gentoo auto-resync : 28:11:2023 - 04:51:45

3 files changed, 326 insertions, 0 deletions

diff --git a/app-text/calibre/Manifest b/app-text/calibre/Manifest
index 1e6c084c179f..5f1a2d5d56d7 100644
--- a/app-text/calibre/Manifest
+++ b/app-text/calibre/Manifest
@@ -1,3 +1,4 @@
+AUX 0001-HTML-Input-Dont-add-resources-that-exist-outside-the.patch 2420 BLAKE2B eafb4c38c87bdb708905b0c17b9d3466dad76c1f286f702b6c063c9af866ab8dc656af019eb10a70fa841cfda4e47e1eac9276abdd63d23cf2ffe69f377ad110 SHA512 083e7112f6bdabd0f1894a8afacc87a166ffdad7fa9c88683f05991249b2aa18de04c4e5d842991b0b49a6d0d76248093a7f6ed29a3d0c1a6725e8ab512982e7
 AUX calibre-2.9.0-no_updates_dialog.patch 1661 BLAKE2B c75fc49a621e8dbd16ee1bad748110399cf09a404b4a905d3f723bac1827787e4749f464ba026700b6e5b3cc0ee646a92de00f1f58d10cf12dc9bc91195ee8b6 SHA512 9663b95ed64bdc2bc40692922384d1c6073177eee58a49c412883c4d2ae098e4e0b4ea51b80443108b7c0c3e4f3fda60c00fc3be4d0b62a5d79d982697927235
 AUX calibre-5.35.0-jxr-test.patch 827 BLAKE2B 0a94ac5b12ee2ec732d3ff68979c2060b0b218eee27409b3c351a9cc0b6bccce2260b8b387b442ae10f31483b20bd6d672f7d5424f7d9a8297a1bd14af2f7793 SHA512 259a3b4882bf0fbb01cb22974e219a621a2b337d6f638234a806148b11142fdbf9ac36ae38e71fcb7e18bd61362b34cf3c221ba1df317ec6ea8668591ad2d3ff
 AUX calibre-5.44.0-Fix-compatibility-with-zeroconf-0.73.patch 1065 BLAKE2B 7a74b7d7788340f96b326619f5e2bd916ff21644f0554b2507fcea439eec8217b8b002a2da3b99021fa576a6d3a6fd15d82222f005b8a4fbf37ab5016f33bdb9 SHA512 13f6fc949cc8c5c66013c772cd40429a679fa067d7828cc02e416ecbd556eafb56bebc80bc85a8b442feb3e6b94518450252e701e6426f5a2cde9d102312cf87
@@ -13,6 +14,7 @@ DIST calibre-7.0.0.tar.xz.sig 566 BLAKE2B 5ad0d2b83e37a4ea7511253437fde9dafcc54b
 DIST calibre-7.1.0.tar.xz 41819036 BLAKE2B e98651e55d3265663f517b330f1889b713d2096bf025c03e6cb34d83922b434e364d5e89fafc41de38a9ba39a4482ec71857fc1ae3bfd57d8ce5241f8be6d371 SHA512 bc1f6ea7886f9ef973045bb323b6c57b3229772a47f72ecabba73fb1892c67b2a1462b91bdcafa537ea4c34a4bc61f9fa143f9e9dcca98b0ee8a62e545952074
 DIST calibre-7.1.0.tar.xz.sig 566 BLAKE2B 63ceaf19f01a043c33cdfc15544e693a65009bdb0fb17d4004ddacb83540c277caa0f44ff1fcb7a6eb6c81c67086a522470a4e4bdaf937a51cbfb6f1f863a978 SHA512 7acdf08c40933803ca39d9d86637de113d4f461f74dcede4015169802d739a724f9317edbd047903ed0c8ccd9becca3f49ff3e85fb4b503badddb58b0360602a
 EBUILD calibre-5.44.0-r2.ebuild 8730 BLAKE2B 7146631e9e79aebb5cb546a8ed809b05416379b827396ad973ba3a2a6f56595cacb0c893776ef4e92ed7cba42462c883087d3390ec99033fa86e6e4db0af9b70 SHA512 a21975aba2f018b7fcdeb3e80c7b7bbc15f9d74b35500995dca519371678075c17d152b73a87420673ee49cf65a1a8493591e55da7caa53b0556ff1933d3cc24
+EBUILD calibre-5.44.0-r3.ebuild 8851 BLAKE2B 2df689e30608d43e57bcc04a7c20ce3973f5032816280b9bdc38fcfb596a37e8577188519cb4219d8654561aa687d4810fc6e4935c920bd8d61db1b545d23830 SHA512 cefc4437b3df4947228200220dcc1c174f9e0154d704c5239c1f7351440cbe42d97490c16b1bebf7827f22bca98380068c68f0417e70bc3ba3e100a508f52065
 EBUILD calibre-6.29.0.ebuild 7886 BLAKE2B 00f882ab7b58093fff9587116afaf7d58f40d9a3ecdc2a7132d897f8ee2eb41efb27d1ae7c125588403984215eb8ce8ef02fd7aa2952b24c1613f709674a59f2 SHA512 05e8fc1c48a8400abd202ef78d2602822a1a80767264b6c659926163eac9aae4d52413158c11ae646e00f684f330afac6a46dfa10d80e82c2baaca161f728235
 EBUILD calibre-7.0.0.ebuild 7932 BLAKE2B 0581fd69530c3aa55e274c462a3c562698e98e0df5cfb489ff8b8ea2bef8051f8d8ec08113385de55dc604d4b6cb76dca219ff2dfcbfed2e0c43ef4e54bc0d6b SHA512 9904f7d73241613fd643828c01a51b88e7ae4dc3ccdffcef160f90ff0288907c749302fbbcc0443da66353bd7505539f2b366c523cecb3630d52cbdb2de26b38
 EBUILD calibre-7.1.0.ebuild 7932 BLAKE2B 0581fd69530c3aa55e274c462a3c562698e98e0df5cfb489ff8b8ea2bef8051f8d8ec08113385de55dc604d4b6cb76dca219ff2dfcbfed2e0c43ef4e54bc0d6b SHA512 9904f7d73241613fd643828c01a51b88e7ae4dc3ccdffcef160f90ff0288907c749302fbbcc0443da66353bd7505539f2b366c523cecb3630d52cbdb2de26b38
diff --git a/app-text/calibre/calibre-5.44.0-r3.ebuild b/app-text/calibre/calibre-5.44.0-r3.ebuild
new file mode 100644
index 000000000000..1286833e62d5
--- /dev/null
+++ b/app-text/calibre/calibre-5.44.0-r3.ebuild
@@ -0,0 +1,269 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..11} )
+PYTHON_REQ_USE="ipv6(+),sqlite,ssl"
+
+inherit toolchain-funcs python-single-r1 qmake-utils verify-sig xdg-utils
+
+DESCRIPTION="Ebook management application"
+HOMEPAGE="https://calibre-ebook.com/"
+SRC_URI="
+	https://download.calibre-ebook.com/${PV}/${P}.tar.xz
+	verify-sig? ( https://calibre-ebook.com/signatures/${P}.tar.xz.sig )
+"
+VERIFY_SIG_OPENPGP_KEY_PATH="/usr/share/openpgp-keys/kovidgoyal.gpg"
+
+LICENSE="
+	GPL-3+
+	GPL-3
+	GPL-2+
+	GPL-2
+	GPL-1+
+	LGPL-3+
+	LGPL-2.1+
+	LGPL-2.1
+	BSD
+	MIT
+	Old-MIT
+	Apache-2.0
+	public-domain
+	|| ( Artistic GPL-1+ )
+	CC-BY-3.0
+	OFL-1.1
+	PSF-2
+"
+KEYWORDS="~amd64 ~arm ~x86"
+SLOT="0"
+IUSE="ios speech test +udisks"
+
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+# Qt slotted dependencies are used because the libheadless.so plugin links to
+# QT_*_PRIVATE_ABI. It only uses core/gui/dbus.
+COMMON_DEPEND="${PYTHON_DEPS}
+	>=app-text/hunspell-1.7:=
+	>=app-text/podofo-0.9.6_pre20171027:=
+	<app-text/podofo-0.10:=
+	app-text/poppler[utils]
+	dev-libs/hyphen:=
+	>=dev-libs/icu-57.1:=
+	dev-libs/openssl:=
+	dev-libs/snowball-stemmer:=
+	$(python_gen_cond_dep '
+		>=dev-python/apsw-3.25.2_p1[${PYTHON_USEDEP}]
+		dev-python/beautifulsoup4[${PYTHON_USEDEP}]
+		dev-python/cchardet[${PYTHON_USEDEP}]
+		>=dev-python/css-parser-1.0.4[${PYTHON_USEDEP}]
+		dev-python/dnspython[${PYTHON_USEDEP}]
+		>=dev-python/feedparser-5.2.1[${PYTHON_USEDEP}]
+		>=dev-python/html2text-2019.8.11[${PYTHON_USEDEP}]
+		>=dev-python/html5-parser-0.4.9[${PYTHON_USEDEP}]
+		dev-python/jeepney[${PYTHON_USEDEP}]
+		>=dev-python/lxml-3.8.0[${PYTHON_USEDEP}]
+		>=dev-python/markdown-3.0.1[${PYTHON_USEDEP}]
+		>=dev-python/mechanize-0.3.5[${PYTHON_USEDEP}]
+		>=dev-python/msgpack-0.6.2[${PYTHON_USEDEP}]
+		>=dev-python/netifaces-0.10.5[${PYTHON_USEDEP}]
+		>=dev-python/pillow-3.2.0[jpeg,truetype,webp,zlib,${PYTHON_USEDEP}]
+		>=dev-python/psutil-4.3.0[${PYTHON_USEDEP}]
+		>=dev-python/pychm-0.8.6[${PYTHON_USEDEP}]
+		>=dev-python/pygments-2.3.1[${PYTHON_USEDEP}]
+		>=dev-python/python-dateutil-2.5.3[${PYTHON_USEDEP}]
+		dev-python/zeroconf[${PYTHON_USEDEP}]
+		>=dev-python/PyQt5-5.15.5_pre2107091435[gui,widgets,network,printsupport,svg,${PYTHON_USEDEP}]
+		>=dev-python/PyQtWebEngine-5.15.5_pre2108100905[${PYTHON_USEDEP}]
+		dev-python/regex[${PYTHON_USEDEP}]
+	')
+	dev-qt/qtimageformats:5
+	dev-qt/qtcore:5=
+	dev-qt/qtdbus:5=
+	dev-qt/qtgui:5=[jpeg,png]
+	dev-qt/qtwidgets:5
+	dev-util/desktop-file-utils
+	dev-util/gtk-update-icon-cache
+	media-fonts/liberation-fonts
+	media-libs/fontconfig:=
+	>=media-libs/freetype-2:=
+	>=media-libs/libmtp-1.1.11:=
+	>=media-gfx/optipng-0.7.6
+	virtual/libusb:1=
+	x11-misc/shared-mime-info
+	>=x11-misc/xdg-utils-1.0.2-r2
+	ios? (
+		>=app-pda/usbmuxd-1.0.8
+		>=app-pda/libimobiledevice-1.2.0
+	)
+	speech? ( $(python_gen_cond_dep 'app-accessibility/speech-dispatcher[python,${PYTHON_USEDEP}]') )
+	udisks? ( virtual/libudev )"
+RDEPEND="${COMMON_DEPEND}
+	udisks? ( sys-fs/udisks:2 )"
+DEPEND="${COMMON_DEPEND}
+	test? ( $(python_gen_cond_dep '>=dev-python/chardet-3.0.3[${PYTHON_USEDEP}]') )
+"
+BDEPEND="$(python_gen_cond_dep '
+		>=dev-python/PyQt-builder-1.10.3[${PYTHON_USEDEP}]
+		>=dev-python/sip-5[${PYTHON_USEDEP}]
+	')
+	>=virtual/podofo-build-0.9.6_pre20171027
+	<virtual/podofo-build-0.10
+	virtual/pkgconfig
+	verify-sig? ( sec-keys/openpgp-keys-kovidgoyal )
+"
+
+PATCHES=(
+	# Don't prompt the user for updates - they've installed via
+	# an ebuild.
+	"${FILESDIR}/${PN}-2.9.0-no_updates_dialog.patch"
+
+	# Skip calling a binary (JxrDecApp) from libjxr which is used for tests
+	# We don't (yet?) package libjxr and it seems to be dead upstream
+	# (last commit in 2017)
+	"${FILESDIR}/${PN}-5.35.0-jxr-test.patch"
+
+	# fix compatibility with recent versions of zeroconf
+	"${FILESDIR}"/${PN}-5.44.0-Fix-compatibility-with-zeroconf-0.73.patch
+
+	# Security backport for CVE-2023-46303
+	"${FILESDIR}"/0001-HTML-Input-Dont-add-resources-that-exist-outside-the.patch
+)
+
+src_prepare() {
+	default
+
+	# Warning:
+	#
+	# While it might be rather tempting to add yet another sed here,
+	# please don't. There have been several bugs in Gentoo's packaging
+	# of calibre from seds-which-become-stale. Please consider
+	# creating a patch instead, but in any case, run the test suite
+	# and ensure it passes.
+	#
+	# If in doubt about a problem, checking Fedora's packaging is recommended.
+
+	# Disable unnecessary privilege dropping for bug #287067.
+	sed -e "s:if os.geteuid() == 0:if False and os.geteuid() == 0:" \
+		-i setup/install.py || die "sed failed to patch install.py"
+	sed -e "/^            os.chdir(os.path.join(src_dir, 'build'))$/a\
+\\ \\ \\ \\ \\ \\ \\ \\ \\ \\ \\ \\ self.check_call(['sed', \
+'-e', 's|^CFLAGS .*|\\\\\\\\0 ${CFLAGS}|', \
+'-e', 's|^CXXFLAGS .*|\\\\\\\\0 ${CXXFLAGS}|', \
+'-e', 's|^LFLAGS .*|\\\\\\\\0 ${LDFLAGS}|', \
+'-i', os.path.join(os.path.basename(src_dir), 'Makefile')])" \
+		-e "s|open(self.j(bdir, '.qmake.conf'), 'wb').close()|open(self.j(bdir, '.qmake.conf'), 'wb').write(b'QMAKE_LFLAGS += ${LDFLAGS}')|" \
+		-i setup/build.py || die "sed failed to patch build.py"
+
+	# This is only ever used at build time. It contains a small embedded copy
+	# of the rapydscript-ng compiler usable inside of qtwebengine, if you don't
+	# have rapydscript-ng (a nodejs package) itself installed. Its only purpose
+	# is to build some resources that come bundled in dist tarballs already...
+	# and which we may also need to regenerate e.g. to use system-mathjax.
+	#
+	# However, running qtwebengine violates the portage sandbox (among other
+	# things, it tries to create directories in /usr! amazing) so this is a
+	# wash anyway. The only real solution here is to package rapydscript-ng.
+	#
+	# We do not need it at build time, and *no one* needs it at install time.
+	# Delete the cruft.
+	rm -r resources/rapydscript/ || die
+}
+
+src_compile() {
+	# TODO: get qmake called by setup.py to respect CC and CXX too
+	tc-export CC CXX
+
+	# bug 821871
+	local MY_LIBDIR="${ESYSROOT}/usr/$(get_libdir)"
+	export FT_LIB_DIR="${MY_LIBDIR}" HUNSPELL_LIB_DIR="${MY_LIBDIR}" PODOFO_LIB_DIR="${MY_LIBDIR}"
+	export QMAKE="$(qt5_get_bindir)/qmake"
+
+	${EPYTHON} setup.py build || die
+	${EPYTHON} setup.py gui || die
+
+	# A few different resources are bundled in the distfile by default, because
+	# not all systems necessarily have them. We un-vendor them, using the
+	# upstream integrated approach if possible. See setup/revendor.py and
+	# consider migrating other resources to this if they do not use it, in
+	# *preference* over manual rm'ing.
+	${EPYTHON} setup.py liberation_fonts \
+		--path-to-liberation_fonts "${EPREFIX}"/usr/share/fonts/liberation-fonts \
+		--system-liberation_fonts || die
+}
+
+src_test() {
+	# Skipped tests:
+	local _test_excludes=(
+		# unpackaged Python dependency: py7zr
+		7z
+		# unpackaged Python dependency: unrardll
+		test_unrar
+		# tests if a completely unused module is bundled
+		pycryptodome
+
+		$(usev !speech speech_dispatcher)
+
+		# undocumented reasons
+		test_mem_leaks
+		test_searching
+	)
+
+	${PYTHON} setup.py test "${_test_excludes[@]/#/--exclude-test-name=}" || die
+}
+
+src_install() {
+	# Bug #352625 - Some LANGUAGE values can trigger the following ValueError:
+	#   File "/usr/lib/python2.6/locale.py", line 486, in getdefaultlocale
+	#    return _parse_localename(localename)
+	#  File "/usr/lib/python2.6/locale.py", line 418, in _parse_localename
+	#    raise ValueError, 'unknown locale: %s' % localename
+	#ValueError: unknown locale: 46
+	export -n LANG LANGUAGE ${!LC_*}
+	export LC_ALL=C.utf8 #709682
+
+	# Bug #295672 - Avoid sandbox violation in ~/.config by forcing
+	# variables to point to our fake temporary $HOME.
+	export HOME="${T}/fake_homedir"
+	export CALIBRE_CONFIG_DIRECTORY="${HOME}/.config/calibre"
+	mkdir -p "${CALIBRE_CONFIG_DIRECTORY}" || die
+
+	addpredict /dev/dri #665310
+
+	# If this directory doesn't exist, zsh completion won't install
+	dodir /usr/share/zsh/site-functions
+
+	"${PYTHON}" setup.py install \
+		--staging-root="${ED}/usr" \
+		--prefix="${EPREFIX}/usr" \
+		--libdir="${EPREFIX}/usr/$(get_libdir)" \
+		--staging-libdir="${ED}/usr/$(get_libdir)" \
+		--system-plugins-location="${EPREFIX}/usr/share/calibre/system-plugins" || die
+
+	cp -r man-pages/ "${ED}"/usr/share/man || die
+
+	find "${ED}"/usr/share -type d -empty -delete || die
+
+	einfo "Converting python shebangs"
+	python_fix_shebang "${ED}/usr/bin"
+
+	einfo "Compiling python modules"
+	python_optimize "${ED}"/usr/$(get_libdir)/calibre "${D}/$(python_get_sitedir)"
+
+	newinitd "${FILESDIR}"/calibre-server-3.init calibre-server
+	newconfd "${FILESDIR}"/calibre-server-3.conf calibre-server
+}
+
+pkg_postinst() {
+	xdg_desktop_database_update
+	xdg_mimeinfo_database_update
+	xdg_icon_cache_update
+}
+
+pkg_postrm() {
+	xdg_desktop_database_update
+	xdg_mimeinfo_database_update
+	xdg_icon_cache_update
+}
diff --git a/app-text/calibre/files/0001-HTML-Input-Dont-add-resources-that-exist-outside-the.patch b/app-text/calibre/files/0001-HTML-Input-Dont-add-resources-that-exist-outside-the.patch
new file mode 100644
index 000000000000..f33fd3345e27
--- /dev/null
+++ b/app-text/calibre/files/0001-HTML-Input-Dont-add-resources-that-exist-outside-the.patch
@@ -0,0 +1,55 @@
+From 57190699030dc6746320e49695a67ce83c62d549 Mon Sep 17 00:00:00 2001
+From: Kovid Goyal <kovid@kovidgoyal.net>
+Date: Sun, 28 May 2023 14:03:15 +0530
+Subject: [PATCH] HTML Input: Dont add resources that exist outside the folder
+ hierarchy rooted at the parent folder of the input HTML file by default
+
+(cherry picked from commit bbbddd2bf4ef4ddb467b0aeb0abe8765ed7f8a6b)
+---
+ .../ebooks/conversion/plugins/html_input.py      | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/src/calibre/ebooks/conversion/plugins/html_input.py b/src/calibre/ebooks/conversion/plugins/html_input.py
+index 6f9c2084ea..742f3e0279 100644
+--- a/src/calibre/ebooks/conversion/plugins/html_input.py
++++ b/src/calibre/ebooks/conversion/plugins/html_input.py
+@@ -64,6 +64,16 @@ class HTMLInput(InputFormatPlugin):
+                 )
+         ),
+ 
++        OptionRecommendation(name='allow_local_files_outside_root',
++            recommended_value=False, level=OptionRecommendation.LOW,
++            help=_('Normally, resources linked to by the HTML file or its children will only be allowed'
++                   ' if they are in a sub-folder of the original HTML file. This option allows including'
++                   ' local files from any location on your computer. This can be a security risk if you'
++                   ' are converting untrusted HTML and expecting to distribute the result of the conversion.'
++                )
++        ),
++
++
+     }
+ 
+     def convert(self, stream, opts, file_ext, log,
+@@ -76,6 +86,7 @@ def convert(self, stream, opts, file_ext, log,
+         if hasattr(stream, 'name'):
+             basedir = os.path.dirname(stream.name)
+             fname = os.path.basename(stream.name)
++        self.root_dir_of_input = os.path.abspath(basedir) + os.sep
+ 
+         if file_ext != 'opf':
+             if opts.dont_package:
+@@ -250,6 +261,11 @@ def link_to_local_path(self, link_, base=None):
+         frag = l.fragment
+         if not link:
+             return None, None
++        link = os.path.abspath(os.path.realpath(link))
++        if not link.startswith(self.root_dir_of_input):
++            if not self.opts.allow_local_files_outside_root:
++                self.log.warn('Not adding {} as it is outside the document root: {}'.format(link, self.root_dir_of_input))
++                return None, None
+         return link, frag
+ 
+     def resource_adder(self, link_, base=None):
+-- 
+2.41.0
+