http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3340
"The vulnerability is caused due to temporary files being created insecurely
in the "/tmp" directory by the tuxpaint-import.sh script. This can be exploited
via symlink attacks to create or overwrite arbitrary files with the privileges
of the user running the affected script."
Bump to nb6.
2004.September.28 (0.9.14)
* New Features:
-------------
* Added support for immutable "starter" images, which are installed
globally with Tux Paint, and provide a starting canvas for images.
A PNG file with alpha is continuously drawn over whatever changes are
made to the current drawing. For example, a black outline of a cartoon
character could be made, to simulate a coloring book.
(See 'jetplane.png')
A second PNG file can be supplied which will be drawn on the normal
part of the canvas (where a new picture would normally be all-white),
allowing for simulated depth. Drawing and magic tools all mutilate the
background, as it's part of the normal canvas. However, when editing
a picture based on a 'starter' with a background layer, the eraser will
bring back the background image. In a sense, it's like having a photo
on the bottom, a clear sheet to draw on in the middle, and a clear sheet
with some more photo (which you can't draw on) on top.
(See 'reef.png' and 'reef-back.jpg')
* Added lockfile support, to prevent Tux Paint from being launched more
than once every 30 seconds. (Disable with "--nolockfile" command-line
argument.) Thanks to Darci Lindgren for suggestion the feature, and
Mark K. Kim for suggesting it be time-based.
(Lockfile is "lockfile.dat" in "~/.tuxpaint/" on Linux/Unix, and
"userdata\" on Windows.)
* Added "--nosave" option (suggested by Adam Moore).
* Updated Features:
-----------------
* Added some more brushes.
Jeremie Zimmermann <txptdv@tofz.org>
* Multiple sizes of erasers are present.
(Compile-time #defines can be used to determine how many sizes are
available, and their minimum and (approx.) maximum sizes.)
Note: Erasers are still square. Sorry!
* Fixed tinting of low-saturation stamps.
Addded 'notintgray' option.
Karl Ove Hufthammer <karl@huftis.org>
* Made sure shape tool never made a tiny shape.
(Should hint users that they should click-and-drag.)
* Made some colors more unique, so that they affected stamps better.
(e.g., purple and magenta used to look the same when used to tint a stamp)
Karl Ove Hufthammer <karl@huftis.org>
* Made current image the selected image on Open screen, if applicable.
* Now prompts to confirm before printing.
* New translations:
-----------------
* Afrikaans translation created.
Petri Jooste <rkwjpj@puk.ac.za>
* Belarusian translation created.
Eugene Zelenko <greendeath@mail.ru>
* Breton translation created.
Korvigellou An Drouizig (Philippe) <drouizig@drouizig.org>
* Bulgarian translation created.
Martin Zhekov <mjekov@bginfo.net>
* Croatian translation created.
Nedjeljko Jedvaj <jedvaj.nedeljko@lexunit.com>
* Hindi translation created.
Ankit Malik <greatestankit@yahoo.co.in>
* Italian documentation translation.
Flavio Pastor <flavio.pastore@zonaitalia.it>
* Klingon (Romanized) translation started.
Bill Kendrick <bill@newbreedsoftware.com>
* Korean README.txt documentation added, in both EUC-KR and UTF-8 formats.
Mark K. Kim <tuxNO_SOLICITATIONpaint-dev@cbreak.org>
* Serbian translation created.
Aleksandar Jelenak <jelenak@netlinkplus.net>
* Slovenian translation created.
Urska Colner <urska.colner@agenda.si>,
Ines Kovacevic <ines@agenda.si>
* Traditional Chinese translation created.
Song Huang <Song@ossacc.org>
* Vietnamese translation created. (Simple version)
Le Quang Phan <lqphan@hn.vnn.vn>
* Welsh translation created.
Kevin Donnelly <kevin@dotmon.com>
* Updated translations:
---------------------
* Updated Basque translation.
Juan Irigoien <juanirigoien@irakasle.net>
* Updated Brazilian Portuguese translation.
Daniel Jose Viana <danjovic@vespanet.com.br>
* Updated British English translation.
Gareth Owen <gowen72@yahoo.com>
* Updated Catalan translation.
Pere Pujal Carabantes <ppujal@airtel.net>
* Updated Danish translation.
Mogens Jæger <mogensjaeger@get2net.dk>
* Updated Dutch translation.
Geert Stams <geertstams@wanadoo.nl>
* Updated Finnish translation.
Tarmo Toikkanen <tarmo.toikkanen@iki.fi>
* Updated French translation.
Jacques Chion <Jacques.Chion@wanadoo.fr>
* Updated German translation.
Roland Illig <roland.illig@gmx.de>
* Updated Hungarian translation.
Török Gábor <gabo@linuxportal.hu>
* Updated Icelandic translation.
Pjetur G. Hjaltason <pjetur@pjetur.net>
* Updated Indonesian translation.
Tedi Heriyanto <tedi_h@gmx.net>
* Updated Italian translation.
Flavio Pastor <flavio.pastore@zonaitalia.it>
* Updated Japanese translation.
TOYAMA Shin-ichi <shin1@wmail.plala.or.jp>
* Updated Korean translation.
Mark K. Kim <tuxNO_SOLICITATIONpaint-dev@cbreak.org>
* Updated Malay translation.
Muhammad Najmi Ahmad Zabidi <mnajem@linuxmail.org>
* Updated Norwegian Bokmal translation.
Karl Ove Hufthammer <karl@huftis.org>
* Updated Norwegian Nynorsk translation.
Karl Ove Hufthammer <karl@huftis.org>
* Updated Portuguese (Portugal) translation.
Ricardo Cruz <rick2@aeiu.pt>
* Updated Simplified Chinese translation.
Wang Jian <lark@linux.net.cn>
* Updated Slovakian translation.
Andrej Kacian <andrej@kacian.sk>
* Updated Spanish translation.
Gabriel Gazzán <ggabriel@internet.com.uy>
* Updated Tamil translation.
Muguntharaj <mugunth@thamizha.com>
* Updated Turkish translation.
Doruk Fisek <dfisek@fisek.com.tr>
* Updated Walloon language translation.
Pablo Saratxaga <pablo@walon.org>
* Localization clean-ups:
-----------------------
* Removed all non-UTF-8 related character handling code,
including HTML character entity reference support.
(All stamps are now in UTF-8, with scripts to convert
to and from PO files.)
Karl Ove Hufthammer <karl@huftis.org>
* Updated punctuation in many text strings.
Karl Ove Hufthammer <karl@huftis.org>
* Added "--lang simplified-chinese" option (same as "--lang chinese").
Simplified also now looks for "zh_cn.ttf" font, as "zh.ttf"
was too ambiguous. (For backwards-compatibility, it checks for
"zh.ttf" if "zh_cn.ttf" is missing, though.)
Bill Kendrick <bill@newbreedsoftware.com>,
John Popplewell <john@johnnypops.demon.co.uk>
* Cleaned up translation and font code.
Karl Ove Hufthammer <karl@huftis.org>
* Language option now sets "LANGUAGE" environment variable
(along with LC_ALL and LANG).
* Initial work to get proper uppercase support in languages other
than English.
* Added reference to "--lang help" to documentation.
* Documentation updates:
----------------------
* README (docs/html/README.html and docs/README.txt) has been pared down
and made more friendly. Mention of other doc. files are now hyperlinked.
* Documentation regarding configuration file and command-line options
have been moved into a separate OPTIONS document (docs/html/OPTIONS.html
and docs/OPTIONS.txt), since Tux Paint Config. now exists to simplify
changing settings.
* Porting and packaging updates:
------------------------------
* Added startup display mode and resolution options to the Windows
installer.
John Popplewell <john@johnnypops.demon.co.uk>
* Visual Studio build system included in CVS and source release
('visualc' folder)
John Popplewell <john@johnnypops.demon.co.uk>
* Updated Makefile for easier install.
Mark K. Kim <tuxNO_SOLICITATIONpaint-dev@cbreak.org>
* Cleaned up desktop entry file.
Karl Ove Hufthammer <karl@huftis.org>
* Made sure KDE icon directories exist before trying to copy files to them.
* Created 16x16 mouse pointer shapes; use "MOUSEDIR" and "CURSOR_SHAPES"
Makefile variables to use them.
* Application icon updates:
-------------------------
* SVG (Scalable Vector Graphics) icon created.
Karl Ove Hufthammer <karl@huftis.org>
* Added 22x22, 64x64, 96x96, 128x128 and 192x192 icons, based on SVG icon.
Karl Ove Hufthammer <karl@huftis.org>
* Improved Windows icon, based on SVG icon.
Karl Ove Hufthammer <karl@huftis.org>
* Bug fixes:
----------
* Fixed "--noprint=yes" not working under Windows and BeOS.
Thanks to Adam Moore for pointing out this bug!
Bill Kendrick & Mark K. Kim
* Fixed crash bug when translated text ends in a space.
Mark K. Kim & John Popplewell
* Fixed security issue with permissions to Tux Paint docs directory.
Mark K. Kim <tuxNO_SOLICITATIONpaint-dev@cbreak.org>
* Fixed 'savedir' bug. (Was dropping filenames)
* Removed redundant '--wheelmouse...' listing from "--usage" output.
* Fixed crash bug when switching from different tools with scrolling
collections, and then scrolling.
Thanks to Kevin Jarrett for the report, and John Popplewell for a
replicable way of crashing it.
* Misc. Updates:
--------------
* Keywords ("Title" and "Software") now written into PNGs.
* Changed default UI font to "FreeSans.ttf"
* Included Tux stamps so that the stamp tool works by default
* Lots of translation-related fixes
* Added "--noshortcuts" option, to disable keyboard shortcuts
* Cursor doesn't change to 'hand' shape over selector buttons when
they aren't available.
* Cursor doesn't change to 'hand' shape over color buttons when colors
aren't available
* Added --lang, which allows a language to be specified on the command line
* Added "--nostampcontrols", "--mirrorstamps" and their opposite options
2003.Aug.18 (0.9.12)
* Replaced "efont-serif" fonts with those from the 'ttf-freefont' package,
for better support of ISO8859-13 symbols (e.g., for Lithuanian).
Fonts copyright the Free Software Foundation.
Thanks to Mantas Kriauciunas for the tip.
* Made main event loop ignore motion events if the loop has spun too long.
(Fixes problems where shape or stamp tools take forver to 'catch up' with
the mouse; especially noticable on slow machines over remote X display.)
* Walloon translation.
Pablo Saratxaga
* Translated to Russian
Dmitriy Ivanov
* Translated to Malay
Muhammad Najmi Ahmad Zabidi
* French translation update.
Jacques Chion
* Chinese translation update.
Wang Jian
* If gnome-config is not found, it doesn't necessarily mean Gnome isn't being
used! Makefile will now fall-back and assume $GNOME_PREFIX should be /usr,
so that the launcher icon gets installed into the Gnome menu.
* Added some "#error" directives to give verbose output regarding missing
library header files. (Typical cause of this symptom is forgetting to
install dev. packages; e.g., installed "SDL.rpm", but not "SDL-dev.rpm")
* Fixed Mac OS X #include typo.
Darrell Walisser
* Fixed bug where non-translated stamp description text would get drawn
right-to-left after the kudos text (e.g., "Great!") goes away.
Thanks to Itai
* Added call to close iconv when quitting.
John Popplewell
Darrell Walisser
* Removed static "MAX_FILES" limit; now mallocs space for file info.
structures. (Should fix large stack crash on OS X, which is good.)
* Fixed bug where translated text would revert to English in 'uppercase' mode.
* Fixed UTF-8 related bug where Lithuanian wouldn't display if using
'TTF_RenderText...', but Spanish wouldn't display if using
'TTF_RenderUTF8...'. Thanks to Mantas Kriauciunas, Robert Glowczynski,
John Popplewell and Karl Ove Hufthammer.
* Simplified CFLAGS variable in Makefile.
Ben Armstrong
* Fixed bug where ".thumbs" dir wouldn't get generated if it wasn't there
and you went to the 'Open' dialog.
* Fixed prompt bug for larger window sizes
TOYAMA Shin-ichi
* Hebrew translation!
* Right-to-left language support (for Hebrew, for example).
* Updated Korean translations.
* UTF-8 support in the Text Tool!
* Added 'The Gimp' to docs/PNG.txt
* Lithuanian translation.
* Fixed bug that would cause some translated stamp sounds to not load.
* Added Dutch translation of (older version of) HTML documentation.
* Updated Polish translations.
* Added Polish version of manpage.
* Fixed a few typos in the manpage.
* Fixed UTF-8 word-wrapping bug when there were no spaces
* When a locale requiring its own font can't be used because the font
is missing, Tux Paint STILL didn't work right. Fixed. (Set $LC_ALL=C)
* Added a set of square brushes (similar to the various round ones).
* Added "--nostamps" option to disable stamp tool.
(When it's not needed, they just take time to load, and RAM to store.)
* Added missing "--nosysconfig" to "--help" usage output.
* Increased MAX_FILES from 256 to 2048. Users with more than 128 images
saved were unable to load the newest images! (Hopefully 1024 saved
files is sufficient.)
* Thumbnails now saved to a ".thumbs" subdirectory under "saved".
(Old thumbnails will still be loaded, if found. Currently, the old
thumbnails will still be saved in the old location, not under .thumbs)
* Updated tuxpaint-import to create .thumbs subdirectory, and put new
thumbnails there.
* "Thick" and "Thin" Magic Tools made 'stronger.'
Some more platforms supported, new translations and translation
updates, documentation updates, bug fixes, and
2003.February.22 (0.9.10)
* UTF-8 stamp descriptions word-wrap around spaces.
* Support for more HTML escape codes in description files.
[ Not yet working ]
* ALT+F4 accepted as alternative to [Escape] (to quit)
by Tux Paint's main loop. Windows wasn't rending a 'Close Window'
event on that key combo, like it should (I think).
John Popplewell
2003.February.1 (0.9.9)
* When a locale requiring its own font can't be used because the font
is missing, Tux Paint now CORRECTLY switches back to default
($LANG=C, which for Tux Paint is 'American English')
* Locale-detection code made more robust. (Check LC_MESSAGES, not LC_ALL)
TOYAMA Shin-ichi
* Added support for some useful HTML escape sequences in stamp descriptions
(e.g., "´" for "á" ("a" with "'" over it))
Append ".esc" to the locale code (e.g., "fr.esc=...") in the ".txt"
description files.
* Wrote "docs/ESCAPES.txt", which covers valid escape sequences.
* Made 800x600 mode available at runtime, rather than just at compile-time
(available "--800x600" command-line option and "800x600=yes" in conf. file;
overridden by "--640x480" option, or "800x600=no" or "640x480=yes" in conf.)
NOTE: STILL EXPERIMENTAL! 640x480 mode is still default!
* Fixed 'Magic Tool' selector redraw bug in 800x600 mode.
2003.January.27 (0.9.8)
* Added some translations to Tux Paint's icon's comment in tuxpaint.desktop.
* Updated default tuxpaint.conf to mention all of the newest options.
* Fixed Japanese locale detection.
TOYAMA Shin-ichi
* Stamp description translations can be encoded using UTF-8.
Append ".utf8" to the locale code (e.g., "fr.utf8=...")
* Removed stamp descriptions from Japanese translation file
(src/messages/ja.po). (Will be placed as UTF-8 encoded text in next
Tux Paint stamps package release.)
2003.January.26 (0.9.7)
* Fixed translation bugs with some save-related prompts.
* Polish available as "--lang polski" as well.
2003.January.22 (0.9.6)
* Save directory can be specified ("--savedir")
John Popplewell
* tuxpaint-import now creates the '~/.tuxpaint/saved' directory,
if it doesn't exist
* Initial support for arbitrary window sizes. (#define SVGA for 800x600)
TOYAMA Shin-ichi
* Added a few new colors, renamed some old ones.
TOYAMA Shin-ichi
* Fixed text tool bug when hitting [Enter]/[Return] past bottom of canvas
* Indonesian available as "--lang bahasa-indonesia" as well.
2003.January.8 (0.9.4)
* Changed sparkles so they look less like blobs.
(Thanks to Dave Nelson for the suggestion.)
* Added a mode that uses XORs ("rubber-band lines") much less: --nooutlines
It should help for very slow machines and using Tux Paint remotely
over a networked X display.
* The 'Circle' shape no longer switches into rotation mode
(since it never affected the shape!)
2003.January.6 (0.9.3)
* Screen now refreshes when switching back to fullscreen Tux Paint.
John Popplewell
* FAQ categorized
2002.December.10 (0.9.2)
* Added initial attempt at keyboard control support
(for mouseless environments): "--keyboard"
* UTF-8 support working.
2002.November.16 (0.9.1)
* Updated man page.
* Added some missing "gettext_noop()" wrappers to some strings.
* Stamp sound effects played when clicked, even if stamp is already selected.
* Added more translated documentation directories, with dummy docs.
2002.November.12 (0.9.0)
* Fixed endian issue which caused stamp icons and saved-file thumbnails to
have messed up colors! (Tested on Mac laptop running Mac OS X.)
* Added FAQ item regarding fullscreen not being in 640x480 under Linux.
(Partially based on libSDL's Linux FAQ:
http://www.libsdl.org/faq.php?action=listentries&category=3#34 )
* Added notice about downloading libraries and '-dev' packages under
compiling/Linux section of INSTALL.txt.
* Rearranged INSTALL.txt some.
* Converted titlescreen image from JPEG to PNG
(so libJPEG would no longer be required).
* Updated PNG software list (PNG.txt)
* Added version number and release date to title screen.
* Fixed strange undo/redo access bug (redo available after open).
* Uses "Library/Preferences/tuxpaint" instead of hidden ".tuxpaint"
directory under Mac OS X.
Darrell Walisser
2002.November.3
* HTML documentation cleaned up (no warnings or errors from HTML Tidy!)
* Supports locale-specific fonts for languages that need Unicode.
e.g., Korean will use "ko.ttf", if found, for translated strings.
Changes:
* Translated to Brazilian Portuguese ('pt_BR').
* Fixed 'get_fname()' so that it won't return a directory name with
a trailing slash (if no filename was given). Some 'mkdir()'s don't
like trailing slashes.
* "lang=" setting is now recognized in configuration files.
* Default configuration file now exists (Unix/Linux).
Installed as /etc/tuxpaint/tuxpaint.conf.
Read before "~/.tuxpaintrc".
Reading it can be disabled with "--nosysconfig" on command-line.
* Added support for "OPTION=no" in config file, as well as
"UNOPTION=yes" (like command-line args. use), so that "~/.tuxpaintrc"
can override any settings in new system config.
(e.g., "noprint=no" or "print=yes" will override a "noprint=yes")
* Updated Spanish documentation.
* Added warnings about untranslated strings ("NOTRANS: ...") to
debugging output. ("#define DEBUG") (Useful for translators.)
* Added option to disable 'fancy' mouse pointers: --nofancycursors
(since fullscreen under Windows and non-X-Window targets under Linux
currently have problems due to an SDL library bug)
* Changed 'tuxpaint-import's usage message to reflect that it can import
multiple files at a time, and that it has a "--help" option.
* Updated 'tuxpaint-import's help message to describe what the program does.
"Tux Paint" is a drawing program for young children. It provides
a simple interface and fixed canvas size, and will provide access
to previous images using a thumbnail browser (e.g., no access to
the underlying filesystem).
Unlike popular drawing programs like "The GIMP," it has a very
limited toolset. However, it provides a much simpler interface,
and has entertaining, child-oriented additions such as sound effects.
