Hello community, here is the log from the commit of package inkscape.1314 for openSUSE:12.2:Update checked in at 2013-02-14 16:51:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/inkscape.1314 (Old) and /work/SRC/openSUSE:12.2:Update/.inkscape.1314.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "inkscape.1314", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-02-09 11:18:20.872010756 +0100 +++ /work/SRC/openSUSE:12.2:Update/.inkscape.1314.new/inkscape.changes 2013-02-14 16:51:31.000000000 +0100 @@ -0,0 +1,624 @@ +------------------------------------------------------------------- +Wed Feb 6 07:58:30 UTC 2013 - dims...@opensuse.org + +- Add inkscape-relative-filename.patch: Ensures that filenames + passed to extensions are made absolute before changing the + current working directory (bnc#796306, CVE-2012-6076). + +------------------------------------------------------------------- +Tue Dec 18 08:34:03 UTC 2012 - dims...@opensuse.org + +- Add inkscape-XXE-attacks.patch: Fix XXE vulnerability by making + network access optional for XML loading (bnc#794958, CWE-827, + CVE-2012-5656). + +------------------------------------------------------------------- +Wed Sep 12 15:40:36 UTC 2012 - malcolmle...@opensuse.org + +- Add inkscape-apply-invert-transform.patch: Apply invert + transform to all image tags (bnc#779560 lp#840625). + +------------------------------------------------------------------- +Wed Jul 18 17:51:12 UTC 2012 - dims...@opensuse.org + +- Explicitly add ps2pdf-ext.py to the -extras package. This used to + be caught by the extras-split script, but due to the change of + this extensions to be a simple wrapper around ps2pdf from + ghostscript, it's missed (bnc#772085). +- Add ghostscript Requires to the -extra package, as otherwise + ps2pdf-ext.py won't work at all. + +------------------------------------------------------------------- +Fri Jun 15 04:24:07 UTC 2012 - co...@suse.com + +- yudit is in non-free now (due to openmotif requirement), so do + not require it + +------------------------------------------------------------------- +Wed Jun 6 19:05:59 UTC 2012 - badshah...@gmail.com + +- Add inkscape-poppler20.patch for openSUSE > 12.1 to fix errors + when building with poppler = 0.20.0; fixes build failures in + Factory. + +------------------------------------------------------------------- +Wed May 16 13:11:44 UTC 2012 - dims...@opensuse.org + +- Add inkscape-return-on-exit.patch: Return non-zero values in case + of errors. Patch has been accepted and merged by upstream. + [bnc#758275, lp#993500]. + +------------------------------------------------------------------- +Fri Feb 24 14:08:44 UTC 2012 - vu...@opensuse.org + +- Update to version 0.48.3.1: + + Bug fixes. +- Changes from version 0.48.3: + + Regression fixes: + - Pre-0.46 grids are now correctly imported (lp#221040) + + Important bugfixes: + - Clipped and masked objects are selected correctly (lp#365458) + - The units feet and picas are now correctly handled for grids + (lp#885500) + - The grid origin is moved when resizing the page (e.g. when + clicking clicking "Fit page to selection") (lp#240689) + - The emphasized grid lines of the axonometric grid now move + properly according to the origin of the grid. + + Other bugs fixed: lp#167419, lp#168417, lp#168942, lp#184341, + lp#239430, lp#298528, lp#340123, lp#341866, lp#386237, + lp#403421, lp#407394, lp#408566, lp#479644, lp#487144, + lp#494722, lp#496793, lp#602005, lp#612882, lp#623660, + lp#663667, lp#668895, lp#681262, lp#693010, lp#721424, + lp#721448, lp#725063, lp#786667, lp#788560, lp#789122, + lp#791709, lp#805095, lp#810503, lp#812413, lp#812497, + lp#819209, lp#821435, lp#824221, lp#829947, lp#834721, + lp#837603, lp#837799, lp#845354, lp#858369, lp#869019, + lp#884368, lp#885324, lp#887539, lp#888793, lp#889172, + lp#898538, lp#900854, lp#902054, lp#907157, lp#909783, + lp#909958, lp#910463, lp#910467, lp#910479, lp#911079, + lp#911123, lp#915329, lp#917544, lp#919728, lp#923241, + lp#933831. + + Updated translations. +- Change liblcms-devel BuildRequires to liblcms2-devel, to build + against lcms2. +- Drop inkscape-glib-2.31.patch: fixed upstream. +- Add some automatic detection of localized man pages in %install, + so that we don't have to list all new translations manually. + +------------------------------------------------------------------- +Mon Feb 13 10:47:52 UTC 2012 - co...@suse.com + +- patch license to follow spdx.org standard + +------------------------------------------------------------------- +Thu Dec 1 09:14:47 UTC 2011 - dims...@opensuse.org + +- Add inkscape-glib-2.31.patch: Fix build with glib 2.31. + +------------------------------------------------------------------- +Wed Jul 13 21:16:21 UTC 2011 - mrd...@opensuse.org + +- Update to version 0.48.2: + + many crash/hang fixes + + DXF and tex export fixes + + Bugs fixed: https://launchpad.net/inkscape/+milestone/0.48.2 + + Updated translations. +- Drop inkscape-0.48.0-gcc46.patch: fixed upstream. + +------------------------------------------------------------------- +Tue Mar 22 08:00:15 UTC 2011 - idoen...@novell.com + +- Add inkscape-0.48.0-gcc46.patch: fix compilation with gcc 4.6 + +------------------------------------------------------------------- +Sat Feb 12 19:22:44 CET 2011 - vu...@opensuse.org + +- Call relevant macros in %post/%postun: + + %desktop_database_post/postun because the package ships at + least one desktop file. + + %icon_theme_cache_post/postun because the package ships themed + icons. +- Pass %{?no_lang_C} to %find_lang so that english documentation + can be packaged with the program, and not in the lang subpackage. +- Change Requires of lang subpackage to Recommends, since the + english documentation is not there anymore. + +------------------------------------------------------------------- +Mon Jan 31 12:07:52 UTC 2011 - mrd...@opensuse.org + +- Update to version 0.48.1: + 0.48.1 is a stability and bugfix release. + + Many small regressions in the node tool were fixed. + + Exporting of masks has been substantially improved in all + Cairo-based output formats. + + lp#544599, lp#591986, lp#605575: Several crash bugs in the node + tool have been fixed. + + lp#627134: Rulers are redrawn properly with recent versions of + GTK + + lp#675309: Unlinking an orphaned clone no longer causes a crash + + lp#482993: Problems with extensions sometimes not working at + all on Mac OS X. + + lp#651678: Inkscape should no longer crash due to missing icons + at startup or when opening the document properties dialog. + + lp#680520: Shift-clicking on the top rounding handle of a + rectangle will no longer cause a crash. + + lp#676271: Inkscape builds correctly with recent Poppler.lp + + Bugs fixed: lp#658055, bnc#661370 +- drop inkscape-r9710-9712.patch: fixed upstream. +- export CFLAGS, as inkscape is C and C++ +- Remove --enable-inkboard from configure: jessyink replaces it +- Remove Obsoletes: sodipodi NLD9 is obsolete +- Delete installed but useless header files +- run spec-cleaner on the spec file + +------------------------------------------------------------------- +Tue Dec 14 18:18:01 CET 2010 - vu...@opensuse.org + +- Fix the build again: the te_IN translation should simply be te, + so move the translation. + +------------------------------------------------------------------- +Sat Dec 11 11:16:56 CET 2010 - vu...@opensuse.org + +- Add popt-devel BuildRequires to fix the build. + +------------------------------------------------------------------- +Tue Dec 7 16:50:10 CET 2010 - vu...@opensuse.org + +- Tag localized man pages with the right language. We should + eventually move them to the lang subpackage, but at the moment, + they would create a file conflict between bundles and the lang + subpackage. + +------------------------------------------------------------------- +Tue Nov 30 09:51:39 CET 2010 - vu...@opensuse.org + +- Make inkscape-extensions-extra depend on python-xml instead of + pyxml: pyxml will be removed, and we really wanted to use + python-xml anyway. +- Update inkscape-packages.patch to mention python-xml instead of + pyxml: even if upstream mentions pyxml, python-xml is really okay + here. + +------------------------------------------------------------------- +Sun Aug 15 22:27:48 CEST 2010 - dims...@opensuse.org + +- Update to version 0.48.0: + + multipath editing + + improved text tool: subscript, superscript,numerical input for + text kerning, tracking and more + + new Airbrush tool + + LaTeX export with PDF/PS/EPS + + JessyInk extension to create presentations + + numerous bugfixes +- Rebase inkscape-remove-datetime.patch. +- Drop inkscape-poppler-0.12.2.patch, inkscape-gcc45.patch and + inkscape-non_void.patch: upstream fixed. +- Add inkscape-r9710-9712.patch to fix node editor crash when ++++ 427 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.2:Update/.inkscape.1314.new/inkscape.changes New: ---- inkscape-0.48.3.1.tar.bz2 inkscape-XXE-attacks.patch inkscape-apply-invert-transform.patch inkscape-packages.patch inkscape-poppler20.patch inkscape-relative-filename.patch inkscape-remove-datetime.patch inkscape-return-on-exit.patch inkscape-split-extensions-extra.sh inkscape.changes inkscape.spec openSUSE.gpl ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ inkscape.spec ++++++ # # spec file for package inkscape # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: inkscape Version: 0.48.3.1 Release: 0 Summary: Vector Illustration Program License: GPL-2.0 and LGPL-2.1 Group: Productivity/Graphics/Vector Editors Url: http://www.inkscape.org/ Source: http://downloads.sourceforge.net/project/inkscape/inkscape/0.48.3.1/%{name}-%{version}.tar.bz2 # openSUSE palette file Source1: openSUSE.gpl Source2: inkscape-split-extensions-extra.sh # PATCH-FEATURE-OPENSUSE inkscape-remove-datetime.patch vu...@novell.com -- Do not put date/time in the compiled binary (needed for build-compare) Patch0: inkscape-remove-datetime.patch # PATCH-FIX-OPENSUSE inkscape-packages.patch sbra...@suse.cz -- Suggest packages instead of compilation from source. Patch1: inkscape-packages.patch # PATCH-FIX-UPSTREAM inkscape-return-on-exit.patch bnc#758275 lp#993500 dims...@opensuse.org -- Return non-zero on error. Patch2: inkscape-return-on-exit.patch # PATCH-FIX-UPSTREAM inkscape-poppler20.patch rh#822413 lp#1005565 badshah...@gmail.com -- Fix building with poppler 0.20.0 Patch3: inkscape-poppler20.patch # PATCH-FIX-UPSTREAM inkscape-apply-invert-transform.patch bnc#779560 lp#840625 malcolmle...@opensuse.org -- Apply invert transform to all image tags. Patch4: inkscape-apply-invert-transform.patch # PATCH-FIX-UPSTREAM inkscape-XXE-attacks.patch lp#1025185 bnc#794958 CVE-2012-5656 dims...@opensuse.org -- Fix XXE vulnerability by making network access optional for XML loading Patch5: inkscape-XXE-attacks.patch # PATCH-FIX-UPSTREAM inkscape-relative-filename.patch bnc#796306 CVE-2012-6076 dims...@opensuse.org -- relative filename vulnerability Patch6: inkscape-relative-filename.patch BuildRequires: boost-devel BuildRequires: docbook-toys BuildRequires: fdupes BuildRequires: gc-devel BuildRequires: gcc-c++ BuildRequires: gnome-vfs2-devel BuildRequires: gsl-devel BuildRequires: gtkmm24-devel BuildRequires: intltool BuildRequires: libMagick++-devel BuildRequires: liblcms2-devel BuildRequires: libpoppler-glib-devel BuildRequires: libwpg-devel BuildRequires: libxslt-devel BuildRequires: perl BuildRequires: popt-devel BuildRequires: python-devel BuildRequires: python-gtk-devel BuildRequires: sgml-skel BuildRequires: update-desktop-files Requires: /usr/bin/gs Requires: ghostscript-fonts-std Requires: gzip Requires: pstoedit Requires: python-gtk Recommends: %{name}-lang Recommends: python-lxml BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Inkscape is a vector illustration program for the GNOME desktop. %package extensions-extra Summary: Vector Illustration Program - Extra Extensions Group: Productivity/Graphics/Vector Editors Requires: %{name} = %{version} # ps2pdf-ext.py is a wrapper around ps2pdf, which lives in ghostscript package. Requires: ghostscript Requires: python-lxml Requires: python-xml # for cdr and wmf modules Recommends: yudit # python-xml is already likely installed, so the big dependency is python-lxml. Hence this supplements. Supplements: packageand(%{name}:python-lxml) # Package in openSUSE <= 11.0 and SLED <= 10 Provides: %{name}:%{_datadir}/inkscape/extensions/inkex.py Enhances: %{name} %description extensions-extra Extra extensions for Inkscape. Recommended for everybody who wants to use Inkscape. Inkscape is a vector illustration program for the GNOME desktop. %package extensions-dia Summary: Vector Illustration Program - Dia Import Extension Group: Productivity/Graphics/Vector Editors Requires: %{name} = %{version} Requires: dia Supplements: packageand(%{name}:dia) # Package in openSUSE <= 11.0 and SLED <= 10 Provides: %{name}:%{_datadir}/inkscape/extensions/dia.inx Enhances: %{name} %description extensions-dia Dia import extension for Inkscape. Inkscape is a vector illustration program for the GNOME desktop. %package extensions-fig Summary: Vector Illustration Program - Fig Import Extension Group: Productivity/Graphics/Vector Editors Requires: %{name} = %{version} Requires: transfig Supplements: packageand(%{name}:transfig) # Package in openSUSE <= 11.0 and SLED <= 10 Provides: %{name}:%{_datadir}/inkscape/extensions/fig_input.inx Enhances: %{name} %description extensions-fig Fig family (XFig, Figurine, JFig, WinFig,...) import extension for Inkscape. Inkscape is a vector illustration program for the GNOME desktop. %package extensions-gimp Summary: Vector Illustration Program - The GIMP Extensions Group: Productivity/Graphics/Vector Editors Requires: %{name} = %{version} Requires: gimp-2.0 Supplements: packageand(%{name}:gimp) Supplements: packageand(%{name}:gimp-2.0) # Package in openSUSE <= 11.0 and SLED <= 10 Provides: %{name}:%{_datadir}/inkscape/extensions/gimp_xcf.inx Enhances: %{name} %description extensions-gimp The GIMP import and export extensions for Inkscape. Inkscape is a vector illustration program for the GNOME desktop. %package extensions-skencil Summary: Vector Illustration Program - Skencil Import Extension Group: Productivity/Graphics/Vector Editors Requires: %{name} = %{version} Requires: skencil Supplements: packageand(%{name}:skencil) # Package in openSUSE <= 11.0 and SLED <= 10 Provides: %{name}:%{_datadir}/inkscape/extensions/sk_input.inx Enhances: %{name} %description extensions-skencil Skencil import extension for Inkscape. Inkscape is a vector illustration program for the GNOME desktop. %lang_package %prep %setup -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %if 0%{?suse_version} > 1210 %patch3 -p1 %endif %patch4 -p1 %patch5 %patch6 -p1 %build export CFLAGS="%{optflags} -fno-strict-aliasing" export CXXFLAGS="%{optflags} -fno-strict-aliasing" # We're building without perl support for now... %configure\ --with-python\ --without-perl make %{?_smp_mflags} %install %makeinstall rm -rf %{buildroot}%{_datadir}/locale/en_US@piglatin rm -rf %{buildroot}%{_datadir}/inkscape/filters/filters.svg.h rm -rf %{buildroot}%{_datadir}/inkscape/patterns/patterns.svg.h install -D -m 0644 %{S:1} %{buildroot}%{_datadir}/inkscape/palettes %suse_update_desktop_file -N "Inkscape" -G "SVG Vector Illustrator" inkscape # te_IN should really just be te, see lp#690255 test ! -e %{buildroot}%{_datadir}/locale/te mv %{buildroot}%{_datadir}/locale/te_IN %{buildroot}%{_datadir}/locale/te %find_lang %{name} %{?no_lang_C} bash %{S:2} %{buildroot}%{_datadir}/inkscape/extensions "%%{_datadir}/inkscape/extensions/" ## fix line endings sed -i 's/\r$//' %{buildroot}%{_datadir}/inkscape/extensions/param_curves.py sed -i 's/\r$//' %{buildroot}%{_datadir}/inkscape/extensions/render_alphabetsoup.py # Localized man pages for man in %{buildroot}%{_mandir}/*/man1/*; do LOCALE=`echo $man | sed "s:.*%{_mandir}/\([^/]*\)/man1/.*:\1:g"` echo "%%lang($LOCALE) %%dir %%{_mandir}/$LOCALE" >> %{name}.man-lang.tmp echo "%%lang($LOCALE) %%dir %%{_mandir}/$LOCALE/man1" >> %{name}.man-lang.tmp echo "%%lang($LOCALE) %%doc /${man##%{buildroot}}*" >> %{name}.man-lang.tmp done sort -u %{name}.man-lang.tmp > %{name}.man-lang rm %{name}.man-lang.tmp %fdupes %{buildroot} %clean rm -rf %{buildroot} %if 0%{?suse_version} > 1130 %post %desktop_database_post %icon_theme_cache_post %endif %if 0%{?suse_version} > 1130 %postun %desktop_database_postun %icon_theme_cache_postun %endif # We can't really move the localized manpages to the lang package, since they'd # create a conflict between the lang subpackage and bundles %files -f inkscape.lst -f %{name}.man-lang %defattr(-,root,root) %doc AUTHORS COPYING COPYING.LIB ChangeLog INSTALL NEWS README* TRANSLATORS %{_bindir}/* %{_datadir}/applications/inkscape.desktop %{_datadir}/icons/hicolor/*/apps/inkscape.png %dir %{_datadir}/inkscape %{_datadir}/inkscape/[cf-z]* %{_datadir}/inkscape/examples %dir %{_datadir}/inkscape/extensions %{_datadir}/inkscape/extensions/xaml2svg %{_datadir}/inkscape/extensions/*.pl %{_datadir}/inkscape/extensions/*.xsl* %{_datadir}/inkscape/extensions/colors.xml %{_datadir}/inkscape/extensions/ps2* %{_datadir}/inkscape/extensions/Poly3DObjects/ %{_datadir}/inkscape/extensions/alphabet_soup/ %{_datadir}/inkscape/extensions/inkweb.js %{_datadir}/inkscape/extensions/jessyInk.js %{_datadir}/inkscape/extensions/jessyInk_core_mouseHandler_noclick.js %{_datadir}/inkscape/extensions/jessyInk_core_mouseHandler_zoomControl.js %{_datadir}/inkscape/extensions/jessyInk_video.svg #BEGIN FIXME: What is purpose of these plugins? I see no references to them: %{_datadir}/inkscape/extensions/SpSVG.pm %{_datadir}/inkscape/extensions/Inkscape.pm %{_datadir}/inkscape/extensions/simplepath.rb #END FIXME %doc %{_mandir}/man?/*.* # exclude extensions that go in other packages: %exclude %{_datadir}/inkscape/extensions/Barcode %exclude %{_datadir}/inkscape/extensions/cdr* %exclude %{_datadir}/inkscape/extensions/wmf* %exclude %{_datadir}/inkscape/extensions/dia* %exclude %{_datadir}/inkscape/extensions/fig* %exclude %{_datadir}/inkscape/extensions/*gimp* %exclude %{_datadir}/inkscape/extensions/sk* # this one is in extras, manually added there due to large dependencies on ghostscript %exclude %{_datadir}/inkscape/extensions/ps2pdf-ext.py %files extensions-extra -f inkscape-extensions-extra.lst %defattr(-,root,root) %{_datadir}/inkscape/extensions/Barcode %{_datadir}/inkscape/extensions/cdr* # ps2pdf-ext is a wrapper around ps2pdf binary (part of ghostscript) %{_datadir}/inkscape/extensions/ps2pdf-ext.py %{_datadir}/inkscape/extensions/wmf* # This extensions seems erronous being copied in here too. %exclude %{_datadir}/inkscape/extensions/*gimp* %files extensions-dia %defattr(-,root,root) %{_datadir}/inkscape/extensions/dia* %files extensions-fig %defattr(-,root,root) %{_datadir}/inkscape/extensions/fig* %files extensions-gimp %defattr(-,root,root) # NOTE: export_gimp_palette* does not depend on gimp, but belongs here logically: %{_datadir}/inkscape/extensions/*gimp* %files extensions-skencil %defattr(-,root,root) %{_datadir}/inkscape/extensions/sk* %files lang -f %{name}.lang %changelog ++++++ inkscape-XXE-attacks.patch ++++++ === modified file 'src/preferences-skeleton.h' Index: src/preferences-skeleton.h =================================================================== --- src/preferences-skeleton.h.orig +++ src/preferences-skeleton.h @@ -315,6 +315,10 @@ static char const preferences_skeleton[] " clips=\"16711935\"" // 00ff00ff " masks=\"65535\"/>\n" // 0x0000ffff " <group id=\"svgoutput\" usenamedcolors=\"0\" numericprecision=\"8\" minimumexponent=\"-8\" inlineattrs=\"0\" indent=\"2\" allowrelativecoordinates=\"1\" forcerepeatcommands=\"0\"/>\n" +" <group id=\"externalresources\">\n" +" <group id=\"xml\" " +" allow_net_access=\"0\"/>\n" +" </group>\n" " <group id=\"forkgradientvectors\" value=\"1\"/>\n" " <group id=\"iconrender\" named_nodelay=\"0\"/>\n" " <group id=\"autosave\" enable=\"0\" interval=\"10\" path=\"\" max=\"10\"/>\n" Index: src/ui/dialog/ocaldialogs.cpp =================================================================== --- src/ui/dialog/ocaldialogs.cpp.orig +++ src/ui/dialog/ocaldialogs.cpp @@ -468,9 +468,16 @@ void FileImportFromOCALDialog::searchTag xmlDoc *doc = NULL; xmlNode *root_element = NULL; + int parse_options = XML_PARSE_RECOVER + XML_PARSE_NOWARNING + XML_PARSE_NOERROR; // do not use XML_PARSE_NOENT ! see bug lp:1025185 + prefs = Inkscape::Preferences::get(); + bool allowNetAccess = prefs->getBool("/options/externalresources/xml/allow_net_access", false); + if (!allowNetAccess) { + parse_options |= XML_PARSE_NONET; + } + doc = xmlReadIO ((xmlInputReadCallback) vfs_read_callback, - (xmlInputCloseCallback) gnome_vfs_close, from_handle, uri.c_str(), NULL, - XML_PARSE_RECOVER + XML_PARSE_NOWARNING + XML_PARSE_NOERROR); + (xmlInputCloseCallback) gnome_vfs_close, from_handle, uri.c_str(), NULL, parse_options); + if (doc == NULL) { sp_ui_error_dialog(_("Server supplied malformed Clip Art feed")); g_warning("Failed to parse %s\n", uri.c_str()); Index: src/xml/repr-io.cpp =================================================================== --- src/xml/repr-io.cpp.orig +++ src/xml/repr-io.cpp @@ -289,12 +289,18 @@ sp_repr_read_file (const gchar * filenam XmlSource src; if ( (src.setFile(filename) == 0) ) { - doc = xmlReadIO( XmlSource::readCb, + int parse_options = XML_PARSE_HUGE; // do not use XML_PARSE_NOENT ! see bug lp:1025185 + Inkscape::Preferences *prefs = Inkscape::Preferences::get(); + bool allowNetAccess = prefs->getBool("/options/externalresources/xml/allow_net_access", false); + if (!allowNetAccess) { + parse_options |= XML_PARSE_NONET; + } + doc = xmlReadIO( XmlSource::readCb, XmlSource::closeCb, &src, localFilename, src.getEncoding(), - XML_PARSE_NOENT ); + parse_options); } } ++++++ inkscape-apply-invert-transform.patch ++++++ diff -Naur a/src/extension/internal/pdfinput/svg-builder.cpp b/src/extension/internal/pdfinput/svg-builder.cpp --- a/src/extension/internal/pdfinput/svg-builder.cpp 2011-07-08 13:25:09.468790000 -0500 +++ b/src/extension/internal/pdfinput/svg-builder.cpp 2012-09-12 09:10:28.477790373 -0500 @@ -1600,9 +1600,7 @@ sp_repr_set_svg_double(image_node, "width", 1); sp_repr_set_svg_double(image_node, "height", 1); // Set transformation - if (_is_top_level) { - svgSetTransform(image_node, 1.0, 0.0, 0.0, -1.0, 0.0, 1.0); - } + svgSetTransform(image_node, 1.0, 0.0, 0.0, -1.0, 0.0, 1.0); // Create href if (embed_image) { ++++++ inkscape-packages.patch ++++++ Index: inkscape-0.47/share/extensions/export_gimp_palette.py =================================================================== --- inkscape-0.47.orig/share/extensions/export_gimp_palette.py +++ inkscape-0.47/share/extensions/export_gimp_palette.py @@ -11,7 +11,7 @@ import sys, simplestyle try: from xml.dom.minidom import parse except: - sys.exit(_('The export_gpl.py module requires PyXML. Please download the latest version from http://pyxml.sourceforge.net/.')) + sys.exit(_('The export_gpl.py module requires XML modules. Please install the python-xml package.')) colortags=(u'fill',u'stroke',u'stop-color',u'flood-color',u'lighting-color') colors={} Index: inkscape-0.47/share/extensions/inkex.py =================================================================== --- inkscape-0.47.orig/share/extensions/inkex.py +++ inkscape-0.47/share/extensions/inkex.py @@ -63,7 +63,7 @@ def uutounit(val, unit): try: from lxml import etree except: - sys.exit(_('The fantastic lxml wrapper for libxml2 is required by inkex.py and therefore this extension. Please download and install the latest version from http://cheeseshop.python.org/pypi/lxml/, or install it through your package manager by a command like: sudo apt-get install python-lxml')) + sys.exit(_('The fantastic lxml wrapper for libxml2 is required by inkex.py and therefore this extension. Please download and install it through your package manager by a command like: sudo zypper install python-lxml')) def debug(what): sys.stderr.write(str(what) + "\n") ++++++ inkscape-poppler20.patch ++++++ ++++ 644 lines (skipped) ++++++ inkscape-relative-filename.patch ++++++ From: Michael Karcher <deb...@mkarcher.dialup.fu-berlin.de> Date: Sat, 29 Dec 2012 17:33:33 +0100 Subject: Fix LP: #911146 relative filename vulnerability Ensures that filenames passed to extensions are made absolute before changing the current working directory. --- src/extension/implementation/script.cpp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/extension/implementation/script.cpp b/src/extension/implementation/script.cpp index b78fbda..02c3aeb 100644 --- a/src/extension/implementation/script.cpp +++ b/src/extension/implementation/script.cpp @@ -954,7 +954,14 @@ int Script::execute (const std::list<std::string> &in_command, // assemble the rest of argv std::copy(in_params.begin(), in_params.end(), std::back_inserter(argv)); if (!filein.empty()) { - argv.push_back(filein); + if(Glib::path_is_absolute(filein)) + argv.push_back(filein); + else { + std::vector<std::string> buildargs; + buildargs.push_back(Glib::get_current_dir()); + buildargs.push_back(filein); + argv.push_back(Glib::build_filename(buildargs)); + } } int stdout_pipe, stderr_pipe; -- 1.7.10.4 ++++++ inkscape-remove-datetime.patch ++++++ Index: inkscape-0.48.0/src/main.cpp =================================================================== --- inkscape-0.48.0.orig/src/main.cpp +++ inkscape-0.48.0/src/main.cpp @@ -1894,7 +1894,7 @@ sp_process_args(poptContext ctx) break; } case SP_ARG_VERSION: { - printf("Inkscape %s (%s)\n", Inkscape::version_string, __DATE__); + printf("Inkscape %s\n", Inkscape::version_string); exit(0); break; } ++++++ inkscape-return-on-exit.patch ++++++ --- inkscape-0.48.3.1/src/main.cpp.orig 2012-04-18 20:25:28.000000000 +0200 +++ inkscape-0.48.3.1/src/main.cpp 2012-04-19 17:42:14.731534000 +0200 @@ -986,12 +986,13 @@ sp_main_gui(int argc, char const **argv) } /** * Process file list */ -void sp_process_file_list(GSList *fl) +int sp_process_file_list(GSList *fl) { + int retVal = 0; while (fl) { const gchar *filename = (gchar *)fl->data; SPDocument *doc = NULL; try { @@ -1011,10 +1012,11 @@ void sp_process_file_list(GSList *fl) doc = NULL; } } if (doc == NULL) { g_warning("Specified document %s cannot be opened (does not exist or not a valid SVG file)", filename); + retVal++; } else { if (sp_vacuum_defs) { vacuum_document(doc); } if (sp_vacuum_defs && !sp_export_svg) { @@ -1060,10 +1062,11 @@ void sp_process_file_list(GSList *fl) delete doc; } fl = g_slist_remove(fl, fl->data); } + return retVal; } /** * Run the application as an interactive shell, parsing command lines from stdin * Returns -1 on error. @@ -1115,19 +1118,21 @@ int sp_main_shell(char const* command_na if ( g_shell_parse_argv(command_line, &argc, &argv, &parseError) ) { poptContext ctx = poptGetContext(NULL, argc, const_cast<const gchar**>(argv), options, 0); poptSetOtherOptionHelp(ctx, _("[OPTIONS...] [FILE...]\n\nAvailable options:")); if ( ctx ) { GSList *fl = sp_process_args(ctx); - sp_process_file_list(fl); + if (sp_process_file_list(fl)) + retval = -1; poptFreeContext(ctx); } else { retval = 1; // not sure why. But this was the previous return value } resetCommandlineGlobals(); g_strfreev(argv); } else { g_warning("Cannot parse commandline: %s", useme); + retval = -1; } } } } // if (linedata... } while (linedata && (retval == 0)); @@ -1160,14 +1165,15 @@ int sp_main_console(int argc, char const } inkscape_application_init(argv[0], false); if (sp_shell) { - sp_main_shell(argv[0]); // Run as interactive shell - exit(0); + int retVal = sp_main_shell(argv[0]); // Run as interactive shell + exit((retVal < 0) ? 1 : 0); } else { - sp_process_file_list(fl); // Normal command line invokation + int retVal = sp_process_file_list(fl); // Normal command line invokation + if (retVal) exit(1); } return 0; } ++++++ inkscape-split-extensions-extra.sh ++++++ #!/bin/bash # List all files, that depend on NEXT_LIST_REGEXP, explicitly or implicitly cd $1 # Search all py files importing one of the mentioned modules: make_extra_list() { NEWLIST=( $(grep -rl '\(import\|from\).* '"$NEXT_LIST_REGEXP"'\(,\|\.\| \|$\)' .) ) EXTRA_LIST=( $(IFS=$'\n' ; echo "${EXTRA_LIST[*]}"$'\n'"${NEWLIST[*]}" | sed '/^$/d;s:^\./::' | sort -u) ) NEWLIST=( "${NEWLIST[@]##*/}" ) NEXT_LIST_REGEXP="\\(${NEWLIST[*]%.py}\\)" NEXT_LIST_REGEXP=${NEXT_LIST_REGEXP// /\\|} } # Search all py files that are imported by mentioned modules: make_deplist() { NEWLIST=( $( ( (IFS=$'\n' ; echo "${NEWLIST[*]}"$'\n') ; sed 2>/dev/null -n 's/^from \(.*\) import.*/\1/p;s/^import //p' ${NEWLIST[@]} | sed 's/, /\n/g' | sed 's/$/.py/;s/\.py\.py$/.py/') | sort -u) ) } OLDLIST=( EMPTY ) EXTRA_LIST=() NEXT_LIST_REGEXP='\(xml\|lxml\)' ITER=1 until test "${EXTRA_LIST[*]}" = "${OLDLIST[*]}" ; do OLDLIST=( "${EXTRA_LIST[@]}" ) make_extra_list #echo "iter $ITER list: ${LIST[*]}" let ITER++ done # We have a complete list of py files dependent on xml or lxml. # Now we need a list of inx module descriptors. INX_REGEXP="${EXTRA_LIST[*]//./\\.}" INX_REGEXP="\\(>${INX_REGEXP// /<\\|>}<\\)" INX_EXTRA_LIST=( $(grep -l "$INX_REGEXP" *.inx) ) # inx files that do not belong to INX_EXTRA_LIST will be a part of INX_STD_LIST INX_STD_LIST=() for FILE in *.inx ; do eval 'case $FILE in '"$(IFS='|' ; echo "${INX_EXTRA_LIST[*]}")"') continue;; esac' INX_STD_LIST[${#INX_STD_LIST[@]}]=$FILE done # Now create list of py files that should belong to std package: OLDLIST=( EMPTY ) NEWLIST=( $(sed -n 's@.*<dependency type="executable" location="extensions">\(.*\)\.py</dependency>.*@\1.py@p' ${INX_STD_LIST[@]}) ) ITER=1 until test "${NEWLIST[*]}" = "${OLDLIST[*]}" ; do OLDLIST=( "${NEWLIST[@]}" ) make_deplist #echo "iter $ITER list: ${LIST[*]}" let ITER++ done STD_LIST=( "${NEWLIST[@]}" ) # Now create list of py files that are required by extra modules: # (If no std module needs it, then they will belong to extra package.) OLDLIST=( EMPTY ) NEWLIST=( $(sed -n 's@.*<dependency type="executable" location="extensions">\(.*\)\.py</dependency>.*@\1.py@p' ${INX_EXTRA_LIST[@]}) ) ITER=1 until test "${NEWLIST[*]}" = "${OLDLIST[*]}" ; do OLDLIST=( "${NEWLIST[@]}" ) make_deplist #echo "iter $ITER list: ${LIST[*]}" let ITER++ done EXTRADEP_LIST=( ${NEWLIST[@]} ) # And now verify everything and generate final list: # Now its safe to ignore subdirectory issue - we know where they belong. RC=0 IFS=$'\n' exec 3>$OLDPWD/inkscape.lst echo >&3 "%defattr(-,root,root)" for FILE in ${INX_STD_LIST[@]} ; do echo >&3 $2$FILE done exec 4>$OLDPWD/inkscape-extensions-extra.lst echo >&4 "%defattr(-,root,root)" for FILE in ${INX_EXTRA_LIST[@]} ; do echo >&4 $2$FILE done for FILE in *.py ; do eval ' case $FILE in cdr*|dia*|fig*|*gimp*|sk*) continue;; '"$(IFS='|' ; echo "${EXTRA_LIST[*]}")"') echo >&4 $2$FILE; continue;; '"$(IFS='|' ; echo "${STD_LIST[*]}")"') echo >&3 $2$FILE; continue;; '"$(IFS='|' ; echo "${EXTRADEP_LIST[*]}")"') echo >&4 $2$FILE; continue;; esac' echo "ERROR: Undecided file $FILE" RC=1 done exec 3>&- exec 4>&- exit $RC ++++++ openSUSE.gpl ++++++ GIMP Palette Name: openSUSE Columns: 7 # 252 177 28 Orange Light 255 255 102 Butter Light 145 208 7 Lemon Light 212 196 255 Plum Light 80 128 255 Sky Light 186 189 182 Dust Light 255 77 77 Blood Light 227 83 2 Orange 178 178 71 Butter 33 120 8 Lemon 77 68 102 Plum 0 0 116 Sky 46 52 54 Dust 140 0 0 Blood 115 186 37 SUSE Green -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
