Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:GA
xmlgraphics-batik.15494
xmlgraphics-batik-CVE-2019-17566.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xmlgraphics-batik-CVE-2019-17566.patch of Package xmlgraphics-batik.15494
--- batik-1.10/batik-svgrasterizer/src/main/java/org/apache/batik/apps/rasterizer/Main.java 2018-05-11 13:45:44.000000000 +0200 +++ batik-1.10/batik-svgrasterizer/src/main/java/org/apache/batik/apps/rasterizer/Main.java 2020-06-16 17:14:43.603968449 +0200 @@ -501,6 +501,12 @@ public static String CL_OPTION_CONSTRAIN_SCRIPT_ORIGIN_DESCRIPTION = Messages.get("Main.cl.option.constrain.script.origin.description", "No description"); + public static String CL_OPTION_BLOCK_EXTERNAL_RESOURCES + = Messages.get("Main.cl.option.block.external.resources", "-blockExternalResources"); + + public static String CL_OPTION_BLOCK_EXTERNAL_RESOURCES_DESCRIPTION + = Messages.get("Main.cl.option.block.external.resources.description", "No description"); + /** * Option to turn off secure execution of scripts */ @@ -829,6 +835,17 @@ return CL_OPTION_SECURITY_OFF_DESCRIPTION; } }); + + optionMap.put(CL_OPTION_BLOCK_EXTERNAL_RESOURCES, + new NoValueOptionHandler(){ + public void handleOption(SVGConverter c){ + c.allowExternalResources = false; + } + + public String getOptionDescription(){ + return CL_OPTION_BLOCK_EXTERNAL_RESOURCES_DESCRIPTION; + } + }); } /** --- batik-1.10/batik-svgrasterizer/src/main/java/org/apache/batik/apps/rasterizer/SVGConverter.java 2018-05-11 13:45:44.000000000 +0200 +++ batik-1.10/batik-svgrasterizer/src/main/java/org/apache/batik/apps/rasterizer/SVGConverter.java 2020-06-16 17:15:10.583969053 +0200 @@ -253,6 +253,8 @@ the document which references them. */ protected boolean constrainScriptOrigin = true; + protected boolean allowExternalResources = true; + /** Controls whether scripts should be run securely or not */ protected boolean securityOff = false; @@ -925,6 +927,10 @@ map.put(ImageTranscoder.KEY_CONSTRAIN_SCRIPT_ORIGIN, Boolean.FALSE); } + if (!allowExternalResources) { + map.put(ImageTranscoder.KEY_ALLOW_EXTERNAL_RESOURCES, Boolean.FALSE); + } + return map; } --- batik-1.10/batik-transcoder/src/main/java/org/apache/batik/transcoder/SVGAbstractTranscoder.java 2018-05-11 13:45:44.000000000 +0200 +++ batik-1.10/batik-transcoder/src/main/java/org/apache/batik/transcoder/SVGAbstractTranscoder.java 2020-06-16 17:15:37.591969657 +0200 @@ -33,8 +33,10 @@ import org.apache.batik.bridge.BridgeContext; import org.apache.batik.bridge.BridgeException; import org.apache.batik.bridge.DefaultScriptSecurity; +import org.apache.batik.bridge.ExternalResourceSecurity; import org.apache.batik.bridge.GVTBuilder; import org.apache.batik.bridge.NoLoadScriptSecurity; +import org.apache.batik.bridge.NoLoadExternalResourceSecurity; import org.apache.batik.bridge.RelaxedScriptSecurity; import org.apache.batik.bridge.SVGUtilities; import org.apache.batik.bridge.ScriptSecurity; @@ -877,6 +879,9 @@ = new BooleanKey(); + public static final TranscodingHints.Key KEY_ALLOW_EXTERNAL_RESOURCES + = new BooleanKey(); + /** * A user agent implementation for <code>PrintTranscoder</code>. */ @@ -1109,5 +1114,19 @@ } } + public ExternalResourceSecurity getExternalResourceSecurity(ParsedURL resourceURL, ParsedURL docURL) { + if (isAllowExternalResources()) { + return super.getExternalResourceSecurity(resourceURL, docURL); + } + return new NoLoadExternalResourceSecurity(); + } + + public boolean isAllowExternalResources() { + Boolean b = (Boolean)SVGAbstractTranscoder.this.hints.get(KEY_ALLOW_EXTERNAL_RESOURCES); + if (b != null) { + return b; + } + return true; + } } }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor