commit f667599d9ab5f054ce402675f946eeb3470c5c10
Author: Matej Urbančič <mateju@svn.gnome.org>
Date: 2017-07-21
Updated Slovenian translation
M po/sl.po
commit efbd151d594ad117cfa381cdec0201648cddf7e0
Author: Bastien Nocera <hadess@hadess.net>
Date: 2017-07-17
comics: Fix extra ";" leading to a warning during installation
The concatenated mime-types end up with a ...mime-type;;mime-type...
pattern, an empty mime-type, which update-desktop-database doesn't
like.
Error in file "/usr/share/applications/evince.desktop": "" is an
invalid MIME type ("" does not contain a subtype)
See https://bugzilla.redhat.com/show_bug.cgi?id=1471474
https://bugzilla.gnome.org/show_bug.cgi?id=785026
M configure.ac
commit 717df38fd8509bf883b70d680c9b1b3cf36732ee
Author: Bastien Nocera <hadess@hadess.net>
Date: 2017-07-06
comics: Remove support for tar and tar-like commands
When handling tar files, or using a command with tar-compatible
syntax,
to open comic-book archives, both the archive name (the name of the
comics file) and the filename (the name of a page within the archive)
are quoted to not be interpreted by the shell.
But the filename is completely with the attacker's control and
can start
with "--" which leads to tar interpreting it as a command line flag.
This can be exploited by creating a CBT file (a tar archive with the
.cbt suffix) with an embedded file named something like this:
"--checkpoint-action=exec=bash -c 'touch ~/hacked;'.jpg"
CBT files are infinitely rare (CBZ is usually used for DRM-free
commercial releases, CBR for those from more dubious provenance), so
removing support is the easiest way to avoid the bug triggering. All
this code was rewritten in the development release for GNOME 3.26
to not
shell out to any command, closing off this particular attack vector.
This also removes the ability to use libarchive's bsdtar-compatible
binary for CBZ (ZIP), CB7 (7zip), and CBR (RAR) formats. The first two
are already supported by unzip and 7zip respectively. libarchive's RAR
support is limited, so unrar is a requirement anyway.
Discovered by Felix Wilhelm from the Google Security Team.
https://bugzilla.gnome.org/show_bug.cgi?id=784630
M backend/comics/comics-document.c
M configure.ac
commit 8b24be3b5606e9279d1fb50b908efd1e1ef12a7b
Author: Nelson Benítez León <nbenitezl+gnome@gmail.com>
Date: 2017-05-28
sidebar-thumbnails: fix clunky scrolling
Caused by GtkIconView doing an invalidate and relayout of *all*
items in the view anytime we update model data in any indiviual
item (which happens with all the items that are getting in and out
of the scrolling area while we scroll). This caused GtkIconView to
machine-gunned us with "size-allocate" signals, a signal we were
using to update thumbnails when the sidebar is resized.
Fixed by connecting to the GtkTreeModel "row-changed" signal before
GtkIconView does it, and stop emission from there.
As we don't depend now on "size-allocate" signals to show thumbnails
while we scroll, just queue a draw on the icon view when a
thumbnail finish rendering.
Thanks Jose Aliste for first spotting the problem.
https://bugzilla.gnome.org/show_bug.cgi?id=691448
M shell/ev-sidebar-thumbnails.c
commit d2cea51e6a49e7e151ad68e08f93a0b41b5c4af9
Author: Benjamin Berg <bberg@redhat.com>
Date: 2017-04-26
ev-sidebar-links: Optimize reverse link lookup for a page
For large documents the linear search for the first link that is on a
certain page is really slow. Because of this scrolling becomes slow
whenever the page changes.
Replace the linear search with a search in a binary tree populated
with
the first link on each page and the corresponding GtkTreePath. This
way
a specialized binary tree lookup can be used to find the closest
matching link and select that in the treeview.
https://bugzilla.gnome.org/show_bug.cgi?id=779614
M shell/ev-sidebar-links.c
commit 7ea03c80920631ac7975e5c693e16890a8589a80
Author: Yuras Shumovich <shumovichy@gmail.com>
Date: 2017-04-18
Update Belarusian translation
M po/be.po
commit a8363215f1bef942519a194d4589eea16cc51399
Author: gogo <trebelnik2@gmail.com>
Date: 2017-04-08
Update Croatian translation
M po/hr.po
commit 56a7a48cd7c2285d4752286ec4f25043f75b5fd1
Author: gogo <trebelnik2@gmail.com>
Date: 2017-04-08
Update Croatian translation
M po/hr.po
commit 76901d30572939df2287d683c88a66dfab7d91fa
Author: Tom Tryfonidis <tomtryf@gnome.org>
Date: 2017-04-07
Update Greek translation
M po/el.po
commit 4ecc65b085e905703ca5df2f0165e961f08a8125
Author: Bastien Nocera <hadess@hadess.net>
Date: 2017-03-21
thumbnailer: Also handle trash and recent files as local files
By searching for the target.
https://bugzilla.gnome.org/show_bug.cgi?id=780351
M thumbnailer/evince-thumbnailer.c
commit 37a1f9520d532415f7afba42d22ed10949b1ede4
Author: Bastien Nocera <hadess@hadess.net>
Date: 2017-03-21
thumbnailer: Don't copy remote files before thumbnailing
There's no need to copy the file locally when we can read it directly
through FUSE.
https://bugzilla.gnome.org/show_bug.cgi?id=780351
M thumbnailer/evince-thumbnailer.c
commit e64927d48b48ff91c9a403d20272e41326c2a611
Author: Georges Dupéron <georges.duperon@gmail.com>
Date: 2017-03-16
ev-view: Toggling OCG layer on next page only takes effect after
changing zoom level
https://bugzilla.gnome.org/show_bug.cgi?id=780139
M libview/ev-view.c
commit 11659af378a97ed43e2871cf4179122543634336
Author: Jason Crain <jason@inspiresomeone.us>
Date: 2017-03-26
a11y: Return correct start and end offsets
This modifies ev_page_accessible_get_range_for_boundary to ensure that
the start and end offsets it returns are within the allowed range.
https://bugzilla.gnome.org/show_bug.cgi?id=777992
M libview/ev-page-accessible.c
commit e0a7944d92c704aa80c31c08a383c92c302c19b1
Author: Jason Crain <jason@inspiresomeone.us>
Date: 2017-03-21
a11y: Fix crash with Orca screen reader
ev_page_accessible_get_substring gets called with out of bounds values
leading to a crash. Clamp start_offset to a valid range.
https://bugzilla.gnome.org/show_bug.cgi?id=777992
M libview/ev-page-accessible.c
commit 166566779b2e1ea5c09094d4c29cb11d1f945ad4
Author: Carlos Garcia Campos <carlosgc@gnome.org>
Date: 2017-03-20
release: 2.24.0
M NEWS
M configure.ac