Re: [Clipart] clipartbrowser 0.41
by Greg Steffensen
Ok, the clipartbrowser cvs module is now synched up again with the latest
tarballs, and the cannonical download location for releases is now
http://www.python.org/pypi/clipartbrowser
(it used to be on Berlios). If you download a release (they work better than
ever :), install using "python setup.py install" (assuming you have the
dependencies met). The "easy_install" method mentioned earlier works too.
Greg
On 9/20/05, Greg Steffensen <greg.steffensen@...400...> wrote:
>
> I didn't explain the technical situtation with the install method very
> well. Basically, if I write a file "setup.py" that defines certain
> information, users should be able to execute "python setup.py install" to
> install the program correctly, and I should be able to execute commands
> "python setup.py bdist_win" to create actual win32 EXE files containing
> pretty automated installer GUIs. In addition, users will be able to install
> the way I described in the release email as well. In general, setup.pyuses the "setuptools" which are the successor to the "distutils", which is
> the distribution/installation tools included with python. I'm still not
> certain whether I should use the setuptools or the older distutils, and am
> figuring stuff like that out, but they're both supposed to be the
> python-friendly replacement for Makefiles, and I'm trying to reorganize the
> code to do stuff the "correct" way.
>
> Greg
>
> On 9/20/05, Greg Steffensen <greg.steffensen@...400...> wrote:
> >
> > Hey, yeah, this is kinda what I was referring when I said that the
> > packaging isn't as polished as it needs to be. For what its worth, most of
> > the changes (bug fixes, performance improvements) actually are committed to
> > CVS; I just didn't commit commit the change in the install method simply
> > because I was having trouble figuring out how to get files like COPYING,
> > NEWS, etc. included using that method, and I didn't want to put a totally
> > messed up version into CVS. Basically, I actually really released more on a
> > whim, not because I'd worked everything out, but because I'd gone too long
> > without releasing code, wanted people to know that work was ongoing. So, at
> > a minimum, I should have indicated that this was definitely a development
> > release.
> >
> > So, solutions... in terms of where formal releases (formal tarballs)
> > should go, I actually think the python package index is definitely the
> > correct place... its now the "official" place where the python folk
> > reccomend that python projects be listed, and it will offer a number of
> > technical advantages, including publication of new releases, and
> > installation automation. I'm very happy keeping CVS at Inkscape though (not
> > that PyPI offers CVS anyway), and treating the code as a subproject of
> > Inkscape. But as long as it offers the ability to be installed standalone as
> > well, I'd like to make standalone tarballs available from PyPI. In general,
> > I'm learning more about python, and am trying to make my practices for
> > installation, etc. match accepted practice.
> >
> > I'll try to get CVS synched up with the current state of the project
> > very soon; I'm still having some trouble with the python installation tools,
> > and have sent an email to their mailing list for advice, but haven't heard
> > back yet. Once I know how to get the documentation files included, and where
> > to put the main install file (setup.py), I'll get that committed and CVS
> > will contain the official version of the code gain. Again, I would have
> > waited until this was done to release, but just felt bad about having gone
> > too long without releasing already, and was overeager to get something out.
> >
> > Anyway, does this cover the stuff you were concerned about? If not, let
> > me know. Also, you may recall that someone posted a link to a mockup for a
> > very similar project that they'd found, and I replied that this was "very
> > depressing" :). I used that mockup to develop version 0.4, and emailed
> > the designer (as the community suggested); he's finally written me back, and
> > said he's interested in contributing, which rocks. Later,
> >
> > Greg
> >
> >
> > On 9/19/05, Jon Phillips <jon@...235...> wrote:
> > >
> > > <offlist />
> > >
> > > On Mon, 2005-09-19 at 05:20 -0400, Greg Steffensen wrote:
> > > > I'm releasing another version of the clip art browser. Lots of bug
> > > > fixes, some performance improvements, code cleanups, and a new
> > > > installation procedure (yes, yet another).
> > > >
> > > > Installation is now 3 steps, and hopefully easier than ever:
> > > >
> > > > 1) Satisfy the dependencies of Python 2.4 and PyGTK 2.6.
> > > >
> > > > 2) Download and run the following script, which installs the python
> > > > setuptools:
> > > >
> > > > http://peak.telecommunity.com/dist/ez_setup.py
> > > >
> > > > 3) Run "easy_install clipartbrowser"
> > > >
> > > > As you can see, I've switched the installation system from Makefiles
> > >
> > > > to the python setuptools. The setuptools are still under development
> > > > (they're apparently going to be included in python 2.5), and I'm
> > > still
> > > > very much learning how to use them, so the packaging isn't as
> > > polished
> > > > as it needs to be, but this makes installation a breeze. Eventually,
> > > > it should allow arbitrary python dependencies to be intelligently
> > > > installed as well using the same process.
> > > >
> > > > I'm still working on getting this integrated back into the Inkscape
> > > > effects menu, that's next on the list. As always, feedback greatly
> > > > appreciated.
> > > >
> > > Greg,
> > >
> > > I thought we were going to do the next release from Inkscape CVS? What
> > > you have done is a non-standard release of the project now that we
> > > consolidated the code into Inkscape.
> > >
> > > Also, you have now used a non-standard approach to packaging which
> > > then
> > > again breaks what users and developers are use to.
> > >
> > > The major thing though is that we were going to do a solid release
> > > which
> > > means you need to involve the people who would contribute to this in
> > > the
> > > release to help smooth out the bugs.
> > >
> > > Instead, now you have released from another location thus confusing
> > > users and developers more. The problem with this is that it is not
> > > pro-community.
> > >
> > > Anyhow, I'm curious what you think and also want to get these things
> > > on
> > > track with the community.
> > >
> > > It is so great that you are rocking these changes and I'm so proud of
> > > what you are doing so I don't want to dismay you, but really I think
> > > the
> > > next release has to be really on track with the community and we
> > > should
> > > coordinate it, push it out through the sourceforge system we have in
> > > place, and push the press release globally.
> > >
> > > Without these procedures, honestly, it is not very likely that others
> > > will help on development nor use your work.
> > >
> > > So, lets talk some more and sort these things out.
> > >
> > > Jon
> > >
> > >
> > > --
> > > Jon Phillips
> > >
> > > San Francisco, CA
> > > USA PH 510.499.0894
> > > jon@...235...
> > > http://www.rejon.org
> > >
> > > MSN, AIM, Yahoo Chat: kidproto
> > > Jabber Chat: rejon@...896...
> > > IRC: rejon@...897...
> > >
> > > Inkscape (http://inkscape.org)
> > > Open Clip Art Library ( www.openclipart.org<http://www.openclipart.org>
> > > )
> > >
> > >
> >
>
17 years, 10 months
[joxeankoret_at_yahoo_dot_es: Bug#330894: inkscape: Arbitrary code execution when opening a malicious file]
by Wolfram Quester
Hi allotogether,
I just received a message at debian's BTS [1] which reports a possible security
flaw in inkscape. It is surely a DOS since here on my PowerBook inkscape
simply crashes saying
wolfi@...453...:/tmp $ inkscape poc.svg
Emergency save activated!
Segmentation fault (core dumped)
I attach the backtrace, which shows that inkscape is rather irritated:
Core was generated by `aaaaaaaaaaaaaaaaa'.
BTW, vim's syntax highlighter has certain toubles when editing this file,
too.
Thanks,
Wolfi
[1] http://bugs.debian.org/330894
----- Forwarded message from Joxean Koret <joxeankoret_at_yahoo_dot_es> -----
Subject: Bug#330894: inkscape: Arbitrary code execution when opening a malicious file
Reply-To: Joxean Koret <joxeankoret_at_yahoo_dot_es>, 330894@...499...
Resent-From: Joxean Koret <joxeankoret_at_yahoo_dot_es>
Resent-To: debian-bugs-dist@...501...
Resent-Cc: Wolfram Quester <wolfi@...111...>
Resent-Date: Fri, 30 Sep 2005 10:48:06 UTC
Resent-Message-ID: <handler.330894.B.11280765119494@...499...>
X-Debian-PR-Message: report 330894
X-Debian-PR-Package: inkscape
X-Debian-PR-Keywords:
From: Joxean Koret <joxeankoret_at_yahoo_dot_es>
To: submit@...499...
Date: Fri, 30 Sep 2005 12:51:04 +0200
Resent-Sender: Debian BTS <debbugs@...499...>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at honk.physik.uni-konstanz.de
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at honk.physik.uni-konstanz.de
Subject: inkscape: Arbitrary code execution opening a file
Package: inkscape
Version: 0.41-4.99.sarge0
Severity: grave
Justification: user security hole
Inkscape is vulnerable to, almost, one buffer overflow that may allow
arbitrary code execution. I contacted the Inkscape team but, at the
moment, there is no patch for the issue.
Attached goes a Proof Of Concept.
NOTE: I think the problem may not be exploitable because you need to
write a shellcode using only valid XML characters.
Regards,
Joxean Koret
-- System Information:
[...snip...]
----- End forwarded message -----
17 years, 11 months
Generating improved EPS/PDFs for transparent bitmaps before PS/PDF supports transparency
by Tom Epperly
I wonder if you've considered an interim solution to generating better
EPS files and PDFs for Inkscape drawings with transparent bitmaps. I
would like to run and idea past you. I am unfamiliar with Inkscape from
a developers perspective, so it may be worthless. In case it's not, here
goes.
If we exclude bitmaps which are rotated or skewed, it seems that one
could use Inkscape's SVG -> bitmap capability (demonstrated by the PNG
export) to resolve the transparency and generate a resolved bitmap that
could be used instead of the original tranparent bitmap when producing
the EPS/PDF. If a transparent bitmap covers the rectangle defined by its
corners (x1, y1) to (x2,y2), you can calculate the dots per inch of the
in the x and y dimension taking into account any scaling applied by the
user. Use Inkscape to render a bitmap of the rectangle (x1,y1) to (x2,
y2) at the maximum of resolution (perhaps min {300, max {x_resolution,
y_resolution}}). Use this bitmap instead of the orignal when creating
the PDF.
Of course, this idea can be improved upon. For example during the bitmap
rendering phase, it would be better to render only the bitmap and
elements below it (i.e., things that could actually appear in the
transparent parts of the bitmap and not things above). If SVG's bitmap
renderer can have different x and y resolutions, match the original
bitmaps x and y resolutions. Alternatively, you could render the bitmap
at a higher resolution to make sure the background elements that show
through the transparent parts appear smooth at reasonable printing
resolutions.
I suppose you could even handle scaled, rotated and skewed bitmaps by
rendering at high resolution a box that includes the whole scaled,
rotated and/or skewed bitmap. Then take the resolved bitmap and undo the
scale, skew and/or rotation to generate an unperturbed bitmap that when
scaled, rotated and/or skewed will produce the contents that the
renderer produced. I am guessing that in 90% of the situations, bitmaps
aren't rotated or skewed, so it may not be worth solving the general
problem.
Well, what do you think? I recently made a poster with a radial gradient
as the background and several logos (tranparent bitmaps) were on top of
the gradient. I ended up exporting as a high resolution PNG, converting
to TIFF and then converting TIFF2PDF. Inkscape looks like a fine program.
Tom
17 years, 11 months
FOP (SVG2PDF)
by Bryce Harrington
This looks like it might be interesting:
http://xmlgraphics.apache.org/fop/
Sounds like it's able to take input from SVG and produce PDF.
If anyone's interested in svg2pdf, this might be worth experimenting
with to see if it's any good. It's available under the Apache license.
Bryce
17 years, 11 months
0.44 goals? (was Re: New Inkscape Goals?)
by Bryce Harrington
I'm working on getting the roadmap up to date for us.
Assuming that we shoot for the usual 2-3 month development cycle for
0.44, what things are people hoping to focus on working on?
Three features that have come up repeatedly in this thread are
interapplication cut/paste, layer dialog, and ps/eps/pdf import
support. Is anyone interested in working on one of those features for
0.44? If we could get progress made on one or two of those features for
the next release I think it would make a good achievement.
Bryce
17 years, 11 months
WEBFORM
by Cory Sytsma
Please note, that the submitter may not read this list
name: Cory Sytsma
email: csytsma@...1013...
submitted the following:
Not sure if this is where I should make this offer, but I just created a Gimp .gpl Pantone PMS swatch. Let me know if you want it to include in future releases. Not sure of the legality, but thought I\'d offer it.
17 years, 11 months
clipartbrowser 0.41
by Greg Steffensen
I'm releasing another version of the clip art browser. Lots of bug fixes,
some performance improvements, code cleanups, and a new installation
procedure (yes, yet another).
Installation is now 3 steps, and hopefully easier than ever:
1) Satisfy the dependencies of Python 2.4 and PyGTK 2.6.
2) Download and run the following script, which installs the python
setuptools:
http://peak.telecommunity.com/dist/ez_setup.py
3) Run "easy_install clipartbrowser"
As you can see, I've switched the installation system from Makefiles to the
python setuptools. The setuptools are still under development (they're
apparently going to be included in python 2.5), and I'm still very much
learning how to use them, so the packaging isn't as polished as it needs to
be, but this makes installation a breeze. Eventually, it should allow
arbitrary python dependencies to be intelligently installed as well using
the same process.
I'm still working on getting this integrated back into the Inkscape effects
menu, that's next on the list. As always, feedback greatly appreciated.
Greg
17 years, 11 months
localization problems
by Arpad Biro
Hi,
After installing Inkscape from current CVS, the following menu
entries appear in English in my (otherwise) localized environment:
_Edit
_View
_Layer
_Object
_Path
_Text
Effects
_Help
File/_New
File/Open _Recent
Help/Tutorials
The rest of the UI appears localized. Could someone please test
this on his localized system?
Arpad Biro
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
17 years, 11 months
Hard Freeze Lifted: insufficient stability
by Peter Moulder
Existing show-stoppers will take sufficient amount of time, and will
involve sufficiently non-trivial bug fixes, that it is more productive
to lift the hard freeze for the moment. However, the feature freeze
remains.
Currently, our best plan for making a release soon involves backing
out (or at least disabling) the following changes:
- SPDesktop C++ification. This transformation was too rushed; has
introduced at least two show-stoppers. Clean-up changes are good,
but should be done cautiously, e.g. by breaking into small changes
that can each be verified with reasonable confidence. The
SPDesktop change has demonstrated itself not to be safe, so we'll
back it out.
- Connectors. Michael is now back from overseas and can work on this,
but its current state (with crashes) isn't releasable.
- menus.xml. Introduces menu localization problem. It has been
useful in allowing ppl to play with the menu layout, but there's
no particular reason for the functionality to be in the released
stable version: it is currently for experimenters rather than
customizers, as the file format still doesn't handle when menu
items get added or removed from the default menu layout (e.g. new
or changed functionality).
Most remaining bugs are either not regressions (so don't present a
reason not to replace 0.42.2);
or are platform-specific (so I can't test whether they're regressions
or not, and we could consider updating inkscape on other platforms in
any case);
or have a priority number lower than about 7 so I've assumed they
aren't show-stoppers. (I forget whether I've looked at all priority-7
bugs or not.)
pjrm.
17 years, 11 months
