gentoo resync : 14.07.2018

4 files changed, 163 insertions, 0 deletions

diff --git a/app-text/evince/Manifest b/app-text/evince/Manifest
new file mode 100644
index 000000000000..4ae7d2c2d2d2
--- /dev/null
+++ b/app-text/evince/Manifest
@@ -0,0 +1,4 @@
+AUX 3.24.2-CVE-2017-1000159.patch 1644 BLAKE2B dfb16a3fd8403d69212d0d20fa97dc06ad2b43d1c71894a0a2b366002b945110a73942446543276058ad5bb8ed867b68b3750eb9eed5bb23d2b130c14239f98e SHA512 a09d1e4a6f22c1b93ab322c1b7201bf4665bbc12b29dd9222db22b7d1b73f9ebc745c7e9b77e2bb54656916360757fd8007b6c38c004983b42f506bbaf4369ff
+DIST evince-3.24.2.tar.xz 3509216 BLAKE2B 3bcb9e15a6576650d17d6ea1df638c4b16759ddd2353ca47b425c1fec04f90b85ff7f338472e5e18defc01ab066ef241eff40e8f493fa2238814933703636e7b SHA512 77e099ff60188f982a49f5c8287eb2ed8d42402a15a54ccf8367b3814e7e16ba31354363d3f101117153792daa96f653f24bb06193b5e749d0ebfaac7d7c1e0f
+EBUILD evince-3.24.2-r1.ebuild 2874 BLAKE2B dba10da7fdf7adfc96c52ed4cde40c9793bec028e3c56043f9bd6a1acec62f1b9d3dd900bfee8281c19fbf7eb43bab8a6895ca3bad21fd49669f0ec106459612 SHA512 92527495b1f50a477458599f01c00c652bfd572d179130920c49ecde92878adb3a8bea317645a10ead7f04c963ee46a082629dc05e153aaa0ea47bd91ed92b0e
+MISC metadata.xml 612 BLAKE2B 2736a02dc43835f7db7b02a3ffcd2c2e25a81971a61a008f67497612ce8f9c78b6641e110a00dacf5f158cf5a87104171c5aea7f82be241ee0b966bb802e78eb SHA512 a9ce7d786d979e14c852b0fe3f722b346dce2f1f52b8f9ab272a1f2291ce88adba78c5d347e3e33a3bb0a58f46d77d20febc92516a4c12bc9f987cccd7aa977c
diff --git a/app-text/evince/evince-3.24.2-r1.ebuild b/app-text/evince/evince-3.24.2-r1.ebuild
new file mode 100644
index 000000000000..f8d23a5fc7bc
--- /dev/null
+++ b/app-text/evince/evince-3.24.2-r1.ebuild
@@ -0,0 +1,102 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+GNOME2_LA_PUNT="yes"
+
+inherit gnome2 systemd
+
+DESCRIPTION="Simple document viewer for GNOME"
+HOMEPAGE="https://wiki.gnome.org/Apps/Evince"
+
+LICENSE="GPL-2+ CC-BY-SA-3.0"
+# subslot = evd3.(suffix of libevdocument3)-evv3.(suffix of libevview3)
+SLOT="0/evd3.4-evv3.3"
+IUSE="djvu dvi gstreamer gnome gnome-keyring +introspection nautilus nsplugin +postscript t1lib tiff xps"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~x64-solaris"
+
+# atk used in libview
+# gdk-pixbuf used all over the place
+COMMON_DEPEND="
+	dev-libs/atk
+	>=dev-libs/glib-2.36:2[dbus]
+	>=dev-libs/libxml2-2.5:2
+	sys-libs/zlib:=
+	x11-libs/gdk-pixbuf:2
+	>=x11-libs/gtk+-3.16.0:3[introspection?]
+	gnome-base/gsettings-desktop-schemas
+	>=x11-libs/cairo-1.10:=
+	>=app-text/poppler-0.33[cairo]
+	djvu? ( >=app-text/djvu-3.5.22:= )
+	dvi? (
+		virtual/tex-base
+		dev-libs/kpathsea:=
+		t1lib? ( >=media-libs/t1lib-5:= ) )
+	gstreamer? (
+		media-libs/gstreamer:1.0
+		media-libs/gst-plugins-base:1.0
+		media-libs/gst-plugins-good:1.0 )
+	gnome? ( gnome-base/gnome-desktop:3= )
+	gnome-keyring? ( >=app-crypt/libsecret-0.5 )
+	introspection? ( >=dev-libs/gobject-introspection-1:= )
+	nautilus? ( >=gnome-base/nautilus-2.91.4[introspection?] )
+	postscript? ( >=app-text/libspectre-0.2:= )
+	tiff? ( >=media-libs/tiff-3.6:0= )
+	xps? ( >=app-text/libgxps-0.2.1:= )
+"
+RDEPEND="${COMMON_DEPEND}
+	gnome-base/gvfs
+	gnome-base/librsvg
+	|| (
+		>=x11-themes/adwaita-icon-theme-2.17.1
+		>=x11-themes/hicolor-icon-theme-0.10 )
+"
+DEPEND="${COMMON_DEPEND}
+	app-text/docbook-xml-dtd:4.3
+	app-text/yelp-tools
+	dev-util/gdbus-codegen
+	>=dev-util/gtk-doc-am-1.13
+	>=dev-util/intltool-0.35
+	dev-util/itstool
+	sys-devel/gettext
+	virtual/pkgconfig
+"
+# eautoreconf needs:
+#  app-text/yelp-tools
+
+PATCHES=(
+	"${FILESDIR}"/${PV}-CVE-2017-1000159.patch
+)
+
+src_prepare() {
+	gnome2_src_prepare
+
+	# Do not depend on adwaita-icon-theme, bug #326855, #391859
+	# https://bugs.freedesktop.org/show_bug.cgi?id=29942
+	sed -e 's/adwaita-icon-theme >= $ADWAITA_ICON_THEME_REQUIRED//g' \
+		-i configure || die "sed failed"
+}
+
+src_configure() {
+	gnome2_src_configure \
+		--disable-static \
+		--enable-pdf \
+		--enable-comics \
+		--enable-thumbnailer \
+		--with-platform=gnome \
+		--enable-dbus \
+		$(use_enable djvu) \
+		$(use_enable dvi) \
+		$(use_enable gstreamer multimedia) \
+		$(use_enable gnome libgnome-desktop) \
+		$(use_with gnome-keyring keyring) \
+		$(use_enable introspection) \
+		$(use_enable nautilus) \
+		$(use_enable nsplugin browser-plugin) \
+		$(use_enable postscript ps) \
+		$(use_enable t1lib) \
+		$(use_enable tiff) \
+		$(use_enable xps) \
+		BROWSER_PLUGIN_DIR="${EPREFIX}"/usr/$(get_libdir)/nsbrowser/plugins \
+		--with-systemduserunitdir="$(systemd_get_userunitdir)"
+}
diff --git a/app-text/evince/files/3.24.2-CVE-2017-1000159.patch b/app-text/evince/files/3.24.2-CVE-2017-1000159.patch
new file mode 100644
index 000000000000..80861fdc4dea
--- /dev/null
+++ b/app-text/evince/files/3.24.2-CVE-2017-1000159.patch
@@ -0,0 +1,42 @@
+From 350404c76dc8601e2cdd2636490e2afc83d3090e Mon Sep 17 00:00:00 2001
+From: Tobias Mueller <muelli@cryptobitch.de>
+Date: Fri, 14 Jul 2017 12:52:14 +0200
+Subject: [PATCH] dvi: Mitigate command injection attacks by quoting filename
+
+With commit 1fcca0b8041de0d6074d7e17fba174da36c65f99 came a DVI backend.
+It exports to PDF via the dvipdfm tool.
+It calls that tool with the filename of the currently loaded document.
+If that filename is cleverly crafted, it can escape the currently
+used manual quoting of the filename.  Instead of manually quoting the
+filename, we use g_shell_quote.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=784947
+---
+ backend/dvi/dvi-document.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/backend/dvi/dvi-document.c b/backend/dvi/dvi-document.c
+index 4a896e21..28877700 100644
+--- a/backend/dvi/dvi-document.c
++++ b/backend/dvi/dvi-document.c
+@@ -300,12 +300,14 @@ dvi_document_file_exporter_end (EvFileExporter *exporter)
+ 	gboolean success;
+ 	
+ 	DviDocument *dvi_document = DVI_DOCUMENT(exporter);
++	gchar* quoted_filename = g_shell_quote (dvi_document->context->filename);
+ 	
+-	command_line = g_strdup_printf ("dvipdfm %s -o %s \"%s\"", /* dvipdfm -s 1,2,.., -o exporter_filename dvi_filename */
++	command_line = g_strdup_printf ("dvipdfm %s -o %s %s", /* dvipdfm -s 1,2,.., -o exporter_filename dvi_filename */
+ 					dvi_document->exporter_opts->str,
+ 					dvi_document->exporter_filename,
+-					dvi_document->context->filename);
+-	
++					quoted_filename);
++	g_free (quoted_filename);
++
+ 	success = g_spawn_command_line_sync (command_line,
+ 					     NULL,
+ 					     NULL,
+-- 
+2.17.0
+
diff --git a/app-text/evince/metadata.xml b/app-text/evince/metadata.xml
new file mode 100644
index 000000000000..7601c5d749ed
--- /dev/null
+++ b/app-text/evince/metadata.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="project">
+		<email>gnome@gentoo.org</email>
+		<name>Gentoo GNOME Desktop</name>
+	</maintainer>
+	<use>
+		<flag name="dvi">Enable the built-in DVI viewer</flag>
+		<flag name="nautilus">Enable property page extension in <pkg>gnome-base/nautilus</pkg></flag>
+		<flag name="t1lib">Enable the Type-1 fonts for the built-in DVI viewer
+			(<pkg>media-libs/t1lib</pkg>)</flag>
+		<flag name="xps">Enable XPS viewer using <pkg>app-text/libgxps</pkg></flag>
+	</use>
+</pkgmetadata>