--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/gnome/eog/patches/01-22727572.patch Fri Nov 18 14:57:03 2016 -0800
@@ -0,0 +1,131 @@
+Security fix from upstream which can be deleted once we update to 3.20.4
+
+From c1ac983bf3bdbd7d8ab4ab34208f1f399bdacbfc Mon Sep 17 00:00:00 2001
+From: Felix Riemann <[email protected]>
+Date: Sun, 14 Feb 2016 18:50:43 +0100
+Subject: EogPrintPreview: Fix possible integer overflow
+
+This removes code copied from GDK that was susceptiple to a possible
+integer overflow (cf. CVE-2013-7447), although the code only worked
+on images too small to trigger the overflow. GDK provides a (fixed)
+variant of the code with the same features nowadays, so just use that.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=762028
+---
+ src/eog-print-preview.c | 96 ++-----------------------------------------------
+ 1 file changed, 3 insertions(+), 93 deletions(-)
+
+diff --git a/src/eog-print-preview.c b/src/eog-print-preview.c
+index 3710dff..cfd9db1 100644
+--- a/src/eog-print-preview.c
++++ b/src/eog-print-preview.c
+@@ -701,98 +701,6 @@ create_preview_buffer (EogPrintPreview *preview)
+ return pixbuf;
+ }
+
+-/*
+- Function inspired from gdk_cairo_set_source_pixbuf (). The main reason is
+- that I want to save the cairo_surface_t created from the scaled buffer to
+- improve performance.
+-*/
+-static cairo_surface_t *
+-create_surface_from_pixbuf (GdkPixbuf *pixbuf)
+-{
+- gint width = gdk_pixbuf_get_width (pixbuf);
+- gint height = gdk_pixbuf_get_height (pixbuf);
+- guchar *gdk_pixels = gdk_pixbuf_get_pixels (pixbuf);
+- int gdk_rowstride = gdk_pixbuf_get_rowstride (pixbuf);
+- int n_channels = gdk_pixbuf_get_n_channels (pixbuf);
+- int cairo_stride;
+- guchar *cairo_pixels;
+- cairo_format_t format;
+- cairo_surface_t *surface;
+- static const cairo_user_data_key_t key;
+- int j;
+-
+- if (n_channels == 3)
+- format = CAIRO_FORMAT_RGB24;
+- else
+- format = CAIRO_FORMAT_ARGB32;
+-
+- cairo_stride = cairo_format_stride_for_width (format, width);
+- cairo_pixels = g_malloc (height * cairo_stride);
+- surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
+- format,
+- width, height, cairo_stride);
+- cairo_surface_set_user_data (surface, &key,
+- cairo_pixels, (cairo_destroy_func_t)g_free);
+-
+- for (j = height; j; j--)
+- {
+- guchar *p = gdk_pixels;
+- guchar *q = cairo_pixels;
+-
+- if (n_channels == 3)
+- {
+- guchar *end = p + 3 * width;
+-
+- while (p < end)
+- {
+-#if G_BYTE_ORDER == G_LITTLE_ENDIAN
+- q[0] = p[2];
+- q[1] = p[1];
+- q[2] = p[0];
+-#else
+- q[1] = p[0];
+- q[2] = p[1];
+- q[3] = p[2];
+-#endif
+- p += 3;
+- q += 4;
+- }
+- }
+- else
+- {
+- guchar *end = p + 4 * width;
+- guint t1,t2,t3;
+-
+-#define MULT(d,c,a,t) G_STMT_START { t = c * a + 0x7f; d = ((t >> 8) + t) >> 8; } G_STMT_END
+-
+- while (p < end)
+- {
+-#if G_BYTE_ORDER == G_LITTLE_ENDIAN
+- MULT(q[0], p[2], p[3], t1);
+- MULT(q[1], p[1], p[3], t2);
+- MULT(q[2], p[0], p[3], t3);
+- q[3] = p[3];
+-#else
+- q[0] = p[3];
+- MULT(q[1], p[0], p[3], t1);
+- MULT(q[2], p[1], p[3], t2);
+- MULT(q[3], p[2], p[3], t3);
+-#endif
+-
+- p += 4;
+- q += 4;
+- }
+-
+-#undef MULT
+- }
+-
+- gdk_pixels += gdk_rowstride;
+- cairo_pixels += cairo_stride;
+- }
+-
+- return surface;
+-}
+-
+ static void
+ create_surface (EogPrintPreview *preview)
+ {
+@@ -806,7 +714,9 @@ create_surface (EogPrintPreview *preview)
+
+ pixbuf = create_preview_buffer (preview);
+ if (pixbuf) {
+- priv->surface = create_surface_from_pixbuf (pixbuf);
++ priv->surface =
++ gdk_cairo_surface_create_from_pixbuf (pixbuf, 0,
++ gtk_widget_get_window (GTK_WIDGET (preview)));
+ g_object_unref (pixbuf);
+ }
+ priv->flag_create_surface = FALSE;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/gnome/eog/patches/02-24517187.patch Fri Nov 18 14:57:03 2016 -0800
@@ -0,0 +1,47 @@
+Security bug fix from upstream that can be deleted when we bring in the
+3.20.4
+
+From e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4 Mon Sep 17 00:00:00 2001
+From: Felix Riemann <[email protected]>
+Date: Sun, 21 Aug 2016 15:56:46 +0200
+Subject: EogErrorMessageArea: Make sure error messages are valid UTF8
+
+GMarkup requires valid UTF8 input strings and would cause odd
+looking messages if given invalid input. This could also trigger an
+out-of-bounds write in glib before 2.44.1. Reported by kaslovdmitri.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=770143
+---
+ src/eog-error-message-area.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/eog-error-message-area.c b/src/eog-error-message-area.c
+index 22de7b1..938ba96 100644
+--- a/src/eog-error-message-area.c
++++ b/src/eog-error-message-area.c
+@@ -28,6 +28,7 @@
+
+ #include "eog-error-message-area.h"
+ #include "eog-image.h"
++#include "eog-util.h"
+
+ #include <glib.h>
+ #include <glib/gi18n.h>
+@@ -218,7 +219,7 @@ eog_image_load_error_message_area_new (const gchar *caption,
+ error_message = g_strdup_printf (_("Could not load image '%s'."),
+ pango_escaped_caption);
+
+- message_details = g_strdup (error->message);
++ message_details = eog_util_make_valid_utf8 (error->message);
+
+ message_area = create_error_message_area (error_message,
+ message_details,
+@@ -260,7 +261,7 @@ eog_image_save_error_message_area_new (const gchar *caption,
+ error_message = g_strdup_printf (_("Could not save image '%s'."),
+ pango_escaped_caption);
+
+- message_details = g_strdup (error->message);
++ message_details = eog_util_make_valid_utf8 (error->message);
+
+ message_area = create_error_message_area (error_message,
+ message_details,