* [gentoo-commits] repo/gentoo:master commit in: app-text/evince/files/, app-text/evince/
@ 2018-04-14 19:16 Mart Raudsepp
0 siblings, 0 replies; 2+ messages in thread
From: Mart Raudsepp @ 2018-04-14 19:16 UTC (permalink / raw
To: gentoo-commits
commit: 63261207cee6515e48676d60757afd9655a49ad6
Author: Mart Raudsepp <leio <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 14 19:15:50 2018 +0000
Commit: Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Sat Apr 14 19:16:04 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63261207
app-text/evince: Fix CVE-2017-1000159
Bug: https://bugs.gentoo.org/650272
Package-Manager: Portage-2.3.28, Repoman-2.3.9
app-text/evince/evince-3.24.2-r1.ebuild | 102 +++++++++++++++++++++
.../evince/files/3.24.2-CVE-2017-1000159.patch | 42 +++++++++
2 files changed, 144 insertions(+)
diff --git a/app-text/evince/evince-3.24.2-r1.ebuild b/app-text/evince/evince-3.24.2-r1.ebuild
new file mode 100644
index 00000000000..5377658d1a8
--- /dev/null
+++ b/app-text/evince/evince-3.24.2-r1.ebuild
@@ -0,0 +1,102 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+GNOME2_LA_PUNT="yes"
+
+inherit gnome2 systemd
+
+DESCRIPTION="Simple document viewer for GNOME"
+HOMEPAGE="https://wiki.gnome.org/Apps/Evince"
+
+LICENSE="GPL-2+ CC-BY-SA-3.0"
+# subslot = evd3.(suffix of libevdocument3)-evv3.(suffix of libevview3)
+SLOT="0/evd3.4-evv3.3"
+IUSE="djvu dvi gstreamer gnome gnome-keyring +introspection nautilus nsplugin +postscript t1lib tiff xps"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~x64-solaris"
+
+# atk used in libview
+# gdk-pixbuf used all over the place
+COMMON_DEPEND="
+ dev-libs/atk
+ >=dev-libs/glib-2.36:2[dbus]
+ >=dev-libs/libxml2-2.5:2
+ sys-libs/zlib:=
+ x11-libs/gdk-pixbuf:2
+ >=x11-libs/gtk+-3.16.0:3[introspection?]
+ gnome-base/gsettings-desktop-schemas
+ >=x11-libs/cairo-1.10:=
+ >=app-text/poppler-0.33[cairo]
+ djvu? ( >=app-text/djvu-3.5.22:= )
+ dvi? (
+ virtual/tex-base
+ dev-libs/kpathsea:=
+ t1lib? ( >=media-libs/t1lib-5:= ) )
+ gstreamer? (
+ media-libs/gstreamer:1.0
+ media-libs/gst-plugins-base:1.0
+ media-libs/gst-plugins-good:1.0 )
+ gnome? ( gnome-base/gnome-desktop:3= )
+ gnome-keyring? ( >=app-crypt/libsecret-0.5 )
+ introspection? ( >=dev-libs/gobject-introspection-1:= )
+ nautilus? ( >=gnome-base/nautilus-2.91.4[introspection?] )
+ postscript? ( >=app-text/libspectre-0.2:= )
+ tiff? ( >=media-libs/tiff-3.6:0= )
+ xps? ( >=app-text/libgxps-0.2.1:= )
+"
+RDEPEND="${COMMON_DEPEND}
+ gnome-base/gvfs
+ gnome-base/librsvg
+ || (
+ >=x11-themes/adwaita-icon-theme-2.17.1
+ >=x11-themes/hicolor-icon-theme-0.10 )
+"
+DEPEND="${COMMON_DEPEND}
+ app-text/docbook-xml-dtd:4.3
+ app-text/yelp-tools
+ dev-util/gdbus-codegen
+ >=dev-util/gtk-doc-am-1.13
+ >=dev-util/intltool-0.35
+ dev-util/itstool
+ sys-devel/gettext
+ virtual/pkgconfig
+"
+# eautoreconf needs:
+# app-text/yelp-tools
+
+PATCHES=(
+ "${FILESDIR}"/${PV}-CVE-2017-1000159.patch
+)
+
+src_prepare() {
+ gnome2_src_prepare
+
+ # Do not depend on adwaita-icon-theme, bug #326855, #391859
+ # https://bugs.freedesktop.org/show_bug.cgi?id=29942
+ sed -e 's/adwaita-icon-theme >= $ADWAITA_ICON_THEME_REQUIRED//g' \
+ -i configure || die "sed failed"
+}
+
+src_configure() {
+ gnome2_src_configure \
+ --disable-static \
+ --enable-pdf \
+ --enable-comics \
+ --enable-thumbnailer \
+ --with-platform=gnome \
+ --enable-dbus \
+ $(use_enable djvu) \
+ $(use_enable dvi) \
+ $(use_enable gstreamer multimedia) \
+ $(use_enable gnome libgnome-desktop) \
+ $(use_with gnome-keyring keyring) \
+ $(use_enable introspection) \
+ $(use_enable nautilus) \
+ $(use_enable nsplugin browser-plugin) \
+ $(use_enable postscript ps) \
+ $(use_enable t1lib) \
+ $(use_enable tiff) \
+ $(use_enable xps) \
+ BROWSER_PLUGIN_DIR="${EPREFIX}"/usr/$(get_libdir)/nsbrowser/plugins \
+ --with-systemduserunitdir="$(systemd_get_userunitdir)"
+}
diff --git a/app-text/evince/files/3.24.2-CVE-2017-1000159.patch b/app-text/evince/files/3.24.2-CVE-2017-1000159.patch
new file mode 100644
index 00000000000..80861fdc4de
--- /dev/null
+++ b/app-text/evince/files/3.24.2-CVE-2017-1000159.patch
@@ -0,0 +1,42 @@
+From 350404c76dc8601e2cdd2636490e2afc83d3090e Mon Sep 17 00:00:00 2001
+From: Tobias Mueller <muelli@cryptobitch.de>
+Date: Fri, 14 Jul 2017 12:52:14 +0200
+Subject: [PATCH] dvi: Mitigate command injection attacks by quoting filename
+
+With commit 1fcca0b8041de0d6074d7e17fba174da36c65f99 came a DVI backend.
+It exports to PDF via the dvipdfm tool.
+It calls that tool with the filename of the currently loaded document.
+If that filename is cleverly crafted, it can escape the currently
+used manual quoting of the filename. Instead of manually quoting the
+filename, we use g_shell_quote.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=784947
+---
+ backend/dvi/dvi-document.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/backend/dvi/dvi-document.c b/backend/dvi/dvi-document.c
+index 4a896e21..28877700 100644
+--- a/backend/dvi/dvi-document.c
++++ b/backend/dvi/dvi-document.c
+@@ -300,12 +300,14 @@ dvi_document_file_exporter_end (EvFileExporter *exporter)
+ gboolean success;
+
+ DviDocument *dvi_document = DVI_DOCUMENT(exporter);
++ gchar* quoted_filename = g_shell_quote (dvi_document->context->filename);
+
+- command_line = g_strdup_printf ("dvipdfm %s -o %s \"%s\"", /* dvipdfm -s 1,2,.., -o exporter_filename dvi_filename */
++ command_line = g_strdup_printf ("dvipdfm %s -o %s %s", /* dvipdfm -s 1,2,.., -o exporter_filename dvi_filename */
+ dvi_document->exporter_opts->str,
+ dvi_document->exporter_filename,
+- dvi_document->context->filename);
+-
++ quoted_filename);
++ g_free (quoted_filename);
++
+ success = g_spawn_command_line_sync (command_line,
+ NULL,
+ NULL,
+--
+2.17.0
+
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-text/evince/files/, app-text/evince/
@ 2021-05-19 18:44 Matt Turner
0 siblings, 0 replies; 2+ messages in thread
From: Matt Turner @ 2021-05-19 18:44 UTC (permalink / raw
To: gentoo-commits
commit: ae85da6ad1856c0aef7a225f0c0f3cf1084eaaba
Author: Matt Turner <mattst88 <AT> gentoo <DOT> org>
AuthorDate: Wed May 19 18:42:54 2021 +0000
Commit: Matt Turner <mattst88 <AT> gentoo <DOT> org>
CommitDate: Wed May 19 18:43:57 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae85da6a
app-text/evince: Install previewer
Had been disabled due to a build failure with USE=-cups, but this is now
fixed upstream by the patch we pull in.
Signed-off-by: Matt Turner <mattst88 <AT> gentoo.org>
.../{evince-40.1.ebuild => evince-40.1-r1.ebuild} | 7 ++---
.../files/40.1-build-Fix-t1lib-detection.patch | 30 ++++++++++++++++++++
...ix-build-regression-when-gtk_unix_print-i.patch | 33 ++++++++++++++++++++++
3 files changed, 66 insertions(+), 4 deletions(-)
diff --git a/app-text/evince/evince-40.1.ebuild b/app-text/evince/evince-40.1-r1.ebuild
similarity index 95%
rename from app-text/evince/evince-40.1.ebuild
rename to app-text/evince/evince-40.1-r1.ebuild
index 05e5b8fd667..34dc2484fd9 100644
--- a/app-text/evince/evince-40.1.ebuild
+++ b/app-text/evince/evince-40.1-r1.ebuild
@@ -66,6 +66,8 @@ BDEPEND="
"
PATCHES=(
+ "${FILESDIR}"/${PV}-build-Fix-t1lib-detection.patch
+ "${FILESDIR}"/${PV}-previewer-Fix-build-regression-when-gtk_unix_print-i.patch
"${FILESDIR}"/40.0-internal-synctex.patch
)
@@ -75,9 +77,6 @@ src_prepare() {
# Do not depend on adwaita-icon-theme, bug #326855, #391859
# https://gitlab.freedesktop.org/xdg/default-icon-theme/issues/7
sed -i '/adwaita_icon_theme_dep/d' meson.build shell/meson.build || die
-
- # https://gitlab.gnome.org/GNOME/evince/-/merge_requests/336
- sed -i -e 's:T1_initLib:T1_InitLib:' meson.build || die
}
src_configure() {
@@ -85,7 +84,7 @@ src_configure() {
-Dplatform=gnome
-Dviewer=true
- -Dpreviewer=false
+ -Dpreviewer=true
-Dthumbnailer=true
$(meson_use nsplugin browser_plugin)
$(meson_use nautilus)
diff --git a/app-text/evince/files/40.1-build-Fix-t1lib-detection.patch b/app-text/evince/files/40.1-build-Fix-t1lib-detection.patch
new file mode 100644
index 00000000000..5e46649e253
--- /dev/null
+++ b/app-text/evince/files/40.1-build-Fix-t1lib-detection.patch
@@ -0,0 +1,30 @@
+From bb3c826f134c47c505ad4fd93b1c97f67da5350c Mon Sep 17 00:00:00 2001
+From: Matt Turner <mattst88@gmail.com>
+Date: Mon, 12 Apr 2021 23:47:14 -0400
+Subject: [PATCH] build: Fix t1lib detection
+
+Without this, Meson always fails to detect t1lib. Autotools looked for
+the correct function name. See the check at the time of removal in
+commit b27189bb ("build: Remove autotools")
+
+Fixes: d69158ec ("build: Port to Meson build system")
+---
+ meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/meson.build b/meson.build
+index abee124d..0d7fd4d4 100644
+--- a/meson.build
++++ b/meson.build
+@@ -365,7 +365,7 @@ if enable_dvi
+ endforeach
+
+ t1_dep = cc.find_library('t1', required: get_option('t1lib'))
+- enable_t1lib = t1_dep.found() and cc.has_function('T1_initLib', dependencies: t1_dep)
++ enable_t1lib = t1_dep.found() and cc.has_function('T1_InitLib', dependencies: t1_dep)
+ config_h.set('WITH_TYPE1_FONTS', enable_t1lib)
+
+ backends += {'dvi': mime_types_list.get('dvi')}
+--
+2.26.3
+
diff --git a/app-text/evince/files/40.1-previewer-Fix-build-regression-when-gtk_unix_print-i.patch b/app-text/evince/files/40.1-previewer-Fix-build-regression-when-gtk_unix_print-i.patch
new file mode 100644
index 00000000000..bfc650947d4
--- /dev/null
+++ b/app-text/evince/files/40.1-previewer-Fix-build-regression-when-gtk_unix_print-i.patch
@@ -0,0 +1,33 @@
+From 4a94fad803f5041b44477f0a2933cb447d81d82f Mon Sep 17 00:00:00 2001
+From: Chris Mayo <aklhfex@gmail.com>
+Date: Wed, 14 Apr 2021 02:15:40 +0000
+Subject: [PATCH] previewer: Fix build regression when gtk_unix_print is
+ disabled
+
+Restore guard around ev_previewer_window_print because
+that function requires GTKUNIXPRINT_ENABLED, without the
+guard, makes the gtk_unix_print unusable.
+
+In the commit 65bfd21c ("previewer: Use GtkHeaderBar in print preview"), the GTKUNIXPRINT_ENABLED preprocessor guard around
+the usage of ev_previewer_window_print was lost.
+---
+ previewer/ev-previewer-window.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/previewer/ev-previewer-window.c b/previewer/ev-previewer-window.c
+index 6678aa75..7d3bd394 100644
+--- a/previewer/ev-previewer-window.c
++++ b/previewer/ev-previewer-window.c
+@@ -263,7 +263,9 @@ ev_previewer_window_print (GSimpleAction *action,
+ #endif
+
+ static const GActionEntry actions[] = {
++#if GTKUNIXPRINT_ENABLED
+ { "print", ev_previewer_window_print },
++#endif
+ { "go-previous-page", ev_previewer_window_previous_page },
+ { "go-next-page", ev_previewer_window_next_page },
+ { "select-page", ev_previewer_window_focus_page_selector },
+--
+2.26.3
+
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-05-19 18:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-04-14 19:16 [gentoo-commits] repo/gentoo:master commit in: app-text/evince/files/, app-text/evince/ Mart Raudsepp
-- strict thread matches above, loose matches on Subject: below --
2021-05-19 18:44 Matt Turner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox