evince: fix for CVE-2017-1000083

srcpkgs/evince/patches/cve-2017-1000083.patch

@@ -0,0 +1,79 @@
+diff --git a/backend/comics/comics-document.c b/backend/comics/comics-document.c
+index 96ed26e..3af119a 100644
+--- backend/comics/comics-document.c
++++ backend/comics/comics-document.c
+@@ -56,8 +56,7 @@ typedef enum
+ 	RARLABS,
+ 	GNAUNRAR,
+ 	UNZIP,
+-	P7ZIP,
+-	TAR
++	P7ZIP
+ } ComicBookDecompressType;
+ 
+ typedef struct _ComicsDocumentClass ComicsDocumentClass;
+@@ -117,9 +116,6 @@ static const ComicBookDecompressCommand command_usage_def[] = {
+ 
+         /* 7zip */
+ 	{NULL               , "%s l -- %s"     , "%s x -y %s -o%s", FALSE, OFFSET_7Z},
+-
+-        /* tar */
+-	{"%s -xOf"          , "%s -tf %s"      , NULL             , FALSE, NO_OFFSET}
+ };
+ 
+ static GSList*    get_supported_image_extensions (void);
+@@ -364,13 +360,6 @@ comics_check_decompress_command	(gchar          *mime_type,
+ 			comics_document->command_usage = GNAUNRAR;
+ 			return TRUE;
+ 		}
+-		comics_document->selected_command =
+-				g_find_program_in_path ("bsdtar");
+-		if (comics_document->selected_command) {
+-			comics_document->command_usage = TAR;
+-			return TRUE;
+-		}
+-
+ 	} else if (g_content_type_is_a (mime_type, "application/x-cbz") ||
+ 		   g_content_type_is_a (mime_type, "application/zip")) {
+ 		/* InfoZIP's unzip program */
+@@ -396,12 +385,6 @@ comics_check_decompress_command	(gchar          *mime_type,
+ 			comics_document->command_usage = P7ZIP;
+ 			return TRUE;
+ 		}
+-		comics_document->selected_command =
+-				g_find_program_in_path ("bsdtar");
+-		if (comics_document->selected_command) {
+-			comics_document->command_usage = TAR;
+-			return TRUE;
+-		}
+ 
+ 	} else if (g_content_type_is_a (mime_type, "application/x-cb7") ||
+ 		   g_content_type_is_a (mime_type, "application/x-7z-compressed")) {
+@@ -425,27 +408,6 @@ comics_check_decompress_command	(gchar          *mime_type,
+ 			comics_document->command_usage = P7ZIP;
+ 			return TRUE;
+ 		}
+-		comics_document->selected_command =
+-				g_find_program_in_path ("bsdtar");
+-		if (comics_document->selected_command) {
+-			comics_document->command_usage = TAR;
+-			return TRUE;
+-		}
+-	} else if (g_content_type_is_a (mime_type, "application/x-cbt") ||
+-		   g_content_type_is_a (mime_type, "application/x-tar")) {
+-		/* tar utility (Tape ARchive) */
+-		comics_document->selected_command =
+-				g_find_program_in_path ("tar");
+-		if (comics_document->selected_command) {
+-			comics_document->command_usage = TAR;
+-			return TRUE;
+-		}
+-		comics_document->selected_command =
+-				g_find_program_in_path ("bsdtar");
+-		if (comics_document->selected_command) {
+-			comics_document->command_usage = TAR;
+-			return TRUE;
+-		}
+ 	} else {
+ 		g_set_error (error,
+ 			     EV_DOCUMENT_ERROR,

srcpkgs/evince/template

@@ -1,7 +1,7 @@
 # Template file for 'evince'
 pkgname=evince
 version=3.24.0
-revision=1
+revision=2
 short_desc="GNOME Document viewer for multiple document formats"
 maintainer="Juan RP <xtraeme@voidlinux.eu>"
 homepage="http://projects.gnome.org/evince/"
@@ -32,6 +32,15 @@ makedepends="tiff-devel libarchive-devel nautilus-devel
  adwaita-icon-theme"
 depends="desktop-file-utils hicolor-icon-theme"
 
+pre_configure() {
+	# Fix for CVE-2017-1000083.
+	# Don't touch configure.ac because autoreconf will fail
+	# for cross builds due to missing gobject introspection
+	sed -i configure \
+		-e '/COMICS_MIME_TYPES/ s|;application/x-cbt||' \
+		-e '/COMICS_MIME_TYPES/ s|;application/x-ext-cbt||'
+}
+
 libevince_package() {
 	short_desc+=" - runtime libraries"
 	pkg_install() {