[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: gnu: evince: Fix CVE-2017-1000083.
|
From: |
Marius Bakke |
|
Subject: |
01/01: gnu: evince: Fix CVE-2017-1000083. |
|
Date: |
Thu, 13 Jul 2017 15:14:01 -0400 (EDT) |
mbakke pushed a commit to branch master
in repository guix.
commit 5887d554ec8f626f9cb8e9f88e34109ad68076e8
Author: Marius Bakke <address@hidden>
Date: Thu Jul 13 21:11:15 2017 +0200
gnu: evince: Fix CVE-2017-1000083.
* gnu/packages/patches/evince-CVE-2017-1000083.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (evince)[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/gnome.scm | 1 +
gnu/packages/patches/evince-CVE-2017-1000083.patch | 109 +++++++++++++++++++++
3 files changed, 111 insertions(+)
diff --git a/gnu/local.mk b/gnu/local.mk
index 4da9cba..1ced658 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -576,6 +576,7 @@ dist_patch_DATA =
\
%D%/packages/patches/eudev-rules-directory.patch \
%D%/packages/patches/eudev-conflicting-declaration.patch \
%D%/packages/patches/evilwm-lost-focus-bug.patch \
+ %D%/packages/patches/evince-CVE-2017-1000083.patch \
%D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \
%D%/packages/patches/exim-CVE-2017-1000369.patch \
%D%/packages/patches/fabric-tests.patch \
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 972f3ec..3125fa0 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -615,6 +615,7 @@ forgotten when the session ends.")
(uri (string-append "mirror://gnome/sources/" name "/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
+ (patches (search-patches "evince-CVE-2017-1000083.patch"))
(sha256
(base32
"13yw0i68dgqp9alyliy3zifszh7rikkpi1xbz5binvxxgfpraf04"))))
diff --git a/gnu/packages/patches/evince-CVE-2017-1000083.patch
b/gnu/packages/patches/evince-CVE-2017-1000083.patch
new file mode 100644
index 0000000..2ca062f
--- /dev/null
+++ b/gnu/packages/patches/evince-CVE-2017-1000083.patch
@@ -0,0 +1,109 @@
+Fix CVE-2017-1000083.
+
+http://seclists.org/oss-sec/2017/q3/128
+https://bugzilla.gnome.org/show_bug.cgi?id=784630
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/evince/commit/?id=717df38fd8509bf883b70d680c9b1b3cf36732ee
+
+From 717df38fd8509bf883b70d680c9b1b3cf36732ee Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <address@hidden>
+Date: Thu, 6 Jul 2017 20:02:00 +0200
+Subject: comics: Remove support for tar and tar-like commands
+
+diff --git a/backend/comics/comics-document.c
b/backend/comics/comics-document.c
+index 4c74731..641d785 100644
+--- a/backend/comics/comics-document.c
++++ b/backend/comics/comics-document.c
+@@ -56,8 +56,7 @@ typedef enum
+ RARLABS,
+ GNAUNRAR,
+ UNZIP,
+- P7ZIP,
+- TAR
++ P7ZIP
+ } ComicBookDecompressType;
+
+ typedef struct _ComicsDocumentClass ComicsDocumentClass;
+@@ -117,9 +116,6 @@ static const ComicBookDecompressCommand
command_usage_def[] = {
+
+ /* 7zip */
+ {NULL , "%s l -- %s" , "%s x -y %s -o%s", FALSE,
OFFSET_7Z},
+-
+- /* tar */
+- {"%s -xOf" , "%s -tf %s" , NULL , FALSE,
NO_OFFSET}
+ };
+
+ static GSList* get_supported_image_extensions (void);
+@@ -364,13 +360,6 @@ comics_check_decompress_command (gchar
*mime_type,
+ comics_document->command_usage = GNAUNRAR;
+ return TRUE;
+ }
+- comics_document->selected_command =
+- g_find_program_in_path ("bsdtar");
+- if (comics_document->selected_command) {
+- comics_document->command_usage = TAR;
+- return TRUE;
+- }
+-
+ } else if (g_content_type_is_a (mime_type, "application/x-cbz") ||
+ g_content_type_is_a (mime_type, "application/zip")) {
+ /* InfoZIP's unzip program */
+@@ -396,12 +385,6 @@ comics_check_decompress_command (gchar
*mime_type,
+ comics_document->command_usage = P7ZIP;
+ return TRUE;
+ }
+- comics_document->selected_command =
+- g_find_program_in_path ("bsdtar");
+- if (comics_document->selected_command) {
+- comics_document->command_usage = TAR;
+- return TRUE;
+- }
+
+ } else if (g_content_type_is_a (mime_type, "application/x-cb7") ||
+ g_content_type_is_a (mime_type,
"application/x-7z-compressed")) {
+@@ -425,27 +408,6 @@ comics_check_decompress_command (gchar
*mime_type,
+ comics_document->command_usage = P7ZIP;
+ return TRUE;
+ }
+- comics_document->selected_command =
+- g_find_program_in_path ("bsdtar");
+- if (comics_document->selected_command) {
+- comics_document->command_usage = TAR;
+- return TRUE;
+- }
+- } else if (g_content_type_is_a (mime_type, "application/x-cbt") ||
+- g_content_type_is_a (mime_type, "application/x-tar")) {
+- /* tar utility (Tape ARchive) */
+- comics_document->selected_command =
+- g_find_program_in_path ("tar");
+- if (comics_document->selected_command) {
+- comics_document->command_usage = TAR;
+- return TRUE;
+- }
+- comics_document->selected_command =
+- g_find_program_in_path ("bsdtar");
+- if (comics_document->selected_command) {
+- comics_document->command_usage = TAR;
+- return TRUE;
+- }
+ } else {
+ g_set_error (error,
+ EV_DOCUMENT_ERROR,
+diff --git a/configure.ac b/configure.ac
+index 9e9f831..7eb0f1f 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -795,7 +795,7 @@ AC_SUBST(TIFF_MIME_TYPES)
+ AC_SUBST(APPDATA_TIFF_MIME_TYPES)
+ AM_SUBST_NOTMAKE(APPDATA_TIFF_MIME_TYPES)
+ if test "x$enable_comics" = "xyes"; then
+-
COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-cbt;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;application/x-ext-cbt"
++
COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;"
+ APPDATA_COMICS_MIME_TYPES=$(echo
"<mimetype>$COMICS_MIME_TYPES</mimetype>" | sed -e 's/;/<\/mimetype>\n
<mimetype>/g')
+ if test -z "$EVINCE_MIME_TYPES"; then
+ EVINCE_MIME_TYPES="${COMICS_MIME_TYPES}"
+--
+cgit v0.12
+