atril/backend/dvi, branch v1.22.0 MATE document viewer dvi: Mitigate command injection attacks by quoting filename 2017-08-20T14:45:33+00:00 Tobias Mueller muelli@cryptobitch.de 2017-07-14T10:52:14+00:00 4650fb05e46e144be986a11a666a47add39b3799 With commit 1fcca0b8041de0d6074d7e17fba174da36c65f99 came a DVI backend. It exports to PDF via the dvipdfm tool. It calls that tool with the filename of the currently loaded document. If that filename is cleverly crafted, it can escape the currently used manual quoting of the filename. Instead of manually quoting the filename, we use g_shell_quote. https://bugzilla.gnome.org/show_bug.cgi?id=784947 origin commit: https://git.gnome.org/browse/evince/commit/?id=350404c 
With commit 1fcca0b8041de0d6074d7e17fba174da36c65f99 came a DVI backend.
It exports to PDF via the dvipdfm tool.
It calls that tool with the filename of the currently loaded document.
If that filename is cleverly crafted, it can escape the currently
used manual quoting of the filename.  Instead of manually quoting the
filename, we use g_shell_quote.

https://bugzilla.gnome.org/show_bug.cgi?id=784947

origin commit:
https://git.gnome.org/browse/evince/commit/?id=350404c
mdvi-lib: Fix compilation warning (const-correctness) 2017-08-20T14:35:37+00:00 Tobias Mueller muelli@cryptobitch.de 2017-07-20T02:35:29+00:00 6adf8d121576010e741d0302503f0bed25672004 const char accessed via pointer to char. backend/dvi/mdvi-lib/fontmap.c: In function ‘mdvi_init_fontmaps’: backend/dvi/mdvi-lib/fontmap.c:725:9: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers] config = kpse_cnf_get("mdvi-config"); ^ https://bugzilla.gnome.org/show_bug.cgi?id=784912 origin commit: https://git.gnome.org/browse/evince/commit/?id=e3dccc1 
const char accessed via pointer to char.

backend/dvi/mdvi-lib/fontmap.c: In function ‘mdvi_init_fontmaps’:
backend/dvi/mdvi-lib/fontmap.c:725:9: warning: assignment discards
‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
  config = kpse_cnf_get("mdvi-config");
         ^

https://bugzilla.gnome.org/show_bug.cgi?id=784912

origin commit:
https://git.gnome.org/browse/evince/commit/?id=e3dccc1
dvi: Use new font name instead of the old one 2016-06-29T14:23:03+00:00 raveit65 chat-to-me@raveit.de 2016-06-24T18:09:22+00:00 660f81b3fdcc0ca436c95eaf41885accd74ec034 https://bugzilla.gnome.org/show_bug.cgi?id=612298 taken from: https://git.gnome.org/browse/evince/commit/?id=8bab924 
https://bugzilla.gnome.org/show_bug.cgi?id=612298

taken from:
https://git.gnome.org/browse/evince/commit/?id=8bab924
dvi: Use t1 font mapping files 2016-06-29T14:23:03+00:00 raveit65 chat-to-me@raveit.de 2016-06-24T18:06:52+00:00 4bd77ab2a58733fd599912946e84b57904e3e040 http://bugzilla.gnome.org/show_bug.cgi?id=612298 taken from: https://git.gnome.org/browse/evince/commit/?id=dfbd28dfd9d790b5a3f39890f66a2da9a0d1c759 
http://bugzilla.gnome.org/show_bug.cgi?id=612298

taken from:
https://git.gnome.org/browse/evince/commit/?id=dfbd28dfd9d790b5a3f39890f66a2da9a0d1c759
Fix undefined variable warnings in dvi-backend 2016-06-24T18:48:20+00:00 raveit65 chat-to-me@raveit.de 2016-06-23T00:03:06+00:00 3018425dc1ec8955ec790f84a5cc8793190d0179 taken from: https://git.gnome.org/browse/evince/commit/?id=c8ce06b 
taken from:
https://git.gnome.org/browse/evince/commit/?id=c8ce06b
backend: drop some win32-specific stuff 2016-06-01T08:27:13+00:00 monsta monsta@inbox.ru 2016-06-01T08:20:57+00:00 415e00e359d2114a215289b4cf4c88368f232ba7 






dvi: fix crash due to regression
2015-11-05T11:42:20+00:00

monsta
monsta@inbox.ru

2015-11-05T11:42:20+00:00

aa97fdc1e1dc9ca08e70cbba9038da03f14d6261

fixes https://github.com/mate-desktop/atril/issues/164

regression has been introduced in https://github.com/mate-desktop/atril/commit/94dcb761b95ee54ef1f1512d59721932d75ffb7f





fixes https://github.com/mate-desktop/atril/issues/164

regression has been introduced in https://github.com/mate-desktop/atril/commit/94dcb761b95ee54ef1f1512d59721932d75ffb7f







Remove unused variables from mdvi-lib
2015-09-02T08:31:02+00:00

Hib Eris
hib@hiberis.nl

2011-12-19T13:03:10+00:00

76bc1b06283335481d7826e5eac8238e3547e6dc












dvi: Another fix for buffer overwrite in dvi-backend
2014-12-10T01:11:02+00:00

infirit
infirit@gmail.com

2014-12-10T01:11:02+00:00

bf6e3391b82844e8b6aec0f26332b9e2df41edf8

Taken from evince commit: efadec4ffcdde3373f6f4ca0eaac98dc963c4fd5
From: Scott Reeves <sreeves@novell.com>
Gnome bug: https://bugzilla.gnome.org/show_bug.cgi?id=643882





Taken from evince commit: efadec4ffcdde3373f6f4ca0eaac98dc963c4fd5
From: Scott Reeves <sreeves@novell.com>
Gnome bug: https://bugzilla.gnome.org/show_bug.cgi?id=643882







backends: Fix another security issue in the dvi-backend
2014-12-10T00:48:23+00:00

infirit
infirit@gmail.com

2014-12-10T00:48:23+00:00

4df03e6ebcf0443429d17027026532336e4b0aca

Taken from evince commit: 439c5070022eab6cef7266aab47f978058012c72
From: Vincent Untz <vuntz@gnome.org>
Gnome bug: https://bugzilla.gnome.org/show_bug.cgi?id=640923





Taken from evince commit: 439c5070022eab6cef7266aab47f978058012c72
From: Vincent Untz <vuntz@gnome.org>
Gnome bug: https://bugzilla.gnome.org/show_bug.cgi?id=640923