summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Palimaka <kensington@gentoo.org>2016-10-13 03:38:42 +1100
committerMichael Palimaka <kensington@gentoo.org>2016-10-13 03:39:53 +1100
commit0f144c6aa5bc75e36d742c113f841804b98c4fff (patch)
tree4e5412b5edc621aa5e9eaf398d77d4bc7f5850f9 /kde-frameworks/karchive
parentsys-kernel/genkernel: temporarily disable metadata change for QA false positive. (diff)
downloadgentoo-0f144c6aa5bc75e36d742c113f841804b98c4fff.tar.gz
gentoo-0f144c6aa5bc75e36d742c113f841804b98c4fff.tar.bz2
gentoo-0f144c6aa5bc75e36d742c113f841804b98c4fff.zip
kde-frameworks: remove 5.23.0
Package-Manager: portage-2.3.2
Diffstat (limited to 'kde-frameworks/karchive')
-rw-r--r--kde-frameworks/karchive/Manifest1
-rw-r--r--kde-frameworks/karchive/files/karchive-5.21.0-CVE-2016-6232.patch92
-rw-r--r--kde-frameworks/karchive/karchive-5.23.0-r1.ebuild32
3 files changed, 0 insertions, 125 deletions
diff --git a/kde-frameworks/karchive/Manifest b/kde-frameworks/karchive/Manifest
index 63b9dae22aef..607898651f06 100644
--- a/kde-frameworks/karchive/Manifest
+++ b/kde-frameworks/karchive/Manifest
@@ -1,3 +1,2 @@
-DIST karchive-5.23.0.tar.xz 109308 SHA256 3b3e310ae2aceae0513e809e4fc559bea5262cd26ecbe43071388cc1de5e30ef SHA512 86b0b2cceb97002917fa927dc402efa649a582bfcfd63de7e08d66c7687b77dbef975107e6081af37fa20c7bcb9d3a3f5d6f0fcdbfcffb3e75291527f89719bd WHIRLPOOL b7a934897e9c688552f57a2e93e4ea04a44f35e128855da05aea598f028536755602a18aeda59ee698f6151a695667bcbabdcca6d230d780c71096aa9ebba362
DIST karchive-5.26.0.tar.xz 110836 SHA256 af082dc3a8bd48302d5c36c0a70e2d2c796cb852e3f6ee64cb5059fb7f9adaeb SHA512 62feb92b970bbd9fea1be80a22f0891fb152cd1f1445f59761224904920325208f2e05a30922884012da4a0bff998b1a35cea9c12e5616c5c59a5634c4a7b609 WHIRLPOOL 78b2e0c04b199bce002ce92f5a654ed0760cfdc54498fd9ae86a36206da91750cf596692f934dd19b2e220ba44d01d59d25ec3e66f35aee333050676f339f8c8
DIST karchive-5.27.0.tar.xz 110736 SHA256 7f387fa2e0f5360870524d0f2b352179f191d0ed0ea78ec3456964ffab8bebb0 SHA512 94c47997d4834be91a12b9b172067c1b5844f5038ebb535b840a11c0e23fefda06ca3c216d37eb3ab2f8ebdef0a725ec9133a4a18f4a48bc318b6fce3a4c2021 WHIRLPOOL 823c7005e63c0e5754a10a9d9ccdbde09c6f9956c3b4e972b95d6bb4c8188fa446b38deeb727ef1627450c9c9dd0ca2fb343cb139e85fc0b7fe8fa410f62c8dd
diff --git a/kde-frameworks/karchive/files/karchive-5.21.0-CVE-2016-6232.patch b/kde-frameworks/karchive/files/karchive-5.21.0-CVE-2016-6232.patch
deleted file mode 100644
index b5c0608d91ff..000000000000
--- a/kde-frameworks/karchive/files/karchive-5.21.0-CVE-2016-6232.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-commit 0cb243f64eef45565741b27364cece7d5c349c37
-Author: Andreas Cord-Landwehr <cordlandwehr@kde.org>
-Date: Tue Jun 14 15:52:49 2016 +0200
-
- Ensure extraction location to be in subfolder
-
- Behavior change: Switch to Tar's default behavior to avoid extraction
- to arbitrary system locations outside of extraction folder. Instead,
- extract such files to root location in extraction folder.
-
- REVIEW: 128185
-
-diff --git a/autotests/karchivetest.cpp b/autotests/karchivetest.cpp
-index c8abddf..549ed26 100644
---- a/autotests/karchivetest.cpp
-+++ b/autotests/karchivetest.cpp
-@@ -760,6 +760,24 @@ void KArchiveTest::testTarDirectoryTwice() // bug 206994
-
- QCOMPARE(listing.count(), 3);
- }
-+
-+void KArchiveTest::testTarIgnoreRelativePathOutsideArchive()
-+{
-+ // This test extracts a Tar archive that contains a relative path "../foo" pointing
-+ // outside of the archive directory. For security reasons extractions should only
-+ // be allowed within the extracted directory as long as not specifically asked.
-+
-+ KTar tar(QFINDTESTDATA(QLatin1String("tar_relative_path_outside_archive.tar.bz2")));
-+ QVERIFY(tar.open(QIODevice::ReadOnly));
-+
-+ const KArchiveDirectory *dir = tar.directory();
-+ QTemporaryDir tmpDir;
-+ const QString dirName = tmpDir.path() + '/';
-+
-+ QVERIFY(dir->copyTo(dirName));
-+ QVERIFY(!QFile::exists(dirName + "../foo"));
-+ QVERIFY(QFile::exists(dirName + "/foo"));
-+}
- ///
-
- static const char s_zipFileName[] = "karchivetest.zip";
-diff --git a/autotests/karchivetest.h b/autotests/karchivetest.h
-index 4b7ecff..5a6375c 100644
---- a/autotests/karchivetest.h
-+++ b/autotests/karchivetest.h
-@@ -76,6 +76,7 @@ private Q_SLOTS:
- void testTarDirectoryForgotten();
- void testTarRootDir();
- void testTarDirectoryTwice();
-+ void testTarIgnoreRelativePathOutsideArchive();
-
- void testCreateZip();
- void testCreateZipError();
-diff --git a/autotests/tar_relative_path_outside_archive.tar.bz2 b/autotests/tar_relative_path_outside_archive.tar.bz2
-new file mode 100644
-index 0000000..50a3aca
-Binary files /dev/null and b/autotests/tar_relative_path_outside_archive.tar.bz2 differ
-diff --git a/src/karchive.cpp b/src/karchive.cpp
-index 5a7cfc6..7683c7f 100644
---- a/src/karchive.cpp
-+++ b/src/karchive.cpp
-@@ -841,6 +841,7 @@ static bool sortByPosition(const KArchiveFile *file1, const KArchiveFile *file2)
- bool KArchiveDirectory::copyTo(const QString &dest, bool recursiveCopy) const
- {
- QDir root;
-+ const QString destDir(QDir(dest).absolutePath()); // get directory path without any "." or ".."
-
- QList<const KArchiveFile *> fileList;
- QMap<qint64, QString> fileToDir;
-@@ -850,10 +851,20 @@ bool KArchiveDirectory::copyTo(const QString &dest, bool recursiveCopy) const
- QStack<QString> dirNameStack;
-
- dirStack.push(this); // init stack at current directory
-- dirNameStack.push(dest); // ... with given path
-+ dirNameStack.push(destDir); // ... with given path
- do {
- const KArchiveDirectory *curDir = dirStack.pop();
-- const QString curDirName = dirNameStack.pop();
-+
-+ // extract only to specified folder if it is located within archive's extraction folder
-+ // otherwise put file under root position in extraction folder
-+ QString curDirName = dirNameStack.pop();
-+ if (!QDir(curDirName).absolutePath().startsWith(destDir)) {
-+ qWarning() << "Attempted export into folder" << curDirName
-+ << "which is outside of the extraction root folder" << destDir << "."
-+ << "Changing export of contained files to extraction root folder.";
-+ curDirName = destDir;
-+ }
-+
- if (!root.mkpath(curDirName)) {
- return false;
- }
diff --git a/kde-frameworks/karchive/karchive-5.23.0-r1.ebuild b/kde-frameworks/karchive/karchive-5.23.0-r1.ebuild
deleted file mode 100644
index 0449ae62a542..000000000000
--- a/kde-frameworks/karchive/karchive-5.23.0-r1.ebuild
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-inherit kde5
-
-DESCRIPTION="Framework for reading, creation, and manipulation of various archive formats"
-LICENSE="GPL-2 LGPL-2.1"
-KEYWORDS="amd64 ~arm x86"
-IUSE="+bzip2 +lzma"
-
-RDEPEND="
- bzip2? ( app-arch/bzip2 )
- lzma? ( app-arch/xz-utils )
- sys-libs/zlib
-"
-DEPEND="${RDEPEND}"
-
-PATCHES=( "${FILESDIR}/${PN}-5.21.0-CVE-2016-6232.patch" )
-
-RESTRICT="test"
-
-src_configure() {
- local mycmakeargs=(
- $(cmake-utils_use_find_package bzip2 BZip2)
- $(cmake-utils_use_find_package lzma LibLZMA)
- )
-
- kde5_src_configure
-}