Bug 173993
Summary: | inkscape: update to 0.43 (fixes arbitrary code execution) | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ville Skyttä <scop> |
Component: | inkscape | Assignee: | Denis Leroy <denis> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | extras-qa, hdegoede, jeff, mattdm |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-01-16 23:10:20 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ville Skyttä
2005-11-23 14:56:25 UTC
The FC-4 build will be out in a jiffy, but devel still needs updating. I'm working on it. It needs patches for g++ 4.1.0. Denis need help? (Dangerous offer I'm fluent in C, but the ++ part is not my speciality) Surem i could use some QA, cos i won't have access to my rawhide vmware until i'm back to the US on the 15th. It's fixed in CVS, so it just needs to be tested, tagged and built. I'm not sure it's yet time to enable the Loudmouth/Inkboard stuff -- from the release notes, "Inkboard has known bugs, and may present security issues." Could it at least be made an easy-to-disable build flag at the top of the spec file? (Or, moved to a subpackage, if that's possible.) An excellent point, and after all this is Rawhide, so the point of this release is also to determine whether that feature is ready or not. To tell you the truth, i was unable to use it at all, all my attemps resulted in crashes, though they seem to come from the loudmouth code rather than from the inkscape code. The SUSE devel guys do enable it. A local compile works fine on my fully up2date rawhide x86_64. It runs fine too, this the first time I've used inkscape and I must say its a nice tool. I've tested all the drawing tools, but thats about as far as I can do QA for you my main reason the offer help was because I'm trying to get any security bugs closed, not because I'm an inkscape user. (although I may become one in the future). I've also done a small patch to the spec to silence a bunch of warnings, leaving the more usefull ones, which otherwise got drowned out. Someone should take a look at most of them, especially those about ignoring system call ret values. Here is the patch: diff -u -r1.24 inkscape.spec --- inkscape.spec 18 Dec 2005 03:00:15 -0000 1.24 +++ inkscape.spec 5 Jan 2006 19:47:25 -0000 @@ -59,6 +59,8 @@ %build +export CFLAGS="$RPM_OPT_FLAGS -Wno-unused-parameter" +export CXXFLAGS="$RPM_OPT_FLAGS -Wno-unused-parameter" %configure \ --enable-static=no \ --with-python \ Done. i'll file a seperate bug for the whiteboard issues. |