Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2:Test
inkscape
inkscape-XXE-attacks.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File inkscape-XXE-attacks.patch of Package inkscape
=== modified file 'src/preferences-skeleton.h' Index: src/preferences-skeleton.h =================================================================== --- src/preferences-skeleton.h.orig +++ src/preferences-skeleton.h @@ -315,6 +315,10 @@ static char const preferences_skeleton[] " clips=\"16711935\"" // 00ff00ff " masks=\"65535\"/>\n" // 0x0000ffff " <group id=\"svgoutput\" usenamedcolors=\"0\" numericprecision=\"8\" minimumexponent=\"-8\" inlineattrs=\"0\" indent=\"2\" allowrelativecoordinates=\"1\" forcerepeatcommands=\"0\"/>\n" +" <group id=\"externalresources\">\n" +" <group id=\"xml\" " +" allow_net_access=\"0\"/>\n" +" </group>\n" " <group id=\"forkgradientvectors\" value=\"1\"/>\n" " <group id=\"iconrender\" named_nodelay=\"0\"/>\n" " <group id=\"autosave\" enable=\"0\" interval=\"10\" path=\"\" max=\"10\"/>\n" Index: src/ui/dialog/ocaldialogs.cpp =================================================================== --- src/ui/dialog/ocaldialogs.cpp.orig 2013-02-07 11:29:51.108390175 +0100 +++ src/ui/dialog/ocaldialogs.cpp 2013-02-07 11:32:19.381973304 +0100 @@ -468,9 +468,17 @@ xmlDoc *doc = NULL; xmlNode *root_element = NULL; + int parse_options = XML_PARSE_RECOVER + XML_PARSE_NOWARNING + XML_PARSE_NOERROR; // do not use XML_PARSE_NOENT ! see bug lp:1025185 + prefs = Inkscape::Preferences::get(); + bool allowNetAccess = prefs->getBool("/options/externalresources/xml/allow_net_access", false); + if (!allowNetAccess) { + parse_options |= XML_PARSE_NONET; + } + + doc = xmlReadIO ((xmlInputReadCallback) vfs_read_callback, - (xmlInputCloseCallback) gnome_vfs_close, from_handle, uri.c_str(), NULL, - XML_PARSE_RECOVER); + (xmlInputCloseCallback) gnome_vfs_close, from_handle, uri.c_str(), NULL, parse_options); + if (doc == NULL) { sp_ui_error_dialog(_("Server supplied malformed Clip Art feed")); g_warning("Failed to parse %s\n", uri.c_str()); Index: src/xml/repr-io.cpp =================================================================== --- src/xml/repr-io.cpp.orig +++ src/xml/repr-io.cpp @@ -289,12 +289,18 @@ sp_repr_read_file (const gchar * filenam XmlSource src; if ( (src.setFile(filename) == 0) ) { - doc = xmlReadIO( XmlSource::readCb, + int parse_options = XML_PARSE_HUGE; // do not use XML_PARSE_NOENT ! see bug lp:1025185 + Inkscape::Preferences *prefs = Inkscape::Preferences::get(); + bool allowNetAccess = prefs->getBool("/options/externalresources/xml/allow_net_access", false); + if (!allowNetAccess) { + parse_options |= XML_PARSE_NONET; + } + doc = xmlReadIO( XmlSource::readCb, XmlSource::closeCb, &src, localFilename, src.getEncoding(), - XML_PARSE_NOENT ); + parse_options); } }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
