Bug#288009: marked as done ([CAN-2005-0508] libbatik-java: new upstream release fixes a security issue and lots of bugs/conformance/performance issues)
Debian Bug Tracking System
owner@bugs.debian.org
Mon Mar 21 08:54:10 2005
Your message dated Mon, 21 Mar 2005 10:17:17 -0500
with message-id <E1DDOeb-00086L-00@newraff.debian.org>
and subject line Bug#288009: fixed in batik 1.5.1-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 31 Dec 2004 17:11:25 +0000
>From pabs@zip.to Fri Dec 31 09:11:25 2004
Return-path: <pabs@zip.to>
Received: from vscan02.westnet.com.au [203.10.1.132]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CkQJA-00076l-00; Fri, 31 Dec 2004 09:11:24 -0800
Received: from localhost (localhost.localdomain [127.0.0.1])
by localhost (Postfix) with ESMTP id 8EF2CC059
for <submit@bugs.debian.org>; Sat, 1 Jan 2005 01:10:51 +0800 (WST)
Received: from vscan02.westnet.com.au ([127.0.0.1])
by localhost (vscan02.westnet.com.au [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 24247-04 for <submit@bugs.debian.org>;
Sat, 1 Jan 2005 01:10:51 +0800 (WST)
Received: from dsl-202-72-168-241.wa.westnet.com.au (dsl-202-72-168-241.wa.westnet.com.au [202.72.168.241])
by vscan02.westnet.com.au (Postfix) with ESMTP id 5B2E9C07A
for <submit@bugs.debian.org>; Sat, 1 Jan 2005 01:10:49 +0800 (WST)
Subject: libbatik-java: new upstream release fixes a security issue and
lots of bugs/conformance/performance issues
From: pabs <pabs@zip.to>
To: Debian Bug Tracking System <submit@bugs.debian.org>
X-Reportbug-Version: 3.5
X-Mutt-Fcc:
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-dlzOKtNNb/3FMr9Yxpxs"
Date: Sat, 01 Jan 2005 01:11:03 +0800
Message-Id: <1104513063.16217.30.camel@localhost>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.3
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_20,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
--=-dlzOKtNNb/3FMr9Yxpxs
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Package: libbatik-java
Version: 1.5final-3
Severity: wishlist
New upstream release 1.5.1 is available. Change Log reproduced below. I
was unable to find a CVE for the security issue.
Change Log
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
The following log records some of the most important changes.
Bug fixing is an on-going task, so it is implied in all sub-releases.
1.5 -> 1.5.1
------------
1. Security:
A script security issue was reported in the Batik Squiggle
browser. Squiggle uses the Rhino scripting engine and some features
of that engine can be leveraged by malicious scripts to gain access
to otherwise protected resources (like the file system).
The Batik team has worked with the Rhino team to fix the isssue
that was reported and the Batik 1.5.1 patch release addresses the=20
issue.
2. Features:
Rhino JavaScript Debugger now integrated with Squiggle.
Better line numbers in error messages.
Zachary DelProposto's Scroll pane class is added. Allows for
scrollbars on SVG documents.
Cool solitaire examples in SVG.
3. Performance fixes:
Parents who have children added/removed no longer invalidate
their entire area.
When a element is removed or CSS properties changed all next
siblings are not repainted unless CSS rules change them.
First event dispatch is much quicker than the past.
Switched to Xerces 2.5.0 to improve performance of data protocol.
Changes to paint properties on text is now _much_ faster.
When using many objects from an external file the file will only
be loaded/parsed once.
Modifying x/y and some viewBox changes on SVG elements is now much
faster.
Better JPEG embedding in PDF.
4. Conformance:
Batik now passes all non SMIL-Animation tests from the SVG Working
Group beSuite.
@font-face CSS property and font-face elements are now compliant
with SVG specification.
Changes to the 'class' attribute now update rendering tree
correctly.
selectSubString now implemented.
Dynamic modification of display, and marker properties supported.
SVG 'a' element respects 'preventDefault' on event object.
Pattern element no longer applies object bounding box transform
if viewBox is specified.
5. Bugs:
Fullscreen mode (F11) works again.
getExtentOfChar() returns bbox in text elements coordinate system.
SVGPoint now supports matrixTransform in more cases
clientX/Y now correct when target is a text element.
Bugfix in parsing some TrueType fonts fixed.
Now applies the 'all' media type to all content.
Image transcoders default to 400x400 rather than issuing an error
(consistent with viewer).
The properties opacity/filter/masking/pointer-events now work
on SVG elements.
Clearing text selection now works
Zero width/height image elements now work properly.
BBox info is correct for zero width/height items.
Fills/strokes text when text-rendering is set to geometricPrecision
rather than using drawGlyphVector.
getCssText() returns the relative version of URI's
SVG Graphics2D outputs correct rendering hints for text.
TextNodes returns the correct bounds.
Proper text child set as 'target' of events.
Events handled correctly for documents that reference the same
image multiple times.
Image are displayed as 'broken links' instead of being an error.
FeColorMatrix now respects color-interpolation-filters property.
elem.style.setProperty now works for shorthand properties.
Fixed race condition in JSVGComponent.set[SVG]Document.
Fixed several memory leaks dealing with use element.
Glyph element's 'd' attribute uses inherited winding-rule.
SVG 'style' element no longer generates multiple 'xml:space' attrs.
SAXDocumentFactory now generates only one CData node for each
CData section in source document.
Memory leak with addEventListener and objects that ref event target fixe=
d.
Click events now allow a small amount of 'slop'.
Fixed bug in rendering with Double Buffering.
Clicking on the Canvas no longer clears the system clipboard.
No longer recascades elements in use tree from foreign documents
Now supports CSS properties with the max negative 32bit int value
Now supports more JPEG image types.
No longer throws a Class Cast exception when using named colors
as the fallback for icc-colors
clearTimeout, clearInterval no longer throw exceptions for null
objects.
clipPath now respects clip-rule when using 'use' element.
Bug PRs: 12536, 23030, 23038, 23079, 23177, 24919, 25251, 25463
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (990, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-1-k7
Locale: LANG=3Den_AU.UTF-8, LC_CTYPE=3Den_AU.UTF-8 (charmap=3DUTF-8)
Versions of packages libbatik-java depends on:
ii blackdown-j2re1.4debian [ja 0.17 Debian specific parts of Java(=
TM)=20
ii java-common 0.22 Base of all Java packages
ii libbsf-java 1:2.3.0rc1-2 Bean Scripting Framework to su=
ppor
ii libxalan2-java 2.6.0-1 XSL Transformations (XSLT) pro=
cess
-- no debconf information
--=20
Bye,
Pabs
--=-dlzOKtNNb/3FMr9Yxpxs
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD4DBQBB1Ygm5Sc9mGvjxCMRAt2WAKDOGRh/NZibPLi+8mDhw4MnJb62JgCYljfC
lJe1Omx6S6wCZ5Z2HkT87g==
=UL1R
-----END PGP SIGNATURE-----
--=-dlzOKtNNb/3FMr9Yxpxs--
---------------------------------------
Received: (at 288009-close) by bugs.debian.org; 21 Mar 2005 15:23:08 +0000
>From katie@ftp-master.debian.org Mon Mar 21 07:23:08 2005
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DDOkG-0003ac-00; Mon, 21 Mar 2005 07:23:08 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DDOeb-00086L-00; Mon, 21 Mar 2005 10:17:17 -0500
From: Wolfgang Baer <WBaer@gmx.de>
To: 288009-close@bugs.debian.org
X-Katie: $Revision: 1.55 $
Subject: Bug#288009: fixed in batik 1.5.1-1
Message-Id: <E1DDOeb-00086L-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Mon, 21 Mar 2005 10:17:17 -0500
Delivered-To: 288009-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: batik
Source-Version: 1.5.1-1
We believe that the bug you reported is fixed in the latest version of
batik, which is due to be installed in the Debian FTP archive:
batik_1.5.1-1.diff.gz
to pool/contrib/b/batik/batik_1.5.1-1.diff.gz
batik_1.5.1-1.dsc
to pool/contrib/b/batik/batik_1.5.1-1.dsc
batik_1.5.1.orig.tar.gz
to pool/contrib/b/batik/batik_1.5.1.orig.tar.gz
libbatik-java_1.5.1-1_all.deb
to pool/contrib/b/batik/libbatik-java_1.5.1-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 288009@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Wolfgang Baer <WBaer@gmx.de> (supplier of updated batik package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 6 Mar 2005 20:30:08 +0100
Source: batik
Binary: libbatik-java
Architecture: source all
Version: 1.5.1-1
Distribution: unstable
Urgency: low
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Wolfgang Baer <WBaer@gmx.de>
Description:
libbatik-java - xml.apache.org SVG Library
Closes: 288009
Changes:
batik (1.5.1-1) unstable; urgency=low
.
* New upstream release - security fix [CAN-2005-0508] (closes: #288009)
* Added rhino as build dependency
* Added rhino to Suggests
* Switched to jdk modern compiler because jikes fails
* Updated README.Debian explaining why built with non-free jdk
* Updated standards version to 3.6.1 - no changes
* avdyk: I added Wolfgang to the uploaders
Files:
ba1dd03a66550b180c22d13476a74eba 885 contrib/libs optional batik_1.5.1-1.dsc
eab467e1ad8eb71ef19e6bad17211fb1 4847893 contrib/libs optional batik_1.5.1.orig.tar.gz
e82fdbdca5323b0e5e2751c20bc85c1e 3392 contrib/libs optional batik_1.5.1-1.diff.gz
310c5d4a4214ddf3d8de9cf12c207aa9 4318692 contrib/libs optional libbatik-java_1.5.1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCPuLq4vzFZu62tMIRAvoHAJ0Zety+v71KMJ0YxGy6h/Ym6j+K/gCggKnG
47rpDjHTb/Sk+jRR+lxzdnU=
=dSBj
-----END PGP SIGNATURE-----