SECURITY fix for CVE-2017-1000083): Evince command injection vulnerability

in CBT handler (comics: Remove support for tar and tar-like commands).

graphics/evince/Makefile

@@ -1,10 +1,12 @@
-# $OpenBSD: Makefile,v 1.147 2017/04/23 21:45:58 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.148 2017/07/13 12:25:52 ajacoutot Exp $
 
 COMMENT=		GNOME document viewer
 
 GNOME_PROJECT=		evince
 GNOME_VERSION=		3.24.0
 
+REVISION=		0
+
 MAJ_V=			3.0
 SUBST_VARS=		MAJ_V
 

graphics/evince/patches/patch-backend_comics_comics-document_c

@@ -0,0 +1,85 @@
+$OpenBSD: patch-backend_comics_comics-document_c,v 1.1 2017/07/13 12:25:52 ajacoutot Exp $
+
+From 717df38fd8509bf883b70d680c9b1b3cf36732ee Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess@hadess.net>
+Date: Thu, 6 Jul 2017 20:02:00 +0200
+Subject: comics: Remove support for tar and tar-like commands
+
+Index: backend/comics/comics-document.c
+--- backend/comics/comics-document.c.orig
++++ backend/comics/comics-document.c
+@@ -56,8 +56,7 @@ typedef enum
+ 	RARLABS,
+ 	GNAUNRAR,
+ 	UNZIP,
+-	P7ZIP,
+-	TAR
++	P7ZIP
+ } ComicBookDecompressType;
+ 
+ typedef struct _ComicsDocumentClass ComicsDocumentClass;
+@@ -117,9 +116,6 @@ static const ComicBookDecompressCommand command_usage_
+ 
+         /* 7zip */
+ 	{NULL               , "%s l -- %s"     , "%s x -y %s -o%s", FALSE, OFFSET_7Z},
+-
+-        /* tar */
+-	{"%s -xOf"          , "%s -tf %s"      , NULL             , FALSE, NO_OFFSET}
+ };
+ 
+ static GSList*    get_supported_image_extensions (void);
+@@ -364,13 +360,6 @@ comics_check_decompress_command	(gchar          *mime_
+ 			comics_document->command_usage = GNAUNRAR;
+ 			return TRUE;
+ 		}
+-		comics_document->selected_command =
+-				g_find_program_in_path ("bsdtar");
+-		if (comics_document->selected_command) {
+-			comics_document->command_usage = TAR;
+-			return TRUE;
+-		}
+-
+ 	} else if (g_content_type_is_a (mime_type, "application/x-cbz") ||
+ 		   g_content_type_is_a (mime_type, "application/zip")) {
+ 		/* InfoZIP's unzip program */
+@@ -396,12 +385,6 @@ comics_check_decompress_command	(gchar          *mime_
+ 			comics_document->command_usage = P7ZIP;
+ 			return TRUE;
+ 		}
+-		comics_document->selected_command =
+-				g_find_program_in_path ("bsdtar");
+-		if (comics_document->selected_command) {
+-			comics_document->command_usage = TAR;
+-			return TRUE;
+-		}
+ 
+ 	} else if (g_content_type_is_a (mime_type, "application/x-cb7") ||
+ 		   g_content_type_is_a (mime_type, "application/x-7z-compressed")) {
+@@ -423,27 +406,6 @@ comics_check_decompress_command	(gchar          *mime_
+ 				g_find_program_in_path ("7z");
+ 		if (comics_document->selected_command) {
+ 			comics_document->command_usage = P7ZIP;
+-			return TRUE;
+-		}
+-		comics_document->selected_command =
+-				g_find_program_in_path ("bsdtar");
+-		if (comics_document->selected_command) {
+-			comics_document->command_usage = TAR;
+-			return TRUE;
+-		}
+-	} else if (g_content_type_is_a (mime_type, "application/x-cbt") ||
+-		   g_content_type_is_a (mime_type, "application/x-tar")) {
+-		/* tar utility (Tape ARchive) */
+-		comics_document->selected_command =
+-				g_find_program_in_path ("tar");
+-		if (comics_document->selected_command) {
+-			comics_document->command_usage = TAR;
+-			return TRUE;
+-		}
+-		comics_document->selected_command =
+-				g_find_program_in_path ("bsdtar");
+-		if (comics_document->selected_command) {
+-			comics_document->command_usage = TAR;
+ 			return TRUE;
+ 		}
+ 	} else {

graphics/evince/patches/patch-configure

@@ -0,0 +1,19 @@
+$OpenBSD: patch-configure,v 1.3 2017/07/13 12:25:52 ajacoutot Exp $
+
+From 717df38fd8509bf883b70d680c9b1b3cf36732ee Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess@hadess.net>
+Date: Thu, 6 Jul 2017 20:02:00 +0200
+Subject: comics: Remove support for tar and tar-like commands
+
+Index: configure
+--- configure.orig
++++ configure
+@@ -22338,7 +22338,7 @@ fi
+ 
+ 
+ if test "x$enable_comics" = "xyes"; then
+-        COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-cbt;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;application/x-ext-cbt"
++        COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;"
+         APPDATA_COMICS_MIME_TYPES=$(echo "<mimetype>$COMICS_MIME_TYPES</mimetype>" | sed -e 's/;/<\/mimetype>\n    <mimetype>/g')
+         if test -z "$EVINCE_MIME_TYPES"; then
+            EVINCE_MIME_TYPES="${COMICS_MIME_TYPES}"