Fix crash in EvMediaPlayerKeys

Resolves: #1359507

.gitignore

@@ -1,65 +1,2 @@
-evince-3.0.0.tar.bz2
-/evince-3.1.2.tar.bz2
-/evince-3.1.90.tar.bz2
-/evince-3.2.0.tar.xz
-/evince-3.2.1.tar.xz
-/evince-3.3.2.tar.xz
-/evince-3.3.3.tar.xz
-/evince-3.3.3.1.tar.xz
-/evince-3.3.4.tar.xz
-/evince-3.3.5.tar.xz
-/evince-3.3.90.tar.xz
-/evince-3.3.92.tar.xz
-/evince-3.4.0.tar.xz
-/evince-3.5.2.tar.xz
-/evince-3.5.3.tar.xz
-/evince-3.5.4.tar.xz
-/evince-3.5.5.tar.xz
-/evince-3.5.90.tar.xz
-/evince-3.5.92.tar.xz
-/evince-3.6.0.tar.xz
-/evince-3.6.1.tar.xz
-/evince-3.7.1.tar.xz
-/evince-3.7.4.tar.xz
-/evince-3.7.5.tar.xz
-/evince-3.7.90.tar.xz
-/evince-3.7.92.tar.xz
-/evince-3.8.0.tar.xz
-/evince-3.8.2.tar.xz
-/evince-3.9.2.tar.xz
-/evince-3.9.3.tar.xz
-/evince-3.9.4.tar.xz
-/evince-3.9.90.tar.xz
-/evince-3.10.0.tar.xz
-/evince-3.11.1.tar.xz
-/evince-3.11.3.tar.xz
-/evince-3.11.90.tar.xz
-/evince-3.11.92.tar.xz
-/evince-3.12.0.tar.xz
-/evince-3.12.1.tar.xz
-/evince-3.13.3.tar.xz
-/evince-3.13.3.1.tar.xz
-/evince-3.13.90.tar.xz
-/evince-3.13.91.tar.xz
-/evince-3.13.92.tar.xz
-/evince-3.14.0.tar.xz
-/evince-3.14.1.tar.xz
-/evince-3.15.4.tar.xz
-/evince-3.15.90.tar.xz
-/evince-3.15.92.tar.xz
-/evince-3.16.0.tar.xz
-/evince-3.17.1.tar.xz
-/evince-3.17.2.tar.xz
-/evince-3.17.3.tar.xz
-/evince-3.17.4.tar.xz
-/evince-3.17.92.tar.xz
-/evince-3.18.0.tar.xz
-/evince-3.18.1.tar.xz
-/evince-3.18.2.tar.xz
-/evince-3.19.92.tar.xz
-/evince-3.20.0.tar.xz
-/evince-3.21.3.tar.xz
-/evince-3.21.4.tar.xz
-/evince-3.21.92.tar.xz
-/evince-3.22.0.tar.xz
-/evince-3.22.1.tar.xz
+/evince-3.24.1.tar.xz
+/evince-3.24.2.tar.xz

0001-dvi-Mitigate-command-injection-attacks-by-quoting-fi.patch

@@ -0,0 +1,42 @@
+From 350404c76dc8601e2cdd2636490e2afc83d3090e Mon Sep 17 00:00:00 2001
+From: Tobias Mueller <muelli@cryptobitch.de>
+Date: Fri, 14 Jul 2017 12:52:14 +0200
+Subject: [PATCH] dvi: Mitigate command injection attacks by quoting filename
+
+With commit 1fcca0b8041de0d6074d7e17fba174da36c65f99 came a DVI backend.
+It exports to PDF via the dvipdfm tool.
+It calls that tool with the filename of the currently loaded document.
+If that filename is cleverly crafted, it can escape the currently
+used manual quoting of the filename.  Instead of manually quoting the
+filename, we use g_shell_quote.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=784947
+---
+ backend/dvi/dvi-document.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/backend/dvi/dvi-document.c b/backend/dvi/dvi-document.c
+index 4a896e2..2887770 100644
+--- a/backend/dvi/dvi-document.c
++++ b/backend/dvi/dvi-document.c
+@@ -300,12 +300,14 @@ dvi_document_file_exporter_end (EvFileExporter *exporter)
+ 	gboolean success;
+ 	
+ 	DviDocument *dvi_document = DVI_DOCUMENT(exporter);
++	gchar* quoted_filename = g_shell_quote (dvi_document->context->filename);
+ 	
+-	command_line = g_strdup_printf ("dvipdfm %s -o %s \"%s\"", /* dvipdfm -s 1,2,.., -o exporter_filename dvi_filename */
++	command_line = g_strdup_printf ("dvipdfm %s -o %s %s", /* dvipdfm -s 1,2,.., -o exporter_filename dvi_filename */
+ 					dvi_document->exporter_opts->str,
+ 					dvi_document->exporter_filename,
+-					dvi_document->context->filename);
+-	
++					quoted_filename);
++	g_free (quoted_filename);
++
+ 	success = g_spawn_command_line_sync (command_line,
+ 					     NULL,
+ 					     NULL,
+-- 
+2.9.5
+

0001-gnome-692552-don-t-complain-about-inability-to-copy-.patch

@@ -1,33 +0,0 @@
-From 15e7b658315d0a9254e5c2ff7fcc1a15a15dceef Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
-Date: Fri, 9 Dec 2016 12:09:02 +0000
-Subject: [PATCH] gnome#692552 don't complain about inability to copy metadata
-
-related rhbz#1022649
-
-nautilus just takes the view that copying metadata is a "nice to have",
-but if it doesn't work it's not a hard error so just do that
----
- libview/ev-jobs.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/libview/ev-jobs.c b/libview/ev-jobs.c
-index dea5aa4..f24808b 100644
---- a/libview/ev-jobs.c
-+++ b/libview/ev-jobs.c
-@@ -1574,8 +1574,10 @@ ev_job_save_run (EvJob *job)
- 	ev_tmp_uri_unlink (local_uri);
- 
-         /* Copy the metadata from the original file */
--        if (!error)
--                ev_file_copy_metadata (job_save->document_uri, job_save->uri, &error);
-+        if (!error) {
-+                /* Ignore errors here. Failure to copy metadata is not a hard error */
-+                ev_file_copy_metadata (job_save->document_uri, job_save->uri, NULL);
-+        }
- 
- 	if (error) {
- 		ev_job_failed_from_error (job, error);
--- 
-2.9.3
-

evince-3.24.2-media-player-keys.patch

@@ -0,0 +1,43 @@
+diff --git a/shell/ev-media-player-keys.c b/shell/ev-media-player-keys.c
+index a0075edc..63a1344c 100644
+--- a/shell/ev-media-player-keys.c
++++ b/shell/ev-media-player-keys.c
+@@ -41,8 +41,9 @@ struct _EvMediaPlayerKeys
+ {
+ 	GObject        parent;
+ 
+-        GDBusProxy *proxy;
+-	gboolean    has_name_owner;
++        GDBusProxy   *proxy;
++	gboolean      has_name_owner;
++	GCancellable *service_appearance_cancellable;
+ };
+ 
+ struct _EvMediaPlayerKeysClass
+@@ -187,13 +188,15 @@ mediakeys_service_appeared_cb (GObject      *source_object,
+ static void
+ ev_media_player_keys_init (EvMediaPlayerKeys *keys)
+ {
++	keys->service_appearance_cancellable = g_cancellable_new ();
++
+ 	g_dbus_proxy_new_for_bus (G_BUS_TYPE_SESSION,
+ 				  G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES,
+ 				  NULL,
+ 				  SD_NAME,
+ 				  SD_OBJECT_PATH,
+ 				  SD_INTERFACE,
+-				  NULL,
++				  keys->service_appearance_cancellable,
+ 				  mediakeys_service_appeared_cb,
+ 				  keys);
+ }
+@@ -212,6 +215,9 @@ ev_media_player_keys_finalize (GObject *object)
+ {
+ 	EvMediaPlayerKeys *keys = EV_MEDIA_PLAYER_KEYS (object);
+ 
++	g_cancellable_cancel (keys->service_appearance_cancellable);
++	g_object_unref (keys->service_appearance_cancellable);
++
+         if (keys->proxy != NULL) {
+ 		ev_media_player_keys_release_keys (keys);
+                 g_object_unref (keys->proxy);

evince.spec

@@ -4,22 +4,26 @@
 %global gxps_version 0.2.1
 
 Name:           evince
-Version:        3.22.1
-Release:        6%{?dist}
+Version:        3.24.2
+Release:        3%{?dist}
 Summary:        Document viewer
 
 License:        GPLv2+ and GPLv3+ and LGPLv2+ and MIT and Afmparse
 URL:            https://wiki.gnome.org/Apps/Evince
-Source0:        https://download.gnome.org/sources/%{name}/3.22/%{name}-%{version}.tar.xz
+Source0:        https://download.gnome.org/sources/%{name}/3.24/%{name}-%{version}.tar.xz
 
 Patch0:         evince-3.21.4-NPNVToolKit.patch
-#https://bugzilla.gnome.org/show_bug.cgi?id=692552
-Patch1:         0001-gnome-692552-don-t-complain-about-inability-to-copy-.patch
-#https://bugzilla.gnome.org/show_bug.cgi?id=777082
+# https://bugzilla.gnome.org/show_bug.cgi?id=777082
 Patch2:         0001-Resolves-rhbz-1404656-crash-on-opening-second-evince.patch
-#https://bugzilla.gnome.org/show_bug.cgi?id=766749
+# https://bugzilla.gnome.org/show_bug.cgi?id=766749
 Patch3:         0001-Resolves-deb-762530-rhbz-1061177-add-man-pages.patch
 Patch4:         0001-Resolves-rhbz-1358249-page-up-down.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1468488
+Patch5:         evince-libarchive-gnome-3-24.patch
+# https://bugzilla.gnome.org/show_bug.cgi?id=784947
+Patch6:         0001-dvi-Mitigate-command-injection-attacks-by-quoting-fi.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1359507
+Patch7:         evince-3.24.2-media-player-keys.patch
 
 BuildRequires:  pkgconfig(adwaita-icon-theme)
 BuildRequires:  pkgconfig(gio-unix-2.0) >= %{glib2_version}
@@ -30,6 +34,7 @@ BuildRequires:  pkgconfig(libsecret-1)
 BuildRequires:  pkgconfig(libspectre)
 BuildRequires:  pkgconfig(libxml-2.0)
 BuildRequires:  pkgconfig(poppler-glib) >= %{poppler_version}
+BuildRequires:  pkgconfig(libarchive)
 BuildRequires:  libtiff-devel
 BuildRequires:  gettext
 BuildRequires:  libtool
@@ -66,7 +71,9 @@ installing additional backends.
 
 %package libs
 Summary: Libraries for the evince document viewer
+%if 0%{?fedora}
 Recommends: %{name}-djvu%{?_isa} = %{version}-%{release}
+%endif
 
 %description libs
 This package contains shared libraries needed for evince
@@ -122,6 +129,7 @@ This package contains the evince web browser plugin.
 %autosetup -p1
 
 %build
+aclocal
 %configure \
         --disable-static \
         --enable-introspection \
@@ -262,6 +270,30 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas >&/dev/null ||:
 %{_libdir}/mozilla/plugins/libevbrowserplugin.so
 
 %changelog
+* Wed May  9 2018 Marek Kasik <mkasik@redhat.com> - 3.24.2-3
+- Fix crash in EvMediaPlayerKeys
+- Resolves: #1359507
+
+* Wed Dec 06 2017 Caolán McNamara <caolanm@redhat.com> - 3.24.2-2
+- Resolves: rhbz#1521212 CVE-2017-1000159
+
+* Tue Oct 10 2017 David Tardon <dtardon@redhat.com> - 3.24.2-1
+- Resolves: rhbz#1499852 update to 3.24.2
+
+* Sat Aug 19 2017 Caolán McNamara <caolanm@redhat.com> - 3.24.1-1
+- Resolves: rhbz#1483219 update to 3.24.1
+
+* Fri Jul 07 2017 Bastien Nocera <bnocera@redhat.com> - 3.24.0-3
++ evince-3.24.0-3
+- Use libarchive to handle compressed comics documents
+Resolves: #1468488
+
+* Mon Jun 19 2017 Caolán McNamara <caolanm@redhat.com> - 3.24.0-2
+- Resolves: rhbz#1462778 page thumbnails disappear after "invert colors"
+
+* Tue Mar 21 2017 Kalev Lember <klember@redhat.com> - 3.24.0-1
+- Update to 3.24.0
+
 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.22.1-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
 

sources

@@ -1 +1 @@
-1251d4527b5181165d56c588f847250c  evince-3.22.1.tar.xz
+SHA512 (evince-3.24.2.tar.xz) = 77e099ff60188f982a49f5c8287eb2ed8d42402a15a54ccf8367b3814e7e16ba31354363d3f101117153792daa96f653f24bb06193b5e749d0ebfaac7d7c1e0f