Commits · 700298994883c85fff4ac30986c8e4c7111f5c09 · Utilities / Ark

31 Jul, 2020 3 commits
- We depend against kf5.70 => it depends against 5.12 · 70029899
  Laurent Montel authored Jul 31, 2020
  
  70029899
- Delete propertiesdialog · b768de1d
  Laurent Montel authored Jul 31, 2020
  
  b768de1d
- Fix mem leak found by ASAN · 18bbee67
  Laurent Montel authored Jul 31, 2020
  
  18bbee67
29 Jul, 2020 2 commits

Merge branch 'release/20.08' · 9393b0d8
Elvis Angelaccio authored Jul 29, 2020

9393b0d8

Fix vulnerability to path traversal attacks · 0df59252

Elvis Angelaccio authored Jul 29, 2020

Ark was vulnerable to directory traversal attacks because of
missing validation of file paths in the archive.

More details about this attack are available at:
https://github.com/snyk/zip-slip-vulnerability

Job::onEntry() is the only place where we can safely check the path of
every entry in the archive. There shouldn't be a valid reason
to have a "../" in an archive path, so we can just play safe and abort
the LoadJob if we detect such an entry. This makes impossibile to
extract this kind of malicious archives and perform the attack.

Thanks to Albert Astals Cid for suggesting to use QDir::cleanPath()
so that we can still allow loading of legitimate archives that
contain "../" in their paths but still resolve inside the extraction folder.

0df59252

22 Jul, 2020 2 commits
- GIT_SILENT made messages (after extraction) · 66aa08f7
  Script Kiddy authored Jul 22, 2020
  
  66aa08f7
- GIT_SILENT made messages (after extraction) · 8d0bc65b
  Script Kiddy authored Jul 22, 2020
  
  8d0bc65b
17 Jul, 2020 3 commits
- flatpak: Sort finish-args & add accessibilty access · ccc87f96
  Timothée Ravier authored Jul 17, 2020
  
  ccc87f96
- flatpak: Add support for more archive formats (zstd, lz4, etc.) · 36365753
  Timothée Ravier authored Jul 17, 2020
  
  36365753
- flatpak: Cleanup unneeded files · d1f86f5f
  Timothée Ravier authored Jul 17, 2020
  
  d1f86f5f
11 Jul, 2020 3 commits
- GIT_SILENT Upgrade release service version to 20.11.70. · 94a938a2
  Albert Astals Cid authored Jul 11, 2020
  
  94a938a2
- GIT_SILENT Upgrade release service version to 20.07.80. · 0440d05b
  Albert Astals Cid authored Jul 11, 2020
  
  0440d05b
- Merge remote-tracking branch 'origin/release/20.04' · 28023b68
  Albert Astals Cid authored Jul 11, 2020
```
Ragnar, Elvis, please remember to do the merges, if it wasn't because I'm
stubborn when creating new branches we would have lost this for 20.08
and future because the code was only in 20.04

CCMAIL: rthomsen6@gmail.com
CCMAIL: elvis.angelaccio@kde.org
```
  28023b68
10 Jul, 2020 2 commits
- GIT_SILENT made messages (after extraction) · 5be9eb70
  Script Kiddy authored Jul 10, 2020
  
  5be9eb70
- GIT_SILENT made messages (after extraction) · 5aee0f5d
  Script Kiddy authored Jul 10, 2020
  
  5aee0f5d
03 Jul, 2020 3 commits
- GIT_SILENT Update Appstream for new release · f028568d
  Christoph Feck authored Jul 03, 2020
  
  f028568d
- GIT_SILENT Update Appstream for new release · faafd2fa
  Christoph Feck authored Jul 03, 2020
```
(cherry picked from commit f028568d)
```
  faafd2fa
- GIT_SILENT Upgrade release service version to 20.04.3. · 7a3bb232
  Christoph Feck authored Jul 03, 2020
  
  7a3bb232
18 Jun, 2020 4 commits
- SVN_SILENT made messages (.desktop file) - always resolve ours · 0028d71d
  Script Kiddy authored Jun 18, 2020
```
In case of conflict in i18n, keep the version of the branch "ours"
To resolve a particular conflict, "git checkout --ours path/to/file.desktop"
```
  0028d71d
- GIT_SILENT made messages (after extraction) · 9b80c72d
  Script Kiddy authored Jun 18, 2020
  
  9b80c72d
- SVN_SILENT made messages (.desktop file) - always resolve ours · d51c54f0
  Script Kiddy authored Jun 18, 2020
```
In case of conflict in i18n, keep the version of the branch "ours"
To resolve a particular conflict, "git checkout --ours path/to/file.desktop"
```
  d51c54f0
- GIT_SILENT made messages (after extraction) · 4c4bd633
  Script Kiddy authored Jun 18, 2020
  
  4c4bd633
17 Jun, 2020 4 commits
- SVN_SILENT made messages (.desktop file) - always resolve ours · 4a8975fc
  Script Kiddy authored Jun 17, 2020
```
In case of conflict in i18n, keep the version of the branch "ours"
To resolve a particular conflict, "git checkout --ours path/to/file.desktop"
```
  4a8975fc
- GIT_SILENT made messages (after extraction) · fc88ed74
  Script Kiddy authored Jun 17, 2020
  
  fc88ed74
- SVN_SILENT made messages (.desktop file) - always resolve ours · 76251c27
  Script Kiddy authored Jun 17, 2020
```
In case of conflict in i18n, keep the version of the branch "ours"
To resolve a particular conflict, "git checkout --ours path/to/file.desktop"
```
  76251c27
- GIT_SILENT made messages (after extraction) · beefbf75
  Script Kiddy authored Jun 17, 2020
  
  beefbf75
14 Jun, 2020 1 commit
- GIT_SILENT made messages (after extraction) · 76f19ca5
  Script Kiddy authored Jun 14, 2020
  
  76f19ca5
13 Jun, 2020 1 commit
- Minor fixes for Flathub submission · 32ea6323
  Timothée Ravier authored Jun 13, 2020 and Nate Graham committed Jun 13, 2020
```
* Add OARS content rating
* Update screenshot image size
* Update flatpak manifest
```
  32ea6323
08 Jun, 2020 3 commits
- GIT_SILENT Update Appstream for new release · 6e1344df
  Christoph Feck authored Jun 08, 2020
  
  6e1344df
- GIT_SILENT Update Appstream for new release · e05d7df6
  Christoph Feck authored Jun 08, 2020
```
(cherry picked from commit 6e1344df)
```
  e05d7df6
- GIT_SILENT Upgrade release service version to 20.04.2. · e7005290
  Christoph Feck authored Jun 08, 2020
  
  e7005290
02 Jun, 2020 2 commits
- GIT_SILENT made messages (after extraction) · 5be8b9c2
  Script Kiddy authored Jun 02, 2020
  
  5be8b9c2
- GIT_SILENT made messages (after extraction) · 574371f5
  Script Kiddy authored Jun 02, 2020
  
  574371f5
21 May, 2020 1 commit
- GIT_SILENT: add Ark icon as repository logo · b0aa9918
  Yuri Chornoivan authored May 21, 2020
  
  b0aa9918
17 May, 2020 1 commit
- GIT_SILENT: we don't use phabricator now · 1cc45cc0
  Laurent Montel authored May 17, 2020
  
  1cc45cc0
11 May, 2020 4 commits
- Port to KIO::ApplicationLauncherJob · 56c1b43b
  David Faure authored May 12, 2020
  
  56c1b43b
- GIT_SILENT Update Appstream for new release · d42851d6
  Christoph Feck authored May 11, 2020
  
  d42851d6
- GIT_SILENT Update Appstream for new release · 2811c052
  Christoph Feck authored May 11, 2020
```
(cherry picked from commit d42851d6)
```
  2811c052
- GIT_SILENT Upgrade release service version to 20.04.1. · 296cee16
  Christoph Feck authored May 11, 2020
  
  296cee16
04 May, 2020 1 commit

libarchive: Improve error-handling when loading archive · b47c5346

Ragnar Thomsen authored May 04, 2020

Improves error-handling in LibarchivePlugin::list().

Previously we only checked whether we could read until the end of the
archive, and even if we couldn't there was no error shown to the user.
Now we check the return value of both archive_read_next_header() and
archive_read_data_skip(), and show a corrupt archive query if either
was not successful.

This partially solves bug 411074, as Ark now at least gives a warning
when opening a corrupt archive with libarchiveplugin. We still need to
improve error-handling when extracting, but this requires some
refactoring first so will be done later.
CCBUG: 411074
Differential Revision: D29383

b47c5346