From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 91155139085 for ; Sat, 7 Jan 2017 13:17:41 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7748C23402B; Sat, 7 Jan 2017 13:17:12 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4913123402B for ; Sat, 7 Jan 2017 13:17:12 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id D007333D3CE for ; Sat, 7 Jan 2017 13:17:10 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 36A1624EC for ; Sat, 7 Jan 2017 13:17:09 +0000 (UTC) From: "Andreas Sturmlechner" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Andreas Sturmlechner" Message-ID: <1483794096.2cf4f014d8881fd140be957d5de57ddbbd1e3974.asturm@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: kde-apps/ark/files/, kde-apps/ark/ X-VCS-Repository: repo/gentoo X-VCS-Files: kde-apps/ark/ark-16.08.3-r1.ebuild kde-apps/ark/ark-16.12.0-r1.ebuild kde-apps/ark/files/ark-16.12.0-disable-executables.patch X-VCS-Directories: kde-apps/ark/ kde-apps/ark/files/ X-VCS-Committer: asturm X-VCS-Committer-Name: Andreas Sturmlechner X-VCS-Revision: 2cf4f014d8881fd140be957d5de57ddbbd1e3974 X-VCS-Branch: master Date: Sat, 7 Jan 2017 13:17:09 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 21748707-e1eb-4738-898d-2270fc2fb214 X-Archives-Hash: 9ddeaa05d26d61668da81d0b7fe1fa7c commit: 2cf4f014d8881fd140be957d5de57ddbbd1e3974 Author: Andreas Sturmlechner gentoo org> AuthorDate: Sat Jan 7 13:01:36 2017 +0000 Commit: Andreas Sturmlechner gentoo org> CommitDate: Sat Jan 7 13:01:36 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2cf4f014 kde-apps/ark: Disable shell script execution Gentoo-bug: 604846 Package-Manager: portage-2.3.0 kde-apps/ark/ark-16.08.3-r1.ebuild | 70 ++++++++++++++++++++++ kde-apps/ark/ark-16.12.0-r1.ebuild | 70 ++++++++++++++++++++++ .../files/ark-16.12.0-disable-executables.patch | 25 ++++++++ 3 files changed, 165 insertions(+) diff --git a/kde-apps/ark/ark-16.08.3-r1.ebuild b/kde-apps/ark/ark-16.08.3-r1.ebuild new file mode 100644 index 00000000..5c128ad --- /dev/null +++ b/kde-apps/ark/ark-16.08.3-r1.ebuild @@ -0,0 +1,70 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +KDE_HANDBOOK="forceoptional" +KDE_TEST="optional" +VIRTUALX_REQUIRED="test" +inherit kde5 + +DESCRIPTION="KDE Archiving tool" +HOMEPAGE="https://www.kde.org/applications/utilities/ark +https://utils.kde.org/projects/ark" +KEYWORDS="~amd64 ~x86" +IUSE="bzip2 lzma zlib" + +RDEPEND=" + $(add_frameworks_dep karchive) + $(add_frameworks_dep kcompletion) + $(add_frameworks_dep kconfig) + $(add_frameworks_dep kconfigwidgets) + $(add_frameworks_dep kcoreaddons) + $(add_frameworks_dep kcrash) + $(add_frameworks_dep kdbusaddons) + $(add_frameworks_dep ki18n) + $(add_frameworks_dep kiconthemes) + $(add_frameworks_dep kio) + $(add_frameworks_dep kjobwidgets) + $(add_frameworks_dep kparts) + $(add_frameworks_dep kpty) + $(add_frameworks_dep kservice) + $(add_frameworks_dep kwidgetsaddons) + $(add_frameworks_dep kxmlgui) + $(add_qt_dep qtdbus) + $(add_qt_dep qtgui) + $(add_qt_dep qtwidgets) + >=app-arch/libarchive-3.1.0[bzip2?,lzma?,zlib?] +" +DEPEND="${RDEPEND} + $(add_qt_dep qtconcurrent) + sys-devel/gettext +" + +# bug #560548, last checked with 16.04.1 +RESTRICT="test" + +PATCHES=( "${FILESDIR}/${PN}-16.12.0-disable-executables.patch" ) + +src_configure() { + local mycmakeargs=( + $(cmake-utils_use_find_package bzip2 BZip2) + $(cmake-utils_use_find_package lzma LibLZMA) + $(cmake-utils_use_find_package zlib ZLIB) + ) + + kde5_src_configure +} + +pkg_postinst() { + kde5_pkg_postinst + + if ! has_version app-arch/unar ; then + elog "For handling rar archives, install app-arch/unar" + fi + + if ! has_version app-arch/p7zip ; then + elog "For handling 7-Zip archives, install app-arch/p7zip" + fi +} diff --git a/kde-apps/ark/ark-16.12.0-r1.ebuild b/kde-apps/ark/ark-16.12.0-r1.ebuild new file mode 100644 index 00000000..a00cb57 --- /dev/null +++ b/kde-apps/ark/ark-16.12.0-r1.ebuild @@ -0,0 +1,70 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +KDE_HANDBOOK="forceoptional" +KDE_TEST="optional" +VIRTUALX_REQUIRED="test" +inherit kde5 + +DESCRIPTION="KDE Archiving tool" +HOMEPAGE="https://www.kde.org/applications/utilities/ark +https://utils.kde.org/projects/ark" +KEYWORDS="~amd64 ~x86" +IUSE="bzip2 lzma zlib" + +RDEPEND=" + $(add_frameworks_dep karchive) + $(add_frameworks_dep kcompletion) + $(add_frameworks_dep kconfig) + $(add_frameworks_dep kconfigwidgets) + $(add_frameworks_dep kcoreaddons) + $(add_frameworks_dep kcrash) + $(add_frameworks_dep kdbusaddons) + $(add_frameworks_dep ki18n) + $(add_frameworks_dep kiconthemes) + $(add_frameworks_dep kio) + $(add_frameworks_dep kjobwidgets) + $(add_frameworks_dep kparts) + $(add_frameworks_dep kpty) + $(add_frameworks_dep kservice) + $(add_frameworks_dep kwidgetsaddons) + $(add_frameworks_dep kxmlgui) + $(add_qt_dep qtdbus) + $(add_qt_dep qtgui) + $(add_qt_dep qtwidgets) + >=app-arch/libarchive-3.1.0[bzip2?,lzma?,zlib?] +" +DEPEND="${RDEPEND} + $(add_qt_dep qtconcurrent) + sys-devel/gettext +" + +# bug #560548, last checked with 16.04.1 +RESTRICT+=" test" + +PATCHES=( "${FILESDIR}/${P}-disable-executables.patch" ) + +src_configure() { + local mycmakeargs=( + $(cmake-utils_use_find_package bzip2 BZip2) + $(cmake-utils_use_find_package lzma LibLZMA) + $(cmake-utils_use_find_package zlib ZLIB) + ) + + kde5_src_configure +} + +pkg_postinst() { + kde5_pkg_postinst + + if ! has_version app-arch/unar ; then + elog "For handling rar archives, install app-arch/unar" + fi + + if ! has_version app-arch/p7zip ; then + elog "For handling 7-Zip archives, install app-arch/p7zip" + fi +} diff --git a/kde-apps/ark/files/ark-16.12.0-disable-executables.patch b/kde-apps/ark/files/ark-16.12.0-disable-executables.patch new file mode 100644 index 00000000..35cd304 --- /dev/null +++ b/kde-apps/ark/files/ark-16.12.0-disable-executables.patch @@ -0,0 +1,25 @@ +commit 82fdfd24d46966a117fa625b68784735a40f9065 +Author: Elvis Angelaccio +Date: Fri Jan 6 15:35:46 2017 +0100 + + Stop running executables when opening urls + + This is a security risk because it's not clear when an entry in an + archive is an executable. + + BUG: 374572 + FIXED-IN: 16.12.1 + +diff --git a/part/part.cpp b/part/part.cpp +index f1adf21..80f657b 100644 +--- a/part/part.cpp ++++ b/part/part.cpp +@@ -988,7 +988,7 @@ void Part::slotOpenExtractedEntry(KJob *job) + } else { + KRun::runUrl(QUrl::fromUserInput(fullName, QString(), QUrl::AssumeLocalFile), + QMimeDatabase().mimeTypeForFile(fullName).name(), +- widget()); ++ widget(), false, false); + } + } else if (job->error() != KJob::KilledJobError) { + KMessageBox::error(widget(), job->errorString());