commit: 84765235371fae63f3762797eb56b0f64d5941f8 Author: Mart Raudsepp <leio <AT> gentoo <DOT> org> AuthorDate: Sat Jan 27 09:36:39 2018 +0000 Commit: Mart Raudsepp <leio <AT> gentoo <DOT> org> CommitDate: Sat Jan 27 09:38:15 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84765235
app-text/evince: remove old Package-Manager: Portage-2.3.19, Repoman-2.3.6 app-text/evince/Manifest | 1 - app-text/evince/evince-3.22.1-r1.ebuild | 102 ---------------- .../evince/files/3.22.1-CVE-2017-1000083.patch | 130 --------------------- 3 files changed, 233 deletions(-) diff --git a/app-text/evince/Manifest b/app-text/evince/Manifest index 1f3e3ce6f4b..4fda50ef273 100644 --- a/app-text/evince/Manifest +++ b/app-text/evince/Manifest @@ -1,2 +1 @@ -DIST evince-3.22.1.tar.xz 3365004 BLAKE2B 89d909d6ce4bf5c370ca1777993855b70e924108aab4f1f467601165545ae74647ce77c9ba9cb7145e30d1dff00749f41df5fd461be84e51db5f01a293c68294 SHA512 c36a90bf98f25b4f9f05536f1a09c38be30b814529e17a4ab159ba7c1e952402a211f335d4cdf1928ace8a5b46d6d019fbbd457ce11c2ffa264d8bb7c32d5a18 DIST evince-3.24.2.tar.xz 3509216 BLAKE2B 3bcb9e15a6576650d17d6ea1df638c4b16759ddd2353ca47b425c1fec04f90b85ff7f338472e5e18defc01ab066ef241eff40e8f493fa2238814933703636e7b SHA512 77e099ff60188f982a49f5c8287eb2ed8d42402a15a54ccf8367b3814e7e16ba31354363d3f101117153792daa96f653f24bb06193b5e749d0ebfaac7d7c1e0f diff --git a/app-text/evince/evince-3.22.1-r1.ebuild b/app-text/evince/evince-3.22.1-r1.ebuild deleted file mode 100644 index 7ce30ec41a4..00000000000 --- a/app-text/evince/evince-3.22.1-r1.ebuild +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -GNOME2_LA_PUNT="yes" - -inherit gnome2 systemd - -DESCRIPTION="Simple document viewer for GNOME" -HOMEPAGE="https://wiki.gnome.org/Apps/Evince"; - -LICENSE="GPL-2+ CC-BY-SA-3.0" -# subslot = evd3.(suffix of libevdocument3)-evv3.(suffix of libevview3) -SLOT="0/evd3.4-evv3.3" -IUSE="djvu dvi gstreamer gnome gnome-keyring +introspection nautilus nsplugin +postscript t1lib tiff xps" -KEYWORDS="~alpha amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~x64-solaris" - -# atk used in libview -# gdk-pixbuf used all over the place -COMMON_DEPEND=" - dev-libs/atk - >=dev-libs/glib-2.36:2[dbus] - >=dev-libs/libxml2-2.5:2 - sys-libs/zlib:= - x11-libs/gdk-pixbuf:2 - >=x11-libs/gtk+-3.16.0:3[introspection?] - gnome-base/gsettings-desktop-schemas - >=x11-libs/cairo-1.10:= - >=app-text/poppler-0.33[cairo] - djvu? ( >=app-text/djvu-3.5.22:= ) - dvi? ( - virtual/tex-base - dev-libs/kpathsea:= - t1lib? ( >=media-libs/t1lib-5:= ) ) - gstreamer? ( - media-libs/gstreamer:1.0 - media-libs/gst-plugins-base:1.0 - media-libs/gst-plugins-good:1.0 ) - gnome? ( gnome-base/gnome-desktop:3= ) - gnome-keyring? ( >=app-crypt/libsecret-0.5 ) - introspection? ( >=dev-libs/gobject-introspection-1:= ) - nautilus? ( >=gnome-base/nautilus-2.91.4[introspection?] ) - postscript? ( >=app-text/libspectre-0.2:= ) - tiff? ( >=media-libs/tiff-3.6:0= ) - xps? ( >=app-text/libgxps-0.2.1:= ) -" -RDEPEND="${COMMON_DEPEND} - gnome-base/gvfs - gnome-base/librsvg - || ( - >=x11-themes/adwaita-icon-theme-2.17.1 - >=x11-themes/hicolor-icon-theme-0.10 ) -" -DEPEND="${COMMON_DEPEND} - app-text/docbook-xml-dtd:4.3 - app-text/yelp-tools - dev-util/gdbus-codegen - >=dev-util/gtk-doc-am-1.13 - >=dev-util/intltool-0.35 - dev-util/itstool - sys-devel/gettext - virtual/pkgconfig -" -# eautoreconf needs: -# app-text/yelp-tools - -PATCHES=( - "${FILESDIR}"/${PV}-CVE-2017-1000083.patch -) - -src_prepare() { - gnome2_src_prepare - - # Do not depend on adwaita-icon-theme, bug #326855, #391859 - # https://bugs.freedesktop.org/show_bug.cgi?id=29942 - sed -e 's/adwaita-icon-theme >= $ADWAITA_ICON_THEME_REQUIRED//g' \ - -i configure || die "sed failed" -} - -src_configure() { - gnome2_src_configure \ - --disable-static \ - --enable-pdf \ - --enable-comics \ - --enable-thumbnailer \ - --with-platform=gnome \ - --enable-dbus \ - $(use_enable djvu) \ - $(use_enable dvi) \ - $(use_enable gstreamer multimedia) \ - $(use_enable gnome libgnome-desktop) \ - $(use_with gnome-keyring keyring) \ - $(use_enable introspection) \ - $(use_enable nautilus) \ - $(use_enable nsplugin browser-plugin) \ - $(use_enable postscript ps) \ - $(use_enable t1lib) \ - $(use_enable tiff) \ - $(use_enable xps) \ - BROWSER_PLUGIN_DIR="${EPREFIX}"/usr/$(get_libdir)/nsbrowser/plugins \ - --with-systemduserunitdir="$(systemd_get_userunitdir)" -} diff --git a/app-text/evince/files/3.22.1-CVE-2017-1000083.patch b/app-text/evince/files/3.22.1-CVE-2017-1000083.patch deleted file mode 100644 index 9164c618145..00000000000 --- a/app-text/evince/files/3.22.1-CVE-2017-1000083.patch +++ /dev/null @@ -1,130 +0,0 @@ -From: Bastien Nocera -Date: Thu, 6 Jul 2017 20:02:00 +0200 -Subject: comics: Remove support for tar and tar-like commands - -When handling tar files, or using a command with tar-compatible syntax, -to open comic-book archives, both the archive name (the name of the -comics file) and the filename (the name of a page within the archive) -are quoted to not be interpreted by the shell. - -But the filename is completely with the attacker's control and can start -with "--" which leads to tar interpreting it as a command line flag. - -This can be exploited by creating a CBT file (a tar archive with the -.cbt suffix) with an embedded file named something like this: -"--checkpoint-action=exec=bash -c 'touch ~/hacked;'.jpg" - -CBT files are infinitely rare (CBZ is usually used for DRM-free -commercial releases, CBR for those from more dubious provenance), so -removing support is the easiest way to avoid the bug triggering. All -this code was rewritten in the development release for GNOME 3.26 to not -shell out to any command, closing off this particular attack vector. - -This also removes the ability to use libarchive's bsdtar-compatible -binary for CBZ (ZIP), CB7 (7zip), and CBR (RAR) formats. The first two -are already supported by unzip and 7zip respectively. libarchive's RAR -support is limited, so unrar is a requirement anyway. - -Discovered by Felix Wilhelm from the Google Security Team. - -https://bugzilla.gnome.org/show_bug.cgi?id=784630 ---- - backend/comics/comics-document.c | 40 +--------------------------------------- - configure.ac | 2 +- - 2 files changed, 2 insertions(+), 40 deletions(-) - -diff --git a/backend/comics/comics-document.c b/backend/comics/comics-document.c -index 96ed26e..3af119a 100644 ---- a/backend/comics/comics-document.c -+++ b/backend/comics/comics-document.c -@@ -56,8 +56,7 @@ typedef enum - RARLABS, - GNAUNRAR, - UNZIP, -- P7ZIP, -- TAR -+ P7ZIP - } ComicBookDecompressType; - - typedef struct _ComicsDocumentClass ComicsDocumentClass; -@@ -117,9 +116,6 @@ static const ComicBookDecompressCommand command_usage_def[] = { - - /* 7zip */ - {NULL , "%s l -- %s" , "%s x -y %s -o%s", FALSE, OFFSET_7Z}, -- -- /* tar */ -- {"%s -xOf" , "%s -tf %s" , NULL , FALSE, NO_OFFSET} - }; - - static GSList* get_supported_image_extensions (void); -@@ -364,13 +360,6 @@ comics_check_decompress_command (gchar *mime_type, - comics_document->command_usage = GNAUNRAR; - return TRUE; - } -- comics_document->selected_command = -- g_find_program_in_path ("bsdtar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } -- - } else if (g_content_type_is_a (mime_type, "application/x-cbz") || - g_content_type_is_a (mime_type, "application/zip")) { - /* InfoZIP's unzip program */ -@@ -396,12 +385,6 @@ comics_check_decompress_command (gchar *mime_type, - comics_document->command_usage = P7ZIP; - return TRUE; - } -- comics_document->selected_command = -- g_find_program_in_path ("bsdtar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } - - } else if (g_content_type_is_a (mime_type, "application/x-cb7") || - g_content_type_is_a (mime_type, "application/x-7z-compressed")) { -@@ -425,27 +408,6 @@ comics_check_decompress_command (gchar *mime_type, - comics_document->command_usage = P7ZIP; - return TRUE; - } -- comics_document->selected_command = -- g_find_program_in_path ("bsdtar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } -- } else if (g_content_type_is_a (mime_type, "application/x-cbt") || -- g_content_type_is_a (mime_type, "application/x-tar")) { -- /* tar utility (Tape ARchive) */ -- comics_document->selected_command = -- g_find_program_in_path ("tar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } -- comics_document->selected_command = -- g_find_program_in_path ("bsdtar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } - } else { - g_set_error (error, - EV_DOCUMENT_ERROR, -diff --git a/configure.ac b/configure.ac -index 36e866a..26a1a7d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -795,7 +795,7 @@ AC_SUBST(TIFF_MIME_TYPES) - AC_SUBST(APPDATA_TIFF_MIME_TYPES) - AM_SUBST_NOTMAKE(APPDATA_TIFF_MIME_TYPES) - if test "x$enable_comics" = "xyes"; then -- COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-cbt;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;application/x-ext-cbt" -+ COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;" - APPDATA_COMICS_MIME_TYPES=$(echo "<mimetype>$COMICS_MIME_TYPES</mimetype>" | sed -e 's/;/<\/mimetype>\n <mimetype>/g') - if test -z "$EVINCE_MIME_TYPES"; then - EVINCE_MIME_TYPES="${COMICS_MIME_TYPES}" --- -cgit v0.12 -
