File inkscape-XXE-attacks.patch of Package inkscape
=== modified file 'src/preferences-skeleton.h'
Index: src/preferences-skeleton.h
===================================================================
--- src/preferences-skeleton.h.orig
+++ src/preferences-skeleton.h
@@ -315,6 +315,10 @@ static char const preferences_skeleton[]
" clips=\"16711935\"" // 00ff00ff
" masks=\"65535\"/>\n" // 0x0000ffff
" <group id=\"svgoutput\" usenamedcolors=\"0\" numericprecision=\"8\" minimumexponent=\"-8\" inlineattrs=\"0\" indent=\"2\" allowrelativecoordinates=\"1\" forcerepeatcommands=\"0\"/>\n"
+" <group id=\"externalresources\">\n"
+" <group id=\"xml\" "
+" allow_net_access=\"0\"/>\n"
+" </group>\n"
" <group id=\"forkgradientvectors\" value=\"1\"/>\n"
" <group id=\"iconrender\" named_nodelay=\"0\"/>\n"
" <group id=\"autosave\" enable=\"0\" interval=\"10\" path=\"\" max=\"10\"/>\n"
Index: src/ui/dialog/ocaldialogs.cpp
===================================================================
--- src/ui/dialog/ocaldialogs.cpp.orig 2013-02-07 11:29:51.108390175 +0100
+++ src/ui/dialog/ocaldialogs.cpp 2013-02-07 11:32:19.381973304 +0100
@@ -468,9 +468,17 @@
xmlDoc *doc = NULL;
xmlNode *root_element = NULL;
+ int parse_options = XML_PARSE_RECOVER + XML_PARSE_NOWARNING + XML_PARSE_NOERROR; // do not use XML_PARSE_NOENT ! see bug lp:1025185
+ prefs = Inkscape::Preferences::get();
+ bool allowNetAccess = prefs->getBool("/options/externalresources/xml/allow_net_access", false);
+ if (!allowNetAccess) {
+ parse_options |= XML_PARSE_NONET;
+ }
+
+
doc = xmlReadIO ((xmlInputReadCallback) vfs_read_callback,
- (xmlInputCloseCallback) gnome_vfs_close, from_handle, uri.c_str(), NULL,
- XML_PARSE_RECOVER);
+ (xmlInputCloseCallback) gnome_vfs_close, from_handle, uri.c_str(), NULL, parse_options);
+
if (doc == NULL) {
sp_ui_error_dialog(_("Server supplied malformed Clip Art feed"));
g_warning("Failed to parse %s\n", uri.c_str());
Index: src/xml/repr-io.cpp
===================================================================
--- src/xml/repr-io.cpp.orig
+++ src/xml/repr-io.cpp
@@ -289,12 +289,18 @@ sp_repr_read_file (const gchar * filenam
XmlSource src;
if ( (src.setFile(filename) == 0) ) {
- doc = xmlReadIO( XmlSource::readCb,
+ int parse_options = XML_PARSE_HUGE; // do not use XML_PARSE_NOENT ! see bug lp:1025185
+ Inkscape::Preferences *prefs = Inkscape::Preferences::get();
+ bool allowNetAccess = prefs->getBool("/options/externalresources/xml/allow_net_access", false);
+ if (!allowNetAccess) {
+ parse_options |= XML_PARSE_NONET;
+ }
+ doc = xmlReadIO( XmlSource::readCb,
XmlSource::closeCb,
&src,
localFilename,
src.getEncoding(),
- XML_PARSE_NOENT );
+ parse_options);
}
}