commit f667599d9ab5f054ce402675f946eeb3470c5c10 Author: Matej Urbančič Date: 2017-07-21 Updated Slovenian translation M po/sl.po commit efbd151d594ad117cfa381cdec0201648cddf7e0 Author: Bastien Nocera Date: 2017-07-17 comics: Fix extra ";" leading to a warning during installation The concatenated mime-types end up with a ...mime-type;;mime-type... pattern, an empty mime-type, which update-desktop-database doesn't like. Error in file "/usr/share/applications/evince.desktop": "" is an invalid MIME type ("" does not contain a subtype) See https://bugzilla.redhat.com/show_bug.cgi?id=1471474 https://bugzilla.gnome.org/show_bug.cgi?id=785026 M configure.ac commit 717df38fd8509bf883b70d680c9b1b3cf36732ee Author: Bastien Nocera Date: 2017-07-06 comics: Remove support for tar and tar-like commands When handling tar files, or using a command with tar-compatible syntax, to open comic-book archives, both the archive name (the name of the comics file) and the filename (the name of a page within the archive) are quoted to not be interpreted by the shell. But the filename is completely with the attacker's control and can start with "--" which leads to tar interpreting it as a command line flag. This can be exploited by creating a CBT file (a tar archive with the .cbt suffix) with an embedded file named something like this: "--checkpoint-action=exec=bash -c 'touch ~/hacked;'.jpg" CBT files are infinitely rare (CBZ is usually used for DRM-free commercial releases, CBR for those from more dubious provenance), so removing support is the easiest way to avoid the bug triggering. All this code was rewritten in the development release for GNOME 3.26 to not shell out to any command, closing off this particular attack vector. This also removes the ability to use libarchive's bsdtar-compatible binary for CBZ (ZIP), CB7 (7zip), and CBR (RAR) formats. The first two are already supported by unzip and 7zip respectively. libarchive's RAR support is limited, so unrar is a requirement anyway. Discovered by Felix Wilhelm from the Google Security Team. https://bugzilla.gnome.org/show_bug.cgi?id=784630 M backend/comics/comics-document.c M configure.ac commit 8b24be3b5606e9279d1fb50b908efd1e1ef12a7b Author: Nelson Benítez León Date: 2017-05-28 sidebar-thumbnails: fix clunky scrolling Caused by GtkIconView doing an invalidate and relayout of *all* items in the view anytime we update model data in any indiviual item (which happens with all the items that are getting in and out of the scrolling area while we scroll). This caused GtkIconView to machine-gunned us with "size-allocate" signals, a signal we were using to update thumbnails when the sidebar is resized. Fixed by connecting to the GtkTreeModel "row-changed" signal before GtkIconView does it, and stop emission from there. As we don't depend now on "size-allocate" signals to show thumbnails while we scroll, just queue a draw on the icon view when a thumbnail finish rendering. Thanks Jose Aliste for first spotting the problem. https://bugzilla.gnome.org/show_bug.cgi?id=691448 M shell/ev-sidebar-thumbnails.c commit d2cea51e6a49e7e151ad68e08f93a0b41b5c4af9 Author: Benjamin Berg Date: 2017-04-26 ev-sidebar-links: Optimize reverse link lookup for a page For large documents the linear search for the first link that is on a certain page is really slow. Because of this scrolling becomes slow whenever the page changes. Replace the linear search with a search in a binary tree populated with the first link on each page and the corresponding GtkTreePath. This way a specialized binary tree lookup can be used to find the closest matching link and select that in the treeview. https://bugzilla.gnome.org/show_bug.cgi?id=779614 M shell/ev-sidebar-links.c commit 7ea03c80920631ac7975e5c693e16890a8589a80 Author: Yuras Shumovich Date: 2017-04-18 Update Belarusian translation M po/be.po commit a8363215f1bef942519a194d4589eea16cc51399 Author: gogo Date: 2017-04-08 Update Croatian translation M po/hr.po commit 56a7a48cd7c2285d4752286ec4f25043f75b5fd1 Author: gogo Date: 2017-04-08 Update Croatian translation M po/hr.po commit 76901d30572939df2287d683c88a66dfab7d91fa Author: Tom Tryfonidis Date: 2017-04-07 Update Greek translation M po/el.po commit 4ecc65b085e905703ca5df2f0165e961f08a8125 Author: Bastien Nocera Date: 2017-03-21 thumbnailer: Also handle trash and recent files as local files By searching for the target. https://bugzilla.gnome.org/show_bug.cgi?id=780351 M thumbnailer/evince-thumbnailer.c commit 37a1f9520d532415f7afba42d22ed10949b1ede4 Author: Bastien Nocera Date: 2017-03-21 thumbnailer: Don't copy remote files before thumbnailing There's no need to copy the file locally when we can read it directly through FUSE. https://bugzilla.gnome.org/show_bug.cgi?id=780351 M thumbnailer/evince-thumbnailer.c commit e64927d48b48ff91c9a403d20272e41326c2a611 Author: Georges Dupéron Date: 2017-03-16 ev-view: Toggling OCG layer on next page only takes effect after changing zoom level https://bugzilla.gnome.org/show_bug.cgi?id=780139 M libview/ev-view.c commit 11659af378a97ed43e2871cf4179122543634336 Author: Jason Crain Date: 2017-03-26 a11y: Return correct start and end offsets This modifies ev_page_accessible_get_range_for_boundary to ensure that the start and end offsets it returns are within the allowed range. https://bugzilla.gnome.org/show_bug.cgi?id=777992 M libview/ev-page-accessible.c commit e0a7944d92c704aa80c31c08a383c92c302c19b1 Author: Jason Crain Date: 2017-03-21 a11y: Fix crash with Orca screen reader ev_page_accessible_get_substring gets called with out of bounds values leading to a crash. Clamp start_offset to a valid range. https://bugzilla.gnome.org/show_bug.cgi?id=777992 M libview/ev-page-accessible.c commit 166566779b2e1ea5c09094d4c29cb11d1f945ad4 Author: Carlos Garcia Campos Date: 2017-03-20 release: 2.24.0 M NEWS M configure.ac