From 9606608904c8b62186e2f69df126e728a8ed51d1 Mon Sep 17 00:00:00 2001
From: Marek Kasik <mkasik@redhat.com>
Date: Wed, 12 Jan 2011 13:28:06 +0100
Subject: [PATCH] Remove
 evince-CVE-2010-2640_CVE-2010-2641_CVE-2010-2642_CVE-2010-2643.patch Change
 the way thumbnailer is integrated with system

---
 ...010-2641_CVE-2010-2642_CVE-2010-2643.patch | 96 -------------------
 evince.spec                                   | 25 ++---
 2 files changed, 6 insertions(+), 115 deletions(-)
 delete mode 100644 evince-CVE-2010-2640_CVE-2010-2641_CVE-2010-2642_CVE-2010-2643.patch

diff --git a/evince-CVE-2010-2640_CVE-2010-2641_CVE-2010-2642_CVE-2010-2643.patch b/evince-CVE-2010-2640_CVE-2010-2641_CVE-2010-2642_CVE-2010-2643.patch
deleted file mode 100644
index 8d4f504..0000000
--- a/evince-CVE-2010-2640_CVE-2010-2641_CVE-2010-2642_CVE-2010-2643.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-commit d4139205b010ed06310d14284e63114e88ec6de2
-Author: José Aliste <jaliste@src.gnome.org>
-Date:   Tue Dec 7 15:56:47 2010 -0300
-
-    backends: Fix several security issues in the dvi-backend.
-    
-    See CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and  CVE-2010-2643.
-
-diff --git a/backend/dvi/mdvi-lib/afmparse.c b/backend/dvi/mdvi-lib/afmparse.c
-index 164366b..361e23d 100644
---- a/backend/dvi/mdvi-lib/afmparse.c
-+++ b/backend/dvi/mdvi-lib/afmparse.c
-@@ -160,7 +160,7 @@ static char *token(FILE *stream)
-     
-     idx = 0;
-     while (ch != EOF && ch != ' ' && ch != lineterm 
--           && ch != '\t' && ch != ':' && ch != ';') 
-+           && ch != '\t' && ch != ':' && ch != ';' && idx < MAX_NAME)
-     {
-         ident[idx++] = ch;
-         ch = fgetc(stream);
-diff --git a/backend/dvi/mdvi-lib/dviread.c b/backend/dvi/mdvi-lib/dviread.c
-index cd8cfa9..d014320 100644
---- a/backend/dvi/mdvi-lib/dviread.c
-+++ b/backend/dvi/mdvi-lib/dviread.c
-@@ -1507,6 +1507,10 @@ int	special(DviContext *dvi, int opcode)
- 	Int32	arg;
- 	
- 	arg = dugetn(dvi, opcode - DVI_XXX1 + 1);
-+	if (arg <= 0) {
-+		dvierr(dvi, _("malformed special length\n"));
-+		return -1;
-+	}
- 	s = mdvi_malloc(arg + 1);
- 	dread(dvi, s, arg);
- 	s[arg] = 0;
-diff --git a/backend/dvi/mdvi-lib/pk.c b/backend/dvi/mdvi-lib/pk.c
-index a579186..08377e6 100644
---- a/backend/dvi/mdvi-lib/pk.c
-+++ b/backend/dvi/mdvi-lib/pk.c
-@@ -469,6 +469,15 @@ static int pk_load_font(DviParams *unused, DviFont *font)
- 			}
- 			if(feof(p))
- 				break;
-+
-+			/* Although the PK format support bigger char codes,
-+                         * XeTeX and other extended TeX engines support charcodes up to
-+                         * 65536, while normal TeX engine supports only charcode up to 255.*/
-+			if (cc < 0 || cc > 65536) {
-+				mdvi_error (_("%s: unexpected charcode (%d)\n"),
-+					    font->fontname,cc);
-+				goto error;
-+			} 
- 			if(cc < loc)
- 				loc = cc;
- 			if(cc > hic)
-@@ -512,7 +521,7 @@ static int pk_load_font(DviParams *unused, DviFont *font)
- 	}
- 
- 	/* resize font char data */
--	if(loc > 0 || hic < maxch-1) {
-+	if(loc > 0 && hic < maxch-1) {
- 		memmove(font->chars, font->chars + loc, 
- 			(hic - loc + 1) * sizeof(DviFontChar));
- 		font->chars = xresize(font->chars,
-diff --git a/backend/dvi/mdvi-lib/tfmfile.c b/backend/dvi/mdvi-lib/tfmfile.c
-index 73ebf26..8c2a30b 100644
---- a/backend/dvi/mdvi-lib/tfmfile.c
-+++ b/backend/dvi/mdvi-lib/tfmfile.c
-@@ -172,7 +172,8 @@ int	tfm_load_file(const char *filename, TFMInfo *info)
- 	/* We read the entire TFM file into core */
- 	if(fstat(fileno(in), &st) < 0)
- 		return -1;
--	if(st.st_size == 0)
-+	/* according to the spec, TFM files are smaller than 16K */
-+	if(st.st_size == 0 || st.st_size >= 16384)
- 		goto bad_tfm;
- 
- 	/* allocate a word-aligned buffer to hold the file */
-diff --git a/backend/dvi/mdvi-lib/vf.c b/backend/dvi/mdvi-lib/vf.c
-index fb49847..a5ae3bb 100644
---- a/backend/dvi/mdvi-lib/vf.c
-+++ b/backend/dvi/mdvi-lib/vf.c
-@@ -165,6 +165,12 @@ static int vf_load_font(DviParams *params, DviFont *font)
- 			cc = fuget1(p);
- 			tfm = fuget3(p);
- 		}
-+		if (cc < 0 || cc > 65536) {
-+			/* TeX engines do not support char codes bigger than 65535 */
-+			mdvi_error(_("(vf) %s: unexpected character %d\n"),
-+				   font->fontname, cc);
-+			goto error;
-+		}
- 		if(loc < 0 || cc < loc)
- 			loc = cc;
- 		if(hic < 0 || cc > hic)
diff --git a/evince.spec b/evince.spec
index cace9b6..f94be96 100644
--- a/evince.spec
+++ b/evince.spec
@@ -5,7 +5,7 @@
 
 Name:           evince
 Version:        2.91.5
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Document viewer
 
 License:        GPLv2+ and GFDL
@@ -15,9 +15,6 @@ Source0:        http://download.gnome.org/sources/%{name}/2.91/%{name}-%{version
 # https://bugzilla.redhat.com/show_bug.cgi?id=562648
 Patch2:         evince-t1font-mapping.patch
 
-# https://bugzilla.redhat.com/show_bug.cgi?id=667573
-Patch3:         evince-CVE-2010-2640_CVE-2010-2641_CVE-2010-2642_CVE-2010-2643.patch
-
 BuildRequires:  gtk3-devel
 BuildRequires:  glib2-devel >= %{glib2_version}
 BuildRequires:  poppler-glib-devel >= %{poppler_version}
@@ -113,7 +110,6 @@ It adds an additional tab called "Document" to the file properties dialog.
 %prep
 %setup -q
 %patch2 -p1 -b .t1font-map
-%patch3 -p1 -b .CVE-2010-2640_CVE-2010-2641_CVE-2010-2642_CVE-2010-2643
 
 %build
 automake
@@ -153,25 +149,12 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
 rm -f $RPM_BUILD_ROOT%{_datadir}/icons/hicolor/icon-theme.cache
 
 
-%pre
-%gconf_schema_prepare evince-thumbnailer evince-thumbnailer-ps
-%gconf_schema_prepare evince-thumbnailer-comics evince-thumbnailer-djvu
-%gconf_schema_prepare evince-thumbnailer-dvi
-
 %post
-%gconf_schema_upgrade evince-thumbnailer evince-thumbnailer-ps
-%gconf_schema_upgrade evince-thumbnailer-comics evince-thumbnailer-djvu
-%gconf_schema_upgrade evince-thumbnailer-dvi
 update-desktop-database &> /dev/null ||:
 touch --no-create %{_datadir}/icons/hicolor >&/dev/null || :
 
 %post libs -p /sbin/ldconfig
 
-%preun
-%gconf_schema_remove evince-thumbnailer evince-thumbnailer-ps
-%gconf_schema_remove evince-thumbnailer-comics evince-thumbnailer-djvu
-%gconf_schema_remove evince-thumbnailer-dvi
-
 %postun
 update-desktop-database &> /dev/null ||:
 if [ $1 -eq 0 ]; then
@@ -189,7 +172,6 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas ||:
 %files -f evince.lang
 %defattr(-,root,root,-)
 %{_bindir}/*
-%{_sysconfdir}/gconf/schemas/*
 %{_datadir}/%{name}/
 %{_datadir}/applications/%{name}.desktop
 %{_datadir}/icons/hicolor/*/apps/evince.*
@@ -198,6 +180,7 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas ||:
 %{_datadir}/dbus-1/services/org.gnome.evince.Daemon.service
 %{_datadir}/glib-2.0/schemas/org.gnome.Evince.gschema.xml
 %{_datadir}/GConf/gsettings/evince.convert
+%{_datadir}/thumbnailers/evince.thumbnailer
 
 %files libs
 %defattr(-,root,root,-)
@@ -247,6 +230,10 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas ||:
 %{_libdir}/nautilus/extensions-3.0/libevince-properties-page.so
 
 %changelog
+* Wed Jan 12 2011 Marek Kasik <mkasik@redhat.com> - 2.91.5-2
+- Remove evince-CVE-2010-2640_CVE-2010-2641_CVE-2010-2642_CVE-2010-2643.patch
+- Change the way thumbnailer is integrated with system
+
 * Tue Jan 11 2011 Matthias Clasen <mclasen@redhat.com> 2.91.5-1
 - Update to 2.91.5