Hi there,
I have checked out the source for the Debian packaging from [1] and
ported the changes [2] to fix the vulnerability CVE-2012-5656. I have
created a patch and I would be willing to do an NMU to help closing
this bug.
Cheers,
Adrian
> [1] http://anonscm.debian.org/gitweb/?p=git/collab-maint/inkscape.git
> [2] http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaub...@debian.org
`. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
>From eaa98e6b71d66195f0ca76358b85cca64d611fd9 Mon Sep 17 00:00:00 2001
From: John Paul Adrian Glaubitz <glaub...@physik.fu-berlin.de>
Date: Sun, 23 Dec 2012 18:22:16 +0100
Subject: [PATCH] Apply changes from upstream svn commit 11931 to fix
CVE-2012-5656.
---
src/preferences-skeleton.h | 4 ++++
src/ui/dialog/ocaldialogs.cpp | 10 ++++++++--
src/xml/repr-io.cpp | 8 +++++++-
3 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/src/preferences-skeleton.h b/src/preferences-skeleton.h
index 32f4b7c..e4dd2c8 100644
--- a/src/preferences-skeleton.h
+++ b/src/preferences-skeleton.h
@@ -315,6 +315,10 @@ static char const preferences_skeleton[] =
" clips=\"16711935\"" // 00ff00ff
" masks=\"65535\"/>\n" // 0x0000ffff
" <group id=\"svgoutput\" usenamedcolors=\"0\" numericprecision=\"8\" minimumexponent=\"-8\" inlineattrs=\"0\" indent=\"2\" allowrelativecoordinates=\"1\" forcerepeatcommands=\"0\"/>\n"
+" <group id=\"externalresources\">\n"
+" <group id=\"xml\" "
+" allow_net_access=\"0\"/>\n"
+" </group>\n"
" <group id=\"forkgradientvectors\" value=\"1\"/>\n"
" <group id=\"iconrender\" named_nodelay=\"0\"/>\n"
" <group id=\"autosave\" enable=\"0\" interval=\"10\" path=\"\" max=\"10\"/>\n"
diff --git a/src/ui/dialog/ocaldialogs.cpp b/src/ui/dialog/ocaldialogs.cpp
index 2ae7d69..63c56f7 100644
--- a/src/ui/dialog/ocaldialogs.cpp
+++ b/src/ui/dialog/ocaldialogs.cpp
@@ -468,9 +468,15 @@ void FileImportFromOCALDialog::searchTagEntryChangedCallback()
xmlDoc *doc = NULL;
xmlNode *root_element = NULL;
+ int parse_options = XML_PARSE_RECOVER + XML_PARSE_NOWARNING + XML_PARSE_NOERROR; // do not use XML_PARSE_NOENT ! see bug lp:1025185
+ Inkscape::Preferences *prefs = Inkscape::Preferences::get();
+ bool allowNetAccess = prefs->getBool("/options/externalresources/xml/allow_net_access", false);
+ if (!allowNetAccess) {
+ parse_options |= XML_PARSE_NONET;
+ }
+
doc = xmlReadIO ((xmlInputReadCallback) vfs_read_callback,
- (xmlInputCloseCallback) gnome_vfs_close, from_handle, uri.c_str(), NULL,
- XML_PARSE_RECOVER + XML_PARSE_NOWARNING + XML_PARSE_NOERROR);
+ (xmlInputCloseCallback) gnome_vfs_close, from_handle, uri.c_str(), NULL, parse_options);
if (doc == NULL) {
sp_ui_error_dialog(_("Server supplied malformed Clip Art feed"));
g_warning("Failed to parse %s\n", uri.c_str());
diff --git a/src/xml/repr-io.cpp b/src/xml/repr-io.cpp
index fa5e9b6..088b505 100644
--- a/src/xml/repr-io.cpp
+++ b/src/xml/repr-io.cpp
@@ -289,12 +289,18 @@ sp_repr_read_file (const gchar * filename, const gchar *default_ns)
XmlSource src;
if ( (src.setFile(filename) == 0) ) {
+ int parse_options = XML_PARSE_HUGE; // do not use XML_PARSE_NOENT ! see bug lp:1025185
+ Inkscape::Preferences *prefs = Inkscape::Preferences::get();
+ bool allowNetAccess = prefs->getBool("/options/externalresources/xml/allow_net_access", false);
+ if (!allowNetAccess) {
+ parse_options |= XML_PARSE_NONET;
+ }
doc = xmlReadIO( XmlSource::readCb,
XmlSource::closeCb,
&src,
localFilename,
src.getEncoding(),
- XML_PARSE_NOENT );
+ parse_options);
}
}
--
1.7.10.4
