mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
gnu: evince: Fix CVE-2017-1000083.
* gnu/packages/patches/evince-CVE-2017-1000083.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/gnome.scm (evince)[source]: Use it.
This commit is contained in:
parent
a6ae4f83a4
commit
5887d554ec
3 changed files with 111 additions and 0 deletions
|
@ -576,6 +576,7 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/eudev-rules-directory.patch \
|
%D%/packages/patches/eudev-rules-directory.patch \
|
||||||
%D%/packages/patches/eudev-conflicting-declaration.patch \
|
%D%/packages/patches/eudev-conflicting-declaration.patch \
|
||||||
%D%/packages/patches/evilwm-lost-focus-bug.patch \
|
%D%/packages/patches/evilwm-lost-focus-bug.patch \
|
||||||
|
%D%/packages/patches/evince-CVE-2017-1000083.patch \
|
||||||
%D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \
|
%D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \
|
||||||
%D%/packages/patches/exim-CVE-2017-1000369.patch \
|
%D%/packages/patches/exim-CVE-2017-1000369.patch \
|
||||||
%D%/packages/patches/fabric-tests.patch \
|
%D%/packages/patches/fabric-tests.patch \
|
||||||
|
|
|
@ -615,6 +615,7 @@ (define-public evince
|
||||||
(uri (string-append "mirror://gnome/sources/" name "/"
|
(uri (string-append "mirror://gnome/sources/" name "/"
|
||||||
(version-major+minor version) "/"
|
(version-major+minor version) "/"
|
||||||
name "-" version ".tar.xz"))
|
name "-" version ".tar.xz"))
|
||||||
|
(patches (search-patches "evince-CVE-2017-1000083.patch"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"13yw0i68dgqp9alyliy3zifszh7rikkpi1xbz5binvxxgfpraf04"))))
|
"13yw0i68dgqp9alyliy3zifszh7rikkpi1xbz5binvxxgfpraf04"))))
|
||||||
|
|
109
gnu/packages/patches/evince-CVE-2017-1000083.patch
Normal file
109
gnu/packages/patches/evince-CVE-2017-1000083.patch
Normal file
|
@ -0,0 +1,109 @@
|
||||||
|
Fix CVE-2017-1000083.
|
||||||
|
|
||||||
|
http://seclists.org/oss-sec/2017/q3/128
|
||||||
|
https://bugzilla.gnome.org/show_bug.cgi?id=784630
|
||||||
|
|
||||||
|
Patch copied from upstream source repository:
|
||||||
|
|
||||||
|
https://git.gnome.org/browse/evince/commit/?id=717df38fd8509bf883b70d680c9b1b3cf36732ee
|
||||||
|
|
||||||
|
From 717df38fd8509bf883b70d680c9b1b3cf36732ee Mon Sep 17 00:00:00 2001
|
||||||
|
From: Bastien Nocera <hadess@hadess.net>
|
||||||
|
Date: Thu, 6 Jul 2017 20:02:00 +0200
|
||||||
|
Subject: comics: Remove support for tar and tar-like commands
|
||||||
|
|
||||||
|
diff --git a/backend/comics/comics-document.c b/backend/comics/comics-document.c
|
||||||
|
index 4c74731..641d785 100644
|
||||||
|
--- a/backend/comics/comics-document.c
|
||||||
|
+++ b/backend/comics/comics-document.c
|
||||||
|
@@ -56,8 +56,7 @@ typedef enum
|
||||||
|
RARLABS,
|
||||||
|
GNAUNRAR,
|
||||||
|
UNZIP,
|
||||||
|
- P7ZIP,
|
||||||
|
- TAR
|
||||||
|
+ P7ZIP
|
||||||
|
} ComicBookDecompressType;
|
||||||
|
|
||||||
|
typedef struct _ComicsDocumentClass ComicsDocumentClass;
|
||||||
|
@@ -117,9 +116,6 @@ static const ComicBookDecompressCommand command_usage_def[] = {
|
||||||
|
|
||||||
|
/* 7zip */
|
||||||
|
{NULL , "%s l -- %s" , "%s x -y %s -o%s", FALSE, OFFSET_7Z},
|
||||||
|
-
|
||||||
|
- /* tar */
|
||||||
|
- {"%s -xOf" , "%s -tf %s" , NULL , FALSE, NO_OFFSET}
|
||||||
|
};
|
||||||
|
|
||||||
|
static GSList* get_supported_image_extensions (void);
|
||||||
|
@@ -364,13 +360,6 @@ comics_check_decompress_command (gchar *mime_type,
|
||||||
|
comics_document->command_usage = GNAUNRAR;
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
- comics_document->selected_command =
|
||||||
|
- g_find_program_in_path ("bsdtar");
|
||||||
|
- if (comics_document->selected_command) {
|
||||||
|
- comics_document->command_usage = TAR;
|
||||||
|
- return TRUE;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
} else if (g_content_type_is_a (mime_type, "application/x-cbz") ||
|
||||||
|
g_content_type_is_a (mime_type, "application/zip")) {
|
||||||
|
/* InfoZIP's unzip program */
|
||||||
|
@@ -396,12 +385,6 @@ comics_check_decompress_command (gchar *mime_type,
|
||||||
|
comics_document->command_usage = P7ZIP;
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
- comics_document->selected_command =
|
||||||
|
- g_find_program_in_path ("bsdtar");
|
||||||
|
- if (comics_document->selected_command) {
|
||||||
|
- comics_document->command_usage = TAR;
|
||||||
|
- return TRUE;
|
||||||
|
- }
|
||||||
|
|
||||||
|
} else if (g_content_type_is_a (mime_type, "application/x-cb7") ||
|
||||||
|
g_content_type_is_a (mime_type, "application/x-7z-compressed")) {
|
||||||
|
@@ -425,27 +408,6 @@ comics_check_decompress_command (gchar *mime_type,
|
||||||
|
comics_document->command_usage = P7ZIP;
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
- comics_document->selected_command =
|
||||||
|
- g_find_program_in_path ("bsdtar");
|
||||||
|
- if (comics_document->selected_command) {
|
||||||
|
- comics_document->command_usage = TAR;
|
||||||
|
- return TRUE;
|
||||||
|
- }
|
||||||
|
- } else if (g_content_type_is_a (mime_type, "application/x-cbt") ||
|
||||||
|
- g_content_type_is_a (mime_type, "application/x-tar")) {
|
||||||
|
- /* tar utility (Tape ARchive) */
|
||||||
|
- comics_document->selected_command =
|
||||||
|
- g_find_program_in_path ("tar");
|
||||||
|
- if (comics_document->selected_command) {
|
||||||
|
- comics_document->command_usage = TAR;
|
||||||
|
- return TRUE;
|
||||||
|
- }
|
||||||
|
- comics_document->selected_command =
|
||||||
|
- g_find_program_in_path ("bsdtar");
|
||||||
|
- if (comics_document->selected_command) {
|
||||||
|
- comics_document->command_usage = TAR;
|
||||||
|
- return TRUE;
|
||||||
|
- }
|
||||||
|
} else {
|
||||||
|
g_set_error (error,
|
||||||
|
EV_DOCUMENT_ERROR,
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index 9e9f831..7eb0f1f 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -795,7 +795,7 @@ AC_SUBST(TIFF_MIME_TYPES)
|
||||||
|
AC_SUBST(APPDATA_TIFF_MIME_TYPES)
|
||||||
|
AM_SUBST_NOTMAKE(APPDATA_TIFF_MIME_TYPES)
|
||||||
|
if test "x$enable_comics" = "xyes"; then
|
||||||
|
- COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-cbt;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;application/x-ext-cbt"
|
||||||
|
+ COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;"
|
||||||
|
APPDATA_COMICS_MIME_TYPES=$(echo "<mimetype>$COMICS_MIME_TYPES</mimetype>" | sed -e 's/;/<\/mimetype>\n <mimetype>/g')
|
||||||
|
if test -z "$EVINCE_MIME_TYPES"; then
|
||||||
|
EVINCE_MIME_TYPES="${COMICS_MIME_TYPES}"
|
||||||
|
--
|
||||||
|
cgit v0.12
|
||||||
|
|
Loading…
Reference in a new issue