git » ark.git » commit c5b58c2

Fix CVE-2020-24654

author Antonio Rojas
2020-08-27 20:10:26 UTC
committer Antonio Rojas
2020-08-27 20:10:26 UTC
parent 2c63ee6e99e6d95552ea47439eebfe94eff18220
Fix CVE-2020-24654
PKGBUILD +9 -3 
diff --git a/PKGBUILD b/PKGBUILD
index e0543af..74b53a6 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -4,7 +4,7 @@
 
 pkgname=ark
 pkgver=20.08.0
-pkgrel=1
+pkgrel=2
 pkgdesc='Archiving Tool'
 arch=(x86_64)
 url='https://kde.org/applications/utilities/ark/'
@@ -14,12 +14,18 @@ makedepends=(extra-cmake-modules kdoctools)
 optdepends=('p7zip: 7Z format support' 'unrar: RAR decompression support' 'unarchiver: RAR format support'
             'lzop: LZO format support' 'lrzip: LRZ format support')
 groups=(kde-applications kde-utilities)
-source=("https://download.kde.org/stable/release-service/$pkgver/src/$pkgname-$pkgver.tar.xz"{,.sig})
+source=("https://download.kde.org/stable/release-service/$pkgver/src/$pkgname-$pkgver.tar.xz"{,.sig}
+         CVE-2020-24654.patch::"https://invent.kde.org/utilities/ark/-/commit/8bf8c5ef.patch")
 sha256sums=('7627ffa17466d31dfdedabaa07b491ce14b46041d04f8b20316a0fa731fab098'
-            'SKIP')
+            'SKIP'
+            'd5dfd82fc8dccea75f59f10942c9a42e2325f3c5e3c062cc7112677b77c2f72b')
 validpgpkeys=(CA262C6C83DE4D2FB28A332A3A6A4DB839EAA6D7  # Albert Astals Cid <aacid@kde.org>
               F23275E4BF10AFC1DF6914A6DBD2CE893E2D1C87) # Christoph Feck <cfeck@kde.org>
 
+prepare() {
+  patch -d $pkgname-$pkgver -p1 -i ../CVE-2020-24654.patch
+}
+
 build() { 
   cmake -B build -S $pkgname-$pkgver \
     -DBUILD_TESTING=OFF