Mon Oct 28 21:49:22 2019 UTC ()
atril: don't enable dvi support by default. bump pkgrevision.

This option is pulling in t1lib. t1lib is an enormous security risk.
It hasn't seen maintenance since 2011 and we have local patches for
security issues from 2011.

Given the lack of attention, it's likely there are more security
issues lurking.

Documents are usually obtained from untrusted sources, and thus are
considered a remote attack vector
Documents may embed their own fonts. If one embeds a T1 font, it might
be parsed by this unmaintained library.

To avoid this risk, rip out the t1lib dependency.


(maya)
diff -r1.49 -r1.50 pkgsrc/print/atril/Makefile
diff -r1.3 -r1.4 pkgsrc/print/atril/options.mk
cvs diff -r1.49 -r1.50 pkgsrc/print/atril/Makefile (expand / switch to unified diff)

--- pkgsrc/print/atril/Makefile 2019/10/19 12:46:06 1.49
+++ pkgsrc/print/atril/Makefile 2019/10/28 21:49:22 1.50
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.49 2019/10/19 12:46:06 nia Exp $ 1# $NetBSD: Makefile,v 1.50 2019/10/28 21:49:22 maya Exp $
2 2
3PKGREVISION= 5 3PKGREVISION= 6
4.include "../../meta-pkgs/mate/Makefile.common" 4.include "../../meta-pkgs/mate/Makefile.common"
5 5
6DISTNAME= atril-${VERSION:R}.1 6DISTNAME= atril-${VERSION:R}.1
7CATEGORIES= print 7CATEGORIES= print
8 8
9COMMENT= Simple multi-page document viewer for the MATE environment 9COMMENT= Simple multi-page document viewer for the MATE environment
10 10
11USE_LANGUAGES= c c++ 11USE_LANGUAGES= c c++
12 12
13TOOL_DEPENDS+= gdbus-codegen-[0-9]*:../../devel/gdbus-codegen 13TOOL_DEPENDS+= gdbus-codegen-[0-9]*:../../devel/gdbus-codegen
14 14
15PKGCONFIG_OVERRIDE+= atril-document.pc.in 15PKGCONFIG_OVERRIDE+= atril-document.pc.in
16PKGCONFIG_OVERRIDE+= atril-view.pc.in 16PKGCONFIG_OVERRIDE+= atril-view.pc.in
cvs diff -r1.3 -r1.4 pkgsrc/print/atril/options.mk (expand / switch to unified diff)

--- pkgsrc/print/atril/options.mk 2019/03/06 05:48:55 1.3
+++ pkgsrc/print/atril/options.mk 2019/10/28 21:49:22 1.4
@@ -1,18 +1,18 @@ @@ -1,18 +1,18 @@
1# $NetBSD: options.mk,v 1.3 2019/03/06 05:48:55 gutteridge Exp $ 1# $NetBSD: options.mk,v 1.4 2019/10/28 21:49:22 maya Exp $
2 2
3PKG_OPTIONS_VAR= PKG_OPTIONS.atril 3PKG_OPTIONS_VAR= PKG_OPTIONS.atril
4PKG_SUPPORTED_OPTIONS= dbus pdf ps xps dvi djvu tiff gdk-pixbuf keyring introspection 4PKG_SUPPORTED_OPTIONS= dbus pdf ps xps dvi djvu tiff gdk-pixbuf keyring introspection
5PKG_SUGGESTED_OPTIONS= dbus pdf ps xps dvi djvu tiff gdk-pixbuf keyring 5PKG_SUGGESTED_OPTIONS= dbus pdf ps xps djvu tiff gdk-pixbuf keyring
6 6
7.include "../../mk/bsd.options.mk" 7.include "../../mk/bsd.options.mk"
8 8
9PLIST_VARS+= dbus pdf ps xps dvi djvu tiff pixbuf introspection 9PLIST_VARS+= dbus pdf ps xps dvi djvu tiff pixbuf introspection
10 10
11.if !empty(PKG_OPTIONS:Mdbus) 11.if !empty(PKG_OPTIONS:Mdbus)
12.include "../../sysutils/dbus-glib/buildlink3.mk" 12.include "../../sysutils/dbus-glib/buildlink3.mk"
13CONFIGURE_ARGS+= --enable-dbus 13CONFIGURE_ARGS+= --enable-dbus
14PLIST.dbus= yes 14PLIST.dbus= yes
15.else 15.else
16CONFIGURE_ARGS+= --disable-dbus 16CONFIGURE_ARGS+= --disable-dbus
17.endif 17.endif
18 18