Commits · master · Jan Paul Batrina / Ark

09 Oct, 2020 1 commit

SVN_SILENT made messages (.desktop file) - always resolve ours · bd38caa7

Script Kiddy authored Oct 09, 2020

In case of conflict in i18n, keep the version of the branch "ours"
To resolve a particular conflict, "git checkout --ours path/to/file.desktop"

bd38caa7

06 Oct, 2020 1 commit
- Port HACKING to gitlab · 036471d0
  Nicolas Fella authored Oct 06, 2020
  
  036471d0
03 Oct, 2020 1 commit
- GIT_SILENT Update Appstream for new release · 270e8b6a
  Christoph Feck authored Oct 03, 2020
```
(cherry picked from commit 94cdb7a9)
```
  270e8b6a
27 Sep, 2020 1 commit
- Compile with QT_NO_KEYWORDS · fd9a3edd
  Alexander Lohnau authored Sep 27, 2020
  
  fd9a3edd
26 Sep, 2020 1 commit
- Override text of saveAs standard action · 99057f5e
  Elvis Angelaccio authored Sep 26, 2020
```
This makes it clear what the action actually does.

BUG: 426960
```
  99057f5e
25 Sep, 2020 2 commits
- Fix clazy warning · cb010aa1
  Laurent Montel authored Sep 25, 2020
  
  cb010aa1
- SVN_SILENT made messages (.desktop file) - always resolve ours · 7b1fe272
  Script Kiddy authored Sep 25, 2020
```
In case of conflict in i18n, keep the version of the branch "ours"
To resolve a particular conflict, "git checkout --ours path/to/file.desktop"
```
  7b1fe272
16 Sep, 2020 1 commit
- We depend against 5.71.0 · a9de72ee
  Laurent Montel authored Sep 16, 2020
  
  a9de72ee
02 Sep, 2020 2 commits
- SVN_SILENT made messages (.desktop file) - always resolve ours · 37d5cc4c
  Script Kiddy authored Sep 02, 2020
```
In case of conflict in i18n, keep the version of the branch "ours"
To resolve a particular conflict, "git checkout --ours path/to/file.desktop"
```
  37d5cc4c
- GIT_SILENT made messages (after extraction) · 4cab0c7a
  Script Kiddy authored Sep 02, 2020
  
  4cab0c7a
01 Sep, 2020 2 commits
- SVN_SILENT made messages (.desktop file) - always resolve ours · 1ffb175c
  Script Kiddy authored Sep 01, 2020
```
In case of conflict in i18n, keep the version of the branch "ours"
To resolve a particular conflict, "git checkout --ours path/to/file.desktop"
```
  1ffb175c
- GIT_SILENT made messages (after extraction) · 819ba0d2
  Script Kiddy authored Sep 01, 2020
  
  819ba0d2
31 Aug, 2020 1 commit
- GIT_SILENT Update Appstream for new release · 184f23db
  Christoph Feck authored Aug 31, 2020
```
(cherry picked from commit 4438db46)
```
  184f23db
30 Aug, 2020 1 commit
- libzip: drop redundant get() calls · 68f9dadb
  Elvis Angelaccio authored Aug 30, 2020
```
unique_ptr has an `operator bool`, so they are not needed.
```
  68f9dadb
27 Aug, 2020 2 commits

Merge remote-tracking branch 'origin/release/20.08' into master · bcc40c12
Albert Astals Cid authored Aug 27, 2020

bcc40c12

Pass the ARCHIVE_EXTRACT_SECURE_SYMLINKS flag to libarchive · 8bf8c5ef

Fabian Vogt authored Aug 25, 2020

There are archive types which allow to first create a symlink and then
later on dereference it. If the symlink points outside of the archive,
this results in writing outside of the destination directory.

With the ARCHIVE_EXTRACT_SECURE_SYMLINKS option set, libarchive avoids
this situation by verifying that none of the target path components are
symlinks before writing.

Remove the commented out code in the method, which would actually
misbehave if enabled again.
Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de>

8bf8c5ef

26 Aug, 2020 2 commits

Part: more async KIO jobs · eff5cd0b

Ahmad Samir authored Aug 25, 2020

Add comment explaining what extractSelectedFilesTo is used for.
Slightly tweak error message.

eff5cd0b

Part: QFileDialog asks to overwrite a file on its own · 54ba94ec

Ahmad Samir authored Aug 20, 2020

- No need to stat the url we get from QFileDialog::getSaveFileUrl, if it
  already exists the dialog should show the "do you want to overwrite?"
  message to the user on its own; also no need to check for isValid, the
  dialog will return valid urls, AFAICS
- KIO::file_copy will check if the src url exists ...etc, we don't have
  to do that manually; also make the job async, and re-use the custom error
  messages where possible

54ba94ec

24 Aug, 2020 3 commits
- Fix timestamp comparison test fail after QT5.11 by Switchng to QDatetime... · c7764f46
  Michal Szymanski authored Aug 24, 2020
```
Fix timestamp comparison test fail after QT5.11 by Switchng to QDatetime comparison instead of QString. 5.11 variant changed QDateTime toString fromat to ISODateWithMs
```
  c7764f46
- Merge branch 'krab/ark-master' into master · 8ac8238b
  Christoph Cullmann authored Aug 24, 2020
  
  8ac8238b
- libzipplugin.cpp: nullptr · e23ccfc5
  Alexey Ivanov authored Aug 24, 2020
  
  e23ccfc5
23 Aug, 2020 2 commits
- libarchive: drop dead code · 318ce861
  Elvis Angelaccio authored Aug 23, 2020
```
It's been commented since 68e58f5d from 13 years ago.
```
  318ce861
- libzipplugin.cpp: construct zip_file on unique_ptr reset · c083832c
  Alexey Ivanov authored Aug 23, 2020
  
  c083832c
21 Aug, 2020 1 commit

Port KRun to OpenUrlJob and ApplicationLauncherJob · c4c765a9

Ahmad Samir authored Aug 21, 2020

In BatchExtract, use QUrl::fromLocalFile to construct a url with the
file:// scheme, so that the destination dir can be opened after the
extraction is finished.

Bump minimum KF version to 5.71 as that's where OpenUrlJob was introduced.

c4c765a9

18 Aug, 2020 2 commits
- libzipplugin.cpp: unique_ptr without swap. · 05a1b621
  Alexey Ivanov authored Aug 18, 2020
  
  05a1b621
- libzipplugin.cpp: restore password-protected files extraction · 2853d66c
  Alexey Ivanov authored Aug 18, 2020
  
  2853d66c
17 Aug, 2020 1 commit
- libzipplugin.cpp: replace zip_fopen/zip_fclose with unique_ptr · 0aec0e08
  Alexey Ivanov authored Aug 17, 2020
  
  0aec0e08
15 Aug, 2020 1 commit
- libzipplugin.cpp: add missing zip_fclose to prevent memory leaks in testArchive function · aa4a790d
  Alexey Ivanov authored Aug 15, 2020
  
  aa4a790d
14 Aug, 2020 1 commit
- libzipplugin.cpp: add missing zip_fclose to prevent memory leaks in extractEntry function · f1b5f10c
  Alexey Ivanov authored Aug 14, 2020
  
  f1b5f10c
08 Aug, 2020 2 commits
- Merge remote-tracking branch 'origin/release/20.08' into master · 071f1a26
  Pino Toscano authored Aug 08, 2020
  
  071f1a26
- appdata: use canonical help URL · ddd3641e
  Pino Toscano authored Aug 08, 2020
  
  ddd3641e
05 Aug, 2020 3 commits
- GIT_SILENT Update Appstream for new release · 832b6e18
  Christoph Feck authored Aug 05, 2020
```
(cherry picked from commit 6104ad1c)
```
  832b6e18
- GIT_SILENT Update Appstream for new release · 6104ad1c
  Christoph Feck authored Aug 05, 2020
  
  6104ad1c
- GIT_SILENT Upgrade release service version to 20.08.0. · 3d73665a
  Christoph Feck authored Aug 05, 2020
  
  3d73665a
31 Jul, 2020 4 commits
- GIT_SILENT Upgrade release service version to 20.07.90. · 720ae41f
  Christoph Feck authored Jul 31, 2020
  
  720ae41f
- We depend against kf5.70 => it depends against 5.12 · 70029899
  Laurent Montel authored Jul 31, 2020
  
  70029899
- Delete propertiesdialog · b768de1d
  Laurent Montel authored Jul 31, 2020
  
  b768de1d
- Fix mem leak found by ASAN · 18bbee67
  Laurent Montel authored Jul 31, 2020
  
  18bbee67
29 Jul, 2020 2 commits

Merge branch 'release/20.08' · 9393b0d8
Elvis Angelaccio authored Jul 29, 2020

9393b0d8

Fix vulnerability to path traversal attacks · 0df59252

Elvis Angelaccio authored Jul 29, 2020

Ark was vulnerable to directory traversal attacks because of
missing validation of file paths in the archive.

More details about this attack are available at:
https://github.com/snyk/zip-slip-vulnerability

Job::onEntry() is the only place where we can safely check the path of
every entry in the archive. There shouldn't be a valid reason
to have a "../" in an archive path, so we can just play safe and abort
the LoadJob if we detect such an entry. This makes impossibile to
extract this kind of malicious archives and perform the attack.

Thanks to Albert Astals Cid for suggesting to use QDir::cleanPath()
so that we can still allow loading of legitimate archives that
contain "../" in their paths but still resolve inside the extraction folder.

0df59252