From c5a78cd4e3c0673d358305ea1ad663cf087b44b1 Mon Sep 17 00:00:00 2001
From: Armin Kuster <akuster@mvista.com>
Date: Tue, 3 May 2016 06:33:36 -0700
Subject: librsvg: Security fixes via update to 2.40.15

CVE-2016-4347 librsvg2: DoS parsing SVGs with circular definitions in certain rsvg_cairo_*() functions

CVE-2016-4348 librsvg2: DoS parsing SVGs with circular definitions _rsvg_css_normalize_font_size() function

(From OE-Core rev: 76f061c91fd00370e33bfc3d45ff98d8b3f63c41)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
 meta/recipes-gnome/librsvg/librsvg_2.40.13.bb | 45 ---------------------------
 meta/recipes-gnome/librsvg/librsvg_2.40.15.bb | 45 +++++++++++++++++++++++++++
 2 files changed, 45 insertions(+), 45 deletions(-)
 delete mode 100644 meta/recipes-gnome/librsvg/librsvg_2.40.13.bb
 create mode 100644 meta/recipes-gnome/librsvg/librsvg_2.40.15.bb

(limited to 'meta/recipes-gnome')

diff --git a/meta/recipes-gnome/librsvg/librsvg_2.40.13.bb b/meta/recipes-gnome/librsvg/librsvg_2.40.13.bb
deleted file mode 100644
index 2ac52f7797..0000000000
--- a/meta/recipes-gnome/librsvg/librsvg_2.40.13.bb
+++ /dev/null
@@ -1,45 +0,0 @@
-SUMMARY = "Library for rendering SVG files"
-HOMEPAGE = "http://ftp.gnome.org/pub/GNOME/sources/librsvg/"
-BUGTRACKER = "https://bugzilla.gnome.org/"
-
-LICENSE = "LGPLv2+"
-LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
-                    file://rsvg.h;beginline=3;endline=24;md5=20b4113c4909bbf0d67e006778302bc6"
-
-SECTION = "x11/utils"
-DEPENDS = "cairo gdk-pixbuf glib-2.0 libcroco libxml2 pango"
-BBCLASSEXTEND = "native"
-
-inherit autotools pkgconfig gnomebase gtk-doc pixbufcache upstream-version-is-even gobject-introspection
-
-SRC_URI += "file://gtk-option.patch"
-
-SRC_URI[archive.md5sum] = "ad03780e12c56e52474d8edf86976c73"
-SRC_URI[archive.sha256sum] = "4d6ea93ec05f5dabe7262d711d246a0a99b2311e215360dd3dcabd6afe3b9804"
-
-CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders"
-
-# The older ld (2.22) on the host (Centos 6.5) doesn't have the
-# -Bsymbolic-functions option, we can disable it for native.
-EXTRA_OECONF_append_class-native = " --enable-Bsymbolic=auto"
-
-PACKAGECONFIG ??= "gdkpixbuf"
-# The gdk-pixbuf loader
-PACKAGECONFIG[gdkpixbuf] = "--enable-pixbuf-loader,--disable-pixbuf-loader,gdk-pixbuf-native"
-# GTK+ test application (rsvg-view)
-PACKAGECONFIG[gtk] = "--with-gtk3,--without-gtk3,gtk+3"
-
-do_install_append() {
-	# Loadable modules don't need .a or .la on Linux
-	rm -f ${D}${libdir}/gdk-pixbuf-2.0/*/loaders/*.a ${D}${libdir}/gdk-pixbuf-2.0/*/loaders/*.la
-}
-
-PACKAGES =+ "librsvg-gtk rsvg"
-FILES_rsvg = "${bindir}/rsvg* \
-	      ${datadir}/pixmaps/svg-viewer.svg \
-	      ${datadir}/themes"
-FILES_librsvg-gtk = "${libdir}/gdk-pixbuf-2.0/*/*/*.so"
-
-PIXBUF_PACKAGES = "librsvg-gtk"
-
-PIXBUFCACHE_SYSROOT_DEPS_append_class-native = " harfbuzz-native:do_populate_sysroot_setscene pango-native:do_populate_sysroot_setscene icu-native:do_populate_sysroot_setscene"
diff --git a/meta/recipes-gnome/librsvg/librsvg_2.40.15.bb b/meta/recipes-gnome/librsvg/librsvg_2.40.15.bb
new file mode 100644
index 0000000000..caa6a24c9e
--- /dev/null
+++ b/meta/recipes-gnome/librsvg/librsvg_2.40.15.bb
@@ -0,0 +1,45 @@
+SUMMARY = "Library for rendering SVG files"
+HOMEPAGE = "http://ftp.gnome.org/pub/GNOME/sources/librsvg/"
+BUGTRACKER = "https://bugzilla.gnome.org/"
+
+LICENSE = "LGPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
+                    file://rsvg.h;beginline=3;endline=24;md5=20b4113c4909bbf0d67e006778302bc6"
+
+SECTION = "x11/utils"
+DEPENDS = "cairo gdk-pixbuf glib-2.0 libcroco libxml2 pango"
+BBCLASSEXTEND = "native"
+
+inherit autotools pkgconfig gnomebase gtk-doc pixbufcache upstream-version-is-even gobject-introspection
+
+SRC_URI += "file://gtk-option.patch"
+
+SRC_URI[archive.md5sum] = "3a66ab5b4fe1fb43b471708e4ff39a0e"
+SRC_URI[archive.sha256sum] = "d9cac4a123eec6e553a26e120979bab7425def9ae7ce7c079eba5e4a45db05f4"
+
+CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders"
+
+# The older ld (2.22) on the host (Centos 6.5) doesn't have the
+# -Bsymbolic-functions option, we can disable it for native.
+EXTRA_OECONF_append_class-native = " --enable-Bsymbolic=auto"
+
+PACKAGECONFIG ??= "gdkpixbuf"
+# The gdk-pixbuf loader
+PACKAGECONFIG[gdkpixbuf] = "--enable-pixbuf-loader,--disable-pixbuf-loader,gdk-pixbuf-native"
+# GTK+ test application (rsvg-view)
+PACKAGECONFIG[gtk] = "--with-gtk3,--without-gtk3,gtk+3"
+
+do_install_append() {
+	# Loadable modules don't need .a or .la on Linux
+	rm -f ${D}${libdir}/gdk-pixbuf-2.0/*/loaders/*.a ${D}${libdir}/gdk-pixbuf-2.0/*/loaders/*.la
+}
+
+PACKAGES =+ "librsvg-gtk rsvg"
+FILES_rsvg = "${bindir}/rsvg* \
+	      ${datadir}/pixmaps/svg-viewer.svg \
+	      ${datadir}/themes"
+FILES_librsvg-gtk = "${libdir}/gdk-pixbuf-2.0/*/*/*.so"
+
+PIXBUF_PACKAGES = "librsvg-gtk"
+
+PIXBUFCACHE_SYSROOT_DEPS_append_class-native = " harfbuzz-native:do_populate_sysroot_setscene pango-native:do_populate_sysroot_setscene icu-native:do_populate_sysroot_setscene"
-- 
cgit 1.2.3-korg