pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/print/evince3 Update evince3 to 3.24.1
details: https://anonhg.NetBSD.org/pkgsrc/rev/f0ec31ab8ae0
branches: trunk
changeset: 367266:f0ec31ab8ae0
user: prlw1 <prlw1%pkgsrc.org@localhost>
date: Sun Aug 27 16:08:06 2017 +0000
description:
Update evince3 to 3.24.1
[ The CVE was already patched in 3.22.1nb6 by maya@ ]
================
Evince 3.24.1
================
Bug fixes:
* Remove support for tar and tar-like commands in commics backend
(CVE-2017-1000083, #784630, Bastien Nocera)
* Improve performance of the links sidebar (#779614, Benjamin Berg)
* Improve performance of scrolling in thumbnails sidebar (#691448,
Nelson Ben?tez Le?n)
* Don't copy remote files before thumbnailing (#780351, Bastien
Nocera)
* Fix toggling layers that are not in the current visible range of
pages (#780139, Georges Dup?ron)
* Fix ev_page_accessible_get_range_for_boundary() to ensure the
start and end offsets it returns are within the allowed range
(#777992, Jason Crain)
* Fix crash with Orca screen reader (#777992, Jason Crain)
================
Evince 3.24.0
================
New features and improvements:
* Ask the user before automatically reloading the document when
it has been modified (#769123, Jose Aliste)
* Use IBEAM cursor for TEXT_MARKUP annotations (#774018, Philipp Raich)
Bug fixes:
* Hide search bar when entering presentation mode (#775536, Simon Nagl)
* Sort bookmarks by page number instead of title (#772277, Felipe Borges)
* Sort pages in natural order in comics backend (#770695, Felipe Borges)
* Fix a crash due to an invalid access to the height page cache in
continuous dual mode (#771612, Tobias Mueller)
* Use Unicode in translatable strings (#774005, Piotr Drag)
* Fix incorrect return type (#780206, Bastien Nocera)
diffstat:
print/evince3/Makefile | 3 +-
print/evince3/Makefile.common | 4 +-
print/evince3/distinfo | 13 +-
print/evince3/patches/patch-backend_comics_comics-document.c | 110 -----------
print/evince3/patches/patch-configure | 15 -
print/evince3/patches/patch-configure.ac | 18 -
6 files changed, 8 insertions(+), 155 deletions(-)
diffs (199 lines):
diff -r 0c3e5d729e5b -r f0ec31ab8ae0 print/evince3/Makefile
--- a/print/evince3/Makefile Sun Aug 27 16:00:11 2017 +0000
+++ b/print/evince3/Makefile Sun Aug 27 16:08:06 2017 +0000
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.63 2017/08/15 11:40:24 nros Exp $
+# $NetBSD: Makefile,v 1.64 2017/08/27 16:08:06 prlw1 Exp $
-PKGREVISION= 7
.include "../../print/evince3/Makefile.common"
COMMENT= Document viewer
diff -r 0c3e5d729e5b -r f0ec31ab8ae0 print/evince3/Makefile.common
--- a/print/evince3/Makefile.common Sun Aug 27 16:00:11 2017 +0000
+++ b/print/evince3/Makefile.common Sun Aug 27 16:08:06 2017 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.16 2016/11/26 12:44:05 prlw1 Exp $
+# $NetBSD: Makefile.common,v 1.17 2017/08/27 16:08:06 prlw1 Exp $
#
# used by print/evince3/Makefile
# would probably be used by print/evince3-nautilus/Makefile if that existed
-DISTNAME= evince-3.22.1
+DISTNAME= evince-3.24.1
CATEGORIES= print gnome
MASTER_SITES= ${MASTER_SITE_GNOME:=sources/evince/${PKGVERSION_NOREV:R}/}
EXTRACT_SUFX= .tar.xz
diff -r 0c3e5d729e5b -r f0ec31ab8ae0 print/evince3/distinfo
--- a/print/evince3/distinfo Sun Aug 27 16:00:11 2017 +0000
+++ b/print/evince3/distinfo Sun Aug 27 16:08:06 2017 +0000
@@ -1,9 +1,6 @@
-$NetBSD: distinfo,v 1.13 2017/07/14 05:31:20 maya Exp $
+$NetBSD: distinfo,v 1.14 2017/08/27 16:08:06 prlw1 Exp $
-SHA1 (evince-3.22.1.tar.xz) = 7b24678035c50c4ccaf76bdd64e228b1c1912d4b
-RMD160 (evince-3.22.1.tar.xz) = e2c5b03a59ec7a7d50b6c34d1aafed4d419fc8a5
-SHA512 (evince-3.22.1.tar.xz) = c36a90bf98f25b4f9f05536f1a09c38be30b814529e17a4ab159ba7c1e952402a211f335d4cdf1928ace8a5b46d6d019fbbd457ce11c2ffa264d8bb7c32d5a18
-Size (evince-3.22.1.tar.xz) = 3365004 bytes
-SHA1 (patch-backend_comics_comics-document.c) = e02d70eb1923aeddf5e372609530707fc335bfb1
-SHA1 (patch-configure) = 23027902cc959891ad4befb49d9fec46ebe0803e
-SHA1 (patch-configure.ac) = 7805a17177a5253f779b7160d8abd4f5d1dbab97
+SHA1 (evince-3.24.1.tar.xz) = 53f13c0b0369248ebe58b735fec18d3068d5ef22
+RMD160 (evince-3.24.1.tar.xz) = 202e8b0acb02327d074ff5ec425daf40d9c62804
+SHA512 (evince-3.24.1.tar.xz) = 205c1c9b68c9215bdcebf0c36841a35898e056ef8e56208db62c1fac04c4efad8fbc0800f410e3c94c526536adba5e8ead68bebec8f81061a3831789c5173726
+Size (evince-3.24.1.tar.xz) = 3511576 bytes
diff -r 0c3e5d729e5b -r f0ec31ab8ae0 print/evince3/patches/patch-backend_comics_comics-document.c
--- a/print/evince3/patches/patch-backend_comics_comics-document.c Sun Aug 27 16:00:11 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,110 +0,0 @@
-$NetBSD: patch-backend_comics_comics-document.c,v 1.1 2017/07/14 05:31:20 maya Exp $
-
-comics: Remove support for tar and tar-like commands
-From https://bugzilla.gnome.org/show_bug.cgi?id=784630
-
-CVE-2017-1000083.
-
-
-When handling tar files, or using a command with tar-compatible syntax,
-to open comic-book archives, both the archive name (the name of the
-comics file) and the filename (the name of a page within the archive)
-are quoted to not be interpreted by the shell.
-
-But the filename is completely with the attacker's control and can start
-with "--" which leads to tar interpreting it as a command line flag.
-
-This can be exploited by creating a CBT file (a tar archive with the
-.cbt suffix) with an embedded file named something like this:
-"--checkpoint-action=exec=bash -c 'touch ~/hacked;'.jpg"
-
-CBT files are infinitely rare (CBZ is usually used for DRM-free
-commercial releases, CBR for those from more dubious provenance), so
-removing support is the easiest way to avoid the bug triggering. All
-this code was rewritten in the development release for GNOME 3.26 to not
-shell out to any command, closing off this particular attack vector.
-
-This also removes the ability to use libarchive's bsdtar-compatible
-binary for CBZ (ZIP), CB7 (7zip), and CBR (RAR) formats. The first two
-are already supported by unzip and 7zip respectively. libarchive's RAR
-support is limited, so unrar is a requirement anyway.
-
-Discovered by Felix Wilhelm from the Google Security Team.
-
---- backend/comics/comics-document.c.orig 2016-10-12 05:42:04.000000000 +0000
-+++ backend/comics/comics-document.c
-@@ -56,8 +56,7 @@ typedef enum
- RARLABS,
- GNAUNRAR,
- UNZIP,
-- P7ZIP,
-- TAR
-+ P7ZIP
- } ComicBookDecompressType;
-
- typedef struct _ComicsDocumentClass ComicsDocumentClass;
-@@ -117,9 +116,6 @@ static const ComicBookDecompressCommand
-
- /* 7zip */
- {NULL , "%s l -- %s" , "%s x -y %s -o%s", FALSE, OFFSET_7Z},
--
-- /* tar */
-- {"%s -xOf" , "%s -tf %s" , NULL , FALSE, NO_OFFSET}
- };
-
- static GSList* get_supported_image_extensions (void);
-@@ -364,13 +360,6 @@ comics_check_decompress_command (gchar
- comics_document->command_usage = GNAUNRAR;
- return TRUE;
- }
-- comics_document->selected_command =
-- g_find_program_in_path ("bsdtar");
-- if (comics_document->selected_command) {
-- comics_document->command_usage = TAR;
-- return TRUE;
-- }
--
- } else if (g_content_type_is_a (mime_type, "application/x-cbz") ||
- g_content_type_is_a (mime_type, "application/zip")) {
- /* InfoZIP's unzip program */
-@@ -396,12 +385,6 @@ comics_check_decompress_command (gchar
- comics_document->command_usage = P7ZIP;
- return TRUE;
- }
-- comics_document->selected_command =
-- g_find_program_in_path ("bsdtar");
-- if (comics_document->selected_command) {
-- comics_document->command_usage = TAR;
-- return TRUE;
-- }
-
- } else if (g_content_type_is_a (mime_type, "application/x-cb7") ||
- g_content_type_is_a (mime_type, "application/x-7z-compressed")) {
-@@ -425,27 +408,6 @@ comics_check_decompress_command (gchar
- comics_document->command_usage = P7ZIP;
- return TRUE;
- }
-- comics_document->selected_command =
-- g_find_program_in_path ("bsdtar");
-- if (comics_document->selected_command) {
-- comics_document->command_usage = TAR;
-- return TRUE;
-- }
-- } else if (g_content_type_is_a (mime_type, "application/x-cbt") ||
-- g_content_type_is_a (mime_type, "application/x-tar")) {
-- /* tar utility (Tape ARchive) */
-- comics_document->selected_command =
-- g_find_program_in_path ("tar");
-- if (comics_document->selected_command) {
-- comics_document->command_usage = TAR;
-- return TRUE;
-- }
-- comics_document->selected_command =
-- g_find_program_in_path ("bsdtar");
-- if (comics_document->selected_command) {
-- comics_document->command_usage = TAR;
-- return TRUE;
-- }
- } else {
- g_set_error (error,
- EV_DOCUMENT_ERROR,
diff -r 0c3e5d729e5b -r f0ec31ab8ae0 print/evince3/patches/patch-configure
--- a/print/evince3/patches/patch-configure Sun Aug 27 16:00:11 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-$NetBSD: patch-configure,v 1.1 2017/07/14 05:31:20 maya Exp $
-
-Regen
-
---- configure.orig 2016-10-12 06:03:23.000000000 +0000
-+++ configure
-@@ -22338,7 +22326,7 @@ fi
-
-
- if test "x$enable_comics" = "xyes"; then
--
COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-cbt;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;application/x-ext-cbt"
-+ COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;"
- APPDATA_COMICS_MIME_TYPES=$(echo "<mimetype>$COMICS_MIME_TYPES</mimetype>" | sed -e 's/;/<\/mimetype>\n <mimetype>/g')
- if test -z "$EVINCE_MIME_TYPES"; then
- EVINCE_MIME_TYPES="${COMICS_MIME_TYPES}"
diff -r 0c3e5d729e5b -r f0ec31ab8ae0 print/evince3/patches/patch-configure.ac
--- a/print/evince3/patches/patch-configure.ac Sun Aug 27 16:00:11 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-$NetBSD: patch-configure.ac,v 1.1 2017/07/14 05:31:20 maya Exp $
-
-comics: Remove support for tar and tar-like commands
-From https://bugzilla.gnome.org/show_bug.cgi?id=784630
-
-CVE-2017-1000083.
-
---- configure.ac.orig 2016-10-12 05:46:27.000000000 +0000
-+++ configure.ac
-@@ -795,7 +795,7 @@ AC_SUBST(TIFF_MIME_TYPES)
- AC_SUBST(APPDATA_TIFF_MIME_TYPES)
- AM_SUBST_NOTMAKE(APPDATA_TIFF_MIME_TYPES)
- if test "x$enable_comics" = "xyes"; then
--
COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-cbt;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;application/x-ext-cbt"
-+ COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;"
- APPDATA_COMICS_MIME_TYPES=$(echo "<mimetype>$COMICS_MIME_TYPES</mimetype>" | sed -e 's/;/<\/mimetype>\n <mimetype>/g')
- if test -z "$EVINCE_MIME_TYPES"; then
- EVINCE_MIME_TYPES="${COMICS_MIME_TYPES}"
Home |
Main Index |
Thread Index |
Old Index