rpms/librsvg2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:c8
Branches Tags
rpms:c8
rpms:c10s
rpms:c9
rpms:c9-beta
rpms:c9s
rpms:c8s
rpms:c8-beta
rpms:imports/c10s/librsvg2-2.57.1-8.el10
rpms:imports/c10s/librsvg2-2.57.1-1.el10
rpms:imports/c10s/librsvg2-2.57.1-7.el10
rpms:imports/c10s/librsvg2-2.57.1-6.el10
rpms:imports/c9/librsvg2-2.50.7-3.el9
rpms:imports/c8/librsvg2-2.42.7-5.el8
rpms:imports/c9/librsvg2-2.50.7-2.el9
rpms:imports/c8-beta/librsvg2-2.42.7-5.el8
rpms:imports/c9-beta/librsvg2-2.50.7-2.el9
rpms:imports/c9/librsvg2-2.50.7-1.el9_2.1
rpms:imports/c9/librsvg2-2.50.7-1.el9
rpms:imports/c9-beta/librsvg2-2.50.7-1.el9
rpms:imports/c8-beta/librsvg2-2.42.7-4.el8
rpms:imports/c8-beta/librsvg2-2.42.7-3.el8
rpms:imports/c8-beta/librsvg2-2.42.7-2.el8
rpms:imports/c8s/librsvg2-2.42.7-4.el8
rpms:imports/c8/librsvg2-2.42.7-4.el8
rpms:imports/c8/librsvg2-2.42.7-3.el8
rpms:imports/c8/librsvg2-2.42.7-2.el8
..
compare: rpms:c9s
Branches Tags
rpms:c10s
rpms:c9
rpms:c9-beta
rpms:c8
rpms:c9s
rpms:c8s
rpms:c8-beta
rpms:imports/c10s/librsvg2-2.57.1-8.el10
rpms:imports/c10s/librsvg2-2.57.1-1.el10
rpms:imports/c10s/librsvg2-2.57.1-7.el10
rpms:imports/c10s/librsvg2-2.57.1-6.el10
rpms:imports/c9/librsvg2-2.50.7-3.el9
rpms:imports/c8/librsvg2-2.42.7-5.el8
rpms:imports/c9/librsvg2-2.50.7-2.el9
rpms:imports/c8-beta/librsvg2-2.42.7-5.el8
rpms:imports/c9-beta/librsvg2-2.50.7-2.el9
rpms:imports/c9/librsvg2-2.50.7-1.el9_2.1
rpms:imports/c9/librsvg2-2.50.7-1.el9
rpms:imports/c9-beta/librsvg2-2.50.7-1.el9
rpms:imports/c8-beta/librsvg2-2.42.7-4.el8
rpms:imports/c8-beta/librsvg2-2.42.7-3.el8
rpms:imports/c8-beta/librsvg2-2.42.7-2.el8
rpms:imports/c8s/librsvg2-2.42.7-4.el8
rpms:imports/c8/librsvg2-2.42.7-4.el8
rpms:imports/c8/librsvg2-2.42.7-3.el8
rpms:imports/c8/librsvg2-2.42.7-2.el8

No commits in common. "c8" and "c9s" have entirely different histories.
c8 ... c9s

9 changed files with 856 additions and 990 deletions
Show Stats Expand all files Collapse all files

81
.gitignore vendored
View File

@ -1 +1,80 @@
SOURCES/librsvg-2.42.7.tar.xz librsvg-2.31.0.tar.bz2
/librsvg-2.32.0.tar.bz2
/librsvg-2.32.1.tar.bz2
/librsvg-2.34.0.tar.bz2
/librsvg-2.34.1.tar.xz
/librsvg-2.35.0.tar.xz
/librsvg-2.35.1.tar.xz
/librsvg-2.35.2.tar.xz
/librsvg-2.36.0.tar.xz
/librsvg-2.36.1.tar.xz
/librsvg-2.36.3.tar.xz
/librsvg-2.36.4.tar.xz
/librsvg-2.37.0.tar.xz
/librsvg-2.39.0.tar.xz
/librsvg-2.40.0.tar.xz
/librsvg-2.40.1.tar.xz
/librsvg-2.40.2.tar.xz
/librsvg-2.40.3.tar.xz
/librsvg-2.40.4.tar.xz
/librsvg-2.40.5.tar.xz
/librsvg-2.40.6.tar.xz
/librsvg-2.40.7.tar.xz
/librsvg-2.40.8.tar.xz
/librsvg-2.40.9.tar.xz
/librsvg-2.40.10.tar.xz
/librsvg-2.40.11.tar.xz
/librsvg-2.40.12.tar.xz
/librsvg-2.40.13.tar.xz
/librsvg-2.40.15.tar.xz
/librsvg-2.40.16.tar.xz
/librsvg-2.40.17.tar.xz
/librsvg-2.40.18.tar.xz
/librsvg-2.40.19.tar.xz
/librsvg-2.40.20.tar.xz
/librsvg-2.42.1.tar.xz
/librsvg-2.42.2.tar.xz
/librsvg-2.42.3.tar.xz
/librsvg-2.42.4.tar.xz
/librsvg-2.43.1.tar.xz
/librsvg-2.43.4.tar.xz
/librsvg-2.44.2.tar.xz
/librsvg-2.44.3.tar.xz
/librsvg-2.44.4.tar.xz
/librsvg-2.44.6.tar.xz
/librsvg-2.44.7.tar.xz
/librsvg-2.44.8.tar.xz
/librsvg-2.44.9.tar.xz
/librsvg-2.44.10.tar.xz
/librsvg-2.44.11.tar.xz
/librsvg-2.45.3.tar.xz
/librsvg-2.45.4.tar.xz
/librsvg-2.45.5.tar.xz
/librsvg-2.45.6.tar.xz
/librsvg-2.45.7.tar.xz
/librsvg-2.45.8.tar.xz
/librsvg-2.45.90.tar.xz
/librsvg-2.45.91.tar.xz
/librsvg-2.45.92.tar.xz
/librsvg-2.46.0.tar.xz
/librsvg-2.46.1.tar.xz
/librsvg-2.46.2.tar.xz
/librsvg-2.46.3.tar.xz
/librsvg-2.46.4.tar.xz
/librsvg-2.48.0.tar.xz
/librsvg-2.48.1.tar.xz
/librsvg-2.48.2.tar.xz
/librsvg-2.48.3.tar.xz
/librsvg-2.48.4.tar.xz
/librsvg-2.48.5.tar.xz
/librsvg-2.48.6.tar.xz
/librsvg-2.48.7.tar.xz
/librsvg-2.48.8.tar.xz
/librsvg-2.50.0.tar.xz
/librsvg-2.50.1.tar.xz
/librsvg-2.50.2.tar.xz
/librsvg-2.50.3.tar.xz
/librsvg-2.50.4.tar.xz
/librsvg-2.50.5.tar.xz
/librsvg-2.50.6.tar.xz
/librsvg-2.50.7.tar.xz

1
.librsvg2.metadata
View File

@ -1 +0,0 @@
dd6d47ab7db959ec6dd80739b61bda3b24fc170c SOURCES/librsvg-2.42.7.tar.xz

229
SOURCES/0001-Upgrade-to-procedural-masquerade-0.1.7.patch
View File

@ -1,229 +0,0 @@
From 6aacf7c0e81082dc414396f7059a7a2893c4600b Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 16 Jan 2023 13:24:17 -0800
Subject: [PATCH] Upgrade to procedural-masquerade 0.1.7
---
Cargo.lock | 8 +-
.../.cargo-checksum.json | 2 +-
vendor/procedural-masquerade/.cargo-ok | 0
vendor/procedural-masquerade/Cargo.toml | 4 +-
vendor/procedural-masquerade/lib.rs | 111 ++++++++++++------
5 files changed, 79 insertions(+), 46 deletions(-)
delete mode 100644 vendor/procedural-masquerade/.cargo-ok
diff --git a/Cargo.lock b/Cargo.lock
index c49356d08a6d..a4899a02041d 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -54,7 +54,7 @@ dependencies = [
"itoa 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)",
"matches 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
"phf 0.7.21 (registry+https://github.com/rust-lang/crates.io-index)",
- "procedural-masquerade 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
+ "procedural-masquerade 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)",
"quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)",
"smallvec 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)",
"syn 0.11.11 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -67,7 +67,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"phf_codegen 0.7.21 (registry+https://github.com/rust-lang/crates.io-index)",
"proc-macro2 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)",
- "procedural-masquerade 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
+ "procedural-masquerade 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)",
"quote 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
"syn 0.12.14 (registry+https://github.com/rust-lang/crates.io-index)",
]
@@ -295,7 +295,7 @@ dependencies = [
[[package]]
name = "procedural-masquerade"
-version = "0.1.5"
+version = "0.1.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
[[package]]
@@ -513,7 +513,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
"checksum phf_shared 0.7.21 (registry+https://github.com/rust-lang/crates.io-index)" = "07e24b0ca9643bdecd0632f2b3da6b1b89bbb0030e0b992afc1113b23a7bc2f2"
"checksum pkg-config 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)" = "3a8b4c6b8165cd1a1cd4b9b120978131389f64bdaf456435caa41e630edba903"
"checksum proc-macro2 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "cd07deb3c6d1d9ff827999c7f9b04cdfd66b1b17ae508e14fe47b620f2282ae0"
-"checksum procedural-masquerade 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "dc1bcafee1590f81acb329ae45ec627b318123f085153913620316ae9a144b2a"
+"checksum procedural-masquerade 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "8f1383dff4092fe903ac180e391a8d4121cc48f08ccf850614b0290c6673b69d"
"checksum quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)" = "7a6e920b65c65f10b2ae65c831a81a073a89edd28c7cce89475bff467ab4167a"
"checksum quote 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)" = "1eca14c727ad12702eb4b6bfb5a232287dcf8385cb8ca83a3eeaf6519c44c408"
"checksum rand 0.3.22 (registry+https://github.com/rust-lang/crates.io-index)" = "15a732abf9d20f0ad8eeb6f909bf6868722d9a06e1e50802b6a70351f40b4eb1"
diff --git a/vendor/procedural-masquerade/.cargo-checksum.json b/vendor/procedural-masquerade/.cargo-checksum.json
index e5ded3a268ba..d80306902f03 100644
--- a/vendor/procedural-masquerade/.cargo-checksum.json
+++ b/vendor/procedural-masquerade/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{".cargo-ok":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","Cargo.toml":"78faf5c70ec7dc8d1e18ccf508a483220b31a4d99ce171083f9df709c6d930b1","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"4bf2f5a98355718dc876a821d76cfc9802c43d3cbdc5b9d46a1cd5dfa5d6b01a","lib.rs":"56dc915a0343a75606bd33056f7bbb1832112683903786e53bac56e855afe380"},"package":"dc1bcafee1590f81acb329ae45ec627b318123f085153913620316ae9a144b2a"}
\ No newline at end of file
+{"files":{"Cargo.toml":"39b050fe906ec0088242ac802f4e8305196f1b0d8543322c17931b219b2e0619","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"4bf2f5a98355718dc876a821d76cfc9802c43d3cbdc5b9d46a1cd5dfa5d6b01a","lib.rs":"d549db3924ec4026718d241f4227c98d17dc6f3a06bdc6a3581cee8cb43f7ac3"},"package":"8f1383dff4092fe903ac180e391a8d4121cc48f08ccf850614b0290c6673b69d"}
\ No newline at end of file
diff --git a/vendor/procedural-masquerade/.cargo-ok b/vendor/procedural-masquerade/.cargo-ok
deleted file mode 100644
index e69de29bb2d1..000000000000
diff --git a/vendor/procedural-masquerade/Cargo.toml b/vendor/procedural-masquerade/Cargo.toml
index f8b5f2c57308..9c004599b496 100644
--- a/vendor/procedural-masquerade/Cargo.toml
+++ b/vendor/procedural-masquerade/Cargo.toml
@@ -3,7 +3,7 @@
# When uploading crates to the registry Cargo will automatically
# "normalize" Cargo.toml files for maximal compatibility
# with all versions of Cargo and also rewrite `path` dependencies
-# to registry (e.g. crates.io) dependencies
+# to registry (e.g., crates.io) dependencies
#
# If you believe there's an error in this file please file an
# issue against the rust-lang/cargo repository. If you're
@@ -12,7 +12,7 @@
[package]
name = "procedural-masquerade"
-version = "0.1.5"
+version = "0.1.7"
authors = ["Simon Sapin <simon.sapin@exyr.org>"]
description = "macro_rules for making proc_macro_derive pretending to be proc_macro"
documentation = "https://docs.rs/procedural-masquerade/"
diff --git a/vendor/procedural-masquerade/lib.rs b/vendor/procedural-masquerade/lib.rs
index 86e841a084a9..4b51e1497006 100644
--- a/vendor/procedural-masquerade/lib.rs
+++ b/vendor/procedural-masquerade/lib.rs
@@ -177,8 +177,15 @@ macro_rules! define_proc_macros {
fn wrapped($input: &str) -> String {
$body
}
+
+ // syn uses a huge amount of stack in debug mode.
let derive_input_string = derive_input.to_string();
- wrapped($crate::_extract_input(&derive_input_string)).parse().unwrap()
+ let handle =
+ ::std::thread::Builder::new().stack_size(128 * 1024 * 1024).spawn(move || {
+ wrapped($crate::_extract_input(&derive_input_string))
+ }).unwrap();
+
+ handle.join().unwrap().parse().unwrap()
}
)+
}
@@ -191,18 +198,44 @@ macro_rules! define_proc_macros {
pub fn _extract_input(derive_input: &str) -> &str {
let mut input = derive_input;
- for expected in &["#[allow(unused)]", "enum", "ProceduralMasqueradeDummyType", "{",
- "Input", "=", "(0,", "stringify!", "("] {
- input = input.trim_left();
- assert!(input.starts_with(expected),
- "expected prefix {:?} not found in {:?}", expected, derive_input);
+ for expected in &[
+ "#",
+ "[",
+ "allow",
+ "(",
+ "unused",
+ ")",
+ "]",
+ "enum",
+ "ProceduralMasqueradeDummyType",
+ "{",
+ "Input",
+ "=",
+ "(",
+ "0",
+ ",",
+ "stringify",
+ "!",
+ "(",
+ ] {
+ input = input.trim_start();
+ assert!(
+ input.starts_with(expected),
+ "expected prefix {:?} not found in {:?}",
+ expected,
+ derive_input
+ );
input = &input[expected.len()..];
}
- for expected in [")", ").0,", "}"].iter().rev() {
- input = input.trim_right();
- assert!(input.ends_with(expected),
- "expected suffix {:?} not found in {:?}", expected, derive_input);
+ for expected in [")", ")", ".", "0", ",", "}"].iter().rev() {
+ input = input.trim_end();
+ assert!(
+ input.ends_with(expected),
+ "expected suffix {:?} not found in {:?}",
+ expected,
+ derive_input
+ );
let end = input.len() - expected.len();
input = &input[..end];
}
@@ -220,33 +253,33 @@ macro_rules! define_invoke_proc_macro {
#[doc(hidden)]
#[macro_export]
macro_rules! $macro_name {
- ($proc_macro_name: ident ! $paren: tt) => {
- #[derive($proc_macro_name)]
- #[allow(unused)]
- enum ProceduralMasqueradeDummyType {
- // The magic happens here.
- //
- // We use an `enum` with an explicit discriminant
- // because that is the only case where a type definition
- // can contain a (const) expression.
- //
- // `(0, "foo").0` evalutes to 0, with the `"foo"` part ignored.
- //
- // By the time the `#[proc_macro_derive]` function
- // implementing `#[derive($proc_macro_name)]` is called,
- // `$paren` has already been replaced with the input of this inner macro,
- // but `stringify!` has not been expanded yet.
- //
- // This how arbitrary tokens can be inserted
- // in the input to the `#[proc_macro_derive]` function.
- //
- // Later, `stringify!(...)` is expanded into a string literal
- // which is then ignored.
- // Using `stringify!` enables passing arbitrary tokens
- // rather than only what can be parsed as a const expression.
- Input = (0, stringify! $paren ).0
- }
- }
- }
- }
+ ($proc_macro_name: ident ! $paren: tt) => {
+ #[derive($proc_macro_name)]
+ #[allow(unused)]
+ enum ProceduralMasqueradeDummyType {
+ // The magic happens here.
+ //
+ // We use an `enum` with an explicit discriminant
+ // because that is the only case where a type definition
+ // can contain a (const) expression.
+ //
+ // `(0, "foo").0` evalutes to 0, with the `"foo"` part ignored.
+ //
+ // By the time the `#[proc_macro_derive]` function
+ // implementing `#[derive($proc_macro_name)]` is called,
+ // `$paren` has already been replaced with the input of this inner macro,
+ // but `stringify!` has not been expanded yet.
+ //
+ // This how arbitrary tokens can be inserted
+ // in the input to the `#[proc_macro_derive]` function.
+ //
+ // Later, `stringify!(...)` is expanded into a string literal
+ // which is then ignored.
+ // Using `stringify!` enables passing arbitrary tokens
+ // rather than only what can be parsed as a const expression.
+ Input = (0, stringify! $paren ).0,
+ }
+ }
+ }
+ };
}
--
2.39.0

573
SOURCES/CVE-2019-20446.patch
View File

@ -1,573 +0,0 @@
From faec595a1721a2496e9c258917facbb564f85854 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 13 May 2020 17:53:13 -0500
Subject: [PATCH] CVE-2019-20446.patch
---
librsvg/rsvg-base.c | 90 +++++++++---
librsvg/rsvg-private.h | 5 +-
rsvg_internals/src/drawing_ctx.rs | 23 ++--
rsvg_internals/src/structure.rs | 21 ++-
tests/errors.c | 52 ++++++-
.../errors/308-doubly-recursive-use.svg | 13 ++
tests/fixtures/errors/308-recursive-use.svg | 9 ++
tests/fixtures/errors/308-use-self-ref.svg | 7 +
.../errors/515-pattern-billion-laughs.svg | 130 ++++++++++++++++++
.../errors/515-too-many-elements.svgz | Bin 0 -> 40811 bytes
10 files changed, 310 insertions(+), 40 deletions(-)
create mode 100644 tests/fixtures/errors/308-doubly-recursive-use.svg
create mode 100644 tests/fixtures/errors/308-recursive-use.svg
create mode 100644 tests/fixtures/errors/308-use-self-ref.svg
create mode 100644 tests/fixtures/errors/515-pattern-billion-laughs.svg
create mode 100644 tests/fixtures/errors/515-too-many-elements.svgz
diff --git a/librsvg/rsvg-base.c b/librsvg/rsvg-base.c
index dbad819..af3d43c 100644
--- a/librsvg/rsvg-base.c
+++ b/librsvg/rsvg-base.c
@@ -431,12 +431,29 @@ node_set_atts (RsvgNode * node, RsvgHandle *handle, const NodeCreator *creator,
}
}
+static gboolean
+loading_limits_exceeded (RsvgHandle *handle)
+{
+ /* This is a mitigation for SVG files which create millions of elements
+ * in an attempt to exhaust memory. We don't allow loading more than
+ * this number of elements during the initial streaming load process.
+ */
+ return handle->priv->num_loaded_elements > 200000;
+}
+
static void
rsvg_standard_element_start (RsvgHandle *handle, const char *name, RsvgPropertyBag * atts)
{
const NodeCreator *creator;
RsvgNode *newnode = NULL;
+ if (loading_limits_exceeded (handle)) {
+ g_set_error (handle->priv->error, RSVG_ERROR, 0, "instancing limit");
+
+ xmlStopParser (handle->priv->ctxt);
+ return;
+ }
+
creator = get_node_creator_for_element_name (name);
g_assert (creator != NULL && creator->create_fn != NULL);
@@ -456,6 +473,7 @@ rsvg_standard_element_start (RsvgHandle *handle, const char *name, RsvgPropertyB
handle->priv->treebase = rsvg_node_ref (newnode);
}
+ handle->priv->num_loaded_elements += 1;
handle->priv->currentnode = rsvg_node_ref (newnode);
node_set_atts (newnode, handle, creator, atts);
@@ -1641,6 +1659,52 @@ rsvg_push_discrete_layer (RsvgDrawingCtx * ctx)
ctx->render->push_discrete_layer (ctx);
}
+void
+rsvg_drawing_ctx_increase_num_elements_acquired (RsvgDrawingCtx *draw_ctx)
+{
+ draw_ctx->num_elements_acquired++;
+}
+
+/* This is a mitigation for the security-related bugs:
+ * https://gitlab.gnome.org/GNOME/librsvg/issues/323
+ * https://gitlab.gnome.org/GNOME/librsvg/issues/515
+ *
+ * Imagine the XML [billion laughs attack], but done in SVG's terms:
+ *
+ * - #323 above creates deeply nested groups of `<use>` elements.
+ * The first one references the second one ten times, the second one
+ * references the third one ten times, and so on. In the file given,
+ * this causes 10^17 objects to be rendered. While this does not
+ * exhaust memory, it would take a really long time.
+ *
+ * - #515 has deeply nested references of `<pattern>` elements. Each
+ * object inside each pattern has an attribute
+ * fill="url(#next_pattern)", so the number of final rendered objects
+ * grows exponentially.
+ *
+ * We deal with both cases by placing a limit on how many references
+ * will be resolved during the SVG rendering process, that is,
+ * how many `url(#foo)` will be resolved.
+ *
+ * [billion laughs attack]: https://bitbucket.org/tiran/defusedxml
+ */
+static gboolean
+limits_exceeded (RsvgDrawingCtx *draw_ctx)
+{
+ return draw_ctx->num_elements_acquired > 500000;
+}
+
+RsvgNode *
+rsvg_drawing_ctx_acquire_node_ref (RsvgDrawingCtx * ctx, RsvgNode *node)
+{
+ if (g_slist_find (ctx->acquired_nodes, node))
+ return NULL;
+
+ ctx->acquired_nodes = g_slist_prepend (ctx->acquired_nodes, node);
+
+ return node;
+}
+
/*
* rsvg_drawing_ctx_acquire_node:
* @ctx: The drawing context in use
@@ -1668,16 +1732,15 @@ rsvg_drawing_ctx_acquire_node (RsvgDrawingCtx * ctx, const char *url)
if (url == NULL)
return NULL;
+ rsvg_drawing_ctx_increase_num_elements_acquired (ctx);
+ if (limits_exceeded (ctx))
+ return NULL;
+
node = rsvg_defs_lookup (ctx->defs, url);
if (node == NULL)
return NULL;
- if (g_slist_find (ctx->acquired_nodes, node))
- return NULL;
-
- ctx->acquired_nodes = g_slist_prepend (ctx->acquired_nodes, node);
-
- return node;
+ return rsvg_drawing_ctx_acquire_node_ref (ctx, node);
}
/**
@@ -1734,18 +1797,9 @@ rsvg_drawing_ctx_release_node (RsvgDrawingCtx * ctx, RsvgNode *node)
if (node == NULL)
return;
- g_return_if_fail (ctx->acquired_nodes != NULL);
- g_return_if_fail (ctx->acquired_nodes->data == node);
-
ctx->acquired_nodes = g_slist_remove (ctx->acquired_nodes, node);
}
-void
-rsvg_drawing_ctx_increase_num_elements_rendered_through_use (RsvgDrawingCtx *draw_ctx)
-{
- draw_ctx->num_elements_rendered_through_use++;
-}
-
void
rsvg_drawing_ctx_add_node_and_ancestors_to_stack (RsvgDrawingCtx *draw_ctx, RsvgNode *node)
{
@@ -1759,12 +1813,6 @@ rsvg_drawing_ctx_add_node_and_ancestors_to_stack (RsvgDrawingCtx *draw_ctx, Rsvg
}
}
-static gboolean
-limits_exceeded (RsvgDrawingCtx *draw_ctx)
-{
- return draw_ctx->num_elements_rendered_through_use > 500000;
-}
-
gboolean
rsvg_drawing_ctx_draw_node_from_stack (RsvgDrawingCtx *ctx, RsvgNode *node, int dominate)
{
diff --git a/librsvg/rsvg-private.h b/librsvg/rsvg-private.h
index aeec8d5..06f4c2b 100644
--- a/librsvg/rsvg-private.h
+++ b/librsvg/rsvg-private.h
@@ -164,6 +164,7 @@ struct RsvgHandlePrivate {
*/
RsvgSaxHandler *handler;
int handler_nest;
+ gsize num_loaded_elements;
GHashTable *entities; /* g_malloc'd string -> xmlEntityPtr */
@@ -200,7 +201,7 @@ struct RsvgDrawingCtx {
RsvgState *state;
GError **error;
RsvgDefs *defs;
- gsize num_elements_rendered_through_use;
+ gsize num_elements_acquired;
PangoContext *pango_context;
double dpi_x, dpi_y;
RsvgViewBox vb;
@@ -502,6 +503,8 @@ RsvgNode *rsvg_drawing_ctx_acquire_node (RsvgDrawingCtx * ctx, const cha
G_GNUC_INTERNAL
RsvgNode *rsvg_drawing_ctx_acquire_node_of_type (RsvgDrawingCtx * ctx, const char *url, RsvgNodeType type);
G_GNUC_INTERNAL
+RsvgNode *rsvg_drawing_ctx_acquire_node_ref (RsvgDrawingCtx * ctx, RsvgNode *node);
+G_GNUC_INTERNAL
void rsvg_drawing_ctx_release_node (RsvgDrawingCtx * ctx, RsvgNode *node);
G_GNUC_INTERNAL
diff --git a/rsvg_internals/src/drawing_ctx.rs b/rsvg_internals/src/drawing_ctx.rs
index 79f0c9f..631b073 100644
--- a/rsvg_internals/src/drawing_ctx.rs
+++ b/rsvg_internals/src/drawing_ctx.rs
@@ -32,6 +32,11 @@ extern "C" {
fn rsvg_drawing_ctx_pop_view_box(draw_ctx: *const RsvgDrawingCtx);
+ fn rsvg_drawing_ctx_acquire_node_ref(
+ draw_ctx: *const RsvgDrawingCtx,
+ node: *const RsvgNode,
+ ) -> *mut RsvgNode;
+
fn rsvg_drawing_ctx_acquire_node(
draw_ctx: *const RsvgDrawingCtx,
url: *const libc::c_char,
@@ -45,8 +50,6 @@ extern "C" {
fn rsvg_drawing_ctx_release_node(draw_ctx: *const RsvgDrawingCtx, node: *mut RsvgNode);
- fn rsvg_drawing_ctx_increase_num_elements_rendered_through_use(draw_ctx: *const RsvgDrawingCtx);
-
fn rsvg_drawing_ctx_get_current_state_affine(draw_ctx: *const RsvgDrawingCtx) -> cairo::Matrix;
fn rsvg_drawing_ctx_set_current_state_affine(
@@ -149,6 +152,16 @@ pub fn pop_view_box(draw_ctx: *const RsvgDrawingCtx) {
}
}
+pub fn acquire_node_ref(draw_ctx: *const RsvgDrawingCtx, node: *const RsvgNode) -> Option<AcquiredNode> {
+ let raw_node = unsafe { rsvg_drawing_ctx_acquire_node_ref(draw_ctx, node) };
+
+ if raw_node.is_null() {
+ None
+ } else {
+ Some(AcquiredNode(draw_ctx, raw_node))
+ }
+}
+
pub fn get_acquired_node(draw_ctx: *const RsvgDrawingCtx, url: &str) -> Option<AcquiredNode> {
let raw_node = unsafe { rsvg_drawing_ctx_acquire_node(draw_ctx, str::to_glib_none(url).0) };
@@ -290,12 +303,6 @@ pub fn state_pop(draw_ctx: *const RsvgDrawingCtx) {
}
}
-pub fn increase_num_elements_rendered_through_use(draw_ctx: *const RsvgDrawingCtx) {
- unsafe {
- rsvg_drawing_ctx_increase_num_elements_rendered_through_use(draw_ctx);
- }
-}
-
pub struct AcquiredNode(*const RsvgDrawingCtx, *mut RsvgNode);
impl Drop for AcquiredNode {
diff --git a/rsvg_internals/src/structure.rs b/rsvg_internals/src/structure.rs
index 71c9ff0..e4234ae 100644
--- a/rsvg_internals/src/structure.rs
+++ b/rsvg_internals/src/structure.rs
@@ -278,6 +278,20 @@ impl NodeTrait for NodeUse {
return;
}
+ // <use> is an element that is used directly, unlike
+ // <pattern>, which is used through a fill="url(#...)"
+ // reference. However, <use> will always reference another
+ // element, potentially itself or an ancestor of itself (or
+ // another <use> which references the first one, etc.). So,
+ // we acquire the <use> element itself so that circular
+ // references can be caught.
+ let self_box = box_node(node.clone());
+ let self_acquired = drawing_ctx::acquire_node_ref(draw_ctx, self_box);
+ rsvg_node_unref(self_box);
+ if self_acquired.is_none() {
+ return;
+ }
+
let child = if let Some(acquired) =
drawing_ctx::get_acquired_node(draw_ctx, link.as_ref().unwrap())
{
@@ -286,13 +300,6 @@ impl NodeTrait for NodeUse {
return;
};
- if Node::is_ancestor(node.clone(), child.clone()) {
- // or, if we're <use>'ing ourselves
- return;
- }
-
- drawing_ctx::increase_num_elements_rendered_through_use(draw_ctx);
-
let nx = self.x.get().normalize(draw_ctx);
let ny = self.y.get().normalize(draw_ctx);
diff --git a/tests/errors.c b/tests/errors.c
index f370d60..ab5898a 100644
--- a/tests/errors.c
+++ b/tests/errors.c
@@ -22,10 +22,29 @@ get_test_filename (const char *basename) {
basename,
NULL);
}
+
+static void
+test_loading_error (gconstpointer data)
+{
+ const char *basename = data;
+ char *filename = get_test_filename (basename);
+ RsvgHandle *handle;
+ GError *error = NULL;
+
+ handle = rsvg_handle_new_from_file (filename, &error);
+ g_free (filename);
+
+ g_assert (handle == NULL);
+ g_assert (g_error_matches (error, RSVG_ERROR, RSVG_ERROR_FAILED));
+
+ g_error_free (error);
+}
+
static void
-test_instancing_limit (void)
+test_instancing_limit (gconstpointer data)
{
- char *filename = get_test_filename ("323-nested-use.svg");
+ const char *basename = data;
+ char *filename = get_test_filename (basename);
RsvgHandle *handle;
GError *error = NULL;
cairo_surface_t *surf;
@@ -49,7 +68,34 @@ main (int argc, char **argv)
{
g_test_init (&argc, &argv, NULL);
- g_test_add_func ("/errors/instancing_limit", test_instancing_limit);
+ g_test_add_data_func_full ("/errors/instancing_limit/323-nested-use.svg",
+ "323-nested-use.svg",
+ test_instancing_limit,
+ NULL);
+
+ g_test_add_data_func_full ("/errors/instancing_limit/515-pattern-billion-laughs.svg",
+ "515-pattern-billion-laughs.svg",
+ test_instancing_limit,
+ NULL);
+
+ g_test_add_data_func_full ("/errors/instancing_limit/308-use-self-ref.svg",
+ "308-use-self-ref.svg",
+ test_instancing_limit,
+ NULL);
+ g_test_add_data_func_full ("/errors/instancing_limit/308-recursive-use.svg",
+ "308-recursive-use.svg",
+ test_instancing_limit,
+ NULL);
+ g_test_add_data_func_full ("/errors/instancing_limit/308-doubly-recursive-use.svg",
+ "308-doubly-recursive-use.svg",
+ test_instancing_limit,
+ NULL);
+
+ g_test_add_data_func_full ("/errors/515-too-many-elements.svgz",
+ "515-too-many-elements.svgz",
+ test_loading_error,
+ NULL);
+
return g_test_run ();
}
diff --git a/tests/fixtures/errors/308-doubly-recursive-use.svg b/tests/fixtures/errors/308-doubly-recursive-use.svg
new file mode 100644
index 0000000..9b248a6
--- /dev/null
+++ b/tests/fixtures/errors/308-doubly-recursive-use.svg
@@ -0,0 +1,13 @@
+<svg>
+ <defs>
+ <g id="one">
+ <use xlink:href="#two"/>
+ </g>
+
+ <g id="two">
+ <use xlink:href="#one"/>
+ </g>
+ </defs>
+
+ <use xlink:href="#one"/>
+</svg>
diff --git a/tests/fixtures/errors/308-recursive-use.svg b/tests/fixtures/errors/308-recursive-use.svg
new file mode 100644
index 0000000..f5d00bf
--- /dev/null
+++ b/tests/fixtures/errors/308-recursive-use.svg
@@ -0,0 +1,9 @@
+<svg>
+ <defs>
+ <g id="one">
+ <use xlink:href="#one"/>
+ </g>
+ </defs>
+
+ <use xlink:href="#one"/>
+</svg>
diff --git a/tests/fixtures/errors/308-use-self-ref.svg b/tests/fixtures/errors/308-use-self-ref.svg
new file mode 100644
index 0000000..dbf14c5
--- /dev/null
+++ b/tests/fixtures/errors/308-use-self-ref.svg
@@ -0,0 +1,7 @@
+<svg>
+ <defs>
+ <use id="one" xlink:href="#one"/>
+ </defs>
+
+ <use xlink:href="#one"/>
+</svg>
diff --git a/tests/fixtures/errors/515-pattern-billion-laughs.svg b/tests/fixtures/errors/515-pattern-billion-laughs.svg
new file mode 100644
index 0000000..a306960
--- /dev/null
+++ b/tests/fixtures/errors/515-pattern-billion-laughs.svg
@@ -0,0 +1,130 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
+ "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg width="40cm" height="20cm" viewBox="0 0 800 400" version="1.1"
+ xmlns="http://www.w3.org/2000/svg">
+ <defs>
+ <pattern id="z" x="0" y="0" width="20" height="20" patternUnits="userSpaceOnUse" patternTransform="scale(10,10)">
+ <rect x="0" y="0" width="20" height="20" fill="url(#i)" stroke="yellow"/>
+ </pattern>
+
+ <pattern id="i" x="0" y="0" width="20" height="20" patternUnits="userSpaceOnUse" patternTransform="scale(0.5,0.5)">
+ <rect x="0" y="0" width="20" height="20" fill="url(#h)" stroke="green" />
+ <rect x="1" y="1" width="20" height="20" fill="url(#h)" stroke="brown" />
+ <rect x="2" y="2" width="20" height="20" fill="url(#h)" stroke="pink" />
+ <rect x="3" y="3" width="20" height="20" fill="url(#h)" stroke="grey" />
+ <rect x="4" y="3" width="20" height="20" fill="url(#h)" stroke="cyan" />
+ <rect x="5" y="3" width="20" height="20" fill="url(#h)" stroke="green" />
+ <rect x="6" y="3" width="20" height="20" fill="url(#h)" stroke="brown" />
+ <rect x="7" y="3" width="20" height="20" fill="url(#h)" stroke="pink" />
+ <rect x="8" y="3" width="20" height="20" fill="url(#h)" stroke="grey" />
+ <rect x="9" y="3" width="20" height="20" fill="url(#h)" stroke="cyan" />
+ </pattern>
+
+ <pattern id="h" x="0" y="0" width="20" height="20" patternUnits="userSpaceOnUse" patternTransform="scale(0.5,0.5)">
+ <rect x="0" y="0" width="20" height="20" fill="url(#g)" stroke="green" />
+ <rect x="1" y="1" width="20" height="20" fill="url(#g)" stroke="brown" />
+ <rect x="2" y="2" width="20" height="20" fill="url(#g)" stroke="pink" />
+ <rect x="3" y="3" width="20" height="20" fill="url(#g)" stroke="grey" />
+ <rect x="4" y="3" width="20" height="20" fill="url(#g)" stroke="cyan" />
+ <rect x="5" y="3" width="20" height="20" fill="url(#g)" stroke="green" />
+ <rect x="6" y="3" width="20" height="20" fill="url(#g)" stroke="brown" />
+ <rect x="7" y="3" width="20" height="20" fill="url(#g)" stroke="pink" />
+ <rect x="8" y="3" width="20" height="20" fill="url(#g)" stroke="grey" />
+ <rect x="9" y="3" width="20" height="20" fill="url(#g)" stroke="cyan" />
+ </pattern>
+
+ <pattern id="g" x="0" y="0" width="20" height="20" patternUnits="userSpaceOnUse" patternTransform="scale(0.5,0.5)">
+ <rect x="0" y="0" width="20" height="20" fill="url(#f)" stroke="green" />
+ <rect x="1" y="1" width="20" height="20" fill="url(#f)" stroke="brown" />
+ <rect x="2" y="2" width="20" height="20" fill="url(#f)" stroke="pink" />
+ <rect x="3" y="3" width="20" height="20" fill="url(#f)" stroke="grey" />
+ <rect x="4" y="3" width="20" height="20" fill="url(#f)" stroke="cyan" />
+ <rect x="5" y="3" width="20" height="20" fill="url(#f)" stroke="green" />
+ <rect x="6" y="3" width="20" height="20" fill="url(#f)" stroke="brown" />
+ <rect x="7" y="3" width="20" height="20" fill="url(#f)" stroke="pink" />
+ <rect x="8" y="3" width="20" height="20" fill="url(#f)" stroke="grey" />
+ <rect x="9" y="3" width="20" height="20" fill="url(#f)" stroke="cyan" />
+ </pattern>
+
+ <pattern id="f" x="0" y="0" width="20" height="20" patternUnits="userSpaceOnUse" patternTransform="scale(0.5,0.5)">
+ <rect x="0" y="0" width="20" height="20" fill="url(#e)" stroke="green" />
+ <rect x="1" y="1" width="20" height="20" fill="url(#e)" stroke="brown" />
+ <rect x="2" y="2" width="20" height="20" fill="url(#e)" stroke="pink" />
+ <rect x="3" y="3" width="20" height="20" fill="url(#e)" stroke="grey" />
+ <rect x="4" y="3" width="20" height="20" fill="url(#e)" stroke="cyan" />
+ <rect x="5" y="3" width="20" height="20" fill="url(#e)" stroke="green" />
+ <rect x="6" y="3" width="20" height="20" fill="url(#e)" stroke="brown" />
+ <rect x="7" y="3" width="20" height="20" fill="url(#e)" stroke="pink" />
+ <rect x="8" y="3" width="20" height="20" fill="url(#e)" stroke="grey" />
+ <rect x="9" y="3" width="20" height="20" fill="url(#e)" stroke="cyan" />
+ </pattern>
+
+ <pattern id="e" x="0" y="0" width="20" height="20" patternUnits="userSpaceOnUse" patternTransform="scale(0.5,0.5)">
+ <rect x="0" y="0" width="20" height="20" fill="url(#d)" stroke="green" />
+ <rect x="1" y="1" width="20" height="20" fill="url(#d)" stroke="brown" />
+ <rect x="2" y="2" width="20" height="20" fill="url(#d)" stroke="pink" />
+ <rect x="3" y="3" width="20" height="20" fill="url(#d)" stroke="grey" />
+ <rect x="4" y="3" width="20" height="20" fill="url(#d)" stroke="cyan" />
+ <rect x="5" y="3" width="20" height="20" fill="url(#d)" stroke="green" />
+ <rect x="6" y="3" width="20" height="20" fill="url(#d)" stroke="brown" />
+ <rect x="7" y="3" width="20" height="20" fill="url(#d)" stroke="pink" />
+ <rect x="8" y="3" width="20" height="20" fill="url(#d)" stroke="grey" />
+ <rect x="9" y="3" width="20" height="20" fill="url(#d)" stroke="cyan" />
+ </pattern>
+
+ <pattern id="d" x="0" y="0" width="20" height="20" patternUnits="userSpaceOnUse" patternTransform="scale(0.5,0.5)">
+ <rect x="0" y="0" width="20" height="20" fill="url(#c)" stroke="green" />
+ <rect x="1" y="1" width="20" height="20" fill="url(#c)" stroke="brown" />
+ <rect x="2" y="2" width="20" height="20" fill="url(#c)" stroke="pink" />
+ <rect x="3" y="3" width="20" height="20" fill="url(#c)" stroke="grey" />
+ <rect x="4" y="3" width="20" height="20" fill="url(#c)" stroke="cyan" />
+ <rect x="5" y="3" width="20" height="20" fill="url(#c)" stroke="green" />
+ <rect x="6" y="3" width="20" height="20" fill="url(#c)" stroke="brown" />
+ <rect x="7" y="3" width="20" height="20" fill="url(#c)" stroke="pink" />
+ <rect x="8" y="3" width="20" height="20" fill="url(#c)" stroke="grey" />
+ <rect x="9" y="3" width="20" height="20" fill="url(#c)" stroke="cyan" />
+ </pattern>
+ <pattern id="c" x="0" y="0" width="20" height="20" patternUnits="userSpaceOnUse" patternTransform="scale(0.5,0.5)">
+ <rect x="0" y="0" width="20" height="20" fill="url(#b)" stroke="green" />
+ <rect x="1" y="1" width="20" height="20" fill="url(#b)" stroke="brown" />
+ <rect x="2" y="2" width="20" height="20" fill="url(#b)" stroke="pink" />
+ <rect x="3" y="3" width="20" height="20" fill="url(#b)" stroke="grey" />
+ <rect x="4" y="3" width="20" height="20" fill="url(#b)" stroke="cyan" />
+ <rect x="5" y="3" width="20" height="20" fill="url(#b)" stroke="green" />
+ <rect x="6" y="3" width="20" height="20" fill="url(#b)" stroke="brown" />
+ <rect x="7" y="3" width="20" height="20" fill="url(#b)" stroke="pink" />
+ <rect x="8" y="3" width="20" height="20" fill="url(#b)" stroke="grey" />
+ <rect x="9" y="3" width="20" height="20" fill="url(#b)" stroke="cyan" />
+ </pattern>
+ <pattern id="b" x="0" y="0" width="20" height="20" patternUnits="userSpaceOnUse" patternTransform="scale(0.5,0.5)">
+ <rect x="0" y="0" width="20" height="20" fill="url(#a)" stroke="green" />
+ <rect x="1" y="1" width="20" height="20" fill="url(#a)" stroke="brown" />
+ <rect x="2" y="2" width="20" height="20" fill="url(#a)" stroke="pink" />
+ <rect x="3" y="3" width="20" height="20" fill="url(#a)" stroke="grey" />
+ <rect x="4" y="3" width="20" height="20" fill="url(#a)" stroke="cyan" />
+ <rect x="5" y="3" width="20" height="20" fill="url(#a)" stroke="green" />
+ <rect x="6" y="3" width="20" height="20" fill="url(#a)" stroke="brown" />
+ <rect x="7" y="3" width="20" height="20" fill="url(#a)" stroke="pink" />
+ <rect x="8" y="3" width="20" height="20" fill="url(#a)" stroke="grey" />
+ <rect x="9" y="3" width="20" height="20" fill="url(#a)" stroke="cyan" />
+
+ </pattern>
+ <pattern id="a" x="0" y="0" width="20" height="20" patternUnits="userSpaceOnUse" patternTransform="scale(0.5,0.5)">
+ <rect x="0" y="0" width="20" height="20" fill="none" stroke="green" />
+ <rect x="1" y="1" width="20" height="20" fill="none" stroke="brown" />
+ <rect x="2" y="2" width="20" height="20" fill="none" stroke="pink" />
+ <rect x="3" y="3" width="20" height="20" fill="none" stroke="grey" />
+ <rect x="4" y="3" width="20" height="20" fill="none" stroke="cyan" />
+ <rect x="5" y="3" width="20" height="20" fill="none" stroke="green" />
+ <rect x="6" y="3" width="20" height="20" fill="none" stroke="brown" />
+ <rect x="7" y="3" width="20" height="20" fill="none" stroke="pink" />
+ <rect x="8" y="3" width="20" height="20" fill="none" stroke="grey" />
+ <rect x="9" y="3" width="20" height="20" fill="none" stroke="cyan" />
+ </pattern>
+ </defs>
+
+ <ellipse fill="url(#z)" stroke="black" stroke-width="5"
+ cx="400" cy="200" rx="350" ry="150" />
+
+</svg>
\ No newline at end of file
diff --git a/tests/fixtures/errors/515-too-many-elements.svgz b/tests/fixtures/errors/515-too-many-elements.svgz
new file mode 100644
index 0000000000000000000000000000000000000000..a7f7cf678ca2f29af6df61078d1c6a86c73c2d1a
GIT binary patch
literal 40811
zcmeIuO)I1U007{3c1mhf$VD-7q(+J1MDM}L%|UFTsL8?1JBN{yP&im}QQ{&|QhvZj
zljI=9MY%ail5kSH<)g@tkhY%ZCp<Na#l^QJoBcoHsm4@tG?z<e2cz+1I+M<(qtSdr
zerz~+JUc3x2`j>*LibxH_PE;`Ph^fuo4Xpr-qW6!wVUeOr_1r`p~-)LTcZB@uIs(k
zp^3xx{A%Lt>ENbsBzwPKxl_B*S@%4>{ZPBL{_?u~dmaM@3>YwAz<>b*1`HT5V8DO@
z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*Vq
ziwEvbqN?)X)ARdf*>V8`1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*
z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA;JXJdqN<A^m<@v0;iCA@vC?p6
zYVLd>)r0{91`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>f$?1`2;_+E#M0g<n@o
I9YGlT0Agk%tpET3
literal 0
HcmV?d00001
--
2.26.2

81
SOURCES/fix-cssparser-build.patch
View File

@ -1,81 +0,0 @@
From 2346aa25ba6379db5a754f2cb7171e85cba5dda3 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Fri, 15 May 2020 14:56:59 -0500
Subject: [PATCH] cssparser build fix
---
vendor/cssparser/.cargo-checksum.json | 2 +-
vendor/cssparser/src/parser.rs | 48 +++++++++++++++------------
2 files changed, 28 insertions(+), 22 deletions(-)
diff --git a/vendor/cssparser/.cargo-checksum.json b/vendor/cssparser/.cargo-checksum.json
index 246bb70..713372d 100644
--- a/vendor/cssparser/.cargo-checksum.json
+++ b/vendor/cssparser/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{".cargo-ok":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",".travis.yml":"f1fb4b65964c81bc1240544267ea334f554ca38ae7a74d57066f4d47d2b5d568","Cargo.toml":"7807f16d417eb1a6ede56cd4ba2da6c5c63e4530289b3f0848f4b154e18eba02","LICENSE":"fab3dd6bdab226f1c08630b1dd917e11fcb4ec5e1e020e2c16f83a0a13863e85","README.md":"c5781e673335f37ed3d7acb119f8ed33efdf6eb75a7094b7da2abe0c3230adb8","build.rs":"b29fc57747f79914d1c2fb541e2bb15a003028bb62751dcb901081ccc174b119","build/match_byte.rs":"2c84b8ca5884347d2007f49aecbd85b4c7582085526e2704399817249996e19b","docs/.nojekyll":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","docs/404.html":"025861f76f8d1f6d67c20ab624c6e418f4f824385e2dd8ad8732c4ea563c6a2e","docs/index.html":"025861f76f8d1f6d67c20ab624c6e418f4f824385e2dd8ad8732c4ea563c6a2e","src/color.rs":"c60f1b0ab7a2a6213e434604ee33f78e7ef74347f325d86d0b9192d8225ae1cc","src/cow_rc_str.rs":"541216f8ef74ee3cc5cbbc1347e5f32ed66588c401851c9a7d68b867aede1de0","src/from_bytes.rs":"331fe63af2123ae3675b61928a69461b5ac77799fff3ce9978c55cf2c558f4ff","src/lib.rs":"46c377e0c9a75780d5cb0bcf4dfb960f0fb2a996a13e7349bb111b9082252233","src/macros.rs":"adb9773c157890381556ea83d7942dcc676f99eea71abbb6afeffee1e3f28960","src/nth.rs":"5c70fb542d1376cddab69922eeb4c05e4fcf8f413f27563a2af50f72a47c8f8c","src/parser.rs":"9ed4aec998221eb2d2ba99db2f9f82a02399fb0c3b8500627f68f5aab872adde","src/rules_and_declarations.rs":"be2c4f3f3bb673d866575b6cb6084f1879dff07356d583ca9a3595f63b7f916f","src/serializer.rs":"4ccfc9b4fe994aab3803662bbf31cc25052a6a39531073a867b14b224afe42dd","src/size_of_tests.rs":"e5f63c8c18721cc3ff7a5407e84f9889ffa10e66da96e8510a696c3e00ad72d5","src/tests.rs":"80b02c80ab0fd580dad9206615c918e0db7dff63dfed0feeedb66f317d24b24b","src/tokenizer.rs":"429b2cba419cf8b923fbcc32d3bd34c0b39284ebfcb9fc29b8eb8643d8d5f312","src/unicode_range.rs":"c1c4ed2493e09d248c526ce1ef8575a5f8258da3962b64ffc814ef3bdf9780d0"},"package":"8a807ac3ab7a217829c2a3b65732b926b2befe6a35f33b4bf8b503692430f223"}
\ No newline at end of file
+{"files":{},"package":"8a807ac3ab7a217829c2a3b65732b926b2befe6a35f33b4bf8b503692430f223"}
diff --git a/vendor/cssparser/src/parser.rs b/vendor/cssparser/src/parser.rs
index 76736a8..8ffa18c 100644
--- a/vendor/cssparser/src/parser.rs
+++ b/vendor/cssparser/src/parser.rs
@@ -555,28 +555,34 @@ impl<'i: 't, 't> Parser<'i, 't> {
}
let token_start_position = self.input.tokenizer.position();
- let token;
- match self.input.cached_token {
- Some(ref cached_token)
- if cached_token.start_position == token_start_position => {
- self.input.tokenizer.reset(&cached_token.end_state);
- match cached_token.token {
- Token::Function(ref name) => self.input.tokenizer.see_function(name),
- _ => {}
- }
- token = &cached_token.token
+ let using_cached_token = self
+ .input
+ .cached_token
+ .as_ref()
+ .map_or(false, |cached_token| {
+ cached_token.start_position == token_start_position
+ });
+ let token = if using_cached_token {
+ let cached_token = self.input.cached_token.as_ref().unwrap();
+ self.input.tokenizer.reset(&cached_token.end_state);
+ match cached_token.token {
+ Token::Function(ref name) => self.input.tokenizer.see_function(name),
+ _ => {}
}
- _ => {
- let new_token = self.input.tokenizer.next()
- .map_err(|()| self.new_basic_error(BasicParseErrorKind::EndOfInput))?;
- self.input.cached_token = Some(CachedToken {
- token: new_token,
- start_position: token_start_position,
- end_state: self.input.tokenizer.state(),
- });
- token = self.input.cached_token_ref()
- }
- }
+ &cached_token.token
+ } else {
+ let new_token = self
+ .input
+ .tokenizer
+ .next()
+ .map_err(|()| self.new_basic_error(BasicParseErrorKind::EndOfInput))?;
+ self.input.cached_token = Some(CachedToken {
+ token: new_token,
+ start_position: token_start_position,
+ end_state: self.input.tokenizer.state(),
+ });
+ self.input.cached_token_ref()
+ };
if let Some(block_type) = BlockType::opening(token) {
self.at_start_of = Some(block_type);
--
2.26.2

6
gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}

414
librsvg2-CVE-2023-38633.patch Normal file
View File

@ -0,0 +1,414 @@
From d1f066bf2198bd46c5ba80cb5123b768ec16e37d Mon Sep 17 00:00:00 2001
From: Federico Mena Quintero <federico@gnome.org>
Date: Thu, 20 Jul 2023 11:12:53 -0600
Subject: [PATCH] (#996): Fix arbitrary file read when href has special
characters
In UrlResolver::resolve_href() we now explicitly disallow URLs that
have a query string ("?") or a fragment identifier ("#").
We also explicitly check for a base URL and not resolving to a path,
for example, "file:///base/foo.svg" + "." would resolve to
"file:///base/" - this is technically correct, but we don't want to
resolve to directories.
Also, we pass a canonicalized path name as a URL upstream, so that
g_file_new_from_url() will consume it later, instead of passing the
original and potentially malicious URL.
Fixes https://gitlab.gnome.org/GNOME/librsvg/-/issues/996
---
librsvg/rsvg-handle.c | 6 +-
rsvg_internals/src/allowed_url.rs | 229 +++++++++++++-----
.../src/filters/component_transfer.rs | 2 +-
tests/Makefile.am | 1 +
tests/fixtures/loading/bar.svg | 1 +
tests/fixtures/loading/foo.svg | 1 +
tests/fixtures/loading/subdir/baz.svg | 1 +
7 files changed, 180 insertions(+), 61 deletions(-)
create mode 100644 tests/fixtures/loading/bar.svg
create mode 100644 tests/fixtures/loading/foo.svg
create mode 100644 tests/fixtures/loading/subdir/baz.svg
diff --git a/librsvg/rsvg-handle.c b/librsvg/rsvg-handle.c
index 95364db34..f49e4d30e 100644
--- a/librsvg/rsvg-handle.c
+++ b/librsvg/rsvg-handle.c
@@ -78,7 +78,11 @@
* </listitem>
*
* <listitem>
- * All other URL schemes in references require a base URL. For
+ * URLs with queries ("?") or fragment identifiers ("#") are not allowed.
+ * </listitem>
+ *
+ * <listitem>
+ * All other URL schemes other than data: in references require a base URL. For
* example, this means that if you load an SVG with
* rsvg_handle_new_from_data() without calling rsvg_handle_set_base_uri(),
* then any referenced files will not be allowed (e.g. raster images to be
diff --git a/rsvg_internals/src/allowed_url.rs b/rsvg_internals/src/allowed_url.rs
index 3a99e00b8..ffa9a2315 100644
--- a/rsvg_internals/src/allowed_url.rs
+++ b/rsvg_internals/src/allowed_url.rs
@@ -2,9 +2,7 @@
use std::error;
use std::fmt;
-use std::io;
use std::ops::Deref;
-use std::path::{Path, PathBuf};
use url::Url;
use crate::error::HrefError;
@@ -37,6 +35,12 @@ pub enum AllowedUrlError {
/// or in one directory below the base file.
NotSiblingOrChildOfBaseFile,
+ /// Loaded file:// URLs cannot have a query part, e.g. `file:///foo?blah`
+ NoQueriesAllowed,
+
+ /// URLs may not have fragment identifiers at this stage
+ NoFragmentIdentifierAllowed,
+
/// Error when obtaining the file path or the base file path
InvalidPath,
@@ -59,6 +63,17 @@ impl AllowedUrl {
return Ok(AllowedUrl(url));
}
+ // Queries are not allowed.
+ if url.query().is_some() {
+ return Err(AllowedUrlError::NoQueriesAllowed);
+ }
+
+ // Fragment identifiers are not allowed. They should have been stripped
+ // upstream, by NodeId.
+ if url.fragment().is_some() {
+ return Err(AllowedUrlError::NoFragmentIdentifierAllowed);
+ }
+
// All other sources require a base url
if base_url.is_none() {
return Err(AllowedUrlError::BaseRequired);
@@ -81,6 +96,26 @@ impl AllowedUrl {
return Err(AllowedUrlError::DisallowedScheme);
}
+ // The rest of this function assumes file: URLs; guard against
+ // incorrect refactoring.
+ assert!(url.scheme() == "file");
+
+ // If we have a base_uri of "file:///foo/bar.svg", and resolve an href of ".",
+ // Url.parse() will give us "file:///foo/". We don't want that, so check
+ // if the last path segment is empty - it will not be empty for a normal file.
+
+ if let Some(segments) = url.path_segments() {
+ if segments
+ .last()
+ .expect("URL path segments always contain at last 1 element")
+ .is_empty()
+ {
+ return Err(AllowedUrlError::NotSiblingOrChildOfBaseFile);
+ }
+ } else {
+ unreachable!("the file: URL cannot have an empty path");
+ }
+
// We have two file: URIs. Now canonicalize them (remove .. and symlinks, etc.)
// and see if the directories match
@@ -98,13 +133,17 @@ impl AllowedUrl {
let base_parent = base_parent.unwrap();
- let url_canon =
- canonicalize(&url_path).map_err(|_| AllowedUrlError::CanonicalizationError)?;
- let parent_canon =
- canonicalize(&base_parent).map_err(|_| AllowedUrlError::CanonicalizationError)?;
-
- if url_canon.starts_with(parent_canon) {
- Ok(AllowedUrl(url))
+ let path_canon = url_path
+ .canonicalize()
+ .map_err(|_| AllowedUrlError::CanonicalizationError)?;
+ let parent_canon = base_parent
+ .canonicalize()
+ .map_err(|_| AllowedUrlError::CanonicalizationError)?;
+
+ if path_canon.starts_with(parent_canon) {
+ // Finally, convert the canonicalized path back to a URL.
+ let path_to_url = Url::from_file_path(path_canon).unwrap();
+ Ok(AllowedUrl(path_to_url))
} else {
Err(AllowedUrlError::NotSiblingOrChildOfBaseFile)
}
@@ -129,32 +168,22 @@ impl error::Error for AllowedUrlError {}
impl fmt::Display for AllowedUrlError {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
- match *self {
- AllowedUrlError::HrefParseError(e) => write!(f, "href parse error: {}", e),
- AllowedUrlError::BaseRequired => write!(f, "base required"),
- AllowedUrlError::DifferentURISchemes => write!(f, "different URI schemes"),
- AllowedUrlError::DisallowedScheme => write!(f, "disallowed scheme"),
- AllowedUrlError::NotSiblingOrChildOfBaseFile => {
- write!(f, "not sibling or child of base file")
- }
- AllowedUrlError::InvalidPath => write!(f, "invalid path"),
- AllowedUrlError::BaseIsRoot => write!(f, "base is root"),
- AllowedUrlError::CanonicalizationError => write!(f, "canonicalization error"),
+ use AllowedUrlError::*;
+ match self {
+ HrefParseError(e) => write!(f, "URL parse error: {e}"),
+ BaseRequired => write!(f, "base required"),
+ DifferentUriSchemes => write!(f, "different URI schemes"),
+ DisallowedScheme => write!(f, "disallowed scheme"),
+ NotSiblingOrChildOfBaseFile => write!(f, "not sibling or child of base file"),
+ NoQueriesAllowed => write!(f, "no queries allowed"),
+ NoFragmentIdentifierAllowed => write!(f, "no fragment identifier allowed"),
+ InvalidPath => write!(f, "invalid path"),
+ BaseIsRoot => write!(f, "base is root"),
+ CanonicalizationError => write!(f, "canonicalization error"),
}
}
}
-// For tests, we don't want to touch the filesystem. In that case,
-// assume that we are being passed canonical file names.
-#[cfg(not(test))]
-fn canonicalize<P: AsRef<Path>>(path: P) -> Result<PathBuf, io::Error> {
- path.as_ref().canonicalize()
-}
-#[cfg(test)]
-fn canonicalize<P: AsRef<Path>>(path: P) -> Result<PathBuf, io::Error> {
- Ok(path.as_ref().to_path_buf())
-}
-
/// Parsed result of an href from an SVG or CSS file
///
/// Sometimes in SVG element references (e.g. the `href` in the `<feImage>` element) we
@@ -234,6 +263,8 @@ impl Href {
mod tests {
use super::*;
+ use std::path::PathBuf;
+
#[test]
fn disallows_relative_file_with_no_base_file() {
assert_eq!(
@@ -284,56 +315,136 @@ mod tests {
);
}
+ fn url_from_test_fixtures(filename_relative_to_librsvg_srcdir: &str) -> Url {
+ let path = PathBuf::from(filename_relative_to_librsvg_srcdir);
+ let absolute = path
+ .canonicalize()
+ .expect("files from test fixtures are supposed to canonicalize");
+ Url::from_file_path(absolute).unwrap()
+ }
+
#[test]
fn allows_relative() {
- assert_eq!(
- AllowedUrl::from_href(
- "foo.svg",
- Some(Url::parse("file:///example/bar.svg").unwrap()).as_ref()
- )
- .unwrap()
- .as_ref(),
- "file:///example/foo.svg",
- );
+ let resolved = AllowedUrl::from_href(
+ "foo.svg",
+ Some(url_from_test_fixtures("../tests/fixtures/loading/bar.svg")).as_ref()
+ ).unwrap();
+
+ let resolved_str = resolved.as_str();
+ assert!(resolved_str.ends_with("/loading/foo.svg"));
}
#[test]
fn allows_sibling() {
- assert_eq!(
- AllowedUrl::from_href(
- "file:///example/foo.svg",
- Some(Url::parse("file:///example/bar.svg").unwrap()).as_ref()
- )
- .unwrap()
- .as_ref(),
- "file:///example/foo.svg",
- );
+ let sibling = url_from_test_fixtures("../tests/fixtures/loading/foo.svg");
+ let resolved = AllowedUrl::from_href(
+ sibling.as_str(),
+ Some(url_from_test_fixtures("../tests/fixtures/loading/bar.svg")).as_ref()
+ ).unwrap();
+
+ let resolved_str = resolved.as_str();
+ assert!(resolved_str.ends_with("/loading/foo.svg"));
}
#[test]
fn allows_child_of_sibling() {
- assert_eq!(
- AllowedUrl::from_href(
- "file:///example/subdir/foo.svg",
- Some(Url::parse("file:///example/bar.svg").unwrap()).as_ref()
- )
- .unwrap()
- .as_ref(),
- "file:///example/subdir/foo.svg",
- );
+ let child_of_sibling = url_from_test_fixtures("../tests/fixtures/loading/subdir/baz.svg");
+ let resolved = AllowedUrl::from_href(
+ child_of_sibling.as_str(),
+ Some(url_from_test_fixtures("../tests/fixtures/loading/bar.svg")).as_ref()
+ ).unwrap();
+
+ let resolved_str = resolved.as_str();
+ assert!(resolved_str.ends_with("/loading/subdir/baz.svg"));
}
+ // Ignore on Windows since we test for /etc/passwd
+ #[cfg(unix)]
#[test]
fn disallows_non_sibling() {
assert_eq!(
AllowedUrl::from_href(
"file:///etc/passwd",
- Some(Url::parse("file:///example/bar.svg").unwrap()).as_ref()
+ Some(url_from_test_fixtures("../tests/fixtures/loading/bar.svg")).as_ref()
),
Err(AllowedUrlError::NotSiblingOrChildOfBaseFile)
);
}
+ #[test]
+ fn disallows_queries() {
+ assert!(matches!(
+ AllowedUrl::from_href(
+ ".?../../../../../../../../../../etc/passwd",
+ Some(url_from_test_fixtures("../tests/fixtures/loading/bar.svg")).as_ref(),
+ ),
+ Err(AllowedUrlError::NoQueriesAllowed)
+ ));
+ }
+
+ #[test]
+ fn disallows_weird_relative_uris() {
+ let base_url = url_from_test_fixtures("../tests/fixtures/loading/bar.svg");
+
+ assert!(
+ AllowedUrl::from_href(
+ ".@../../../../../../../../../../etc/passwd",
+ Some(&base_url),
+ ).is_err()
+ );
+ assert!(
+ AllowedUrl::from_href(
+ ".$../../../../../../../../../../etc/passwd",
+ Some(&base_url),
+ ).is_err()
+ );
+ assert!(
+ AllowedUrl::from_href(
+ ".%../../../../../../../../../../etc/passwd",
+ Some(&base_url),
+ ).is_err()
+ );
+ assert!(
+ AllowedUrl::from_href(
+ ".*../../../../../../../../../../etc/passwd",
+ Some(&base_url),
+ ).is_err()
+ );
+ assert!(
+ AllowedUrl::from_href(
+ "~/../../../../../../../../../../etc/passwd",
+ Some(&base_url),
+ ).is_err()
+ );
+ }
+
+ #[test]
+ fn disallows_dot_sibling() {
+ println!("cwd: {:?}", std::env::current_dir());
+ let base_url = url_from_test_fixtures("../tests/fixtures/loading/bar.svg");
+
+ assert!(matches!(
+ AllowedUrl::from_href(".", Some(&base_url)),
+ Err(AllowedUrlError::NotSiblingOrChildOfBaseFile)
+ ));
+ assert!(matches!(
+ AllowedUrl::from_href(".#../../../../../../../../../../etc/passwd", Some(&base_url)),
+ Err(AllowedUrlError::NoFragmentIdentifierAllowed)
+ ));
+ }
+
+ #[test]
+ fn disallows_fragment() {
+ // AllowedUrl::from_href() explicitly disallows fragment identifiers.
+ // This is because they should have been stripped before calling that function,
+ // by the Iri machinery.
+
+ assert!(matches!(
+ AllowedUrl::from_href("bar.svg#fragment", Some(Url::parse("https://example.com/foo.svg").unwrap()).as_ref()),
+ Err(AllowedUrlError::NoFragmentIdentifierAllowed)
+ ));
+ }
+
#[test]
fn parses_href() {
assert_eq!(
diff --git a/rsvg_internals/src/filters/component_transfer.rs b/rsvg_internals/src/filters/component_transfer.rs
index 235435ffa..6845eac18 100644
--- a/rsvg_internals/src/filters/component_transfer.rs
+++ b/rsvg_internals/src/filters/component_transfer.rs
@@ -261,7 +261,7 @@ macro_rules! func_or_default {
}
}
_ => &$func_default,
- };
+ }
};
}
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 13c2d51f2..b3faf2da5 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -82,6 +82,7 @@ dist_installed_test_data = \
$(wildcard $(srcdir)/fixtures/errors/*) \
$(wildcard $(srcdir)/fixtures/infinite-loop/*) \
$(wildcard $(srcdir)/fixtures/loading/*) \
+ $(wildcard $(srcdir)/fixtures/loading/subdir/*) \
$(wildcard $(srcdir)/fixtures/reftests/*.css) \
$(wildcard $(srcdir)/fixtures/reftests/*.svg) \
$(wildcard $(srcdir)/fixtures/reftests/*.png) \
diff --git a/tests/fixtures/loading/bar.svg b/tests/fixtures/loading/bar.svg
new file mode 100644
index 000000000..304670099
--- /dev/null
+++ b/tests/fixtures/loading/bar.svg
@@ -0,0 +1 @@
+<!-- Empty file, used just to test URL validation -->
diff --git a/tests/fixtures/loading/foo.svg b/tests/fixtures/loading/foo.svg
new file mode 100644
index 000000000..304670099
--- /dev/null
+++ b/tests/fixtures/loading/foo.svg
@@ -0,0 +1 @@
+<!-- Empty file, used just to test URL validation -->
diff --git a/tests/fixtures/loading/subdir/baz.svg b/tests/fixtures/loading/subdir/baz.svg
new file mode 100644
index 000000000..304670099
--- /dev/null
+++ b/tests/fixtures/loading/subdir/baz.svg
@@ -0,0 +1 @@
+<!-- Empty file, used just to test URL validation -->
--
GitLab

454
SPECS/librsvg2.spec → librsvg2.spec
View File

@ -8,37 +8,32 @@
# required rust libraries # required rust libraries
%global bundled_rust_deps 1 %global bundled_rust_deps 1
%global cairo_version 1.16.0
Name: librsvg2 Name: librsvg2
Summary: An SVG library based on cairo Summary: An SVG library based on cairo
Version: 2.42.7 Version: 2.50.7
Release: 5%{?dist} Release: 3%{?dist}
License: LGPLv2+ License: LGPLv2+
URL: https://wiki.gnome.org/Projects/LibRsvg URL: https://wiki.gnome.org/Projects/LibRsvg
Source0: https://download.gnome.org/sources/librsvg/2.42/librsvg-%{version}.tar.xz Source0: https://download.gnome.org/sources/librsvg/2.50/librsvg-%{version}.tar.xz
# https://bugzilla.redhat.com/show_bug.cgi?id=2224947
# https://bugzilla.redhat.com/show_bug.cgi?id=1804519 Patch0: librsvg2-CVE-2023-38633.patch
# https://gitlab.gnome.org/GNOME/librsvg/-/issues/515
Patch0: CVE-2019-20446.patch
# https://github.com/servo/rust-cssparser/pull/245
Patch1: fix-cssparser-build.patch
# https://issues.redhat.com/browse/RHEL-635
Patch2: 0001-Upgrade-to-procedural-masquerade-0.1.7.patch
BuildRequires: chrpath BuildRequires: chrpath
BuildRequires: gcc BuildRequires: gcc
BuildRequires: git-core
BuildRequires: gobject-introspection-devel BuildRequires: gobject-introspection-devel
BuildRequires: pkgconfig(cairo) BuildRequires: make
BuildRequires: pkgconfig(cairo-png) BuildRequires: pkgconfig(cairo) >= %{cairo_version}
BuildRequires: pkgconfig(cairo-gobject) >= %{cairo_version}
BuildRequires: pkgconfig(cairo-png) >= %{cairo_version}
BuildRequires: pkgconfig(fontconfig) BuildRequires: pkgconfig(fontconfig)
BuildRequires: pkgconfig(gdk-pixbuf-2.0) BuildRequires: pkgconfig(gdk-pixbuf-2.0)
BuildRequires: pkgconfig(gio-2.0) BuildRequires: pkgconfig(gio-2.0)
BuildRequires: pkgconfig(gio-unix-2.0) BuildRequires: pkgconfig(gio-unix-2.0)
BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(glib-2.0)
BuildRequires: pkgconfig(gthread-2.0) BuildRequires: pkgconfig(gthread-2.0)
BuildRequires: pkgconfig(gtk+-3.0)
BuildRequires: pkgconfig(libcroco-0.6)
BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(pangocairo) BuildRequires: pkgconfig(pangocairo)
BuildRequires: pkgconfig(pangoft2) BuildRequires: pkgconfig(pangoft2)
@ -48,77 +43,156 @@ BuildRequires: cargo
BuildRequires: rust BuildRequires: rust
%else %else
BuildRequires: rust-packaging BuildRequires: rust-packaging
# [dependencies]
BuildRequires: (crate(cairo-rs) >= 0.3.0 with crate(cairo-rs) < 0.4.0)
BuildRequires: (crate(cairo-sys-rs) >= 0.5.0 with crate(cairo-sys-rs) < 0.6.0)
BuildRequires: (crate(cssparser) >= 0.23.0 with crate(cssparser) < 0.24.0)
BuildRequires: (crate(downcast-rs) >= 1.0.0 with crate(downcast-rs) < 2.0.0)
BuildRequires: (crate(glib) >= 0.4.0 with crate(glib) < 0.5.0)
BuildRequires: (crate(glib-sys) >= 0.5.0 with crate(glib-sys) < 0.6.0)
BuildRequires: (crate(itertools) >= 0.7.4 with crate(itertools) < 0.8.0)
BuildRequires: (crate(libc) >= 0.2.0 with crate(libc) < 0.3.0)
BuildRequires: (crate(pango) >= 0.3.0 with crate(pango) < 0.4.0)
BuildRequires: (crate(pango-sys) >= 0.5.0 with crate(pango-sys) < 0.6.0)
BuildRequires: (crate(regex) >= 0.2.1 with crate(regex) < 0.3.0)
%endif %endif
# For Patch0.
BuildRequires: autoconf automake gettext-devel
Requires: cairo%{?_isa} >= %{cairo_version}
Requires: cairo-gobject%{?_isa} >= %{cairo_version}
# We install a gdk-pixbuf svg loader # We install a gdk-pixbuf svg loader
Requires: gdk-pixbuf2%{?_isa} Requires: gdk-pixbuf2%{?_isa}
%if 0%{?bundled_rust_deps} %if 0%{?bundled_rust_deps}
# Basically everything apart from Windows and Fuchsia specific things # Generated with a script from Firefox package:
Provides: bundled(crate(aho-corasick)) = 0.6.4 # https://gitlab.com/redhat/centos-stream/rpms/firefox/-/blob/c9s/get_rust_bundled_provides.sh
Provides: bundled(crate(bitflags)) = 0.9.1 Provides: bundled(crate(aho-corasick)) = 0.7.18
Provides: bundled(crate(bitflags)) = 1.0.1 Provides: bundled(crate(approx)) = 0.3.2
Provides: bundled(crate(c_vec)) = 1.2.1 Provides: bundled(crate(autocfg)) = 1.0.1
Provides: bundled(crate(cairo-rs)) = 0.3.0 Provides: bundled(crate(bitflags)) = 1.2.1
Provides: bundled(crate(cairo-sys-rs)) = 0.5.0 Provides: bundled(crate(bytemuck)) = 1.5.1
Provides: bundled(crate(cssparser)) = 0.23.2 Provides: bundled(crate(byteorder)) = 1.4.3
Provides: bundled(crate(cssparser-macros)) = 0.3.2 Provides: bundled(crate(cairo-rs)) = 0.8.1
Provides: bundled(crate(downcast-rs)) = 1.0.1 Provides: bundled(crate(cairo-sys-rs)) = 0.9.2
Provides: bundled(crate(dtoa)) = 0.4.2 Provides: bundled(crate(cast)) = 0.2.6
Provides: bundled(crate(dtoa-short)) = 0.3.2 Provides: bundled(crate(cfg-if)) = 1.0.0
Provides: bundled(crate(either)) = 1.4.0 Provides: bundled(crate(convert_case)) = 0.4.0
Provides: bundled(crate(float-cmp)) = 0.4.0 Provides: bundled(crate(crossbeam-channel)) = 0.5.1
Provides: bundled(crate(glib)) = 0.4.1 Provides: bundled(crate(crossbeam-deque)) = 0.8.0
Provides: bundled(crate(glib-sys)) = 0.5.0 Provides: bundled(crate(crossbeam-epoch)) = 0.9.5
Provides: bundled(crate(gobject-sys)) = 0.5.0 Provides: bundled(crate(crossbeam-utils)) = 0.8.5
Provides: bundled(crate(itertools)) = 0.7.7 Provides: bundled(crate(cssparser)) = 0.27.2
Provides: bundled(crate(itoa)) = 0.3.4 Provides: bundled(crate(cssparser-macros)) = 0.6.0
Provides: bundled(crate(lazy_static)) = 1.0.0 Provides: bundled(crate(data-url)) = 0.1.0
Provides: bundled(crate(libc)) = 0.2.39 Provides: bundled(crate(derive_more)) = 0.99.14
Provides: bundled(crate(matches)) = 0.1.6 Provides: bundled(crate(dtoa)) = 0.4.8
Provides: bundled(crate(memchr)) = 2.0.1 Provides: bundled(crate(dtoa-short)) = 0.3.3
Provides: bundled(crate(num-traits)) = 0.2.1 Provides: bundled(crate(either)) = 1.6.1
Provides: bundled(crate(pango)) = 0.3.0 Provides: bundled(crate(encoding)) = 0.2.33
Provides: bundled(crate(pango-sys)) = 0.5.0 Provides: bundled(crate(encoding-index-japanese)) = 1.20141219.5
Provides: bundled(crate(pangocairo)) = 0.4.1 Provides: bundled(crate(encoding-index-korean)) = 1.20141219.5
Provides: bundled(crate(pangocairo-sys)) = 0.6.0 Provides: bundled(crate(encoding-index-simpchinese)) = 1.20141219.5
Provides: bundled(crate(phf)) = 0.7.21 Provides: bundled(crate(encoding-index-singlebyte)) = 1.20141219.5
Provides: bundled(crate(phf_codegen)) = 0.7.21 Provides: bundled(crate(encoding-index-tradchinese)) = 1.20141219.5
Provides: bundled(crate(phf_generator)) = 0.7.21 Provides: bundled(crate(encoding_index_tests)) = 0.1.4
Provides: bundled(crate(phf_shared)) = 0.7.21 Provides: bundled(crate(float-cmp)) = 0.8.0
Provides: bundled(crate(pkg-config)) = 0.3.9 Provides: bundled(crate(form_urlencoded)) = 1.0.1
Provides: bundled(crate(proc-macro2)) = 0.2.3 Provides: bundled(crate(futf)) = 0.1.4
Provides: bundled(crate(procedural-masquerade)) = 0.1.7 Provides: bundled(crate(futures-channel)) = 0.3.15
Provides: bundled(crate(quote)) = 0.3.15 Provides: bundled(crate(futures-core)) = 0.3.15
Provides: bundled(crate(quote)) = 0.4.2 Provides: bundled(crate(futures-executor)) = 0.3.15
Provides: bundled(crate(rand)) = 0.3.22 Provides: bundled(crate(futures-io)) = 0.3.15
Provides: bundled(crate(rand)) = 0.4.2 Provides: bundled(crate(futures-macro)) = 0.3.15
Provides: bundled(crate(regex)) = 0.2.7 Provides: bundled(crate(futures-task)) = 0.3.15
Provides: bundled(crate(regex-syntax)) = 0.5.0 Provides: bundled(crate(futures-util)) = 0.3.15
Provides: bundled(crate(siphasher)) = 0.2.2 Provides: bundled(crate(fxhash)) = 0.2.1
Provides: bundled(crate(smallvec)) = 0.6.0 Provides: bundled(crate(gdk-pixbuf)) = 0.8.0
Provides: bundled(crate(syn)) = 0.11.11 Provides: bundled(crate(gdk-pixbuf-sys)) = 0.9.1
Provides: bundled(crate(syn)) = 0.12.14 Provides: bundled(crate(generic-array)) = 0.13.3
Provides: bundled(crate(synom)) = 0.11.3 Provides: bundled(crate(getrandom)) = 0.1.16
Provides: bundled(crate(thread_local)) = 0.3.5 Provides: bundled(crate(gio)) = 0.8.1
Provides: bundled(crate(ucd-util)) = 0.1.1 Provides: bundled(crate(gio-sys)) = 0.9.1
Provides: bundled(crate(unicode-xid)) = 0.0.4 Provides: bundled(crate(glib)) = 0.9.3
Provides: bundled(crate(unicode-xid)) = 0.1.0 Provides: bundled(crate(glib-sys)) = 0.9.1
Provides: bundled(crate(unreachable)) = 1.0.0 Provides: bundled(crate(gobject-sys)) = 0.9.1
Provides: bundled(crate(utf8-ranges)) = 1.0.0 Provides: bundled(crate(idna)) = 0.2.3
Provides: bundled(crate(void)) = 1.0.2 Provides: bundled(crate(itertools)) = 0.9.0
Provides: bundled(crate(itoa)) = 0.4.7
Provides: bundled(crate(language-tags)) = 0.2.2
Provides: bundled(crate(lazy_static)) = 1.4.0
Provides: bundled(crate(libc)) = 0.2.95
Provides: bundled(crate(libm)) = 0.2.1
Provides: bundled(crate(librsvg_c_api)) = 0.0.1
Provides: bundled(crate(locale_config)) = 0.3.0
Provides: bundled(crate(log)) = 0.4.14
Provides: bundled(crate(mac)) = 0.1.1
Provides: bundled(crate(markup5ever)) = 0.10.1
Provides: bundled(crate(matches)) = 0.1.8
Provides: bundled(crate(matrixmultiply)) = 0.2.4
Provides: bundled(crate(memchr)) = 2.4.0
Provides: bundled(crate(memoffset)) = 0.6.4
Provides: bundled(crate(nalgebra)) = 0.21.1
Provides: bundled(crate(new_debug_unreachable)) = 1.0.4
Provides: bundled(crate(nodrop)) = 0.1.14
Provides: bundled(crate(num-complex)) = 0.2.4
Provides: bundled(crate(num-integer)) = 0.1.44
Provides: bundled(crate(num-rational)) = 0.2.4
Provides: bundled(crate(num-traits)) = 0.2.14
Provides: bundled(crate(num_cpus)) = 1.13.0
Provides: bundled(crate(once_cell)) = 1.7.2
Provides: bundled(crate(pango)) = 0.8.0
Provides: bundled(crate(pango-sys)) = 0.9.1
Provides: bundled(crate(pangocairo)) = 0.9.0
Provides: bundled(crate(pangocairo-sys)) = 0.10.1
Provides: bundled(crate(paste)) = 0.1.18
Provides: bundled(crate(paste-impl)) = 0.1.18
Provides: bundled(crate(percent-encoding)) = 2.1.0
Provides: bundled(crate(pest)) = 2.1.3
Provides: bundled(crate(phf)) = 0.8.0
Provides: bundled(crate(phf_codegen)) = 0.8.0
Provides: bundled(crate(phf_generator)) = 0.8.0
Provides: bundled(crate(phf_macros)) = 0.8.0
Provides: bundled(crate(phf_shared)) = 0.8.0
Provides: bundled(crate(pin-project-lite)) = 0.2.6
Provides: bundled(crate(pin-utils)) = 0.1.0
Provides: bundled(crate(pkg-config)) = 0.3.19
Provides: bundled(crate(ppv-lite86)) = 0.2.10
Provides: bundled(crate(precomputed-hash)) = 0.1.1
Provides: bundled(crate(proc-macro-hack)) = 0.5.19
Provides: bundled(crate(proc-macro-nested)) = 0.1.7
Provides: bundled(crate(proc-macro2)) = 1.0.27
Provides: bundled(crate(quote)) = 1.0.9
Provides: bundled(crate(rand)) = 0.7.3
Provides: bundled(crate(rand_chacha)) = 0.2.2
Provides: bundled(crate(rand_core)) = 0.5.1
Provides: bundled(crate(rand_distr)) = 0.2.2
Provides: bundled(crate(rand_pcg)) = 0.2.1
Provides: bundled(crate(rawpointer)) = 0.2.1
Provides: bundled(crate(rayon)) = 1.5.1
Provides: bundled(crate(rayon-core)) = 1.9.1
Provides: bundled(crate(rctree)) = 0.3.3
Provides: bundled(crate(regex)) = 1.5.4
Provides: bundled(crate(regex-syntax)) = 0.6.25
Provides: bundled(crate(rgb)) = 0.8.27
Provides: bundled(crate(rsvg_internals)) = 0.0.1
Provides: bundled(crate(rustc_version)) = 0.3.3
Provides: bundled(crate(scopeguard)) = 1.1.0
Provides: bundled(crate(selectors)) = 0.22.0
Provides: bundled(crate(semver)) = 0.11.0
Provides: bundled(crate(semver-parser)) = 0.10.2
Provides: bundled(crate(serde)) = 1.0.126
Provides: bundled(crate(servo_arc)) = 0.1.1
Provides: bundled(crate(simba)) = 0.1.5
Provides: bundled(crate(siphasher)) = 0.3.5
Provides: bundled(crate(slab)) = 0.4.3
Provides: bundled(crate(smallvec)) = 1.6.1
Provides: bundled(crate(stable_deref_trait)) = 1.2.0
Provides: bundled(crate(string_cache)) = 0.8.1
Provides: bundled(crate(string_cache_codegen)) = 0.5.1
Provides: bundled(crate(syn)) = 1.0.72
Provides: bundled(crate(tendril)) = 0.4.2
Provides: bundled(crate(thin-slice)) = 0.1.1
Provides: bundled(crate(time)) = 0.1.43
Provides: bundled(crate(tinyvec)) = 0.3.4
Provides: bundled(crate(tinyvec)) = 1.2.0
Provides: bundled(crate(tinyvec_macros)) = 0.1.0
Provides: bundled(crate(typenum)) = 1.13.0
Provides: bundled(crate(ucd-trie)) = 0.1.3
Provides: bundled(crate(unicode-bidi)) = 0.3.5
Provides: bundled(crate(unicode-normalization)) = 0.1.19
Provides: bundled(crate(unicode-xid)) = 0.2.2
Provides: bundled(crate(url)) = 2.2.2
Provides: bundled(crate(utf-8)) = 0.7.6
Provides: bundled(crate(xml5ever)) = 0.16.1
%endif %endif
%description %description
@ -140,17 +214,29 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
This package provides extra utilities based on the librsvg library. This package provides extra utilities based on the librsvg library.
%prep %prep
%autosetup -n librsvg-%{version} -p1 -S git %autosetup -n librsvg-%{version} -p1
%if 0%{?bundled_rust_deps} %if 0%{?bundled_rust_deps}
# Use the bundled deps, and enable release debuginfo # Use the bundled deps
sed -i -e '/profile.release/a debug = true' Cargo.toml
%else %else
# No bundled deps # No bundled deps
rm -vrf vendor rm -vrf vendor .cargo Cargo.lock
%cargo_prep pushd rsvg_internals
%cargo_prep
mv .cargo ..
popd
%endif
%if ! 0%{?bundled_rust_deps}
%generate_buildrequires
pushd rsvg_internals >/dev/null
%cargo_generate_buildrequires
popd >/dev/null
%endif %endif
%build %build
# For Patch0.
autoreconf --force --install
%configure --disable-static \ %configure --disable-static \
--disable-gtk-doc \ --disable-gtk-doc \
--enable-introspection \ --enable-introspection \
@ -161,17 +247,18 @@ rm -vrf vendor
%make_install %make_install
find %{buildroot} -type f -name '*.la' -print -delete find %{buildroot} -type f -name '*.la' -print -delete
%find_lang librsvg
# Remove lib64 rpaths # Remove lib64 rpaths
chrpath --delete %{buildroot}%{_bindir}/rsvg-convert chrpath --delete %{buildroot}%{_bindir}/rsvg-convert
chrpath --delete %{buildroot}%{_bindir}/rsvg-view-3
chrpath --delete %{buildroot}%{_libdir}/gdk-pixbuf-2.0/*/loaders/libpixbufloader-svg.so chrpath --delete %{buildroot}%{_libdir}/gdk-pixbuf-2.0/*/loaders/libpixbufloader-svg.so
# we install own docs # we install own docs
rm -vrf %{buildroot}%{_datadir}/doc rm -vrf %{buildroot}%{_datadir}/doc
%files %files -f librsvg.lang
%doc CONTRIBUTING.md README.md %doc CONTRIBUTING.md README.md
%license COPYING COPYING.LIB %license COPYING.LIB
%{_libdir}/librsvg-2.so.* %{_libdir}/librsvg-2.so.*
%{_libdir}/gdk-pixbuf-2.0/*/loaders/libpixbufloader-svg.so %{_libdir}/gdk-pixbuf-2.0/*/loaders/libpixbufloader-svg.so
%dir %{_libdir}/girepository-1.0 %dir %{_libdir}/girepository-1.0
@ -194,28 +281,191 @@ rm -vrf %{buildroot}%{_datadir}/doc
%files tools %files tools
%{_bindir}/rsvg-convert %{_bindir}/rsvg-convert
%{_bindir}/rsvg-view-3
%{_mandir}/man1/rsvg-convert.1* %{_mandir}/man1/rsvg-convert.1*
%changelog %changelog
* Tue Jun 20 2023 Tomas Popela <tpopela@redhat.com> - 2.42.7-5 * Wed Oct 04 2023 Tomas Popela <tpopela@redhat.com> - 2.50.7-3
- Resolves: RHEL-635 Upgrade to procedural-masquerade 0.1.7 to fix FTBFS with newer Rust - Specify bundled crates (RHEL-4102)
- Resolves: RHEL-636 librsvg2 is missing Provides: bundled()
- Resolves: RHEL-637 Add git-core as a BR for autosetup
* Wed May 13 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 2.42.7-4 * Thu Aug 10 2023 David King <amigadave@amigadave.com> - 2.50.7-2
- Resolves: rhbz#1804519 Add patch for CVE-2019-20446 - Fix CVE-2023-38633 (#2224947)
* Thu Dec 06 2018 Josh Stone <jistone@redhat.com> - 2.42.7-2 * Tue Aug 24 2021 Kalev Lember <klember@redhat.com> - 2.50.7-1
- Rebuild with the current rust-toolset - Update to 2.50.7
* Tue Sep 04 2018 Kalev Lember <klember@redhat.com> - 2.42.7-1 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.50.6-2
- Update to 2.42.7 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Aug 08 2018 Kalev Lember <klember@redhat.com> - 2.42.6-1 * Tue May 25 2021 Kalev Lember <klember@redhat.com> - 2.50.6-1
- Update to 2.42.6 - Update to 2.50.6
* Wed May 05 2021 Kalev Lember <klember@redhat.com> - 2.50.5-1
- Update to 2.50.5
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.50.3-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Thu Jan 28 2021 Kalev Lember <klember@redhat.com> - 2.50.3-1
- Update to 2.50.3
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.50.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Nov 25 2020 Kalev Lember <klember@redhat.com> - 2.50.2-1
- Update to 2.50.2
* Mon Oct 5 2020 Kalev Lember <klember@redhat.com> - 2.50.1-1
- Update to 2.50.1
* Fri Sep 11 2020 Kalev Lember <klember@redhat.com> - 2.50.0-1
- Update to 2.50.0
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.48.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 20 2020 Kalev Lember <klember@redhat.com> - 2.48.8-1
- Update to 2.48.8
* Fri Jun 05 2020 Kalev Lember <klember@redhat.com> - 2.48.7-1
- Update to 2.48.7
* Tue Jun 02 2020 Kalev Lember <klember@redhat.com> - 2.48.6-1
- Update to 2.48.6
* Mon Jun 01 2020 Kalev Lember <klember@redhat.com> - 2.48.5-1
- Update to 2.48.5
* Fri Apr 24 2020 Kalev Lember <klember@redhat.com> - 2.48.4-1
- Update to 2.48.4
* Fri Apr 10 2020 Kalev Lember <klember@redhat.com> - 2.48.3-1
- Update to 2.48.3
* Tue Mar 31 2020 Kalev Lember <klember@redhat.com> - 2.48.2-1
- Update to 2.48.2
* Sat Mar 28 2020 Kalev Lember <klember@redhat.com> - 2.48.1-1
- Update to 2.48.1
* Sat Mar 07 2020 Kalev Lember <klember@redhat.com> - 2.48.0-1
- Update to 2.48.0
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.46.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Nov 27 2019 Kalev Lember <klember@redhat.com> - 2.46.4-1
- Update to 2.46.4
* Wed Oct 23 2019 Kalev Lember <klember@redhat.com> - 2.46.3-1
- Update to 2.46.3
* Mon Oct 14 2019 Kalev Lember <klember@redhat.com> - 2.46.2-1
- Update to 2.46.2
* Mon Oct 07 2019 Kalev Lember <klember@redhat.com> - 2.46.1-1
- Update to 2.46.1
* Fri Sep 20 2019 Kalev Lember <klember@redhat.com> - 2.46.0-2
- Backport a patch to fix svg rendering in gnome-initial-setup (#1753183)
* Mon Sep 09 2019 Kalev Lember <klember@redhat.com> - 2.46.0-1
- Update to 2.46.0
* Tue Sep 03 2019 Kalev Lember <klember@redhat.com> - 2.45.92-1
- Update to 2.45.92
* Mon Aug 19 2019 Kalev Lember <klember@redhat.com> - 2.45.91-1
- Update to 2.45.91
* Sun Aug 04 2019 Pete Walter <pwalter@fedoraproject.org> - 2.45.90-1
- Update to 2.45.90
* Fri Jul 26 2019 Pete Walter <pwalter@fedoraproject.org> - 2.45.8-1
- Update to 2.45.8
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.45.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Jul 08 2019 Kalev Lember <klember@redhat.com> - 2.45.7-1
- Update to 2.45.7
* Tue May 14 2019 Kalev Lember <klember@redhat.com> - 2.45.6-1
- Update to 2.45.6
* Wed Mar 13 2019 Kalev Lember <klember@redhat.com> - 2.45.5-4
- Go back to using bundled rust deps
* Tue Feb 19 2019 Kalev Lember <klember@redhat.com> - 2.45.5-3
- Rebuilt against fixed atk (#1626575)
* Tue Feb 19 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.45.5-2
- Unbundle Rust deps
* Sat Feb 16 2019 Kalev Lember <klember@redhat.com> - 2.45.5-1
- Update to 2.45.5
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.45.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Jan 09 2019 Kalev Lember <klember@redhat.com> - 2.45.4-1
- Update to 2.45.4
* Wed Jan 09 2019 Kalev Lember <klember@redhat.com> - 2.45.3-2
- Fix accidental soname bump
* Wed Jan 09 2019 Kalev Lember <klember@redhat.com> - 2.45.3-1
- Update to 2.45.3
* Sat Dec 29 2018 Kalev Lember <klember@redhat.com> - 2.44.11-1
- Update to 2.44.11
* Tue Dec 18 2018 Kalev Lember <klember@redhat.com> - 2.44.10-1
- Update to 2.44.10
* Wed Nov 14 2018 Kalev Lember <klember@redhat.com> - 2.44.9-1
- Update to 2.44.9
* Fri Oct 26 2018 Kalev Lember <klember@redhat.com> - 2.44.8-1
- Update to 2.44.8
* Tue Oct 09 2018 Kalev Lember <klember@redhat.com> - 2.44.7-1
- Update to 2.44.7
* Fri Sep 28 2018 Kalev Lember <klember@redhat.com> - 2.44.6-1
- Update to 2.44.6
* Wed Sep 26 2018 Kalev Lember <klember@redhat.com> - 2.44.4-1
- Update to 2.44.4
* Thu Sep 20 2018 Kalev Lember <klember@redhat.com> - 2.44.3-1
- Update to 2.44.3
* Fri Sep 07 2018 Kalev Lember <klember@redhat.com> - 2.44.2-2
- Rebuilt against fixed atk (#1626575)
* Wed Sep 05 2018 Kalev Lember <klember@redhat.com> - 2.44.2-1
- Update to 2.44.2
* Wed Aug 08 2018 Kalev Lember <klember@redhat.com> - 2.43.4-1
- Update to 2.43.4
- Use bundled rust deps - Use bundled rust deps
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.43.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sun Jul 01 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.43.1-2
- Bump cssparser to 0.24
* Sun Jun 24 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.43.1-1
- Update to 2.43.1
* Tue May 08 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.42.4-1
- Update to 2.42.4
* Thu May 03 2018 Josh Stone <jistone@redhat.com> - 2.42.3-2
- Update rust dependencies.
* Mon Mar 05 2018 Kalev Lember <klember@redhat.com> - 2.42.3-1 * Mon Mar 05 2018 Kalev Lember <klember@redhat.com> - 2.42.3-1
- Update to 2.42.3 - Update to 2.42.3

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (librsvg-2.50.7.tar.xz) = 064df9440802088f4414ffb70e5115809028858065739443444e5eaf6f809da47c697d31f9423e3ce9efcdeea02ff41ec39f5acf5882f2d35f433b7565be3c16