librsvg-2.42.8-3.3.1

- Fix bsc#1162501 - CVE-2019-20446 - Denial-of-service when loading
  extremely big files, or rendering files with recursively referenced
  elements.
- Update to version 2.42.8:
  + CVE-2019-20446 - Backport the following fixes from 2.46.x:
  + #515 - Librsvg now has limits on the number of loaded XML elements,
    and the number of referenced elements within an SVG document.  This
    is to mitigate malicious SVGs which try to consume all memory, and
    those which try to consume an exponential amount of CPU time.
  + #308 - Fix stack exhaustion with circular references in <use>
    elements.

- Update to version 2.42.3:
  + glgo#GNOME/librsvg#205: The configure script now checks for
    Rust 1.20.0. Previously this minimum requirement was not
    well-defined.
  + glgo#GNOME/librsvg#204: New feature: If an SVG has an <a> link
    element, we now generate the corresponding link when
    outputting to a Cairo PDF surface.  If you use rsvg-convert(1)
    with PDF output, <a> links in the SVG will work in the PDF.
  + glgo#GNOME/librsvg#108: New feature: support font-size:larger
    and font-size:smaller relative sizes.
  + New feature: rsvg-convert now supports SOURCE_DATE_EPOCH to
    generate reproducible output for PDFs.
  + glgo#GNOME/librsvg#197: New requirement: We now require
    Freetype2 2.9.0, which fixes font rendering bugs. The test
    reference PNGs have been regenerated with this version.
  + glgo#GNOME/librsvg#91: Fix rendering of masks and clips when
    the initial transformation has a translation component.
  + glgo#GNOME/librsvg#112: Fix: apply style attributes for all SVG
    elements, not just for the toplevel one.
  + glgo#GNOME/librsvg#161: Fix the marker angle for the last
    vertex of closed paths.
  + glgo#GNOME/librsvg#198: Fix: Make rsvg_pixbuf_from_file() and
    its derived functions work again.  Now we have tests for the
    whole public API.
  + glgo#GNOME/librsvg#143: Minor optimizations for Gaussian blurs.
  + glgo#GNOME/librsvg#201: Minor speedups in the code to parse SVG
    attributes.
  + glgo#GNOME/librsvg#178: Fix some tests that failed on 32-bit
    machines.
  + In addtion to --enable-debug/--disable-debug to control the
    Rust compilation, now you can use an environment variable
    LIBRSVG_DEBUG=yes / LIBRSVG_DEBUG=no if you wish.
  + Code moved to Rust: SVG paint servers, SVG attribute parsing.
  + We now use a Cargo workspace internally, to move more things to
    Rust.
- Add pkgconfig(freetype2) BuildRequires: New dependency.

- Modernize spec-file by calling spec-cleaner

- Update to version 2.42.2:
  + Don't crash when feConvolveMatrix doesn't specify orderx/ordery
    attributes (glgo#librsvg#193).
  + Parse stroke-dasharray property correctly. This code is in Rust
    now; yay! (glgo#librsvg#136).
  + Don't render markers if they are zero-sized, per the spec.
  + Performance: eliminate a bunch of string copies during parsing.
  + Update rust-cssparser to 0.23.

- Update to version 2.42.1:
  + Parse the transform attribute in a faster/simpler way. We now
    use rust-cssparser instead of lalrpop.  This is especially
    noticeable on SVGs with lots of "transform" attributes
    (glgo#librsvg#182).
  + Don't crash when setting a gradient on a zero-sized object
    (glgo#librsvg#187).
  + Inherit attributes in the <svg> element properly
    (glgo#librsvg#181).
  + rsvg-convert - fix error reporting when reading from stdin
    (glgo#librsvg#160).
  + Fix detection of image type in "data:" URIs when they don't
    specify a MIME type (glgo#librsvg#152).
  + More stringent parsing of path data; better tests
    (glgo#librsvg#133).
  + Fix typos and links in the .md files.

- Update to version 2.42.0:
  + Fix a memory leak in rsvg_handle_new_from_file().
  + Optimize the xml:space normalization function.
  + Fix a runtime warning in the feMergeNode code
    (glgo#GNOME/librsvg#179).
  + Clarify documentation about the rsvg_*_sub() APIs
    (glgo#GNOME/librsvg#175).
  + Stylistic fixes from cargo-clippy.
  + Port the Pango glue code to Rust.
  + New ARCHITECTURE.md with a description of librsvg's internals.
- Clean up spec, use autosetup macro.

- Update to version 2.41.2:
  + Bug fixes:
  - Mis-use of libxml2 (bgo#787895).
  - Allow masks and clips to reuse a node being drawn
    (bgo#761175).
  + Fixes:
  - xml:space normalization, per the spec.
  - Bugs from Coverity runs.
  - Loading files one byte at a time.
  - Some memory leaks.
  + Don't access the file system when deciding whether to load a
    remote file with a UNC path for a paint server (i.e. don't try
    to load it at all).
  + Add:
  - Support for cross-compilation of the Rust code.
  - Verbosity to Cargo.
  + Markers now have the correct default size per the SVG spec.
  + Don't render elements that establish a viewport if their
    viewBox size is 0, per the spec.
  + SVG elements ported to Rust: image, clipPath, mask, character
    data in elements.
  + Reference documentation now have an overview of the library and
    is DocBook 5.1.
  + Expanded the test suite.
  + Lots of internal refactoring.
- Changes from version 2.41.0:
  + The big news is that parts of librsvg are now implemented in
    the Rust programming language, instead of C. The public API
    remains identical. Rust should provide us with memory safety
    and nicer built-in abstractions for the code, as well as an
    easier way to do unit tests.
  + Added an "--enable-debug" option to configure.ac - this will
    tell the Rust compiler to generate debugging code, instead of
    working in release mode. Note that you must still pass CFLAGS
    by hand by the regular means for the C code.
  + The path data parser now handles boolean values in Arc elements
    correctly.
  + Radial gradients now adjust the focus point correctly to be
    within the gradient's radius.
  + Stroke width normalization is now conformant to the spec.
  + Viewport-relative length normalization is now conformant to the
    spec.
  + Added some of the official SVG 1.1 test files to our test
    suite. Fixed a little bunch of conformance bugs.
  + Code that has been converted to Rust:  marker orientations and
    rendering, path data parser, path building, length
    normalization, gradient inheritance, bounding boxes with affine
    transformations.
  + Added tests/README.md with instructions on how to run the test
    suite and update it.
  + rsvg-test can now skip files or directories that start with
    "ignore".
  + Fixes:
  - feImage filters when they reference SVG nodes.
  - eComponentTransferFunction when there are duplicated feFuncX.
    elements.
  - Conformance bugs in gradient inheritance.
  - A few minor issues.
  + Fixed bugs: bgo#763386, bgo#603550, bgo#776297, bgo#761871,
    bgo#686953.
- Changes from version 2.41.1:
  + The feConvolveMatrix filter primitive now is working.
  + Pattern specifications can now have a fallback color, per the
    spec - https://www.w3.org/TR/SVG/painting.html#SpecifyingPaint
  + Tests now use a very basic form of reproducible font rendering.
    This means that "make check" should pass even if you have a
    custom Fontconfig setup.
  - A few cases of uninitialized struct fields.
  + Per the spec, we now don't render elements which have invalid
    attributes.
  + Don't crash in filters when one of them yields an invalid
    surface for an intermediate result.
  + Added a bunch of new test cases for the new features and the
    code converted to Rust.
  + cairo-rs 0.2.0 and lalrpop 0.13.1 are now required.
  + Fixes:
  - Recursive fallbacks in gradients.
  - Division by zero in feTile filter when the input surface is
    empty.
  - parsing of "azimuth", "elevation", "limitingConeAngle" for
    filter effects.
  + Fixed bugs: bgo#621088, bgo#587721, bgo#776932, bgo#777155,
    bgo#776297, bgo#777834, bgo#634324, bgo#783835, bgo#779489,
    bgo#782098, bgo#777833, bgo#786372, bgo#634514, bgo#785276,
    bgo#778666.
- Update Url to https://wiki.gnome.org/Projects/LibRsvg: current
  LibRsvg project's web page.
- Add BuildRequires for the following new dependencies that
  upstream's rust implementation brought: cargo, rust and rust-std.
- Add pkgconfig(cairo-png) BuildRequires: it was already being
  pulled with pkgconfig(cairo) and used, since they live in the
  same devel package.
- Add gio-unix-2.0 and gthread-2.0 pkgconfig BuildRequires: they
  were already being pulled with pkgconfig(glib-2.0) and used,
  since they all live in glib2-devel package.
- Adopt the use of %make_build rather than raw make command and
  switch %makeinstall by the preferred %make_install macros,
  following the best practices.
- Remove obsoleted %clean section since RPM does this job now and
  replace old macro for number of jobs control with %make_build
  following best practices.
- Change rsvg-thumbnailer subpackage group to
  Productivity/Graphics/Other as this is a better fit for it.
- Export -Wl,-z,noexecstack LDFLAG to avoid executable-stack
  issues. It's only a temporary flag until upstream give feedback
  (glgo#GNOME/librsvg#177).

- Fix RPM groups, drop redundant %clean section,
  update summaries.

- Update to version 2.40.20:
  + Allow masks and clips to reuse a node being drawn (bgo#761175).
  + Don't access the file system when deciding whether to load a
    remote file with a UNC path for a paint server (i.e. don't try
    to load it at all).
  + Fix generation of Vala bindings when compiling in read-only
    source directories.

- Update to version 2.40.19:
  + Fix the <switch> element; it wasn't working at all.
  + Fix loading when rsvg_handle_write() is called one byte at a
    time.
  + Backported the test suite machinery from the master branch.
  + Bugs fixed: bgo#587721, bgo#621088, bgo#634324, bgo#634514,
    bgo#777155, bgo#777833, bgo#782098, bgo#785276, bgo#786372,
    bgo#787895.
- Add pkgconfig(fontconfig) and pkgconfig(pangoft2) BuildRequires:
  new dependencies verified by configure.

- Update to version 2.40.18 (boo#1049607, CVE-2017-11464):
  + Fix division-by-zero in the Gaussian blur code (bgo#783835,
    boo#1049607, CVE-2017-11464).
  + Fix other cases of division-by-zero on fuzzed SVG files.
  + Don't crash on invalid transformation matrices.
  + Support Visual Studio 2017; generate .pc files for Meson on
    Windows.

- Update to version 2.40.17:
  + bgo#778666: Use our own thumbnailer specification file, so
    gnome-desktop-thumbnailer can generate thumbnails outside of
    the calling process.
  + Removed some redundant code.
  + Windows build fixes.
- Split out new sub-package rsvg-thumbnailer (noarch).

- Update to version 2.40.16:
  + Support for building the introspection files under MSVC.
  + Make the zooming options in rsvg-convert(1) work again for
    scaling the resulting image (bgo#760262).
  + Wikipedia generates equations as SVGs and renders them, but
    uses fill="currentColor". Since we don't let caller specify a
    starting state for CSS, we need to start with opaque black as
    the default current color (bgo#764808).
  + Added documentation for how to replace the deprecated
    rsvg_handle_set_size_callback().
- Drop librsvg-Fix-rsvg-convert.patch: Fixed upstream.

- Add librsvg-Fix-rsvg-convert.patch: Actually scale the image if
  required, regression fix from upstream git (bgo#760262).

- Update to GNOME 3.20  Fate#318572

- Update to version 2.40.15:
  + Librsvg now uses the Contributor Covenant Code of Conduct,
    version 1.4, to which all contributors and maintainers are
    expected to abide. Please see the code_of_conduct.md file for
    details.
  + Fixed builds on Visual Studio pre-2012.
  + Fixed bgo#759084: Don't crash when filters don't actually
    exist.
  + Updated our autogen.sh to use modern autotools.
  + Fixed bgo#761728: Memory leak in the PrimitiveComponentTransfer
    filter.

- Update to version 2.40.13:
  + Fixed the Windows build.
  + Added basic support for the "baseline-shift" attribute in text
    objects (bgo#340047).
  + Fixed some duplicate logic when rendering paths (bgo#749415).
  + Rewrote the markers engine (bgo#685906, bgo#760180).

- Update to version 2.40.12:
  + Refactoring of the test harness to use Glib's gtest
    infrastructure, instead of using home-grown machinery.  Tests
    can simply be put as SVG files in the tests/subdirectories; it
    is not necessary to list them explicitly in some text file.
  + Gzipped SVGs now work if read from streams.
  + References to objects/filters/URIs/etc. are now handled lazily.
    Also, there is a general-purpose cycle detector so malformed
    SVGs don't cause infinite loops.
  + Removed parsing of Adobe blend modes; they were not
    implemented, anyway.
  + Bugs fixed: bgo#700911, bgo#630732, bgo#677068.

- Update to version 2.40.11:
  + Add project files for building on Visual Studio (bgo#753555).
  + Added an "--export-id" option to rsvg-convert(1). This lets you
    select a single object to export, for example, to pick out a
    group from a multi-part drawing.  Note that this is mostly
    useful for PNG output right now; for SVG output we don't
    preserve many attributes which could be useful in the extracted
    version.  Doing this properly requires an internal "output to
    SVG" backend instead of just telling Cairo to render to SVG.

- Update to version 2.40.10:
  + bgo#748608: Memory leak when Gaussian-blurring.
  + bgo#739329: Font-family attributes with singly-quoted names
    were not handled correctly, yielding incorrect fonts.
  + bgo#476507: Path start/end markers didn't have the correct
    angle if the path was a curve with coincident control points.
  + bgo#688689: Support font-style="normal" within a non-normal
    styled text block.
  + Fixed builddir != srcdir.
  + Remove a bunch of deprecated GTK+ calls.