notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
This referral link gives you 10% off a Fastmail.com account and gives me a discount on my Fastmail account.

Get notified when packages are built

A new feature has been added. FreshPorts already tracks package built by the FreeBSD project. This information is displayed on each port page. You can now get an email when FreshPorts notices a new package is available for something on one of your watch lists. However, you must opt into that. Click on Report Subscriptions on the right, and New Package Notification box, and click on Update.

FInally, under Watch Lists, click on ABI Package Subscriptions to select your ABI (e.g. FreeBSD:14:amd64) & package set (latest/quarterly) combinatio for a given watch list. This is what FreshPorts will look for.

non port: archivers/ark/files

Number of commits found: 10

Thursday, 3 Sep 2020
14:48 tcberner search for other commits by this committer
Update KDE Applications (release-service) to 20.08.1
Original commitRevision:547458 
Friday, 28 Aug 2020
05:47 tcberner search for other commits by this committer
archivers/ark: fix vulnerability in tar extraction

KDE Project Security Advisory
=============================

Title:           Ark: maliciously crafted TAR archive with symlinks can install
files outside the extraction directory.
Risk Rating:     Important
CVE:             CVE-2020-24654
Versions:        ark <= 20.08.0
Author:          Elvis Angelaccio <elvis.angelaccio@kde.org>
Date:            27 August 2020

Overview
========

A maliciously crafted TAR archive containing symlink entries
would install files anywhere in the user's home directory upon extraction.

Proof of concept
================

For testing, an example of malicious archive can be found at
https://github.com/jwilk/traversal-archives/releases/download/0/dirsymlink.tar

Impact
======

Users can unwillingly install files like a modified .bashrc, or a malicious
script placed in ~/.config/autostart.

Workaround
==========

Before extracting a downloaded archive using the Ark GUI, users should inspect
it
to make sure it doesn't contain symlink entries pointing outside the extraction
folder.

The 'Extract' context menu from the Dolphin file manager shouldn't be used.

Solution
========

Ark 20.08.1 skips maliciously crafted symlinks when extracting TAR archives.

Alternatively,
https://invent.kde.org/utilities/ark/-/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd
can be applied to previous
releases.

Credits
=======

Thanks to Fabian Vogt for reporting this issue and for fixing it.

MFH:		2020Q3
Security:	CVE-2020-24654
Original commitRevision:546706 
Thursday, 13 Aug 2020
17:10 tcberner search for other commits by this committer
KDE's August 2020 Apps Update

Dozens of KDE apps are getting new releases from KDE's release service. New
features, usability improvements, re-designs and bug fixes all contribute to
helping boost your productivity and making this new batch of applications more
efficient and pleasant to use.

Full announcement:
        https://kde.org/announcements/releases/2020-08-apps-update/
Original commitRevision:544824 
Thursday, 30 Jul 2020
04:32 tcberner search for other commits by this committer
archivers/ark: security fix

KDE Project Security Advisory
=============================

Title:           Ark: maliciously crafted archive can install files outside the
extraction directory.
Risk Rating:     Important
CVE:             CVE-2020-16116
Versions:        ark <= 20.04.3
Author:          Elvis Angelaccio <elvis.angelaccio@kde.org>
Date:            30 July 2020

Overview
========

A maliciously crafted archive with "../" in the file paths
would install files anywhere in the user's home directory upon extraction.

Proof of concept
================

For testing, an example of malicious archive can be found at
https://github.com/jwilk/traversal-archives/releases/download/0/relative2.zip

Impact
======

Users can unwillingly install files like a modified .bashrc, or a malicious
script placed in ~/.config/autostart

Workaround
==========

Users should not use the 'Extract' context menu from the Dolphin file manager.
Before extracting a downloaded archive using the Ark GUI, users should inspect
it
to make sure it doesn't contain entries with "../" in the file path.

Solution
========

Ark 20.08.0 prevents loading of malicious archives and shows a warning message
to the users.

Alternatively,
https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f
can be applied to previous releases.

Credits
=======

Thanks to Dominik Penner for finding and reporting this issue and thanks to
Elvis Angelaccio and Albert Astals Cid for fixing it.
Original commitRevision:543704 
Thursday, 15 Aug 2019
15:38 adridg search for other commits by this committer
Update KDE Applications to latest upstream release, 19.08

Release announcement
	https://kde.org/announcements/announce-applications-19.08.0.php

Thanks to tcberner for doing most of the prep-work.
Original commitRevision:509000 
10:01 adridg search for other commits by this committer
Update KDE Frameworks to latest upstream release, 5.61

Release notes at
	https://kde.org/announcements/kde-frameworks-5.61.0.php

Thanks to
	antoine@ for the exp-runs,
	tcberner@ for most of the prep-work,
	the Gentoo community for cherry-picking patches

There are a bunch of changes in (implicitly included) headers, which
broke existing KDE Applications builds; that's why there are a whole
bunch of "patch-gentoo-kf5-5.61-headers" patches (taken from Gentoo
packaging). Those will go away with the next KDE Applications release,

PR:		239777
Submitted by:	tcberner
Original commitRevision:508988 
Thursday, 18 Apr 2019
16:55 tcberner search for other commits by this committer
Update KDE Applications to 19.04.0

The changelog can be found here:
	- https://kde.org/announcements/announce-applications-19.04.0.php

Due to crashes on start, multimedia/kdenlive was kept at 18.12.3 for now.
Original commitRevision:499277 
Sunday, 8 Apr 2018
12:12 adridg search for other commits by this committer
Fix build of archivers/ark on 10.3 (old clang). Make the return
type of the lambda explicit, to avoid this build error:

error: return type 'QString' must match previous return type 'const QString'
when lambda expression has unspecified explicit return type
                return QString();

Reported by:	pkg-fallout
Approved by:	tcberner (mentor, implicit)
Original commitRevision:466795 
Friday, 6 Apr 2018
20:11 tcberner search for other commits by this committer
New port: archivers/ark

This is the current version of KDE Applications <foo>.
Note that users of KDE SC4 should stick with <foo>-kde4.

Reviewed by:	adridg
Differential Revision:	https://reviews.freebsd.org/D14822
Original commitRevision:466687 
Wednesday, 11 Mar 2015
23:11 alonso search for other commits by this committer
Update KDE SC to 4.14.3

The kde@ team presents KDE SC 4.14.3, the last planed release
of the KDE SC 4 series.

In addition to the updates provided by the KDE SC developers, this
update also addresses numerous FreeBSD and PORTS specific
issues, found and solved by the kde@ team and area51 testers,
most notorously Tobias C. Berner <tcberner@gmail.com>

PR:		197751
PR:		197871
PR:		184996
Reviewed by:	rakuco (mentor)
Differential:	https://reviews.freebsd.org/D1950
Original commitRevision:381052 

Number of commits found: 10