rpms/inkscape/F-8 inkscape-0.46pre1-ocal1.patch, NONE, 1.1 inkscape-0.46pre1-ocal2.patch, NONE, 1.1 inkscape.spec, 1.40, 1.41
Lubomir Kundrak (lkundrak)
fedora-extras-commits at redhat.com
Thu Feb 14 17:04:11 UTC 2008
- Previous message (by thread): rpms/freetalk/devel freetalk-3.0-open.patch, NONE, 1.1 freetalk.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/kdelibs/F-8 .cvsignore, 1.41, 1.42 kdelibs-3.5.8-kspell2-enchant.patch, 1.1, 1.2 kdelibs.spec, 1.246, 1.247 sources, 1.52, 1.53 kdelibs-3.5.8-http-regression.patch, 1.1, NONE kdelibs-3.5.8-kde#150944.patch, 1.1, NONE kdelibs-3.5.8-new-flash.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: lkundrak
Update of /cvs/pkgs/rpms/inkscape/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7805/F-8
Modified Files:
inkscape.spec
Added Files:
inkscape-0.46pre1-ocal1.patch inkscape-0.46pre1-ocal2.patch
Log Message:
merge from devel
inkscape-0.46pre1-ocal1.patch:
--- NEW FILE inkscape-0.46pre1-ocal1.patch ---
This solves the insecure temporary file usage for clip art thumbnails,
however in a totally crappy way -- leaves stale files in /tmp.
Not much worse than original though, as it was also leaving the files in place.
Lubomir Kundrak <lkundrak at redhat.com>
diff -urp inkscape-0.45.1+0.46pre1.orig/src/ui/dialog/ocaldialogs.cpp inkscape-0.45.1+0.46pre1/src/ui/dialog/ocaldialogs.cpp
--- inkscape-0.45.1+0.46pre1.orig/src/ui/dialog/ocaldialogs.cpp 2008-01-15 00:24:56.000000000 +0100
+++ inkscape-0.45.1+0.46pre1/src/ui/dialog/ocaldialogs.cpp 2008-02-14 15:53:00.000000000 +0100
@@ -14,6 +14,8 @@
# include <config.h>
#endif
+#include <stdlib.h>
+
#include "ocaldialogs.h"
#include "filedialogimpl-gtkmm.h"
#include "interface.h"
@@ -260,23 +262,35 @@ FileExportToOCALPasswordDialog::change_t
void FileListViewText::on_cursor_changed()
{
// create file path
- myFilename = Glib::get_tmp_dir();
- myFilename.append(G_DIR_SEPARATOR_S);
std::vector<Gtk::TreeModel::Path> pathlist;
pathlist = this->get_selection()->get_selected_rows();
std::vector<int> posArray(1);
posArray = pathlist[0].get_indices();
- myFilename.append(get_text(posArray[0], 2));
#ifdef WITH_GNOME_VFS
gnome_vfs_init();
GnomeVFSHandle *from_handle = NULL;
- GnomeVFSHandle *to_handle = NULL;
+ int to_fd = 0;
GnomeVFSFileSize bytes_read;
- GnomeVFSFileSize bytes_written;
+ size_t bytes_written;
GnomeVFSResult result;
guint8 buffer[8192];
+ // create the temp file
+ myFilename = Glib::get_tmp_dir();
+ myFilename.append(G_DIR_SEPARATOR_S);
+ myFilename.append("XXXXXX");
+
+ char tmpfn[strlen (myFilename.c_str ())+1];
+ strcpy (tmpfn, myFilename.c_str ());
+ to_fd = mkstemp (tmpfn);
+ myFilename = tmpfn;
+
+ if (to_fd == -1) {
+ sp_ui_error_dialog(_("Could not create temp file name with unique name."));
+ return;
+ }
+
//get file url
Glib::ustring fileUrl = get_text(posArray[0], 1); //http url
@@ -290,51 +304,42 @@ void FileListViewText::on_cursor_changed
if (!Glib::get_charset()) //If we are not utf8
fileUrl = Glib::filename_to_utf8(fileUrl);
- // verifies if the file wasn't previously downloaded
- if(gnome_vfs_open(&to_handle, myFilename.c_str(), GNOME_VFS_OPEN_READ) == GNOME_VFS_ERROR_NOT_FOUND)
- {
- // open the temp file to receive
- result = gnome_vfs_open (&to_handle, myFilename.c_str(), GNOME_VFS_OPEN_WRITE);
- if (result == GNOME_VFS_ERROR_NOT_FOUND){
- result = gnome_vfs_create (&to_handle, myFilename.c_str(), GNOME_VFS_OPEN_WRITE, FALSE, GNOME_VFS_PERM_USER_ALL);
+ result = gnome_vfs_open (&from_handle, fileUrl.c_str(), GNOME_VFS_OPEN_READ);
+ if (result != GNOME_VFS_OK) {
+ sp_ui_error_dialog(_("Could not find the file in Open Clip Art Library."));
+ g_warning("%s", gnome_vfs_result_to_string(result));
+ return;
+ }
+
+ // copy the file
+ while (1) {
+
+ result = gnome_vfs_read (from_handle, buffer, 8192, &bytes_read);
+
+ if ((result == GNOME_VFS_ERROR_EOF) &&(!bytes_read)){
+ result = gnome_vfs_close (from_handle);
+ break;
}
+
if (result != GNOME_VFS_OK) {
- g_warning("Error creating temp file: %s", gnome_vfs_result_to_string(result));
+ sp_ui_error_dialog(_("Error while downloading the file."));
+ g_warning("%s", gnome_vfs_result_to_string(result));
return;
}
- result = gnome_vfs_open (&from_handle, fileUrl.c_str(), GNOME_VFS_OPEN_READ);
- if (result != GNOME_VFS_OK) {
- g_warning("Could not find the file in Open Clip Art Library.");
+
+ bytes_written = write (to_fd, buffer, (size_t)bytes_read);
+
+ if ((size_t)bytes_read != bytes_written){
+ sp_ui_error_dialog(_("Error while downloading the file."));
+ g_warning("Bytes read not equal to bytes written");
return;
}
- // copy the file
- while (1) {
- result = gnome_vfs_read (from_handle, buffer, 8192, &bytes_read);
- if ((result == GNOME_VFS_ERROR_EOF) &&(!bytes_read)){
- result = gnome_vfs_close (from_handle);
- result = gnome_vfs_close (to_handle);
- break;
- }
- if (result != GNOME_VFS_OK) {
- g_warning("%s", gnome_vfs_result_to_string(result));
- return;
- }
- result = gnome_vfs_write (to_handle, buffer, bytes_read, &bytes_written);
- if (result != GNOME_VFS_OK) {
- g_warning("%s", gnome_vfs_result_to_string(result));
- return;
- }
- if (bytes_read != bytes_written){
- g_warning("Bytes read not equal to bytes written");
- return;
- }
- }
- }
- else
- {
- gnome_vfs_close(to_handle);
+
}
+
+ close (to_fd);
myPreview->showImage(myFilename);
+ //unlink (myFilename.c_str ());
myLabel->set_text(get_text(posArray[0], 4));
#endif
}
inkscape-0.46pre1-ocal2.patch:
--- NEW FILE inkscape-0.46pre1-ocal2.patch ---
Avoid use of temporary file for OCAL RSS feed as a fix for insecure temporary file usage.
Add XML_PARSE_RECOVER, so that we don't fail in case of stupid errors in feed, such as
undefined XML entities.
Lubomir Kundrak <lkundrak at redhat.com>
diff -urp inkscape-0.45.1+0.46pre1.orig/src/ui/dialog/ocaldialogs.cpp inkscape-0.45.1+0.46pre1/src/ui/dialog/ocaldialogs.cpp
--- inkscape-0.45.1+0.46pre1.orig/src/ui/dialog/ocaldialogs.cpp 2008-01-15 00:24:56.000000000 +0100
+++ inkscape-0.45.1+0.46pre1/src/ui/dialog/ocaldialogs.cpp 2008-02-14 15:54:22.000000000 +0100
@@ -359,6 +359,27 @@ Glib::ustring FileListViewText::getFilen
}
/**
+ * Read callback for xmlReadIO(), used below
+ */
+static int vfs_read_callback (GnomeVFSHandle *handle, char* buf, int nb)
+{
+ GnomeVFSFileSize ndone;
+ GnomeVFSResult result;
+
+ result = gnome_vfs_read (handle, buf, nb, &ndone);
+
+ if (result == GNOME_VFS_OK) {
+ return (int)ndone;
+ } else {
+ if (result != GNOME_VFS_ERROR_EOF) {
+ sp_ui_error_dialog(_("Error while reading the Open Clip Art RSS feed"));
+ g_warning("%s\n", gnome_vfs_result_to_string(result));
+ }
+ return -1;
+ }
+}
+
+/**
* Callback for user input into searchTagEntry
*/
void FileImportFromOCALDialog::searchTagEntryChangedCallback()
@@ -380,74 +401,30 @@ void FileImportFromOCALDialog::searchTag
#ifdef WITH_GNOME_VFS
- // get the rss feed
+ // open the rss feed
gnome_vfs_init();
GnomeVFSHandle *from_handle = NULL;
- GnomeVFSHandle *to_handle = NULL;
- GnomeVFSFileSize bytes_read;
- GnomeVFSFileSize bytes_written;
GnomeVFSResult result;
- guint8 buffer[8192];
-
- // create the temp file name
- Glib::ustring fileName = Glib::get_tmp_dir ();
- fileName.append(G_DIR_SEPARATOR_S);
- fileName.append("ocalfeed.xml");
-
- // open the temp file to receive
- result = gnome_vfs_open (&to_handle, fileName.c_str(), GNOME_VFS_OPEN_WRITE);
- if (result == GNOME_VFS_ERROR_NOT_FOUND){
- result = gnome_vfs_create (&to_handle, fileName.c_str(), GNOME_VFS_OPEN_WRITE, FALSE, GNOME_VFS_PERM_USER_ALL);
- }
- if (result != GNOME_VFS_OK) {
- g_warning("Error creating temp file: %s", gnome_vfs_result_to_string(result));
- return;
- }
- // open the rss feed
result = gnome_vfs_open (&from_handle, uri.c_str(), GNOME_VFS_OPEN_READ);
if (result != GNOME_VFS_OK) {
sp_ui_error_dialog(_("Failed to receive the Open Clip Art Library RSS feed. Verify if the server name is correct in Configuration->Misc (e.g.: openclipart.org)"));
return;
}
- // copy the file
- while (1) {
-
- result = gnome_vfs_read (from_handle, buffer, 8192, &bytes_read);
-
- if ((result == GNOME_VFS_ERROR_EOF) &&(!bytes_read)){
- result = gnome_vfs_close (from_handle);
- result = gnome_vfs_close (to_handle);
- break;
- }
-
- if (result != GNOME_VFS_OK) {
- g_warning("%s", gnome_vfs_result_to_string(result));
- return;
- }
- result = gnome_vfs_write (to_handle, buffer, bytes_read, &bytes_written);
- if (result != GNOME_VFS_OK) {
- g_warning("%s", gnome_vfs_result_to_string(result));
- return;
- }
-
- if (bytes_read != bytes_written){
- g_warning("Bytes read not equal to bytes written");
- return;
- }
-
- }
-
// create the resulting xml document tree
// this initialize the library and test mistakes between compiled and shared library used
LIBXML_TEST_VERSION
xmlDoc *doc = NULL;
xmlNode *root_element = NULL;
- doc = xmlReadFile(fileName.c_str(), NULL, 0);
+
+ doc = xmlReadIO ((xmlInputReadCallback) vfs_read_callback,
+ (xmlInputCloseCallback) gnome_vfs_close, from_handle, uri.c_str(), NULL,
+ XML_PARSE_RECOVER);
if (doc == NULL) {
- g_warning("Failed to parse %s\n", fileName.c_str());
- return;
+ sp_ui_error_dialog(_("Server supplied malformed Clip Art feed"));
+ g_warning("Failed to parse %s\n", uri.c_str());
+ return;
}
// get the root element node
Index: inkscape.spec
===================================================================
RCS file: /cvs/pkgs/rpms/inkscape/F-8/inkscape.spec,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- inkscape.spec 14 Feb 2008 02:33:28 -0000 1.40
+++ inkscape.spec 14 Feb 2008 17:03:26 -0000 1.41
@@ -1,6 +1,6 @@
Name: inkscape
Version: 0.45.1+0.46pre1
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: Vector-based drawing program using SVG
Group: Applications/Productivity
@@ -11,6 +11,9 @@
Patch1: inkscape-0.45.1-desktop.patch
Patch2: inkscape-0.46pre1-gcc43.patch
Patch3: inkscape-0.46pre1-vectors.patch
+Patch4: inkscape-0.46pre1-ocal1.patch
+Patch5: inkscape-0.46pre1-ocal2.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: atk-devel
@@ -66,6 +69,8 @@
%patch1 -p1 -b .desktop
%patch2 -p1 -b .gcc43
%patch3 -p1 -b .vectors
+%patch4 -p1 -b .ocal1
+%patch5 -p1 -b .ocal2
find -type f -regex '.*\.\(cpp\|h\)' -perm +111 -exec chmod -x {} ';'
find share/extensions/ -type f -regex '.*\.py' -perm +111 -exec chmod -x {} ';'
dos2unix share/extensions/*.py
@@ -125,6 +130,10 @@
%changelog
+* Thu Feb 14 2008 Lubomir Kundrak <lkundrak at redhat.com> - 0.45.1+0.46pre1-4
+- Tolerate recoverable errors in OCAL feeds
+- Fix OCAL insecure temporary file usage (#432807)
+
* Wed Feb 13 2008 Lubomir Kundrak <lkundrak at redhat.com> - 0.45.1+0.46pre1-3
- Fix crash when adding text objects (#432220)
- Previous message (by thread): rpms/freetalk/devel freetalk-3.0-open.patch, NONE, 1.1 freetalk.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/kdelibs/F-8 .cvsignore, 1.41, 1.42 kdelibs-3.5.8-kspell2-enchant.patch, 1.1, 1.2 kdelibs.spec, 1.246, 1.247 sources, 1.52, 1.53 kdelibs-3.5.8-http-regression.patch, 1.1, NONE kdelibs-3.5.8-kde#150944.patch, 1.1, NONE kdelibs-3.5.8-new-flash.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list