[gentoo-commits] repo/gentoo:master commit in: gnome-base/nautilus/files/, gnome-base/nautilus/ - gentoo-commits

From:	Mart Raudsepp <leio@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: gnome-base/nautilus/files/, gnome-base/nautilus/
Date:	Fri, 23 Aug 2019 20:59:40
Message-Id:	`1566593829.85cb57ebc68ef86e7286050d8edc186c3f632cf2.leio@gentoo`

1

commit:     85cb57ebc68ef86e7286050d8edc186c3f632cf2

2

Author:     Mart Raudsepp <leio <AT> gentoo <DOT> org>

3

AuthorDate: Fri Aug 23 20:57:09 2019 +0000

4

Commit:     Mart Raudsepp <leio <AT> gentoo <DOT> org>

5

CommitDate: Fri Aug 23 20:57:09 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=85cb57eb

7

8

gnome-base/nautilus: fix CVE-2019-11461

9

10

Bug: https://bugs.gentoo.org/692784

11

Package-Manager: Portage-2.3.62, Repoman-2.3.12

12

Signed-off-by: Mart Raudsepp <leio <AT> gentoo.org>

13

14

 .../nautilus/files/3.30.5-CVE-2019-11461.patch     |  30 ++++++

15

 gnome-base/nautilus/nautilus-3.30.5-r1.ebuild      | 106 +++++++++++++++++++++

16

 2 files changed, 136 insertions(+)

17

18

diff --git a/gnome-base/nautilus/files/3.30.5-CVE-2019-11461.patch b/gnome-base/nautilus/files/3.30.5-CVE-2019-11461.patch

19

new file mode 100644

20

index 00000000000..6c2d061123f

21

--- /dev/null

22

+++ b/gnome-base/nautilus/files/3.30.5-CVE-2019-11461.patch

23

@@ -0,0 +1,30 @@

24

+From 83949ed5800ec99953f5ee8d2bf8b90a69daa850 Mon Sep 17 00:00:00 2001

25

+From: Michael Catanzaro <mcatanzaro@××××××.com>

26

+Date: Sat, 13 Apr 2019 13:57:36 -0500

27

+Subject: [PATCH] thumbnailer: fix incomplete TIOCSTI filtering

28

+

29

+Fixes #112

30

+

31

+See also: https://github.com/flatpak/flatpak/issues/2782

32

+---

33

+ libgnome-desktop/gnome-desktop-thumbnail-script.c | 2 +-

34

+ 1 file changed, 1 insertion(+), 1 deletion(-)

35

+

36

+leio: Adjusted to apply to nautilus copy

37

+

38

+diff --git a/libgnome-desktop/gnome-desktop-thumbnail-script.c b/libgnome-desktop/gnome-desktop-thumbnail-script.c

39

+index 9468b51c..3b3d1ea9 100644

40

+--- a/src/gnome-desktop/gnome-desktop-thumbnail-script.c

41

++++ b/src/gnome-desktop/gnome-desktop-thumbnail-script.c

42

+@@ -343,7 +343,7 @@ setup_seccomp (GPtrArray  *argv_array,

43

+     {SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},

44

+

45

+     /* Don't allow faking input to the controlling tty (CVE-2017-5226) */

46

+-    {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_EQ, (int)TIOCSTI)},

47

++    {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int)TIOCSTI)},

48

+   };

49

+

50

+   struct

51

+--

52

+2.20.1

53

+

54

55

diff --git a/gnome-base/nautilus/nautilus-3.30.5-r1.ebuild b/gnome-base/nautilus/nautilus-3.30.5-r1.ebuild

56

new file mode 100644

57

index 00000000000..3601899c6aa

58

--- /dev/null

59

+++ b/gnome-base/nautilus/nautilus-3.30.5-r1.ebuild

60

@@ -0,0 +1,106 @@

61

+# Copyright 1999-2019 Gentoo Authors

62

+# Distributed under the terms of the GNU General Public License v2

63

+

64

+EAPI=6

65

+

66

+inherit gnome.org gnome2-utils meson readme.gentoo-r1 virtualx xdg

67

+

68

+DESCRIPTION="Default file manager for the GNOME desktop"

69

+HOMEPAGE="https://wiki.gnome.org/Apps/Nautilus"

70

+

71

+LICENSE="GPL-3+ LGPL-2.1+"

72

+SLOT="0"

73

+IUSE="gnome gtk-doc +introspection packagekit +previewer seccomp selinux sendto"

74

+

75

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"

76

+

77

+COMMON_DEPEND="

78

+	>=dev-libs/glib-2.55.1:2

79

+	>=media-libs/gexiv2-0.10.0

80

+	>=app-arch/gnome-autoar-0.2.1

81

+	gnome-base/gsettings-desktop-schemas

82

+	>=x11-libs/gtk+-3.22.27:3[X,introspection?]

83

+	seccomp? ( sys-libs/libseccomp )

84

+	>=x11-libs/pango-1.28.3

85

+	selinux? ( >=sys-libs/libselinux-2.0 )

86

+	>=app-misc/tracker-2.0:=

87

+	x11-libs/libX11

88

+	>=dev-libs/libxml2-2.7.8:2

89

+	introspection? ( >=dev-libs/gobject-introspection-1.54:= )

90

+"

91

+DEPEND="${COMMON_DEPEND}

92

+	>=dev-util/gdbus-codegen-2.51.2

93

+	dev-util/glib-utils

94

+	gtk-doc? (

95

+		>=dev-util/gtk-doc-1.10

96

+		app-text/docbook-xml-dtd:4.1.2 )

97

+	>=sys-devel/gettext-0.19.8

98

+	virtual/pkgconfig

99

+	x11-base/xorg-proto

100

+"

101

+RDEPEND="${COMMON_DEPEND}

102

+	packagekit? ( app-admin/packagekit-base )

103

+	seccomp? ( >=sys-apps/bubblewrap-0.3.1 )

104

+	sendto? ( !<gnome-extra/nautilus-sendto-3.0.1 )

105

+"

106

+

107

+PDEPEND="

108

+	gnome? ( x11-themes/adwaita-icon-theme )

109

+	previewer? ( >=gnome-extra/sushi-0.1.9 )

110

+	sendto? ( >=gnome-extra/nautilus-sendto-3.0.1 )

111

+	>=gnome-base/gvfs-1.14[gtk(+)]

112

+" # Need gvfs[gtk] for recent:/// support; always built (without USE=gtk) since gvfs-1.34

113

+

114

+PATCHES=(

115

+	"${FILESDIR}"/${PV}-docs-build.patch # Always install pregenerated manpage, keeping docs option for gtk-doc

116

+	"${FILESDIR}"/${PV}-thumbnailer-updates{,2}.patch # syncs with gnome-desktop; fixes the ld.so.cache for us

117

+	"${FILESDIR}"/${PV}-seccomp-sparc32.patch # 32-bit sparc doesn't have seccomp either

118

+	"${FILESDIR}"/${PV}-CVE-2019-11461.patch

119

+)

120

+

121

+src_prepare() {

122

+	if use previewer; then

123

+		DOC_CONTENTS="nautilus uses gnome-extra/sushi to preview media files.

124

+			To activate the previewer, select a file and press space; to

125

+			close the previewer, press space again."

126

+	fi

127

+	xdg_src_prepare

128

+}

129

+

130

+src_configure() {

131

+	local emesonargs=(

132

+		$(meson_use gtk-doc docs)

133

+		-Dextensions=true # image file properties, sendto support

134

+		$(meson_use introspection)

135

+		$(meson_use packagekit)

136

+		$(meson_use selinux)

137

+		-Dprofiling=false

138

+		-Dtests=$(usex test all none)

139

+	)

140

+	meson_src_configure

141

+}

142

+

143

+src_install() {

144

+	use previewer && readme.gentoo_create_doc

145

+	meson_src_install

146

+}

147

+

148

+src_test() {

149

+	virtx meson_src_test

150

+}

151

+

152

+pkg_postinst() {

153

+	xdg_pkg_postinst

154

+	gnome2_schemas_update

155

+

156

+	if use previewer; then

157

+		readme.gentoo_print_elog

158

+	else

159

+		elog "To preview media files, emerge nautilus with USE=previewer"

160

+	fi

161

+}

162

+

163

+pkg_postrm() {

164

+	xdg_pkg_postrm

165

+	gnome2_schemas_update

166

+}

1	commit: 85cb57ebc68ef86e7286050d8edc186c3f632cf2
2	Author: Mart Raudsepp <leio <AT> gentoo <DOT> org>
3	AuthorDate: Fri Aug 23 20:57:09 2019 +0000
4	Commit: Mart Raudsepp <leio <AT> gentoo <DOT> org>
5	CommitDate: Fri Aug 23 20:57:09 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=85cb57eb
7
8	gnome-base/nautilus: fix CVE-2019-11461
9
10	Bug: https://bugs.gentoo.org/692784
11	Package-Manager: Portage-2.3.62, Repoman-2.3.12
12	Signed-off-by: Mart Raudsepp <leio <AT> gentoo.org>
13
14	.../nautilus/files/3.30.5-CVE-2019-11461.patch \| 30 ++++++
15	gnome-base/nautilus/nautilus-3.30.5-r1.ebuild \| 106 +++++++++++++++++++++
16	2 files changed, 136 insertions(+)
17
18	diff --git a/gnome-base/nautilus/files/3.30.5-CVE-2019-11461.patch b/gnome-base/nautilus/files/3.30.5-CVE-2019-11461.patch
19	new file mode 100644
20	index 00000000000..6c2d061123f
21	--- /dev/null
22	+++ b/gnome-base/nautilus/files/3.30.5-CVE-2019-11461.patch
23	@@ -0,0 +1,30 @@
24	+From 83949ed5800ec99953f5ee8d2bf8b90a69daa850 Mon Sep 17 00:00:00 2001
25	+From: Michael Catanzaro <mcatanzaro@××××××.com>
26	+Date: Sat, 13 Apr 2019 13:57:36 -0500
27	+Subject: [PATCH] thumbnailer: fix incomplete TIOCSTI filtering
28	+
29	+Fixes #112
30	+
31	+See also: https://github.com/flatpak/flatpak/issues/2782
32	+---
33	+ libgnome-desktop/gnome-desktop-thumbnail-script.c \| 2 +-
34	+ 1 file changed, 1 insertion(+), 1 deletion(-)
35	+
36	+leio: Adjusted to apply to nautilus copy
37	+
38	+diff --git a/libgnome-desktop/gnome-desktop-thumbnail-script.c b/libgnome-desktop/gnome-desktop-thumbnail-script.c
39	+index 9468b51c..3b3d1ea9 100644
40	+--- a/src/gnome-desktop/gnome-desktop-thumbnail-script.c
41	++++ b/src/gnome-desktop/gnome-desktop-thumbnail-script.c
42	+@@ -343,7 +343,7 @@ setup_seccomp (GPtrArray *argv_array,
43	+ {SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
44	+
45	+ /* Don't allow faking input to the controlling tty (CVE-2017-5226) */
46	+- {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_EQ, (int)TIOCSTI)},
47	++ {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int)TIOCSTI)},
48	+ };
49	+
50	+ struct
51	+--
52	+2.20.1
53	+
54
55	diff --git a/gnome-base/nautilus/nautilus-3.30.5-r1.ebuild b/gnome-base/nautilus/nautilus-3.30.5-r1.ebuild
56	new file mode 100644
57	index 00000000000..3601899c6aa
58	--- /dev/null
59	+++ b/gnome-base/nautilus/nautilus-3.30.5-r1.ebuild
60	@@ -0,0 +1,106 @@
61	+# Copyright 1999-2019 Gentoo Authors
62	+# Distributed under the terms of the GNU General Public License v2
63	+
64	+EAPI=6
65	+
66	+inherit gnome.org gnome2-utils meson readme.gentoo-r1 virtualx xdg
67	+
68	+DESCRIPTION="Default file manager for the GNOME desktop"
69	+HOMEPAGE="https://wiki.gnome.org/Apps/Nautilus"
70	+
71	+LICENSE="GPL-3+ LGPL-2.1+"
72	+SLOT="0"
73	+IUSE="gnome gtk-doc +introspection packagekit +previewer seccomp selinux sendto"
74	+
75	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
76	+
77	+COMMON_DEPEND="
78	+ >=dev-libs/glib-2.55.1:2
79	+ >=media-libs/gexiv2-0.10.0
80	+ >=app-arch/gnome-autoar-0.2.1
81	+ gnome-base/gsettings-desktop-schemas
82	+ >=x11-libs/gtk+-3.22.27:3[X,introspection?]
83	+ seccomp? ( sys-libs/libseccomp )
84	+ >=x11-libs/pango-1.28.3
85	+ selinux? ( >=sys-libs/libselinux-2.0 )
86	+ >=app-misc/tracker-2.0:=
87	+ x11-libs/libX11
88	+ >=dev-libs/libxml2-2.7.8:2
89	+ introspection? ( >=dev-libs/gobject-introspection-1.54:= )
90	+"
91	+DEPEND="${COMMON_DEPEND}
92	+ >=dev-util/gdbus-codegen-2.51.2
93	+ dev-util/glib-utils
94	+ gtk-doc? (
95	+ >=dev-util/gtk-doc-1.10
96	+ app-text/docbook-xml-dtd:4.1.2 )
97	+ >=sys-devel/gettext-0.19.8
98	+ virtual/pkgconfig
99	+ x11-base/xorg-proto
100	+"
101	+RDEPEND="${COMMON_DEPEND}
102	+ packagekit? ( app-admin/packagekit-base )
103	+ seccomp? ( >=sys-apps/bubblewrap-0.3.1 )
104	+ sendto? ( !<gnome-extra/nautilus-sendto-3.0.1 )
105	+"
106	+
107	+PDEPEND="
108	+ gnome? ( x11-themes/adwaita-icon-theme )
109	+ previewer? ( >=gnome-extra/sushi-0.1.9 )
110	+ sendto? ( >=gnome-extra/nautilus-sendto-3.0.1 )
111	+ >=gnome-base/gvfs-1.14[gtk(+)]
112	+" # Need gvfs[gtk] for recent:/// support; always built (without USE=gtk) since gvfs-1.34
113	+
114	+PATCHES=(
115	+ "${FILESDIR}"/${PV}-docs-build.patch # Always install pregenerated manpage, keeping docs option for gtk-doc
116	+ "${FILESDIR}"/${PV}-thumbnailer-updates{,2}.patch # syncs with gnome-desktop; fixes the ld.so.cache for us
117	+ "${FILESDIR}"/${PV}-seccomp-sparc32.patch # 32-bit sparc doesn't have seccomp either
118	+ "${FILESDIR}"/${PV}-CVE-2019-11461.patch
119	+)
120	+
121	+src_prepare() {
122	+ if use previewer; then
123	+ DOC_CONTENTS="nautilus uses gnome-extra/sushi to preview media files.
124	+ To activate the previewer, select a file and press space; to
125	+ close the previewer, press space again."
126	+ fi
127	+ xdg_src_prepare
128	+}
129	+
130	+src_configure() {
131	+ local emesonargs=(
132	+ $(meson_use gtk-doc docs)
133	+ -Dextensions=true # image file properties, sendto support
134	+ $(meson_use introspection)
135	+ $(meson_use packagekit)
136	+ $(meson_use selinux)
137	+ -Dprofiling=false
138	+ -Dtests=$(usex test all none)
139	+ )
140	+ meson_src_configure
141	+}
142	+
143	+src_install() {
144	+ use previewer && readme.gentoo_create_doc
145	+ meson_src_install
146	+}
147	+
148	+src_test() {
149	+ virtx meson_src_test
150	+}
151	+
152	+pkg_postinst() {
153	+ xdg_pkg_postinst
154	+ gnome2_schemas_update
155	+
156	+ if use previewer; then
157	+ readme.gentoo_print_elog
158	+ else
159	+ elog "To preview media files, emerge nautilus with USE=previewer"
160	+ fi
161	+}
162	+
163	+pkg_postrm() {
164	+ xdg_pkg_postrm
165	+ gnome2_schemas_update
166	+}

Gentoo Archives: gentoo-commits