diff --git a/0001-makefile-remove-lock-to-update-requires.patch b/0001-makefile-remove-lock-to-update-requires.patch new file mode 100644 index 0000000000000000000000000000000000000000..c66090f32b4355c622167a5ac2bbd92b0bc4a22e --- /dev/null +++ b/0001-makefile-remove-lock-to-update-requires.patch @@ -0,0 +1,57 @@ +From bcb2aa2121d21773678b7ed0adb426431a4edf70 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 26 Dec 2022 11:12:51 +0800 +Subject: [PATCH] makefile: remove lock to update requires + +--- + Makefile.am | 4 ++-- + Makefile.in | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 9cb3895..445300d 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -174,7 +174,7 @@ check-local: + CARGO_TARGET_DIR=$(CARGO_TARGET_DIR) \ + LIBRSVG_BUILD_DIR=$(LIBRSVG_BUILD_DIR) \ + OUT_DIR=$(LIBRSVG_BUILD_DIR)/tests/output \ +- $(CARGO) --locked test $(CARGO_VERBOSE) $(CARGO_TARGET_ARGS) $(CARGO_RELEASE_ARGS) ++ $(CARGO) --offline test $(CARGO_VERBOSE) $(CARGO_TARGET_ARGS) $(CARGO_RELEASE_ARGS) + + clean-local: + cd $(top_srcdir) && \ +@@ -199,7 +199,7 @@ librsvg_c_api.la: $(librsvg_c_api_la_OBJECTS) $(LIBRSVG_INTERNALS_SRC) $(LIBRSVG + PKG_CONFIG_ALLOW_CROSS=1 \ + PKG_CONFIG='$(PKG_CONFIG)' \ + CARGO_TARGET_DIR=$(CARGO_TARGET_DIR) \ +- $(CARGO) --locked build $(CARGO_VERBOSE) $(CARGO_TARGET_ARGS) $(CARGO_RELEASE_ARGS) \ ++ $(CARGO) --offline build $(CARGO_VERBOSE) $(CARGO_TARGET_ARGS) $(CARGO_RELEASE_ARGS) \ + && cd $(LIBRSVG_BUILD_DIR) && $(LINK) $< && mv $(RUST_LIB) .libs/librsvg_c_api.a + + librsvg_@RSVG_API_MAJOR_VERSION@_la_CPPFLAGS = \ +diff --git a/Makefile.in b/Makefile.in +index 33b51ae..26912c9 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -1755,7 +1755,7 @@ check-local: + CARGO_TARGET_DIR=$(CARGO_TARGET_DIR) \ + LIBRSVG_BUILD_DIR=$(LIBRSVG_BUILD_DIR) \ + OUT_DIR=$(LIBRSVG_BUILD_DIR)/tests/output \ +- $(CARGO) --locked test $(CARGO_VERBOSE) $(CARGO_TARGET_ARGS) $(CARGO_RELEASE_ARGS) ++ $(CARGO) --offline test $(CARGO_VERBOSE) $(CARGO_TARGET_ARGS) $(CARGO_RELEASE_ARGS) + + clean-local: + cd $(top_srcdir) && \ +@@ -1780,7 +1780,7 @@ librsvg_c_api.la: $(librsvg_c_api_la_OBJECTS) $(LIBRSVG_INTERNALS_SRC) $(LIBRSVG + PKG_CONFIG_ALLOW_CROSS=1 \ + PKG_CONFIG='$(PKG_CONFIG)' \ + CARGO_TARGET_DIR=$(CARGO_TARGET_DIR) \ +- $(CARGO) --locked build $(CARGO_VERBOSE) $(CARGO_TARGET_ARGS) $(CARGO_RELEASE_ARGS) \ ++ $(CARGO) --offline build $(CARGO_VERBOSE) $(CARGO_TARGET_ARGS) $(CARGO_RELEASE_ARGS) \ + && cd $(LIBRSVG_BUILD_DIR) && $(LINK) $< && mv $(RUST_LIB) .libs/librsvg_c_api.a + + @HAVE_INTROSPECTION_TRUE@-include $(INTROSPECTION_MAKEFILE) +-- +2.27.0 + diff --git a/CVE-2019-20446.patch b/CVE-2019-20446.patch deleted file mode 100644 index a1d750020580f557f90770c045866498d41c080e..0000000000000000000000000000000000000000 --- a/CVE-2019-20446.patch +++ /dev/null @@ -1,573 +0,0 @@ -From faec595a1721a2496e9c258917facbb564f85854 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Wed, 13 May 2020 17:53:13 -0500 -Subject: [PATCH] CVE-2019-20446.patch - ---- - librsvg/rsvg-base.c | 90 +++++++++--- - librsvg/rsvg-private.h | 5 +- - rsvg_internals/src/drawing_ctx.rs | 23 ++-- - rsvg_internals/src/structure.rs | 21 ++- - tests/errors.c | 52 ++++++- - .../errors/308-doubly-recursive-use.svg | 13 ++ - tests/fixtures/errors/308-recursive-use.svg | 9 ++ - tests/fixtures/errors/308-use-self-ref.svg | 7 + - .../errors/515-pattern-billion-laughs.svg | 130 ++++++++++++++++++ - .../errors/515-too-many-elements.svgz | Bin 0 -> 40811 bytes - 10 files changed, 310 insertions(+), 40 deletions(-) - create mode 100644 tests/fixtures/errors/308-doubly-recursive-use.svg - create mode 100644 tests/fixtures/errors/308-recursive-use.svg - create mode 100644 tests/fixtures/errors/308-use-self-ref.svg - create mode 100644 tests/fixtures/errors/515-pattern-billion-laughs.svg - create mode 100644 tests/fixtures/errors/515-too-many-elements.svgz - -diff --git a/librsvg/rsvg-base.c b/librsvg/rsvg-base.c -index dbad819..af3d43c 100644 ---- a/librsvg/rsvg-base.c -+++ b/librsvg/rsvg-base.c -@@ -431,12 +431,29 @@ node_set_atts (RsvgNode * node, RsvgHandle *handle, const NodeCreator *creator, - } - } - -+static gboolean -+loading_limits_exceeded (RsvgHandle *handle) -+{ -+ /* This is a mitigation for SVG files which create millions of elements -+ * in an attempt to exhaust memory. We don't allow loading more than -+ * this number of elements during the initial streaming load process. -+ */ -+ return handle->priv->num_loaded_elements > 200000; -+} -+ - static void - rsvg_standard_element_start (RsvgHandle *handle, const char *name, RsvgPropertyBag * atts) - { - const NodeCreator *creator; - RsvgNode *newnode = NULL; - -+ if (loading_limits_exceeded (handle)) { -+ g_set_error (handle->priv->error, RSVG_ERROR, 0, "instancing limit"); -+ -+ xmlStopParser (handle->priv->ctxt); -+ return; -+ } -+ - creator = get_node_creator_for_element_name (name); - g_assert (creator != NULL && creator->create_fn != NULL); - -@@ -456,6 +473,7 @@ rsvg_standard_element_start (RsvgHandle *handle, const char *name, RsvgPropertyB - handle->priv->treebase = rsvg_node_ref (newnode); - } - -+ handle->priv->num_loaded_elements += 1; - handle->priv->currentnode = rsvg_node_ref (newnode); - - node_set_atts (newnode, handle, creator, atts); -@@ -1641,6 +1659,52 @@ rsvg_push_discrete_layer (RsvgDrawingCtx * ctx) - ctx->render->push_discrete_layer (ctx); - } - -+void -+rsvg_drawing_ctx_increase_num_elements_acquired (RsvgDrawingCtx *draw_ctx) -+{ -+ draw_ctx->num_elements_acquired++; -+} -+ -+/* This is a mitigation for the security-related bugs: -+ * https://gitlab.gnome.org/GNOME/librsvg/issues/323 -+ * https://gitlab.gnome.org/GNOME/librsvg/issues/515 -+ * -+ * Imagine the XML [billion laughs attack], but done in SVG's terms: -+ * -+ * - #323 above creates deeply nested groups of `` elements. -+ * The first one references the second one ten times, the second one -+ * references the third one ten times, and so on. In the file given, -+ * this causes 10^17 objects to be rendered. While this does not -+ * exhaust memory, it would take a really long time. -+ * -+ * - #515 has deeply nested references of `` elements. Each -+ * object inside each pattern has an attribute -+ * fill="url(#next_pattern)", so the number of final rendered objects -+ * grows exponentially. -+ * -+ * We deal with both cases by placing a limit on how many references -+ * will be resolved during the SVG rendering process, that is, -+ * how many `url(#foo)` will be resolved. -+ * -+ * [billion laughs attack]: https://bitbucket.org/tiran/defusedxml -+ */ -+static gboolean -+limits_exceeded (RsvgDrawingCtx *draw_ctx) -+{ -+ return draw_ctx->num_elements_acquired > 500000; -+} -+ -+RsvgNode * -+rsvg_drawing_ctx_acquire_node_ref (RsvgDrawingCtx * ctx, RsvgNode *node) -+{ -+ if (g_slist_find (ctx->acquired_nodes, node)) -+ return NULL; -+ -+ ctx->acquired_nodes = g_slist_prepend (ctx->acquired_nodes, node); -+ -+ return node; -+} -+ - /* - * rsvg_drawing_ctx_acquire_node: - * @ctx: The drawing context in use -@@ -1668,16 +1732,15 @@ rsvg_drawing_ctx_acquire_node (RsvgDrawingCtx * ctx, const char *url) - if (url == NULL) - return NULL; - -+ rsvg_drawing_ctx_increase_num_elements_acquired (ctx); -+ if (limits_exceeded (ctx)) -+ return NULL; -+ - node = rsvg_defs_lookup (ctx->defs, url); - if (node == NULL) - return NULL; - -- if (g_slist_find (ctx->acquired_nodes, node)) -- return NULL; -- -- ctx->acquired_nodes = g_slist_prepend (ctx->acquired_nodes, node); -- -- return node; -+ return rsvg_drawing_ctx_acquire_node_ref (ctx, node); - } - - /** -@@ -1734,18 +1797,9 @@ rsvg_drawing_ctx_release_node (RsvgDrawingCtx * ctx, RsvgNode *node) - if (node == NULL) - return; - -- g_return_if_fail (ctx->acquired_nodes != NULL); -- g_return_if_fail (ctx->acquired_nodes->data == node); -- - ctx->acquired_nodes = g_slist_remove (ctx->acquired_nodes, node); - } - --void --rsvg_drawing_ctx_increase_num_elements_rendered_through_use (RsvgDrawingCtx *draw_ctx) --{ -- draw_ctx->num_elements_rendered_through_use++; --} -- - void - rsvg_drawing_ctx_add_node_and_ancestors_to_stack (RsvgDrawingCtx *draw_ctx, RsvgNode *node) - { -@@ -1759,12 +1813,6 @@ rsvg_drawing_ctx_add_node_and_ancestors_to_stack (RsvgDrawingCtx *draw_ctx, Rsvg - } - } - --static gboolean --limits_exceeded (RsvgDrawingCtx *draw_ctx) --{ -- return draw_ctx->num_elements_rendered_through_use > 500000; --} -- - gboolean - rsvg_drawing_ctx_draw_node_from_stack (RsvgDrawingCtx *ctx, RsvgNode *node, int dominate) - { -diff --git a/librsvg/rsvg-private.h b/librsvg/rsvg-private.h -index aeec8d5..06f4c2b 100644 ---- a/librsvg/rsvg-private.h -+++ b/librsvg/rsvg-private.h -@@ -164,6 +164,7 @@ struct RsvgHandlePrivate { - */ - RsvgSaxHandler *handler; - int handler_nest; -+ gsize num_loaded_elements; - - GHashTable *entities; /* g_malloc'd string -> xmlEntityPtr */ - -@@ -200,7 +201,7 @@ struct RsvgDrawingCtx { - RsvgState *state; - GError **error; - RsvgDefs *defs; -- gsize num_elements_rendered_through_use; -+ gsize num_elements_acquired; - PangoContext *pango_context; - double dpi_x, dpi_y; - RsvgViewBox vb; -@@ -502,6 +503,8 @@ RsvgNode *rsvg_drawing_ctx_acquire_node (RsvgDrawingCtx * ctx, const cha - G_GNUC_INTERNAL - RsvgNode *rsvg_drawing_ctx_acquire_node_of_type (RsvgDrawingCtx * ctx, const char *url, RsvgNodeType type); - G_GNUC_INTERNAL -+RsvgNode *rsvg_drawing_ctx_acquire_node_ref (RsvgDrawingCtx * ctx, RsvgNode *node); -+G_GNUC_INTERNAL - void rsvg_drawing_ctx_release_node (RsvgDrawingCtx * ctx, RsvgNode *node); - - G_GNUC_INTERNAL -diff --git a/rsvg_internals/src/drawing_ctx.rs b/rsvg_internals/src/drawing_ctx.rs -index 79f0c9f..631b073 100644 ---- a/rsvg_internals/src/drawing_ctx.rs -+++ b/rsvg_internals/src/drawing_ctx.rs -@@ -32,6 +32,11 @@ extern "C" { - - fn rsvg_drawing_ctx_pop_view_box(draw_ctx: *const RsvgDrawingCtx); - -+ fn rsvg_drawing_ctx_acquire_node_ref( -+ draw_ctx: *const RsvgDrawingCtx, -+ node: *const RsvgNode, -+ ) -> *mut RsvgNode; -+ - fn rsvg_drawing_ctx_acquire_node( - draw_ctx: *const RsvgDrawingCtx, - url: *const libc::c_char, -@@ -45,8 +50,6 @@ extern "C" { - - fn rsvg_drawing_ctx_release_node(draw_ctx: *const RsvgDrawingCtx, node: *mut RsvgNode); - -- fn rsvg_drawing_ctx_increase_num_elements_rendered_through_use(draw_ctx: *const RsvgDrawingCtx); -- - fn rsvg_drawing_ctx_get_current_state_affine(draw_ctx: *const RsvgDrawingCtx) -> cairo::Matrix; - - fn rsvg_drawing_ctx_set_current_state_affine( -@@ -149,6 +152,16 @@ pub fn pop_view_box(draw_ctx: *const RsvgDrawingCtx) { - } - } - -+pub fn acquire_node_ref(draw_ctx: *const RsvgDrawingCtx, node: *const RsvgNode) -> Option { -+ let raw_node = unsafe { rsvg_drawing_ctx_acquire_node_ref(draw_ctx, node) }; -+ -+ if raw_node.is_null() { -+ None -+ } else { -+ Some(AcquiredNode(draw_ctx, raw_node)) -+ } -+} -+ - pub fn get_acquired_node(draw_ctx: *const RsvgDrawingCtx, url: &str) -> Option { - let raw_node = unsafe { rsvg_drawing_ctx_acquire_node(draw_ctx, str::to_glib_none(url).0) }; - -@@ -290,12 +303,6 @@ pub fn state_pop(draw_ctx: *const RsvgDrawingCtx) { - } - } - --pub fn increase_num_elements_rendered_through_use(draw_ctx: *const RsvgDrawingCtx) { -- unsafe { -- rsvg_drawing_ctx_increase_num_elements_rendered_through_use(draw_ctx); -- } --} -- - pub struct AcquiredNode(*const RsvgDrawingCtx, *mut RsvgNode); - - impl Drop for AcquiredNode { -diff --git a/rsvg_internals/src/structure.rs b/rsvg_internals/src/structure.rs -index 71c9ff0..e4234ae 100644 ---- a/rsvg_internals/src/structure.rs -+++ b/rsvg_internals/src/structure.rs -@@ -278,6 +278,20 @@ impl NodeTrait for NodeUse { - return; - } - -+ // is an element that is used directly, unlike -+ // , which is used through a fill="url(#...)" -+ // reference. However, will always reference another -+ // element, potentially itself or an ancestor of itself (or -+ // another which references the first one, etc.). So, -+ // we acquire the element itself so that circular -+ // references can be caught. -+ let self_box = box_node(node.clone()); -+ let self_acquired = drawing_ctx::acquire_node_ref(draw_ctx, self_box); -+ rsvg_node_unref(self_box); -+ if self_acquired.is_none() { -+ return; -+ } -+ - let child = if let Some(acquired) = - drawing_ctx::get_acquired_node(draw_ctx, link.as_ref().unwrap()) - { -@@ -286,13 +300,6 @@ impl NodeTrait for NodeUse { - return; - }; - -- if Node::is_ancestor(node.clone(), child.clone()) { -- // or, if we're 'ing ourselves -- return; -- } -- -- drawing_ctx::increase_num_elements_rendered_through_use(draw_ctx); -- - let nx = self.x.get().normalize(draw_ctx); - let ny = self.y.get().normalize(draw_ctx); - -diff --git a/tests/errors.c b/tests/errors.c -index f370d60..ab5898a 100644 ---- a/tests/errors.c -+++ b/tests/errors.c -@@ -22,10 +22,29 @@ get_test_filename (const char *basename) { - basename, - NULL); - } -+ -+static void -+test_loading_error (gconstpointer data) -+{ -+ const char *basename = data; -+ char *filename = get_test_filename (basename); -+ RsvgHandle *handle; -+ GError *error = NULL; -+ -+ handle = rsvg_handle_new_from_file (filename, &error); -+ g_free (filename); -+ -+ g_assert (handle == NULL); -+ g_assert (g_error_matches (error, RSVG_ERROR, RSVG_ERROR_FAILED)); -+ -+ g_error_free (error); -+} -+ - static void --test_instancing_limit (void) -+test_instancing_limit (gconstpointer data) - { -- char *filename = get_test_filename ("323-nested-use.svg"); -+ const char *basename = data; -+ char *filename = get_test_filename (basename); - RsvgHandle *handle; - GError *error = NULL; - cairo_surface_t *surf; -@@ -49,7 +68,34 @@ main (int argc, char **argv) - { - g_test_init (&argc, &argv, NULL); - -- g_test_add_func ("/errors/instancing_limit", test_instancing_limit); -+ g_test_add_data_func_full ("/errors/instancing_limit/323-nested-use.svg", -+ "323-nested-use.svg", -+ test_instancing_limit, -+ NULL); -+ -+ g_test_add_data_func_full ("/errors/instancing_limit/515-pattern-billion-laughs.svg", -+ "515-pattern-billion-laughs.svg", -+ test_instancing_limit, -+ NULL); -+ -+ g_test_add_data_func_full ("/errors/instancing_limit/308-use-self-ref.svg", -+ "308-use-self-ref.svg", -+ test_instancing_limit, -+ NULL); -+ g_test_add_data_func_full ("/errors/instancing_limit/308-recursive-use.svg", -+ "308-recursive-use.svg", -+ test_instancing_limit, -+ NULL); -+ g_test_add_data_func_full ("/errors/instancing_limit/308-doubly-recursive-use.svg", -+ "308-doubly-recursive-use.svg", -+ test_instancing_limit, -+ NULL); -+ -+ g_test_add_data_func_full ("/errors/515-too-many-elements.svgz", -+ "515-too-many-elements.svgz", -+ test_loading_error, -+ NULL); -+ - - return g_test_run (); - } -diff --git a/tests/fixtures/errors/308-doubly-recursive-use.svg b/tests/fixtures/errors/308-doubly-recursive-use.svg -new file mode 100644 -index 0000000..9b248a6 ---- /dev/null -+++ b/tests/fixtures/errors/308-doubly-recursive-use.svg -@@ -0,0 +1,13 @@ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -diff --git a/tests/fixtures/errors/308-recursive-use.svg b/tests/fixtures/errors/308-recursive-use.svg -new file mode 100644 -index 0000000..f5d00bf ---- /dev/null -+++ b/tests/fixtures/errors/308-recursive-use.svg -@@ -0,0 +1,9 @@ -+ -+ -+ -+ -+ -+ -+ -+ -+ -diff --git a/tests/fixtures/errors/308-use-self-ref.svg b/tests/fixtures/errors/308-use-self-ref.svg -new file mode 100644 -index 0000000..dbf14c5 ---- /dev/null -+++ b/tests/fixtures/errors/308-use-self-ref.svg -@@ -0,0 +1,7 @@ -+ -+ -+ -+ -+ -+ -+ -diff --git a/tests/fixtures/errors/515-pattern-billion-laughs.svg b/tests/fixtures/errors/515-pattern-billion-laughs.svg -new file mode 100644 -index 0000000..a306960 ---- /dev/null -+++ b/tests/fixtures/errors/515-pattern-billion-laughs.svg -@@ -0,0 +1,130 @@ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -\ No newline at end of file -diff --git a/tests/fixtures/errors/515-too-many-elements.svgz b/tests/fixtures/errors/515-too-many-elements.svgz -new file mode 100644 -index 0000000000000000000000000000000000000000..a7f7cf678ca2f29af6df61078d1c6a86c73c2d1a -GIT binary patch -literal 40811 -zcmeIuO)I1U007{3c1mhf$VD-7q(+J1MDM}L%|UFTsL8?1JBN{yP&im}QQ{&|QhvZj -zljI=9MY%ail5kSH<)g@tkhY%ZCp*LibxH_PE;`Ph^fuo4Xpr-qW6!wVUeOr_1r`p~-)LTcZB@uIs(k -zp^3xx{A%Lt>ENbsBzwPKxl_B*S@%4>{ZPBL{_?u~dmaM@3>YwAz<>b*1`HT5V8DO@ -z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*Vq -ziwEvbqN?)X)ARdf*>V8`1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b* -z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA;JXJdqN)r0{91`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>f$?1`2;_+E#M0g -Date: Fri, 15 May 2020 14:56:59 -0500 -Subject: [PATCH] cssparser build fix - ---- - vendor/cssparser/.cargo-checksum.json | 2 +- - vendor/cssparser/src/parser.rs | 48 +++++++++++++++------------ - 2 files changed, 28 insertions(+), 22 deletions(-) - -diff --git a/vendor/cssparser/.cargo-checksum.json b/vendor/cssparser/.cargo-checksum.json -index 246bb70..713372d 100644 ---- a/vendor/cssparser/.cargo-checksum.json -+++ b/vendor/cssparser/.cargo-checksum.json -@@ -1 +1 @@ --{"files":{".cargo-ok":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",".travis.yml":"f1fb4b65964c81bc1240544267ea334f554ca38ae7a74d57066f4d47d2b5d568","Cargo.toml":"7807f16d417eb1a6ede56cd4ba2da6c5c63e4530289b3f0848f4b154e18eba02","LICENSE":"fab3dd6bdab226f1c08630b1dd917e11fcb4ec5e1e020e2c16f83a0a13863e85","README.md":"c5781e673335f37ed3d7acb119f8ed33efdf6eb75a7094b7da2abe0c3230adb8","build.rs":"b29fc57747f79914d1c2fb541e2bb15a003028bb62751dcb901081ccc174b119","build/match_byte.rs":"2c84b8ca5884347d2007f49aecbd85b4c7582085526e2704399817249996e19b","docs/.nojekyll":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","docs/404.html":"025861f76f8d1f6d67c20ab624c6e418f4f824385e2dd8ad8732c4ea563c6a2e","docs/index.html":"025861f76f8d1f6d67c20ab624c6e418f4f824385e2dd8ad8732c4ea563c6a2e","src/color.rs":"c60f1b0ab7a2a6213e434604ee33f78e7ef74347f325d86d0b9192d8225ae1cc","src/cow_rc_str.rs":"541216f8ef74ee3cc5cbbc1347e5f32ed66588c401851c9a7d68b867aede1de0","src/from_bytes.rs":"331fe63af2123ae3675b61928a69461b5ac77799fff3ce9978c55cf2c558f4ff","src/lib.rs":"46c377e0c9a75780d5cb0bcf4dfb960f0fb2a996a13e7349bb111b9082252233","src/macros.rs":"adb9773c157890381556ea83d7942dcc676f99eea71abbb6afeffee1e3f28960","src/nth.rs":"5c70fb542d1376cddab69922eeb4c05e4fcf8f413f27563a2af50f72a47c8f8c","src/parser.rs":"9ed4aec998221eb2d2ba99db2f9f82a02399fb0c3b8500627f68f5aab872adde","src/rules_and_declarations.rs":"be2c4f3f3bb673d866575b6cb6084f1879dff07356d583ca9a3595f63b7f916f","src/serializer.rs":"4ccfc9b4fe994aab3803662bbf31cc25052a6a39531073a867b14b224afe42dd","src/size_of_tests.rs":"e5f63c8c18721cc3ff7a5407e84f9889ffa10e66da96e8510a696c3e00ad72d5","src/tests.rs":"80b02c80ab0fd580dad9206615c918e0db7dff63dfed0feeedb66f317d24b24b","src/tokenizer.rs":"429b2cba419cf8b923fbcc32d3bd34c0b39284ebfcb9fc29b8eb8643d8d5f312","src/unicode_range.rs":"c1c4ed2493e09d248c526ce1ef8575a5f8258da3962b64ffc814ef3bdf9780d0"},"package":"8a807ac3ab7a217829c2a3b65732b926b2befe6a35f33b4bf8b503692430f223"} -\ No newline at end of file -+{"files":{},"package":"8a807ac3ab7a217829c2a3b65732b926b2befe6a35f33b4bf8b503692430f223"} -diff --git a/vendor/cssparser/src/parser.rs b/vendor/cssparser/src/parser.rs -index 76736a8..8ffa18c 100644 ---- a/vendor/cssparser/src/parser.rs -+++ b/vendor/cssparser/src/parser.rs -@@ -555,28 +555,34 @@ impl<'i: 't, 't> Parser<'i, 't> { - } - - let token_start_position = self.input.tokenizer.position(); -- let token; -- match self.input.cached_token { -- Some(ref cached_token) -- if cached_token.start_position == token_start_position => { -- self.input.tokenizer.reset(&cached_token.end_state); -- match cached_token.token { -- Token::Function(ref name) => self.input.tokenizer.see_function(name), -- _ => {} -- } -- token = &cached_token.token -+ let using_cached_token = self -+ .input -+ .cached_token -+ .as_ref() -+ .map_or(false, |cached_token| { -+ cached_token.start_position == token_start_position -+ }); -+ let token = if using_cached_token { -+ let cached_token = self.input.cached_token.as_ref().unwrap(); -+ self.input.tokenizer.reset(&cached_token.end_state); -+ match cached_token.token { -+ Token::Function(ref name) => self.input.tokenizer.see_function(name), -+ _ => {} - } -- _ => { -- let new_token = self.input.tokenizer.next() -- .map_err(|()| self.new_basic_error(BasicParseErrorKind::EndOfInput))?; -- self.input.cached_token = Some(CachedToken { -- token: new_token, -- start_position: token_start_position, -- end_state: self.input.tokenizer.state(), -- }); -- token = self.input.cached_token_ref() -- } -- } -+ &cached_token.token -+ } else { -+ let new_token = self -+ .input -+ .tokenizer -+ .next() -+ .map_err(|()| self.new_basic_error(BasicParseErrorKind::EndOfInput))?; -+ self.input.cached_token = Some(CachedToken { -+ token: new_token, -+ start_position: token_start_position, -+ end_state: self.input.tokenizer.state(), -+ }); -+ self.input.cached_token_ref() -+ }; - - if let Some(block_type) = BlockType::opening(token) { - self.at_start_of = Some(block_type); --- -2.26.2 - diff --git a/librsvg-2.42.7.tar.xz b/librsvg-2.42.7.tar.xz deleted file mode 100644 index b2079d6ca5f8e4cc7cab808c04b47031f4bc35df..0000000000000000000000000000000000000000 Binary files a/librsvg-2.42.7.tar.xz and /dev/null differ diff --git a/librsvg2.spec b/librsvg2.spec index 67af3395258b6363c355bbad9c2e84ca58268f92..b52435e22ad0232a444a2649b383b8a9717072d1 100644 --- a/librsvg2.spec +++ b/librsvg2.spec @@ -9,36 +9,35 @@ # required rust libraries %global bundled_rust_deps 1 +%global cairo_version 1.16.0 + Name: librsvg2 Summary: An SVG library based on cairo -Version: 2.42.7 -Release: 4%{anolis_release}%{?dist} +Version: 2.50.7 +Release: 1%{anolis_release}%{?dist} License: LGPLv2+ URL: https://wiki.gnome.org/Projects/LibRsvg -Source0: https://download.gnome.org/sources/librsvg/2.42/librsvg-%{version}.tar.xz +Source0: https://download.gnome.org/sources/librsvg/2.50/librsvg-%{version}.tar.xz -# https://bugzilla.redhat.com/show_bug.cgi?id=1804519 -# https://gitlab.gnome.org/GNOME/librsvg/-/issues/515 -Patch0: CVE-2019-20446.patch -# https://github.com/servo/rust-cssparser/pull/245 -Patch1: fix-cssparser-build.patch +Patch1000: 0001-makefile-remove-lock-to-update-requires.patch BuildRequires: chrpath BuildRequires: gcc +BuildRequires: git-core # autosetup need git BuildRequires: git BuildRequires: gobject-introspection-devel -BuildRequires: pkgconfig(cairo) -BuildRequires: pkgconfig(cairo-png) +BuildRequires: make +BuildRequires: pkgconfig(cairo) >= %{cairo_version} +BuildRequires: pkgconfig(cairo-gobject) >= %{cairo_version} +BuildRequires: pkgconfig(cairo-png) >= %{cairo_version} BuildRequires: pkgconfig(fontconfig) BuildRequires: pkgconfig(gdk-pixbuf-2.0) BuildRequires: pkgconfig(gio-2.0) BuildRequires: pkgconfig(gio-unix-2.0) BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(gthread-2.0) -BuildRequires: pkgconfig(gtk+-3.0) -BuildRequires: pkgconfig(libcroco-0.6) BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(pangocairo) BuildRequires: pkgconfig(pangoft2) @@ -51,20 +50,10 @@ BuildRequires: cargo-vendored-libc %endif %else BuildRequires: rust-packaging -# [dependencies] -BuildRequires: (crate(cairo-rs) >= 0.3.0 with crate(cairo-rs) < 0.4.0) -BuildRequires: (crate(cairo-sys-rs) >= 0.5.0 with crate(cairo-sys-rs) < 0.6.0) -BuildRequires: (crate(cssparser) >= 0.23.0 with crate(cssparser) < 0.24.0) -BuildRequires: (crate(downcast-rs) >= 1.0.0 with crate(downcast-rs) < 2.0.0) -BuildRequires: (crate(glib) >= 0.4.0 with crate(glib) < 0.5.0) -BuildRequires: (crate(glib-sys) >= 0.5.0 with crate(glib-sys) < 0.6.0) -BuildRequires: (crate(itertools) >= 0.7.4 with crate(itertools) < 0.8.0) -BuildRequires: (crate(libc) >= 0.2.0 with crate(libc) < 0.3.0) -BuildRequires: (crate(pango) >= 0.3.0 with crate(pango) < 0.4.0) -BuildRequires: (crate(pango-sys) >= 0.5.0 with crate(pango-sys) < 0.6.0) -BuildRequires: (crate(regex) >= 0.2.1 with crate(regex) < 0.3.0) %endif +Requires: cairo%{?_isa} >= %{cairo_version} +Requires: cairo-gobject%{?_isa} >= %{cairo_version} # We install a gdk-pixbuf svg loader Requires: gdk-pixbuf2%{?_isa} @@ -87,10 +76,9 @@ Requires: %{name}%{?_isa} = %{version}-%{release} This package provides extra utilities based on the librsvg library. %prep -%autosetup -n librsvg-%{version} -p1 -S git +%autosetup -n librsvg-%{version} -p1 -Sgit %if 0%{?bundled_rust_deps} -# Use the bundled deps, and enable release debuginfo -sed -i -e '/profile.release/a debug = true' Cargo.toml +# Use the bundled deps %ifarch loongarch64 rm -rf vendor/libc rm -f Cargo.lock @@ -98,32 +86,43 @@ ln -s %{_datadir}/cargo/vendor/libc vendor/ %endif %else # No bundled deps -rm -vrf vendor -%cargo_prep +rm -vrf vendor .cargo Cargo.lock +pushd rsvg_internals + %cargo_prep + mv .cargo .. +popd +%endif + +%if ! 0%{?bundled_rust_deps} +%generate_buildrequires +pushd rsvg_internals >/dev/null + %cargo_generate_buildrequires +popd >/dev/null %endif %build %configure --disable-static \ - --disable-gtk-doc \ - --enable-introspection \ - --enable-vala + --disable-gtk-doc \ + --enable-introspection \ + --enable-vala %make_build %install %make_install find %{buildroot} -type f -name '*.la' -print -delete +%find_lang librsvg + # Remove lib64 rpaths chrpath --delete %{buildroot}%{_bindir}/rsvg-convert -chrpath --delete %{buildroot}%{_bindir}/rsvg-view-3 chrpath --delete %{buildroot}%{_libdir}/gdk-pixbuf-2.0/*/loaders/libpixbufloader-svg.so # we install own docs rm -vrf %{buildroot}%{_datadir}/doc -%files +%files -f librsvg.lang %doc CONTRIBUTING.md README.md -%license COPYING COPYING.LIB +%license COPYING.LIB %{_libdir}/librsvg-2.so.* %{_libdir}/gdk-pixbuf-2.0/*/loaders/libpixbufloader-svg.so %dir %{_libdir}/girepository-1.0 @@ -146,29 +145,192 @@ rm -vrf %{buildroot}%{_datadir}/doc %files tools %{_bindir}/rsvg-convert -%{_bindir}/rsvg-view-3 %{_mandir}/man1/rsvg-convert.1* %changelog -* Mon Dec 12 2022 Liwei Ge - 2.42.7-4.0.2 -- Support loongarch64 build +* Mon Dec 26 2022 Liwei Ge 2.50.7-1.0.2 +- Support loongarch64 -* Fri Dec 10 2021 Weitao Zhou 2.42.7-4.0.1 +* Mon Dec 05 2022 Weitao Zhou 2.50.7-1.0.1 - Add git as build requirement for autosetup -* Wed May 13 2020 Michael Catanzaro - 2.42.7-4 -- Resolves: rhbz#1804519 Add patch for CVE-2019-20446 +* Tue Aug 24 2021 Kalev Lember - 2.50.7-1 +- Update to 2.50.7 + +* Mon Aug 09 2021 Mohan Boddu - 2.50.6-2 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Tue May 25 2021 Kalev Lember - 2.50.6-1 +- Update to 2.50.6 + +* Wed May 05 2021 Kalev Lember - 2.50.5-1 +- Update to 2.50.5 + +* Fri Apr 16 2021 Mohan Boddu - 2.50.3-2 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Thu Jan 28 2021 Kalev Lember - 2.50.3-1 +- Update to 2.50.3 + +* Tue Jan 26 2021 Fedora Release Engineering - 2.50.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Nov 25 2020 Kalev Lember - 2.50.2-1 +- Update to 2.50.2 + +* Mon Oct 5 2020 Kalev Lember - 2.50.1-1 +- Update to 2.50.1 + +* Fri Sep 11 2020 Kalev Lember - 2.50.0-1 +- Update to 2.50.0 + +* Tue Jul 28 2020 Fedora Release Engineering - 2.48.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 20 2020 Kalev Lember - 2.48.8-1 +- Update to 2.48.8 + +* Fri Jun 05 2020 Kalev Lember - 2.48.7-1 +- Update to 2.48.7 + +* Tue Jun 02 2020 Kalev Lember - 2.48.6-1 +- Update to 2.48.6 + +* Mon Jun 01 2020 Kalev Lember - 2.48.5-1 +- Update to 2.48.5 + +* Fri Apr 24 2020 Kalev Lember - 2.48.4-1 +- Update to 2.48.4 + +* Fri Apr 10 2020 Kalev Lember - 2.48.3-1 +- Update to 2.48.3 + +* Tue Mar 31 2020 Kalev Lember - 2.48.2-1 +- Update to 2.48.2 + +* Sat Mar 28 2020 Kalev Lember - 2.48.1-1 +- Update to 2.48.1 + +* Sat Mar 07 2020 Kalev Lember - 2.48.0-1 +- Update to 2.48.0 + +* Wed Jan 29 2020 Fedora Release Engineering - 2.46.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Nov 27 2019 Kalev Lember - 2.46.4-1 +- Update to 2.46.4 + +* Wed Oct 23 2019 Kalev Lember - 2.46.3-1 +- Update to 2.46.3 + +* Mon Oct 14 2019 Kalev Lember - 2.46.2-1 +- Update to 2.46.2 +>>>>>>> bd0d254... update to librsvg2-2.50.7-1.el9 + +* Mon Oct 07 2019 Kalev Lember - 2.46.1-1 +- Update to 2.46.1 + +* Fri Sep 20 2019 Kalev Lember - 2.46.0-2 +- Backport a patch to fix svg rendering in gnome-initial-setup (#1753183) -* Thu Dec 06 2018 Josh Stone - 2.42.7-2 -- Rebuild with the current rust-toolset +* Mon Sep 09 2019 Kalev Lember - 2.46.0-1 +- Update to 2.46.0 -* Tue Sep 04 2018 Kalev Lember - 2.42.7-1 -- Update to 2.42.7 +* Tue Sep 03 2019 Kalev Lember - 2.45.92-1 +- Update to 2.45.92 -* Wed Aug 08 2018 Kalev Lember - 2.42.6-1 -- Update to 2.42.6 +* Mon Aug 19 2019 Kalev Lember - 2.45.91-1 +- Update to 2.45.91 + +* Sun Aug 04 2019 Pete Walter - 2.45.90-1 +- Update to 2.45.90 + +* Fri Jul 26 2019 Pete Walter - 2.45.8-1 +- Update to 2.45.8 + +* Thu Jul 25 2019 Fedora Release Engineering - 2.45.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Jul 08 2019 Kalev Lember - 2.45.7-1 +- Update to 2.45.7 + +* Tue May 14 2019 Kalev Lember - 2.45.6-1 +- Update to 2.45.6 + +* Wed Mar 13 2019 Kalev Lember - 2.45.5-4 +- Go back to using bundled rust deps + +* Tue Feb 19 2019 Kalev Lember - 2.45.5-3 +- Rebuilt against fixed atk (#1626575) + +* Tue Feb 19 2019 Igor Gnatenko - 2.45.5-2 +- Unbundle Rust deps + +* Sat Feb 16 2019 Kalev Lember - 2.45.5-1 +- Update to 2.45.5 + +* Fri Feb 01 2019 Fedora Release Engineering - 2.45.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Wed Jan 09 2019 Kalev Lember - 2.45.4-1 +- Update to 2.45.4 + +* Wed Jan 09 2019 Kalev Lember - 2.45.3-2 +- Fix accidental soname bump + +* Wed Jan 09 2019 Kalev Lember - 2.45.3-1 +- Update to 2.45.3 + +* Sat Dec 29 2018 Kalev Lember - 2.44.11-1 +- Update to 2.44.11 + +* Tue Dec 18 2018 Kalev Lember - 2.44.10-1 +- Update to 2.44.10 + +* Wed Nov 14 2018 Kalev Lember - 2.44.9-1 +- Update to 2.44.9 + +* Fri Oct 26 2018 Kalev Lember - 2.44.8-1 +- Update to 2.44.8 + +* Tue Oct 09 2018 Kalev Lember - 2.44.7-1 +- Update to 2.44.7 + +* Fri Sep 28 2018 Kalev Lember - 2.44.6-1 +- Update to 2.44.6 + +* Wed Sep 26 2018 Kalev Lember - 2.44.4-1 +- Update to 2.44.4 + +* Thu Sep 20 2018 Kalev Lember - 2.44.3-1 +- Update to 2.44.3 + +* Fri Sep 07 2018 Kalev Lember - 2.44.2-2 +- Rebuilt against fixed atk (#1626575) + +* Wed Sep 05 2018 Kalev Lember - 2.44.2-1 +- Update to 2.44.2 + +* Wed Aug 08 2018 Kalev Lember - 2.43.4-1 +- Update to 2.43.4 - Use bundled rust deps +* Fri Jul 13 2018 Fedora Release Engineering - 2.43.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Sun Jul 01 2018 Igor Gnatenko - 2.43.1-2 +- Bump cssparser to 0.24 + +* Sun Jun 24 2018 Igor Gnatenko - 2.43.1-1 +- Update to 2.43.1 + +* Tue May 08 2018 Igor Gnatenko - 2.42.4-1 +- Update to 2.42.4 + +* Thu May 03 2018 Josh Stone - 2.42.3-2 +- Update rust dependencies. + * Mon Mar 05 2018 Kalev Lember - 2.42.3-1 - Update to 2.42.3