diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2018-12-24 14:11:38 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2018-12-24 14:11:38 +0000 |
commit | de49812990871e1705b64051c35161d5e6400269 (patch) | |
tree | 5e1e8fcb0ff4579dbd22a1bfee28a6b97dc8aaeb /app-text/evince | |
parent | 536c3711867ec947c1738f2c4b96f22e4863322d (diff) |
gentoo resync : 24.12.2018
Diffstat (limited to 'app-text/evince')
-rw-r--r-- | app-text/evince/Manifest | 5 | ||||
-rw-r--r-- | app-text/evince/evince-3.24.2-r1.ebuild | 102 | ||||
-rw-r--r-- | app-text/evince/evince-3.28.5.ebuild | 4 | ||||
-rw-r--r-- | app-text/evince/files/3.24.2-CVE-2017-1000159.patch | 42 |
4 files changed, 3 insertions, 150 deletions
diff --git a/app-text/evince/Manifest b/app-text/evince/Manifest index 04f23fded7f1..b2aaa312ee37 100644 --- a/app-text/evince/Manifest +++ b/app-text/evince/Manifest @@ -1,6 +1,3 @@ -AUX 3.24.2-CVE-2017-1000159.patch 1644 BLAKE2B dfb16a3fd8403d69212d0d20fa97dc06ad2b43d1c71894a0a2b366002b945110a73942446543276058ad5bb8ed867b68b3750eb9eed5bb23d2b130c14239f98e SHA512 a09d1e4a6f22c1b93ab322c1b7201bf4665bbc12b29dd9222db22b7d1b73f9ebc745c7e9b77e2bb54656916360757fd8007b6c38c004983b42f506bbaf4369ff -DIST evince-3.24.2.tar.xz 3509216 BLAKE2B 3bcb9e15a6576650d17d6ea1df638c4b16759ddd2353ca47b425c1fec04f90b85ff7f338472e5e18defc01ab066ef241eff40e8f493fa2238814933703636e7b SHA512 77e099ff60188f982a49f5c8287eb2ed8d42402a15a54ccf8367b3814e7e16ba31354363d3f101117153792daa96f653f24bb06193b5e749d0ebfaac7d7c1e0f DIST evince-3.28.5.tar.xz 2196432 BLAKE2B 992e37ad3cb82934efbdcd83afa89dc7589104045e828c6516650ee0a3fc89b99dff3fe0a723691e95adba9a5cf767a95ec18690697df15310437c7980ccbf55 SHA512 42fcf1396546f62910966b31bc657e5d3532a6bf32e87590b057efded1597de5765ed5c17ae98208a5dafca54da9c8e81f451e4133df656aaf4a9966da457bc3 -EBUILD evince-3.24.2-r1.ebuild 2874 BLAKE2B dba10da7fdf7adfc96c52ed4cde40c9793bec028e3c56043f9bd6a1acec62f1b9d3dd900bfee8281c19fbf7eb43bab8a6895ca3bad21fd49669f0ec106459612 SHA512 92527495b1f50a477458599f01c00c652bfd572d179130920c49ecde92878adb3a8bea317645a10ead7f04c963ee46a082629dc05e153aaa0ea47bd91ed92b0e -EBUILD evince-3.28.5.ebuild 2833 BLAKE2B 180ae57826483e9d5abbf962838483adc074073145b12506f044ba00fc3c520f6bfd57607133ab7a161c760c6a54c09b97e2c202a9c3ffd84d698e029ebde7a0 SHA512 6e8b9f1a4757d75810dd7dd89c3572ee0c1096233e1f4f1e3a5cdeed510f51a14d9901e08db6c9f5eed44e6141a558904acb572bfb87835848be746a5725a40e +EBUILD evince-3.28.5.ebuild 2815 BLAKE2B de3b52cf0ab8381600a3641e3e8c3ae6b33a94e6620d147b6d4d3c3063a26440daca6fe96f4dc2b43e3e80c88f39c7b7a037406074c890ea4bcf63e00459c2b5 SHA512 ce430332dc2cbd3ceda2eb4838e94ead13807eaad0bd4878d842c63df21c6fed6feee4236b70ef0185dc968b95c6d67fe2c02eec50d23d9838903b60811d9714 MISC metadata.xml 780 BLAKE2B 2d04283b6f69a9ba788c9d40049767219854376c36c5c1716084b62e2710fdadce7c917d6fa58e51f5e249954e22a0d725cccbaecd66bf6f7417d31b5c3a8865 SHA512 4580592dd517fcba266be541cada8bc0225d35bafaa9505bd5e8127c3cffee65917f4bb0b9aee1263f2d96f5fc47f0cf9d59ffb84e97d2f4727e4504f753a4b9 diff --git a/app-text/evince/evince-3.24.2-r1.ebuild b/app-text/evince/evince-3.24.2-r1.ebuild deleted file mode 100644 index f8d23a5fc7bc..000000000000 --- a/app-text/evince/evince-3.24.2-r1.ebuild +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -GNOME2_LA_PUNT="yes" - -inherit gnome2 systemd - -DESCRIPTION="Simple document viewer for GNOME" -HOMEPAGE="https://wiki.gnome.org/Apps/Evince" - -LICENSE="GPL-2+ CC-BY-SA-3.0" -# subslot = evd3.(suffix of libevdocument3)-evv3.(suffix of libevview3) -SLOT="0/evd3.4-evv3.3" -IUSE="djvu dvi gstreamer gnome gnome-keyring +introspection nautilus nsplugin +postscript t1lib tiff xps" -KEYWORDS="~alpha amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~x64-solaris" - -# atk used in libview -# gdk-pixbuf used all over the place -COMMON_DEPEND=" - dev-libs/atk - >=dev-libs/glib-2.36:2[dbus] - >=dev-libs/libxml2-2.5:2 - sys-libs/zlib:= - x11-libs/gdk-pixbuf:2 - >=x11-libs/gtk+-3.16.0:3[introspection?] - gnome-base/gsettings-desktop-schemas - >=x11-libs/cairo-1.10:= - >=app-text/poppler-0.33[cairo] - djvu? ( >=app-text/djvu-3.5.22:= ) - dvi? ( - virtual/tex-base - dev-libs/kpathsea:= - t1lib? ( >=media-libs/t1lib-5:= ) ) - gstreamer? ( - media-libs/gstreamer:1.0 - media-libs/gst-plugins-base:1.0 - media-libs/gst-plugins-good:1.0 ) - gnome? ( gnome-base/gnome-desktop:3= ) - gnome-keyring? ( >=app-crypt/libsecret-0.5 ) - introspection? ( >=dev-libs/gobject-introspection-1:= ) - nautilus? ( >=gnome-base/nautilus-2.91.4[introspection?] ) - postscript? ( >=app-text/libspectre-0.2:= ) - tiff? ( >=media-libs/tiff-3.6:0= ) - xps? ( >=app-text/libgxps-0.2.1:= ) -" -RDEPEND="${COMMON_DEPEND} - gnome-base/gvfs - gnome-base/librsvg - || ( - >=x11-themes/adwaita-icon-theme-2.17.1 - >=x11-themes/hicolor-icon-theme-0.10 ) -" -DEPEND="${COMMON_DEPEND} - app-text/docbook-xml-dtd:4.3 - app-text/yelp-tools - dev-util/gdbus-codegen - >=dev-util/gtk-doc-am-1.13 - >=dev-util/intltool-0.35 - dev-util/itstool - sys-devel/gettext - virtual/pkgconfig -" -# eautoreconf needs: -# app-text/yelp-tools - -PATCHES=( - "${FILESDIR}"/${PV}-CVE-2017-1000159.patch -) - -src_prepare() { - gnome2_src_prepare - - # Do not depend on adwaita-icon-theme, bug #326855, #391859 - # https://bugs.freedesktop.org/show_bug.cgi?id=29942 - sed -e 's/adwaita-icon-theme >= $ADWAITA_ICON_THEME_REQUIRED//g' \ - -i configure || die "sed failed" -} - -src_configure() { - gnome2_src_configure \ - --disable-static \ - --enable-pdf \ - --enable-comics \ - --enable-thumbnailer \ - --with-platform=gnome \ - --enable-dbus \ - $(use_enable djvu) \ - $(use_enable dvi) \ - $(use_enable gstreamer multimedia) \ - $(use_enable gnome libgnome-desktop) \ - $(use_with gnome-keyring keyring) \ - $(use_enable introspection) \ - $(use_enable nautilus) \ - $(use_enable nsplugin browser-plugin) \ - $(use_enable postscript ps) \ - $(use_enable t1lib) \ - $(use_enable tiff) \ - $(use_enable xps) \ - BROWSER_PLUGIN_DIR="${EPREFIX}"/usr/$(get_libdir)/nsbrowser/plugins \ - --with-systemduserunitdir="$(systemd_get_userunitdir)" -} diff --git a/app-text/evince/evince-3.28.5.ebuild b/app-text/evince/evince-3.28.5.ebuild index 84b26f36da43..4140767692c0 100644 --- a/app-text/evince/evince-3.28.5.ebuild +++ b/app-text/evince/evince-3.28.5.ebuild @@ -13,7 +13,7 @@ LICENSE="GPL-2+ CC-BY-SA-3.0" # subslot = evd3.(suffix of libevdocument3)-evv3.(suffix of libevview3) SLOT="0/evd3.4-evv3.3" IUSE="djvu dvi gstreamer gnome gnome-keyring +introspection nautilus nsplugin +postscript t1lib tiff xps" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~x64-solaris" +KEYWORDS="~alpha amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~x64-solaris" # atk used in libview # bundles unarr @@ -40,7 +40,7 @@ COMMON_DEPEND=" gnome? ( gnome-base/gnome-desktop:3= ) gnome-keyring? ( >=app-crypt/libsecret-0.5 ) introspection? ( >=dev-libs/gobject-introspection-1:= ) - nautilus? ( >=gnome-base/nautilus-2.91.4[introspection?] ) + nautilus? ( >=gnome-base/nautilus-2.91.4 ) postscript? ( >=app-text/libspectre-0.2:= ) tiff? ( >=media-libs/tiff-3.6:0= ) xps? ( >=app-text/libgxps-0.2.1:= ) diff --git a/app-text/evince/files/3.24.2-CVE-2017-1000159.patch b/app-text/evince/files/3.24.2-CVE-2017-1000159.patch deleted file mode 100644 index 80861fdc4dea..000000000000 --- a/app-text/evince/files/3.24.2-CVE-2017-1000159.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 350404c76dc8601e2cdd2636490e2afc83d3090e Mon Sep 17 00:00:00 2001 -From: Tobias Mueller <muelli@cryptobitch.de> -Date: Fri, 14 Jul 2017 12:52:14 +0200 -Subject: [PATCH] dvi: Mitigate command injection attacks by quoting filename - -With commit 1fcca0b8041de0d6074d7e17fba174da36c65f99 came a DVI backend. -It exports to PDF via the dvipdfm tool. -It calls that tool with the filename of the currently loaded document. -If that filename is cleverly crafted, it can escape the currently -used manual quoting of the filename. Instead of manually quoting the -filename, we use g_shell_quote. - -https://bugzilla.gnome.org/show_bug.cgi?id=784947 ---- - backend/dvi/dvi-document.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/backend/dvi/dvi-document.c b/backend/dvi/dvi-document.c -index 4a896e21..28877700 100644 ---- a/backend/dvi/dvi-document.c -+++ b/backend/dvi/dvi-document.c -@@ -300,12 +300,14 @@ dvi_document_file_exporter_end (EvFileExporter *exporter) - gboolean success; - - DviDocument *dvi_document = DVI_DOCUMENT(exporter); -+ gchar* quoted_filename = g_shell_quote (dvi_document->context->filename); - -- command_line = g_strdup_printf ("dvipdfm %s -o %s \"%s\"", /* dvipdfm -s 1,2,.., -o exporter_filename dvi_filename */ -+ command_line = g_strdup_printf ("dvipdfm %s -o %s %s", /* dvipdfm -s 1,2,.., -o exporter_filename dvi_filename */ - dvi_document->exporter_opts->str, - dvi_document->exporter_filename, -- dvi_document->context->filename); -- -+ quoted_filename); -+ g_free (quoted_filename); -+ - success = g_spawn_command_line_sync (command_line, - NULL, - NULL, --- -2.17.0 - |