Compare commits
No commits in common. "c8" and "c8-beta" have entirely different histories.
@ -1,71 +0,0 @@
|
||||
From 2be95d23fcba59a45c594dcb8c48cf77eea91eb4 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Germ=C3=A1n=20Poo-Caama=C3=B1o?= <gpoo@gnome.org>
|
||||
Date: Mon, 18 May 2026 16:25:13 -0400
|
||||
Subject: [PATCH] shell: quote strings in arguments used when calling ev_spawn
|
||||
|
||||
When spawning a new instance, it is good practice to sanitize the
|
||||
arguments given to Evince, as those arguments may come from an
|
||||
untrusted source. We want to avoid those values could become
|
||||
unintended flags by the child process.
|
||||
|
||||
Fixes #2153
|
||||
---
|
||||
shell/ev-application.c | 20 ++++++++++++++------
|
||||
1 file changed, 14 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/shell/ev-application.c b/shell/ev-application.c
|
||||
index 4cc20b9a..697aea7f 100644
|
||||
--- a/shell/ev-application.c
|
||||
+++ b/shell/ev-application.c
|
||||
@@ -154,7 +154,7 @@ ev_spawn (const char *uri,
|
||||
guint timestamp)
|
||||
{
|
||||
GString *cmd;
|
||||
- gchar *path, *cmdline;
|
||||
+ gchar *path, *cmdline, *quoted;
|
||||
GAppInfo *app;
|
||||
GError *error = NULL;
|
||||
|
||||
@@ -179,18 +179,24 @@ ev_spawn (const char *uri,
|
||||
/* Page label */
|
||||
if (dest) {
|
||||
switch (ev_link_dest_get_dest_type (dest)) {
|
||||
- case EV_LINK_DEST_TYPE_PAGE_LABEL:
|
||||
+ case EV_LINK_DEST_TYPE_PAGE_LABEL: {
|
||||
+ quoted = g_shell_quote (ev_link_dest_get_page_label (dest));
|
||||
g_string_append_printf (cmd, " --page-label=%s",
|
||||
- ev_link_dest_get_page_label (dest));
|
||||
+ quoted);
|
||||
+ g_free (quoted);
|
||||
break;
|
||||
+ }
|
||||
case EV_LINK_DEST_TYPE_PAGE:
|
||||
g_string_append_printf (cmd, " --page-index=%d",
|
||||
ev_link_dest_get_page (dest) + 1);
|
||||
break;
|
||||
- case EV_LINK_DEST_TYPE_NAMED:
|
||||
+ case EV_LINK_DEST_TYPE_NAMED: {
|
||||
+ quoted = g_shell_quote (ev_link_dest_get_named_dest (dest));
|
||||
g_string_append_printf (cmd, " --named-dest=%s",
|
||||
- ev_link_dest_get_named_dest (dest));
|
||||
+ quoted);
|
||||
+ g_free (quoted);
|
||||
break;
|
||||
+ }
|
||||
default:
|
||||
break;
|
||||
}
|
||||
@@ -198,7 +204,9 @@ ev_spawn (const char *uri,
|
||||
|
||||
/* Find string */
|
||||
if (search_string) {
|
||||
- g_string_append_printf (cmd, " --find=%s", search_string);
|
||||
+ quoted = g_shell_quote (search_string);
|
||||
+ g_string_append_printf (cmd, " --find=%s", quoted);
|
||||
+ g_free (quoted);
|
||||
}
|
||||
|
||||
/* Mode */
|
||||
--
|
||||
2.52.0
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
|
||||
Name: evince
|
||||
Version: 3.28.4
|
||||
Release: 17%{?dist}
|
||||
Release: 16%{?dist}
|
||||
Summary: Document viewer
|
||||
|
||||
License: GPLv2+ and GPLv3+ and LGPLv2+ and MIT and Afmparse
|
||||
@ -47,10 +47,6 @@ Patch15: evince-3.28.4-Show-password-dialog-again.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2008310
|
||||
Patch16: evince-3.28.4-handle-clicks-in-forms.patch
|
||||
|
||||
# https://issues.redhat.com/browse/RHEL-184039
|
||||
# https://github.com/GNOME/evince/commit/970c219e861a5fcc3e7b9e05bedf18cf0de39245
|
||||
Patch17: evince-3.28.4-CVE-2026-46529.patch
|
||||
|
||||
BuildRequires: pkgconfig(adwaita-icon-theme)
|
||||
BuildRequires: pkgconfig(gio-unix-2.0) >= %{glib2_version}
|
||||
BuildRequires: pkgconfig(gnome-desktop-3.0)
|
||||
@ -279,10 +275,6 @@ desktop-file-validate $RPM_BUILD_ROOT%{_datadir}/applications/evince.desktop
|
||||
%{_libdir}/mozilla/plugins/libevbrowserplugin.so
|
||||
|
||||
%changelog
|
||||
* Tue Jun 16 2026 RHEL Packaging Agent <redhat-ymir-agent@redhat.com> - 3.28.4-17
|
||||
- Fix CVE-2026-46529: quote string arguments passed to ev_spawn
|
||||
- Resolves: RHEL-184039
|
||||
|
||||
* Mon Oct 4 2021 Marek Kasik <mkasik@redhat.com> - 3.28.4-16
|
||||
- Allow text entries to handle clicks
|
||||
- Resolves: #2008310
|
||||
|
||||
Loading…
Reference in New Issue
Block a user