kde-apps/ark: drop 20.04.3*

Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

4 files changed, 0 insertions, 183 deletions

diff --git a/kde-apps/ark/Manifest b/kde-apps/ark/Manifest
index 516e40a4e1f0..1946a0daada7 100644
--- a/kde-apps/ark/Manifest
+++ b/kde-apps/ark/Manifest
@@ -1,2 +1 @@
-DIST ark-20.04.3.tar.xz 2586436 BLAKE2B 98343a4bc91fd13a33ba9dd69487c27433435d4bff722245c2cde02191017f4fa0b2d15213b97a86c3ecd87a17bf59e62a80b63c6684c813845bec9bab58f441 SHA512 6274483bc7cad9b8b3842a622a3f243fd5756aec147624eb9041459efd5c833e203c286412185bb105133d8c83a7503c8c7e519b8cb9cbd13830793c3429e142
 DIST ark-20.08.3.tar.xz 2711708 BLAKE2B c486320f113ab3d12b67aec7589e7973a022415da5dbe01754a9e454c74bb59d2b6556c6934aafd7b5c0ee685e2eca7feee276ad3ebb8a0c6f57aea5bc666a0f SHA512 41ab1498b77f9d152f900eba9e784e8ed28127c849796e42c18db5beb963b0c8f2a1ef1c408d37db02fb21577e5d8e08d8561b72b14042e079a5f1baffa01a01
diff --git a/kde-apps/ark/ark-20.04.3-r2.ebuild b/kde-apps/ark/ark-20.04.3-r2.ebuild
deleted file mode 100644
index 9c906db1341b..000000000000
--- a/kde-apps/ark/ark-20.04.3-r2.ebuild
+++ /dev/null
@@ -1,83 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-ECM_HANDBOOK="forceoptional"
-ECM_TEST="optional"
-KFMIN=5.70.0
-QTMIN=5.14.2
-VIRTUALX_REQUIRED="test"
-inherit ecm kde.org optfeature
-
-DESCRIPTION="File archiver by KDE"
-HOMEPAGE="https://apps.kde.org/en/ark https://utils.kde.org/projects/ark/"
-
-LICENSE="GPL-2" # TODO: CHECK
-SLOT="5"
-KEYWORDS="amd64 arm64 ~ppc64 x86"
-IUSE="zip"
-
-BDEPEND="
-	sys-devel/gettext
-"
-RDEPEND="
-	app-arch/libarchive:=[bzip2,lzma,zlib]
-	>=dev-qt/qtdbus-${QTMIN}:5
-	>=dev-qt/qtgui-${QTMIN}:5
-	>=dev-qt/qtwidgets-${QTMIN}:5
-	>=kde-frameworks/karchive-${KFMIN}:5
-	>=kde-frameworks/kcompletion-${KFMIN}:5
-	>=kde-frameworks/kconfig-${KFMIN}:5
-	>=kde-frameworks/kconfigwidgets-${KFMIN}:5
-	>=kde-frameworks/kcoreaddons-${KFMIN}:5
-	>=kde-frameworks/kcrash-${KFMIN}:5
-	>=kde-frameworks/kdbusaddons-${KFMIN}:5
-	>=kde-frameworks/ki18n-${KFMIN}:5
-	>=kde-frameworks/kio-${KFMIN}:5
-	>=kde-frameworks/kitemmodels-${KFMIN}:5
-	>=kde-frameworks/kjobwidgets-${KFMIN}:5
-	>=kde-frameworks/kparts-${KFMIN}:5
-	>=kde-frameworks/kpty-${KFMIN}:5
-	>=kde-frameworks/kservice-${KFMIN}:5
-	>=kde-frameworks/kwidgetsaddons-${KFMIN}:5
-	>=kde-frameworks/kxmlgui-${KFMIN}:5
-	sys-libs/zlib
-	zip? ( >=dev-libs/libzip-1.2.0:= )
-"
-DEPEND="${RDEPEND}
-	>=dev-qt/qtconcurrent-${QTMIN}:5
-"
-
-PATCHES=(
-	"${FILESDIR}/${P}-CVE-2020-16116.patch"
-	"${FILESDIR}/${P}-CVE-2020-24654.patch"
-)
-
-src_configure() {
-	local mycmakeargs=(
-		$(cmake_use_find_package zip LibZip)
-	)
-
-	ecm_src_configure
-}
-
-src_test() {
-	local myctestargs=(
-		-E "(plugins-clirartest)"
-	)
-
-	ecm_src_test
-}
-
-pkg_postinst() {
-	if [[ -z "${REPLACING_VERSIONS}" ]]; then
-		elog "Optional dependencies:"
-		optfeature "rar archive creation/extraction" app-arch/rar
-		optfeature "rar archive extraction only" app-arch/unar app-arch/unrar
-		optfeature "7-Zip archive support" app-arch/p7zip
-		optfeature "lrz archive support" app-arch/lrzip
-		optfeature "markdown support in text previews" kde-misc/markdownpart:${SLOT} kde-misc/kmarkdownwebview:${SLOT}
-	fi
-	ecm_pkg_postinst
-}
diff --git a/kde-apps/ark/files/ark-20.04.3-CVE-2020-16116.patch b/kde-apps/ark/files/ark-20.04.3-CVE-2020-16116.patch
deleted file mode 100644
index 79129c7be6e1..000000000000
--- a/kde-apps/ark/files/ark-20.04.3-CVE-2020-16116.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 0df592524fed305d6fbe74ddf8a196bc9ffdb92f Mon Sep 17 00:00:00 2001
-From: Elvis Angelaccio <elvis.angelaccio@kde.org>
-Date: Wed, 29 Jul 2020 23:45:30 +0200
-Subject: [PATCH] Fix vulnerability to path traversal attacks
-
-Ark was vulnerable to directory traversal attacks because of
-missing validation of file paths in the archive.
-
-More details about this attack are available at:
-https://github.com/snyk/zip-slip-vulnerability
-
-Job::onEntry() is the only place where we can safely check the path of
-every entry in the archive. There shouldn't be a valid reason
-to have a "../" in an archive path, so we can just play safe and abort
-the LoadJob if we detect such an entry. This makes impossibile to
-extract this kind of malicious archives and perform the attack.
-
-Thanks to Albert Astals Cid for suggesting to use QDir::cleanPath()
-so that we can still allow loading of legitimate archives that
-contain "../" in their paths but still resolve inside the extraction folder.
----
- kerfuffle/jobs.cpp | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/kerfuffle/jobs.cpp b/kerfuffle/jobs.cpp
-index fdaa48695..f73b56f86 100644
---- a/kerfuffle/jobs.cpp
-+++ b/kerfuffle/jobs.cpp
-@@ -180,6 +180,14 @@ void Job::onError(const QString & message, const QString & details)
- 
- void Job::onEntry(Archive::Entry *entry)
- {
-+    const QString entryFullPath = entry->fullPath();
-+    if (QDir::cleanPath(entryFullPath).contains(QLatin1String("../"))) {
-+        qCWarning(ARK) << "Possibly malicious archive. Detected entry that could lead to a directory traversal attack:" << entryFullPath;
-+        onError(i18n("Could not load the archive because it contains ill-formed entries and might be a malicious archive."), QString());
-+        onFinished(false);
-+        return;
-+    }
-+
-     emit newEntry(entry);
- }
- 
--- 
-GitLab
-
diff --git a/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch b/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch
deleted file mode 100644
index 8b3821893ef3..000000000000
--- a/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 8bf8c5ef07b0ac5e914d752681e470dea403a5bd Mon Sep 17 00:00:00 2001
-From: Fabian Vogt <fabian@ritter-vogt.de>
-Date: Tue, 25 Aug 2020 22:14:37 +0200
-Subject: [PATCH] Pass the ARCHIVE_EXTRACT_SECURE_SYMLINKS flag to libarchive
-
-There are archive types which allow to first create a symlink and then
-later on dereference it. If the symlink points outside of the archive,
-this results in writing outside of the destination directory.
-
-With the ARCHIVE_EXTRACT_SECURE_SYMLINKS option set, libarchive avoids
-this situation by verifying that none of the target path components are
-symlinks before writing.
-
-Remove the commented out code in the method, which would actually
-misbehave if enabled again.
-
-Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de>
----
- plugins/libarchive/libarchiveplugin.cpp | 18 +++---------------
- 1 file changed, 3 insertions(+), 15 deletions(-)
-
-diff --git a/plugins/libarchive/libarchiveplugin.cpp b/plugins/libarchive/libarchiveplugin.cpp
-index 50e81da1..8a0fed21 100644
---- a/plugins/libarchive/libarchiveplugin.cpp
-+++ b/plugins/libarchive/libarchiveplugin.cpp
-@@ -509,21 +509,9 @@ void LibarchivePlugin::emitEntryFromArchiveEntry(struct archive_entry *aentry)
- 
- int LibarchivePlugin::extractionFlags() const
- {
--    int result = ARCHIVE_EXTRACT_TIME;
--    result |= ARCHIVE_EXTRACT_SECURE_NODOTDOT;
--
--    // TODO: Don't use arksettings here
--    /*if ( ArkSettings::preservePerms() )
--    {
--        result &= ARCHIVE_EXTRACT_PERM;
--    }
--
--    if ( !ArkSettings::extractOverwrite() )
--    {
--        result &= ARCHIVE_EXTRACT_NO_OVERWRITE;
--    }*/
--
--    return result;
-+    return ARCHIVE_EXTRACT_TIME
-+           | ARCHIVE_EXTRACT_SECURE_NODOTDOT
-+           | ARCHIVE_EXTRACT_SECURE_SYMLINKS;
- }
- 
- void LibarchivePlugin::copyData(const QString& filename, struct archive *dest, bool partialprogress)
--- 
-GitLab
-