Bug 173993 - inkscape: update to 0.43 (fixes arbitrary code execution)
inkscape: update to 0.43 (fixes arbitrary code execution)
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: inkscape (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Denis Leroy
Fedora Extras Quality Assurance
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-23 09:56 EST by Ville Skyttä
Modified: 2007-11-30 17:11 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-01-16 18:10:20 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ville Skyttä 2005-11-23 09:56:25 EST
0.43 is out, IIUC fixing an arbitrary code execution vulnerability. 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894
Comment 1 Ville Skyttä 2005-12-15 14:29:14 EST
The FC-4 build will be out in a jiffy, but devel still needs updating.
Comment 2 Denis Leroy 2005-12-15 15:13:51 EST
I'm working on it. It needs patches for g++ 4.1.0.
Comment 3 Hans de Goede 2006-01-05 06:15:43 EST
Denis need help? (Dangerous offer I'm fluent in C, but the ++ part is not my
speciality)
Comment 4 Denis Leroy 2006-01-05 06:30:40 EST
Surem i could use some QA, cos i won't have access to my rawhide vmware until
i'm back to the US on the 15th. It's fixed in CVS, so it just needs to be
tested, tagged and built.
Comment 5 Matthew Miller 2006-01-05 10:56:38 EST
I'm not sure it's yet time to enable the Loudmouth/Inkboard stuff -- from the
release notes, "Inkboard has known bugs, and may present security issues." Could
it at least be made an easy-to-disable build flag at the top of the spec file?
(Or, moved to a subpackage, if that's possible.)
Comment 6 Denis Leroy 2006-01-05 11:39:35 EST
An excellent point, and after all this is Rawhide, so the point of this release
is also to determine whether that feature is ready or not. To tell you the
truth, i was unable to use it at all, all my attemps resulted in crashes, though
they seem to come from the loudmouth code rather than from the inkscape code.
The SUSE devel guys do enable it.
Comment 7 Hans de Goede 2006-01-05 14:47:04 EST
A local compile works fine on my fully up2date rawhide x86_64. It runs fine too,
this the first time I've used inkscape and I must say its a nice tool. I've
tested all the drawing tools, but thats about as far as I can do QA for you my
main reason the offer help was because I'm trying to get any security bugs
closed, not because I'm an inkscape user. (although I may become one in the future).

I've also done a small patch to the spec to silence a bunch of warnings, leaving
the more usefull ones, which otherwise got drowned out. Someone should take a
look at most of them, especially those about ignoring system call ret values.

Here is the patch:
diff -u -r1.24 inkscape.spec
--- inkscape.spec       18 Dec 2005 03:00:15 -0000      1.24
+++ inkscape.spec       5 Jan 2006 19:47:25 -0000
@@ -59,6 +59,8 @@
 
 
 %build
+export CFLAGS="$RPM_OPT_FLAGS -Wno-unused-parameter"
+export CXXFLAGS="$RPM_OPT_FLAGS -Wno-unused-parameter"
 %configure             \
 --enable-static=no     \
 --with-python          \
Comment 8 Denis Leroy 2006-01-16 18:10:20 EST
Done. i'll file a seperate bug for the whiteboard issues.

Note You need to log in before you can comment on or make changes to this bug.