From 67f76a858f1ac826bd8a550d756d9ec6e340ed4f Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 27 Jan 2018 18:07:28 +0000 Subject: gentoo resync : 27.01.2018 --- .../evince/files/3.22.1-CVE-2017-1000083.patch | 130 --------------------- 1 file changed, 130 deletions(-) delete mode 100644 app-text/evince/files/3.22.1-CVE-2017-1000083.patch (limited to 'app-text/evince/files') diff --git a/app-text/evince/files/3.22.1-CVE-2017-1000083.patch b/app-text/evince/files/3.22.1-CVE-2017-1000083.patch deleted file mode 100644 index 9164c618145a..000000000000 --- a/app-text/evince/files/3.22.1-CVE-2017-1000083.patch +++ /dev/null @@ -1,130 +0,0 @@ -From: Bastien Nocera -Date: Thu, 6 Jul 2017 20:02:00 +0200 -Subject: comics: Remove support for tar and tar-like commands - -When handling tar files, or using a command with tar-compatible syntax, -to open comic-book archives, both the archive name (the name of the -comics file) and the filename (the name of a page within the archive) -are quoted to not be interpreted by the shell. - -But the filename is completely with the attacker's control and can start -with "--" which leads to tar interpreting it as a command line flag. - -This can be exploited by creating a CBT file (a tar archive with the -.cbt suffix) with an embedded file named something like this: -"--checkpoint-action=exec=bash -c 'touch ~/hacked;'.jpg" - -CBT files are infinitely rare (CBZ is usually used for DRM-free -commercial releases, CBR for those from more dubious provenance), so -removing support is the easiest way to avoid the bug triggering. All -this code was rewritten in the development release for GNOME 3.26 to not -shell out to any command, closing off this particular attack vector. - -This also removes the ability to use libarchive's bsdtar-compatible -binary for CBZ (ZIP), CB7 (7zip), and CBR (RAR) formats. The first two -are already supported by unzip and 7zip respectively. libarchive's RAR -support is limited, so unrar is a requirement anyway. - -Discovered by Felix Wilhelm from the Google Security Team. - -https://bugzilla.gnome.org/show_bug.cgi?id=784630 ---- - backend/comics/comics-document.c | 40 +--------------------------------------- - configure.ac | 2 +- - 2 files changed, 2 insertions(+), 40 deletions(-) - -diff --git a/backend/comics/comics-document.c b/backend/comics/comics-document.c -index 96ed26e..3af119a 100644 ---- a/backend/comics/comics-document.c -+++ b/backend/comics/comics-document.c -@@ -56,8 +56,7 @@ typedef enum - RARLABS, - GNAUNRAR, - UNZIP, -- P7ZIP, -- TAR -+ P7ZIP - } ComicBookDecompressType; - - typedef struct _ComicsDocumentClass ComicsDocumentClass; -@@ -117,9 +116,6 @@ static const ComicBookDecompressCommand command_usage_def[] = { - - /* 7zip */ - {NULL , "%s l -- %s" , "%s x -y %s -o%s", FALSE, OFFSET_7Z}, -- -- /* tar */ -- {"%s -xOf" , "%s -tf %s" , NULL , FALSE, NO_OFFSET} - }; - - static GSList* get_supported_image_extensions (void); -@@ -364,13 +360,6 @@ comics_check_decompress_command (gchar *mime_type, - comics_document->command_usage = GNAUNRAR; - return TRUE; - } -- comics_document->selected_command = -- g_find_program_in_path ("bsdtar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } -- - } else if (g_content_type_is_a (mime_type, "application/x-cbz") || - g_content_type_is_a (mime_type, "application/zip")) { - /* InfoZIP's unzip program */ -@@ -396,12 +385,6 @@ comics_check_decompress_command (gchar *mime_type, - comics_document->command_usage = P7ZIP; - return TRUE; - } -- comics_document->selected_command = -- g_find_program_in_path ("bsdtar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } - - } else if (g_content_type_is_a (mime_type, "application/x-cb7") || - g_content_type_is_a (mime_type, "application/x-7z-compressed")) { -@@ -425,27 +408,6 @@ comics_check_decompress_command (gchar *mime_type, - comics_document->command_usage = P7ZIP; - return TRUE; - } -- comics_document->selected_command = -- g_find_program_in_path ("bsdtar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } -- } else if (g_content_type_is_a (mime_type, "application/x-cbt") || -- g_content_type_is_a (mime_type, "application/x-tar")) { -- /* tar utility (Tape ARchive) */ -- comics_document->selected_command = -- g_find_program_in_path ("tar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } -- comics_document->selected_command = -- g_find_program_in_path ("bsdtar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } - } else { - g_set_error (error, - EV_DOCUMENT_ERROR, -diff --git a/configure.ac b/configure.ac -index 36e866a..26a1a7d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -795,7 +795,7 @@ AC_SUBST(TIFF_MIME_TYPES) - AC_SUBST(APPDATA_TIFF_MIME_TYPES) - AM_SUBST_NOTMAKE(APPDATA_TIFF_MIME_TYPES) - if test "x$enable_comics" = "xyes"; then -- COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-cbt;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;application/x-ext-cbt" -+ COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;" - APPDATA_COMICS_MIME_TYPES=$(echo "$COMICS_MIME_TYPES" | sed -e 's/;/<\/mimetype>\n /g') - if test -z "$EVINCE_MIME_TYPES"; then - EVINCE_MIME_TYPES="${COMICS_MIME_TYPES}" --- -cgit v0.12 - -- cgit v1.2.3