Bug#288009: libbatik-java: new upstream release fixes a security issue and lots of bugs/conformance/performance issues

[pabs]

--=-dlzOKtNNb/3FMr9Yxpxs
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Package: libbatik-java
Version: 1.5final-3
Severity: wishlist

New upstream release 1.5.1 is available. Change Log reproduced below. I
was unable to find a CVE for the security issue.

Change Log
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

The following log records some of the most important changes.
Bug fixing is an on-going task, so it is implied in all sub-releases.

1.5 -> 1.5.1
------------
1. Security:

   A script security issue was reported in the Batik Squiggle
   browser. Squiggle uses the Rhino scripting engine and some features
   of that engine can be leveraged by malicious scripts to gain access
   to otherwise protected resources (like the file system).

   The Batik team has worked with the Rhino team to fix the isssue
   that was reported and the Batik 1.5.1 patch release addresses the=20
   issue.

2. Features:

   Rhino JavaScript Debugger now integrated with Squiggle.
   Better line numbers in error messages.
   Zachary DelProposto's Scroll pane class is added.  Allows for
      scrollbars on SVG documents.
   Cool solitaire examples in SVG.

3. Performance fixes:

   Parents who have children added/removed no longer invalidate
      their entire area.
   When a element is removed or CSS properties changed all next
      siblings are not repainted unless CSS rules change them.
   First event dispatch is much quicker than the past.
   Switched to Xerces 2.5.0 to improve performance of data protocol.
   Changes to paint properties on text is now _much_ faster.
   When using many objects from an external file the file will only
     be loaded/parsed once.
   Modifying x/y and some viewBox changes on SVG elements is now much
     faster.
   Better JPEG embedding in PDF.

4. Conformance:
   Batik now passes all non SMIL-Animation tests from the SVG Working
     Group beSuite.

   @font-face CSS property and font-face elements are now compliant
     with SVG specification.

   Changes to the 'class' attribute now update rendering tree
     correctly.

   selectSubString now implemented.

   Dynamic modification of display, and marker properties supported.
   SVG 'a' element respects 'preventDefault' on event object.
   Pattern element no longer applies object bounding box transform
      if viewBox is specified.

5. Bugs:

   Fullscreen mode (F11) works again.
   getExtentOfChar() returns bbox in text elements coordinate system.
   SVGPoint now supports matrixTransform in more cases
   clientX/Y now correct when target is a text element.
   Bugfix in parsing some TrueType fonts fixed.
   Now applies the 'all' media type to all content.
   Image transcoders default to 400x400 rather than issuing an error
     (consistent with viewer).
   The properties opacity/filter/masking/pointer-events now work
      on SVG elements.
   Clearing text selection now works
   Zero width/height image elements now work properly.
   BBox info is correct for zero width/height items.
   Fills/strokes text when text-rendering is set to geometricPrecision
      rather than using drawGlyphVector.
   getCssText() returns the relative version of URI's
   SVG Graphics2D outputs correct rendering hints for text.
   TextNodes returns the correct bounds.
   Proper text child set as 'target' of events.
   Events handled correctly for documents that reference the same
      image multiple times.
   Image are displayed as 'broken links' instead of being an error.
   FeColorMatrix now respects color-interpolation-filters property.
   elem.style.setProperty now works for shorthand properties.
   Fixed race condition in JSVGComponent.set[SVG]Document.
   Fixed several memory leaks dealing with use element.
   Glyph element's 'd' attribute uses inherited winding-rule.
   SVG 'style' element no longer generates multiple 'xml:space' attrs.
   SAXDocumentFactory now generates only one CData node for each
     CData section in source document.
   Memory leak with addEventListener and objects that ref event target fixe=
d.
   Click events now allow a small amount of 'slop'.
   Fixed bug in rendering with Double Buffering.
   Clicking on the Canvas no longer clears the system clipboard.
   No longer recascades elements in use tree from foreign documents
   Now supports CSS properties with the max negative 32bit int value
   Now supports more JPEG image types.
   No longer throws a Class Cast exception when using named colors
     as the fallback for icc-colors
   clearTimeout, clearInterval no longer throw exceptions for null
     objects.
   clipPath now respects clip-rule when using 'use' element.

  Bug PRs: 12536, 23030, 23038, 23079, 23177, 24919, 25251, 25463



-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (990, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-1-k7
Locale: LANG=3Den_AU.UTF-8, LC_CTYPE=3Den_AU.UTF-8 (charmap=3DUTF-8)

Versions of packages libbatik-java depends on:
ii  blackdown-j2re1.4debian [ja 0.17         Debian specific parts of Java(=
TM)=20
ii  java-common                 0.22         Base of all Java packages
ii  libbsf-java                 1:2.3.0rc1-2 Bean Scripting Framework to su=
ppor
ii  libxalan2-java              2.6.0-1      XSL Transformations (XSLT) pro=
cess

-- no debconf information

--=20
Bye,
Pabs

--=-dlzOKtNNb/3FMr9Yxpxs
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD4DBQBB1Ygm5Sc9mGvjxCMRAt2WAKDOGRh/NZibPLi+8mDhw4MnJb62JgCYljfC
lJe1Omx6S6wCZ5Z2HkT87g==
=UL1R
-----END PGP SIGNATURE-----

--=-dlzOKtNNb/3FMr9Yxpxs--