Package Release Info

librsvg-2.52.10-150400.3.6.1

Update Info: SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3021
Available in Package Hub : 15 SP5 Subpackages Updates

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

Change Logs

* Fri Jul 21 2023 federico@suse.com
- Update to version 2.52.10:
  + Fix arbitrary file read when href has special characters.
- bsc#1213502 - CVE-2023-38633 - directory traversal in URI decoder.
* Fri Jun 10 2022 qkzhu@suse.com
- Update to version 2.52.9:
  + Fix regressions when computing element geometries.
* Fri Apr 29 2022 yu.daike@suse.com
- Update to version 2.52.8:
  + Catch circular references when rendering patterns.
* Sat Mar 12 2022 bjorn.lie@gmail.com
- Update to version 2.52.7:
  + Backport a fix for the regression that was introduced in the
    last release: Output filled text as text for PDF; fixes
    regression due to outputting all text as paths.
* Thu Feb 17 2022 bjorn.lie@gmail.com
- Update to version 2.52.6:
  + Fix incorrect text rendering when text has different scales in
    the X/Y axes. This regressed after librsvg 2.52.5, when Pango
    had to revert its fix for the same bug. Now librsvg renders all
    text as paths, and does the scaling itself. Please file a bug
    if you have evidence that this presents a performance problem
    for you.
* Fri Dec 17 2021 bjorn.lie@gmail.com
- Update to version 2.52.5:
  + Fix mangled output in rsvg-convert when redirecting output to
    a pipe on Windows.
  + When outputting to SVG, rsvg-convert now uses the width/height
    units specified in the command line; it always used pixels
    before.
  + Fix incorrect top/left margins for SVG/PS/EPS/PDF output.
  + Fix incorrect placement of glyphs when text has non-uniform
    scaling in the X/Y axes. This is not a librsvg bug, but is
    fixed by Pango 1.49.3 and later. Hopefully Pango 1.48.11 will
    be released soon with this fix as well. Note that this release
    of librsvg cannot increase the minimum Pango version to 1.48.11
    because it is not released yet.
  + Miscellaneous: Updated crate dependencies: assert_cmd, cast,
    clap cssparser, float-cmp, itertools, nalgebra, png, proptest,
    rctree, selectors, system-deps.
* Thu Dec 02 2021 federico@suse.com
- Remove librsvg-s390x-cairo-has-current-point.patch - it is included
  in the upstream tarball now.
* Thu Nov 18 2021 bjorn.lie@gmail.com
- Disable testsuite for now, let upstream figure out the issue with
  harfbuzz 3.1.1.
* Sat Nov 13 2021 bjorn.lie@gmail.com
- Update to version 2.52.4:
  + New features:
  - Support the isolation property from the Compositing and
    Blending Level 1 specification.
  - Support Visual Studio 2022.
  + Bug fixes:
  - The opacity and mix-blend-mode properties were not being
    applied when an element has a mask.
  - Fix panic when an empty group has a pattern fill and filters.
  - Fix the tests on Windows; the still only work when Fontconfig
    is present.
  - Work around a bug in the cairo-rs bindings in the test suite,
    that only manifests itself in s/390x due to its calling
    convention. See
    https://github.com/gtk-rs/gtk-rs-core/issues/335
* Sat Nov 06 2021 federico@suse.com
- Add librsvg-s390x-cairo-has-current-point.patch for
  https://github.com/gtk-rs/gtk-rs-core/issues/335 - otherwise the
  test suite fails on s390x due to a bug in the cairo-rs bindings.
* Tue Nov 02 2021 william.brown@suse.com
- Add cargo audit obs service
* Wed Oct 27 2021 bjorn.lie@gmail.com
- Update to version 2.52.3:
  + Bugfixes, mostly for text layout. Also, text links in PDF!
  - Support text-decoration=overline.
  - Basic support for the unicode-bidi property. Librsvg still
    considers each tspan independently of others, which is
    incorrect, but at least bidi-override works now for a single
    embedding level.
  - Fix placement of tspan that changes the text direction.
  - :lang() selector should now match lang attribute from an
    element's parent.
  - Fix the text-anchor property for right-to-left text.
  - PDF now includes links inside text elements.
* Sat Oct 16 2021 bjorn.lie@gmail.com
- Update to version 2.52.2:
  + New features:
  - rsvg-convert now supports generating multi-page PDFs in a
    sensible way.
  - With one SVG document per page, each page with the SVG's
    natural size:
  - rsvg-convert --format=pdf -o out.pdf a.svg b.svg c.svg
  - With all pages sized as portrait US Letter, and each SVG
    scaled to fit so that there is a 1in margin around each page:
    rsvg-convert --format=pdf -o out.pdf \
  - -page-width=8.5in --page-height=11in \
  - -width=6.5in --height=8.5in --keep-aspect-ratio \
  - -top=1in --left=1in a.svg b.svg c.svg
    Please see the man page for details.
  - Support <a> elements inside <text>. Also, support the CSS
    :link pseudo-class for matching against links.
  - Support the CSS :lang() pseudo-class for matching against an
    element's xml:lang attribute.
  - Support the mask-type property from SVG2.
  + Bugs fixed:
  - Don't panic when a shorthand property is set to inherit.
  - Fix regression with the viewport size of interior <svg>
    elements.
  - Allow length units to be case-insensitive, per SVG2.
  + Documentation:
  - There is now a FEATURES.md in the repository, where you can
    see all the elements, attributes, and properties that librsvg
    supports. We will be adding detail to this gradually.
  - For developers, there is now devel-docs/adding-a-property.md
    with a tutorial on how to add support for new CSS properties.
* Wed Oct 06 2021 bjorn.lie@gmail.com
- Update to version 2.52.1:
  + Fix ordering of tspan inside text elements for right-to-left
    languages.
  + Fix text-anchor positioning for right-to-left languages.
  + Fix regression in computing sizes when an SVG has only one of
    width/height and a viewBox.
  + Spec compliance - the writing-mode property applies only to
    text elements, no to individual tspan elements.
  + Fix build on big-endian platforms.
  + Clarify documentation for the rsvg_handle_write() /
    rsvg_handle_close() deprecated APIs.
* Sun Sep 26 2021 bjorn.lie@gmail.com
- Disable testsuite run on ix86 and arm.
* Fri Sep 17 2021 dimstar@opensuse.org
- Update to version 2.52.0:
  + The biggest user-visible change is that rsvg-convert has been
    ported to Rust.
  + rsvg-convert is now aware of physical units, and fixes a bug
    where PDFs were created at the wrong size.
  + Support for Accept-Language.
  + rsvg-convert's default DPI is now 96, to better match W3C
    standards.
  + SVG2/CSS3 features:
  - Transform property from SVG2; previously librsvg only
    supported the transform attribute from SVG1.1, which has
    different syntax.
  - context-fill and context-stroke for <marker> and <use>
    elements.
  - markers now support orient="auto-start-reverse".
  - paint-order for text elements.
  - "auto" values for the width and height attributes of the
    <image>, <rect>, and <svg> elements.
  - All the <filter-function> types from the Filter Effects
    Module Level 1 specification: blur(), brightness(),
    contrast(), drop-shadow(), grayscale(), hue-rotate(),
    invert(), opacity(), sepia(), saturate().
  - The filter property now supports chains of uri() filters or
    <filter-function> shortcuts.
  - Support CSS selectors for attribute matching, like
    rect[attr^="prefix"]
  + New APIs: See the HTML documentation for details.
- Drop -lang package: there are no translations available anymore.
* Sat Jun 05 2021 bjorn.lie@gmail.com
- Update to version 2.50.7:
  + Two cairo-related bug fixes:
  - glgo#GNOME/librsvg#745: Fix mismatched cairo_save/restore
    when running in inside the Cairo test suite.
  - glgo#GNOME/librsvg#746: Possible cairo_save() without
    cairo_restore() in render_layer().
* Thu May 27 2021 bjorn.lie@gmail.com
- Update to version 2.50.6:
  + Librsvg now requires at least Pango 1.44.
  + glgo#GNOME/librsvg#730: Incorrect text spacing when the
    transform is not 1:1. You can see this when a small font-size
    is scaled up due to a transform. It is less visible for a large
    font-size scaled down.
  + glgo#GNOME/librsvg#704: Fix circle/ellipse in paths when they
    are made out of a single Arc command.
* Fri Apr 30 2021 dimstar@opensuse.org
- Update to version 2.50.5:
  + Images embedded as data: URLs didn't render if they had a MIME
    type with a charset parameter.
  + Don't allow number lists with unbounded lengths in tableValues
    attributes, for feComponentTransfer and feConvolveMatrix.
  + Negative rx/ry in rect element should be ignored.
* Fri Apr 23 2021 federico@suse.com
- Update to version 2.46.5 on SLE and Leap:
  + Update dependent crates that had security vulnerabilities:
    generic-array to 0.12.4 - RUSTSEC-2020-0146
    smallvec to 0.6.14      - RUSTSEC-2021-0003 - CVE-2021-25900
  + There are no changes to the library code.
  + Fix bash-isms in Makefile.am (Tin-Wei Lan).
  + Fix Visual Studio build (Chun-wei Fan).
- bsc#1183403 - CVE-2021-25900 - buffer overflow in the smallvec crate.
Version: 2.42.9-3.6.1
* Thu Apr 22 2021 federico@suse.com
- Update to version 2.42.9:
  + Update dependent crates that had security vulnerabilities:
    smallvec to 0.6.14 - RUSTSEC-2018-0003 - CVE-2018-20991
  + The library code is unchanged.
- bsc#1148293 - CVE-2018-20991 - double-free in the smallvec crate.
- bsc#1181571; the bundled version of the cssparser crate
  now builds correctly on Rust 1.43.
Version: 2.42.8-3.3.1
* Sat Feb 29 2020 federico@suse.com
- Fix bsc#1162501 - CVE-2019-20446 - Denial-of-service when loading
  extremely big files, or rendering files with recursively referenced
  elements.
- Update to version 2.42.8:
  + CVE-2019-20446 - Backport the following fixes from 2.46.x:
  + #515 - Librsvg now has limits on the number of loaded XML elements,
    and the number of referenced elements within an SVG document.  This
    is to mitigate malicious SVGs which try to consume all memory, and
    those which try to consume an exponential amount of CPU time.
  + #308 - Fix stack exhaustion with circular references in <use>
    elements.
* Mon Mar 05 2018 dimstar@opensuse.org
- Update to version 2.42.3:
  + glgo#GNOME/librsvg#205: The configure script now checks for
    Rust 1.20.0. Previously this minimum requirement was not
    well-defined.
  + glgo#GNOME/librsvg#204: New feature: If an SVG has an <a> link
    element, we now generate the corresponding link when
    outputting to a Cairo PDF surface.  If you use rsvg-convert(1)
    with PDF output, <a> links in the SVG will work in the PDF.
  + glgo#GNOME/librsvg#108: New feature: support font-size:larger
    and font-size:smaller relative sizes.
  + New feature: rsvg-convert now supports SOURCE_DATE_EPOCH to
    generate reproducible output for PDFs.
  + glgo#GNOME/librsvg#197: New requirement: We now require
    Freetype2 2.9.0, which fixes font rendering bugs. The test
    reference PNGs have been regenerated with this version.
  + glgo#GNOME/librsvg#91: Fix rendering of masks and clips when
    the initial transformation has a translation component.
  + glgo#GNOME/librsvg#112: Fix: apply style attributes for all SVG
    elements, not just for the toplevel one.
  + glgo#GNOME/librsvg#161: Fix the marker angle for the last
    vertex of closed paths.
  + glgo#GNOME/librsvg#198: Fix: Make rsvg_pixbuf_from_file() and
    its derived functions work again.  Now we have tests for the
    whole public API.
  + glgo#GNOME/librsvg#143: Minor optimizations for Gaussian blurs.
  + glgo#GNOME/librsvg#201: Minor speedups in the code to parse SVG
    attributes.
  + glgo#GNOME/librsvg#178: Fix some tests that failed on 32-bit
    machines.
  + In addtion to --enable-debug/--disable-debug to control the
    Rust compilation, now you can use an environment variable
    LIBRSVG_DEBUG=yes / LIBRSVG_DEBUG=no if you wish.
  + Code moved to Rust: SVG paint servers, SVG attribute parsing.
  + We now use a Cargo workspace internally, to move more things to
    Rust.
- Add pkgconfig(freetype2) BuildRequires: New dependency.
* Wed Feb 28 2018 dimstar@opensuse.org
- Modernize spec-file by calling spec-cleaner
* Fri Feb 02 2018 bjorn.lie@gmail.com
- Update to version 2.42.2:
  + Don't crash when feConvolveMatrix doesn't specify orderx/ordery
    attributes (glgo#librsvg#193).
  + Parse stroke-dasharray property correctly. This code is in Rust
    now; yay! (glgo#librsvg#136).
  + Don't render markers if they are zero-sized, per the spec.
  + Performance: eliminate a bunch of string copies during parsing.
  + Update rust-cssparser to 0.23.
* Tue Jan 23 2018 bjorn.lie@gmail.com
- Update to version 2.42.1:
  + Parse the transform attribute in a faster/simpler way. We now
    use rust-cssparser instead of lalrpop.  This is especially
    noticeable on SVGs with lots of "transform" attributes
    (glgo#librsvg#182).
  + Don't crash when setting a gradient on a zero-sized object
    (glgo#librsvg#187).
  + Inherit attributes in the <svg> element properly
    (glgo#librsvg#181).
  + rsvg-convert - fix error reporting when reading from stdin
    (glgo#librsvg#160).
  + Fix detection of image type in "data:" URIs when they don't
    specify a MIME type (glgo#librsvg#152).
  + More stringent parsing of path data; better tests
    (glgo#librsvg#133).
  + Fix typos and links in the .md files.
* Tue Jan 09 2018 zaitor@opensuse.org
- Update to version 2.42.0:
  + Fix a memory leak in rsvg_handle_new_from_file().
  + Optimize the xml:space normalization function.
  + Fix a runtime warning in the feMergeNode code
    (glgo#GNOME/librsvg#179).
  + Clarify documentation about the rsvg_*_sub() APIs
    (glgo#GNOME/librsvg#175).
  + Stylistic fixes from cargo-clippy.
  + Port the Pango glue code to Rust.
  + New ARCHITECTURE.md with a description of librsvg's internals.
- Clean up spec, use autosetup macro.
* Wed Dec 27 2017 luc14n0@linuxmail.org
- Update to version 2.41.2:
  + Bug fixes:
  - Mis-use of libxml2 (bgo#787895).
  - Allow masks and clips to reuse a node being drawn
    (bgo#761175).
  + Fixes:
  - xml:space normalization, per the spec.
  - Bugs from Coverity runs.
  - Loading files one byte at a time.
  - Some memory leaks.
  + Don't access the file system when deciding whether to load a
    remote file with a UNC path for a paint server (i.e. don't try
    to load it at all).
  + Add:
  - Support for cross-compilation of the Rust code.
  - Verbosity to Cargo.
  + Markers now have the correct default size per the SVG spec.
  + Don't render elements that establish a viewport if their
    viewBox size is 0, per the spec.
  + SVG elements ported to Rust: image, clipPath, mask, character
    data in elements.
  + Reference documentation now have an overview of the library and
    is DocBook 5.1.
  + Expanded the test suite.
  + Lots of internal refactoring.
- Changes from version 2.41.0:
  + The big news is that parts of librsvg are now implemented in
    the Rust programming language, instead of C. The public API
    remains identical. Rust should provide us with memory safety
    and nicer built-in abstractions for the code, as well as an
    easier way to do unit tests.
  + Added an "--enable-debug" option to configure.ac - this will
    tell the Rust compiler to generate debugging code, instead of
    working in release mode. Note that you must still pass CFLAGS
    by hand by the regular means for the C code.
  + The path data parser now handles boolean values in Arc elements
    correctly.
  + Radial gradients now adjust the focus point correctly to be
    within the gradient's radius.
  + Stroke width normalization is now conformant to the spec.
  + Viewport-relative length normalization is now conformant to the
    spec.
  + Added some of the official SVG 1.1 test files to our test
    suite. Fixed a little bunch of conformance bugs.
  + Code that has been converted to Rust:  marker orientations and
    rendering, path data parser, path building, length
    normalization, gradient inheritance, bounding boxes with affine
    transformations.
  + Added tests/README.md with instructions on how to run the test
    suite and update it.
  + rsvg-test can now skip files or directories that start with
    "ignore".
  + Fixes:
  - feImage filters when they reference SVG nodes.
  - eComponentTransferFunction when there are duplicated feFuncX.
    elements.
  - Conformance bugs in gradient inheritance.
  - A few minor issues.
  + Fixed bugs: bgo#763386, bgo#603550, bgo#776297, bgo#761871,
    bgo#686953.
- Changes from version 2.41.1:
  + The feConvolveMatrix filter primitive now is working.
  + Pattern specifications can now have a fallback color, per the
    spec - https://www.w3.org/TR/SVG/painting.html#SpecifyingPaint
  + Tests now use a very basic form of reproducible font rendering.
    This means that "make check" should pass even if you have a
    custom Fontconfig setup.
  - A few cases of uninitialized struct fields.
  + Per the spec, we now don't render elements which have invalid
    attributes.
  + Don't crash in filters when one of them yields an invalid
    surface for an intermediate result.
  + Added a bunch of new test cases for the new features and the
    code converted to Rust.
  + cairo-rs 0.2.0 and lalrpop 0.13.1 are now required.
  + Fixes:
  - Recursive fallbacks in gradients.
  - Division by zero in feTile filter when the input surface is
    empty.
  - parsing of "azimuth", "elevation", "limitingConeAngle" for
    filter effects.
  + Fixed bugs: bgo#621088, bgo#587721, bgo#776932, bgo#777155,
    bgo#776297, bgo#777834, bgo#634324, bgo#783835, bgo#779489,
    bgo#782098, bgo#777833, bgo#786372, bgo#634514, bgo#785276,
    bgo#778666.
- Update Url to https://wiki.gnome.org/Projects/LibRsvg: current
  LibRsvg project's web page.
- Add BuildRequires for the following new dependencies that
  upstream's rust implementation brought: cargo, rust and rust-std.
- Add pkgconfig(cairo-png) BuildRequires: it was already being
  pulled with pkgconfig(cairo) and used, since they live in the
  same devel package.
- Add gio-unix-2.0 and gthread-2.0 pkgconfig BuildRequires: they
  were already being pulled with pkgconfig(glib-2.0) and used,
  since they all live in glib2-devel package.
- Adopt the use of %make_build rather than raw make command and
  switch %makeinstall by the preferred %make_install macros,
  following the best practices.
- Remove obsoleted %clean section since RPM does this job now and
  replace old macro for number of jobs control with %make_build
  following best practices.
- Change rsvg-thumbnailer subpackage group to
  Productivity/Graphics/Other as this is a better fit for it.
- Export -Wl,-z,noexecstack LDFLAG to avoid executable-stack
  issues. It's only a temporary flag until upstream give feedback
  (glgo#GNOME/librsvg#177).
* Wed Dec 27 2017 jengelh@inai.de
- Fix RPM groups, drop redundant %clean section,
  update summaries.
* Sat Dec 16 2017 luc14n0@linuxmail.org
- Update to version 2.40.20:
  + Allow masks and clips to reuse a node being drawn (bgo#761175).
  + Don't access the file system when deciding whether to load a
    remote file with a UNC path for a paint server (i.e. don't try
    to load it at all).
  + Fix generation of Vala bindings when compiling in read-only
    source directories.
* Thu Oct 05 2017 dimstar@opensuse.org
- Update to version 2.40.19:
  + Fix the <switch> element; it wasn't working at all.
  + Fix loading when rsvg_handle_write() is called one byte at a
    time.
  + Backported the test suite machinery from the master branch.
  + Bugs fixed: bgo#587721, bgo#621088, bgo#634324, bgo#634514,
    bgo#777155, bgo#777833, bgo#782098, bgo#785276, bgo#786372,
    bgo#787895.
- Add pkgconfig(fontconfig) and pkgconfig(pangoft2) BuildRequires:
  new dependencies verified by configure.
* Thu Jul 20 2017 zaitor@opensuse.org
- Update to version 2.40.18 (boo#1049607, CVE-2017-11464):
  + Fix division-by-zero in the Gaussian blur code (bgo#783835,
    boo#1049607, CVE-2017-11464).
  + Fix other cases of division-by-zero on fuzzed SVG files.
  + Don't crash on invalid transformation matrices.
  + Support Visual Studio 2017; generate .pc files for Meson on
    Windows.
* Mon Apr 10 2017 zaitor@opensuse.org
- Update to version 2.40.17:
  + bgo#778666: Use our own thumbnailer specification file, so
    gnome-desktop-thumbnailer can generate thumbnails outside of
    the calling process.
  + Removed some redundant code.
  + Windows build fixes.
- Split out new sub-package rsvg-thumbnailer (noarch).
* Thu Jun 09 2016 zaitor@opensuse.org
- Update to version 2.40.16:
  + Support for building the introspection files under MSVC.
  + Make the zooming options in rsvg-convert(1) work again for
    scaling the resulting image (bgo#760262).
  + Wikipedia generates equations as SVGs and renders them, but
    uses fill="currentColor". Since we don't let caller specify a
    starting state for CSS, we need to start with opaque black as
    the default current color (bgo#764808).
  + Added documentation for how to replace the deprecated
    rsvg_handle_set_size_callback().
- Drop librsvg-Fix-rsvg-convert.patch: Fixed upstream.
* Mon Apr 18 2016 zaitor@opensuse.org
- Add librsvg-Fix-rsvg-convert.patch: Actually scale the image if
  required, regression fix from upstream git (bgo#760262).
* Fri Apr 15 2016 mgorse@suse.com
- Update to GNOME 3.20  Fate#318572
* Sat Apr 02 2016 zaitor@opensuse.org
- Update to version 2.40.15:
  + Librsvg now uses the Contributor Covenant Code of Conduct,
    version 1.4, to which all contributors and maintainers are
    expected to abide. Please see the code_of_conduct.md file for
    details.
  + Fixed builds on Visual Studio pre-2012.
  + Fixed bgo#759084: Don't crash when filters don't actually
    exist.
  + Updated our autogen.sh to use modern autotools.
  + Fixed bgo#761728: Memory leak in the PrimitiveComponentTransfer
    filter.
* Fri Jan 08 2016 zaitor@opensuse.org
- Update to version 2.40.13:
  + Fixed the Windows build.
  + Added basic support for the "baseline-shift" attribute in text
    objects (bgo#340047).
  + Fixed some duplicate logic when rendering paths (bgo#749415).
  + Rewrote the markers engine (bgo#685906, bgo#760180).
* Wed Dec 02 2015 zaitor@opensuse.org
- Update to version 2.40.12:
  + Refactoring of the test harness to use Glib's gtest
    infrastructure, instead of using home-grown machinery.  Tests
    can simply be put as SVG files in the tests/subdirectories; it
    is not necessary to list them explicitly in some text file.
  + Gzipped SVGs now work if read from streams.
  + References to objects/filters/URIs/etc. are now handled lazily.
    Also, there is a general-purpose cycle detector so malformed
    SVGs don't cause infinite loops.
  + Removed parsing of Adobe blend modes; they were not
    implemented, anyway.
  + Bugs fixed: bgo#700911, bgo#630732, bgo#677068.
* Thu Oct 08 2015 zaitor@opensuse.org
- Update to version 2.40.11:
  + Add project files for building on Visual Studio (bgo#753555).
  + Added an "--export-id" option to rsvg-convert(1). This lets you
    select a single object to export, for example, to pick out a
    group from a multi-part drawing.  Note that this is mostly
    useful for PNG output right now; for SVG output we don't
    preserve many attributes which could be useful in the extracted
    version.  Doing this properly requires an internal "output to
    SVG" backend instead of just telling Cairo to render to SVG.
* Sun Aug 09 2015 zaitor@opensuse.org
- Update to version 2.40.10:
  + bgo#748608: Memory leak when Gaussian-blurring.
  + bgo#739329: Font-family attributes with singly-quoted names
    were not handled correctly, yielding incorrect fonts.
  + bgo#476507: Path start/end markers didn't have the correct
    angle if the path was a curve with coincident control points.
  + bgo#688689: Support font-style="normal" within a non-normal
    styled text block.
  + Fixed builddir != srcdir.
  + Remove a bunch of deprecated GTK+ calls.