* Add support for Adobe Illustrator documents (#311990, Bastien
Nocera)
* The comics backend now uses libarchive and unarr instead of
spawning commands (#720742, Bastien Nocera)
* Add flag EV_DOCUMENT_LOAD_FLAG_NO_CACHE to not setup the
document cache during the load. It will be setup later only if
needed (#780210, Bastien Nocera, Carlos Garcia Campos)
* Speed up thumbnailing by using EV_DOCUMENT_LOAD_FLAG_NO_CACHE
flag (#780210, Bastien Nocera)
* Improve performance of the links sidebar (#779614, Benjamin
Berg)
* Select the active file when open containing folder (#741377,
Germán Poo-Caamaño)
* Improve performance of scrolling in thumbnails sidebar (#691448,
Nelson Benítez León)
* Don't copy remote files before thumbnailing (#780351, Bastien
Nocera)
* Fix toggling layers that are not in the current visible range of
pages (#780139, Georges Dupéron)
#342110, Nelson Benítez León)
+ many bugfixes and translation updates
Unsorted entries in PLIST files have generated a pkglint warning for at
least 12 years. Somewhat more recently, pkglint has learned to sort
PLIST files automatically. Since pkglint 5.4.23, the sorting is only
done in obvious, simple cases. These have been applied by running:
pkglint -Cnone,PLIST -Wnone,plist-sort -r -F
note: script detailed in `man revbump` insisted on bumping pkgrevision of
print/poppler, it's probably wrong, but not committing this change is wronger.
- Revert "Move gdbus-codegen users to py-glib2-tools by including
glib2/buildtools.mk" 1f764df
- while here change to TOOL_DEPENDS
- switch from py-glib2-tools to glib2-tools
[ The CVE was already patched in 3.22.1nb6 by maya@ ]
================
Evince 3.24.1
================
Bug fixes:
* Remove support for tar and tar-like commands in commics backend
(CVE-2017-1000083, #784630, Bastien Nocera)
* Improve performance of the links sidebar (#779614, Benjamin Berg)
* Improve performance of scrolling in thumbnails sidebar (#691448,
Nelson Benítez León)
* Don't copy remote files before thumbnailing (#780351, Bastien
Nocera)
* Fix toggling layers that are not in the current visible range of
pages (#780139, Georges Dupéron)
* Fix ev_page_accessible_get_range_for_boundary() to ensure the
start and end offsets it returns are within the allowed range
(#777992, Jason Crain)
* Fix crash with Orca screen reader (#777992, Jason Crain)
================
Evince 3.24.0
================
New features and improvements:
* Ask the user before automatically reloading the document when
it has been modified (#769123, Jose Aliste)
* Use IBEAM cursor for TEXT_MARKUP annotations (#774018, Philipp Raich)
Bug fixes:
* Hide search bar when entering presentation mode (#775536, Simon Nagl)
* Sort bookmarks by page number instead of title (#772277, Felipe Borges)
* Sort pages in natural order in comics backend (#770695, Felipe Borges)
* Fix a crash due to an invalid access to the height page cache in
continuous dual mode (#771612, Tobias Mueller)
* Use Unicode in translatable strings (#774005, Piotr Drag)
* Fix incorrect return type (#780206, Bastien Nocera)
From 717df38fd8509bf883b70d680c9b1b3cf36732ee Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Thu, 6 Jul 2017 20:02:00 +0200
Subject: [PATCH] comics: Remove support for tar and tar-like commands
When handling tar files, or using a command with tar-compatible syntax,
to open comic-book archives, both the archive name (the name of the
comics file) and the filename (the name of a page within the archive)
are quoted to not be interpreted by the shell.
But the filename is completely with the attacker's control and can start
with "--" which leads to tar interpreting it as a command line flag.
This can be exploited by creating a CBT file (a tar archive with the
.cbt suffix) with an embedded file named something like this:
"--checkpoint-action=exec=bash -c 'touch ~/hacked;'.jpg"
CBT files are infinitely rare (CBZ is usually used for DRM-free
commercial releases, CBR for those from more dubious provenance), so
removing support is the easiest way to avoid the bug triggering. All
this code was rewritten in the development release for GNOME 3.26 to not
shell out to any command, closing off this particular attack vector.
This also removes the ability to use libarchive's bsdtar-compatible
binary for CBZ (ZIP), CB7 (7zip), and CBR (RAR) formats. The first two
are already supported by unzip and 7zip respectively. libarchive's RAR
support is limited, so unrar is a requirement anyway.
Discovered by Felix Wilhelm from the Google Security Team.
https://bugzilla.gnome.org/show_bug.cgi?id=784630
Bump PKGREVISION
Highlights:
* Fix several memory leaks (#770070 and #770069, Eric R. Schulz)
* Fix scaling calculation in PostScript backend (#755776, Jason Crain)
* Fix a crash when processing button events in EvView (#769700, Marek Kasik)
* Fix a crash when opening a copy of a document with annotation
popup windows (#760299, Jose Aliste)
* Improve annotation properties dialog UI (#767895, Trinh Anh Ngoc)
* Fix build with GCC 6 (Michael Catanzaro)
Full list of changes at:
https://git.gnome.org/browse/evince/tree/NEWS?h=3.22.1
================
Evince 3.20.0
================
Translation updates:
* scootergrisen (da)
* dooteo (eu)
* Gabor Kelemen (hu)
* Gianvito Cavasoli (it)
* Jiro Matsuzawa (ja)
* Changwoo Ryu (ko)
================
Evince 3.19.92
================
New features and improvements:
* Use a popover for view and action menus (#760527, Felipe Borges)
* Add shortcuts help window (#757828, Felipe Borges)
* Add Shift+Space keybinding to go back in presentation mode
(#758162, Jaakko Hannikainen)
* Rename links sidebar title from Index to Outline (#732547,
Germán Poo-Caamaño)
* Add missing tooltips to the headerbar (#595467, Germán
Poo-Caamaño)
* Show the page label instead of page number in find sidebar
(#756683, Germán Poo-Caamaño)
* Add a systemd user unit corresponding to the D-Bus session
service (#755897, Simon McVittie)
* Recognize multipage DjVu MIME type (#754467, Marek Kasik)
* Add support for utf8 filenames on Mac OS X to comics backend
(#761161, Tom Schoonjans)
Bug fixes:
* Fix text selection on Wayland (#759506, Marek Kasik)
* Manually destroy the search popover on toolbar dispose in
browser plugin to try to fix a crashes on plugin destruction
(#762838, Carlos Garcia Campos)
* Check boundaries of accessible pages to avoid crashes when the
document is reloaded due to changes in the document file
(#735744, Germán Poo-Caamaño)
* Fix translations in thumbnailer help message (#760418, Ting-Wei Lan)
* Fix text selections in annotation popups (#749727, Giselle Reis)
* Fix special characters in path to cbz (#643843, Jürn Brodersen)
* Fix css style of loading message (#758356, Germán Poo-Caamaño)
* Fix warning with no document loaded (#758596, Bastien Nocera)
* Fix unbalanced quote in configure script (Bastien Nocera)
* Fix installation of symbolic app icon (Michael Catanzaro)
* Fix the position of the zoom action GtkPopover in Wayland
(#756976, Germán Poo-Caamaño)
* Make the message area work in recent view mode too (#755064,
Felipe Borges)
* Fix performance regression with recent versions of GTK+ when
getting colors from GtkStyleContext for a different state
(#755442, Sebastian Keller)
* Fix a crash in PDF backend when opening documents containing screen
annotations with no actions (#756572, Germán Poo-Caamaño)
* Ignore right clicks while adding new annotations (#755619, José Aliste)
* Escape bookmark titles to be correctly rendered when they
contain characters like & (#66301, José Aliste)
* Fix handling of multiple files provided as command line
arguments (#755796, Felipe Borges)
* Do not crash when the rendering or thumbnail jobs fail (#744049,
Marek Kasik)
Translation updates:
* Khaled Hosny (ar)
* Alexander Shopov (bg)
* Sadia Afroz (bn)
* Samir Ribić (bs)
* David Medina (ca)
* Marek Černocký (cs)
* Mario Blättermann (de)
* Dawa pemo (dz)
* Efstathios Iosifidis (el)
* Daniel Mustieles (es)
* Inaki Larranaga Murgoitio (eu)
* Jiri Grönroos (fi)
* Claude Paroz (fr)
* GunChleoc (gd)
* Fran Dieguez (gl)
* Yosef Or Boczko (he)
* Meskó Balázs (hu)
* Claudio Arseni (it)
* Jiro Matsuzawa (ja)
* Baurzhan Muftakhidinov (kk)
* Khoem Sokhem (km)
* Rakesh Pandit (ks)
* Erdal Ronahî (ku)
* Aurimas Černius (lt)
* Rūdolfs Mazurs (lv)
* Badral (mn)
* Sandeep Shedmake (mr)
* Umarzuki Bin Mochlis Moktar (ms)
* KYAW MYAT THU (my)
* Åka Sikrom (nb)
* Nils-Christoph Fiedler (nds)
* Narayan Kumar Magar (ne)
* Cédric Valmary (totenoc.eu) (oc)
* Manoj Kumar Giri (or)
* A S Alam (pa)
* Piotr Drąg (pl)
* Fábio Nogueira (pt_BR)
* Pedro Albuquerque (pt)
* Daniel Șerbănescu (ro)
* Stas Solovey (ru)
* Danishka Navin (si)
* Dušan Kazik (sk)
* Miroslav Nikolić (sr@latin)
* Мирослав Николић (sr)
* Sebastian Rasmussen (sv)
* Shantha kumar (ta)
* Krishnababu Krothapalli (te)
* Victor Ibragimov (tg)
* Theppitak Karoonboonyanan (th)
* Gheyret Kenji (ug)
* Daniel Korostil (uk)
* Trần Ngọc Quân (vi)
* YunQiang Su (zh_CN)
* Chao-Hsiung Liao (zh_TW)
pkgsrc changes:
o Add gstreamer option (disabled by default) to enable embedded multimedia in
PDF documents
Changes:
================
Evince 3.18.2
================
Bug fixes:
* Fix the position of the zoom action GtkPopover in Wayland
(#756976, Germán Poo-Caamaño)
Translation updates:
* Daniel Șerbănescu (ro)
================
Evince 3.18.1
================
Bug fixes:
* Fix performance regression with recent versions of GTK+ when
getting colors from GtkStyleContext for a different state
(#755442, Sebastian Keller)
* Fix a crash in PDF backend when opening documents containing screen
annotations with no actions (#756572, Germán Poo-Caamaño)
* Ignore right clicks while adding new annotations (#755619, José Aliste)
* Escape bookmark titles to be correctly rendered when they
contain characters like & (#66301, José Aliste)
* Fix handling of multiple files provided as command line
arguments (#755796, Felipe Borges)
* Show error messages also in recent view mode (#755064, Felipe Borges)
* Do not crash when the rendering or thumbnail jobs fail (#744049,
Marek Kasik)
Translation updates:
* Khaled Hosny (ar)
* Sadia Afroz (bn)
* Samir Ribić (bs)
* František Zatloukal (cs)
* Dawa pemo (dz)
* Inaki Larranaga Murgoitio (eu)
* Jiri Grönroos (fi)
* Claudio Arseni (it)
* Jiro Matsuzawa (ja)
* Khoem Sokhem (km)
* Rakesh Pandit (ks)
* Erdal Ronahî (ku)
* Badral (mn)
* Sandeep Shedmake (mr)
* Umarzuki Bin Mochlis Moktar (ms)
* KYAW MYAT THU (my)
* Nils-Christoph Fiedler (nds)
* Narayan Kumar Magar (ne)
* Manoj Kumar Giri (or)
* Rafael Fontenelle (pt_BR)
* Pedro Albuquerque (pt)
* Danishka Navin (si)
* Dušan Kazik (sk)
* Miloš Popović (sr@latin)
* Милош Поповић (sr)
* Shantha kumar (ta)
* Krishnababu Krothapalli (te)
* Victor Ibragimov (tg)
* Gheyret Kenji (ug)
* Trần Ngọc Quân (vi)
* YunQiang Su (zh_CN)
================
Evince 3.18.0
================
Translation updates:
* František Zatloukal (cs)
* scootergrisen (da)
* Christian Kirbach (de)
* Tom Tryfonidis (el)
* Leonor Palazzo (fr)
* Rūdolfs Mazurs (lv)
* Piotr Drąg (pl)
================
Evince 3.17.92
================
Bug fixes:
* When copying a file, use the default permissions for the new
file instead of copying the ones from the original file
(#753019, Marek Kasik)
Translation updates:
* Daniel (an)
* Marek Černocký (cs)
* Tom Tryfonidis (el)
* Daniel Mustieles (es)
* Arash Mousavi (fa)
* Alexandre Franke (fr)
* Fabio Tomat (fur)
* Fran Dieguez (gl)
* Gabor Kelemen (hu)
* Andika Triwidada (id)
* Sveinn í Felli (is)
* Baurzhan Muftakhidinov (kk)
* Changwoo Ryu (ko)
* Aurimas Černius (lt)
* Åka Sikrom (nb)
* Piotr Drąg (pl)
* Enrico Nicoletto (pt_BR)
* Yuri Myasoedov (ru)
* Dušan Kazik (sk)
* Anders Jonsson (sv)
* Muhammet Kara (tr)
* Chao-Hsiung Liao (zh_TW)
================
Evince 3.17.4
================
New features and improvements:
* The sidebar tab to add new annotations has been removed, and a
new annotations toolbar has been added making it easier to
discover and more convenient to annotate documents (#649045,
Carlos Garcia Campos)
Translation updates:
* Benjamin Steinwender (de)
* Daniel Mustieles (es)
* Yosef Or Boczko (he)
* Balázs Úr (hu)
* Pedro Albuquerque (pt)
* Stas Solovey (ru)
* Dušan Kazik (sk)
* Matej Urbančič (sl)
* Victor Ibragimov (tg)
================
Evince 3.17.3
================
New features and improvements:
* Add initial support for adding highlight annotations (#583377,
Giselle Machado, Carlos Garcia Campos)
* Add support for squiggly hightlight annotations too (#750612,
Philipp Reinkemeier)
* Add support for moving text annotations (#649043, Philipp
Reinkemeier)
* Force text annotations to have a fixed size 24x24 (#685334,
Philipp Reinkemeier)
* Handle GTK_SCROLL_START/GTK_SCROLL_END also in fit-to-page mode
(#737996, Carlos Garcia Campos)
Bug fixes:
* Do not loose annotations properties when changing the subtype of
a highlight annotation (#750548, Philipp Reinkemeier)
* Only try to move the focus to different page when the current
page has a focused element to prevent the view from jumping to
the first/last page when TAB is pressed and there aren't
focusable elements in the document (#741979, Carlos Garcia
Campos)
Translation updates:
* Benjamin Steinwender (de)
* Daniel Mustieles (es)
* Daniel Șerbănescu (ro)
* Muhammet Kara (tr)
* Chao-Hsiung Liao (zh_TW)
================
Evince 3.17.2
================
New features and improvements:
* Add initial support for PDF multimedia using GStreamer (#573748,
Carlos Garcia Campos)
Bug fixes:
* Add accessible relations between the labels in properties dialog
(#749127, Joanmarie Diggs)
Translation updates:
* David (ca)
* Daniel Mustieles (es)
* Åka Sikrom (nb)
* Cédric Valmary (Tot en òc) (oc)
* Antonio Fernandes C. Neto (pt_BR)
* Dušan Kazik (sk)
* Matej Urbančič (sl)
* Victor Ibragimov (tg)
* YunQiang Su (zh_CN)
================
Evince 3.17.1
================
New features and improvements:
* Provide a symbolic variant of the app icon (#746844, Jakub Steiner)
* Add search support to browser plugin (Carlos Garcia Campos)
* Create popup windows for all markup annotation that can have a
popup associated (#733603, Philipp Reinkemeier)
* Add shortcuts for Continuous and Dual modes (#670964, boisjaune)
* Remove custom search bar implementation and use GtkSearchBar
instead (Carlos Garcia Campos)
Bug fixes:
* Never save n-copies in the persistent print-settings file
(#748549, José Aliste)
* Fix the background color of annotation popup windows (#732211,
Giselle Machado)
Translation updates:
* Daniel (an)
* Khaled Hosny (ar)
* David (ca)
* Marek Černocký (cs)
* Tom Tryfonidis (el)
* Daniel Puentes (eo)
* Daniel Mustieles (es)
* Yosef Or Boczko (he)
* Gabor Kelemen (hu)
* Sveinn í Felli (is)
* Stas Solovey (ru)
Problems found locating distfiles:
Package acroread7: missing distfile AdobeReader_enu-7.0.9-1.i386.tar.gz
Package acroread8: missing distfile AdobeReader_enu-8.1.7-1.sparc.tar.gz
Package cups-filters: missing distfile cups-filters-1.1.0.tar.xz
Package dvidvi: missing distfile dvidvi-1.0.tar.gz
Package lgrind: missing distfile lgrind.tar.bz2
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
