net-news/liferea: add 1.12.10, 1.14.1 (Fix RCE vulnerability on feed …

…enrichment) Fix CVE-2023-1350. Bug: https://bugs.gentoo.org/901085 Closes: gentoo#30103 Signed-off-by: Cristian Othón Martínez Vera <[email protected]> Signed-off-by: Sam James <[email protected]>
AndCycle · Mar 15, 2023 · ff30e32 · ff30e32
1 parent 5d9c04b
commit ff30e32
Show file tree

Hide file tree

Showing 3 changed files with 145 additions and 0 deletions.
diff --git a/net-news/liferea/Manifest b/net-news/liferea/Manifest
@@ -1,2 +1,4 @@
+DIST liferea-1.12.10.tar.bz2 1503040 BLAKE2B 8a935f889b972787a55f0d09c4314ee5ff4d4fa42b46af46d84e5dd5d13df95adf898dc522baadd76e7c752c9f47d771122698882142202002ebf2fa5b0e3f31 SHA512 34b9c5b9c58aaac790e44aa2495a169ea2fbc3cdf351013324615b65c083045c3b09c5d5fa6eeba994184d2d7a9e52626241877c24194f4f771af0f5b3afb067
 DIST liferea-1.12.9.tar.bz2 1496593 BLAKE2B a0887a7b04c47a69166396f06305342232b16eefba04df1a0cda7c9d84880e025d73786a55aaa528a143fccef213fa2de9474fb6fab3f301e54a12dba4a705f1 SHA512 09156e0e5e4342741b6290be17ee94a3204d431c687c17688e23067d151d36a178193f5cf01da222974810a48626c877b0cf917fbdd9ecb6e81254e85750be9b
 DIST liferea-1.14.0.tar.gz 1830671 BLAKE2B 2def6bcc7ca2a6e29555f249bde8fac9077447f90e665f437cdc67ad60850488979c455ebd82ad0ac440ff69451ca5493acf521f6d602f7514011e4abe658b1f SHA512 79d52a754482e0ea6d861d792d59e124cac40bc5d969f13cf1029910fdbf14a6e042d405dad49731cd549a05c9b47d7733e6e9336af0ba476f1fbc553f1efa7c
+DIST liferea-1.14.1.tar.gz 1832915 BLAKE2B 93923a498031a356d7c54a290707d79b1758d7e8a0a684d85fd4baab8ce8642e9f6e2be83e2866044d7e17ed08babfbfed8092a6cf83658d8ea90182bec150d1 SHA512 83abb325865e349c22d3735221cb9fc80075502b212042d5db2dcd6425bc4d344755e7dc8a674b71fcde11b07f8ed0ef1b955c5cb3d5e2b4e4a62d1d8793eb94
diff --git a/net-news/liferea/liferea-1.12.10.ebuild b/net-news/liferea/liferea-1.12.10.ebuild
@@ -0,0 +1,74 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{9..10} )
+
+inherit autotools gnome2-utils optfeature python-single-r1 xdg
+
+DESCRIPTION="News Aggregator for RDF/RSS/CDF/Atom/Echo feeds"
+HOMEPAGE="https://lzone.de/liferea/"
+SRC_URI="https://github.com/lwindolf/${PN}/releases/download/v${PV}/${P}.tar.bz2"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
+IUSE=""
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+RDEPEND="${PYTHON_DEPS}
+	dev-db/sqlite:3
+	dev-libs/glib:2
+	dev-libs/gobject-introspection
+	dev-libs/json-glib
+	dev-libs/libpeas[gtk,python,${PYTHON_SINGLE_USEDEP}]
+	dev-libs/libxml2:2
+	dev-libs/libxslt
+	gnome-base/gsettings-desktop-schemas
+	net-libs/libsoup:2.4
+	net-libs/webkit-gtk:4
+	x11-libs/gtk+:3
+	x11-libs/pango"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-util/intltool
+	virtual/pkgconfig"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.12.9-webkit-css.patch
+)
+
+src_prepare() {
+	xdg_src_prepare
+
+	sed -i -e 's#$(datadir)/appdata#$(datadir)/metainfo#g' \
+		Makefile.am || die
+	eautoreconf
+}
+
+src_configure() {
+	econf --disable-static
+}
+
+src_compile() {
+	# Workaround crash in libwebkit2gtk-4.0.so
+	# https://bugs.gentoo.org/704594
+	WEBKIT_DISABLE_COMPOSITING_MODE=1 \
+		default
+}
+
+src_install() {
+	default
+	find "${D}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+	xdg_pkg_postinst
+	gnome2_schemas_update
+
+	optfeature "Libsecret Support plugin" app-crypt/libsecret[introspection]
+	optfeature "Tray Icon (GNOME Classic) plugin" "dev-python/pycairo x11-libs/gdk-pixbuf[introspection]"
+	optfeature "Media Player plugin" media-libs/gstreamer[introspection]
+	optfeature "monitoring network status" net-misc/networkmanager
+	optfeature "Popup Notifications plugin" x11-libs/libnotify[introspection]
+}
diff --git a/net-news/liferea/liferea-1.14.1.ebuild b/net-news/liferea/liferea-1.14.1.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+
+inherit autotools gnome2-utils optfeature python-single-r1 xdg
+
+DESCRIPTION="News Aggregator for RDF/RSS/CDF/Atom/Echo feeds"
+HOMEPAGE="https://lzone.de/liferea/"
+SRC_URI="https://github.com/lwindolf/${PN}/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
+IUSE=""
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+RDEPEND="${PYTHON_DEPS}
+	dev-db/sqlite:3
+	dev-libs/fribidi
+	dev-libs/glib:2
+	dev-libs/gobject-introspection
+	dev-libs/json-glib
+	dev-libs/libpeas[gtk,python,${PYTHON_SINGLE_USEDEP}]
+	dev-libs/libxml2:2
+	dev-libs/libxslt
+	gnome-base/gsettings-desktop-schemas
+	net-libs/libsoup:2.4
+	net-libs/webkit-gtk:4=
+	x11-libs/gdk-pixbuf:2
+	x11-libs/gtk+:3
+	x11-libs/pango"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-util/intltool
+	virtual/pkgconfig"
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	econf --disable-static
+}
+
+src_compile() {
+	# Workaround crash in libwebkit2gtk-4.0.so
+	# https://bugs.gentoo.org/704594
+	WEBKIT_DISABLE_COMPOSITING_MODE=1 \
+		default
+}
+
+src_install() {
+	default
+	find "${D}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+	xdg_pkg_postinst
+	gnome2_schemas_update
+
+	optfeature "Libsecret Support plugin" app-crypt/libsecret[introspection]
+	optfeature "Tray Icon (GNOME Classic) plugin" "dev-python/pycairo x11-libs/gdk-pixbuf[introspection]"
+	optfeature "Media Player plugin" media-libs/gstreamer[introspection]
+	optfeature "monitoring network status" net-misc/networkmanager
+	optfeature "Popup Notifications plugin" x11-libs/libnotify[introspection]
+}