commit: 50d9a00ce8479638672bc7938ce9dc388172a82f Author: NP-Hardass <NP-Hardass <AT> gentoo <DOT> org> AuthorDate: Fri Feb 23 20:19:06 2018 +0000 Commit: NP Hardass <np-hardass <AT> gentoo <DOT> org> CommitDate: Fri Feb 23 20:22:55 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=50d9a00c
app-text/atril: Fix CVE-2017-1000083 Bug: https://bugs.gentoo.org/624880 Package-Manager: Portage-2.3.24, Repoman-2.3.6 ...ril-1.12.2-r4.ebuild => atril-1.12.2-r5.ebuild} | 4 +++- ...ril-1.14.2-r1.ebuild => atril-1.14.2-r2.ebuild} | 4 +++- ...ril-1.16.1-r1.ebuild => atril-1.16.1-r2.ebuild} | 4 +++- app-text/atril/files/atril-cve-2017-1000083.patch | 28 ++++++++++++++++++++++ 4 files changed, 37 insertions(+), 3 deletions(-) diff --git a/app-text/atril/atril-1.12.2-r4.ebuild b/app-text/atril/atril-1.12.2-r5.ebuild similarity index 96% rename from app-text/atril/atril-1.12.2-r4.ebuild rename to app-text/atril/atril-1.12.2-r5.ebuild index aa353029fbd..360dac80db2 100644 --- a/app-text/atril/atril-1.12.2-r4.ebuild +++ b/app-text/atril/atril-1.12.2-r5.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 EAPI=6 @@ -67,6 +67,8 @@ DEPEND="${RDEPEND} # Tests use dogtail which is not available on Gentoo. RESTRICT="test" +FILES=( "${FILESDIR}/${PN}-cve-2017-1000083.patch" ) + src_configure() { # Passing --disable-help would drop offline help, that would be inconsistent # with helps of the most of GNOME apps that doesn't require network for that. diff --git a/app-text/atril/atril-1.14.2-r1.ebuild b/app-text/atril/atril-1.14.2-r2.ebuild similarity index 96% rename from app-text/atril/atril-1.14.2-r1.ebuild rename to app-text/atril/atril-1.14.2-r2.ebuild index 12e1ae529a2..792c2c2e6a0 100644 --- a/app-text/atril/atril-1.14.2-r1.ebuild +++ b/app-text/atril/atril-1.14.2-r2.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 EAPI=6 @@ -69,6 +69,8 @@ DEPEND="${COMMON_DEPEND} # Tests use dogtail which is not available on Gentoo. RESTRICT="test" +FILES=( "${FILESDIR}/${PN}-cve-2017-1000083.patch" ) + src_configure() { # Passing --disable-help would drop offline help, that would be inconsistent # with helps of the most of GNOME apps that doesn't require network for that. diff --git a/app-text/atril/atril-1.16.1-r1.ebuild b/app-text/atril/atril-1.16.1-r2.ebuild similarity index 96% rename from app-text/atril/atril-1.16.1-r1.ebuild rename to app-text/atril/atril-1.16.1-r2.ebuild index 4259cddf89b..24aad9d4f3c 100644 --- a/app-text/atril/atril-1.16.1-r1.ebuild +++ b/app-text/atril/atril-1.16.1-r2.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 EAPI=6 @@ -68,6 +68,8 @@ DEPEND="${COMMON_DEPEND} # Tests use dogtail which is not available on Gentoo. RESTRICT="test" +FILES=( "${FILESDIR}/${PN}-cve-2017-1000083.patch" ) + src_configure() { # Passing --disable-help would drop offline help, that would be inconsistent # with helps of the most of GNOME apps that doesn't require network for that. diff --git a/app-text/atril/files/atril-cve-2017-1000083.patch b/app-text/atril/files/atril-cve-2017-1000083.patch new file mode 100644 index 00000000000..29c81f7e542 --- /dev/null +++ b/app-text/atril/files/atril-cve-2017-1000083.patch @@ -0,0 +1,28 @@ +From f4291fd62f7dfe6460d2406a979ccfac0c68dd59 Mon Sep 17 00:00:00 2001 +From: ZenWalker <[email protected]> +Date: Wed, 19 Jul 2017 11:00:09 +0200 +Subject: [PATCH] comics: make the files containing "--checkpoint-action=" + unsupported + +Fixes #257 +--- + backend/comics/comics-document.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/backend/comics/comics-document.c b/backend/comics/comics-document.c +index 9f945c6..4d4d293 100644 +--- a/backend/comics/comics-document.c ++++ b/backend/comics/comics-document.c +@@ -983,6 +983,12 @@ extract_argv (EvDocument *document, gint page) + char *command_line, *quoted_archive, *quoted_filename; + GError *err = NULL; + ++ if (g_strrstr (comics_document->page_names->pdata[page], "--checkpoint-action=")) ++ { ++ g_warning ("File unsupported\n"); ++ gtk_main_quit (); ++ } ++ + if (page >= comics_document->page_names->len) + return NULL; +
