summaryrefslogtreecommitdiff
path: root/office/evince/patches
diff options
context:
space:
mode:
Diffstat (limited to 'office/evince/patches')
-rw-r--r--office/evince/patches/evince-0.7.1-display-menu.patch11
-rw-r--r--office/evince/patches/evince-2.32.0-dvi-CVEs.patch97
-rw-r--r--office/evince/patches/evince-2.32.0-dvi-security.patch24
-rw-r--r--office/evince/patches/evince-2.32.0-libdocument-segfault.patch35
-rw-r--r--office/evince/patches/evince-2.32.0-libview-crash.patch32
-rw-r--r--office/evince/patches/evince-2.32.0-pk-fonts.patch37
-rw-r--r--office/evince/patches/evince-2.32.0-stop-spinner.patch74
-rw-r--r--office/evince/patches/evince-2.32.0-update-poppler.patch58
-rw-r--r--office/evince/patches/evince-2.32.0-use-popup.patch21
9 files changed, 389 insertions, 0 deletions
diff --git a/office/evince/patches/evince-0.7.1-display-menu.patch b/office/evince/patches/evince-0.7.1-display-menu.patch
new file mode 100644
index 0000000000..9edc43ead1
--- /dev/null
+++ b/office/evince/patches/evince-0.7.1-display-menu.patch
@@ -0,0 +1,11 @@
+diff --exclude-from=/home/dang/.diffrc -up -ruN evince-0.7.1.orig/data/evince.desktop.in.in evince-0.7.1/data/evince.desktop.in.in
+--- evince-0.7.1.orig/data/evince.desktop.in.in 2007-01-10 11:04:20.000000000 -0500
++++ evince-0.7.1/data/evince.desktop.in.in 2007-01-18 17:30:52.000000000 -0500
+@@ -9,7 +9,6 @@ StartupNotify=true
+ Terminal=false
+ Type=Application
+ Icon=evince
+-NoDisplay=true
+ X-GNOME-DocPath=
+ X-GNOME-Bugzilla-Bugzilla=GNOME
+ X-GNOME-Bugzilla-Product=evince
diff --git a/office/evince/patches/evince-2.32.0-dvi-CVEs.patch b/office/evince/patches/evince-2.32.0-dvi-CVEs.patch
new file mode 100644
index 0000000000..691ee4190a
--- /dev/null
+++ b/office/evince/patches/evince-2.32.0-dvi-CVEs.patch
@@ -0,0 +1,97 @@
+From 8e473c9796b9a61b811213e7892fd36fd570303a Mon Sep 17 00:00:00 2001
+From: José Aliste <jaliste@src.gnome.org>
+Date: Tue, 07 Dec 2010 18:56:47 +0000
+Subject: backends: Fix several security issues in the dvi-backend.
+
+See CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643.
+---
+diff --git a/backend/dvi/mdvi-lib/afmparse.c b/backend/dvi/mdvi-lib/afmparse.c
+index 164366b..361e23d 100644
+--- a/backend/dvi/mdvi-lib/afmparse.c
++++ b/backend/dvi/mdvi-lib/afmparse.c
+@@ -160,7 +160,7 @@ static char *token(FILE *stream)
+
+ idx = 0;
+ while (ch != EOF && ch != ' ' && ch != lineterm
+- && ch != '\t' && ch != ':' && ch != ';')
++ && ch != '\t' && ch != ':' && ch != ';' && idx < MAX_NAME)
+ {
+ ident[idx++] = ch;
+ ch = fgetc(stream);
+diff --git a/backend/dvi/mdvi-lib/dviread.c b/backend/dvi/mdvi-lib/dviread.c
+index 97b7b84..ac98068 100644
+--- a/backend/dvi/mdvi-lib/dviread.c
++++ b/backend/dvi/mdvi-lib/dviread.c
+@@ -1537,6 +1537,10 @@ int special(DviContext *dvi, int opcode)
+ Int32 arg;
+
+ arg = dugetn(dvi, opcode - DVI_XXX1 + 1);
++ if (arg <= 0) {
++ dvierr(dvi, _("malformed special length\n"));
++ return -1;
++ }
+ s = mdvi_malloc(arg + 1);
+ dread(dvi, s, arg);
+ s[arg] = 0;
+diff --git a/backend/dvi/mdvi-lib/pk.c b/backend/dvi/mdvi-lib/pk.c
+index a579186..08377e6 100644
+--- a/backend/dvi/mdvi-lib/pk.c
++++ b/backend/dvi/mdvi-lib/pk.c
+@@ -469,6 +469,15 @@ static int pk_load_font(DviParams *unused, DviFont *font)
+ }
+ if(feof(p))
+ break;
++
++ /* Although the PK format support bigger char codes,
++ * XeTeX and other extended TeX engines support charcodes up to
++ * 65536, while normal TeX engine supports only charcode up to 255.*/
++ if (cc < 0 || cc > 65536) {
++ mdvi_error (_("%s: unexpected charcode (%d)\n"),
++ font->fontname,cc);
++ goto error;
++ }
+ if(cc < loc)
+ loc = cc;
+ if(cc > hic)
+@@ -512,7 +521,7 @@ static int pk_load_font(DviParams *unused, DviFont *font)
+ }
+
+ /* resize font char data */
+- if(loc > 0 || hic < maxch-1) {
++ if(loc > 0 && hic < maxch-1) {
+ memmove(font->chars, font->chars + loc,
+ (hic - loc + 1) * sizeof(DviFontChar));
+ font->chars = xresize(font->chars,
+diff --git a/backend/dvi/mdvi-lib/tfmfile.c b/backend/dvi/mdvi-lib/tfmfile.c
+index 73ebf26..8c2a30b 100644
+--- a/backend/dvi/mdvi-lib/tfmfile.c
++++ b/backend/dvi/mdvi-lib/tfmfile.c
+@@ -172,7 +172,8 @@ int tfm_load_file(const char *filename, TFMInfo *info)
+ /* We read the entire TFM file into core */
+ if(fstat(fileno(in), &st) < 0)
+ return -1;
+- if(st.st_size == 0)
++ /* according to the spec, TFM files are smaller than 16K */
++ if(st.st_size == 0 || st.st_size >= 16384)
+ goto bad_tfm;
+
+ /* allocate a word-aligned buffer to hold the file */
+diff --git a/backend/dvi/mdvi-lib/vf.c b/backend/dvi/mdvi-lib/vf.c
+index fb49847..a5ae3bb 100644
+--- a/backend/dvi/mdvi-lib/vf.c
++++ b/backend/dvi/mdvi-lib/vf.c
+@@ -165,6 +165,12 @@ static int vf_load_font(DviParams *params, DviFont *font)
+ cc = fuget1(p);
+ tfm = fuget3(p);
+ }
++ if (cc < 0 || cc > 65536) {
++ /* TeX engines do not support char codes bigger than 65535 */
++ mdvi_error(_("(vf) %s: unexpected character %d\n"),
++ font->fontname, cc);
++ goto error;
++ }
+ if(loc < 0 || cc < loc)
+ loc = cc;
+ if(hic < 0 || cc > hic)
+--
+cgit v0.8.3.1
diff --git a/office/evince/patches/evince-2.32.0-dvi-security.patch b/office/evince/patches/evince-2.32.0-dvi-security.patch
new file mode 100644
index 0000000000..6bde382d61
--- /dev/null
+++ b/office/evince/patches/evince-2.32.0-dvi-security.patch
@@ -0,0 +1,24 @@
+From 9611cfcd6c2f39aafab10730c291efd736ab97e4 Mon Sep 17 00:00:00 2001
+From: Vincent Untz <vuntz@gnome.org>
+Date: Thu, 17 Feb 2011 14:23:39 +0000
+Subject: backends: Fix another security issue in the dvi-backend
+
+This is similar to one of the fixes from d4139205.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=640923
+---
+diff --git a/backend/dvi/mdvi-lib/afmparse.c b/backend/dvi/mdvi-lib/afmparse.c
+index 361e23d..e1cd115 100644
+--- a/backend/dvi/mdvi-lib/afmparse.c
++++ b/backend/dvi/mdvi-lib/afmparse.c
+@@ -190,7 +190,7 @@ static char *linetoken(FILE *stream)
+ while ((ch = fgetc(stream)) == ' ' || ch == '\t' );
+
+ idx = 0;
+- while (ch != EOF && ch != lineterm)
++ while (ch != EOF && ch != lineterm && idx < MAX_NAME)
+ {
+ ident[idx++] = ch;
+ ch = fgetc(stream);
+--
+cgit v0.9
diff --git a/office/evince/patches/evince-2.32.0-libdocument-segfault.patch b/office/evince/patches/evince-2.32.0-libdocument-segfault.patch
new file mode 100644
index 0000000000..bef8d80cce
--- /dev/null
+++ b/office/evince/patches/evince-2.32.0-libdocument-segfault.patch
@@ -0,0 +1,35 @@
+From a933a516e9b6a4199d22055f9041747e00498901 Mon Sep 17 00:00:00 2001
+From: José Aliste <jaliste@src.gnome.org>
+Date: Wed, 29 Sep 2010 16:22:32 +0000
+Subject: [libdocument] Check for NULL in synctex_backward_search.
+
+Fixes bug #630845
+---
+diff --git a/libdocument/ev-document.c b/libdocument/ev-document.c
+index 70349dc..742b51c 100644
+--- a/libdocument/ev-document.c
++++ b/libdocument/ev-document.c
+@@ -419,11 +419,16 @@ ev_document_synctex_backward_search (EvDocument *document,
+ /* We assume that a backward search returns either zero or one result_node */
+ node = synctex_next_result (scanner);
+ if (node != NULL) {
+- result = g_new (EvSourceLink, 1);
+- result->filename = synctex_scanner_get_name (scanner,
+- synctex_node_tag (node));
+- result->line = synctex_node_line (node);
+- result->col = synctex_node_column (node);
++ const gchar *filename;
++
++ filename = synctex_scanner_get_name (scanner, synctex_node_tag (node));
++
++ if (filename) {
++ result = g_new (EvSourceLink, 1);
++ result->filename = filename;
++ result->line = synctex_node_line (node);
++ result->col = synctex_node_column (node);
++ }
+ }
+ }
+
+--
+cgit v0.8.3.1
diff --git a/office/evince/patches/evince-2.32.0-libview-crash.patch b/office/evince/patches/evince-2.32.0-libview-crash.patch
new file mode 100644
index 0000000000..65d07751fd
--- /dev/null
+++ b/office/evince/patches/evince-2.32.0-libview-crash.patch
@@ -0,0 +1,32 @@
+commit a3b87cb28e46958b37e384a47604032ea0889807
+Author: Carlos Garcia Campos <carlosgc@gnome.org>
+Date: Sun Nov 21 12:27:21 2010 +0100
+
+ libview: Make sure we have a valid page range before getting/setting selection list
+
+ Fixes bug #630999.
+
+diff --git a/libview/ev-pixbuf-cache.c b/libview/ev-pixbuf-cache.c
+index 367f70d..ee68354 100644
+--- a/libview/ev-pixbuf-cache.c
++++ b/libview/ev-pixbuf-cache.c
+@@ -1035,6 +1035,9 @@ ev_pixbuf_cache_set_selection_list (EvPixbufCache *pixbuf_cache,
+ if (!EV_IS_SELECTION (pixbuf_cache->document))
+ return;
+
++ if (pixbuf_cache->start_page == -1 || pixbuf_cache->end_page == -1)
++ return;
++
+ /* We check each area to see what needs updating, and what needs freeing; */
+ page = pixbuf_cache->start_page - pixbuf_cache->preload_cache_size;
+ for (i = 0; i < pixbuf_cache->preload_cache_size; i++) {
+@@ -1114,6 +1117,9 @@ ev_pixbuf_cache_get_selection_list (EvPixbufCache *pixbuf_cache)
+
+ g_return_val_if_fail (EV_IS_PIXBUF_CACHE (pixbuf_cache), NULL);
+
++ if (pixbuf_cache->start_page == -1 || pixbuf_cache->end_page == -1)
++ return NULL;
++
+ /* We check each area to see what needs updating, and what needs freeing; */
+ page = pixbuf_cache->start_page - pixbuf_cache->preload_cache_size;
+ for (i = 0; i < pixbuf_cache->preload_cache_size; i++) {
diff --git a/office/evince/patches/evince-2.32.0-pk-fonts.patch b/office/evince/patches/evince-2.32.0-pk-fonts.patch
new file mode 100644
index 0000000000..8379e7453c
--- /dev/null
+++ b/office/evince/patches/evince-2.32.0-pk-fonts.patch
@@ -0,0 +1,37 @@
+From 0a6e8aabcc46d47b5d84e5414cd0e07d57ef171b Mon Sep 17 00:00:00 2001
+From: José Aliste <jaliste@src.gnome.org>
+Date: Mon, 17 Jan 2011 17:30:00 +0000
+Subject: Fix problem with some pk fonts.
+
+---
+diff --git a/backend/dvi/mdvi-lib/pk.c b/backend/dvi/mdvi-lib/pk.c
+index 08377e6..a911613 100644
+--- a/backend/dvi/mdvi-lib/pk.c
++++ b/backend/dvi/mdvi-lib/pk.c
+@@ -328,13 +328,14 @@ static int pk_load_font(DviParams *unused, DviFont *font)
+ {
+ int i;
+ int flag_byte;
+- int loc, hic, maxch;
++ int hic, maxch;
+ Int32 checksum;
+ FILE *p;
+ #ifndef NODEBUG
+ char s[256];
+ #endif
+ long alpha, beta, z;
++ unsigned int loc;
+
+ font->chars = xnalloc(DviFontChar, 256);
+ p = font->in;
+@@ -521,7 +522,7 @@ static int pk_load_font(DviParams *unused, DviFont *font)
+ }
+
+ /* resize font char data */
+- if(loc > 0 && hic < maxch-1) {
++ if(loc > 0 || hic < maxch-1) {
+ memmove(font->chars, font->chars + loc,
+ (hic - loc + 1) * sizeof(DviFontChar));
+ font->chars = xresize(font->chars,
+--
+cgit v0.8.3.1
diff --git a/office/evince/patches/evince-2.32.0-stop-spinner.patch b/office/evince/patches/evince-2.32.0-stop-spinner.patch
new file mode 100644
index 0000000000..eb33019687
--- /dev/null
+++ b/office/evince/patches/evince-2.32.0-stop-spinner.patch
@@ -0,0 +1,74 @@
+From 220956ee03fa37fb55079aff63675db26cd908f9 Mon Sep 17 00:00:00 2001
+From: Cristian KLEIN <cristiklein+gnome@gmail.com>
+Date: Thu, 16 Dec 2010 17:38:06 +0000
+Subject: libview: Stop the GtkSpinner when the loading window is hidden
+
+Fixes bug #637390.
+---
+diff --git a/libview/ev-loading-window.c b/libview/ev-loading-window.c
+index 4d5eaaf..434beac 100644
+--- a/libview/ev-loading-window.c
++++ b/libview/ev-loading-window.c
+@@ -33,6 +33,7 @@ struct _EvLoadingWindow {
+ GtkWindow base_instance;
+
+ GtkWindow *parent;
++ GtkWidget *spinner;
+
+ gint x;
+ gint y;
+@@ -69,7 +70,6 @@ ev_loading_window_init (EvLoadingWindow *window)
+ GtkWindow *gtk_window = GTK_WINDOW (window);
+ GtkWidget *widget = GTK_WIDGET (window);
+ GtkWidget *hbox;
+- GtkWidget *spinner;
+ GtkWidget *label;
+ GtkStyle *style;
+ GdkColor fg, bg;
+@@ -79,10 +79,9 @@ ev_loading_window_init (EvLoadingWindow *window)
+
+ hbox = gtk_hbox_new (FALSE, 12);
+
+- spinner = gtk_spinner_new ();
+- gtk_spinner_start (GTK_SPINNER (spinner));
+- gtk_box_pack_start (GTK_BOX (hbox), spinner, FALSE, FALSE, 0);
+- gtk_widget_show (spinner);
++ window->spinner = gtk_spinner_new ();
++ gtk_box_pack_start (GTK_BOX (hbox), window->spinner, FALSE, FALSE, 0);
++ gtk_widget_show (window->spinner);
+
+ label = gtk_label_new (loading_text);
+ gtk_box_pack_start (GTK_BOX (hbox), label, FALSE, FALSE, 0);
+@@ -222,10 +221,22 @@ ev_loading_window_hide (GtkWidget *widget)
+
+ window->x = window->y = 0;
+
++ gtk_spinner_stop (GTK_SPINNER (window->spinner));
++
+ GTK_WIDGET_CLASS (ev_loading_window_parent_class)->hide (widget);
+ }
+
+ static void
++ev_loading_window_show (GtkWidget *widget)
++{
++ EvLoadingWindow *window = EV_LOADING_WINDOW (widget);
++
++ gtk_spinner_start (GTK_SPINNER (window->spinner));
++
++ GTK_WIDGET_CLASS (ev_loading_window_parent_class)->show (widget);
++}
++
++static void
+ ev_loading_window_class_init (EvLoadingWindowClass *klass)
+ {
+ GObjectClass *g_object_class = G_OBJECT_CLASS (klass);
+@@ -235,6 +246,7 @@ ev_loading_window_class_init (EvLoadingWindowClass *klass)
+ g_object_class->set_property = ev_loading_window_set_property;
+
+ gtk_widget_class->size_allocate = ev_loading_window_size_allocate;
++ gtk_widget_class->show = ev_loading_window_show;
+ gtk_widget_class->hide = ev_loading_window_hide;
+
+ g_object_class_install_property (g_object_class,
+--
+cgit v0.9
diff --git a/office/evince/patches/evince-2.32.0-update-poppler.patch b/office/evince/patches/evince-2.32.0-update-poppler.patch
new file mode 100644
index 0000000000..29bcad6b94
--- /dev/null
+++ b/office/evince/patches/evince-2.32.0-update-poppler.patch
@@ -0,0 +1,58 @@
+From f77e6cf4fd7fef49ac91d8c62b6a9a993529adb8 Mon Sep 17 00:00:00 2001
+From: Carlos Garcia Campos <carlosgc@gnome.org>
+Date: Fri, 17 Sep 2010 11:21:16 +0000
+Subject: [pdf] Update to poppler api changes
+
+Linearized PopplerDocument property is now boolean rather than string.
+---
+diff --git a/backend/pdf/ev-poppler.cc b/backend/pdf/ev-poppler.cc
+index aa080e6..ced3ef7 100644
+--- a/backend/pdf/ev-poppler.cc
++++ b/backend/pdf/ev-poppler.cc
+@@ -722,6 +722,9 @@ pdf_document_get_info (EvDocument *document)
+ PopplerPermissions permissions;
+ EvPage *page;
+ char *metadata;
++#ifdef HAVE_POPPLER_DOCUMENT_IS_LINEARIZED
++ gboolean linearized;
++#endif
+
+ info = g_new0 (EvDocumentInfo, 1);
+
+@@ -758,7 +761,11 @@ pdf_document_get_info (EvDocument *document)
+ "producer", &(info->producer),
+ "creation-date", &(info->creation_date),
+ "mod-date", &(info->modified_date),
++#ifdef HAVE_POPPLER_DOCUMENT_IS_LINEARIZED
++ "linearized", &linearized,
++#else
+ "linearized", &(info->linearized),
++#endif
+ "metadata", &metadata,
+ NULL);
+
+@@ -864,6 +871,10 @@ pdf_document_get_info (EvDocument *document)
+ info->security = g_strdup (_("No"));
+ }
+
++#ifdef HAVE_POPPLER_DOCUMENT_IS_LINEARIZED
++ info->linearized = linearized ? g_strdup (_("Yes")) : g_strdup (_("No"));
++#endif
++
+ return info;
+ }
+
+diff --git a/configure.ac b/configure.ac
+index 0faa16e..9619349 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -512,6 +512,7 @@ if test "x$enable_pdf" = "xyes"; then
+ AC_CHECK_FUNCS(poppler_page_get_text_layout)
+ AC_CHECK_FUNCS(poppler_page_get_selected_text)
+ AC_CHECK_FUNCS(poppler_page_add_annot)
++ AC_CHECK_FUNCS(poppler_document_is_linearized)
+ LIBS=$evince_save_LIBS
+ PKG_CHECK_MODULES(CAIRO_PDF, cairo-pdf, enable_cairo_pdf=yes, enable_cairo_pdf=no)
+ if test x$enable_cairo_pdf = xyes; then
+--
+cgit v0.8.3.1
diff --git a/office/evince/patches/evince-2.32.0-use-popup.patch b/office/evince/patches/evince-2.32.0-use-popup.patch
new file mode 100644
index 0000000000..8bb52c8031
--- /dev/null
+++ b/office/evince/patches/evince-2.32.0-use-popup.patch
@@ -0,0 +1,21 @@
+From 464ec9077f4bc709e50c83372c9d4e1703533efa Mon Sep 17 00:00:00 2001
+From: Carlos Garcia Campos <carlosgc@gnome.org>
+Date: Sun, 20 Feb 2011 10:29:19 +0000
+Subject: libview: Use a popup window instead of a toplevel for loading window
+
+Fixes focus stealing when scrolling. See bug #633475.
+---
+diff --git a/libview/ev-loading-window.c b/libview/ev-loading-window.c
+index b413431..94576ee 100644
+--- a/libview/ev-loading-window.c
++++ b/libview/ev-loading-window.c
+@@ -266,6 +266,7 @@ ev_loading_window_new (GtkWindow *parent)
+ g_return_val_if_fail (GTK_IS_WINDOW (parent), NULL);
+
+ window = g_object_new (EV_TYPE_LOADING_WINDOW,
++ "type", GTK_WINDOW_POPUP,
+ "parent", parent,
+ NULL);
+ return window;
+--
+cgit v0.9