app-text/atril: Fix CVE-2017-1000083

Bug: https://bugs.gentoo.org/624880
Package-Manager: Portage-2.3.24, Repoman-2.3.6

4 files changed, 37 insertions, 3 deletions

diff --git a/app-text/atril/atril-1.12.2-r4.ebuild b/app-text/atril/atril-1.12.2-r5.ebuild
index aa35302..360dac8 100644
--- a/app-text/atril/atril-1.12.2-r4.ebuild
+++ b/app-text/atril/atril-1.12.2-r5.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
@@ -67,6 +67,8 @@ DEPEND="${RDEPEND}
 # Tests use dogtail which is not available on Gentoo.
 RESTRICT="test"
 
+FILES=( "${FILESDIR}/${PN}-cve-2017-1000083.patch" )
+
 src_configure() {
 	# Passing --disable-help would drop offline help, that would be inconsistent
 	# with helps of the most of GNOME apps that doesn't require network for that.
diff --git a/app-text/atril/atril-1.14.2-r1.ebuild b/app-text/atril/atril-1.14.2-r2.ebuild
index 12e1ae5..792c2c2 100644
--- a/app-text/atril/atril-1.14.2-r1.ebuild
+++ b/app-text/atril/atril-1.14.2-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
@@ -69,6 +69,8 @@ DEPEND="${COMMON_DEPEND}
 # Tests use dogtail which is not available on Gentoo.
 RESTRICT="test"
 
+FILES=( "${FILESDIR}/${PN}-cve-2017-1000083.patch" )
+
 src_configure() {
 	# Passing --disable-help would drop offline help, that would be inconsistent
 	# with helps of the most of GNOME apps that doesn't require network for that.
diff --git a/app-text/atril/atril-1.16.1-r1.ebuild b/app-text/atril/atril-1.16.1-r2.ebuild
index 4259cdd..24aad9d 100644
--- a/app-text/atril/atril-1.16.1-r1.ebuild
+++ b/app-text/atril/atril-1.16.1-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
@@ -68,6 +68,8 @@ DEPEND="${COMMON_DEPEND}
 # Tests use dogtail which is not available on Gentoo.
 RESTRICT="test"
 
+FILES=( "${FILESDIR}/${PN}-cve-2017-1000083.patch" )
+
 src_configure() {
 	# Passing --disable-help would drop offline help, that would be inconsistent
 	# with helps of the most of GNOME apps that doesn't require network for that.
diff --git a/app-text/atril/files/atril-cve-2017-1000083.patch b/app-text/atril/files/atril-cve-2017-1000083.patch
new file mode 100644
index 0000000..29c81f7
--- /dev/null
+++ b/app-text/atril/files/atril-cve-2017-1000083.patch
@@ -0,0 +1,28 @@
+From f4291fd62f7dfe6460d2406a979ccfac0c68dd59 Mon Sep 17 00:00:00 2001
+From: ZenWalker <scow@riseup.net>
+Date: Wed, 19 Jul 2017 11:00:09 +0200
+Subject: [PATCH] comics: make the files containing "--checkpoint-action="
+ unsupported
+
+Fixes #257
+---
+ backend/comics/comics-document.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/backend/comics/comics-document.c b/backend/comics/comics-document.c
+index 9f945c6..4d4d293 100644
+--- a/backend/comics/comics-document.c
++++ b/backend/comics/comics-document.c
+@@ -983,6 +983,12 @@ extract_argv (EvDocument *document, gint page)
+ 	char *command_line, *quoted_archive, *quoted_filename;
+ 	GError *err = NULL;
+ 
++	if (g_strrstr (comics_document->page_names->pdata[page], "--checkpoint-action="))
++	{
++		g_warning ("File unsupported\n");
++		gtk_main_quit ();
++	}
++
+         if (page >= comics_document->page_names->len)
+                 return NULL;
+