From 90c88731bd036e5698b281fbc0a5f3aa4c9983ac Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Mon, 29 Jun 2020 11:38:31 +0100
Subject: gentoo resync : 29.06.2020

---
 mail-client/trojita/Manifest                       |   5 +
 .../trojita/files/trojita-0.7-CVE-2019-10734.patch | 104 +++++++++++++++++++++
 .../trojita/files/trojita-0.7-CVE-2020-15047.patch |  82 ++++++++++++++++
 .../trojita/files/trojita-0.7-cmake-cxx11.patch    |  66 +++++++++++++
 .../trojita/files/trojita-0.7-qt-5.13.patch        |  37 ++++++++
 mail-client/trojita/trojita-0.7-r4.ebuild          |  86 +++++++++++++++++
 6 files changed, 380 insertions(+)
 create mode 100644 mail-client/trojita/files/trojita-0.7-CVE-2019-10734.patch
 create mode 100644 mail-client/trojita/files/trojita-0.7-CVE-2020-15047.patch
 create mode 100644 mail-client/trojita/files/trojita-0.7-cmake-cxx11.patch
 create mode 100644 mail-client/trojita/files/trojita-0.7-qt-5.13.patch
 create mode 100644 mail-client/trojita/trojita-0.7-r4.ebuild

(limited to 'mail-client/trojita')

diff --git a/mail-client/trojita/Manifest b/mail-client/trojita/Manifest
index a2832c689eb3..a0cb9bb482d8 100644
--- a/mail-client/trojita/Manifest
+++ b/mail-client/trojita/Manifest
@@ -1,8 +1,13 @@
+AUX trojita-0.7-CVE-2019-10734.patch 4701 BLAKE2B d7c41789e57fcab16f616702d427bffce348376f0d9fc16fc02c37257409a819bc2d157652e5671a6a2c6f7b06b64b325b3f08d8977654cf52028f7cda25f2dd SHA512 db96a566924b5d7b80787ab624af3726d5dd3459653192436a377d6482ab73801a7dcca1df1b1d937cf0d0798b827e04f8ef2c1124f91dc9da3e8036ef61e28a
+AUX trojita-0.7-CVE-2020-15047.patch 3286 BLAKE2B 4cccc6eb6ad6826f176c19d8fd2cc1c23c661b222d8e884bd45ee700d8db856b45d76f90ad387bdd2b3996c3f97af89f60bd9b44c3bf4e8456a607b4f3c1e91f SHA512 82ed94860b8e71b66093548535cd5970dc28bbc5c023cb73e0474bfe33e49f889d08c095536cbda6242e260b742c59a7ada7a0a003bb4f6302f3e547da52cd48
+AUX trojita-0.7-cmake-cxx11.patch 2442 BLAKE2B ce2f29c96c93f254ccade934cfa6ad38f863c5e6b30cb9c45e92c6299a10e28a58a32a0515fe122e5beee0f82b154f9421519a6a211e6b9a3b6d1238ce09dd08 SHA512 2b2723be49d097fb1ca9d51ecbb30d2a4b3e766edc232eb8cc25b537f32c0dd0b8aeb24c3ae3b38929775f31262e36a0ba078e335076cab9b20d5ac8b41c0e60
 AUX trojita-0.7-gpg-tests.patch 1465 BLAKE2B f336368c8166987dc096991a0855a05d83374b7d509dbd8b39e7a12f6f8b14b86c6405ea55882192601163cee9eadaf9ab306bfbdcae347857bf4dc2f3c5908a SHA512 e494de83085dbbd7c545e47fcb1116cfb48e787f7b8706bee51f30f74a9047d1cf835f20086355671643ee0ef88d01428683999765d4bb59c3d9d943e92c69eb
 AUX trojita-0.7-gpgme.patch 1416 BLAKE2B dba95c0954a6ac704e5145d140e905bf6f886db4b84f7a5dbc67ea0494b188d9ff79ccf096faaedc6a179167bc9394ced0203e9df69cc6368694e885fbb61836 SHA512 4031feb66e7ce53e5669e00dd8ca91a6a53a22207aae90e13ef38012777b76275911d78fbdcd58809571a7c649fb4025cdb7de97e9793102c62f5e8b7b0561e1
 AUX trojita-0.7-qt-5.11b3.patch 9678 BLAKE2B 0bcf00db610594ff084f5ca3bcfe2d3ad40d44b461358c4b9fc730f6dba787d82837c16f2e6bc84df9d3f57ac404d7c006fc7db223efeacfb9e833b6209b4374 SHA512 c16f3a7b9555e70e61656eb8caf25f778ec14a1dfdd18f786ddc3d8ee49b28fd39c4f438d051dbf961afbaf8cafc3d84a5befa10111ba216b4dec300cd67e228
+AUX trojita-0.7-qt-5.13.patch 1044 BLAKE2B 4c110d49c9352f526470b2af255c98c8f8b80df0ddc6da5a8fdecee9a1d5000c473a17f64790ffa95e20f03431ddb7fc294bb1e20d11fd549ca4451bb030ebba SHA512 bce7713fb5bef29b2b189d281dee57ddfc57f1c0601f424aba2185668215878b9bfd3bb80f0d2f8b73219e782db5e64973e79190fe62afa8ba98327535139146
 AUX trojita-0.7-qt-5.15.patch 774 BLAKE2B 0c1de7d7eebc9782d2e3e889365b283b3c5c82b7d792f167783857e8544f29f0a29284923a9b5f2974a5dbf8b9b3e6147c14654d78a57b67b8151407a63863b6 SHA512 42d45246c49ae99d9a49ed2c2186042427c8ea35b84123c876951f1d9ddcf9236acd14fd36e592041296ca6f6200e20eca786c967dade37bf8be8148dd7b3cca
 DIST trojita-0.7.tar.xz 1038212 BLAKE2B 92dfb01fc1849d04958fd26ea731835c7287d5a6989d8e0c97c6679ce8f1c9f33a0f67c3f293fc85188e9d289c0dddee9847f4151b6f64396f3de86635b11f32 SHA512 fe4d9316f97d913619f27d24a5023c3d8dd4a6b9fb058651be12c67188f394aa8cbb60c7593e5eb28fc12fc883b76deeeb5f4f631edd255fdec4c5862c9a91c8
 EBUILD trojita-0.7-r2.ebuild 1732 BLAKE2B 4fe9fbd095244f6ca733b7fd7437669d671e96bc288161510f1c523f008abe061df3412d2303099a7511ffff96a5873cb69d8ac4b7bed7ff3176f89306c1fc17 SHA512 614426f9fe99c130354991db3fb4f1f986df2329912edbdd91a1bf201a40ea5eae8a05105f675d136a00563aea397e6ec1140f49c3a296a4b360f490dd565079
+EBUILD trojita-0.7-r4.ebuild 1931 BLAKE2B 4fbb5a511d7d756c79295344802e515d8f3d62aef2b82793d6be8be53d0fbe9383af5de8a949f3e3c6d4c608cef1d783f45e4fee538e112e21332477f832d364 SHA512 b34621b29c94c7758eb4741f3832e0da93b0a600444f3cd2d71105a51e7844a3bf741ea6d26bfc60095ea2fbb5405e7ed8de70e913a4a5e7cee0c1c6d24027fa
 EBUILD trojita-9999.ebuild 1791 BLAKE2B 13bf1d7c29c274cc473948fc40058de9757d6ad51911767c29c961303510f52d6f215365d90ad7d8e0085be610d4edc25df07e443757678f4ff71a8f245de14e SHA512 8f3e67e677262e29a2d26996d741f2fa4685f9c480791e95eb5d925c37dfcc2d3316b5129e0fc677951f0b174ae89e53e35223a6cbc9620f85fea5b16d0cc945
 MISC metadata.xml 766 BLAKE2B b3fccdefcadc2ab93429fd991581a8b085546605ad00e68899a2d731f2217113f7271d5b53cef35dfab8063db05fd9662bdaff715a95bf73cfd8fa9c636f184f SHA512 b13adf41bd68543886b25fb0dfdc3c924e5fc050de4f4bbea383e91cb2d4542de83050695bd67b913f2707d8f6a689d6d387253c718ec7c78dd50abed3a3f633
diff --git a/mail-client/trojita/files/trojita-0.7-CVE-2019-10734.patch b/mail-client/trojita/files/trojita-0.7-CVE-2019-10734.patch
new file mode 100644
index 000000000000..d52edb042ad8
--- /dev/null
+++ b/mail-client/trojita/files/trojita-0.7-CVE-2019-10734.patch
@@ -0,0 +1,104 @@
+From 8db7f450d52539b4c72ee968384911b6813ad1e7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jan=20Kundr=C3=A1t?= <jkt@kde.org>
+Date: Thu, 25 Jun 2020 21:39:34 +0200
+Subject: [PATCH] Prevent a possible decryption oracle attack
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Thanks to Jens Mueller (Ruhr-Uni Bochum and FH Münster) for reporting
+this. The gist is that an attacker can embed arbitrary ciphertext into
+their messages. Trojita decrypts that, and when we hit reply, the
+original *cleartext* gets quoted and put into a reply for the attacker
+to see.
+
+Fix this by not quoting any plaintext which originated in an encrypted
+message. That's pretty draconian, but hey, it works and we never came up
+with any better patch. Also, given that Trojita does not encrypt
+outgoing messages yet, this is probably also a conservative thing to do.
+
+Change-Id: I84c45b9e707eb7c99eb7183c6ef59ef41cd62c43
+CVE: CVE-2019-10734
+BUG: 404697
+---
+ src/Cryptography/GpgMe++.cpp | 2 ++
+ src/Gui/MessageView.cpp      | 9 ++++++++-
+ src/Gui/PartWidget.cpp       | 8 ++++++++
+ src/Imap/Model/ItemRoles.h   | 2 +-
+ 4 files changed, 19 insertions(+), 2 deletions(-)
+
+diff --git a/src/Cryptography/GpgMe++.cpp b/src/Cryptography/GpgMe++.cpp
+index e012f603..716b8aff 100644
+--- a/src/Cryptography/GpgMe++.cpp
++++ b/src/Cryptography/GpgMe++.cpp
+@@ -267,6 +267,8 @@ QVariant GpgMePart::data(int role) const
+     switch (role) {
+     case Imap::Mailbox::RolePartSignatureVerifySupported:
+         return m_wasSigned;
++    case RolePartDecryptionSupported:
++        return m_isAllegedlyEncrypted;
+     case RolePartCryptoNotFinishedYet:
+         return m_waitingForData ||
+                 (m_crypto.valid() &&
+diff --git a/src/Gui/MessageView.cpp b/src/Gui/MessageView.cpp
+index 7d649308..c95e0878 100644
+--- a/src/Gui/MessageView.cpp
++++ b/src/Gui/MessageView.cpp
+@@ -354,7 +354,6 @@ bool MessageView::eventFilter(QObject *object, QEvent *event)
+ QString MessageView::quoteText() const
+ {
+     if (auto w = bodyWidget()) {
+-        QStringList quote = Composer::quoteText(w->quoteMe().split(QLatin1Char('\n')));
+         const Imap::Message::Envelope &e = message.data(Imap::Mailbox::RoleMessageEnvelope).value<Imap::Message::Envelope>();
+         QString sender;
+         if (!e.from.isEmpty())
+@@ -362,6 +361,14 @@ QString MessageView::quoteText() const
+         if (e.from.isEmpty())
+             sender = tr("you");
+ 
++        if (messageModel->index(0, 0) /* fake message root */.child(0, 0) /* first MIME part */.data(Imap::Mailbox::RolePartDecryptionSupported).toBool()) {
++            // This is just an UX improvement shortcut: real filtering for CVE-2019-10734 is in
++            // MultipartSignedEncryptedWidget::quoteMe().
++            // That is required because the encrypted part might not be the root part of the message.
++            return tr("On %1, %2 sent an encrypted message:\n> ...\n\n").arg(e.date.toLocalTime().toString(Qt::SystemLocaleLongDate), sender);
++        }
++
++        QStringList quote = Composer::quoteText(w->quoteMe().split(QLatin1Char('\n')));
+         // One extra newline at the end of the quoted text to separate the response
+         quote << QString();
+ 
+diff --git a/src/Gui/PartWidget.cpp b/src/Gui/PartWidget.cpp
+index bb27604d..96eff338 100644
+--- a/src/Gui/PartWidget.cpp
++++ b/src/Gui/PartWidget.cpp
+@@ -378,6 +378,14 @@ void MultipartSignedEncryptedWidget::updateStatusIndicator()
+ 
+ QString MultipartSignedEncryptedWidget::quoteMe() const
+ {
++    if (m_partIndex.data(Imap::Mailbox::RolePartDecryptionSupported).toBool()) {
++        // See CVE-2019-10734, the point is not to leak cleartext from encrypted content. Even when Trojita starts supporting
++        // encryption of outgoing mail, we will have to check whether the encrypted cleartext is from the same sender, whether
++        // it matches the list of recipients (which is dynamic and can be set later on), etc etc.
++        // TL;DR, this is a can of worms.
++        return tr("[Encrypted message]");
++    }
++
+     return quoteMeHelper(children());
+ }
+ 
+diff --git a/src/Imap/Model/ItemRoles.h b/src/Imap/Model/ItemRoles.h
+index 4588d4d0..00adb3bb 100644
+--- a/src/Imap/Model/ItemRoles.h
++++ b/src/Imap/Model/ItemRoles.h
+@@ -193,7 +193,7 @@ enum {
+     RolePartSignatureVerifySupported,
+     /** @short Is the format of this particular multipart/encrypted supported and recognized?
+ 
+-    See RolePartSignatureVerifySupported, this is an equivalent.
++    If true, this message part represents content of an encrypted message that Trojita can attempt to decrypt.
+     */
+     RolePartDecryptionSupported,
+     /** @short Is there any point in waiting longer?
+-- 
+GitLab
+
diff --git a/mail-client/trojita/files/trojita-0.7-CVE-2020-15047.patch b/mail-client/trojita/files/trojita-0.7-CVE-2020-15047.patch
new file mode 100644
index 000000000000..44f1a5dab018
--- /dev/null
+++ b/mail-client/trojita/files/trojita-0.7-CVE-2020-15047.patch
@@ -0,0 +1,82 @@
+From 77ddd5d44f2bf4155d0c9b6f7d05f01713b32d5d Mon Sep 17 00:00:00 2001
+From: Jan Kundrát <jkt@kde.org>
+Date: Thu, 25 Jun 2020 11:30:51 +0200
+Subject: [PATCH] SMTP: Do not ignore TLS errors
+
+This fixes a CVE-2020-15047 (category: CWE-295). Since commit 0083eea5ed
+which added initial, experimental support for SMTP message submission,
+we have apparently never implemented proper SSL/TLS error handling, and
+the code has ever since just kept silently ignoring any certificate
+verification errors.  As a result, Trojita was susceptible to a MITM
+attack when sending e-mails. The information leaked include user's
+authentication details, including the password, and the content of sent
+messages.
+
+Sorry for this :(.
+
+Now, this patch re-enabes proper TLS error handling. It was not possible
+to directly re-use our code for TLS key pinning which we are using for
+IMAP connections. In the Qt TLS code, the decision to accept or not
+accept a TLS connection is a blocking one, so the IMAP code relies upon
+the protocol state machine (i.e., another layer) for deciding whether to
+use or not to use the just-established TLS connection. Implementing an
+equivalent code in the SMTP library would be nice, but this hot-fix has
+a priority. As a result, SMTP connections to hosts with, e.g.,
+self-signed TLS certs, are no longer possible. Let's hope that this is
+not a practical problem with Lets Encrypt anymore.
+
+Thanks to Damian Poddebniak for reporting this bug.
+
+Change-Id: Icd6bbb2b0fb3e45159fc9699ebd07ab84262fe37
+CVE: CVE-2020-15047
+BUG: 423453
+---
+
+diff --git a/src/MSA/SMTP.cpp b/src/MSA/SMTP.cpp
+index 3a05451..ac1eefc 100644
+--- a/src/MSA/SMTP.cpp
++++ b/src/MSA/SMTP.cpp
+@@ -21,6 +21,7 @@
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+ #include "SMTP.h"
++#include "UiUtils/Formatting.h"
+ 
+ namespace MSA
+ {
+@@ -32,8 +33,8 @@
+     user(user), failed(false), isWaitingForPassword(false), sendingMode(MODE_SMTP_INVALID)
+ {
+     qwwSmtp = new QwwSmtpClient(this);
+-    // FIXME: handle SSL errors properly
+-    connect(qwwSmtp, &QwwSmtpClient::sslErrors, qwwSmtp, &QwwSmtpClient::ignoreSslErrors);
++    // FIXME: handle SSL errors in the same way as we handle IMAP TLS errors, with key pinning, etc.
++    connect(qwwSmtp, &QwwSmtpClient::sslErrors, this, &SMTP::handleSslErrors);
+     connect(qwwSmtp, &QwwSmtpClient::connected, this, &AbstractMSA::sending);
+     connect(qwwSmtp, &QwwSmtpClient::done, this, &SMTP::handleDone);
+     connect(qwwSmtp, &QwwSmtpClient::socketError, this, &SMTP::handleError);
+@@ -78,6 +79,12 @@
+     emit error(msg);
+ }
+ 
++void SMTP::handleSslErrors(const QList<QSslError>& errors)
++{
++    auto msg = UiUtils::Formatting::sslErrorsToHtml(errors);
++    emit error(tr("<p>Cannot send message due to an SSL/TLS error</p>\n%1").arg(msg));
++}
++
+ void SMTP::setPassword(const QString &password)
+ {
+     pass = password;
+diff --git a/src/MSA/SMTP.h b/src/MSA/SMTP.h
+index 453407d..913bb87 100644
+--- a/src/MSA/SMTP.h
++++ b/src/MSA/SMTP.h
+@@ -43,6 +43,7 @@
+     virtual void setPassword(const QString &password);
+     void handleDone(bool ok);
+     void handleError(QAbstractSocket::SocketError err, const QString &msg);
++    void handleSslErrors(const QList<QSslError>& errors);
+ private:
+     QwwSmtpClient *qwwSmtp;
+     QString host;
diff --git a/mail-client/trojita/files/trojita-0.7-cmake-cxx11.patch b/mail-client/trojita/files/trojita-0.7-cmake-cxx11.patch
new file mode 100644
index 000000000000..71ab15950b83
--- /dev/null
+++ b/mail-client/trojita/files/trojita-0.7-cmake-cxx11.patch
@@ -0,0 +1,66 @@
+From e2e35bfda75a2f4950408c93ede72fabfe86360e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jan=20Kundr=C3=A1t?= <jkt@kde.org>
+Date: Wed, 19 Oct 2016 22:15:16 +0200
+Subject: [PATCH] cmake: Speed up cmake by using native features for enforcing
+ C++11
+
+This saves about 8 seconds in my (limited) testing with a 2016-era
+laptop with plenty of RAM and a fast SSD.
+
+We still attempt to support ancient pre-3.1 CMake by adding that blurb
+into CXXFLAGS, maybe it even works.
+
+I should probably start tracking time I spend supporting old
+environments and evaluate whether this is worth the effort. Once we are
+ready to distribute flatpaks/appimages/whatevers, I suspect that my life
+will become much easier.
+
+Change-Id: Ibbbe3d8440a7d29ef27440a99938d313bfe9699f
+---
+ CMakeLists.txt                                |  26 ++--
+ 24 files changed, 8 insertions(+), 468 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 9393b19c..92a682f7 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -18,6 +18,14 @@ if(POLICY CMP0043)
+     cmake_policy(SET CMP0043 OLD)
+ endif()
+ 
++if(CMAKE_VERSION VERSION_LESS "3.1")
++    # If you aren't using and old Linux with an old GCC and old CMake, please just upgrade.
++    set(CMAKE_CXX_FLAGS "--std=c++11 ${CMAKE_CXX_FLAGS}")
++else()
++    set(CMAKE_CXX_STANDARD 11)
++    set(CMAKE_CXX_STANDARD_REQUIRED ON)
++endif()
++
+ # Set a default build type if none was specified. This was shamelessly stolen
+ # from VTK's cmake setup because these guys produce both CMake and a project that
+ # manipulates this variable, and the web is full of posts where people say that
+@@ -34,24 +42,6 @@ endif()
+ 
+ set(CMAKE_POSITION_INDEPENDENT_CODE ON)
+ 
+-include(FindCXXFeatures)
+-if(NOT CXXFeatures_auto_FOUND)
+-    message(SEND_ERROR "Your compiler doesn't support C++11's auto")
+-endif()
+-if(NOT CXXFeatures_static_assert_FOUND)
+-    message(SEND_ERROR "Your compiler doesn't support C++11's static_assert")
+-endif()
+-if(NOT CXXFeatures_alignof_FOUND)
+-    message(SEND_ERROR "Your compiler doesn't support C++11's alignof")
+-endif()
+-if(NOT CXXFeatures_nullptr_FOUND)
+-    message(SEND_ERROR "Your compiler doesn't support C++11's nullptr")
+-endif()
+-if(NOT CXXFeatures_lambda_FOUND)
+-    message(SEND_ERROR "Your compiler doesn't support C++11's lambda functions")
+-endif()
+-set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${CXX11_COMPILER_FLAGS}")
+-
+ include(TrojitaOption)
+ 
+ trojita_option(WITH_DESKTOP "Build desktop version" ON)
diff --git a/mail-client/trojita/files/trojita-0.7-qt-5.13.patch b/mail-client/trojita/files/trojita-0.7-qt-5.13.patch
new file mode 100644
index 000000000000..9f1ab3e7e887
--- /dev/null
+++ b/mail-client/trojita/files/trojita-0.7-qt-5.13.patch
@@ -0,0 +1,37 @@
+From 39772585033c1c0aff96f297e93de7be53f9b114 Mon Sep 17 00:00:00 2001
+From: Heiko Becker <heirecka@exherbo.org>
+Date: Sat, 23 Mar 2019 01:17:11 +0100
+Subject: [PATCH] tests: Fix build with Qt 5.13
+
+QTest::toString(QModelIndex) was added in
+7ef0b575b38d267bd3dc14ff46935d556562ff00 and thus causes a build
+error with Qt 5.13 because it's redefined here.
+
+Change-Id: I015800e49cf8d0e87f3541642406396f150d0eeb
+---
+ tests/Imap/test_Imap_BodyParts.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tests/Imap/test_Imap_BodyParts.cpp b/tests/Imap/test_Imap_BodyParts.cpp
+index f1c577fa..b6e0421d 100644
+--- a/tests/Imap/test_Imap_BodyParts.cpp
++++ b/tests/Imap/test_Imap_BodyParts.cpp
+@@ -51,6 +51,7 @@ struct Data {
+ 
+ Q_DECLARE_METATYPE(QList<Data>)
+ 
++#if QT_VERSION < QT_VERSION_CHECK(5, 13, 0)
+ namespace QTest {
+ template <>
+ char *toString(const QModelIndex &index)
+@@ -60,6 +61,7 @@ char *toString(const QModelIndex &index)
+     return qstrdup(buf.toUtf8().constData());
+ }
+ }
++#endif
+ 
+ using namespace Imap::Mailbox;
+ 
+-- 
+GitLab
+
diff --git a/mail-client/trojita/trojita-0.7-r4.ebuild b/mail-client/trojita/trojita-0.7-r4.ebuild
new file mode 100644
index 000000000000..e9b7c9e515a5
--- /dev/null
+++ b/mail-client/trojita/trojita-0.7-r4.ebuild
@@ -0,0 +1,86 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="https://anongit.kde.org/${PN}.git"
+	inherit git-r3
+else
+	SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz"
+	KEYWORDS="~amd64 ~x86"
+fi
+inherit cmake virtualx xdg
+
+DESCRIPTION="A Qt IMAP e-mail client"
+HOMEPAGE="http://trojita.flaska.net/"
+
+LICENSE="|| ( GPL-2 GPL-3 )"
+SLOT="0"
+IUSE="+crypt +dbus debug +password test +zlib"
+
+REQUIRED_USE="password? ( dbus )"
+RESTRICT="!test? ( test )"
+
+BDEPEND="
+	dev-qt/linguist-tools:5
+	zlib? ( virtual/pkgconfig )
+"
+RDEPEND="
+	dev-qt/qtcore:5
+	dev-qt/qtgui:5
+	dev-qt/qtnetwork:5[ssl]
+	dev-qt/qtsql:5[sqlite]
+	dev-qt/qtsvg:5
+	dev-qt/qtwebkit:5
+	dev-qt/qtwidgets:5
+	crypt? (
+		>=app-crypt/gpgme-1.8.0[cxx,qt5]
+		dev-libs/mimetic
+	)
+	dbus? ( dev-qt/qtdbus:5 )
+	password? ( dev-libs/qtkeychain[qt5(+)] )
+	zlib? ( sys-libs/zlib )
+"
+DEPEND="${RDEPEND}
+	test? ( dev-qt/qttest:5 )
+"
+
+DOCS=( README LICENSE )
+
+PATCHES=(
+	"${FILESDIR}/${P}-gpgme.patch"
+	"${FILESDIR}/${P}-gpg-tests.patch"
+	"${FILESDIR}/${P}-qt-5.11b3.patch"
+	"${FILESDIR}/${P}-qt-5.13.patch" # bug 730058
+	"${FILESDIR}/${P}-qt-5.15.patch"
+	"${FILESDIR}/${P}-CVE-2019-10734.patch" # KDE-bug 404697
+	"${FILESDIR}/${P}-CVE-2020-15047.patch" # bug 729596
+	"${FILESDIR}/${P}-cmake-cxx11.patch"
+)
+
+src_prepare() {
+	cmake_src_prepare
+
+	# the build system is taking a look at `git describe ... --dirty` and
+	# gentoo's modifications to CMakeLists.txt break these
+	sed -e "s/--dirty//" -i cmake/TrojitaVersion.cmake || die "Cannot fix the version check"
+}
+
+src_configure() {
+	local mycmakeargs=(
+		-DWITH_CRYPTO_MESSAGES=$(usex crypt)
+		-DWITH_GPGMEPP=$(usex crypt)
+		-DWITH_MIMETIC=$(usex crypt)
+		-DWITH_DBUS=$(usex dbus)
+		-DWITH_QTKEYCHAIN_PLUGIN=$(usex password)
+		-DWITH_TESTS=$(usex test)
+		-DWITH_ZLIB=$(usex zlib)
+	)
+
+	cmake_src_configure
+}
+
+src_test() {
+	virtx cmake_src_test
+}
-- 
cgit v1.2.3