summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMart Raudsepp <leio@gentoo.org>2018-01-27 11:36:39 +0200
committerMart Raudsepp <leio@gentoo.org>2018-01-27 11:38:15 +0200
commit84765235371fae63f3762797eb56b0f64d5941f8 (patch)
tree3f9857a55d5fdd6610df6b7460288bf22ace166a /app-text/evince/files
parentapp-misc/tracker: remove old (diff)
downloadgentoo-84765235371fae63f3762797eb56b0f64d5941f8.tar.gz
gentoo-84765235371fae63f3762797eb56b0f64d5941f8.tar.bz2
gentoo-84765235371fae63f3762797eb56b0f64d5941f8.zip
app-text/evince: remove old
Package-Manager: Portage-2.3.19, Repoman-2.3.6
Diffstat (limited to 'app-text/evince/files')
-rw-r--r--app-text/evince/files/3.22.1-CVE-2017-1000083.patch130
1 files changed, 0 insertions, 130 deletions
diff --git a/app-text/evince/files/3.22.1-CVE-2017-1000083.patch b/app-text/evince/files/3.22.1-CVE-2017-1000083.patch
deleted file mode 100644
index 9164c618145a..000000000000
--- a/app-text/evince/files/3.22.1-CVE-2017-1000083.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-From: Bastien Nocera
-Date: Thu, 6 Jul 2017 20:02:00 +0200
-Subject: comics: Remove support for tar and tar-like commands
-
-When handling tar files, or using a command with tar-compatible syntax,
-to open comic-book archives, both the archive name (the name of the
-comics file) and the filename (the name of a page within the archive)
-are quoted to not be interpreted by the shell.
-
-But the filename is completely with the attacker's control and can start
-with "--" which leads to tar interpreting it as a command line flag.
-
-This can be exploited by creating a CBT file (a tar archive with the
-.cbt suffix) with an embedded file named something like this:
-"--checkpoint-action=exec=bash -c 'touch ~/hacked;'.jpg"
-
-CBT files are infinitely rare (CBZ is usually used for DRM-free
-commercial releases, CBR for those from more dubious provenance), so
-removing support is the easiest way to avoid the bug triggering. All
-this code was rewritten in the development release for GNOME 3.26 to not
-shell out to any command, closing off this particular attack vector.
-
-This also removes the ability to use libarchive's bsdtar-compatible
-binary for CBZ (ZIP), CB7 (7zip), and CBR (RAR) formats. The first two
-are already supported by unzip and 7zip respectively. libarchive's RAR
-support is limited, so unrar is a requirement anyway.
-
-Discovered by Felix Wilhelm from the Google Security Team.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=784630
----
- backend/comics/comics-document.c | 40 +---------------------------------------
- configure.ac | 2 +-
- 2 files changed, 2 insertions(+), 40 deletions(-)
-
-diff --git a/backend/comics/comics-document.c b/backend/comics/comics-document.c
-index 96ed26e..3af119a 100644
---- a/backend/comics/comics-document.c
-+++ b/backend/comics/comics-document.c
-@@ -56,8 +56,7 @@ typedef enum
- RARLABS,
- GNAUNRAR,
- UNZIP,
-- P7ZIP,
-- TAR
-+ P7ZIP
- } ComicBookDecompressType;
-
- typedef struct _ComicsDocumentClass ComicsDocumentClass;
-@@ -117,9 +116,6 @@ static const ComicBookDecompressCommand command_usage_def[] = {
-
- /* 7zip */
- {NULL , "%s l -- %s" , "%s x -y %s -o%s", FALSE, OFFSET_7Z},
--
-- /* tar */
-- {"%s -xOf" , "%s -tf %s" , NULL , FALSE, NO_OFFSET}
- };
-
- static GSList* get_supported_image_extensions (void);
-@@ -364,13 +360,6 @@ comics_check_decompress_command (gchar *mime_type,
- comics_document->command_usage = GNAUNRAR;
- return TRUE;
- }
-- comics_document->selected_command =
-- g_find_program_in_path ("bsdtar");
-- if (comics_document->selected_command) {
-- comics_document->command_usage = TAR;
-- return TRUE;
-- }
--
- } else if (g_content_type_is_a (mime_type, "application/x-cbz") ||
- g_content_type_is_a (mime_type, "application/zip")) {
- /* InfoZIP's unzip program */
-@@ -396,12 +385,6 @@ comics_check_decompress_command (gchar *mime_type,
- comics_document->command_usage = P7ZIP;
- return TRUE;
- }
-- comics_document->selected_command =
-- g_find_program_in_path ("bsdtar");
-- if (comics_document->selected_command) {
-- comics_document->command_usage = TAR;
-- return TRUE;
-- }
-
- } else if (g_content_type_is_a (mime_type, "application/x-cb7") ||
- g_content_type_is_a (mime_type, "application/x-7z-compressed")) {
-@@ -425,27 +408,6 @@ comics_check_decompress_command (gchar *mime_type,
- comics_document->command_usage = P7ZIP;
- return TRUE;
- }
-- comics_document->selected_command =
-- g_find_program_in_path ("bsdtar");
-- if (comics_document->selected_command) {
-- comics_document->command_usage = TAR;
-- return TRUE;
-- }
-- } else if (g_content_type_is_a (mime_type, "application/x-cbt") ||
-- g_content_type_is_a (mime_type, "application/x-tar")) {
-- /* tar utility (Tape ARchive) */
-- comics_document->selected_command =
-- g_find_program_in_path ("tar");
-- if (comics_document->selected_command) {
-- comics_document->command_usage = TAR;
-- return TRUE;
-- }
-- comics_document->selected_command =
-- g_find_program_in_path ("bsdtar");
-- if (comics_document->selected_command) {
-- comics_document->command_usage = TAR;
-- return TRUE;
-- }
- } else {
- g_set_error (error,
- EV_DOCUMENT_ERROR,
-diff --git a/configure.ac b/configure.ac
-index 36e866a..26a1a7d 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -795,7 +795,7 @@ AC_SUBST(TIFF_MIME_TYPES)
- AC_SUBST(APPDATA_TIFF_MIME_TYPES)
- AM_SUBST_NOTMAKE(APPDATA_TIFF_MIME_TYPES)
- if test "x$enable_comics" = "xyes"; then
-- COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-cbt;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;application/x-ext-cbt"
-+ COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;"
- APPDATA_COMICS_MIME_TYPES=$(echo "<mimetype>$COMICS_MIME_TYPES</mimetype>" | sed -e 's/;/<\/mimetype>\n <mimetype>/g')
- if test -z "$EVINCE_MIME_TYPES"; then
- EVINCE_MIME_TYPES="${COMICS_MIME_TYPES}"
---
-cgit v0.12
-