!21 CVE-2023-51698

From: @peijiankang 
Reviewed-by: @dou33 
Signed-off-by: @dou33

CVE-2023-52076.patch

@@ -0,0 +1,94 @@
+From 0fd1bfdbb81dddeb2329137315ce17684a6602c2 Mon Sep 17 00:00:00 2001
+From: peijiankang <peijiankang@kylinos.cn>
+Date: Thu, 29 Feb 2024 10:34:25 +0800
+Subject: [PATCH] CVE-2023-52076
+
+---
+ backend/epub/epub-document.c | 24 ++++++++++++++++++++----
+ 1 file changed, 20 insertions(+), 4 deletions(-)
+
+diff --git a/backend/epub/epub-document.c b/backend/epub/epub-document.c
+index c0fa275..b0d42a3 100644
+--- a/backend/epub/epub-document.c
++++ b/backend/epub/epub-document.c
+@@ -653,7 +653,7 @@ check_mime_type(const gchar* uri,GError** error)
+ }
+ 
+ static gboolean
+-extract_one_file(EpubDocument* epub_document,GError ** error)
++extract_one_file(EpubDocument* epub_document, GFile *tmp_gfile, GError ** error)
+ {
+     GFile * outfile ;
+     gsize writesize = 0;
+@@ -680,6 +680,20 @@ extract_one_file(EpubDocument* epub_document,GError ** error)
+     gfilepath = g_string_new(epub_document->tmp_archive_dir) ;
+     g_string_append_printf(gfilepath,"/%s",(gchar*)currentfilename);
+ 
++    outfile = g_file_new_for_path (gfilepath->str);
++    g_autofree gchar *rpath = g_file_get_relative_path (tmp_gfile, outfile);
++
++    if (rpath == NULL)
++    {
++        g_set_error_literal (error,
++                             EV_DOCUMENT_ERROR,
++                             EV_DOCUMENT_ERROR_INVALID,
++                             _("epub file is invalid or corrupt"));
++        g_critical ("Invalid filename in Epub container - '%s'", (gchar *) currentfilename);
++        result = FALSE;
++        goto out;
++    }
++
+     /*if we encounter a directory, make a directory inside our temporary folder.*/
+     if (directory != NULL && *directory == '\0')
+     {
+@@ -707,7 +721,6 @@ extract_one_file(EpubDocument* epub_document,GError ** error)
+ 		g_string_free(dir_create,TRUE);
+     }
+ 
+-    outfile = g_file_new_for_path(gfilepath->str);
+     outstream = g_file_create(outfile,G_FILE_CREATE_PRIVATE,NULL,error);
+     gpointer buffer = g_malloc0(512);
+     while ( (writesize = unzReadCurrentFile(epub_document->epubDocument,buffer,512) ) != 0 )
+@@ -720,10 +733,10 @@ extract_one_file(EpubDocument* epub_document,GError ** error)
+     }
+     g_free(buffer);
+     g_output_stream_close((GOutputStream*)outstream,NULL,error);
+-    g_object_unref(outfile) ;
+     g_object_unref(outstream) ;
+ 
+ out:
++    g_object_unref(outfile) ;
+     unzCloseCurrentFile (epub_document->epubDocument) ;
+     g_string_free(gfilepath,TRUE);
+     g_free(currentfilename);
+@@ -735,6 +748,7 @@ extract_epub_from_container (const gchar* uri,
+                              EpubDocument *epub_document,
+                              GError ** error)
+ {
++    GFile *tmp_gfile = NULL;
+     GError *err = NULL;
+     epub_document->archivename = g_filename_from_uri(uri,NULL,error);
+ 
+@@ -796,9 +810,10 @@ extract_epub_from_container (const gchar* uri,
+         goto out;
+     }
+ 
++    tmp_gfile = g_file_new_for_path (epub_document->tmp_archive_dir);
+     while ( TRUE )
+     {
+-        if ( extract_one_file(epub_document,&err) == FALSE )
++        if ( extract_one_file(epub_document, tmp_gfile, &err) == FALSE )
+         {
+             if (err) {
+                 g_propagate_error (error, err);
+@@ -819,6 +834,7 @@ extract_epub_from_container (const gchar* uri,
+     }
+ 
+ out:
++    g_clear_object (&tmp_gfile);
+     unzClose(epub_document->epubDocument);
+     return result;
+ }
+-- 
+2.41.0
+

atril.spec

@@ -0,0 +1,181 @@
+# Conditional for release and snapshot builds. Uncomment for release-builds.
+%global rel_build 1
+
+# This is needed, because src-url contains branched part of versioning-scheme.
+%global branch 1.22
+
+# Settings used for build from snapshots.
+%{!?rel_build:%global commit 5bba3723566489763aafaad3669c77f60a23d2e0}
+%{!?rel_build:%global commit_date 20140122}
+%{!?rel_build:%global shortcommit %(c=%{commit};echo ${c:0:7})}
+%{!?rel_build:%global git_ver git%{commit_date}-%{shortcommit}}
+%{!?rel_build:%global git_rel .git%{commit_date}.%{shortcommit}}
+%{!?rel_build:%global git_tar %{name}-%{version}-%{git_ver}.tar.xz}
+
+Name:          atril
+Version:       %{branch}.3
+Release:       4
+Summary:       Document viewer
+License:       GPLv2+ and LGPLv2+ and MIT
+URL:           http://mate-desktop.org
+
+# for downloading the tarball use 'spectool -g -R caja.spec'
+# Source for release-builds.
+%{?rel_build:Source0:     http://pub.mate-desktop.org/releases/%{branch}/%{name}-%{version}.tar.xz}
+# Source for snapshot-builds.
+%{!?rel_build:Source0:    http://git.mate-desktop.org/%{name}/snapshot/%{name}-%{commit}.tar.xz#/%{git_tar}}
+Patch01:        CVE-2023-52076.patch
+#fix from https://gitee.com/link?target=https%3A%2F%2Fgithub.com%2Fmate-desktop%2Fatril%2Fcommit%2Fce41df6467521ff9fd4f16514ae7d6ebb62eb1ed
+Patch02:        CVE-2023-51698.patch
+
+BuildRequires:  gcc-c++
+BuildRequires:  gtk3-devel
+BuildRequires:  poppler-glib-devel
+BuildRequires:  libXt-devel
+BuildRequires:  libsecret-devel
+BuildRequires:  libglade2-devel
+BuildRequires:  libtiff-devel
+BuildRequires:  libjpeg-turbo-devel
+BuildRequires:  libspectre-devel
+BuildRequires:  desktop-file-utils
+BuildRequires:  gobject-introspection-devel
+BuildRequires:  mate-common
+BuildRequires:  cairo-gobject-devel
+BuildRequires:  yelp-tools
+
+# for the xps back-end
+BuildRequires:  libgxps-devel
+# for the caja properties page
+#BuildRequires:  caja-devel
+# for the dvi back-end
+BuildRequires:  texlive-lib-devel
+# for the djvu back-end
+BuildRequires:  djvulibre-devel
+# for epub back-end
+BuildRequires:  webkit2gtk3-devel
+
+Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
+#  fix (#974791)
+Requires:       mate-desktop-libs
+Requires:       mathjax
+
+%description
+Mate-document-viewer is simple document viewer.
+It can display and print Portable Document Format (PDF),
+PostScript (PS), Encapsulated PostScript (EPS), DVI, DJVU, epub and XPS files.
+When supported by the document format, mate-document-viewer
+allows searching for text, copying text to the clipboard,
+hypertext navigation, table-of-contents bookmarks and editing of forms.
+
+
+%package libs
+Summary: Libraries for the mate-document-viewer
+
+%description libs
+This package contains shared libraries needed for mate-document-viewer.
+
+
+%package devel
+Summary: Support for developing back-ends for the mate-document-viewer
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+
+%description devel
+This package contains libraries and header files needed for
+mate-document-viewer back-ends development.
+
+%prep
+%if 0%{?rel_build}
+%autosetup -p1
+%else
+%autosetup -n %{name}-%{commit} -p1
+%endif
+
+%if 0%{?rel_build}
+#NOCONFIGURE=1 ./autogen.sh
+%else # 0%{?rel_build}
+# needed for git snapshots
+NOCONFIGURE=1 ./autogen.sh
+%endif # 0%{?rel_build}
+
+%build
+%configure \
+        --disable-static \
+        --disable-schemas-compile \
+        --disable-caja \
+        --enable-introspection \
+        --enable-comics \
+        --enable-dvi=yes \
+        --enable-djvu=yes \
+        --enable-t1lib=no \
+        --enable-pixbuf \
+        --enable-xps \
+        --enable-epub
+
+# remove unused-direct-shlib-dependency
+sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool
+
+make %{?_smp_mflags} V=1
+
+
+%install
+%{make_install}
+
+%find_lang %{name} --with-gnome --all-name
+
+find $RPM_BUILD_ROOT -name '*.la' -exec rm -fv {} ';'
+
+
+%check
+desktop-file-validate ${RPM_BUILD_ROOT}%{_datadir}/applications/atril.desktop
+
+
+%files -f %{name}.lang
+%doc README COPYING NEWS AUTHORS
+%{_bindir}/*
+%dir %{_datadir}/atril
+%{_datadir}/atril/*
+%{_datadir}/applications/atril.desktop
+%{_datadir}/icons/hicolor/*/apps/atril.*
+%{_libexecdir}/atrild
+%{_datadir}/dbus-1/services/org.mate.atril.Daemon.service
+%{_datadir}/glib-2.0/schemas/org.mate.Atril.gschema.xml
+%{_datadir}/metainfo/atril.appdata.xml
+%{_mandir}/man1/atril-*.1.*
+%{_mandir}/man1/atril.1.*
+
+%files libs
+%{_libdir}/libatrilview.so.*
+%{_libdir}/libatrildocument.so.*
+%{_libdir}/atril/3/backends/
+%{_libdir}/girepository-1.0/AtrilDocument-1.5.0.typelib
+%{_libdir}/girepository-1.0/AtrilView-1.5.0.typelib
+
+%exclude %{_datadir}/thumbnailers/atril.thumbnailer
+
+%files devel
+%dir %{_includedir}/atril/
+%{_includedir}/atril/1.5.0/
+%{_libdir}/libatrilview.so
+%{_libdir}/libatrildocument.so
+%{_libdir}/pkgconfig/atril-view-1.5.0.pc
+%{_libdir}/pkgconfig/atril-document-1.5.0.pc
+%{_datadir}/gir-1.0/AtrilDocument-1.5.0.gir
+%{_datadir}/gir-1.0/AtrilView-1.5.0.gir
+%{_datadir}/gtk-doc/html/libatrildocument-1.5.0/
+%{_datadir}/gtk-doc/html/libatrilview-1.5.0/
+%{_datadir}/gtk-doc/html/atril/
+
+
+%changelog
+* Wed Apr 24 2024 peijiankang <peijiankang@kylinos.cn> - 1.22.3-4
+- add CVE-2023-51698.patch
+
+* Thu Feb 29 2024 peijiankang <peijiankang@kylinos.cn> - 1.22.3-3
+- add CVE-2023-52076.patch
+
+* Tue Jun 1 2021 douyan <douyan@kylinos.cn> - 1.22.3-2
+- remove package atril-thumbnailer
+
+* Tue Aug 25 2020 douyan <douyan@kylinos.cn> - 1.22.3-1
+- disable caja support. Init package for openEuler
+

atril.yaml

@@ -0,0 +1,4 @@
+version_control: github
+src_repo: mate-desktop/atril
+tag_prefix: "^v"
+separator: "."