
@@ -0,0 +1,85 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+ECM_HANDBOOK="forceoptional"
+ECM_TEST="optional"
+KFMIN=5.70.0
+QTMIN=5.14.2
+VIRTUALX_REQUIRED="test"
+inherit ecm kde.org
+
+DESCRIPTION="KDE Archiving tool"
+HOMEPAGE="https://kde.org/applications/utilities/org.kde.ark
+https://utils.kde.org/projects/ark/"
+
+LICENSE="GPL-2" # TODO: CHECK
+SLOT="5"
+KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86"
+IUSE="bzip2 lzma zip"
+
+BDEPEND="
+	sys-devel/gettext
+"
+RDEPEND="
+	app-arch/libarchive:=[bzip2?,lzma?,zlib]
+	>=dev-qt/qtdbus-${QTMIN}:5
+	>=dev-qt/qtgui-${QTMIN}:5
+	>=dev-qt/qtwidgets-${QTMIN}:5
+	>=kde-frameworks/karchive-${KFMIN}:5
+	>=kde-frameworks/kcompletion-${KFMIN}:5
+	>=kde-frameworks/kconfig-${KFMIN}:5
+	>=kde-frameworks/kconfigwidgets-${KFMIN}:5
+	>=kde-frameworks/kcoreaddons-${KFMIN}:5
+	>=kde-frameworks/kcrash-${KFMIN}:5
+	>=kde-frameworks/kdbusaddons-${KFMIN}:5
+	>=kde-frameworks/ki18n-${KFMIN}:5
+	>=kde-frameworks/kio-${KFMIN}:5
+	>=kde-frameworks/kitemmodels-${KFMIN}:5
+	>=kde-frameworks/kjobwidgets-${KFMIN}:5
+	>=kde-frameworks/kparts-${KFMIN}:5
+	>=kde-frameworks/kpty-${KFMIN}:5
+	>=kde-frameworks/kservice-${KFMIN}:5
+	>=kde-frameworks/kwidgetsaddons-${KFMIN}:5
+	>=kde-frameworks/kxmlgui-${KFMIN}:5
+	sys-libs/zlib
+	zip? ( >=dev-libs/libzip-1.2.0:= )
+"
+DEPEND="${RDEPEND}
+	>=dev-qt/qtconcurrent-${QTMIN}:5
+"
+
+# bug #560548, last checked with 16.04.1
+RESTRICT+=" test"
+
+PATCHES=( "${FILESDIR}/${P}-CVE-2020-16116.patch" )
+
+src_configure() {
+	local mycmakeargs=(
+		$(cmake_use_find_package bzip2 BZip2)
+		$(cmake_use_find_package lzma LibLZMA)
+		$(cmake_use_find_package zip LibZip)
+	)
+
+	ecm_src_configure
+}
+
+pkg_postinst() {
+	ecm_pkg_postinst
+
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		if ! has_version app-arch/rar; then
+			elog "For creating/extracting rar archives, installing app-arch/rar is required."
+			if ! has_version app-arch/unar && ! has_version app-arch/unrar; then
+				elog "Alternatively, for only extracting rar archives, install app-arch/unar (free) or app-arch/unrar (non-free)."
+			fi
+		fi
+
+		has_version app-arch/p7zip || \
+			elog "For handling 7-Zip archives, install app-arch/p7zip."
+
+		has_version app-arch/lrzip || \
+			elog "For handling lrz archives, install app-arch/lrzip."
+	fi
+}

diff --git a/kde-apps/ark/files/ark-20.04.3-CVE-2020-16116.patch b/kde-apps/ark/files/ark-20.04.3-CVE-2020-16116.patch
new file mode 100644
index 00000000000..79129c7be6e
--- /dev/null
+++ b/kde-apps/ark/files/ark-20.04.3-CVE-2020-16116.patch
@@ -0,0 +1,46 @@
+From 0df592524fed305d6fbe74ddf8a196bc9ffdb92f Mon Sep 17 00:00:00 2001
+From: Elvis Angelaccio <elvis.angelaccio@kde.org>
+Date: Wed, 29 Jul 2020 23:45:30 +0200
+Subject: [PATCH] Fix vulnerability to path traversal attacks
+
+Ark was vulnerable to directory traversal attacks because of
+missing validation of file paths in the archive.
+
+More details about this attack are available at:
+https://github.com/snyk/zip-slip-vulnerability
+
+Job::onEntry() is the only place where we can safely check the path of
+every entry in the archive. There shouldn't be a valid reason
+to have a "../" in an archive path, so we can just play safe and abort
+the LoadJob if we detect such an entry. This makes impossibile to
+extract this kind of malicious archives and perform the attack.
+
+Thanks to Albert Astals Cid for suggesting to use QDir::cleanPath()
+so that we can still allow loading of legitimate archives that
+contain "../" in their paths but still resolve inside the extraction folder.
+---
+ kerfuffle/jobs.cpp | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/kerfuffle/jobs.cpp b/kerfuffle/jobs.cpp
+index fdaa48695..f73b56f86 100644
+--- a/kerfuffle/jobs.cpp
++++ b/kerfuffle/jobs.cpp
+@@ -180,6 +180,14 @@ void Job::onError(const QString & message, const QString & details)
+ 
+ void Job::onEntry(Archive::Entry *entry)
+ {
++    const QString entryFullPath = entry->fullPath();
++    if (QDir::cleanPath(entryFullPath).contains(QLatin1String("../"))) {
++        qCWarning(ARK) << "Possibly malicious archive. Detected entry that could lead to a directory traversal attack:" << entryFullPath;
++        onError(i18n("Could not load the archive because it contains ill-formed entries and might be a malicious archive."), QString());
++        onFinished(false);
++        return;
++    }
++
+     emit newEntry(entry);
+ }
+ 
+-- 
+GitLab
+

[gentoo-commits] repo/gentoo:master commit in: kde-apps/ark/files/, kde-apps/ark/

[Andreas Sturmlechner]

commit:     f25fa2d93956341a938c84f2da5057b8fe2e259c
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 28 18:40:24 2020 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Mon Sep 28 21:28:22 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f25fa2d9

kde-apps/ark: Fix CVE-2020-24654

Bug: https://bugs.gentoo.org/743959
Package-Manager: Portage-3.0.8, Repoman-3.0.1
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>

 kde-apps/ark/ark-20.04.3-r2.ebuild                 | 84 ++++++++++++++++++++++
 .../ark/files/ark-20.04.3-CVE-2020-24654.patch     | 53 ++++++++++++++
 2 files changed, 137 insertions(+)

diff --git a/kde-apps/ark/ark-20.04.3-r2.ebuild b/kde-apps/ark/ark-20.04.3-r2.ebuild
new file mode 100644
index 00000000000..d77562b55a7
--- /dev/null
+++ b/kde-apps/ark/ark-20.04.3-r2.ebuild
@@ -0,0 +1,84 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+ECM_HANDBOOK="forceoptional"
+ECM_TEST="optional"
+KFMIN=5.70.0
+QTMIN=5.14.2
+VIRTUALX_REQUIRED="test"
+inherit ecm kde.org optfeature
+
+DESCRIPTION="File archiver by KDE"
+HOMEPAGE="https://kde.org/applications/en/ark
+https://utils.kde.org/projects/ark/"
+
+LICENSE="GPL-2" # TODO: CHECK
+SLOT="5"
+KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86"
+IUSE="zip"
+
+BDEPEND="
+	sys-devel/gettext
+"
+RDEPEND="
+	app-arch/libarchive:=[bzip2,lzma,zlib]
+	>=dev-qt/qtdbus-${QTMIN}:5
+	>=dev-qt/qtgui-${QTMIN}:5
+	>=dev-qt/qtwidgets-${QTMIN}:5
+	>=kde-frameworks/karchive-${KFMIN}:5
+	>=kde-frameworks/kcompletion-${KFMIN}:5
+	>=kde-frameworks/kconfig-${KFMIN}:5
+	>=kde-frameworks/kconfigwidgets-${KFMIN}:5
+	>=kde-frameworks/kcoreaddons-${KFMIN}:5
+	>=kde-frameworks/kcrash-${KFMIN}:5
+	>=kde-frameworks/kdbusaddons-${KFMIN}:5
+	>=kde-frameworks/ki18n-${KFMIN}:5
+	>=kde-frameworks/kio-${KFMIN}:5
+	>=kde-frameworks/kitemmodels-${KFMIN}:5
+	>=kde-frameworks/kjobwidgets-${KFMIN}:5
+	>=kde-frameworks/kparts-${KFMIN}:5
+	>=kde-frameworks/kpty-${KFMIN}:5
+	>=kde-frameworks/kservice-${KFMIN}:5
+	>=kde-frameworks/kwidgetsaddons-${KFMIN}:5
+	>=kde-frameworks/kxmlgui-${KFMIN}:5
+	sys-libs/zlib
+	zip? ( >=dev-libs/libzip-1.2.0:= )
+"
+DEPEND="${RDEPEND}
+	>=dev-qt/qtconcurrent-${QTMIN}:5
+"
+
+PATCHES=(
+	"${FILESDIR}/${P}-CVE-2020-16116.patch"
+	"${FILESDIR}/${P}-CVE-2020-24654.patch"
+)
+
+src_configure() {
+	local mycmakeargs=(
+		$(cmake_use_find_package zip LibZip)
+	)
+
+	ecm_src_configure
+}
+
+src_test() {
+	local myctestargs=(
+		-E "(plugins-clirartest)"
+	)
+
+	ecm_src_test
+}
+
+pkg_postinst() {
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		elog "Optional dependencies:"
+		optfeature "rar archive creation/extraction" app-arch/rar
+		optfeature "rar archive extraction only" app-arch/unar app-arch/unrar
+		optfeature "7-Zip archive support" app-arch/p7zip
+		optfeature "lrz archive support" app-arch/lrzip
+		optfeature "markdown support in text previews" kde-misc/markdownpart:${SLOT} kde-misc/kmarkdownwebview:${SLOT}
+	fi
+	ecm_pkg_postinst
+}

diff --git a/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch b/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch
new file mode 100644
index 00000000000..8b3821893ef
--- /dev/null
+++ b/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch
@@ -0,0 +1,53 @@
+From 8bf8c5ef07b0ac5e914d752681e470dea403a5bd Mon Sep 17 00:00:00 2001
+From: Fabian Vogt <fabian@ritter-vogt.de>
+Date: Tue, 25 Aug 2020 22:14:37 +0200
+Subject: [PATCH] Pass the ARCHIVE_EXTRACT_SECURE_SYMLINKS flag to libarchive
+
+There are archive types which allow to first create a symlink and then
+later on dereference it. If the symlink points outside of the archive,
+this results in writing outside of the destination directory.
+
+With the ARCHIVE_EXTRACT_SECURE_SYMLINKS option set, libarchive avoids
+this situation by verifying that none of the target path components are
+symlinks before writing.
+
+Remove the commented out code in the method, which would actually
+misbehave if enabled again.
+
+Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de>
+---
+ plugins/libarchive/libarchiveplugin.cpp | 18 +++---------------
+ 1 file changed, 3 insertions(+), 15 deletions(-)
+
+diff --git a/plugins/libarchive/libarchiveplugin.cpp b/plugins/libarchive/libarchiveplugin.cpp
+index 50e81da1..8a0fed21 100644
+--- a/plugins/libarchive/libarchiveplugin.cpp
++++ b/plugins/libarchive/libarchiveplugin.cpp
+@@ -509,21 +509,9 @@ void LibarchivePlugin::emitEntryFromArchiveEntry(struct archive_entry *aentry)
+ 
+ int LibarchivePlugin::extractionFlags() const
+ {
+-    int result = ARCHIVE_EXTRACT_TIME;
+-    result |= ARCHIVE_EXTRACT_SECURE_NODOTDOT;
+-
+-    // TODO: Don't use arksettings here
+-    /*if ( ArkSettings::preservePerms() )
+-    {
+-        result &= ARCHIVE_EXTRACT_PERM;
+-    }
+-
+-    if ( !ArkSettings::extractOverwrite() )
+-    {
+-        result &= ARCHIVE_EXTRACT_NO_OVERWRITE;
+-    }*/
+-
+-    return result;
++    return ARCHIVE_EXTRACT_TIME
++           | ARCHIVE_EXTRACT_SECURE_NODOTDOT
++           | ARCHIVE_EXTRACT_SECURE_SYMLINKS;
+ }
+ 
+ void LibarchivePlugin::copyData(const QString& filename, struct archive *dest, bool partialprogress)
+-- 
+GitLab
+

[gentoo-commits] repo/gentoo:master commit in: kde-apps/ark/files/, kde-apps/ark/

[Sam James]

commit:     0f7b57dd048269d781ae5c52a4337bb62675c441
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 13 17:14:37 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jul 13 17:16:24 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f7b57dd

kde-apps/ark: backport Qt 6.7 QTemporaryDir fix

Bug: https://bugs.kde.org/487229
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../{ark-24.05.2.ebuild => ark-24.05.2-r1.ebuild}  |  4 +++
 .../files/ark-24.05.2-qt6.7-qtemporarydir.patch    | 37 ++++++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/kde-apps/ark/ark-24.05.2.ebuild b/kde-apps/ark/ark-24.05.2-r1.ebuild
similarity index 97%
rename from kde-apps/ark/ark-24.05.2.ebuild
rename to kde-apps/ark/ark-24.05.2-r1.ebuild
index 789686d922ec..fbbd5a228e83 100644
--- a/kde-apps/ark/ark-24.05.2.ebuild
+++ b/kde-apps/ark/ark-24.05.2-r1.ebuild
@@ -50,6 +50,10 @@ BDEPEND="
 	elibc_glibc? ( test? ( amd64? ( app-arch/rar ) x86? ( app-arch/rar ) ) )
 "
 
+PATCHES=(
+	"${FILESDIR}"/${P}-qt6.7-qtemporarydir.patch
+)
+
 src_configure() {
 	local mycmakeargs=(
 		$(cmake_use_find_package zip LibZip)

diff --git a/kde-apps/ark/files/ark-24.05.2-qt6.7-qtemporarydir.patch b/kde-apps/ark/files/ark-24.05.2-qt6.7-qtemporarydir.patch
new file mode 100644
index 000000000000..299fdce71290
--- /dev/null
+++ b/kde-apps/ark/files/ark-24.05.2-qt6.7-qtemporarydir.patch
@@ -0,0 +1,37 @@
+https://mail.kde.org/pipermail/distributions/2024-July/001513.html
+https://invent.kde.org/utilities/ark/-/commit/85c5e26f581cf011638a53e62b92e1da8fd55fcd
+
+[sam: Rebase for fuzz in the logline.]
+
+From 85c5e26f581cf011638a53e62b92e1da8fd55fcd Mon Sep 17 00:00:00 2001
+From: Elvis Angelaccio <elvis.angelaccio@kde.org>
+Date: Sat, 22 Jun 2024 17:54:07 +0200
+Subject: [PATCH] cliinterface: adapt to behavior change in QTemporaryDir
+
+Qt 6.7 changed the behavior of QTemporaryDir (see commit 935562a77b in
+qtbase.git) and now QTemporaryDir::path() returns a relative path rather
+than an absolute one.
+
+We were relying on the old behavior which ensured that the extract temp
+dir would always auto-delete itself, regardless of the ark CWD.
+
+This is no longer working, because now when the temp dir gets deleted,
+its destructor tries to delete a relative path, but meanwhile ark has
+already changed the CWD and so that path does not exist.
+
+The fix is to create the QTemporaryDir with an absolute path (but still
+as hidden folder in the CWD), so we get back the old behavior (the
+returned QTemporaryDir::path() will again be absolute).
+
+BUG: 487229
+--- a/kerfuffle/cliinterface.cpp
++++ b/kerfuffle/cliinterface.cpp
+@@ -96,7 +96,7 @@ bool CliInterface::extractFiles(const QList<Archive::Entry *> &files, const QStr
+ 
+     if (useTmpExtractDir) {
+         // Create an hidden temp folder in the current directory.
+-        m_extractTempDir.reset(new QTemporaryDir(QStringLiteral(".%1-").arg(QCoreApplication::applicationName())));
++        m_extractTempDir.reset(new QTemporaryDir(QStringLiteral("%1/.%2-").arg(QDir::currentPath(), QCoreApplication::applicationName())));
+ 
+         qCDebug(ARK) << "Using temporary extraction dir:" << m_extractTempDir->path();
+         if (!m_extractTempDir->isValid()) {