2 files changed, 47 insertions, 37 deletions
diff --git a/kde/patch/ark/ark_cve-2020-16116.patch b/kde/patch/ark/ark_cve-2020-16116.patch
new file mode 100644
index 0000000..b3feb1b
--- /dev/null
+++ b/kde/patch/ark/ark_cve-2020-16116.patch
@@ -0,0 +1,47 @@
+From 0df592524fed305d6fbe74ddf8a196bc9ffdb92f Mon Sep 17 00:00:00 2001
+From: Elvis Angelaccio <elvis.angelaccio@kde.org>
+Date: Wed, 29 Jul 2020 23:45:30 +0200
+Subject: [PATCH] Fix vulnerability to path traversal attacks
+
+Ark was vulnerable to directory traversal attacks because of
+missing validation of file paths in the archive.
+
+More details about this attack are available at:
+https://github.com/snyk/zip-slip-vulnerability
+
+Job::onEntry() is the only place where we can safely check the path of
+every entry in the archive. There shouldn't be a valid reason
+to have a "../" in an archive path, so we can just play safe and abort
+the LoadJob if we detect such an entry. This makes impossibile to
+extract this kind of malicious archives and perform the attack.
+
+Thanks to Albert Astals Cid for suggesting to use QDir::cleanPath()
+so that we can still allow loading of legitimate archives that
+contain "../" in their paths but still resolve inside the extraction folder.
+---
+ kerfuffle/jobs.cpp | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/kerfuffle/jobs.cpp b/kerfuffle/jobs.cpp
+index fdaa48695..f73b56f86 100644
+--- a/kerfuffle/jobs.cpp
++++ b/kerfuffle/jobs.cpp
+@@ -180,6 +180,14 @@ void Job::onError(const QString & message, const QString & details)
+ 
+ void Job::onEntry(Archive::Entry *entry)
+ {
++    const QString entryFullPath = entry->fullPath();
++    if (QDir::cleanPath(entryFullPath).contains(QLatin1String("../"))) {
++        qCWarning(ARK) << "Possibly malicious archive. Detected entry that could lead to a directory traversal attack:" << entryFullPath;
++        onError(i18n("Could not load the archive because it contains ill-formed entries and might be a malicious archive."), QString());
++        onFinished(false);
++        return;
++    }
++
+     emit newEntry(entry);
+ }
+ 
+-- 
+GitLab
+
+
diff --git a/kde/patch/ark/ark_kdebug357057.patch b/kde/patch/ark/ark_kdebug357057.patch
deleted file mode 100644
index 76c0bab..0000000
--- a/kde/patch/ark/ark_kdebug357057.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From: Elvis Angelaccio <elvis.angelaccio@kdemail.net>
-Date: Wed, 23 Dec 2015 16:19:29 +0000
-Subject: Fallback to read-only mode if there are no read-write executables
-X-Git-Url: http://quickgit.kde.org/?p=ark.git&a=commitdiff&h=087e5aab49c60ac5930742fe892fa930048e2f43
----
-Fallback to read-only mode if there are no read-write executables
-
-Commit 2d000a0 introduced executables check when loading a plugin. However the
-current behavior is too restrictive: if one wants only to open a rar or a
-zip archive, there is no need to require also the rar or zip program to be
-installed. Plus, some distributions (e.g. Archlinux) ship only unrar in their
-official repositories.
-
-With this commit, Ark is able to understand that e.g. unrar is installed but
-rar is not. In this case, Ark can and should fallback to read-only mode,
-to disable the Add/Delete actions in the toolbar.
-
-BUG: 357057
-FIXED-IN: 15.12.1
-
-CC: rthomsen6@gmail.com
----
-
-
---- a/kerfuffle/archive_kerfuffle.cpp
-+++ b/kerfuffle/archive_kerfuffle.cpp
-@@ -173,6 +173,9 @@
- 
-             if (iface->findExecutables(!isReadOnly)) {
-                 return new Archive(iface, isReadOnly, parent);
-+            } else if (!isReadOnly && iface->findExecutables(false)) {
-+                qCWarning(ARK) << "Failed to find read-write executables: falling back to read-only mode for read-write plugin" << pluginName;
-+                return new Archive(iface, true, parent);
-             } else {
-                 qCWarning(ARK) << "Failed to find needed executables for plugin" << pluginName;
-             }
-