From 5887d554ec8f626f9cb8e9f88e34109ad68076e8 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 13 Jul 2017 21:11:15 +0200 Subject: gnu: evince: Fix CVE-2017-1000083. * gnu/packages/patches/evince-CVE-2017-1000083.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/gnome.scm (evince)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/gnome.scm | 1 + gnu/packages/patches/evince-CVE-2017-1000083.patch | 109 +++++++++++++++++++++ 3 files changed, 111 insertions(+) create mode 100644 gnu/packages/patches/evince-CVE-2017-1000083.patch (limited to 'gnu') diff --git a/gnu/local.mk b/gnu/local.mk index 4da9cba27d..1ced658911 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -576,6 +576,7 @@ dist_patch_DATA = \ %D%/packages/patches/eudev-rules-directory.patch \ %D%/packages/patches/eudev-conflicting-declaration.patch \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ + %D%/packages/patches/evince-CVE-2017-1000083.patch \ %D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \ %D%/packages/patches/exim-CVE-2017-1000369.patch \ %D%/packages/patches/fabric-tests.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 972f3ec15b..3125fa03ca 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -615,6 +615,7 @@ forgotten when the session ends.") (uri (string-append "mirror://gnome/sources/" name "/" (version-major+minor version) "/" name "-" version ".tar.xz")) + (patches (search-patches "evince-CVE-2017-1000083.patch")) (sha256 (base32 "13yw0i68dgqp9alyliy3zifszh7rikkpi1xbz5binvxxgfpraf04")))) diff --git a/gnu/packages/patches/evince-CVE-2017-1000083.patch b/gnu/packages/patches/evince-CVE-2017-1000083.patch new file mode 100644 index 0000000000..2ca062f337 --- /dev/null +++ b/gnu/packages/patches/evince-CVE-2017-1000083.patch @@ -0,0 +1,109 @@ +Fix CVE-2017-1000083. + +http://seclists.org/oss-sec/2017/q3/128 +https://bugzilla.gnome.org/show_bug.cgi?id=784630 + +Patch copied from upstream source repository: + +https://git.gnome.org/browse/evince/commit/?id=717df38fd8509bf883b70d680c9b1b3cf36732ee + +From 717df38fd8509bf883b70d680c9b1b3cf36732ee Mon Sep 17 00:00:00 2001 +From: Bastien Nocera +Date: Thu, 6 Jul 2017 20:02:00 +0200 +Subject: comics: Remove support for tar and tar-like commands + +diff --git a/backend/comics/comics-document.c b/backend/comics/comics-document.c +index 4c74731..641d785 100644 +--- a/backend/comics/comics-document.c ++++ b/backend/comics/comics-document.c +@@ -56,8 +56,7 @@ typedef enum + RARLABS, + GNAUNRAR, + UNZIP, +- P7ZIP, +- TAR ++ P7ZIP + } ComicBookDecompressType; + + typedef struct _ComicsDocumentClass ComicsDocumentClass; +@@ -117,9 +116,6 @@ static const ComicBookDecompressCommand command_usage_def[] = { + + /* 7zip */ + {NULL , "%s l -- %s" , "%s x -y %s -o%s", FALSE, OFFSET_7Z}, +- +- /* tar */ +- {"%s -xOf" , "%s -tf %s" , NULL , FALSE, NO_OFFSET} + }; + + static GSList* get_supported_image_extensions (void); +@@ -364,13 +360,6 @@ comics_check_decompress_command (gchar *mime_type, + comics_document->command_usage = GNAUNRAR; + return TRUE; + } +- comics_document->selected_command = +- g_find_program_in_path ("bsdtar"); +- if (comics_document->selected_command) { +- comics_document->command_usage = TAR; +- return TRUE; +- } +- + } else if (g_content_type_is_a (mime_type, "application/x-cbz") || + g_content_type_is_a (mime_type, "application/zip")) { + /* InfoZIP's unzip program */ +@@ -396,12 +385,6 @@ comics_check_decompress_command (gchar *mime_type, + comics_document->command_usage = P7ZIP; + return TRUE; + } +- comics_document->selected_command = +- g_find_program_in_path ("bsdtar"); +- if (comics_document->selected_command) { +- comics_document->command_usage = TAR; +- return TRUE; +- } + + } else if (g_content_type_is_a (mime_type, "application/x-cb7") || + g_content_type_is_a (mime_type, "application/x-7z-compressed")) { +@@ -425,27 +408,6 @@ comics_check_decompress_command (gchar *mime_type, + comics_document->command_usage = P7ZIP; + return TRUE; + } +- comics_document->selected_command = +- g_find_program_in_path ("bsdtar"); +- if (comics_document->selected_command) { +- comics_document->command_usage = TAR; +- return TRUE; +- } +- } else if (g_content_type_is_a (mime_type, "application/x-cbt") || +- g_content_type_is_a (mime_type, "application/x-tar")) { +- /* tar utility (Tape ARchive) */ +- comics_document->selected_command = +- g_find_program_in_path ("tar"); +- if (comics_document->selected_command) { +- comics_document->command_usage = TAR; +- return TRUE; +- } +- comics_document->selected_command = +- g_find_program_in_path ("bsdtar"); +- if (comics_document->selected_command) { +- comics_document->command_usage = TAR; +- return TRUE; +- } + } else { + g_set_error (error, + EV_DOCUMENT_ERROR, +diff --git a/configure.ac b/configure.ac +index 9e9f831..7eb0f1f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -795,7 +795,7 @@ AC_SUBST(TIFF_MIME_TYPES) + AC_SUBST(APPDATA_TIFF_MIME_TYPES) + AM_SUBST_NOTMAKE(APPDATA_TIFF_MIME_TYPES) + if test "x$enable_comics" = "xyes"; then +- COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-cbt;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;application/x-ext-cbt" ++ COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;" + APPDATA_COMICS_MIME_TYPES=$(echo "$COMICS_MIME_TYPES" | sed -e 's/;/<\/mimetype>\n /g') + if test -z "$EVINCE_MIME_TYPES"; then + EVINCE_MIME_TYPES="${COMICS_MIME_TYPES}" +-- +cgit v0.12 + -- cgit v1.2.3