[inkscape/el5] Initial patch.

Jon Ciesla limb at fedoraproject.org
Wed Dec 19 18:31:51 UTC 2012 

commit dff44e02de1037b5d19cf50287eb354f93192f73
Author: Jon Ciesla <limburgher at gmail.com>
Date:   Wed Dec 19 12:29:23 2012 -0600

    Initial patch.

 inkscape-0.46-11931.patch |   60 +++++++++++++++++++++++++++++++++++++++++++++
 inkscape.spec             |    9 +++++-
 2 files changed, 67 insertions(+), 2 deletions(-)
---
diff --git a/inkscape-0.46-11931.patch b/inkscape-0.46-11931.patch
new file mode 100644
index 0000000..e1d0ef6
--- /dev/null
+++ b/inkscape-0.46-11931.patch
@@ -0,0 +1,60 @@
+=== modified file 'src/preferences-skeleton.h'
+--- src/preferences-skeleton.h	2012-05-23 12:00:49 +0000
++++ src/preferences-skeleton.h	2012-12-05 22:39:22 +0000
+@@ -337,6 +337,10 @@
+ "           check_on_reading=\"0\" "
+ "           check_on_editing=\"0\" "
+ "           check_on_writing=\"0\"/>\n"
++"    <group id=\"externalresources\">\n"
++"      <group id=\"xml\" "
++"           allow_net_access=\"0\"/>\n"
++"    </group>\n"
+ "    <group id=\"forkgradientvectors\" value=\"1\"/>\n"
+ "    <group id=\"iconrender\" named_nodelay=\"0\"/>\n"
+ "    <group id=\"autosave\" enable=\"0\" interval=\"10\" path=\"\" max=\"10\"/>\n"
+
+=== modified file 'src/ui/dialog/ocaldialogs.cpp'
+--- src/ui/dialog/ocaldialogs.cpp	2012-11-26 10:33:19 +0000
++++ src/ui/dialog/ocaldialogs.cpp	2012-12-05 22:39:22 +0000
+@@ -1112,8 +1112,14 @@
+     xmlDoc *doc = NULL;
+     xmlNode *root_element = NULL;
+ 
+-    doc = xmlReadMemory(data, (int) length, xml_uri.c_str(), NULL,
+-            XML_PARSE_RECOVER + XML_PARSE_NOWARNING + XML_PARSE_NOERROR);
++    int parse_options = XML_PARSE_RECOVER + XML_PARSE_NOWARNING + XML_PARSE_NOERROR;  // do not use XML_PARSE_NOENT ! see bug lp:1025185
++    Inkscape::Preferences *prefs = Inkscape::Preferences::get();
++    bool allowNetAccess = prefs->getBool("/options/externalresources/xml/allow_net_access", false);
++    if (!allowNetAccess) {
++        parse_options |= XML_PARSE_NONET;
++    }
++
++    doc = xmlReadMemory(data, (int) length, xml_uri.c_str(), NULL, parse_options);
+         
+     if (doc == NULL) {
+         // If nothing is returned, no results could be found
+
+=== modified file 'src/xml/repr-io.cpp'
+--- src/xml/repr-io.cpp	2012-05-12 11:16:29 +0000
++++ src/xml/repr-io.cpp	2012-12-05 22:39:22 +0000
+@@ -297,12 +297,18 @@
+         XmlSource src;
+ 
+         if ( (src.setFile(filename) == 0) ) {
++            int parse_options = XML_PARSE_HUGE; // do not use XML_PARSE_NOENT ! see bug lp:1025185
++            Inkscape::Preferences *prefs = Inkscape::Preferences::get();
++            bool allowNetAccess = prefs->getBool("/options/externalresources/xml/allow_net_access", false);
++            if (!allowNetAccess) {
++                parse_options |= XML_PARSE_NONET;
++            }
+             doc = xmlReadIO( XmlSource::readCb,
+                              XmlSource::closeCb,
+                              &src,
+                              localFilename,
+                              src.getEncoding(),
+-                             XML_PARSE_NOENT | XML_PARSE_HUGE);
++                             parse_options);
+         }
+     }
+ 
+
diff --git a/inkscape.spec b/inkscape.spec
index a716975..77ed6a0 100644
--- a/inkscape.spec
+++ b/inkscape.spec
@@ -1,6 +1,6 @@
 Name:           inkscape
 Version:        0.46
-Release:        2%{?dist}.1
+Release:        3%{?dist}
 Summary:        Vector-based drawing program using SVG
 
 Group:          Applications/Productivity
@@ -11,6 +11,7 @@ Patch0:         inkscape-16571-cxxinclude.patch
 Patch1:         inkscape-0.45.1-desktop.patch
 Patch2:         inkscape-0.46pre2-icons.patch
 Patch3:         inkscape-0.46-fixlatex.patch
+Patch4:         inkscape-0.46-11931.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -39,7 +40,7 @@ BuildRequires:  boost-devel
 
 # Use popt-devel if Fedora 8, RHEL 6, newer or unknown,
 # rely on popt otherwise
-%if %{!?fedora:8}%{?fedora} < 8 || %{!?rhel:6}%{?rhel} < 6
+%if %{!?rhel:6}%{?rhel} < 6
 BuildRequires:  popt
 %else
 BuildRequires:  popt-devel
@@ -74,6 +75,7 @@ C and C++, using the Gtk+ toolkit and optionally some Gnome libraries.
 %patch1 -p1 -b .desktop
 %patch2 -p1 -b .icons
 %patch3 -p1 -b .fixlatex
+%patch4 -p0 -b .xxeflaw
 find -type f -regex '.*\.\(cpp\|h\)' -perm +111 -exec chmod -x {} ';'
 find share/extensions/ -type f -regex '.*\.py' -perm +111 -exec chmod -x {} ';'
 dos2unix -k -q share/extensions/*.py
@@ -133,6 +135,9 @@ update-desktop-database %{_datadir}/applications > /dev/null 2>&1 || :
 
 
 %changelog
+* Wed Dec 19 2012 Jon Ciesla <limburgher at gmail.com> - 0.46-3
+- Fix for EL-5, patch for XXE flaw.
+
 * Fri Apr 11 2008 Lubomir Kundrak <lkundrak at redhat.com> - 0.46-2.1
 - More buildrequires more flexible, so that this builds on RHEL

More information about the scm-commits mailing list