Red Hat Bugzilla – Bug 173993
inkscape: update to 0.43 (fixes arbitrary code execution)
Last modified: 2007-11-30 17:11:17 EST
0.43 is out, IIUC fixing an arbitrary code execution vulnerability.
The FC-4 build will be out in a jiffy, but devel still needs updating.
I'm working on it. It needs patches for g++ 4.1.0.
Denis need help? (Dangerous offer I'm fluent in C, but the ++ part is not my
Surem i could use some QA, cos i won't have access to my rawhide vmware until
i'm back to the US on the 15th. It's fixed in CVS, so it just needs to be
tested, tagged and built.
I'm not sure it's yet time to enable the Loudmouth/Inkboard stuff -- from the
release notes, "Inkboard has known bugs, and may present security issues." Could
it at least be made an easy-to-disable build flag at the top of the spec file?
(Or, moved to a subpackage, if that's possible.)
An excellent point, and after all this is Rawhide, so the point of this release
is also to determine whether that feature is ready or not. To tell you the
truth, i was unable to use it at all, all my attemps resulted in crashes, though
they seem to come from the loudmouth code rather than from the inkscape code.
The SUSE devel guys do enable it.
A local compile works fine on my fully up2date rawhide x86_64. It runs fine too,
this the first time I've used inkscape and I must say its a nice tool. I've
tested all the drawing tools, but thats about as far as I can do QA for you my
main reason the offer help was because I'm trying to get any security bugs
closed, not because I'm an inkscape user. (although I may become one in the future).
I've also done a small patch to the spec to silence a bunch of warnings, leaving
the more usefull ones, which otherwise got drowned out. Someone should take a
look at most of them, especially those about ignoring system call ret values.
Here is the patch:
diff -u -r1.24 inkscape.spec
--- inkscape.spec 18 Dec 2005 03:00:15 -0000 1.24
+++ inkscape.spec 5 Jan 2006 19:47:25 -0000
@@ -59,6 +59,8 @@
+export CFLAGS="$RPM_OPT_FLAGS -Wno-unused-parameter"
+export CXXFLAGS="$RPM_OPT_FLAGS -Wno-unused-parameter"
Done. i'll file a seperate bug for the whiteboard issues.