diff --git a/CVE-2019-20446.patch b/CVE-2019-20446.patch deleted file mode 100644 index a1d750020580f557f90770c045866498d41c080e..0000000000000000000000000000000000000000 --- a/CVE-2019-20446.patch +++ /dev/null @@ -1,573 +0,0 @@ -From faec595a1721a2496e9c258917facbb564f85854 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Wed, 13 May 2020 17:53:13 -0500 -Subject: [PATCH] CVE-2019-20446.patch - ---- - librsvg/rsvg-base.c | 90 +++++++++--- - librsvg/rsvg-private.h | 5 +- - rsvg_internals/src/drawing_ctx.rs | 23 ++-- - rsvg_internals/src/structure.rs | 21 ++- - tests/errors.c | 52 ++++++- - .../errors/308-doubly-recursive-use.svg | 13 ++ - tests/fixtures/errors/308-recursive-use.svg | 9 ++ - tests/fixtures/errors/308-use-self-ref.svg | 7 + - .../errors/515-pattern-billion-laughs.svg | 130 ++++++++++++++++++ - .../errors/515-too-many-elements.svgz | Bin 0 -> 40811 bytes - 10 files changed, 310 insertions(+), 40 deletions(-) - create mode 100644 tests/fixtures/errors/308-doubly-recursive-use.svg - create mode 100644 tests/fixtures/errors/308-recursive-use.svg - create mode 100644 tests/fixtures/errors/308-use-self-ref.svg - create mode 100644 tests/fixtures/errors/515-pattern-billion-laughs.svg - create mode 100644 tests/fixtures/errors/515-too-many-elements.svgz - -diff --git a/librsvg/rsvg-base.c b/librsvg/rsvg-base.c -index dbad819..af3d43c 100644 ---- a/librsvg/rsvg-base.c -+++ b/librsvg/rsvg-base.c -@@ -431,12 +431,29 @@ node_set_atts (RsvgNode * node, RsvgHandle *handle, const NodeCreator *creator, - } - } - -+static gboolean -+loading_limits_exceeded (RsvgHandle *handle) -+{ -+ /* This is a mitigation for SVG files which create millions of elements -+ * in an attempt to exhaust memory. We don't allow loading more than -+ * this number of elements during the initial streaming load process. -+ */ -+ return handle->priv->num_loaded_elements > 200000; -+} -+ - static void - rsvg_standard_element_start (RsvgHandle *handle, const char *name, RsvgPropertyBag * atts) - { - const NodeCreator *creator; - RsvgNode *newnode = NULL; - -+ if (loading_limits_exceeded (handle)) { -+ g_set_error (handle->priv->error, RSVG_ERROR, 0, "instancing limit"); -+ -+ xmlStopParser (handle->priv->ctxt); -+ return; -+ } -+ - creator = get_node_creator_for_element_name (name); - g_assert (creator != NULL && creator->create_fn != NULL); - -@@ -456,6 +473,7 @@ rsvg_standard_element_start (RsvgHandle *handle, const char *name, RsvgPropertyB - handle->priv->treebase = rsvg_node_ref (newnode); - } - -+ handle->priv->num_loaded_elements += 1; - handle->priv->currentnode = rsvg_node_ref (newnode); - - node_set_atts (newnode, handle, creator, atts); -@@ -1641,6 +1659,52 @@ rsvg_push_discrete_layer (RsvgDrawingCtx * ctx) - ctx->render->push_discrete_layer (ctx); - } - -+void -+rsvg_drawing_ctx_increase_num_elements_acquired (RsvgDrawingCtx *draw_ctx) -+{ -+ draw_ctx->num_elements_acquired++; -+} -+ -+/* This is a mitigation for the security-related bugs: -+ * https://gitlab.gnome.org/GNOME/librsvg/issues/323 -+ * https://gitlab.gnome.org/GNOME/librsvg/issues/515 -+ * -+ * Imagine the XML [billion laughs attack], but done in SVG's terms: -+ * -+ * - #323 above creates deeply nested groups of `` elements. -+ * The first one references the second one ten times, the second one -+ * references the third one ten times, and so on. In the file given, -+ * this causes 10^17 objects to be rendered. While this does not -+ * exhaust memory, it would take a really long time. -+ * -+ * - #515 has deeply nested references of `` elements. Each -+ * object inside each pattern has an attribute -+ * fill="url(#next_pattern)", so the number of final rendered objects -+ * grows exponentially. -+ * -+ * We deal with both cases by placing a limit on how many references -+ * will be resolved during the SVG rendering process, that is, -+ * how many `url(#foo)` will be resolved. -+ * -+ * [billion laughs attack]: https://bitbucket.org/tiran/defusedxml -+ */ -+static gboolean -+limits_exceeded (RsvgDrawingCtx *draw_ctx) -+{ -+ return draw_ctx->num_elements_acquired > 500000; -+} -+ -+RsvgNode * -+rsvg_drawing_ctx_acquire_node_ref (RsvgDrawingCtx * ctx, RsvgNode *node) -+{ -+ if (g_slist_find (ctx->acquired_nodes, node)) -+ return NULL; -+ -+ ctx->acquired_nodes = g_slist_prepend (ctx->acquired_nodes, node); -+ -+ return node; -+} -+ - /* - * rsvg_drawing_ctx_acquire_node: - * @ctx: The drawing context in use -@@ -1668,16 +1732,15 @@ rsvg_drawing_ctx_acquire_node (RsvgDrawingCtx * ctx, const char *url) - if (url == NULL) - return NULL; - -+ rsvg_drawing_ctx_increase_num_elements_acquired (ctx); -+ if (limits_exceeded (ctx)) -+ return NULL; -+ - node = rsvg_defs_lookup (ctx->defs, url); - if (node == NULL) - return NULL; - -- if (g_slist_find (ctx->acquired_nodes, node)) -- return NULL; -- -- ctx->acquired_nodes = g_slist_prepend (ctx->acquired_nodes, node); -- -- return node; -+ return rsvg_drawing_ctx_acquire_node_ref (ctx, node); - } - - /** -@@ -1734,18 +1797,9 @@ rsvg_drawing_ctx_release_node (RsvgDrawingCtx * ctx, RsvgNode *node) - if (node == NULL) - return; - -- g_return_if_fail (ctx->acquired_nodes != NULL); -- g_return_if_fail (ctx->acquired_nodes->data == node); -- - ctx->acquired_nodes = g_slist_remove (ctx->acquired_nodes, node); - } - --void --rsvg_drawing_ctx_increase_num_elements_rendered_through_use (RsvgDrawingCtx *draw_ctx) --{ -- draw_ctx->num_elements_rendered_through_use++; --} -- - void - rsvg_drawing_ctx_add_node_and_ancestors_to_stack (RsvgDrawingCtx *draw_ctx, RsvgNode *node) - { -@@ -1759,12 +1813,6 @@ rsvg_drawing_ctx_add_node_and_ancestors_to_stack (RsvgDrawingCtx *draw_ctx, Rsvg - } - } - --static gboolean --limits_exceeded (RsvgDrawingCtx *draw_ctx) --{ -- return draw_ctx->num_elements_rendered_through_use > 500000; --} -- - gboolean - rsvg_drawing_ctx_draw_node_from_stack (RsvgDrawingCtx *ctx, RsvgNode *node, int dominate) - { -diff --git a/librsvg/rsvg-private.h b/librsvg/rsvg-private.h -index aeec8d5..06f4c2b 100644 ---- a/librsvg/rsvg-private.h -+++ b/librsvg/rsvg-private.h -@@ -164,6 +164,7 @@ struct RsvgHandlePrivate { - */ - RsvgSaxHandler *handler; - int handler_nest; -+ gsize num_loaded_elements; - - GHashTable *entities; /* g_malloc'd string -> xmlEntityPtr */ - -@@ -200,7 +201,7 @@ struct RsvgDrawingCtx { - RsvgState *state; - GError **error; - RsvgDefs *defs; -- gsize num_elements_rendered_through_use; -+ gsize num_elements_acquired; - PangoContext *pango_context; - double dpi_x, dpi_y; - RsvgViewBox vb; -@@ -502,6 +503,8 @@ RsvgNode *rsvg_drawing_ctx_acquire_node (RsvgDrawingCtx * ctx, const cha - G_GNUC_INTERNAL - RsvgNode *rsvg_drawing_ctx_acquire_node_of_type (RsvgDrawingCtx * ctx, const char *url, RsvgNodeType type); - G_GNUC_INTERNAL -+RsvgNode *rsvg_drawing_ctx_acquire_node_ref (RsvgDrawingCtx * ctx, RsvgNode *node); -+G_GNUC_INTERNAL - void rsvg_drawing_ctx_release_node (RsvgDrawingCtx * ctx, RsvgNode *node); - - G_GNUC_INTERNAL -diff --git a/rsvg_internals/src/drawing_ctx.rs b/rsvg_internals/src/drawing_ctx.rs -index 79f0c9f..631b073 100644 ---- a/rsvg_internals/src/drawing_ctx.rs -+++ b/rsvg_internals/src/drawing_ctx.rs -@@ -32,6 +32,11 @@ extern "C" { - - fn rsvg_drawing_ctx_pop_view_box(draw_ctx: *const RsvgDrawingCtx); - -+ fn rsvg_drawing_ctx_acquire_node_ref( -+ draw_ctx: *const RsvgDrawingCtx, -+ node: *const RsvgNode, -+ ) -> *mut RsvgNode; -+ - fn rsvg_drawing_ctx_acquire_node( - draw_ctx: *const RsvgDrawingCtx, - url: *const libc::c_char, -@@ -45,8 +50,6 @@ extern "C" { - - fn rsvg_drawing_ctx_release_node(draw_ctx: *const RsvgDrawingCtx, node: *mut RsvgNode); - -- fn rsvg_drawing_ctx_increase_num_elements_rendered_through_use(draw_ctx: *const RsvgDrawingCtx); -- - fn rsvg_drawing_ctx_get_current_state_affine(draw_ctx: *const RsvgDrawingCtx) -> cairo::Matrix; - - fn rsvg_drawing_ctx_set_current_state_affine( -@@ -149,6 +152,16 @@ pub fn pop_view_box(draw_ctx: *const RsvgDrawingCtx) { - } - } - -+pub fn acquire_node_ref(draw_ctx: *const RsvgDrawingCtx, node: *const RsvgNode) -> Option { -+ let raw_node = unsafe { rsvg_drawing_ctx_acquire_node_ref(draw_ctx, node) }; -+ -+ if raw_node.is_null() { -+ None -+ } else { -+ Some(AcquiredNode(draw_ctx, raw_node)) -+ } -+} -+ - pub fn get_acquired_node(draw_ctx: *const RsvgDrawingCtx, url: &str) -> Option { - let raw_node = unsafe { rsvg_drawing_ctx_acquire_node(draw_ctx, str::to_glib_none(url).0) }; - -@@ -290,12 +303,6 @@ pub fn state_pop(draw_ctx: *const RsvgDrawingCtx) { - } - } - --pub fn increase_num_elements_rendered_through_use(draw_ctx: *const RsvgDrawingCtx) { -- unsafe { -- rsvg_drawing_ctx_increase_num_elements_rendered_through_use(draw_ctx); -- } --} -- - pub struct AcquiredNode(*const RsvgDrawingCtx, *mut RsvgNode); - - impl Drop for AcquiredNode { -diff --git a/rsvg_internals/src/structure.rs b/rsvg_internals/src/structure.rs -index 71c9ff0..e4234ae 100644 ---- a/rsvg_internals/src/structure.rs -+++ b/rsvg_internals/src/structure.rs -@@ -278,6 +278,20 @@ impl NodeTrait for NodeUse { - return; - } - -+ // is an element that is used directly, unlike -+ // , which is used through a fill="url(#...)" -+ // reference. However, will always reference another -+ // element, potentially itself or an ancestor of itself (or -+ // another which references the first one, etc.). So, -+ // we acquire the element itself so that circular -+ // references can be caught. -+ let self_box = box_node(node.clone()); -+ let self_acquired = drawing_ctx::acquire_node_ref(draw_ctx, self_box); -+ rsvg_node_unref(self_box); -+ if self_acquired.is_none() { -+ return; -+ } -+ - let child = if let Some(acquired) = - drawing_ctx::get_acquired_node(draw_ctx, link.as_ref().unwrap()) - { -@@ -286,13 +300,6 @@ impl NodeTrait for NodeUse { - return; - }; - -- if Node::is_ancestor(node.clone(), child.clone()) { -- // or, if we're 'ing ourselves -- return; -- } -- -- drawing_ctx::increase_num_elements_rendered_through_use(draw_ctx); -- - let nx = self.x.get().normalize(draw_ctx); - let ny = self.y.get().normalize(draw_ctx); - -diff --git a/tests/errors.c b/tests/errors.c -index f370d60..ab5898a 100644 ---- a/tests/errors.c -+++ b/tests/errors.c -@@ -22,10 +22,29 @@ get_test_filename (const char *basename) { - basename, - NULL); - } -+ -+static void -+test_loading_error (gconstpointer data) -+{ -+ const char *basename = data; -+ char *filename = get_test_filename (basename); -+ RsvgHandle *handle; -+ GError *error = NULL; -+ -+ handle = rsvg_handle_new_from_file (filename, &error); -+ g_free (filename); -+ -+ g_assert (handle == NULL); -+ g_assert (g_error_matches (error, RSVG_ERROR, RSVG_ERROR_FAILED)); -+ -+ g_error_free (error); -+} -+ - static void --test_instancing_limit (void) -+test_instancing_limit (gconstpointer data) - { -- char *filename = get_test_filename ("323-nested-use.svg"); -+ const char *basename = data; -+ char *filename = get_test_filename (basename); - RsvgHandle *handle; - GError *error = NULL; - cairo_surface_t *surf; -@@ -49,7 +68,34 @@ main (int argc, char **argv) - { - g_test_init (&argc, &argv, NULL); - -- g_test_add_func ("/errors/instancing_limit", test_instancing_limit); -+ g_test_add_data_func_full ("/errors/instancing_limit/323-nested-use.svg", -+ "323-nested-use.svg", -+ test_instancing_limit, -+ NULL); -+ -+ g_test_add_data_func_full ("/errors/instancing_limit/515-pattern-billion-laughs.svg", -+ "515-pattern-billion-laughs.svg", -+ test_instancing_limit, -+ NULL); -+ -+ g_test_add_data_func_full ("/errors/instancing_limit/308-use-self-ref.svg", -+ "308-use-self-ref.svg", -+ test_instancing_limit, -+ NULL); -+ g_test_add_data_func_full ("/errors/instancing_limit/308-recursive-use.svg", -+ "308-recursive-use.svg", -+ test_instancing_limit, -+ NULL); -+ g_test_add_data_func_full ("/errors/instancing_limit/308-doubly-recursive-use.svg", -+ "308-doubly-recursive-use.svg", -+ test_instancing_limit, -+ NULL); -+ -+ g_test_add_data_func_full ("/errors/515-too-many-elements.svgz", -+ "515-too-many-elements.svgz", -+ test_loading_error, -+ NULL); -+ - - return g_test_run (); - } -diff --git a/tests/fixtures/errors/308-doubly-recursive-use.svg b/tests/fixtures/errors/308-doubly-recursive-use.svg -new file mode 100644 -index 0000000..9b248a6 ---- /dev/null -+++ b/tests/fixtures/errors/308-doubly-recursive-use.svg -@@ -0,0 +1,13 @@ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -diff --git a/tests/fixtures/errors/308-recursive-use.svg b/tests/fixtures/errors/308-recursive-use.svg -new file mode 100644 -index 0000000..f5d00bf ---- /dev/null -+++ b/tests/fixtures/errors/308-recursive-use.svg -@@ -0,0 +1,9 @@ -+ -+ -+ -+ -+ -+ -+ -+ -+ -diff --git a/tests/fixtures/errors/308-use-self-ref.svg b/tests/fixtures/errors/308-use-self-ref.svg -new file mode 100644 -index 0000000..dbf14c5 ---- /dev/null -+++ b/tests/fixtures/errors/308-use-self-ref.svg -@@ -0,0 +1,7 @@ -+ -+ -+ -+ -+ -+ -+ -diff --git a/tests/fixtures/errors/515-pattern-billion-laughs.svg b/tests/fixtures/errors/515-pattern-billion-laughs.svg -new file mode 100644 -index 0000000..a306960 ---- /dev/null -+++ b/tests/fixtures/errors/515-pattern-billion-laughs.svg -@@ -0,0 +1,130 @@ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -\ No newline at end of file -diff --git a/tests/fixtures/errors/515-too-many-elements.svgz b/tests/fixtures/errors/515-too-many-elements.svgz -new file mode 100644 -index 0000000000000000000000000000000000000000..a7f7cf678ca2f29af6df61078d1c6a86c73c2d1a -GIT binary patch -literal 40811 -zcmeIuO)I1U007{3c1mhf$VD-7q(+J1MDM}L%|UFTsL8?1JBN{yP&im}QQ{&|QhvZj -zljI=9MY%ail5kSH<)g@tkhY%ZCp*LibxH_PE;`Ph^fuo4Xpr-qW6!wVUeOr_1r`p~-)LTcZB@uIs(k -zp^3xx{A%Lt>ENbsBzwPKxl_B*S@%4>{ZPBL{_?u~dmaM@3>YwAz<>b*1`HT5V8DO@ -z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*Vq -ziwEvbqN?)X)ARdf*>V8`1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b* -z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA;JXJdqN)r0{91`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>f$?1`2;_+E#M0g -Date: Fri, 15 May 2020 14:56:59 -0500 -Subject: [PATCH] cssparser build fix - ---- - vendor/cssparser/.cargo-checksum.json | 2 +- - vendor/cssparser/src/parser.rs | 48 +++++++++++++++------------ - 2 files changed, 28 insertions(+), 22 deletions(-) - -diff --git a/vendor/cssparser/.cargo-checksum.json b/vendor/cssparser/.cargo-checksum.json -index 246bb70..713372d 100644 ---- a/vendor/cssparser/.cargo-checksum.json -+++ b/vendor/cssparser/.cargo-checksum.json -@@ -1 +1 @@ --{"files":{".cargo-ok":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",".travis.yml":"f1fb4b65964c81bc1240544267ea334f554ca38ae7a74d57066f4d47d2b5d568","Cargo.toml":"7807f16d417eb1a6ede56cd4ba2da6c5c63e4530289b3f0848f4b154e18eba02","LICENSE":"fab3dd6bdab226f1c08630b1dd917e11fcb4ec5e1e020e2c16f83a0a13863e85","README.md":"c5781e673335f37ed3d7acb119f8ed33efdf6eb75a7094b7da2abe0c3230adb8","build.rs":"b29fc57747f79914d1c2fb541e2bb15a003028bb62751dcb901081ccc174b119","build/match_byte.rs":"2c84b8ca5884347d2007f49aecbd85b4c7582085526e2704399817249996e19b","docs/.nojekyll":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","docs/404.html":"025861f76f8d1f6d67c20ab624c6e418f4f824385e2dd8ad8732c4ea563c6a2e","docs/index.html":"025861f76f8d1f6d67c20ab624c6e418f4f824385e2dd8ad8732c4ea563c6a2e","src/color.rs":"c60f1b0ab7a2a6213e434604ee33f78e7ef74347f325d86d0b9192d8225ae1cc","src/cow_rc_str.rs":"541216f8ef74ee3cc5cbbc1347e5f32ed66588c401851c9a7d68b867aede1de0","src/from_bytes.rs":"331fe63af2123ae3675b61928a69461b5ac77799fff3ce9978c55cf2c558f4ff","src/lib.rs":"46c377e0c9a75780d5cb0bcf4dfb960f0fb2a996a13e7349bb111b9082252233","src/macros.rs":"adb9773c157890381556ea83d7942dcc676f99eea71abbb6afeffee1e3f28960","src/nth.rs":"5c70fb542d1376cddab69922eeb4c05e4fcf8f413f27563a2af50f72a47c8f8c","src/parser.rs":"9ed4aec998221eb2d2ba99db2f9f82a02399fb0c3b8500627f68f5aab872adde","src/rules_and_declarations.rs":"be2c4f3f3bb673d866575b6cb6084f1879dff07356d583ca9a3595f63b7f916f","src/serializer.rs":"4ccfc9b4fe994aab3803662bbf31cc25052a6a39531073a867b14b224afe42dd","src/size_of_tests.rs":"e5f63c8c18721cc3ff7a5407e84f9889ffa10e66da96e8510a696c3e00ad72d5","src/tests.rs":"80b02c80ab0fd580dad9206615c918e0db7dff63dfed0feeedb66f317d24b24b","src/tokenizer.rs":"429b2cba419cf8b923fbcc32d3bd34c0b39284ebfcb9fc29b8eb8643d8d5f312","src/unicode_range.rs":"c1c4ed2493e09d248c526ce1ef8575a5f8258da3962b64ffc814ef3bdf9780d0"},"package":"8a807ac3ab7a217829c2a3b65732b926b2befe6a35f33b4bf8b503692430f223"} -\ No newline at end of file -+{"files":{},"package":"8a807ac3ab7a217829c2a3b65732b926b2befe6a35f33b4bf8b503692430f223"} -diff --git a/vendor/cssparser/src/parser.rs b/vendor/cssparser/src/parser.rs -index 76736a8..8ffa18c 100644 ---- a/vendor/cssparser/src/parser.rs -+++ b/vendor/cssparser/src/parser.rs -@@ -555,28 +555,34 @@ impl<'i: 't, 't> Parser<'i, 't> { - } - - let token_start_position = self.input.tokenizer.position(); -- let token; -- match self.input.cached_token { -- Some(ref cached_token) -- if cached_token.start_position == token_start_position => { -- self.input.tokenizer.reset(&cached_token.end_state); -- match cached_token.token { -- Token::Function(ref name) => self.input.tokenizer.see_function(name), -- _ => {} -- } -- token = &cached_token.token -+ let using_cached_token = self -+ .input -+ .cached_token -+ .as_ref() -+ .map_or(false, |cached_token| { -+ cached_token.start_position == token_start_position -+ }); -+ let token = if using_cached_token { -+ let cached_token = self.input.cached_token.as_ref().unwrap(); -+ self.input.tokenizer.reset(&cached_token.end_state); -+ match cached_token.token { -+ Token::Function(ref name) => self.input.tokenizer.see_function(name), -+ _ => {} - } -- _ => { -- let new_token = self.input.tokenizer.next() -- .map_err(|()| self.new_basic_error(BasicParseErrorKind::EndOfInput))?; -- self.input.cached_token = Some(CachedToken { -- token: new_token, -- start_position: token_start_position, -- end_state: self.input.tokenizer.state(), -- }); -- token = self.input.cached_token_ref() -- } -- } -+ &cached_token.token -+ } else { -+ let new_token = self -+ .input -+ .tokenizer -+ .next() -+ .map_err(|()| self.new_basic_error(BasicParseErrorKind::EndOfInput))?; -+ self.input.cached_token = Some(CachedToken { -+ token: new_token, -+ start_position: token_start_position, -+ end_state: self.input.tokenizer.state(), -+ }); -+ self.input.cached_token_ref() -+ }; - - if let Some(block_type) = BlockType::opening(token) { - self.at_start_of = Some(block_type); --- -2.26.2 - diff --git a/librsvg-2.42.7.tar.xz b/librsvg-2.42.7.tar.xz deleted file mode 100644 index b2079d6ca5f8e4cc7cab808c04b47031f4bc35df..0000000000000000000000000000000000000000 Binary files a/librsvg-2.42.7.tar.xz and /dev/null differ diff --git a/librsvg2-CVE-2023-38633.patch b/librsvg2-CVE-2023-38633.patch new file mode 100644 index 0000000000000000000000000000000000000000..07ffbe6d5d41d3472aea5062cc1905b5ff487493 --- /dev/null +++ b/librsvg2-CVE-2023-38633.patch @@ -0,0 +1,414 @@ +From d1f066bf2198bd46c5ba80cb5123b768ec16e37d Mon Sep 17 00:00:00 2001 +From: Federico Mena Quintero +Date: Thu, 20 Jul 2023 11:12:53 -0600 +Subject: [PATCH] (#996): Fix arbitrary file read when href has special + characters + +In UrlResolver::resolve_href() we now explicitly disallow URLs that +have a query string ("?") or a fragment identifier ("#"). + +We also explicitly check for a base URL and not resolving to a path, +for example, "file:///base/foo.svg" + "." would resolve to +"file:///base/" - this is technically correct, but we don't want to +resolve to directories. + +Also, we pass a canonicalized path name as a URL upstream, so that +g_file_new_from_url() will consume it later, instead of passing the +original and potentially malicious URL. + +Fixes https://gitlab.gnome.org/GNOME/librsvg/-/issues/996 +--- + librsvg/rsvg-handle.c | 6 +- + rsvg_internals/src/allowed_url.rs | 229 +++++++++++++----- + .../src/filters/component_transfer.rs | 2 +- + tests/Makefile.am | 1 + + tests/fixtures/loading/bar.svg | 1 + + tests/fixtures/loading/foo.svg | 1 + + tests/fixtures/loading/subdir/baz.svg | 1 + + 7 files changed, 180 insertions(+), 61 deletions(-) + create mode 100644 tests/fixtures/loading/bar.svg + create mode 100644 tests/fixtures/loading/foo.svg + create mode 100644 tests/fixtures/loading/subdir/baz.svg + +diff --git a/librsvg/rsvg-handle.c b/librsvg/rsvg-handle.c +index 95364db34..f49e4d30e 100644 +--- a/librsvg/rsvg-handle.c ++++ b/librsvg/rsvg-handle.c +@@ -78,7 +78,11 @@ + * + * + * +- * All other URL schemes in references require a base URL. For ++ * URLs with queries ("?") or fragment identifiers ("#") are not allowed. ++ * ++ * ++ * ++ * All other URL schemes other than data: in references require a base URL. For + * example, this means that if you load an SVG with + * rsvg_handle_new_from_data() without calling rsvg_handle_set_base_uri(), + * then any referenced files will not be allowed (e.g. raster images to be +diff --git a/rsvg_internals/src/allowed_url.rs b/rsvg_internals/src/allowed_url.rs +index 3a99e00b8..ffa9a2315 100644 +--- a/rsvg_internals/src/allowed_url.rs ++++ b/rsvg_internals/src/allowed_url.rs +@@ -2,9 +2,7 @@ + + use std::error; + use std::fmt; +-use std::io; + use std::ops::Deref; +-use std::path::{Path, PathBuf}; + use url::Url; + + use crate::error::HrefError; +@@ -37,6 +35,12 @@ pub enum AllowedUrlError { + /// or in one directory below the base file. + NotSiblingOrChildOfBaseFile, + ++ /// Loaded file:// URLs cannot have a query part, e.g. `file:///foo?blah` ++ NoQueriesAllowed, ++ ++ /// URLs may not have fragment identifiers at this stage ++ NoFragmentIdentifierAllowed, ++ + /// Error when obtaining the file path or the base file path + InvalidPath, + +@@ -59,6 +63,17 @@ impl AllowedUrl { + return Ok(AllowedUrl(url)); + } + ++ // Queries are not allowed. ++ if url.query().is_some() { ++ return Err(AllowedUrlError::NoQueriesAllowed); ++ } ++ ++ // Fragment identifiers are not allowed. They should have been stripped ++ // upstream, by NodeId. ++ if url.fragment().is_some() { ++ return Err(AllowedUrlError::NoFragmentIdentifierAllowed); ++ } ++ + // All other sources require a base url + if base_url.is_none() { + return Err(AllowedUrlError::BaseRequired); +@@ -81,6 +96,26 @@ impl AllowedUrl { + return Err(AllowedUrlError::DisallowedScheme); + } + ++ // The rest of this function assumes file: URLs; guard against ++ // incorrect refactoring. ++ assert!(url.scheme() == "file"); ++ ++ // If we have a base_uri of "file:///foo/bar.svg", and resolve an href of ".", ++ // Url.parse() will give us "file:///foo/". We don't want that, so check ++ // if the last path segment is empty - it will not be empty for a normal file. ++ ++ if let Some(segments) = url.path_segments() { ++ if segments ++ .last() ++ .expect("URL path segments always contain at last 1 element") ++ .is_empty() ++ { ++ return Err(AllowedUrlError::NotSiblingOrChildOfBaseFile); ++ } ++ } else { ++ unreachable!("the file: URL cannot have an empty path"); ++ } ++ + // We have two file: URIs. Now canonicalize them (remove .. and symlinks, etc.) + // and see if the directories match + +@@ -98,13 +133,17 @@ impl AllowedUrl { + + let base_parent = base_parent.unwrap(); + +- let url_canon = +- canonicalize(&url_path).map_err(|_| AllowedUrlError::CanonicalizationError)?; +- let parent_canon = +- canonicalize(&base_parent).map_err(|_| AllowedUrlError::CanonicalizationError)?; +- +- if url_canon.starts_with(parent_canon) { +- Ok(AllowedUrl(url)) ++ let path_canon = url_path ++ .canonicalize() ++ .map_err(|_| AllowedUrlError::CanonicalizationError)?; ++ let parent_canon = base_parent ++ .canonicalize() ++ .map_err(|_| AllowedUrlError::CanonicalizationError)?; ++ ++ if path_canon.starts_with(parent_canon) { ++ // Finally, convert the canonicalized path back to a URL. ++ let path_to_url = Url::from_file_path(path_canon).unwrap(); ++ Ok(AllowedUrl(path_to_url)) + } else { + Err(AllowedUrlError::NotSiblingOrChildOfBaseFile) + } +@@ -129,32 +168,22 @@ impl error::Error for AllowedUrlError {} + + impl fmt::Display for AllowedUrlError { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { +- match *self { +- AllowedUrlError::HrefParseError(e) => write!(f, "href parse error: {}", e), +- AllowedUrlError::BaseRequired => write!(f, "base required"), +- AllowedUrlError::DifferentURISchemes => write!(f, "different URI schemes"), +- AllowedUrlError::DisallowedScheme => write!(f, "disallowed scheme"), +- AllowedUrlError::NotSiblingOrChildOfBaseFile => { +- write!(f, "not sibling or child of base file") +- } +- AllowedUrlError::InvalidPath => write!(f, "invalid path"), +- AllowedUrlError::BaseIsRoot => write!(f, "base is root"), +- AllowedUrlError::CanonicalizationError => write!(f, "canonicalization error"), ++ use AllowedUrlError::*; ++ match self { ++ HrefParseError(e) => write!(f, "URL parse error: {e}"), ++ BaseRequired => write!(f, "base required"), ++ DifferentUriSchemes => write!(f, "different URI schemes"), ++ DisallowedScheme => write!(f, "disallowed scheme"), ++ NotSiblingOrChildOfBaseFile => write!(f, "not sibling or child of base file"), ++ NoQueriesAllowed => write!(f, "no queries allowed"), ++ NoFragmentIdentifierAllowed => write!(f, "no fragment identifier allowed"), ++ InvalidPath => write!(f, "invalid path"), ++ BaseIsRoot => write!(f, "base is root"), ++ CanonicalizationError => write!(f, "canonicalization error"), + } + } + } + +-// For tests, we don't want to touch the filesystem. In that case, +-// assume that we are being passed canonical file names. +-#[cfg(not(test))] +-fn canonicalize>(path: P) -> Result { +- path.as_ref().canonicalize() +-} +-#[cfg(test)] +-fn canonicalize>(path: P) -> Result { +- Ok(path.as_ref().to_path_buf()) +-} +- + /// Parsed result of an href from an SVG or CSS file + /// + /// Sometimes in SVG element references (e.g. the `href` in the `` element) we +@@ -234,6 +263,8 @@ impl Href { + mod tests { + use super::*; + ++ use std::path::PathBuf; ++ + #[test] + fn disallows_relative_file_with_no_base_file() { + assert_eq!( +@@ -284,56 +315,136 @@ mod tests { + ); + } + ++ fn url_from_test_fixtures(filename_relative_to_librsvg_srcdir: &str) -> Url { ++ let path = PathBuf::from(filename_relative_to_librsvg_srcdir); ++ let absolute = path ++ .canonicalize() ++ .expect("files from test fixtures are supposed to canonicalize"); ++ Url::from_file_path(absolute).unwrap() ++ } ++ + #[test] + fn allows_relative() { +- assert_eq!( +- AllowedUrl::from_href( +- "foo.svg", +- Some(Url::parse("file:///example/bar.svg").unwrap()).as_ref() +- ) +- .unwrap() +- .as_ref(), +- "file:///example/foo.svg", +- ); ++ let resolved = AllowedUrl::from_href( ++ "foo.svg", ++ Some(url_from_test_fixtures("../tests/fixtures/loading/bar.svg")).as_ref() ++ ).unwrap(); ++ ++ let resolved_str = resolved.as_str(); ++ assert!(resolved_str.ends_with("/loading/foo.svg")); + } + + #[test] + fn allows_sibling() { +- assert_eq!( +- AllowedUrl::from_href( +- "file:///example/foo.svg", +- Some(Url::parse("file:///example/bar.svg").unwrap()).as_ref() +- ) +- .unwrap() +- .as_ref(), +- "file:///example/foo.svg", +- ); ++ let sibling = url_from_test_fixtures("../tests/fixtures/loading/foo.svg"); ++ let resolved = AllowedUrl::from_href( ++ sibling.as_str(), ++ Some(url_from_test_fixtures("../tests/fixtures/loading/bar.svg")).as_ref() ++ ).unwrap(); ++ ++ let resolved_str = resolved.as_str(); ++ assert!(resolved_str.ends_with("/loading/foo.svg")); + } + + #[test] + fn allows_child_of_sibling() { +- assert_eq!( +- AllowedUrl::from_href( +- "file:///example/subdir/foo.svg", +- Some(Url::parse("file:///example/bar.svg").unwrap()).as_ref() +- ) +- .unwrap() +- .as_ref(), +- "file:///example/subdir/foo.svg", +- ); ++ let child_of_sibling = url_from_test_fixtures("../tests/fixtures/loading/subdir/baz.svg"); ++ let resolved = AllowedUrl::from_href( ++ child_of_sibling.as_str(), ++ Some(url_from_test_fixtures("../tests/fixtures/loading/bar.svg")).as_ref() ++ ).unwrap(); ++ ++ let resolved_str = resolved.as_str(); ++ assert!(resolved_str.ends_with("/loading/subdir/baz.svg")); + } + ++ // Ignore on Windows since we test for /etc/passwd ++ #[cfg(unix)] + #[test] + fn disallows_non_sibling() { + assert_eq!( + AllowedUrl::from_href( + "file:///etc/passwd", +- Some(Url::parse("file:///example/bar.svg").unwrap()).as_ref() ++ Some(url_from_test_fixtures("../tests/fixtures/loading/bar.svg")).as_ref() + ), + Err(AllowedUrlError::NotSiblingOrChildOfBaseFile) + ); + } + ++ #[test] ++ fn disallows_queries() { ++ assert!(matches!( ++ AllowedUrl::from_href( ++ ".?../../../../../../../../../../etc/passwd", ++ Some(url_from_test_fixtures("../tests/fixtures/loading/bar.svg")).as_ref(), ++ ), ++ Err(AllowedUrlError::NoQueriesAllowed) ++ )); ++ } ++ ++ #[test] ++ fn disallows_weird_relative_uris() { ++ let base_url = url_from_test_fixtures("../tests/fixtures/loading/bar.svg"); ++ ++ assert!( ++ AllowedUrl::from_href( ++ ".@../../../../../../../../../../etc/passwd", ++ Some(&base_url), ++ ).is_err() ++ ); ++ assert!( ++ AllowedUrl::from_href( ++ ".$../../../../../../../../../../etc/passwd", ++ Some(&base_url), ++ ).is_err() ++ ); ++ assert!( ++ AllowedUrl::from_href( ++ ".%../../../../../../../../../../etc/passwd", ++ Some(&base_url), ++ ).is_err() ++ ); ++ assert!( ++ AllowedUrl::from_href( ++ ".*../../../../../../../../../../etc/passwd", ++ Some(&base_url), ++ ).is_err() ++ ); ++ assert!( ++ AllowedUrl::from_href( ++ "~/../../../../../../../../../../etc/passwd", ++ Some(&base_url), ++ ).is_err() ++ ); ++ } ++ ++ #[test] ++ fn disallows_dot_sibling() { ++ println!("cwd: {:?}", std::env::current_dir()); ++ let base_url = url_from_test_fixtures("../tests/fixtures/loading/bar.svg"); ++ ++ assert!(matches!( ++ AllowedUrl::from_href(".", Some(&base_url)), ++ Err(AllowedUrlError::NotSiblingOrChildOfBaseFile) ++ )); ++ assert!(matches!( ++ AllowedUrl::from_href(".#../../../../../../../../../../etc/passwd", Some(&base_url)), ++ Err(AllowedUrlError::NoFragmentIdentifierAllowed) ++ )); ++ } ++ ++ #[test] ++ fn disallows_fragment() { ++ // AllowedUrl::from_href() explicitly disallows fragment identifiers. ++ // This is because they should have been stripped before calling that function, ++ // by the Iri machinery. ++ ++ assert!(matches!( ++ AllowedUrl::from_href("bar.svg#fragment", Some(Url::parse("https://example.com/foo.svg").unwrap()).as_ref()), ++ Err(AllowedUrlError::NoFragmentIdentifierAllowed) ++ )); ++ } ++ + #[test] + fn parses_href() { + assert_eq!( +diff --git a/rsvg_internals/src/filters/component_transfer.rs b/rsvg_internals/src/filters/component_transfer.rs +index 235435ffa..6845eac18 100644 +--- a/rsvg_internals/src/filters/component_transfer.rs ++++ b/rsvg_internals/src/filters/component_transfer.rs +@@ -261,7 +261,7 @@ macro_rules! func_or_default { + } + } + _ => &$func_default, +- }; ++ } + }; + } + +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 13c2d51f2..b3faf2da5 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -82,6 +82,7 @@ dist_installed_test_data = \ + $(wildcard $(srcdir)/fixtures/errors/*) \ + $(wildcard $(srcdir)/fixtures/infinite-loop/*) \ + $(wildcard $(srcdir)/fixtures/loading/*) \ ++ $(wildcard $(srcdir)/fixtures/loading/subdir/*) \ + $(wildcard $(srcdir)/fixtures/reftests/*.css) \ + $(wildcard $(srcdir)/fixtures/reftests/*.svg) \ + $(wildcard $(srcdir)/fixtures/reftests/*.png) \ +diff --git a/tests/fixtures/loading/bar.svg b/tests/fixtures/loading/bar.svg +new file mode 100644 +index 000000000..304670099 +--- /dev/null ++++ b/tests/fixtures/loading/bar.svg +@@ -0,0 +1 @@ ++ +diff --git a/tests/fixtures/loading/foo.svg b/tests/fixtures/loading/foo.svg +new file mode 100644 +index 000000000..304670099 +--- /dev/null ++++ b/tests/fixtures/loading/foo.svg +@@ -0,0 +1 @@ ++ +diff --git a/tests/fixtures/loading/subdir/baz.svg b/tests/fixtures/loading/subdir/baz.svg +new file mode 100644 +index 000000000..304670099 +--- /dev/null ++++ b/tests/fixtures/loading/subdir/baz.svg +@@ -0,0 +1 @@ ++ +-- +GitLab + diff --git a/librsvg2.spec b/librsvg2.spec index 67af3395258b6363c355bbad9c2e84ca58268f92..88e3ed4fa5043a1cc364383a6caf29a85555331e 100644 --- a/librsvg2.spec +++ b/librsvg2.spec @@ -9,36 +9,34 @@ # required rust libraries %global bundled_rust_deps 1 +%global cairo_version 1.16.0 + Name: librsvg2 Summary: An SVG library based on cairo -Version: 2.42.7 -Release: 4%{anolis_release}%{?dist} +Version: 2.50.7 +Release: 2%{anolis_release}%{?dist} License: LGPLv2+ URL: https://wiki.gnome.org/Projects/LibRsvg -Source0: https://download.gnome.org/sources/librsvg/2.42/librsvg-%{version}.tar.xz - -# https://bugzilla.redhat.com/show_bug.cgi?id=1804519 -# https://gitlab.gnome.org/GNOME/librsvg/-/issues/515 -Patch0: CVE-2019-20446.patch -# https://github.com/servo/rust-cssparser/pull/245 -Patch1: fix-cssparser-build.patch +Source0: https://download.gnome.org/sources/librsvg/2.50/librsvg-%{version}.tar.xz +# https://bugzilla.redhat.com/show_bug.cgi?id=2224947 +Patch0: librsvg2-CVE-2023-38633.patch BuildRequires: chrpath BuildRequires: gcc # autosetup need git BuildRequires: git BuildRequires: gobject-introspection-devel -BuildRequires: pkgconfig(cairo) -BuildRequires: pkgconfig(cairo-png) +BuildRequires: make +BuildRequires: pkgconfig(cairo) >= %{cairo_version} +BuildRequires: pkgconfig(cairo-gobject) >= %{cairo_version} +BuildRequires: pkgconfig(cairo-png) >= %{cairo_version} BuildRequires: pkgconfig(fontconfig) BuildRequires: pkgconfig(gdk-pixbuf-2.0) BuildRequires: pkgconfig(gio-2.0) BuildRequires: pkgconfig(gio-unix-2.0) BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(gthread-2.0) -BuildRequires: pkgconfig(gtk+-3.0) -BuildRequires: pkgconfig(libcroco-0.6) BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(pangocairo) BuildRequires: pkgconfig(pangoft2) @@ -51,20 +49,12 @@ BuildRequires: cargo-vendored-libc %endif %else BuildRequires: rust-packaging -# [dependencies] -BuildRequires: (crate(cairo-rs) >= 0.3.0 with crate(cairo-rs) < 0.4.0) -BuildRequires: (crate(cairo-sys-rs) >= 0.5.0 with crate(cairo-sys-rs) < 0.6.0) -BuildRequires: (crate(cssparser) >= 0.23.0 with crate(cssparser) < 0.24.0) -BuildRequires: (crate(downcast-rs) >= 1.0.0 with crate(downcast-rs) < 2.0.0) -BuildRequires: (crate(glib) >= 0.4.0 with crate(glib) < 0.5.0) -BuildRequires: (crate(glib-sys) >= 0.5.0 with crate(glib-sys) < 0.6.0) -BuildRequires: (crate(itertools) >= 0.7.4 with crate(itertools) < 0.8.0) -BuildRequires: (crate(libc) >= 0.2.0 with crate(libc) < 0.3.0) -BuildRequires: (crate(pango) >= 0.3.0 with crate(pango) < 0.4.0) -BuildRequires: (crate(pango-sys) >= 0.5.0 with crate(pango-sys) < 0.6.0) -BuildRequires: (crate(regex) >= 0.2.1 with crate(regex) < 0.3.0) %endif +# For Patch0. +BuildRequires: autoconf automake gettext-devel +Requires: cairo%{?_isa} >= %{cairo_version} +Requires: cairo-gobject%{?_isa} >= %{cairo_version} # We install a gdk-pixbuf svg loader Requires: gdk-pixbuf2%{?_isa} @@ -87,43 +77,57 @@ Requires: %{name}%{?_isa} = %{version}-%{release} This package provides extra utilities based on the librsvg library. %prep -%autosetup -n librsvg-%{version} -p1 -S git +%autosetup -n librsvg-%{version} -p1 %if 0%{?bundled_rust_deps} -# Use the bundled deps, and enable release debuginfo -sed -i -e '/profile.release/a debug = true' Cargo.toml +# Use the bundled deps %ifarch loongarch64 rm -rf vendor/libc -rm -f Cargo.lock ln -s %{_datadir}/cargo/vendor/libc vendor/ +sed -i "s/0.2.95/0.2.138/g" Cargo.lock +sed -i "s/789da6d93f1b866ffe175afc5322a4d76c038605a1c3319bb57b06967ca98a36/db6d7e329c562c5dfab7a46a2afabc8b987ab9a4834c9d1ca04dc54c1546cef8/g" Cargo.lock %endif %else # No bundled deps -rm -vrf vendor -%cargo_prep +rm -vrf vendor .cargo Cargo.lock +pushd rsvg_internals + %cargo_prep + mv .cargo .. +popd +%endif + +%if ! 0%{?bundled_rust_deps} +%generate_buildrequires +pushd rsvg_internals >/dev/null + %cargo_generate_buildrequires +popd >/dev/null %endif %build +# For Patch0. +autoreconf --force --install + %configure --disable-static \ - --disable-gtk-doc \ - --enable-introspection \ - --enable-vala + --disable-gtk-doc \ + --enable-introspection \ + --enable-vala %make_build %install %make_install find %{buildroot} -type f -name '*.la' -print -delete +%find_lang librsvg + # Remove lib64 rpaths chrpath --delete %{buildroot}%{_bindir}/rsvg-convert -chrpath --delete %{buildroot}%{_bindir}/rsvg-view-3 chrpath --delete %{buildroot}%{_libdir}/gdk-pixbuf-2.0/*/loaders/libpixbufloader-svg.so # we install own docs rm -vrf %{buildroot}%{_datadir}/doc -%files +%files -f librsvg.lang %doc CONTRIBUTING.md README.md -%license COPYING COPYING.LIB +%license COPYING.LIB %{_libdir}/librsvg-2.so.* %{_libdir}/gdk-pixbuf-2.0/*/loaders/libpixbufloader-svg.so %dir %{_libdir}/girepository-1.0 @@ -146,29 +150,195 @@ rm -vrf %{buildroot}%{_datadir}/doc %files tools %{_bindir}/rsvg-convert -%{_bindir}/rsvg-view-3 %{_mandir}/man1/rsvg-convert.1* %changelog -* Mon Dec 12 2022 Liwei Ge - 2.42.7-4.0.2 -- Support loongarch64 build +* Tue Jan 2 2024 Wenlong Zhang - 2.50.7-2.0.2 +- fix build error for loongarch64 -* Fri Dec 10 2021 Weitao Zhou 2.42.7-4.0.1 +* Wed Dec 06 2023 Weitao Zhou - 2.50.7-2.0.1 - Add git as build requirement for autosetup +- Support loongarch64 build (geliwei@openanolis.org) + +* Thu Aug 10 2023 David King - 2.50.7-2 +- Fix CVE-2023-38633 (#2224947) + +* Tue Aug 24 2021 Kalev Lember - 2.50.7-1 +- Update to 2.50.7 + +* Mon Aug 09 2021 Mohan Boddu - 2.50.6-2 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Tue May 25 2021 Kalev Lember - 2.50.6-1 +- Update to 2.50.6 + +* Wed May 05 2021 Kalev Lember - 2.50.5-1 +- Update to 2.50.5 + +* Fri Apr 16 2021 Mohan Boddu - 2.50.3-2 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Thu Jan 28 2021 Kalev Lember - 2.50.3-1 +- Update to 2.50.3 + +* Tue Jan 26 2021 Fedora Release Engineering - 2.50.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Nov 25 2020 Kalev Lember - 2.50.2-1 +- Update to 2.50.2 + +* Mon Oct 5 2020 Kalev Lember - 2.50.1-1 +- Update to 2.50.1 + +* Fri Sep 11 2020 Kalev Lember - 2.50.0-1 +- Update to 2.50.0 + +* Tue Jul 28 2020 Fedora Release Engineering - 2.48.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 20 2020 Kalev Lember - 2.48.8-1 +- Update to 2.48.8 + +* Fri Jun 05 2020 Kalev Lember - 2.48.7-1 +- Update to 2.48.7 + +* Tue Jun 02 2020 Kalev Lember - 2.48.6-1 +- Update to 2.48.6 + +* Mon Jun 01 2020 Kalev Lember - 2.48.5-1 +- Update to 2.48.5 + +* Fri Apr 24 2020 Kalev Lember - 2.48.4-1 +- Update to 2.48.4 + +* Fri Apr 10 2020 Kalev Lember - 2.48.3-1 +- Update to 2.48.3 + +* Tue Mar 31 2020 Kalev Lember - 2.48.2-1 +- Update to 2.48.2 + +* Sat Mar 28 2020 Kalev Lember - 2.48.1-1 +- Update to 2.48.1 + +* Sat Mar 07 2020 Kalev Lember - 2.48.0-1 +- Update to 2.48.0 + +* Wed Jan 29 2020 Fedora Release Engineering - 2.46.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Nov 27 2019 Kalev Lember - 2.46.4-1 +- Update to 2.46.4 + +* Wed Oct 23 2019 Kalev Lember - 2.46.3-1 +- Update to 2.46.3 + +* Mon Oct 14 2019 Kalev Lember - 2.46.2-1 +- Update to 2.46.2 -* Wed May 13 2020 Michael Catanzaro - 2.42.7-4 -- Resolves: rhbz#1804519 Add patch for CVE-2019-20446 +* Mon Oct 07 2019 Kalev Lember - 2.46.1-1 +- Update to 2.46.1 -* Thu Dec 06 2018 Josh Stone - 2.42.7-2 -- Rebuild with the current rust-toolset +* Fri Sep 20 2019 Kalev Lember - 2.46.0-2 +- Backport a patch to fix svg rendering in gnome-initial-setup (#1753183) -* Tue Sep 04 2018 Kalev Lember - 2.42.7-1 -- Update to 2.42.7 +* Mon Sep 09 2019 Kalev Lember - 2.46.0-1 +- Update to 2.46.0 -* Wed Aug 08 2018 Kalev Lember - 2.42.6-1 -- Update to 2.42.6 +* Tue Sep 03 2019 Kalev Lember - 2.45.92-1 +- Update to 2.45.92 + +* Mon Aug 19 2019 Kalev Lember - 2.45.91-1 +- Update to 2.45.91 + +* Sun Aug 04 2019 Pete Walter - 2.45.90-1 +- Update to 2.45.90 + +* Fri Jul 26 2019 Pete Walter - 2.45.8-1 +- Update to 2.45.8 + +* Thu Jul 25 2019 Fedora Release Engineering - 2.45.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Jul 08 2019 Kalev Lember - 2.45.7-1 +- Update to 2.45.7 + +* Tue May 14 2019 Kalev Lember - 2.45.6-1 +- Update to 2.45.6 + +* Wed Mar 13 2019 Kalev Lember - 2.45.5-4 +- Go back to using bundled rust deps + +* Tue Feb 19 2019 Kalev Lember - 2.45.5-3 +- Rebuilt against fixed atk (#1626575) + +* Tue Feb 19 2019 Igor Gnatenko - 2.45.5-2 +- Unbundle Rust deps + +* Sat Feb 16 2019 Kalev Lember - 2.45.5-1 +- Update to 2.45.5 + +* Fri Feb 01 2019 Fedora Release Engineering - 2.45.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Wed Jan 09 2019 Kalev Lember - 2.45.4-1 +- Update to 2.45.4 + +* Wed Jan 09 2019 Kalev Lember - 2.45.3-2 +- Fix accidental soname bump + +* Wed Jan 09 2019 Kalev Lember - 2.45.3-1 +- Update to 2.45.3 + +* Sat Dec 29 2018 Kalev Lember - 2.44.11-1 +- Update to 2.44.11 + +* Tue Dec 18 2018 Kalev Lember - 2.44.10-1 +- Update to 2.44.10 + +* Wed Nov 14 2018 Kalev Lember - 2.44.9-1 +- Update to 2.44.9 + +* Fri Oct 26 2018 Kalev Lember - 2.44.8-1 +- Update to 2.44.8 + +* Tue Oct 09 2018 Kalev Lember - 2.44.7-1 +- Update to 2.44.7 + +* Fri Sep 28 2018 Kalev Lember - 2.44.6-1 +- Update to 2.44.6 + +* Wed Sep 26 2018 Kalev Lember - 2.44.4-1 +- Update to 2.44.4 + +* Thu Sep 20 2018 Kalev Lember - 2.44.3-1 +- Update to 2.44.3 + +* Fri Sep 07 2018 Kalev Lember - 2.44.2-2 +- Rebuilt against fixed atk (#1626575) + +* Wed Sep 05 2018 Kalev Lember - 2.44.2-1 +- Update to 2.44.2 + +* Wed Aug 08 2018 Kalev Lember - 2.43.4-1 +- Update to 2.43.4 - Use bundled rust deps +* Fri Jul 13 2018 Fedora Release Engineering - 2.43.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Sun Jul 01 2018 Igor Gnatenko - 2.43.1-2 +- Bump cssparser to 0.24 + +* Sun Jun 24 2018 Igor Gnatenko - 2.43.1-1 +- Update to 2.43.1 + +* Tue May 08 2018 Igor Gnatenko - 2.42.4-1 +- Update to 2.42.4 + +* Thu May 03 2018 Josh Stone - 2.42.3-2 +- Update rust dependencies. + * Mon Mar 05 2018 Kalev Lember - 2.42.3-1 - Update to 2.42.3