r109758 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r109757‎ | r109758 | r109759 >
Date:21:20, 22 January 2012
Author:tstarling
Status:deferred
Tags:
Comment:
* Refreshed and re-added wikimedia-brand.patch, based on the hardy one
* Wrote a new security patch, aimed at upstream compatibility. Instead of external file references simply being patched out, a new command line option is added to rsvg-convert allowing external file references to be disabled.
Modified paths:
  • /trunk/debs/librsvg/debian/changelog (modified) (history)
  • /trunk/debs/librsvg/debian/patches/no-external-files.patch (added) (history)
  • /trunk/debs/librsvg/debian/patches/wikimedia-brand.patch (added) (history)

Diff [purge]

Index: trunk/debs/librsvg/debian/changelog
@@ -1,3 +1,11 @@
 2+librsvg (2.26.3-0wm1) lucid-wikimedia; urgency=low
 3+
 4+ * Refreshed and re-added wikimedia-brand.patch from Hardy
 5+ * Added a patch to allow external file references to be disabled with a
 6+ command-line option.
 7+
 8+ -- Tim Starling <tstarling@wikimedia.org> Sun, 22 Jan 2012 13:16:53 -0800
 9+
210 librsvg (2.26.3-0ubuntu1.1) lucid-security; urgency=low
311
412 * SECURITY UPDATE: fix arbitrary execution of fake node types.
Index: trunk/debs/librsvg/debian/patches/wikimedia-brand.patch
@@ -0,0 +1,26 @@
 2+Index: librsvg-2.26.3/rsvg-convert.c
 3+===================================================================
 4+--- librsvg-2.26.3.orig/rsvg-convert.c 2012-01-20 13:10:59.489183785 -0800
 5+@@ -190,7 +190,7 @@
 6+ g_option_context_free (g_option_context);
 7+
 8+ if (bVersion != 0) {
 9+- printf (_("rsvg-convert version %s\n"), VERSION);
 10++ printf (_("rsvg-convert version %s (Wikimedia)\n"), VERSION);
 11+ return 0;
 12+ }
 13+
 14+Index: librsvg-2.26.3/rsvg.in
 15+===================================================================
 16+--- librsvg-2.26.3.orig/rsvg.in 2012-01-20 13:12:14.258241311 -0800
 17+@@ -45,7 +45,7 @@
 18+
 19+ for o, a in opts:
 20+ if o in ("-v", "--version"):
 21+- print "rsvg version %s" % ("@VERSION@")
 22++ print "rsvg version %s (Wikimedia)" % ("@VERSION@")
 23+ sys.exit(0)
 24+ elif o in ("--usage"):
 25+ usage()
Index: trunk/debs/librsvg/debian/patches/no-external-files.patch
@@ -0,0 +1,201 @@
 2+Index: librsvg-2.26.3/rsvg-base-file-util.c
 3+===================================================================
 4+--- librsvg-2.26.3.orig/rsvg-base-file-util.c 2012-01-22 12:48:11.627106466 -0800
 5+@@ -91,7 +91,7 @@
 6+ rsvg_return_val_if_fail (file_name != NULL, NULL, error);
 7+
 8+ base_uri = rsvg_get_base_uri_from_filename (file_name);
 9+- f = _rsvg_acquire_xlink_href_resource (file_name, base_uri, error);
 10++ f = _rsvg_acquire_xlink_href_resource_insecure (file_name, base_uri, error);
 11+
 12+ if (f) {
 13+ handle = rsvg_handle_new ();
 14+Index: librsvg-2.26.3/rsvg-base.c
 15+===================================================================
 16+--- librsvg-2.26.3.orig/rsvg-base.c 2012-01-22 12:48:11.627106466 -0800
 17+@@ -64,6 +64,8 @@
 18+ double rsvg_internal_dpi_x = RSVG_DEFAULT_DPI_X;
 19+ double rsvg_internal_dpi_y = RSVG_DEFAULT_DPI_Y;
 20+
 21++gboolean rsvg_allow_external_files = TRUE;
 22++
 23+ static xmlSAXHandler rsvgSAXHandlerStruct;
 24+ static gboolean rsvgSAXHandlerStructInited = FALSE;
 25+
 26+@@ -1536,6 +1538,24 @@
 27+ return rsvg_defs_lookup (handle->priv->defs, id) != NULL;
 28+ }
 29+
 30++/**
 31++ * rsvg_set_allow_external_files
 32++ * @allow: Whether to allow external files
 33++ *
 34++ * Sets a global variable enabling or disabling file or other URI
 35++ * references within SVG files.
 36++ *
 37++ * Returns: the previous value of the variable
 38++ *
 39++ * Since: Wikimedia patch
 40++ */
 41++gboolean rsvg_set_allow_external_files (gboolean allow)
 42++{
 43++ gboolean previous = rsvg_allow_external_files;
 44++ rsvg_allow_external_files = allow;
 45++ return previous;
 46++}
 47++
 48+ /**
 49+ * rsvg_set_default_dpi
 50+ * @dpi: Dots Per Inch (aka Pixels Per Inch)
 51+Index: librsvg-2.26.3/rsvg-file-util.c
 52+===================================================================
 53+--- librsvg-2.26.3.orig/rsvg-file-util.c 2012-01-22 12:48:11.627106466 -0800
 54+@@ -189,7 +189,7 @@
 55+ GByteArray *f;
 56+ GString *base_uri = g_string_new (file_name);
 57+
 58+- f = _rsvg_acquire_xlink_href_resource (file_name, base_uri->str, error);
 59++ f = _rsvg_acquire_xlink_href_resource_insecure (file_name, base_uri->str, error);
 60+
 61+ if (f) {
 62+ pixbuf = rsvg_pixbuf_from_stdio_file_with_size_data (f, data, base_uri->str, error);
 63+Index: librsvg-2.26.3/rsvg-image.c
 64+===================================================================
 65+--- librsvg-2.26.3.orig/rsvg-image.c 2012-01-22 12:48:11.627106466 -0800
 66+@@ -359,6 +359,24 @@
 67+ GByteArray *
 68+ _rsvg_acquire_xlink_href_resource (const char *href, const char *base_uri, GError ** err)
 69+ {
 70++ if (!(href && *href))
 71++ return NULL;
 72++
 73++ if (rsvg_allow_external_files)
 74++ return _rsvg_acquire_xlink_href_resource_insecure (href, base_uri, err);
 75++ else {
 76++ /* No external files: allow only the data: protocol */
 77++ if (!strncmp (href, "data:", 5))
 78++ return rsvg_acquire_base64_resource (href, NULL);
 79++ else
 80++ return NULL;
 81++ }
 82++}
 83++
 84++
 85++GByteArray *
 86++_rsvg_acquire_xlink_href_resource_insecure (const char *href, const char *base_uri, GError ** err)
 87++{
 88+ GByteArray *arr = NULL;
 89+
 90+ if (!(href && *href))
 91+@@ -378,6 +396,11 @@
 92+ return arr;
 93+ }
 94+
 95++/**
 96++ * Create a new pixbuf from a given URL.
 97++ * Note that with external files disabled, this will only allow data: URIs,
 98++ * because this function is called for an externally referenced image
 99++ */
 100+ GdkPixbuf *
 101+ rsvg_pixbuf_new_from_href (const char *href, const char *base_uri, GError ** error)
 102+ {
 103+Index: librsvg-2.26.3/rsvg-private.h
 104+===================================================================
 105+--- librsvg-2.26.3.orig/rsvg-private.h 2012-01-22 12:48:11.627106466 -0800
 106+@@ -43,6 +43,8 @@
 107+
 108+ G_BEGIN_DECLS
 109+
 110++gboolean rsvg_allow_external_files;
 111++
 112+ typedef struct RsvgSaxHandler RsvgSaxHandler;
 113+ typedef struct RsvgDrawingCtx RsvgDrawingCtx;
 114+ typedef struct RsvgRender RsvgRender;
 115+@@ -287,6 +289,8 @@
 116+ gchar *rsvg_get_base_uri_from_filename (const gchar * file_name);
 117+ GByteArray *_rsvg_acquire_xlink_href_resource (const char *href,
 118+ const char *base_uri, GError ** err);
 119++GByteArray *_rsvg_acquire_xlink_href_resource_insecure (const char *href,
 120++ const char *base_uri, GError ** err);
 121+
 122+ void rsvg_pop_discrete_layer (RsvgDrawingCtx * ctx);
 123+ void rsvg_push_discrete_layer (RsvgDrawingCtx * ctx);
 124+Index: librsvg-2.26.3/rsvg.h
 125+===================================================================
 126+--- librsvg-2.26.3.orig/rsvg.h 2012-01-22 12:48:11.627106466 -0800
 127+@@ -110,6 +110,8 @@
 128+ void rsvg_init (void);
 129+ void rsvg_term (void);
 130+
 131++gboolean rsvg_set_allow_external_files (gboolean allow);
 132++
 133+ void rsvg_set_default_dpi (double dpi);
 134+ void rsvg_set_default_dpi_x_y (double dpi_x, double dpi_y);
 135+
 136+Index: librsvg-2.26.3/test-display.c
 137+===================================================================
 138+--- librsvg-2.26.3.orig/test-display.c 2012-01-22 12:48:11.627106466 -0800
 139+@@ -855,7 +855,7 @@
 140+ if (base_uri == NULL)
 141+ base_uri = (char *) args[0];
 142+
 143+- info.svg_bytes = _rsvg_acquire_xlink_href_resource (args[0], base_uri, NULL);
 144++ info.svg_bytes = _rsvg_acquire_xlink_href_resource_insecure (args[0], base_uri, NULL);
 145+ } else {
 146+ info.svg_bytes = g_byte_array_new ();
 147+
 148+Index: librsvg-2.26.3/rsvg-convert.c
 149+===================================================================
 150+--- librsvg-2.26.3.orig/rsvg-convert.c 2012-01-22 12:48:11.631106528 -0800
 151+@@ -127,6 +127,7 @@
 152+ int width = -1;
 153+ int height = -1;
 154+ int bVersion = 0;
 155++ int bNoExternalFiles = 0;
 156+ char *format = NULL;
 157+ char *output = NULL;
 158+ int keep_aspect_ratio = FALSE;
 159+@@ -170,6 +171,7 @@
 160+ N_("set the background color [optional; defaults to None]"), N_("[black, white, #abccee, #aaa...]")},
 161+ {"version", 'v', 0, G_OPTION_ARG_NONE, &bVersion, N_("show version information"), NULL},
 162+ {"base-uri", 'b', 0, G_OPTION_ARG_STRING, &base_uri, N_("base uri"), NULL},
 163++ {"no-external-files", '\0', 0, G_OPTION_ARG_NONE, &bNoExternalFiles, N_("do not allow external files")},
 164+ {G_OPTION_REMAINING, 0, 0, G_OPTION_ARG_FILENAME_ARRAY, &args, NULL, N_("[FILE...]")},
 165+ {NULL}
 166+ };
 167+@@ -219,6 +221,7 @@
 168+
 169+ rsvg_init ();
 170+ rsvg_set_default_dpi_x_y (dpi_x, dpi_y);
 171++ rsvg_set_allow_external_files (!bNoExternalFiles);
 172+
 173+ for (i = 0; i < n_args; i++) {
 174+
 175+Index: librsvg-2.26.3/librsvg.def
 176+===================================================================
 177+--- librsvg-2.26.3.orig/librsvg.def 2012-01-22 13:07:17.135553149 -0800
 178+@@ -2,6 +2,7 @@
 179+ rsvg_error_get_type
 180+ rsvg_init
 181+ rsvg_term
 182++rsvg_set_allow_external_files
 183+ rsvg_set_default_dpi
 184+ rsvg_set_default_dpi_x_y
 185+ rsvg_handle_set_dpi
 186+@@ -34,6 +35,7 @@
 187+ rsvg_handle_get_type
 188+ _rsvg_size_callback
 189+ _rsvg_acquire_xlink_href_resource
 190++_rsvg_acquire_xlink_href_resource_insecure
 191+ _rsvg_register_types
 192+ rsvg_defs_lookup
 193+ rsvg_pixbuf_from_data_with_size_data