import Oracle_OSS evince-40.5-4.el9_8.1
This commit is contained in:
parent
46b6254c13
commit
71d6e52003
68
SOURCES/evince-40.5-CVE-2026-46529.patch
Normal file
68
SOURCES/evince-40.5-CVE-2026-46529.patch
Normal file
@ -0,0 +1,68 @@
|
||||
From 970c219e861a5fcc3e7b9e05bedf18cf0de39245 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Germ=C3=A1n=20Poo-Caama=C3=B1o?= <gpoo@gnome.org>
|
||||
Date: Mon, 18 May 2026 16:25:13 -0400
|
||||
Subject: [PATCH] shell: quote strings in arguments used when calling ev_spawn
|
||||
|
||||
When spawning a new instance, it is good practice to sanitize the
|
||||
arguments given to Evince, as those arguments may come from an
|
||||
untrusted source. We want to avoid those values could become
|
||||
unintended flags by the child process.
|
||||
|
||||
Fixes #2153
|
||||
---
|
||||
shell/ev-application.c | 20 ++++++++++++++------
|
||||
1 file changed, 14 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/shell/ev-application.c b/shell/ev-application.c
|
||||
index 001d21438..e35a5ef5f 100644
|
||||
--- a/shell/ev-application.c
|
||||
+++ b/shell/ev-application.c
|
||||
@@ -155,7 +155,7 @@ ev_spawn (const char *uri,
|
||||
guint timestamp)
|
||||
{
|
||||
GString *cmd;
|
||||
- gchar *path, *cmdline;
|
||||
+ gchar *path, *cmdline, *quoted;
|
||||
GAppInfo *app;
|
||||
GError *error = NULL;
|
||||
|
||||
@@ -180,18 +180,24 @@ ev_spawn (const char *uri,
|
||||
/* Page label */
|
||||
if (dest) {
|
||||
switch (ev_link_dest_get_dest_type (dest)) {
|
||||
- case EV_LINK_DEST_TYPE_PAGE_LABEL:
|
||||
+ case EV_LINK_DEST_TYPE_PAGE_LABEL: {
|
||||
+ quoted = g_shell_quote (ev_link_dest_get_page_label (dest));
|
||||
g_string_append_printf (cmd, " --page-label=%s",
|
||||
- ev_link_dest_get_page_label (dest));
|
||||
+ quoted);
|
||||
+ g_free (quoted);
|
||||
break;
|
||||
+ }
|
||||
case EV_LINK_DEST_TYPE_PAGE:
|
||||
g_string_append_printf (cmd, " --page-index=%d",
|
||||
ev_link_dest_get_page (dest) + 1);
|
||||
break;
|
||||
- case EV_LINK_DEST_TYPE_NAMED:
|
||||
+ case EV_LINK_DEST_TYPE_NAMED: {
|
||||
+ quoted = g_shell_quote (ev_link_dest_get_named_dest (dest));
|
||||
g_string_append_printf (cmd, " --named-dest=%s",
|
||||
- ev_link_dest_get_named_dest (dest));
|
||||
+ quoted);
|
||||
+ g_free (quoted);
|
||||
break;
|
||||
+ }
|
||||
default:
|
||||
break;
|
||||
}
|
||||
@@ -199,7 +205,9 @@ ev_spawn (const char *uri,
|
||||
|
||||
/* Find string */
|
||||
if (search_string) {
|
||||
- g_string_append_printf (cmd, " --find=%s", search_string);
|
||||
+ quoted = g_shell_quote (search_string);
|
||||
+ g_string_append_printf (cmd, " --find=%s", quoted);
|
||||
+ g_free (quoted);
|
||||
}
|
||||
|
||||
/* Mode */
|
||||
@ -4,7 +4,7 @@
|
||||
|
||||
Name: evince
|
||||
Version: 40.5
|
||||
Release: 4%{?dist}
|
||||
Release: 4%{?dist}.1
|
||||
Summary: Document viewer
|
||||
|
||||
License: GPLv2+ and GPLv3+ and LGPLv2+ and MIT and Afmparse
|
||||
@ -21,6 +21,9 @@ Patch2: evince-40.4-quit-shortcut.patch
|
||||
Patch3: evince-40.5-launch-pdfs.patch
|
||||
Patch4: evince-40.5-launch-event.patch
|
||||
|
||||
# https://redhat.atlassian.net/browse/RHEL-184047
|
||||
Patch5: evince-40.5-CVE-2026-46529.patch
|
||||
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: gcc
|
||||
BuildRequires: gettext-devel
|
||||
@ -273,6 +276,10 @@ desktop-file-validate $RPM_BUILD_ROOT%{_datadir}/applications/org.gnome.Evince-p
|
||||
%{_mandir}/man1/evince-previewer.1*
|
||||
|
||||
%changelog
|
||||
* Tue Jun 16 2026 Marek Kasik <mkasik@redhat.com> - 40.5-4.el9_8.1
|
||||
- Sanitize arguments (CVE-2026-46529)
|
||||
- Resolves: RHEL-184047
|
||||
|
||||
* Fri May 30 2025 Marek Kasik <mkasik@redhat.com> - 40.5-4
|
||||
- Fix a leak
|
||||
- Resolves: RHEL-84038
|
||||
|
||||
Loading…
Reference in New Issue
Block a user