diff --git a/ChangeLog.rss b/ChangeLog.rss
index 6eb7f4e8b..2ed2b8c81 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,9 +11,43 @@
Tracking Slackware development in git.
en-us
urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f
- Tue, 1 Feb 2022 04:37:04 GMT
- Tue, 1 Feb 2022 07:59:42 GMT
+ Tue, 1 Feb 2022 08:27:47 GMT
+ Tue, 1 Feb 2022 16:59:39 GMT
maintain_current_git.sh v 1.13
+ -
+ Tue, 1 Feb 2022 08:27:47 GMT
+ Tue, 1 Feb 2022 08:27:47 GMT
+ https://git.slackware.nl/current/tag/?h=20220201082747
+ 20220201082747
+
+
+kde/kate-21.12.1-x86_64-2.txz: Rebuilt.
+ Fix missing validation of binaries executed via QProcess.
+ Thanks to Heinz Wiesinger.
+ For more information, see:
+ https://kde.org/info/security/advisory-20220131-1.txt
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23853
+ (* Security fix *)
+ ]]>
+
+
+ -
+ Tue, 1 Feb 2022 05:35:21 GMT
+ Tue, 1 Feb 2022 05:35:21 GMT
+ https://git.slackware.nl/current/tag/?h=20220201053521
+ 20220201053521
+
+
+Hey, my shiny brass lamp is almost out of fuel!
+a/rpm2tgz-1.2.2-x86_64-6.txz: Rebuilt.
+ Don't use --no-absolute-filenames, because inexplicably it also strips the
+ leading '/' from symlink targets, generally creating a broken symlink.
+ The problem we were attempting to fix is far less common than symlinks to
+ absolute filenames, so we'll revert this for further consideration.
+ Thanks to pghvlaans.
+ ]]>
+
+
-
Tue, 1 Feb 2022 04:37:04 GMT
Tue, 1 Feb 2022 04:37:04 GMT
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 334fea061..7ef64dbdf 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,21 @@
+Tue Feb 1 08:27:47 UTC 2022
+kde/kate-21.12.1-x86_64-2.txz: Rebuilt.
+ Fix missing validation of binaries executed via QProcess.
+ Thanks to Heinz Wiesinger.
+ For more information, see:
+ https://kde.org/info/security/advisory-20220131-1.txt
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23853
+ (* Security fix *)
++--------------------------+
+Tue Feb 1 05:35:21 UTC 2022
+Hey, my shiny brass lamp is almost out of fuel!
+a/rpm2tgz-1.2.2-x86_64-6.txz: Rebuilt.
+ Don't use --no-absolute-filenames, because inexplicably it also strips the
+ leading '/' from symlink targets, generally creating a broken symlink.
+ The problem we were attempting to fix is far less common than symlinks to
+ absolute filenames, so we'll revert this for further consideration.
+ Thanks to pghvlaans.
++--------------------------+
Tue Feb 1 04:37:04 UTC 2022
The sepulchral voice intones, "The cave is now closed."
kde/falkon-3.2.0-x86_64-1.txz: Upgraded.
diff --git a/FILELIST.TXT b/FILELIST.TXT
index 79fc5fc78..1ec83edf4 100644
--- a/FILELIST.TXT
+++ b/FILELIST.TXT
@@ -1,20 +1,20 @@
-Tue Feb 1 04:56:51 UTC 2022
+Tue Feb 1 08:30:47 UTC 2022
Here is the file list for this directory. If you are using a
mirror site and find missing or extra files in the disk
subdirectories, please have the archive administrator refresh
the mirror.
-drwxr-xr-x 12 root root 4096 2022-02-01 04:50 .
+drwxr-xr-x 12 root root 4096 2022-02-01 08:27 .
-rw-r--r-- 1 root root 10064 2016-06-30 18:39 ./ANNOUNCE.14_2
-rw-r--r-- 1 root root 15913 2022-01-18 20:05 ./CHANGES_AND_HINTS.TXT
--rw-r--r-- 1 root root 1096928 2022-02-01 04:50 ./CHECKSUMS.md5
--rw-r--r-- 1 root root 163 2022-02-01 04:50 ./CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 1097586 2022-02-01 05:38 ./CHECKSUMS.md5
+-rw-r--r-- 1 root root 163 2022-02-01 05:38 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING
-rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3
-rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT
-rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
--rw-r--r-- 1 root root 1861141 2022-02-01 04:55 ./ChangeLog.txt
+-rw-r--r-- 1 root root 1861968 2022-02-01 08:27 ./ChangeLog.txt
drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI
drwxr-xr-x 2 root root 4096 2022-01-29 19:23 ./EFI/BOOT
-rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@@ -25,10 +25,10 @@ drwxr-xr-x 2 root root 4096 2022-01-29 19:23 ./EFI/BOOT
-rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
-rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
-rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
--rw-r--r-- 1 root root 1427966 2022-02-01 04:49 ./FILELIST.TXT
+-rw-r--r-- 1 root root 1428832 2022-02-01 05:38 ./FILELIST.TXT
-rw-r--r-- 1 root root 0 2022-01-27 22:50 ./FILE_LIST
-rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY
--rw-r--r-- 1 root root 864745 2022-02-01 04:48 ./PACKAGES.TXT
+-rw-r--r-- 1 root root 864745 2022-02-01 08:30 ./PACKAGES.TXT
-rw-r--r-- 1 root root 8564 2016-06-28 21:33 ./README.TXT
-rw-r--r-- 1 root root 3635 2022-01-29 19:14 ./README.initrd
-rw-r--r-- 1 root root 34162 2022-01-30 20:35 ./README_CRYPT.TXT
@@ -744,13 +744,13 @@ drwxr-xr-x 2 root root 4096 2012-09-20 18:06 ./patches
-rw-r--r-- 1 root root 575 2012-09-20 18:06 ./patches/FILE_LIST
-rw-r--r-- 1 root root 14 2012-09-20 18:06 ./patches/MANIFEST.bz2
-rw-r--r-- 1 root root 224 2012-09-20 18:06 ./patches/PACKAGES.TXT
-drwxr-xr-x 17 root root 4096 2022-02-01 04:48 ./slackware64
--rw-r--r-- 1 root root 337498 2022-02-01 04:48 ./slackware64/CHECKSUMS.md5
--rw-r--r-- 1 root root 163 2022-02-01 04:48 ./slackware64/CHECKSUMS.md5.asc
--rw-r--r-- 1 root root 418557 2022-02-01 04:47 ./slackware64/FILE_LIST
--rw-r--r-- 1 root root 4207271 2022-02-01 04:47 ./slackware64/MANIFEST.bz2
+drwxr-xr-x 17 root root 4096 2022-02-01 08:30 ./slackware64
+-rw-r--r-- 1 root root 337498 2022-02-01 08:30 ./slackware64/CHECKSUMS.md5
+-rw-r--r-- 1 root root 163 2022-02-01 08:30 ./slackware64/CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 418557 2022-02-01 08:29 ./slackware64/FILE_LIST
+-rw-r--r-- 1 root root 4194449 2022-02-01 08:29 ./slackware64/MANIFEST.bz2
lrwxrwxrwx 1 root root 15 2009-08-23 23:34 ./slackware64/PACKAGES.TXT -> ../PACKAGES.TXT
-drwxr-xr-x 2 root root 32768 2022-01-30 20:50 ./slackware64/a
+drwxr-xr-x 2 root root 32768 2022-02-01 05:37 ./slackware64/a
-rw-r--r-- 1 root root 327 2022-01-16 05:08 ./slackware64/a/aaa_base-15.0-x86_64-3.txt
-rw-r--r-- 1 root root 10616 2022-01-16 05:08 ./slackware64/a/aaa_base-15.0-x86_64-3.txz
-rw-r--r-- 1 root root 163 2022-01-16 05:08 ./slackware64/a/aaa_base-15.0-x86_64-3.txz.asc
@@ -1037,9 +1037,9 @@ drwxr-xr-x 2 root root 32768 2022-01-30 20:50 ./slackware64/a
-rw-r--r-- 1 root root 421 2021-02-13 11:14 ./slackware64/a/reiserfsprogs-3.6.27-x86_64-4.txt
-rw-r--r-- 1 root root 221668 2021-02-13 11:14 ./slackware64/a/reiserfsprogs-3.6.27-x86_64-4.txz
-rw-r--r-- 1 root root 163 2021-02-13 11:14 ./slackware64/a/reiserfsprogs-3.6.27-x86_64-4.txz.asc
--rw-r--r-- 1 root root 396 2022-01-29 05:55 ./slackware64/a/rpm2tgz-1.2.2-x86_64-5.txt
--rw-r--r-- 1 root root 5788 2022-01-29 05:55 ./slackware64/a/rpm2tgz-1.2.2-x86_64-5.txz
--rw-r--r-- 1 root root 163 2022-01-29 05:55 ./slackware64/a/rpm2tgz-1.2.2-x86_64-5.txz.asc
+-rw-r--r-- 1 root root 396 2022-02-01 05:25 ./slackware64/a/rpm2tgz-1.2.2-x86_64-6.txt
+-rw-r--r-- 1 root root 5768 2022-02-01 05:25 ./slackware64/a/rpm2tgz-1.2.2-x86_64-6.txz
+-rw-r--r-- 1 root root 163 2022-02-01 05:25 ./slackware64/a/rpm2tgz-1.2.2-x86_64-6.txz.asc
-rw-r--r-- 1 root root 465 2021-11-11 16:25 ./slackware64/a/sdparm-1.12-x86_64-2.txt
-rw-r--r-- 1 root root 97412 2021-11-11 16:25 ./slackware64/a/sdparm-1.12-x86_64-2.txz
-rw-r--r-- 1 root root 163 2021-11-11 16:25 ./slackware64/a/sdparm-1.12-x86_64-2.txz.asc
@@ -1635,7 +1635,7 @@ drwxr-xr-x 2 root root 4096 2022-01-29 19:26 ./slackware64/k
-rw-r--r-- 1 root root 1171 2022-01-29 19:14 ./slackware64/k/maketag
-rw-r--r-- 1 root root 1171 2022-01-29 19:14 ./slackware64/k/maketag.ez
-rw-r--r-- 1 root root 18 2022-01-29 19:14 ./slackware64/k/tagfile
-drwxr-xr-x 2 root root 86016 2022-02-01 04:47 ./slackware64/kde
+drwxr-xr-x 2 root root 86016 2022-02-01 08:29 ./slackware64/kde
-rw-r--r-- 1 root root 382 2022-01-06 21:36 ./slackware64/kde/akonadi-21.12.1-x86_64-1.txt
-rw-r--r-- 1 root root 2541268 2022-01-06 21:36 ./slackware64/kde/akonadi-21.12.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2022-01-06 21:36 ./slackware64/kde/akonadi-21.12.1-x86_64-1.txz.asc
@@ -1839,9 +1839,9 @@ drwxr-xr-x 2 root root 86016 2022-02-01 04:47 ./slackware64/kde
-rw-r--r-- 1 root root 385 2022-01-08 22:27 ./slackware64/kde/karchive-5.90.0-x86_64-1.txt
-rw-r--r-- 1 root root 106528 2022-01-08 22:27 ./slackware64/kde/karchive-5.90.0-x86_64-1.txz
-rw-r--r-- 1 root root 163 2022-01-08 22:27 ./slackware64/kde/karchive-5.90.0-x86_64-1.txz.asc
--rw-r--r-- 1 root root 469 2022-01-06 22:00 ./slackware64/kde/kate-21.12.1-x86_64-1.txt
--rw-r--r-- 1 root root 8636344 2022-01-06 22:00 ./slackware64/kde/kate-21.12.1-x86_64-1.txz
--rw-r--r-- 1 root root 163 2022-01-06 22:00 ./slackware64/kde/kate-21.12.1-x86_64-1.txz.asc
+-rw-r--r-- 1 root root 469 2022-02-01 08:18 ./slackware64/kde/kate-21.12.1-x86_64-2.txt
+-rw-r--r-- 1 root root 8637800 2022-02-01 08:18 ./slackware64/kde/kate-21.12.1-x86_64-2.txz
+-rw-r--r-- 1 root root 163 2022-02-01 08:18 ./slackware64/kde/kate-21.12.1-x86_64-2.txz.asc
-rw-r--r-- 1 root root 357 2022-01-06 22:35 ./slackware64/kde/katomic-21.12.1-x86_64-1.txt
-rw-r--r-- 1 root root 1462264 2022-01-06 22:35 ./slackware64/kde/katomic-21.12.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2022-01-06 22:35 ./slackware64/kde/katomic-21.12.1-x86_64-1.txz.asc
@@ -5610,11 +5610,11 @@ drwxr-xr-x 2 root root 4096 2021-02-15 19:33 ./slackware64/y
-rw-r--r-- 1 root root 1486956 2021-02-13 13:56 ./slackware64/y/nethack-3.6.6-x86_64-3.txz
-rw-r--r-- 1 root root 163 2021-02-13 13:56 ./slackware64/y/nethack-3.6.6-x86_64-3.txz.asc
-rw-r--r-- 1 root root 26 2020-12-30 21:55 ./slackware64/y/tagfile
-drwxr-xr-x 18 root root 4096 2022-02-01 04:49 ./source
--rw-r--r-- 1 root root 585058 2022-02-01 04:49 ./source/CHECKSUMS.md5
--rw-r--r-- 1 root root 163 2022-02-01 04:49 ./source/CHECKSUMS.md5.asc
--rw-r--r-- 1 root root 814191 2022-02-01 04:49 ./source/FILE_LIST
--rw-r--r-- 1 root root 23339060 2022-02-01 04:49 ./source/MANIFEST.bz2
+drwxr-xr-x 18 root root 4096 2022-02-01 08:30 ./source
+-rw-r--r-- 1 root root 585568 2022-02-01 08:30 ./source/CHECKSUMS.md5
+-rw-r--r-- 1 root root 163 2022-02-01 08:30 ./source/CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 814778 2022-02-01 08:30 ./source/FILE_LIST
+-rw-r--r-- 1 root root 23356978 2022-02-01 08:30 ./source/MANIFEST.bz2
-rw-r--r-- 1 root root 1314 2006-10-02 04:40 ./source/README.TXT
drwxr-xr-x 122 root root 4096 2022-01-29 05:54 ./source/a
-rw-r--r-- 1 root root 1847 2022-01-21 19:54 ./source/a/FTBFSlog
@@ -6453,7 +6453,7 @@ drwxr-xr-x 2 root root 4096 2022-01-29 05:46 ./source/a/rpm2tgz/patches
-rw-r--r-- 1 root root 743 2022-01-29 05:53 ./source/a/rpm2tgz/patches/0011-ignore-rpm2cpio-error-code.patch.gz
-rw-r--r-- 1 root root 7339 2022-01-29 05:31 ./source/a/rpm2tgz/rpm2targz
-rw-r--r-- 1 root root 986 2006-12-23 06:51 ./source/a/rpm2tgz/rpm2targz.README
--rwxr-xr-x 1 root root 4624 2022-01-29 05:52 ./source/a/rpm2tgz/rpm2tgz.SlackBuild
+-rwxr-xr-x 1 root root 4751 2022-02-01 05:24 ./source/a/rpm2tgz/rpm2tgz.SlackBuild
-rw-r--r-- 1 root root 854 2010-02-23 21:02 ./source/a/rpm2tgz/rpmoffset.c
-rw-r--r-- 1 root root 851 2018-02-27 06:13 ./source/a/rpm2tgz/slack-desc
drwxr-xr-x 2 root root 4096 2021-04-22 18:04 ./source/a/sdparm
@@ -7903,7 +7903,7 @@ drwxr-xr-x 2 root root 16384 2021-12-22 20:02 ./source/kde/kde/build
-rw-r--r-- 1 root root 2 2021-11-04 17:58 ./source/kde/kde/build/kapman
-rw-r--r-- 1 root root 2 2021-11-04 17:58 ./source/kde/kde/build/kapptemplate
-rw-r--r-- 1 root root 2 2021-10-10 18:07 ./source/kde/kde/build/karchive
--rw-r--r-- 1 root root 2 2021-11-04 17:58 ./source/kde/kde/build/kate
+-rw-r--r-- 1 root root 2 2022-02-01 08:17 ./source/kde/kde/build/kate
-rw-r--r-- 1 root root 2 2021-11-04 17:58 ./source/kde/kde/build/katomic
-rw-r--r-- 1 root root 2 2021-09-30 17:57 ./source/kde/kde/build/kaudiocreator
-rw-r--r-- 1 root root 2 2021-11-13 17:18 ./source/kde/kde/build/kauth
@@ -8375,8 +8375,13 @@ drwxr-xr-x 2 root root 4096 2018-08-10 22:34 ./source/kde/kde/patch/dolph
drwxr-xr-x 2 root root 4096 2015-01-14 13:43 ./source/kde/kde/patch/kalgebra
-rw-r--r-- 1 root root 310 2020-07-19 02:11 ./source/kde/kde/patch/kalgebra.patch
-rw-r--r-- 1 root root 440 2021-08-13 03:13 ./source/kde/kde/patch/kalgebra/kalgebra_ncurses_linking.diff
-drwxr-xr-x 2 root root 4096 2021-04-22 18:31 ./source/kde/kde/patch/kate
--rw-r--r-- 1 root root 274 2020-07-19 02:11 ./source/kde/kde/patch/kate.patch
+drwxr-xr-x 2 root root 4096 2022-02-01 08:15 ./source/kde/kde/patch/kate
+-rw-r--r-- 1 root root 1149 2022-02-01 08:16 ./source/kde/kde/patch/kate.patch
+-rw-r--r-- 1 root root 3710 2022-02-01 08:12 ./source/kde/kde/patch/kate/361dd43e42994829dbdb35e78fb7698d27cbb0e2.patch
+-rw-r--r-- 1 root root 3609 2022-02-01 08:13 ./source/kde/kde/patch/kate/6fc3bf6e5bd540e842e32c4a959c2158c8573be5.patch
+-rw-r--r-- 1 root root 38317 2022-02-01 08:14 ./source/kde/kde/patch/kate/7e08a58fb50d28ba96aedd5f5cd79a9479b4a0ad.patch
+-rw-r--r-- 1 root root 2329 2022-02-01 08:13 ./source/kde/kde/patch/kate/92a9c65e30b4b63b8b116eb5c8dcb1e1a2d867bc.patch
+-rw-r--r-- 1 root root 7909 2022-02-01 08:14 ./source/kde/kde/patch/kate/c5d66f3b70ae4778d6162564309aee95f643e7c9.patch
-rw-r--r-- 1 root root 2730 2021-08-13 02:32 ./source/kde/kde/patch/kate/kate_runasroot.patch
drwxr-xr-x 2 root root 4096 2020-04-22 08:39 ./source/kde/kde/patch/kdeconnect-kde
-rw-r--r-- 1 root root 198 2020-07-19 02:14 ./source/kde/kde/patch/kdeconnect-kde.patch
@@ -11933,17 +11938,17 @@ drwxr-xr-x 2 root root 4096 2021-09-25 00:06 ./source/n/cifs-utils
-rw-r--r-- 1 root root 48 2018-11-15 17:49 ./source/n/cifs-utils/cifs-utils.url
-rw-r--r-- 1 root root 1061 2018-02-27 06:13 ./source/n/cifs-utils/slack-desc
drwxr-xr-x 2 root root 4096 2021-02-13 05:32 ./source/n/conntrack-tools
--rw-r--r-- 1 root root 419642 2020-04-01 17:27 ./source/n/conntrack-tools/conntrack-tools-1.4.6.tar.lz
--rwxr-xr-x 1 root root 3634 2021-02-13 05:32 ./source/n/conntrack-tools/conntrack-tools.SlackBuild
--rw-r--r-- 1 root root 44 2020-04-02 18:37 ./source/n/conntrack-tools/conntrack-tools.url
--rw-r--r-- 1 root root 1092 2018-05-28 18:00 ./source/n/conntrack-tools/slack-desc
-drwxr-xr-x 2 root root 4096 2021-02-13 05:32 ./source/n/crda
--rw-r--r-- 1 root root 61500 2019-11-01 18:08 ./source/n/crda/crda-4.14.tar.xz
--rwxr-xr-x 1 root root 4281 2021-02-13 05:32 ./source/n/crda/crda.SlackBuild
--rw-r--r-- 1 root root 113 2019-11-01 19:04 ./source/n/crda/crda.url
--rw-r--r-- 1 root root 425 2015-03-21 20:15 ./source/n/crda/get_regdb.sh
--rw-r--r-- 1 root root 861 2018-02-27 06:13 ./source/n/crda/slack-desc
--rw-r--r-- 1 root root 488 2019-06-03 21:45 ./source/n/crda/wireless-regdb-2019.06.03.tar.sign
+-rw-r--r-- 1 root root 419642 2020-04-01 17:27 ./source/n/conntrack-tools/conntrack-tools-1.4.6.tar.lz
+-rwxr-xr-x 1 root root 3634 2021-02-13 05:32 ./source/n/conntrack-tools/conntrack-tools.SlackBuild
+-rw-r--r-- 1 root root 44 2020-04-02 18:37 ./source/n/conntrack-tools/conntrack-tools.url
+-rw-r--r-- 1 root root 1092 2018-05-28 18:00 ./source/n/conntrack-tools/slack-desc
+drwxr-xr-x 2 root root 4096 2021-02-13 05:32 ./source/n/crda
+-rw-r--r-- 1 root root 61500 2019-11-01 18:08 ./source/n/crda/crda-4.14.tar.xz
+-rwxr-xr-x 1 root root 4281 2021-02-13 05:32 ./source/n/crda/crda.SlackBuild
+-rw-r--r-- 1 root root 113 2019-11-01 19:04 ./source/n/crda/crda.url
+-rw-r--r-- 1 root root 425 2015-03-21 20:15 ./source/n/crda/get_regdb.sh
+-rw-r--r-- 1 root root 861 2018-02-27 06:13 ./source/n/crda/slack-desc
+-rw-r--r-- 1 root root 488 2019-06-03 21:45 ./source/n/crda/wireless-regdb-2019.06.03.tar.sign
-rw-r--r-- 1 root root 23176 2019-06-03 21:45 ./source/n/crda/wireless-regdb-2019.06.03.tar.xz
-rw-r--r-- 1 root root 55 2018-02-05 06:31 ./source/n/crda/wireless-regdb.url
drwxr-xr-x 2 root root 4096 2022-01-05 19:57 ./source/n/curl
diff --git a/source/a/rpm2tgz/rpm2tgz.SlackBuild b/source/a/rpm2tgz/rpm2tgz.SlackBuild
index 00ebb5bcb..7aae64cbd 100755
--- a/source/a/rpm2tgz/rpm2tgz.SlackBuild
+++ b/source/a/rpm2tgz/rpm2tgz.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=rpm2tgz
VERSION=1.2.2
-BUILD=${BUILD:-5}
+BUILD=${BUILD:-6}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -78,10 +78,12 @@ cat $CWD/rpm2targz > $PKG/usr/bin/rpm2targz
zcat $CWD/patches/0007-Add-support-for-.txz-packages-and-rpm2txz-symlink.patch.gz | patch -p1 || exit 1
zcat $CWD/patches/0008-Avoid-none-values-in-slack-desc.patch.gz | patch -p1 || exit 1
zcat $CWD/patches/0009-Add-c-option-just-as-makepkg-c-y.patch.gz | patch -p1 || exit 1
- # Make sure that if someone created an RPM with absolute filenames that we
- # don't allow it to write all over the / directory when we're just trying
- # to extract it to make the .tgz:
- zcat $CWD/patches/0010-no-absolute-filenames-extracting-cpio.patch.gz | patch -p1 || exit 1
+ ## NO - cpio is stupid and strips the leading '/' from symlinks to absolute
+ ## paths with --no-absolute-filenames. :-/
+ ## Make sure that if someone created an RPM with absolute filenames that we
+ ## don't allow it to write all over the / directory when we're just trying
+ ## to extract it to make the .tgz:
+ #zcat $CWD/patches/0010-no-absolute-filenames-extracting-cpio.patch.gz | patch -p1 || exit 1
# Allow ignoring rpm2cpio error code. Some RPMs can be extracted, but
# throw an error anyway.
zcat $CWD/patches/0011-ignore-rpm2cpio-error-code.patch.gz | patch -p1 || exit 1
diff --git a/source/kde/kde/build/kate b/source/kde/kde/build/kate
index d00491fd7..0cfbf0888 100644
--- a/source/kde/kde/build/kate
+++ b/source/kde/kde/build/kate
@@ -1 +1 @@
-1
+2
diff --git a/source/kde/kde/patch/kate.patch b/source/kde/kde/patch/kate.patch
index 59df062a0..df3032eda 100644
--- a/source/kde/kde/patch/kate.patch
+++ b/source/kde/kde/patch/kate.patch
@@ -1,3 +1,10 @@
# Allow Kate to be started by the root user; disallowing this is not
# a decision that a developer should make for the user, it is patronizing:
cat $CWD/patch/kate/kate_runasroot.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+
+# Fix KTextEditor/Kate: Missing validation of binaries executed via QProcess (CVE-2022-23853)
+cat $CWD/patch/kate/361dd43e42994829dbdb35e78fb7698d27cbb0e2.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+cat $CWD/patch/kate/6fc3bf6e5bd540e842e32c4a959c2158c8573be5.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+cat $CWD/patch/kate/92a9c65e30b4b63b8b116eb5c8dcb1e1a2d867bc.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+cat $CWD/patch/kate/c5d66f3b70ae4778d6162564309aee95f643e7c9.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+cat $CWD/patch/kate/7e08a58fb50d28ba96aedd5f5cd79a9479b4a0ad.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
diff --git a/source/kde/kde/patch/kate/361dd43e42994829dbdb35e78fb7698d27cbb0e2.patch b/source/kde/kde/patch/kate/361dd43e42994829dbdb35e78fb7698d27cbb0e2.patch
new file mode 100644
index 000000000..4f7237aaa
--- /dev/null
+++ b/source/kde/kde/patch/kate/361dd43e42994829dbdb35e78fb7698d27cbb0e2.patch
@@ -0,0 +1,87 @@
+From 361dd43e42994829dbdb35e78fb7698d27cbb0e2 Mon Sep 17 00:00:00 2001
+From: Mark Nauwelaerts
+Date: Mon, 13 Dec 2021 20:52:57 +0100
+Subject: [PATCH] lspclient: consider some additional server capabilities
+
+---
+ addons/lspclient/lspclientprotocol.h | 14 +++++++++++++-
+ addons/lspclient/lspclientserver.cpp | 9 ++++++++-
+ addons/lspclient/lspclientservermanager.cpp | 2 +-
+ 3 files changed, 22 insertions(+), 3 deletions(-)
+
+diff --git a/addons/lspclient/lspclientprotocol.h b/addons/lspclient/lspclientprotocol.h
+index 0fb7f4485..9de0ec511 100644
+--- a/addons/lspclient/lspclientprotocol.h
++++ b/addons/lspclient/lspclientprotocol.h
+@@ -21,6 +21,8 @@
+ #include
+ #include
+
++#include
++
+ // Following types roughly follow the types/interfaces as defined in LSP protocol spec
+ // although some deviation may arise where it has been deemed useful
+ // Moreover, to avoid introducing a custom 'optional' type, absence of an optional
+@@ -51,6 +53,16 @@ struct LSPResponseError {
+
+ enum class LSPDocumentSyncKind { None = 0, Full = 1, Incremental = 2 };
+
++struct LSPSaveOptions {
++ bool includeText = false;
++};
++
++// only used parts for now
++struct LSPTextDocumentSyncOptions {
++ LSPDocumentSyncKind change = LSPDocumentSyncKind::None;
++ std::optional save;
++};
++
+ struct LSPCompletionOptions {
+ bool provider = false;
+ bool resolveProvider = false;
+@@ -81,7 +93,7 @@ struct LSPWorkspaceFoldersServerCapabilities {
+ };
+
+ struct LSPServerCapabilities {
+- LSPDocumentSyncKind textDocumentSync = LSPDocumentSyncKind::None;
++ LSPTextDocumentSyncOptions textDocumentSync;
+ bool hoverProvider = false;
+ LSPCompletionOptions completionProvider;
+ LSPSignatureHelpOptions signatureHelpProvider;
+diff --git a/addons/lspclient/lspclientserver.cpp b/addons/lspclient/lspclientserver.cpp
+index 8739d46c9..a7094fde2 100644
+--- a/addons/lspclient/lspclientserver.cpp
++++ b/addons/lspclient/lspclientserver.cpp
+@@ -344,8 +344,15 @@ static void from_json(LSPServerCapabilities &caps, const QJsonObject &json)
+ };
+
+ auto sync = json.value(QStringLiteral("textDocumentSync"));
+- caps.textDocumentSync = static_cast(
++ caps.textDocumentSync.change = static_cast(
+ (sync.isObject() ? sync.toObject().value(QStringLiteral("change")) : sync).toInt(static_cast(LSPDocumentSyncKind::None)));
++ if (sync.isObject()) {
++ auto syncObject = sync.toObject();
++ auto save = syncObject.value(QStringLiteral("save"));
++ if (save.isObject() || save.toBool()) {
++ caps.textDocumentSync.save = {save.toObject().value(QStringLiteral("includeText")).toBool()};
++ }
++ }
+ caps.hoverProvider = toBoolOrObject(json.value(QStringLiteral("hoverProvider")));
+ from_json(caps.completionProvider, json.value(QStringLiteral("completionProvider")));
+ from_json(caps.signatureHelpProvider, json.value(QStringLiteral("signatureHelpProvider")));
+diff --git a/addons/lspclient/lspclientservermanager.cpp b/addons/lspclient/lspclientservermanager.cpp
+index 1fbcf928f..1e03801ea 100644
+--- a/addons/lspclient/lspclientservermanager.cpp
++++ b/addons/lspclient/lspclientservermanager.cpp
+@@ -931,7 +931,7 @@ private:
+ auto it = m_docs.find(doc);
+ if (it != m_docs.end() && it->server) {
+ const auto &caps = it->server->capabilities();
+- if (caps.textDocumentSync == LSPDocumentSyncKind::Incremental) {
++ if (caps.textDocumentSync.change == LSPDocumentSyncKind::Incremental) {
+ return &(*it);
+ }
+ }
+--
+GitLab
+
diff --git a/source/kde/kde/patch/kate/6fc3bf6e5bd540e842e32c4a959c2158c8573be5.patch b/source/kde/kde/patch/kate/6fc3bf6e5bd540e842e32c4a959c2158c8573be5.patch
new file mode 100644
index 000000000..cdbde70ff
--- /dev/null
+++ b/source/kde/kde/patch/kate/6fc3bf6e5bd540e842e32c4a959c2158c8573be5.patch
@@ -0,0 +1,71 @@
+From 6fc3bf6e5bd540e842e32c4a959c2158c8573be5 Mon Sep 17 00:00:00 2001
+From: Mark Nauwelaerts
+Date: Mon, 13 Dec 2021 21:36:50 +0100
+Subject: [PATCH] lspclient: send didSave notification if so requested
+
+---
+ addons/lspclient/lspclientserver.cpp | 7 +++++--
+ addons/lspclient/lspclientservermanager.cpp | 15 +++++++++++++++
+ 2 files changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/addons/lspclient/lspclientserver.cpp b/addons/lspclient/lspclientserver.cpp
+index a7094fde2..9fb5844cd 100644
+--- a/addons/lspclient/lspclientserver.cpp
++++ b/addons/lspclient/lspclientserver.cpp
+@@ -1255,7 +1255,8 @@ private:
+ {QStringLiteral("documentSymbol"), QJsonObject{{QStringLiteral("hierarchicalDocumentSymbolSupport"), true}} },
+ {QStringLiteral("publishDiagnostics"), QJsonObject{{QStringLiteral("relatedInformation"), true}}},
+ {QStringLiteral("codeAction"), codeAction},
+- {QStringLiteral("semanticTokens"), semanticTokens}
++ {QStringLiteral("semanticTokens"), semanticTokens},
++ {QStringLiteral("synchronization"), QJsonObject{{QStringLiteral("didSave"), true}}},
+ },
+ },
+ {QStringLiteral("window"),
+@@ -1475,7 +1476,9 @@ public:
+ void didSave(const QUrl &document, const QString &text)
+ {
+ auto params = textDocumentParams(document);
+- params[QStringLiteral("text")] = text;
++ if (!text.isNull()) {
++ params[QStringLiteral("text")] = text;
++ }
+ send(init_request(QStringLiteral("textDocument/didSave"), params));
+ }
+
+diff --git a/addons/lspclient/lspclientservermanager.cpp b/addons/lspclient/lspclientservermanager.cpp
+index 1e03801ea..551926e23 100644
+--- a/addons/lspclient/lspclientservermanager.cpp
++++ b/addons/lspclient/lspclientservermanager.cpp
+@@ -833,6 +833,7 @@ private:
+ connect(doc, &KTextEditor::Document::aboutToClose, this, &self_type::untrack, Qt::UniqueConnection);
+ connect(doc, &KTextEditor::Document::destroyed, this, &self_type::untrack, Qt::UniqueConnection);
+ connect(doc, &KTextEditor::Document::textChanged, this, &self_type::onTextChanged, Qt::UniqueConnection);
++ connect(doc, &KTextEditor::Document::documentSavedOrUploaded, this, &self_type::onDocumentSaved, Qt::UniqueConnection);
+ // in case of incremental change
+ connect(doc, &KTextEditor::Document::textInserted, this, &self_type::onTextInserted, Qt::UniqueConnection);
+ connect(doc, &KTextEditor::Document::textRemoved, this, &self_type::onTextRemoved, Qt::UniqueConnection);
+@@ -976,6 +977,20 @@ private:
+ }
+ }
+
++ void onDocumentSaved(KTextEditor::Document *doc, bool saveAs)
++ {
++ if (!saveAs) {
++ auto it = m_docs.find(doc);
++ if (it != m_docs.end() && it->server) {
++ auto server = it->server;
++ const auto &saveOptions = server->capabilities().textDocumentSync.save;
++ if (saveOptions) {
++ server->didSave(doc->url(), saveOptions->includeText ? doc->text() : QString());
++ }
++ }
++ }
++ }
++
+ void onMessage(bool isLog, const LSPLogMessageParams ¶ms)
+ {
+ // determine server description
+--
+GitLab
+
diff --git a/source/kde/kde/patch/kate/7e08a58fb50d28ba96aedd5f5cd79a9479b4a0ad.patch b/source/kde/kde/patch/kate/7e08a58fb50d28ba96aedd5f5cd79a9479b4a0ad.patch
new file mode 100644
index 000000000..456f33618
--- /dev/null
+++ b/source/kde/kde/patch/kate/7e08a58fb50d28ba96aedd5f5cd79a9479b4a0ad.patch
@@ -0,0 +1,918 @@
+From 7e08a58fb50d28ba96aedd5f5cd79a9479b4a0ad Mon Sep 17 00:00:00 2001
+From: Christoph Cullmann
+Date: Mon, 24 Jan 2022 19:07:37 +0000
+Subject: [PATCH] improve QProcess handling
+
+ensure we take executables from PATH for execution instead possibly from current working directory
+or the working directory set for the QProcess
+---
+ addons/compiler-explorer/compiledbreader.cpp | 4 +-
+ addons/externaltools/katetoolrunner.cpp | 9 +++-
+ addons/gdbplugin/debugview.cpp | 17 +++++++-
+ addons/git-blame/commitfilesview.cpp | 17 +++++---
+ addons/git-blame/kategitblameplugin.cpp | 8 +++-
+ addons/kate-ctags/gotosymbolmodel.cpp | 15 +++++--
+ addons/project/comparebranchesview.cpp | 4 +-
+ addons/project/filehistorywidget.cpp | 14 +++++--
+ addons/project/git/gitutils.cpp | 41 +++++++++++++++----
+ addons/project/gitwidget.cpp | 19 +++++++--
+ addons/project/kateprojectindex.cpp | 9 +++-
+ .../kateprojectinfoviewcodeanalysis.cpp | 9 +++-
+ addons/project/kateprojectworker.cpp | 32 +++++++++++----
+ addons/project/stashdialog.cpp | 20 ++++-----
+ addons/project/stashdialog.h | 2 +-
+ addons/replicode/replicodeview.cpp | 9 ++++
+ addons/xmlcheck/plugin_katexmlcheck.cpp | 8 ++++
+ kate/katefileactions.cpp | 17 ++++----
+ kate/katefileactions.h | 4 +-
+ kate/katemwmodonhddialog.cpp | 6 ++-
+ kate/katemwmodonhddialog.h | 1 +
+ kate/kateviewspace.cpp | 7 +++-
+ shared/gitprocess.h | 16 +++++++-
+ 23 files changed, 217 insertions(+), 71 deletions(-)
+
+diff --git a/addons/compiler-explorer/compiledbreader.cpp b/addons/compiler-explorer/compiledbreader.cpp
+index 74e83638e..ab9ebc483 100644
+--- a/addons/compiler-explorer/compiledbreader.cpp
++++ b/addons/compiler-explorer/compiledbreader.cpp
+@@ -21,7 +21,9 @@ std::optional getDotGitPath(const QString &repo)
+ {
+ /* This call is intentionally blocking because we need git path for everything else */
+ QProcess git;
+- setupGitProcess(git, repo, {QStringLiteral("rev-parse"), QStringLiteral("--absolute-git-dir")});
++ if (!setupGitProcess(git, repo, {QStringLiteral("rev-parse"), QStringLiteral("--absolute-git-dir")})) {
++ return std::nullopt;
++ }
+ git.start(QProcess::ReadOnly);
+ if (git.waitForStarted() && git.waitForFinished(-1)) {
+ if (git.exitStatus() != QProcess::NormalExit || git.exitCode() != 0) {
+diff --git a/addons/externaltools/katetoolrunner.cpp b/addons/externaltools/katetoolrunner.cpp
+index 10a5d7226..e14940ad7 100644
+--- a/addons/externaltools/katetoolrunner.cpp
++++ b/addons/externaltools/katetoolrunner.cpp
+@@ -14,6 +14,7 @@
+ #include
+ #include
+ #include
++#include
+
+ KateToolRunner::KateToolRunner(std::unique_ptr tool, KTextEditor::View *view, QObject *parent)
+ : QObject(parent)
+@@ -40,6 +41,12 @@ KateExternalTool *KateToolRunner::tool() const
+
+ void KateToolRunner::run()
+ {
++ // always only execute the tool from PATH
++ const auto fullExecutable = QStandardPaths::findExecutable(m_tool->executable);
++ if (fullExecutable.isEmpty()) {
++ return;
++ }
++
+ if (!m_tool->workingDir.isEmpty()) {
+ m_process->setWorkingDirectory(m_tool->workingDir);
+ } else if (m_view) {
+@@ -72,7 +79,7 @@ void KateToolRunner::run()
+ });
+
+ const QStringList args = KShell::splitArgs(m_tool->arguments);
+- m_process->start(m_tool->executable, args);
++ m_process->start(fullExecutable, args);
+ }
+
+ void KateToolRunner::waitForFinished()
+diff --git a/addons/gdbplugin/debugview.cpp b/addons/gdbplugin/debugview.cpp
+index 9505daa25..d8c868d7a 100644
+--- a/addons/gdbplugin/debugview.cpp
++++ b/addons/gdbplugin/debugview.cpp
+@@ -12,7 +12,9 @@
+ #include "debugview.h"
+
+ #include
++#include
+ #include
++#include
+ #include
+
+ #include
+@@ -48,7 +50,20 @@ void DebugView::runDebugger(const GDBTargetConf &conf, const QStringList &ioFifo
+ if (conf.executable.isEmpty()) {
+ return;
+ }
++
+ m_targetConf = conf;
++
++ // no chance if no debugger configured
++ if (m_targetConf.gdbCmd.isEmpty()) {
++ return;
++ }
++
++ // only run debugger from PATH or the absolute executable path we specified
++ const auto fullExecutable = QFileInfo(m_targetConf.gdbCmd).isAbsolute() ? m_targetConf.gdbCmd : QStandardPaths::findExecutable(m_targetConf.gdbCmd);
++ if (fullExecutable.isEmpty()) {
++ return;
++ }
++
+ if (ioFifos.size() == 3) {
+ m_ioPipeString = QStringLiteral("< %1 1> %2 2> %3").arg(ioFifos[0], ioFifos[1], ioFifos[2]);
+ }
+@@ -69,7 +84,7 @@ void DebugView::runDebugger(const GDBTargetConf &conf, const QStringList &ioFifo
+
+ connect(&m_debugProcess, static_cast(&QProcess::finished), this, &DebugView::slotDebugFinished);
+
+- m_debugProcess.start(m_targetConf.gdbCmd, QStringList());
++ m_debugProcess.start(fullExecutable, QStringList());
+
+ m_nextCommands << QStringLiteral("set pagination off");
+ m_state = ready;
+diff --git a/addons/git-blame/commitfilesview.cpp b/addons/git-blame/commitfilesview.cpp
+index 26e484a4a..667b423b2 100644
+--- a/addons/git-blame/commitfilesview.cpp
++++ b/addons/git-blame/commitfilesview.cpp
+@@ -263,7 +263,9 @@ static void createFileTree(QStandardItem *parent, const QString &basePath, const
+ static std::optional getGitCmdOutput(const QString &workDir, const QStringList &args)
+ {
+ QProcess git;
+- setupGitProcess(git, workDir, args);
++ if (!setupGitProcess(git, workDir, args)) {
++ return {};
++ }
+ git.start(QProcess::ReadOnly);
+ if (git.waitForStarted() && git.waitForFinished(-1)) {
+ if (git.exitStatus() != QProcess::NormalExit || git.exitCode() != 0) {
+@@ -365,9 +367,12 @@ void CommitDiffTreeView::openCommit(const QString &hash, const QString &filePath
+ m_commitHash = hash;
+
+ QProcess *git = new QProcess(this);
+- setupGitProcess(*git,
+- QFileInfo(filePath).absolutePath(),
+- {QStringLiteral("show"), hash, QStringLiteral("--numstat"), QStringLiteral("--pretty=oneline"), QStringLiteral("-z")});
++ if (!setupGitProcess(*git,
++ QFileInfo(filePath).absolutePath(),
++ {QStringLiteral("show"), hash, QStringLiteral("--numstat"), QStringLiteral("--pretty=oneline"), QStringLiteral("-z")})) {
++ delete git;
++ return;
++ }
+ connect(git, &QProcess::finished, this, [this, git, filePath](int e, QProcess::ExitStatus s) {
+ git->deleteLater();
+ if (e != 0 || s != QProcess::NormalExit) {
+@@ -440,7 +445,9 @@ void CommitDiffTreeView::showDiff(const QModelIndex &idx)
+ {
+ const QString file = idx.data(FileItem::Path).toString();
+ QProcess git;
+- setupGitProcess(git, m_gitDir, {QStringLiteral("show"), m_commitHash, QStringLiteral("--"), file});
++ if (!setupGitProcess(git, m_gitDir, {QStringLiteral("show"), m_commitHash, QStringLiteral("--"), file})) {
++ return;
++ }
+ git.start(QProcess::ReadOnly);
+
+ if (git.waitForStarted() && git.waitForFinished(-1)) {
+diff --git a/addons/git-blame/kategitblameplugin.cpp b/addons/git-blame/kategitblameplugin.cpp
+index d0354cc75..ae0f8c106 100644
+--- a/addons/git-blame/kategitblameplugin.cpp
++++ b/addons/git-blame/kategitblameplugin.cpp
+@@ -255,7 +255,9 @@ void KateGitBlamePluginView::startBlameProcess(const QUrl &url)
+ QDir dir{url.toLocalFile()};
+ dir.cdUp();
+
+- setupGitProcess(m_blameInfoProc, dir.absolutePath(), {QStringLiteral("blame"), QStringLiteral("-p"), QStringLiteral("./%1").arg(fileName)});
++ if (!setupGitProcess(m_blameInfoProc, dir.absolutePath(), {QStringLiteral("blame"), QStringLiteral("-p"), QStringLiteral("./%1").arg(fileName)})) {
++ return;
++ }
+ m_blameInfoProc.start(QIODevice::ReadOnly);
+ m_blameUrl = url;
+ }
+@@ -270,7 +272,9 @@ void KateGitBlamePluginView::startShowProcess(const QUrl &url, const QString &ha
+ QDir dir{url.toLocalFile()};
+ dir.cdUp();
+
+- setupGitProcess(m_showProc, dir.absolutePath(), {QStringLiteral("show"), hash, QStringLiteral("--numstat")});
++ if (!setupGitProcess(m_showProc, dir.absolutePath(), {QStringLiteral("show"), hash, QStringLiteral("--numstat")})) {
++ return;
++ }
+ m_showProc.start(QIODevice::ReadOnly);
+ }
+
+diff --git a/addons/kate-ctags/gotosymbolmodel.cpp b/addons/kate-ctags/gotosymbolmodel.cpp
+index 6c547e379..0c116090f 100644
+--- a/addons/kate-ctags/gotosymbolmodel.cpp
++++ b/addons/kate-ctags/gotosymbolmodel.cpp
+@@ -8,6 +8,7 @@
+ #include
+ #include
+ #include
++#include
+
+ GotoSymbolModel::GotoSymbolModel(QObject *parent)
+ : QAbstractTableModel(parent)
+@@ -58,16 +59,24 @@ void GotoSymbolModel::refresh(const QString &filePath)
+ m_rows.clear();
+ endResetModel();
+
++ // only use ctags from PATH
++ static const auto fullExecutablePath = QStandardPaths::findExecutable(QStringLiteral("ctags"));
++ if (fullExecutablePath.isEmpty()) {
++ beginResetModel();
++ m_rows.append(SymbolItem{i18n("CTags executable not found."), -1, QIcon()});
++ endResetModel();
++ return;
++ }
++
+ QProcess p;
+- p.start(QStringLiteral("ctags"), {QStringLiteral("-x"), QStringLiteral("--_xformat=%{name}%{signature}\t%{kind}\t%{line}"), filePath});
++ p.start(fullExecutablePath, {QStringLiteral("-x"), QStringLiteral("--_xformat=%{name}%{signature}\t%{kind}\t%{line}"), filePath});
+
+ QByteArray out;
+ if (p.waitForFinished()) {
+ out = p.readAllStandardOutput();
+ } else {
+- qWarning() << "Ctags failed";
+ beginResetModel();
+- m_rows.append(SymbolItem{i18n("CTags executable not found."), -1, QIcon()});
++ m_rows.append(SymbolItem{i18n("CTags executable failed to execute."), -1, QIcon()});
+ endResetModel();
+ return;
+ }
+diff --git a/addons/project/comparebranchesview.cpp b/addons/project/comparebranchesview.cpp
+index 48d1d2633..7cf585f66 100644
+--- a/addons/project/comparebranchesview.cpp
++++ b/addons/project/comparebranchesview.cpp
+@@ -158,7 +158,9 @@ void CompareBranchesView::showDiff(const QModelIndex &idx)
+ {
+ auto file = idx.data(Qt::UserRole).toString().remove(m_gitDir + QLatin1Char('/'));
+ QProcess git;
+- setupGitProcess(git, m_gitDir, {QStringLiteral("diff"), QStringLiteral("%1...%2").arg(m_fromBr).arg(m_toBr), QStringLiteral("--"), file});
++ if (!setupGitProcess(git, m_gitDir, {QStringLiteral("diff"), QStringLiteral("%1...%2").arg(m_fromBr).arg(m_toBr), QStringLiteral("--"), file})) {
++ return;
++ }
+ git.start(QProcess::ReadOnly);
+
+ if (git.waitForStarted() && git.waitForFinished(-1)) {
+diff --git a/addons/project/filehistorywidget.cpp b/addons/project/filehistorywidget.cpp
+index 626016a6b..14857e178 100644
+--- a/addons/project/filehistorywidget.cpp
++++ b/addons/project/filehistorywidget.cpp
+@@ -231,9 +231,12 @@ FileHistoryWidget::~FileHistoryWidget()
+ // git log --format=%H%n%aN%n%aE%n%at%n%ct%n%P%n%B --author-date-order
+ void FileHistoryWidget::getFileHistory(const QString &file)
+ {
+- setupGitProcess(m_git,
+- QFileInfo(file).absolutePath(),
+- {QStringLiteral("log"), QStringLiteral("--format=%H%n%aN%n%aE%n%at%n%ct%n%P%n%B"), QStringLiteral("-z"), file});
++ if (!setupGitProcess(m_git,
++ QFileInfo(file).absolutePath(),
++ {QStringLiteral("log"), QStringLiteral("--format=%H%n%aN%n%aE%n%at%n%ct%n%P%n%B"), QStringLiteral("-z"), file})) {
++ Q_EMIT errorMessage(i18n("Failed to get file history: git executable not found in PATH"), true);
++ return;
++ }
+
+ connect(&m_git, &QProcess::readyReadStandardOutput, this, [this] {
+ auto commits = parseCommits(m_git.readAllStandardOutput().split(0x00));
+@@ -258,7 +261,10 @@ void FileHistoryWidget::itemClicked(const QModelIndex &idx)
+
+ const auto commit = idx.data(CommitListModel::CommitRole).value();
+
+- setupGitProcess(git, fi.absolutePath(), {QStringLiteral("show"), QString::fromUtf8(commit.hash), QStringLiteral("--"), m_file});
++ if (!setupGitProcess(git, fi.absolutePath(), {QStringLiteral("show"), QString::fromUtf8(commit.hash), QStringLiteral("--"), m_file})) {
++ return;
++ }
++
+ git.start(QProcess::ReadOnly);
+ if (git.waitForStarted() && git.waitForFinished(-1)) {
+ if (git.exitStatus() != QProcess::NormalExit || git.exitCode() != 0) {
+diff --git a/addons/project/git/gitutils.cpp b/addons/project/git/gitutils.cpp
+index ea8dd8823..8b494c16f 100644
+--- a/addons/project/git/gitutils.cpp
++++ b/addons/project/git/gitutils.cpp
+@@ -15,7 +15,10 @@
+ bool GitUtils::isGitRepo(const QString &repo)
+ {
+ QProcess git;
+- setupGitProcess(git, repo, {QStringLiteral("rev-parse"), QStringLiteral("--is-inside-work-tree")});
++ if (!setupGitProcess(git, repo, {QStringLiteral("rev-parse"), QStringLiteral("--is-inside-work-tree")})) {
++ return false;
++ }
++
+ git.start(QProcess::ReadOnly);
+ if (git.waitForStarted() && git.waitForFinished(-1)) {
+ return git.readAll().trimmed() == "true";
+@@ -27,7 +30,10 @@ std::optional GitUtils::getDotGitPath(const QString &repo)
+ {
+ /* This call is intentionally blocking because we need git path for everything else */
+ QProcess git;
+- setupGitProcess(git, repo, {QStringLiteral("rev-parse"), QStringLiteral("--absolute-git-dir")});
++ if (!setupGitProcess(git, repo, {QStringLiteral("rev-parse"), QStringLiteral("--absolute-git-dir")})) {
++ return std::nullopt;
++ }
++
+ git.start(QProcess::ReadOnly);
+ if (git.waitForStarted() && git.waitForFinished(-1)) {
+ if (git.exitStatus() != QProcess::NormalExit || git.exitCode() != 0) {
+@@ -57,7 +63,10 @@ QString GitUtils::getCurrentBranchName(const QString &repo)
+
+ for (int i = 0; i < 3; ++i) {
+ QProcess git;
+- setupGitProcess(git, repo, argsList[i]);
++ if (!setupGitProcess(git, repo, argsList[i])) {
++ return QString();
++ }
++
+ git.start(QProcess::ReadOnly);
+ if (git.waitForStarted() && git.waitForFinished(-1)) {
+ if (git.exitStatus() == QProcess::NormalExit && git.exitCode() == 0) {
+@@ -73,7 +82,10 @@ QString GitUtils::getCurrentBranchName(const QString &repo)
+ GitUtils::CheckoutResult GitUtils::checkoutBranch(const QString &repo, const QString &branch)
+ {
+ QProcess git;
+- setupGitProcess(git, repo, {QStringLiteral("checkout"), branch});
++ if (!setupGitProcess(git, repo, {QStringLiteral("checkout"), branch})) {
++ return CheckoutResult{};
++ }
++
+ git.start(QProcess::ReadOnly);
+ CheckoutResult res;
+ res.branch = branch;
+@@ -91,7 +103,11 @@ GitUtils::CheckoutResult GitUtils::checkoutNewBranch(const QString &repo, const
+ if (!fromBranch.isEmpty()) {
+ args.append(fromBranch);
+ }
+- setupGitProcess(git, repo, args);
++
++ if (!setupGitProcess(git, repo, args)) {
++ return CheckoutResult{};
++ }
++
+ git.start(QProcess::ReadOnly);
+ CheckoutResult res;
+ res.branch = newBranch;
+@@ -132,7 +148,10 @@ QVector GitUtils::getAllBranchesAndTags(const QString &repo, R
+ args.append(QStringLiteral("--sort=-taggerdate"));
+ }
+
+- setupGitProcess(git, repo, args);
++ if (!setupGitProcess(git, repo, args)) {
++ return {};
++ }
++
+ git.start(QProcess::ReadOnly);
+ QVector branches;
+ if (git.waitForStarted() && git.waitForFinished(-1)) {
+@@ -166,7 +185,10 @@ std::pair GitUtils::getLastCommitMessage(const QString &repo)
+ {
+ // git log -1 --pretty=%B
+ QProcess git;
+- setupGitProcess(git, repo, {QStringLiteral("log"), QStringLiteral("-1"), QStringLiteral("--pretty=%B")});
++ if (!setupGitProcess(git, repo, {QStringLiteral("log"), QStringLiteral("-1"), QStringLiteral("--pretty=%B")})) {
++ return {};
++ }
++
+ git.start(QProcess::ReadOnly);
+ if (git.waitForStarted() && git.waitForFinished(-1)) {
+ if (git.exitCode() != 0 || git.exitStatus() != QProcess::NormalExit) {
+@@ -197,7 +219,10 @@ GitUtils::Result GitUtils::deleteBranches(const QStringList &branches, const QSt
+ args << branches;
+
+ QProcess git;
+- setupGitProcess(git, repo, args);
++ if (!setupGitProcess(git, repo, args)) {
++ return {};
++ }
++
+ git.start(QProcess::ReadOnly);
+ if (git.waitForStarted() && git.waitForFinished(-1)) {
+ QString out = QString::fromLatin1(git.readAllStandardError()) + QString::fromLatin1(git.readAllStandardOutput());
+diff --git a/addons/project/gitwidget.cpp b/addons/project/gitwidget.cpp
+index 2b19781c0..77499dad8 100644
+--- a/addons/project/gitwidget.cpp
++++ b/addons/project/gitwidget.cpp
+@@ -514,8 +514,9 @@ void GitWidget::launchExternalDiffTool(const QString &file, bool staged)
+ args.append(file);
+
+ QProcess git;
+- setupGitProcess(git, m_gitPath, args);
+- git.startDetached();
++ if (setupGitProcess(git, m_gitPath, args)) {
++ git.startDetached();
++ }
+ }
+
+ void GitWidget::commitChanges(const QString &msg, const QString &desc, bool signOff, bool amend)
+@@ -745,7 +746,12 @@ void GitWidget::branchCompareFiles(const QString &from, const QString &to)
+ auto args = QStringList{QStringLiteral("diff"), QStringLiteral("%1...%2").arg(from).arg(to), QStringLiteral("--name-status")};
+
+ QProcess git;
+- setupGitProcess(git, m_gitPath, args);
++
++ // early out if we can't find git
++ if (!setupGitProcess(git, m_gitPath, args)) {
++ return;
++ }
++
+ git.start(QProcess::ReadOnly);
+ if (git.waitForStarted() && git.waitForFinished(-1)) {
+ if (git.exitStatus() != QProcess::NormalExit || git.exitCode() != 0) {
+@@ -767,7 +773,12 @@ void GitWidget::branchCompareFiles(const QString &from, const QString &to)
+
+ // get --num-stat
+ args = QStringList{QStringLiteral("diff"), QStringLiteral("%1...%2").arg(from).arg(to), QStringLiteral("--numstat"), QStringLiteral("-z")};
+- setupGitProcess(git, m_gitPath, args);
++
++ // early out if we can't find git
++ if (!setupGitProcess(git, m_gitPath, args)) {
++ return;
++ }
++
+ git.start(QProcess::ReadOnly);
+ if (git.waitForStarted() && git.waitForFinished(-1)) {
+ if (git.exitStatus() != QProcess::NormalExit || git.exitCode() != 0) {
+diff --git a/addons/project/kateprojectindex.cpp b/addons/project/kateprojectindex.cpp
+index a7d9ec9c1..9fc5b64cb 100644
+--- a/addons/project/kateprojectindex.cpp
++++ b/addons/project/kateprojectindex.cpp
+@@ -9,6 +9,7 @@
+
+ #include
+ #include
++#include
+
+ /**
+ * include ctags reading
+@@ -73,6 +74,12 @@ void KateProjectIndex::loadCtags(const QStringList &files, const QVariantMap &ct
+ */
+ m_ctagsIndexFile->close();
+
++ // only use ctags from PATH
++ static const auto fullExecutablePath = QStandardPaths::findExecutable(QStringLiteral("ctags"));
++ if (fullExecutablePath.isEmpty()) {
++ return;
++ }
++
+ /**
+ * try to run ctags for all files in this project
+ * output to our ctags index file
+@@ -85,7 +92,7 @@ void KateProjectIndex::loadCtags(const QStringList &files, const QVariantMap &ct
+ for (const QVariant &optVariant : opts) {
+ args << optVariant.toString();
+ }
+- ctags.start(QStringLiteral("ctags"), args);
++ ctags.start(fullExecutablePath, args);
+ if (!ctags.waitForStarted()) {
+ return;
+ }
+diff --git a/addons/project/kateprojectinfoviewcodeanalysis.cpp b/addons/project/kateprojectinfoviewcodeanalysis.cpp
+index 21cd26a84..23b82c45e 100644
+--- a/addons/project/kateprojectinfoviewcodeanalysis.cpp
++++ b/addons/project/kateprojectinfoviewcodeanalysis.cpp
+@@ -13,6 +13,7 @@
+
+ #include
+ #include
++#include
+ #include
+ #include
+
+@@ -134,14 +135,18 @@ void KateProjectInfoViewCodeAnalysis::slotStartStopClicked()
+ connect(m_analyzer, &QProcess::readyRead, this, &KateProjectInfoViewCodeAnalysis::slotReadyRead);
+ connect(m_analyzer, static_cast(&QProcess::finished), this, &KateProjectInfoViewCodeAnalysis::finished);
+
+- m_analyzer->start(m_analysisTool->path(), m_analysisTool->arguments());
++ // ensure we only run the code analyzer from PATH
++ const QString fullExecutable = QStandardPaths::findExecutable(m_analysisTool->path());
++ if (!fullExecutable.isEmpty()) {
++ m_analyzer->start(fullExecutable, m_analysisTool->arguments());
++ }
+
+ if (m_messageWidget) {
+ delete m_messageWidget;
+ m_messageWidget = nullptr;
+ }
+
+- if (!m_analyzer->waitForStarted()) {
++ if (fullExecutable.isEmpty() || !m_analyzer->waitForStarted()) {
+ m_messageWidget = new KMessageWidget(this);
+ m_messageWidget->setCloseButtonVisible(true);
+ m_messageWidget->setMessageType(KMessageWidget::Warning);
+diff --git a/addons/project/kateprojectworker.cpp b/addons/project/kateprojectworker.cpp
+index d1979d1ec..831dae89b 100644
+--- a/addons/project/kateprojectworker.cpp
++++ b/addons/project/kateprojectworker.cpp
+@@ -18,6 +18,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -442,10 +443,12 @@ QVector KateProjectWorker::filesFromGit(const QDir &dir, bool recursive
+
+ QVector KateProjectWorker::gitFiles(const QDir &dir, bool recursive, const QStringList &args)
+ {
++ QVector files;
+ QProcess git;
+- setupGitProcess(git, dir.absolutePath(), args);
++ if (!setupGitProcess(git, dir.absolutePath(), args)) {
++ return files;
++ }
+ git.start(QProcess::ReadOnly);
+- QVector files;
+ if (!git.waitForStarted() || !git.waitForFinished(-1)) {
+ return files;
+ }
+@@ -466,13 +469,18 @@ QVector KateProjectWorker::gitFiles(const QDir &dir, bool recursive, co
+
+ QVector KateProjectWorker::filesFromMercurial(const QDir &dir, bool recursive)
+ {
++ // only use version control from PATH
+ QVector files;
++ static const auto fullExecutablePath = QStandardPaths::findExecutable(QStringLiteral("hg"));
++ if (fullExecutablePath.isEmpty()) {
++ return files;
++ }
+
+ QProcess hg;
+ hg.setWorkingDirectory(dir.absolutePath());
+ QStringList args;
+ args << QStringLiteral("manifest") << QStringLiteral(".");
+- hg.start(QStringLiteral("hg"), args, QProcess::ReadOnly);
++ hg.start(fullExecutablePath, args, QProcess::ReadOnly);
+ if (!hg.waitForStarted() || !hg.waitForFinished(-1)) {
+ return files;
+ }
+@@ -493,7 +501,12 @@ QVector KateProjectWorker::filesFromMercurial(const QDir &dir, bool rec
+
+ QVector KateProjectWorker::filesFromSubversion(const QDir &dir, bool recursive)
+ {
++ // only use version control from PATH
+ QVector files;
++ static const auto fullExecutablePath = QStandardPaths::findExecutable(QStringLiteral("svn"));
++ if (fullExecutablePath.isEmpty()) {
++ return files;
++ }
+
+ QProcess svn;
+ svn.setWorkingDirectory(dir.absolutePath());
+@@ -504,7 +517,7 @@ QVector KateProjectWorker::filesFromSubversion(const QDir &dir, bool re
+ } else {
+ args << QStringLiteral("--depth=files");
+ }
+- svn.start(QStringLiteral("svn"), args, QProcess::ReadOnly);
++ svn.start(fullExecutablePath, args, QProcess::ReadOnly);
+ if (!svn.waitForStarted() || !svn.waitForFinished(-1)) {
+ return files;
+ }
+@@ -555,18 +568,21 @@ QVector KateProjectWorker::filesFromSubversion(const QDir &dir, bool re
+
+ QVector KateProjectWorker::filesFromDarcs(const QDir &dir, bool recursive)
+ {
++ // only use version control from PATH
+ QVector files;
++ static const auto fullExecutablePath = QStandardPaths::findExecutable(QStringLiteral("darcs"));
++ if (fullExecutablePath.isEmpty()) {
++ return files;
++ }
+
+- const QString cmd = QStringLiteral("darcs");
+ QString root;
+-
+ {
+ QProcess darcs;
+ darcs.setWorkingDirectory(dir.absolutePath());
+ QStringList args;
+ args << QStringLiteral("list") << QStringLiteral("repo");
+
+- darcs.start(cmd, args, QProcess::ReadOnly);
++ darcs.start(fullExecutablePath, args, QProcess::ReadOnly);
+
+ if (!darcs.waitForStarted() || !darcs.waitForFinished(-1)) {
+ return files;
+@@ -590,7 +606,7 @@ QVector KateProjectWorker::filesFromDarcs(const QDir &dir, bool recursi
+ darcs.setWorkingDirectory(dir.absolutePath());
+ args << QStringLiteral("list") << QStringLiteral("files") << QStringLiteral("--no-directories") << QStringLiteral("--pending");
+
+- darcs.start(cmd, args, QProcess::ReadOnly);
++ darcs.start(fullExecutablePath, args, QProcess::ReadOnly);
+
+ if (!darcs.waitForStarted() || !darcs.waitForFinished(-1)) {
+ return files;
+diff --git a/addons/project/stashdialog.cpp b/addons/project/stashdialog.cpp
+index c623182a8..bddedf709 100644
+--- a/addons/project/stashdialog.cpp
++++ b/addons/project/stashdialog.cpp
+@@ -32,6 +32,8 @@
+
+ #include
+
++#include
++
+ constexpr int StashIndexRole = Qt::UserRole + 2;
+
+ class StashFilterModel final : public QSortFilterProxyModel
+@@ -218,11 +220,10 @@ void StashDialog::slotReturnPressed()
+ hide();
+ }
+
+-QProcess *StashDialog::gitp()
++QProcess *StashDialog::gitp(const QStringList &arguments)
+ {
+ auto git = new QProcess(this);
+- git->setProgram(QStringLiteral("git"));
+- git->setWorkingDirectory(m_gitPath);
++ setupGitProcess(*git, m_gitPath, arguments);
+ return git;
+ }
+
+@@ -242,7 +243,7 @@ void StashDialog::stash(bool keepIndex, bool includeUntracked)
+ args.append(m_lineEdit.text());
+ }
+
+- auto git = gitp();
++ auto git = gitp(args);
+ connect(git, &QProcess::finished, this, [this, git](int exitCode, QProcess::ExitStatus es) {
+ if (es != QProcess::NormalExit || exitCode != 0) {
+ qWarning() << git->errorString();
+@@ -253,14 +254,12 @@ void StashDialog::stash(bool keepIndex, bool includeUntracked)
+ Q_EMIT done();
+ git->deleteLater();
+ });
+- git->setArguments(args);
+ git->start(QProcess::ReadOnly);
+ }
+
+ void StashDialog::getStashList()
+ {
+- auto git = gitp();
+- git->setArguments({QStringLiteral("stash"), QStringLiteral("list")});
++ auto git = gitp({QStringLiteral("stash"), QStringLiteral("list")});
+ git->start(QProcess::ReadOnly);
+
+ QList stashList;
+@@ -293,11 +292,11 @@ void StashDialog::getStashList()
+
+ void StashDialog::popStash(const QByteArray &index, const QString &command)
+ {
+- auto git = gitp();
+ QStringList args{QStringLiteral("stash"), command};
+ if (!index.isEmpty()) {
+ args.append(QString::fromUtf8(index));
+ }
++ auto git = gitp(args);
+
+ connect(git, &QProcess::finished, this, [this, command, git](int exitCode, QProcess::ExitStatus es) {
+ if (es != QProcess::NormalExit || exitCode != 0) {
+@@ -320,7 +319,6 @@ void StashDialog::popStash(const QByteArray &index, const QString &command)
+ Q_EMIT done();
+ git->deleteLater();
+ });
+- git->setArguments(args);
+ git->start(QProcess::ReadOnly);
+ }
+
+@@ -339,9 +337,8 @@ void StashDialog::showStash(const QByteArray &index)
+ if (index.isEmpty()) {
+ return;
+ }
+- auto git = gitp();
+
+- QStringList args{QStringLiteral("stash"), QStringLiteral("show"), QStringLiteral("-p"), QString::fromUtf8(index)};
++ auto git = gitp({QStringLiteral("stash"), QStringLiteral("show"), QStringLiteral("-p"), QString::fromUtf8(index)});
+
+ connect(git, &QProcess::finished, this, [this, git](int exitCode, QProcess::ExitStatus es) {
+ if (es != QProcess::NormalExit || exitCode != 0) {
+@@ -353,6 +350,5 @@ void StashDialog::showStash(const QByteArray &index)
+ git->deleteLater();
+ });
+
+- git->setArguments(args);
+ git->start(QProcess::ReadOnly);
+ }
+diff --git a/addons/project/stashdialog.h b/addons/project/stashdialog.h
+index a18d42ab9..417690757 100644
+--- a/addons/project/stashdialog.h
++++ b/addons/project/stashdialog.h
+@@ -56,7 +56,7 @@ protected Q_SLOTS:
+ void slotReturnPressed() override;
+
+ private:
+- QProcess *gitp();
++ QProcess *gitp(const QStringList &arguments);
+ void stash(bool keepIndex, bool includeUntracked);
+ void getStashList();
+ void popStash(const QByteArray &index, const QString &command = QStringLiteral("pop"));
+diff --git a/addons/replicode/replicodeview.cpp b/addons/replicode/replicodeview.cpp
+index 0199f46ce..7f70ee1ea 100644
+--- a/addons/replicode/replicodeview.cpp
++++ b/addons/replicode/replicodeview.cpp
+@@ -8,7 +8,9 @@
+
+ #include "replicodeconfig.h"
+ #include "replicodesettings.h"
++
+ #include
++#include
+ #include
+ #include
+
+@@ -116,7 +118,14 @@ void ReplicodeView::runReplicode()
+ }
+
+ KConfigGroup config(KSharedConfig::openConfig(), QStringLiteral("Replicode"));
++
+ QString executorPath = config.readEntry("replicodePath", QString());
++
++ // ensure we only call replicode from PATH if not given as absolute path already
++ if (!executorPath.isEmpty() && !QFileInfo(executorPath).isAbsolute()) {
++ executorPath = QStandardPaths::findExecutable(executorPath);
++ }
++
+ if (executorPath.isEmpty()) {
+ QMessageBox::warning(m_mainWindow->window(),
+ i18nc("@title:window", "Replicode Executable Not Found"),
+diff --git a/addons/xmlcheck/plugin_katexmlcheck.cpp b/addons/xmlcheck/plugin_katexmlcheck.cpp
+index f1d52f3a7..3971550cd 100644
+--- a/addons/xmlcheck/plugin_katexmlcheck.cpp
++++ b/addons/xmlcheck/plugin_katexmlcheck.cpp
+@@ -304,10 +304,18 @@ bool PluginKateXMLCheckView::slotValidate()
+ s << kv->document()->text();
+ s.flush();
+
++ // ensure we only execute xmllint from PATH or application package
+ QString exe = QStandardPaths::findExecutable(QStringLiteral("xmllint"));
+ if (exe.isEmpty()) {
+ exe = QStandardPaths::locate(QStandardPaths::ApplicationsLocation, QStringLiteral("xmllint"));
+ }
++ if (exe.isEmpty()) {
++ KMessageBox::error(nullptr,
++ i18n("Error: Failed to find xmllint. Please make "
++ "sure that xmllint is installed. It is part of libxml2."));
++ return false;
++ }
++
+ // qDebug() << "exe=" <
+ #include
+ #include
++#include
+ #include
+
+ void KateFileActions::copyFilePathToClipboard(KTextEditor::Document *doc)
+@@ -137,17 +138,13 @@ void KateFileActions::deleteDocumentFile(QWidget *parent, KTextEditor::Document
+ }
+ }
+
+-QStringList KateFileActions::supportedDiffTools()
++QVector> KateFileActions::supportedDiffTools()
+ {
+- // LATER: check for program existence and set some boolean value accordingly
+- // Can this be even done in an easy way when we don't use the absolute path to the executable?
+- // See https://stackoverflow.com/questions/42444055/how-to-check-if-a-program-exists-in-path-using-qt
+-
+- QStringList resultList;
+- resultList.push_back(QStringLiteral("kdiff3"));
+- resultList.push_back(QStringLiteral("kompare"));
+- resultList.push_back(QStringLiteral("meld"));
+-
++ // query once if the tools are there in the path and store that
++ // we will disable the actions for the tools not found
++ static QVector> resultList{{QStringLiteral("kdiff3"), QStandardPaths::findExecutable(QStringLiteral("kdiff3"))},
++ {QStringLiteral("kompare"), QStandardPaths::findExecutable(QStringLiteral("kompare"))},
++ {QStringLiteral("meld"), QStandardPaths::findExecutable(QStringLiteral("meld"))}};
+ return resultList;
+ }
+
+diff --git a/kate/katefileactions.h b/kate/katefileactions.h
+index 524d81097..77cc5b0bf 100644
+--- a/kate/katefileactions.h
++++ b/kate/katefileactions.h
+@@ -51,9 +51,9 @@ void openFilePropertiesDialog(KTextEditor::Document *document);
+ void deleteDocumentFile(QWidget *parent, KTextEditor::Document *document);
+
+ /**
+- * @returns a list of supported diff tools (names of the executables)
++ * @returns a list of supported diff tools (names of the executables + paths to them, empty if not found in PATH)
+ */
+-QStringList supportedDiffTools();
++QVector> supportedDiffTools();
+
+ /**
+ * Runs an external program to compare the underlying files of two given documents.
+diff --git a/kate/katemwmodonhddialog.cpp b/kate/katemwmodonhddialog.cpp
+index e0041d858..d7c79e4d4 100644
+--- a/kate/katemwmodonhddialog.cpp
++++ b/kate/katemwmodonhddialog.cpp
+@@ -22,6 +22,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -52,6 +53,7 @@ public:
+
+ KateMwModOnHdDialog::KateMwModOnHdDialog(DocVector docs, QWidget *parent, const char *name)
+ : QDialog(parent)
++ , m_fullDiffPath(QStandardPaths::findExecutable(QStringLiteral("diff")))
+ , m_proc(nullptr)
+ , m_diffFile(nullptr)
+ , m_blockAddDocument(false)
+@@ -108,6 +110,7 @@ KateMwModOnHdDialog::KateMwModOnHdDialog(DocVector docs, QWidget *parent, const
+ "file for the selected document, and shows the difference with the "
+ "default application. Requires diff(1)."));
+ hb->addWidget(btnDiff);
++ btnDiff->setEnabled(!m_fullDiffPath.isEmpty());
+ connect(btnDiff, &QPushButton::clicked, this, &KateMwModOnHdDialog::slotDiff);
+
+ // Dialog buttons
+@@ -288,9 +291,10 @@ void KateMwModOnHdDialog::slotDiff()
+ m_diffFile->open();
+
+ // Start a KProcess that creates a diff
++ // We use the full path to don't launch some random "diff" in current working directory
+ m_proc = new KProcess(this);
+ m_proc->setOutputChannelMode(KProcess::MergedChannels);
+- *m_proc << QStringLiteral("diff") << QStringLiteral("-ub") << QStringLiteral("-") << doc->url().toLocalFile();
++ *m_proc << m_fullDiffPath << QStringLiteral("-ub") << QStringLiteral("-") << doc->url().toLocalFile();
+ connect(m_proc, &KProcess::readyRead, this, &KateMwModOnHdDialog::slotDataAvailable);
+ connect(m_proc, static_cast(&KProcess::finished), this, &KateMwModOnHdDialog::slotPDone);
+
+diff --git a/kate/katemwmodonhddialog.h b/kate/katemwmodonhddialog.h
+index 11c09eab7..6fa245726 100644
+--- a/kate/katemwmodonhddialog.h
++++ b/kate/katemwmodonhddialog.h
+@@ -51,6 +51,7 @@ private:
+ class QTreeWidget *twDocuments;
+ class QDialogButtonBox *dlgButtons;
+ class QPushButton *btnDiff;
++ QString m_fullDiffPath;
+ KProcess *m_proc;
+ QTemporaryFile *m_diffFile;
+ QStringList m_stateTexts;
+diff --git a/kate/kateviewspace.cpp b/kate/kateviewspace.cpp
+index dba2fb973..af3bb8d34 100644
+--- a/kate/kateviewspace.cpp
++++ b/kate/kateviewspace.cpp
+@@ -678,8 +678,11 @@ void KateViewSpace::showContextMenu(int idx, const QPoint &globalPos)
+
+ if (mCompareWithActive->isEnabled()) {
+ for (auto &&diffTool : KateFileActions::supportedDiffTools()) {
+- QAction *compareAction = mCompareWithActive->addAction(diffTool);
+- compareAction->setData(diffTool);
++ QAction *compareAction = mCompareWithActive->addAction(diffTool.first);
++
++ // we use the full path to safely execute the tool, disable action if no full path => tool not found
++ compareAction->setData(diffTool.second);
++ compareAction->setEnabled(!diffTool.second.isEmpty());
+ }
+ }
+
+diff --git a/shared/gitprocess.h b/shared/gitprocess.h
+index 47b98b696..b0d79fac6 100644
+--- a/shared/gitprocess.h
++++ b/shared/gitprocess.h
+@@ -7,6 +7,7 @@
+ #pragma once
+
+ #include
++#include
+
+ /**
+ * small helper function to setup a QProcess based "git" command.
+@@ -17,10 +18,20 @@
+ * @param process process to setup for git
+ * @param workingDirectory working directory to use for process
+ * @param arguments arguments to pass to git
++ * @return could set setup the process or did that fail, e.g. because the git executable is not available?
+ */
+-inline void setupGitProcess(QProcess &process, const QString &workingDirectory, const QStringList &arguments)
++inline bool setupGitProcess(QProcess &process, const QString &workingDirectory, const QStringList &arguments)
+ {
+- process.setProgram(QStringLiteral("git"));
++ // only use git from PATH
++ static const auto gitExecutable = QStandardPaths::findExecutable(QStringLiteral("git"));
++ if (gitExecutable.isEmpty()) {
++ // ensure we have no valid QProcess setup
++ process.setProgram(QString());
++ return false;
++ }
++
++ // setup program and arguments, ensure we do run git in the right working directory
++ process.setProgram(gitExecutable);
+ process.setWorkingDirectory(workingDirectory);
+ process.setArguments(arguments);
+
+@@ -37,4 +48,5 @@ inline void setupGitProcess(QProcess &process, const QString &workingDirectory,
+ QProcessEnvironment env = QProcessEnvironment::systemEnvironment();
+ env.insert(QStringLiteral("GIT_OPTIONAL_LOCKS"), QStringLiteral("0"));
+ process.setProcessEnvironment(env);
++ return true;
+ }
+--
+GitLab
+
diff --git a/source/kde/kde/patch/kate/92a9c65e30b4b63b8b116eb5c8dcb1e1a2d867bc.patch b/source/kde/kde/patch/kate/92a9c65e30b4b63b8b116eb5c8dcb1e1a2d867bc.patch
new file mode 100644
index 000000000..6900a46c0
--- /dev/null
+++ b/source/kde/kde/patch/kate/92a9c65e30b4b63b8b116eb5c8dcb1e1a2d867bc.patch
@@ -0,0 +1,39 @@
+From 92a9c65e30b4b63b8b116eb5c8dcb1e1a2d867bc Mon Sep 17 00:00:00 2001
+From: Waqar Ahmed
+Date: Sun, 16 Jan 2022 18:39:50 +0500
+Subject: [PATCH] step down warning level when LSP not found
+
+Currently it gives an error which results in the widget popping up
+everytime you open a file for which you don't have LSP. However, one may
+have intentionally not installed the LSP for a language.
+
+BUG: 448549
+---
+ addons/lspclient/lspclientservermanager.cpp | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/addons/lspclient/lspclientservermanager.cpp b/addons/lspclient/lspclientservermanager.cpp
+index 551926e23..24e3f275b 100644
+--- a/addons/lspclient/lspclientservermanager.cpp
++++ b/addons/lspclient/lspclientservermanager.cpp
+@@ -737,13 +737,13 @@ private:
+ server.reset(new LSPClientServer(cmdline, root, realLangId, serverConfig.value(QStringLiteral("initializationOptions")), folders));
+ connect(server.data(), &LSPClientServer::stateChanged, this, &self_type::onStateChanged, Qt::UniqueConnection);
+ if (!server->start()) {
+- QString errorMessage = i18n("Failed to start server: %1", cmdline.join(QLatin1Char(' ')));
++ QString message = i18n("Failed to start server: %1", cmdline.join(QLatin1Char(' ')));
+ const auto url = serverConfig.value(QStringLiteral("url")).toString();
+ if (!url.isEmpty()) {
+- errorMessage += QStringLiteral("\n") + i18n("Please check your PATH for the binary");
+- errorMessage += QStringLiteral("\n") + i18n("See also %1 for installation or details", url);
++ message += QStringLiteral("\n") + i18n("Please check your PATH for the binary");
++ message += QStringLiteral("\n") + i18n("See also %1 for installation or details", url);
+ }
+- showMessage(errorMessage, KTextEditor::Message::Error);
++ showMessage(message, KTextEditor::Message::Warning);
+ } else {
+ showMessage(i18n("Started server %2: %1", cmdline.join(QLatin1Char(' ')), serverDescription(server.data())),
+ KTextEditor::Message::Positive);
+--
+GitLab
+
diff --git a/source/kde/kde/patch/kate/c5d66f3b70ae4778d6162564309aee95f643e7c9.patch b/source/kde/kde/patch/kate/c5d66f3b70ae4778d6162564309aee95f643e7c9.patch
new file mode 100644
index 000000000..cc3f058d7
--- /dev/null
+++ b/source/kde/kde/patch/kate/c5d66f3b70ae4778d6162564309aee95f643e7c9.patch
@@ -0,0 +1,124 @@
+From c5d66f3b70ae4778d6162564309aee95f643e7c9 Mon Sep 17 00:00:00 2001
+From: Christoph Cullmann
+Date: Thu, 20 Jan 2022 21:00:09 +0100
+Subject: [PATCH] avoid that we execute LSP binaries from cwd
+
+QProcess will just use current working directory as
+fallback
+
+that allows to execute un-wanted binaries by accident
+---
+ addons/lspclient/lspclientservermanager.cpp | 87 ++++++++++++---------
+ 1 file changed, 51 insertions(+), 36 deletions(-)
+
+diff --git a/addons/lspclient/lspclientservermanager.cpp b/addons/lspclient/lspclientservermanager.cpp
+index 24e3f275b..e78b4aa2d 100644
+--- a/addons/lspclient/lspclientservermanager.cpp
++++ b/addons/lspclient/lspclientservermanager.cpp
+@@ -707,52 +707,67 @@ private:
+ }
+
+ if (cmdline.length() > 0) {
++ // ensure we always only take the server executable from the PATH or user defined paths
++ // QProcess will take the executable even just from current working directory without this => BAD
++ auto cmd = QStandardPaths::findExecutable(cmdline[0]);
++
+ // optionally search in supplied path(s)
+- auto vpath = serverConfig.value(QStringLiteral("path")).toArray();
+- if (vpath.size() > 0) {
+- auto cmd = QStandardPaths::findExecutable(cmdline[0]);
+- if (cmd.isEmpty()) {
+- // collect and expand in case home dir or other (environment) variable reference is used
+- QStringList path;
+- for (const auto &e : vpath) {
+- auto p = e.toString();
+- editor->expandText(p, view, p);
+- path.push_back(p);
+- }
+- cmd = QStandardPaths::findExecutable(cmdline[0], path);
+- if (!cmd.isEmpty()) {
+- cmdline[0] = cmd;
+- }
++ const auto vpath = serverConfig.value(QStringLiteral("path")).toArray();
++ if (cmd.isEmpty() && !vpath.isEmpty()) {
++ // collect and expand in case home dir or other (environment) variable reference is used
++ QStringList path;
++ for (const auto &e : vpath) {
++ auto p = e.toString();
++ editor->expandText(p, view, p);
++ path.push_back(p);
+ }
++ cmd = QStandardPaths::findExecutable(cmdline[0], path);
+ }
+- // an empty list is always passed here (or null)
+- // the initial list is provided/updated using notification after start
+- // since that is what a server is more aware of
+- // and should support if it declares workspace folder capable
+- // (as opposed to the new initialization property)
+- LSPClientServer::FoldersType folders;
+- if (useWorkspace) {
+- folders = QList();
+- }
+- server.reset(new LSPClientServer(cmdline, root, realLangId, serverConfig.value(QStringLiteral("initializationOptions")), folders));
+- connect(server.data(), &LSPClientServer::stateChanged, this, &self_type::onStateChanged, Qt::UniqueConnection);
+- if (!server->start()) {
+- QString message = i18n("Failed to start server: %1", cmdline.join(QLatin1Char(' ')));
++
++ // we can only start the stuff if we did find the binary in the paths
++ if (!cmd.isEmpty()) {
++ // use full path to avoid security issues
++ cmdline[0] = cmd;
++
++ // an empty list is always passed here (or null)
++ // the initial list is provided/updated using notification after start
++ // since that is what a server is more aware of
++ // and should support if it declares workspace folder capable
++ // (as opposed to the new initialization property)
++ LSPClientServer::FoldersType folders;
++ if (useWorkspace) {
++ folders = QList();
++ }
++ server.reset(new LSPClientServer(cmdline, root, realLangId, serverConfig.value(QStringLiteral("initializationOptions")), folders));
++ connect(server.data(), &LSPClientServer::stateChanged, this, &self_type::onStateChanged, Qt::UniqueConnection);
++ if (!server->start()) {
++ QString message = i18n("Failed to start server: %1", cmdline.join(QLatin1Char(' ')));
++ const auto url = serverConfig.value(QStringLiteral("url")).toString();
++ if (!url.isEmpty()) {
++ message += QStringLiteral("\n") + i18n("Please check your PATH for the binary");
++ message += QStringLiteral("\n") + i18n("See also %1 for installation or details", url);
++ }
++ showMessage(message, KTextEditor::Message::Warning);
++ } else {
++ showMessage(i18n("Started server %2: %1", cmdline.join(QLatin1Char(' ')), serverDescription(server.data())),
++ KTextEditor::Message::Positive);
++ using namespace std::placeholders;
++ server->connect(server.data(), &LSPClientServer::logMessage, this, std::bind(&self_type::onMessage, this, true, _1));
++ server->connect(server.data(), &LSPClientServer::showMessage, this, std::bind(&self_type::onMessage, this, false, _1));
++ server->connect(server.data(), &LSPClientServer::workDoneProgress, this, &self_type::onWorkDoneProgress);
++ server->connect(server.data(), &LSPClientServer::workspaceFolders, this, &self_type::onWorkspaceFolders, Qt::UniqueConnection);
++ }
++ } else {
++ // we didn't find the server binary at all!
++ QString message = i18n("Failed to find server binary: %1", cmdline[0]);
+ const auto url = serverConfig.value(QStringLiteral("url")).toString();
+ if (!url.isEmpty()) {
+ message += QStringLiteral("\n") + i18n("Please check your PATH for the binary");
+ message += QStringLiteral("\n") + i18n("See also %1 for installation or details", url);
+ }
+ showMessage(message, KTextEditor::Message::Warning);
+- } else {
+- showMessage(i18n("Started server %2: %1", cmdline.join(QLatin1Char(' ')), serverDescription(server.data())),
+- KTextEditor::Message::Positive);
+- using namespace std::placeholders;
+- server->connect(server.data(), &LSPClientServer::logMessage, this, std::bind(&self_type::onMessage, this, true, _1));
+- server->connect(server.data(), &LSPClientServer::showMessage, this, std::bind(&self_type::onMessage, this, false, _1));
+- server->connect(server.data(), &LSPClientServer::workDoneProgress, this, &self_type::onWorkDoneProgress);
+- server->connect(server.data(), &LSPClientServer::workspaceFolders, this, &self_type::onWorkspaceFolders, Qt::UniqueConnection);
+ }
++
+ serverinfo.settings = serverConfig.value(QStringLiteral("settings"));
+ serverinfo.started = QTime::currentTime();
+ serverinfo.url = serverConfig.value(QStringLiteral("url")).toString();
+--
+GitLab
+