rpms/inkscape
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

merge from devel

Browse Source
This commit is contained in:
Lubomir Rintel 2008-02-14 17:03:26 +00:00
parent 387d933a85
commit f28486cc34
3 changed files with 269 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

139
inkscape-0.46pre1-ocal1.patch Normal file
View File

@ -0,0 +1,139 @@
This solves the insecure temporary file usage for clip art thumbnails,
however in a totally crappy way -- leaves stale files in /tmp.
Not much worse than original though, as it was also leaving the files in place.
Lubomir Kundrak <lkundrak@redhat.com>
diff -urp inkscape-0.45.1+0.46pre1.orig/src/ui/dialog/ocaldialogs.cpp inkscape-0.45.1+0.46pre1/src/ui/dialog/ocaldialogs.cpp
--- inkscape-0.45.1+0.46pre1.orig/src/ui/dialog/ocaldialogs.cpp 2008-01-15 00:24:56.000000000 +0100
+++ inkscape-0.45.1+0.46pre1/src/ui/dialog/ocaldialogs.cpp 2008-02-14 15:53:00.000000000 +0100
@@ -14,6 +14,8 @@
# include <config.h>
#endif
+#include <stdlib.h>
+
#include "ocaldialogs.h"
#include "filedialogimpl-gtkmm.h"
#include "interface.h"
@@ -260,23 +262,35 @@ FileExportToOCALPasswordDialog::change_t
void FileListViewText::on_cursor_changed()
{
// create file path
- myFilename = Glib::get_tmp_dir();
- myFilename.append(G_DIR_SEPARATOR_S);
std::vector<Gtk::TreeModel::Path> pathlist;
pathlist = this->get_selection()->get_selected_rows();
std::vector<int> posArray(1);
posArray = pathlist[0].get_indices();
- myFilename.append(get_text(posArray[0], 2));
#ifdef WITH_GNOME_VFS
gnome_vfs_init();
GnomeVFSHandle *from_handle = NULL;
- GnomeVFSHandle *to_handle = NULL;
+ int to_fd = 0;
GnomeVFSFileSize bytes_read;
- GnomeVFSFileSize bytes_written;
+ size_t bytes_written;
GnomeVFSResult result;
guint8 buffer[8192];
+ // create the temp file
+ myFilename = Glib::get_tmp_dir();
+ myFilename.append(G_DIR_SEPARATOR_S);
+ myFilename.append("XXXXXX");
+
+ char tmpfn[strlen (myFilename.c_str ())+1];
+ strcpy (tmpfn, myFilename.c_str ());
+ to_fd = mkstemp (tmpfn);
+ myFilename = tmpfn;
+
+ if (to_fd == -1) {
+ sp_ui_error_dialog(_("Could not create temp file name with unique name."));
+ return;
+ }
+
//get file url
Glib::ustring fileUrl = get_text(posArray[0], 1); //http url
@@ -290,51 +304,42 @@ void FileListViewText::on_cursor_changed
if (!Glib::get_charset()) //If we are not utf8
fileUrl = Glib::filename_to_utf8(fileUrl);
- // verifies if the file wasn't previously downloaded
- if(gnome_vfs_open(&to_handle, myFilename.c_str(), GNOME_VFS_OPEN_READ) == GNOME_VFS_ERROR_NOT_FOUND)
- {
- // open the temp file to receive
- result = gnome_vfs_open (&to_handle, myFilename.c_str(), GNOME_VFS_OPEN_WRITE);
- if (result == GNOME_VFS_ERROR_NOT_FOUND){
- result = gnome_vfs_create (&to_handle, myFilename.c_str(), GNOME_VFS_OPEN_WRITE, FALSE, GNOME_VFS_PERM_USER_ALL);
+ result = gnome_vfs_open (&from_handle, fileUrl.c_str(), GNOME_VFS_OPEN_READ);
+ if (result != GNOME_VFS_OK) {
+ sp_ui_error_dialog(_("Could not find the file in Open Clip Art Library."));
+ g_warning("%s", gnome_vfs_result_to_string(result));
+ return;
+ }
+
+ // copy the file
+ while (1) {
+
+ result = gnome_vfs_read (from_handle, buffer, 8192, &bytes_read);
+
+ if ((result == GNOME_VFS_ERROR_EOF) &&(!bytes_read)){
+ result = gnome_vfs_close (from_handle);
+ break;
}
+
if (result != GNOME_VFS_OK) {
- g_warning("Error creating temp file: %s", gnome_vfs_result_to_string(result));
+ sp_ui_error_dialog(_("Error while downloading the file."));
+ g_warning("%s", gnome_vfs_result_to_string(result));
return;
}
- result = gnome_vfs_open (&from_handle, fileUrl.c_str(), GNOME_VFS_OPEN_READ);
- if (result != GNOME_VFS_OK) {
- g_warning("Could not find the file in Open Clip Art Library.");
+
+ bytes_written = write (to_fd, buffer, (size_t)bytes_read);
+
+ if ((size_t)bytes_read != bytes_written){
+ sp_ui_error_dialog(_("Error while downloading the file."));
+ g_warning("Bytes read not equal to bytes written");
return;
}
- // copy the file
- while (1) {
- result = gnome_vfs_read (from_handle, buffer, 8192, &bytes_read);
- if ((result == GNOME_VFS_ERROR_EOF) &&(!bytes_read)){
- result = gnome_vfs_close (from_handle);
- result = gnome_vfs_close (to_handle);
- break;
- }
- if (result != GNOME_VFS_OK) {
- g_warning("%s", gnome_vfs_result_to_string(result));
- return;
- }
- result = gnome_vfs_write (to_handle, buffer, bytes_read, &bytes_written);
- if (result != GNOME_VFS_OK) {
- g_warning("%s", gnome_vfs_result_to_string(result));
- return;
- }
- if (bytes_read != bytes_written){
- g_warning("Bytes read not equal to bytes written");
- return;
- }
- }
- }
- else
- {
- gnome_vfs_close(to_handle);
+
}
+
+ close (to_fd);
myPreview->showImage(myFilename);
+ //unlink (myFilename.c_str ());
myLabel->set_text(get_text(posArray[0], 4));
#endif
}

120
inkscape-0.46pre1-ocal2.patch Normal file
View File

@ -0,0 +1,120 @@
Avoid use of temporary file for OCAL RSS feed as a fix for insecure temporary file usage.
Add XML_PARSE_RECOVER, so that we don't fail in case of stupid errors in feed, such as
undefined XML entities.
Lubomir Kundrak <lkundrak@redhat.com>
diff -urp inkscape-0.45.1+0.46pre1.orig/src/ui/dialog/ocaldialogs.cpp inkscape-0.45.1+0.46pre1/src/ui/dialog/ocaldialogs.cpp
--- inkscape-0.45.1+0.46pre1.orig/src/ui/dialog/ocaldialogs.cpp 2008-01-15 00:24:56.000000000 +0100
+++ inkscape-0.45.1+0.46pre1/src/ui/dialog/ocaldialogs.cpp 2008-02-14 15:54:22.000000000 +0100
@@ -359,6 +359,27 @@ Glib::ustring FileListViewText::getFilen
}
/**
+ * Read callback for xmlReadIO(), used below
+ */
+static int vfs_read_callback (GnomeVFSHandle *handle, char* buf, int nb)
+{
+ GnomeVFSFileSize ndone;
+ GnomeVFSResult result;
+
+ result = gnome_vfs_read (handle, buf, nb, &ndone);
+
+ if (result == GNOME_VFS_OK) {
+ return (int)ndone;
+ } else {
+ if (result != GNOME_VFS_ERROR_EOF) {
+ sp_ui_error_dialog(_("Error while reading the Open Clip Art RSS feed"));
+ g_warning("%s\n", gnome_vfs_result_to_string(result));
+ }
+ return -1;
+ }
+}
+
+/**
* Callback for user input into searchTagEntry
*/
void FileImportFromOCALDialog::searchTagEntryChangedCallback()
@@ -380,74 +401,30 @@ void FileImportFromOCALDialog::searchTag
#ifdef WITH_GNOME_VFS
- // get the rss feed
+ // open the rss feed
gnome_vfs_init();
GnomeVFSHandle *from_handle = NULL;
- GnomeVFSHandle *to_handle = NULL;
- GnomeVFSFileSize bytes_read;
- GnomeVFSFileSize bytes_written;
GnomeVFSResult result;
- guint8 buffer[8192];
-
- // create the temp file name
- Glib::ustring fileName = Glib::get_tmp_dir ();
- fileName.append(G_DIR_SEPARATOR_S);
- fileName.append("ocalfeed.xml");
-
- // open the temp file to receive
- result = gnome_vfs_open (&to_handle, fileName.c_str(), GNOME_VFS_OPEN_WRITE);
- if (result == GNOME_VFS_ERROR_NOT_FOUND){
- result = gnome_vfs_create (&to_handle, fileName.c_str(), GNOME_VFS_OPEN_WRITE, FALSE, GNOME_VFS_PERM_USER_ALL);
- }
- if (result != GNOME_VFS_OK) {
- g_warning("Error creating temp file: %s", gnome_vfs_result_to_string(result));
- return;
- }
- // open the rss feed
result = gnome_vfs_open (&from_handle, uri.c_str(), GNOME_VFS_OPEN_READ);
if (result != GNOME_VFS_OK) {
sp_ui_error_dialog(_("Failed to receive the Open Clip Art Library RSS feed. Verify if the server name is correct in Configuration->Misc (e.g.: openclipart.org)"));
return;
}
- // copy the file
- while (1) {
-
- result = gnome_vfs_read (from_handle, buffer, 8192, &bytes_read);
-
- if ((result == GNOME_VFS_ERROR_EOF) &&(!bytes_read)){
- result = gnome_vfs_close (from_handle);
- result = gnome_vfs_close (to_handle);
- break;
- }
-
- if (result != GNOME_VFS_OK) {
- g_warning("%s", gnome_vfs_result_to_string(result));
- return;
- }
- result = gnome_vfs_write (to_handle, buffer, bytes_read, &bytes_written);
- if (result != GNOME_VFS_OK) {
- g_warning("%s", gnome_vfs_result_to_string(result));
- return;
- }
-
- if (bytes_read != bytes_written){
- g_warning("Bytes read not equal to bytes written");
- return;
- }
-
- }
-
// create the resulting xml document tree
// this initialize the library and test mistakes between compiled and shared library used
LIBXML_TEST_VERSION
xmlDoc *doc = NULL;
xmlNode *root_element = NULL;
- doc = xmlReadFile(fileName.c_str(), NULL, 0);
+
+ doc = xmlReadIO ((xmlInputReadCallback) vfs_read_callback,
+ (xmlInputCloseCallback) gnome_vfs_close, from_handle, uri.c_str(), NULL,
+ XML_PARSE_RECOVER);
if (doc == NULL) {
- g_warning("Failed to parse %s\n", fileName.c_str());
- return;
+ sp_ui_error_dialog(_("Server supplied malformed Clip Art feed"));
+ g_warning("Failed to parse %s\n", uri.c_str());
+ return;
}
// get the root element node

11
inkscape.spec
View File

@ -1,6 +1,6 @@
Name: inkscape
Version: 0.45.1+0.46pre1
Release: 3%{?dist}
Release: 4%{?dist}
Summary: Vector-based drawing program using SVG
Group: Applications/Productivity
@ -11,6 +11,9 @@ Patch0: inkscape-16571-cxxinclude.patch
Patch1: inkscape-0.45.1-desktop.patch
Patch2: inkscape-0.46pre1-gcc43.patch
Patch3: inkscape-0.46pre1-vectors.patch
Patch4: inkscape-0.46pre1-ocal1.patch
Patch5: inkscape-0.46pre1-ocal2.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: atk-devel
@ -66,6 +69,8 @@ C and C++, using the Gtk+ toolkit and optionally some Gnome libraries.
%patch1 -p1 -b .desktop
%patch2 -p1 -b .gcc43
%patch3 -p1 -b .vectors
%patch4 -p1 -b .ocal1
%patch5 -p1 -b .ocal2
find -type f -regex '.*\.\(cpp\|h\)' -perm +111 -exec chmod -x {} ';'
find share/extensions/ -type f -regex '.*\.py' -perm +111 -exec chmod -x {} ';'
dos2unix share/extensions/*.py
@ -125,6 +130,10 @@ update-desktop-database %{_datadir}/applications > /dev/null 2>&1 || :
%changelog
* Thu Feb 14 2008 Lubomir Kundrak <lkundrak@redhat.com> - 0.45.1+0.46pre1-4
- Tolerate recoverable errors in OCAL feeds
- Fix OCAL insecure temporary file usage (#432807)
* Wed Feb 13 2008 Lubomir Kundrak <lkundrak@redhat.com> - 0.45.1+0.46pre1-3
- Fix crash when adding text objects (#432220)