import Oracle_OSS evince-40.5-4.el9_8.1

This commit is contained in:
AlmaLinux RelEng Bot 2026-06-25 09:43:57 -04:00
parent 46b6254c13
commit 71d6e52003
2 changed files with 76 additions and 1 deletions

View File

@ -0,0 +1,68 @@
From 970c219e861a5fcc3e7b9e05bedf18cf0de39245 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Germ=C3=A1n=20Poo-Caama=C3=B1o?= <gpoo@gnome.org>
Date: Mon, 18 May 2026 16:25:13 -0400
Subject: [PATCH] shell: quote strings in arguments used when calling ev_spawn
When spawning a new instance, it is good practice to sanitize the
arguments given to Evince, as those arguments may come from an
untrusted source. We want to avoid those values could become
unintended flags by the child process.
Fixes #2153
---
shell/ev-application.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/shell/ev-application.c b/shell/ev-application.c
index 001d21438..e35a5ef5f 100644
--- a/shell/ev-application.c
+++ b/shell/ev-application.c
@@ -155,7 +155,7 @@ ev_spawn (const char *uri,
guint timestamp)
{
GString *cmd;
- gchar *path, *cmdline;
+ gchar *path, *cmdline, *quoted;
GAppInfo *app;
GError *error = NULL;
@@ -180,18 +180,24 @@ ev_spawn (const char *uri,
/* Page label */
if (dest) {
switch (ev_link_dest_get_dest_type (dest)) {
- case EV_LINK_DEST_TYPE_PAGE_LABEL:
+ case EV_LINK_DEST_TYPE_PAGE_LABEL: {
+ quoted = g_shell_quote (ev_link_dest_get_page_label (dest));
g_string_append_printf (cmd, " --page-label=%s",
- ev_link_dest_get_page_label (dest));
+ quoted);
+ g_free (quoted);
break;
+ }
case EV_LINK_DEST_TYPE_PAGE:
g_string_append_printf (cmd, " --page-index=%d",
ev_link_dest_get_page (dest) + 1);
break;
- case EV_LINK_DEST_TYPE_NAMED:
+ case EV_LINK_DEST_TYPE_NAMED: {
+ quoted = g_shell_quote (ev_link_dest_get_named_dest (dest));
g_string_append_printf (cmd, " --named-dest=%s",
- ev_link_dest_get_named_dest (dest));
+ quoted);
+ g_free (quoted);
break;
+ }
default:
break;
}
@@ -199,7 +205,9 @@ ev_spawn (const char *uri,
/* Find string */
if (search_string) {
- g_string_append_printf (cmd, " --find=%s", search_string);
+ quoted = g_shell_quote (search_string);
+ g_string_append_printf (cmd, " --find=%s", quoted);
+ g_free (quoted);
}
/* Mode */

View File

@ -4,7 +4,7 @@
Name: evince
Version: 40.5
Release: 4%{?dist}
Release: 4%{?dist}.1
Summary: Document viewer
License: GPLv2+ and GPLv3+ and LGPLv2+ and MIT and Afmparse
@ -21,6 +21,9 @@ Patch2: evince-40.4-quit-shortcut.patch
Patch3: evince-40.5-launch-pdfs.patch
Patch4: evince-40.5-launch-event.patch
# https://redhat.atlassian.net/browse/RHEL-184047
Patch5: evince-40.5-CVE-2026-46529.patch
BuildRequires: gcc-c++
BuildRequires: gcc
BuildRequires: gettext-devel
@ -273,6 +276,10 @@ desktop-file-validate $RPM_BUILD_ROOT%{_datadir}/applications/org.gnome.Evince-p
%{_mandir}/man1/evince-previewer.1*
%changelog
* Tue Jun 16 2026 Marek Kasik <mkasik@redhat.com> - 40.5-4.el9_8.1
- Sanitize arguments (CVE-2026-46529)
- Resolves: RHEL-184047
* Fri May 30 2025 Marek Kasik <mkasik@redhat.com> - 40.5-4
- Fix a leak
- Resolves: RHEL-84038