librsvg: security bump to version 2.40.20

Message ID	aaf6ad8dfb35b1dee1bcfaa1f00bb50f19fbcbf9.1518465751.git.baruch@tkos.co.il
State	Accepted
Headers	show Return-Path: <buildroot-bounces@busybox.net> From: Baruch Siach <baruch@tkos.co.il> To: buildroot@busybox.net Date: Mon, 12 Feb 2018 22:02:31 +0200 Message-Id: <aaf6ad8dfb35b1dee1bcfaa1f00bb50f19fbcbf9.1518465751.git.baruch@tkos.co.il> Subject: [Buildroot] [PATCH] librsvg: security bump to version 2.40.20 Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" <buildroot-bounces@busybox.net>
Series	librsvg: security bump to version 2.40.20 \| expand librsvg: security bump to version 2.40.20

Message ID

aaf6ad8dfb35b1dee1bcfaa1f00bb50f19fbcbf9.1518465751.git.baruch@tkos.co.il

State

Accepted

Headers

From: Baruch Siach <baruch@tkos.co.il>
To: buildroot@busybox.net
Date: Mon, 12 Feb 2018 22:02:31 +0200
Message-Id: <aaf6ad8dfb35b1dee1bcfaa1f00bb50f19fbcbf9.1518465751.git.baruch@tkos.co.il>
Subject: [Buildroot] [PATCH] librsvg: security bump to version 2.40.20
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Series

librsvg: security bump to version 2.40.20 | expand

Commit Message

Baruch Siach Feb. 12, 2018, 8:02 p.m. UTC

Fixes CVE-2018-1000041: information disclosure via a crafted SVG file.

Bump to the latest (maybe last) release in the 2.40.x series. Newer
versions require a Rust compiler.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
 package/librsvg/librsvg.hash | 4 ++--
 package/librsvg/librsvg.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

Comments

Thomas Petazzoni Feb. 13, 2018, 9:23 p.m. UTC | #1

Hello,

On Mon, 12 Feb 2018 22:02:31 +0200, Baruch Siach wrote:
> Fixes CVE-2018-1000041: information disclosure via a crafted SVG file.
> 
> Bump to the latest (maybe last) release in the 2.40.x series. Newer
> versions require a Rust compiler.

Dammit, SVG libraries will now require having a Rust compiler around...

> 
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
>  package/librsvg/librsvg.hash | 4 ++--
>  package/librsvg/librsvg.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)

Anyway, applied to master, thanks!

Thomas

Peter Korsgaard April 10, 2018, 8:46 p.m. UTC | #2

>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:

 > Fixes CVE-2018-1000041: information disclosure via a crafted SVG file.
 > Bump to the latest (maybe last) release in the 2.40.x series. Newer
 > versions require a Rust compiler.

 > Signed-off-by: Baruch Siach <baruch@tkos.co.il>

Committed to 2017.02.x, thanks.

diff --git a/package/librsvg/librsvg.hash b/package/librsvg/librsvg.hash
index 9ab798120f92..6f4b07423a28 100644
--- a/package/librsvg/librsvg.hash
+++ b/package/librsvg/librsvg.hash
@@ -1,2 +1,2 @@ 
-# From http://ftp.gnome.org/pub/gnome/sources/librsvg/2.40/librsvg-2.40.18.sha256sum
-sha256	bfc8c488c89c1e7212c478beb95c41b44701636125a3e6dab41187f1485b564c	librsvg-2.40.18.tar.xz
+# From http://ftp.gnome.org/pub/gnome/sources/librsvg/2.40/librsvg-2.40.20.sha256sum
+sha256	cff4dd3c3b78bfe99d8fcfad3b8ba1eee3289a0823c0e118d78106be6b84c92b	librsvg-2.40.20.tar.xz
diff --git a/package/librsvg/librsvg.mk b/package/librsvg/librsvg.mk
index c8afdfd69fff..4f563ce6dbe7 100644
--- a/package/librsvg/librsvg.mk
+++ b/package/librsvg/librsvg.mk
@@ -5,7 +5,7 @@ 
 ################################################################################
 
 LIBRSVG_VERSION_MAJOR = 2.40
-LIBRSVG_VERSION = $(LIBRSVG_VERSION_MAJOR).18
+LIBRSVG_VERSION = $(LIBRSVG_VERSION_MAJOR).20
 LIBRSVG_SITE = http://ftp.gnome.org/pub/gnome/sources/librsvg/$(LIBRSVG_VERSION_MAJOR)
 LIBRSVG_SOURCE = librsvg-$(LIBRSVG_VERSION).tar.xz
 LIBRSVG_INSTALL_STAGING = YES

librsvg: security bump to version 2.40.20

Commit Message

Comments

Patch