me/guix
Archived
1
0
Fork 0
Code Activity

gnu: evince: Fix CVE-2017-1000083.

Browse source 
* gnu/packages/patches/evince-CVE-2017-1000083.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (evince)[source]: Use it.
This commit is contained in:
Marius Bakke 2017-07-13 21:11:15 +02:00
parent a6ae4f83a4
commit 5887d554ec
No known key found for this signature in database
GPG key ID: A2A06DF2A33A54FA
3 changed files with 111 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
gnu/local.mk
View file

@ -576,6 +576,7 @@ dist_patch_DATA = \
%D%/packages/patches/eudev-rules-directory.patch \ %D%/packages/patches/eudev-rules-directory.patch \
%D%/packages/patches/eudev-conflicting-declaration.patch \ %D%/packages/patches/eudev-conflicting-declaration.patch \
%D%/packages/patches/evilwm-lost-focus-bug.patch \ %D%/packages/patches/evilwm-lost-focus-bug.patch \
%D%/packages/patches/evince-CVE-2017-1000083.patch \
%D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \ %D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \
%D%/packages/patches/exim-CVE-2017-1000369.patch \ %D%/packages/patches/exim-CVE-2017-1000369.patch \
%D%/packages/patches/fabric-tests.patch \ %D%/packages/patches/fabric-tests.patch \

1
gnu/packages/gnome.scm
View file

@ -615,6 +615,7 @@ forgotten when the session ends.")
(uri (string-append "mirror://gnome/sources/" name "/" (uri (string-append "mirror://gnome/sources/" name "/"
(version-major+minor version) "/" (version-major+minor version) "/"
name "-" version ".tar.xz")) name "-" version ".tar.xz"))
(patches (search-patches "evince-CVE-2017-1000083.patch"))
(sha256 (sha256
(base32 (base32
"13yw0i68dgqp9alyliy3zifszh7rikkpi1xbz5binvxxgfpraf04")))) "13yw0i68dgqp9alyliy3zifszh7rikkpi1xbz5binvxxgfpraf04"))))

109
gnu/packages/patches/evince-CVE-2017-1000083.patch Normal file
View file

@ -0,0 +1,109 @@
Fix CVE-2017-1000083.
http://seclists.org/oss-sec/2017/q3/128
https://bugzilla.gnome.org/show_bug.cgi?id=784630
Patch copied from upstream source repository:
https://git.gnome.org/browse/evince/commit/?id=717df38fd8509bf883b70d680c9b1b3cf36732ee
From 717df38fd8509bf883b70d680c9b1b3cf36732ee Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Thu, 6 Jul 2017 20:02:00 +0200
Subject: comics: Remove support for tar and tar-like commands
diff --git a/backend/comics/comics-document.c b/backend/comics/comics-document.c
index 4c74731..641d785 100644
--- a/backend/comics/comics-document.c
+++ b/backend/comics/comics-document.c
@@ -56,8 +56,7 @@ typedef enum
RARLABS,
GNAUNRAR,
UNZIP,
- P7ZIP,
- TAR
+ P7ZIP
} ComicBookDecompressType;
typedef struct _ComicsDocumentClass ComicsDocumentClass;
@@ -117,9 +116,6 @@ static const ComicBookDecompressCommand command_usage_def[] = {
/* 7zip */
{NULL , "%s l -- %s" , "%s x -y %s -o%s", FALSE, OFFSET_7Z},
-
- /* tar */
- {"%s -xOf" , "%s -tf %s" , NULL , FALSE, NO_OFFSET}
};
static GSList* get_supported_image_extensions (void);
@@ -364,13 +360,6 @@ comics_check_decompress_command (gchar *mime_type,
comics_document->command_usage = GNAUNRAR;
return TRUE;
}
- comics_document->selected_command =
- g_find_program_in_path ("bsdtar");
- if (comics_document->selected_command) {
- comics_document->command_usage = TAR;
- return TRUE;
- }
-
} else if (g_content_type_is_a (mime_type, "application/x-cbz") ||
g_content_type_is_a (mime_type, "application/zip")) {
/* InfoZIP's unzip program */
@@ -396,12 +385,6 @@ comics_check_decompress_command (gchar *mime_type,
comics_document->command_usage = P7ZIP;
return TRUE;
}
- comics_document->selected_command =
- g_find_program_in_path ("bsdtar");
- if (comics_document->selected_command) {
- comics_document->command_usage = TAR;
- return TRUE;
- }
} else if (g_content_type_is_a (mime_type, "application/x-cb7") ||
g_content_type_is_a (mime_type, "application/x-7z-compressed")) {
@@ -425,27 +408,6 @@ comics_check_decompress_command (gchar *mime_type,
comics_document->command_usage = P7ZIP;
return TRUE;
}
- comics_document->selected_command =
- g_find_program_in_path ("bsdtar");
- if (comics_document->selected_command) {
- comics_document->command_usage = TAR;
- return TRUE;
- }
- } else if (g_content_type_is_a (mime_type, "application/x-cbt") ||
- g_content_type_is_a (mime_type, "application/x-tar")) {
- /* tar utility (Tape ARchive) */
- comics_document->selected_command =
- g_find_program_in_path ("tar");
- if (comics_document->selected_command) {
- comics_document->command_usage = TAR;
- return TRUE;
- }
- comics_document->selected_command =
- g_find_program_in_path ("bsdtar");
- if (comics_document->selected_command) {
- comics_document->command_usage = TAR;
- return TRUE;
- }
} else {
g_set_error (error,
EV_DOCUMENT_ERROR,
diff --git a/configure.ac b/configure.ac
index 9e9f831..7eb0f1f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -795,7 +795,7 @@ AC_SUBST(TIFF_MIME_TYPES)
AC_SUBST(APPDATA_TIFF_MIME_TYPES)
AM_SUBST_NOTMAKE(APPDATA_TIFF_MIME_TYPES)
if test "x$enable_comics" = "xyes"; then
- COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-cbt;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;application/x-ext-cbt"
+ COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;"
APPDATA_COMICS_MIME_TYPES=$(echo "<mimetype>$COMICS_MIME_TYPES</mimetype>" | sed -e 's/;/<\/mimetype>\n <mimetype>/g')
if test -z "$EVINCE_MIME_TYPES"; then
EVINCE_MIME_TYPES="${COMICS_MIME_TYPES}"
--
cgit v0.12