September 2005 - Inkscape Devel

win32 build working again
by Bob Jamison 08 Apr '24

08 Apr '24

The win32 build, which was broken for the weekend, is working again. I just made a "manual autobuild" again, so that we can see how it looks on Windows: http://troi.titan-aeu.com/~rjamison/inkscape/builds/ Bob

2 1

Re: [Clipart] clipartbrowser 0.41
by Greg Steffensen 31 Oct '05

31 Oct '05

Ok, the clipartbrowser cvs module is now synched up again with the latest tarballs, and the cannonical download location for releases is now http://www.python.org/pypi/clipartbrowser (it used to be on Berlios). If you download a release (they work better than ever :), install using "python setup.py install" (assuming you have the dependencies met). The "easy_install" method mentioned earlier works too. Greg On 9/20/05, Greg Steffensen <greg.steffensen@...400...> wrote: > > I didn't explain the technical situtation with the install method very > well. Basically, if I write a file "setup.py" that defines certain > information, users should be able to execute "python setup.py install" to > install the program correctly, and I should be able to execute commands > "python setup.py bdist_win" to create actual win32 EXE files containing > pretty automated installer GUIs. In addition, users will be able to install > the way I described in the release email as well. In general, setup.pyuses the "setuptools" which are the successor to the "distutils", which is > the distribution/installation tools included with python. I'm still not > certain whether I should use the setuptools or the older distutils, and am > figuring stuff like that out, but they're both supposed to be the > python-friendly replacement for Makefiles, and I'm trying to reorganize the > code to do stuff the "correct" way. > > Greg > > On 9/20/05, Greg Steffensen <greg.steffensen@...400...> wrote: > > > > Hey, yeah, this is kinda what I was referring when I said that the > > packaging isn't as polished as it needs to be. For what its worth, most of > > the changes (bug fixes, performance improvements) actually are committed to > > CVS; I just didn't commit commit the change in the install method simply > > because I was having trouble figuring out how to get files like COPYING, > > NEWS, etc. included using that method, and I didn't want to put a totally > > messed up version into CVS. Basically, I actually really released more on a > > whim, not because I'd worked everything out, but because I'd gone too long > > without releasing code, wanted people to know that work was ongoing. So, at > > a minimum, I should have indicated that this was definitely a development > > release. > > > > So, solutions... in terms of where formal releases (formal tarballs) > > should go, I actually think the python package index is definitely the > > correct place... its now the "official" place where the python folk > > reccomend that python projects be listed, and it will offer a number of > > technical advantages, including publication of new releases, and > > installation automation. I'm very happy keeping CVS at Inkscape though (not > > that PyPI offers CVS anyway), and treating the code as a subproject of > > Inkscape. But as long as it offers the ability to be installed standalone as > > well, I'd like to make standalone tarballs available from PyPI. In general, > > I'm learning more about python, and am trying to make my practices for > > installation, etc. match accepted practice. > > > > I'll try to get CVS synched up with the current state of the project > > very soon; I'm still having some trouble with the python installation tools, > > and have sent an email to their mailing list for advice, but haven't heard > > back yet. Once I know how to get the documentation files included, and where > > to put the main install file (setup.py), I'll get that committed and CVS > > will contain the official version of the code gain. Again, I would have > > waited until this was done to release, but just felt bad about having gone > > too long without releasing already, and was overeager to get something out. > > > > Anyway, does this cover the stuff you were concerned about? If not, let > > me know. Also, you may recall that someone posted a link to a mockup for a > > very similar project that they'd found, and I replied that this was "very > > depressing" :). I used that mockup to develop version 0.4, and emailed > > the designer (as the community suggested); he's finally written me back, and > > said he's interested in contributing, which rocks. Later, > > > > Greg > > > > > > On 9/19/05, Jon Phillips <jon@...235...> wrote: > > > > > > <offlist /> > > > > > > On Mon, 2005-09-19 at 05:20 -0400, Greg Steffensen wrote: > > > > I'm releasing another version of the clip art browser. Lots of bug > > > > fixes, some performance improvements, code cleanups, and a new > > > > installation procedure (yes, yet another). > > > > > > > > Installation is now 3 steps, and hopefully easier than ever: > > > > > > > > 1) Satisfy the dependencies of Python 2.4 and PyGTK 2.6. > > > > > > > > 2) Download and run the following script, which installs the python > > > > setuptools: > > > > > > > > http://peak.telecommunity.com/dist/ez_setup.py > > > > > > > > 3) Run "easy_install clipartbrowser" > > > > > > > > As you can see, I've switched the installation system from Makefiles > > > > > > > to the python setuptools. The setuptools are still under development > > > > (they're apparently going to be included in python 2.5), and I'm > > > still > > > > very much learning how to use them, so the packaging isn't as > > > polished > > > > as it needs to be, but this makes installation a breeze. Eventually, > > > > it should allow arbitrary python dependencies to be intelligently > > > > installed as well using the same process. > > > > > > > > I'm still working on getting this integrated back into the Inkscape > > > > effects menu, that's next on the list. As always, feedback greatly > > > > appreciated. > > > > > > > Greg, > > > > > > I thought we were going to do the next release from Inkscape CVS? What > > > you have done is a non-standard release of the project now that we > > > consolidated the code into Inkscape. > > > > > > Also, you have now used a non-standard approach to packaging which > > > then > > > again breaks what users and developers are use to. > > > > > > The major thing though is that we were going to do a solid release > > > which > > > means you need to involve the people who would contribute to this in > > > the > > > release to help smooth out the bugs. > > > > > > Instead, now you have released from another location thus confusing > > > users and developers more. The problem with this is that it is not > > > pro-community. > > > > > > Anyhow, I'm curious what you think and also want to get these things > > > on > > > track with the community. > > > > > > It is so great that you are rocking these changes and I'm so proud of > > > what you are doing so I don't want to dismay you, but really I think > > > the > > > next release has to be really on track with the community and we > > > should > > > coordinate it, push it out through the sourceforge system we have in > > > place, and push the press release globally. > > > > > > Without these procedures, honestly, it is not very likely that others > > > will help on development nor use your work. > > > > > > So, lets talk some more and sort these things out. > > > > > > Jon > > > > > > > > > -- > > > Jon Phillips > > > > > > San Francisco, CA > > > USA PH 510.499.0894 > > > jon@...235... > > > http://www.rejon.org > > > > > > MSN, AIM, Yahoo Chat: kidproto > > > Jabber Chat: rejon@...896... > > > IRC: rejon@...897... > > > > > > Inkscape (http://inkscape.org) > > > Open Clip Art Library ( www.openclipart.org<http://www.openclipart.org> > > > ) > > > > > > > > >

5 8

[joxeankoret_at_yahoo_dot_es: Bug#330894: inkscape: Arbitrary code execution when opening a malicious file]
by Wolfram Quester 17 Oct '05

17 Oct '05

Hi allotogether, I just received a message at debian's BTS [1] which reports a possible security flaw in inkscape. It is surely a DOS since here on my PowerBook inkscape simply crashes saying wolfi@...453...:/tmp $ inkscape poc.svg Emergency save activated! Segmentation fault (core dumped) I attach the backtrace, which shows that inkscape is rather irritated: Core was generated by `aaaaaaaaaaaaaaaaa'. BTW, vim's syntax highlighter has certain toubles when editing this file, too. Thanks, Wolfi [1] http://bugs.debian.org/330894 ----- Forwarded message from Joxean Koret <joxeankoret_at_yahoo_dot_es> ----- Subject: Bug#330894: inkscape: Arbitrary code execution when opening a malicious file Reply-To: Joxean Koret <joxeankoret_at_yahoo_dot_es>, 330894@...499... Resent-From: Joxean Koret <joxeankoret_at_yahoo_dot_es> Resent-To: debian-bugs-dist@...501... Resent-Cc: Wolfram Quester <wolfi@...111...> Resent-Date: Fri, 30 Sep 2005 10:48:06 UTC Resent-Message-ID: <handler.330894.B.11280765119494@...499...> X-Debian-PR-Message: report 330894 X-Debian-PR-Package: inkscape X-Debian-PR-Keywords: From: Joxean Koret <joxeankoret_at_yahoo_dot_es> To: submit@...499... Date: Fri, 30 Sep 2005 12:51:04 +0200 Resent-Sender: Debian BTS <debbugs@...499...> X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at honk.physik.uni-konstanz.de X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at honk.physik.uni-konstanz.de Subject: inkscape: Arbitrary code execution opening a file Package: inkscape Version: 0.41-4.99.sarge0 Severity: grave Justification: user security hole Inkscape is vulnerable to, almost, one buffer overflow that may allow arbitrary code execution. I contacted the Inkscape team but, at the moment, there is no patch for the issue. Attached goes a Proof Of Concept. NOTE: I think the problem may not be exploitable because you need to write a shellcode using only valid XML characters. Regards, Joxean Koret -- System Information: [...snip...] ----- End forwarded message -----

5 7

Generating improved EPS/PDFs for transparent bitmaps before PS/PDF supports transparency
by Tom Epperly 06 Oct '05

06 Oct '05

I wonder if you've considered an interim solution to generating better EPS files and PDFs for Inkscape drawings with transparent bitmaps. I would like to run and idea past you. I am unfamiliar with Inkscape from a developers perspective, so it may be worthless. In case it's not, here goes. If we exclude bitmaps which are rotated or skewed, it seems that one could use Inkscape's SVG -> bitmap capability (demonstrated by the PNG export) to resolve the transparency and generate a resolved bitmap that could be used instead of the original tranparent bitmap when producing the EPS/PDF. If a transparent bitmap covers the rectangle defined by its corners (x1, y1) to (x2,y2), you can calculate the dots per inch of the in the x and y dimension taking into account any scaling applied by the user. Use Inkscape to render a bitmap of the rectangle (x1,y1) to (x2, y2) at the maximum of resolution (perhaps min {300, max {x_resolution, y_resolution}}). Use this bitmap instead of the orignal when creating the PDF. Of course, this idea can be improved upon. For example during the bitmap rendering phase, it would be better to render only the bitmap and elements below it (i.e., things that could actually appear in the transparent parts of the bitmap and not things above). If SVG's bitmap renderer can have different x and y resolutions, match the original bitmaps x and y resolutions. Alternatively, you could render the bitmap at a higher resolution to make sure the background elements that show through the transparent parts appear smooth at reasonable printing resolutions. I suppose you could even handle scaled, rotated and skewed bitmaps by rendering at high resolution a box that includes the whole scaled, rotated and/or skewed bitmap. Then take the resolved bitmap and undo the scale, skew and/or rotation to generate an unperturbed bitmap that when scaled, rotated and/or skewed will produce the contents that the renderer produced. I am guessing that in 90% of the situations, bitmaps aren't rotated or skewed, so it may not be worth solving the general problem. Well, what do you think? I recently made a poster with a radial gradient as the background and several logos (tranparent bitmaps) were on top of the gradient. I ended up exporting as a high resolution PNG, converting to TIFF and then converting TIFF2PDF. Inkscape looks like a fine program. Tom

6 9

FOP (SVG2PDF)
by Bryce Harrington 05 Oct '05

05 Oct '05

This looks like it might be interesting: http://xmlgraphics.apache.org/fop/ Sounds like it's able to take input from SVG and produce PDF. If anyone's interested in svg2pdf, this might be worth experimenting with to see if it's any good. It's available under the Apache license. Bryce

11 32

0.44 goals? (was Re: New Inkscape Goals?)
by Bryce Harrington 03 Oct '05

03 Oct '05

I'm working on getting the roadmap up to date for us. Assuming that we shoot for the usual 2-3 month development cycle for 0.44, what things are people hoping to focus on working on? Three features that have come up repeatedly in this thread are interapplication cut/paste, layer dialog, and ps/eps/pdf import support. Is anyone interested in working on one of those features for 0.44? If we could get progress made on one or two of those features for the next release I think it would make a good achievement. Bryce

3 4

WEBFORM
by Cory Sytsma 02 Oct '05

02 Oct '05

Please note, that the submitter may not read this list name: Cory Sytsma email: csytsma@...1013... submitted the following: Not sure if this is where I should make this offer, but I just created a Gimp .gpl Pantone PMS swatch. Let me know if you want it to include in future releases. Not sure of the legality, but thought I\'d offer it.

6 7

clipartbrowser 0.41
by Greg Steffensen 02 Oct '05

02 Oct '05

I'm releasing another version of the clip art browser. Lots of bug fixes, some performance improvements, code cleanups, and a new installation procedure (yes, yet another). Installation is now 3 steps, and hopefully easier than ever: 1) Satisfy the dependencies of Python 2.4 and PyGTK 2.6. 2) Download and run the following script, which installs the python setuptools: http://peak.telecommunity.com/dist/ez_setup.py 3) Run "easy_install clipartbrowser" As you can see, I've switched the installation system from Makefiles to the python setuptools. The setuptools are still under development (they're apparently going to be included in python 2.5), and I'm still very much learning how to use them, so the packaging isn't as polished as it needs to be, but this makes installation a breeze. Eventually, it should allow arbitrary python dependencies to be intelligently installed as well using the same process. I'm still working on getting this integrated back into the Inkscape effects menu, that's next on the list. As always, feedback greatly appreciated. Greg

2 1

localization problems
by Arpad Biro 01 Oct '05

01 Oct '05

Hi, After installing Inkscape from current CVS, the following menu entries appear in English in my (otherwise) localized environment: _Edit _View _Layer _Object _Path _Text Effects _Help File/_New File/Open _Recent Help/Tutorials The rest of the UI appears localized. Could someone please test this on his localized system? Arpad Biro __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com

8 16

In the press
by Nicu Buculei 01 Oct '05

01 Oct '05

Do you remember some week ago when an editor requested screenshots for a Romanian computer magazine? I just saw it in the stands and purchased one: http://nicubunu.blogspot.com/2005/09/inkscape-in-press-mylinux.html -- nicu

12 23