summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Update to cssparser 0.25, which actually builds with newer Rust2.42.9librsvg-2.42Federico Mena Quintero2021-04-122-49/+15
|
* Update NEWSFederico Mena Quintero2021-04-121-0/+11
|
* Update vulnerable cratesFederico Mena Quintero2021-04-121-244/+345
| | | | | | | | | | | | | | | | | | | | | Crate: smallvec Version: 0.6.0 Title: Possible double free during unwinding in SmallVec::insert_many Date: 2018-07-19 ID: RUSTSEC-2018-0003 URL: https://rustsec.org/advisories/RUSTSEC-2018-0003 Solution: Upgrade to >=0.6.3 OR >=0.3.4, <0.4.0 OR >=0.4.5, <0.5.0 OR >=0.5.1, <0.6.0 Dependency tree: smallvec 0.6.0 └── cssparser 0.23.2 └── rsvg_internals 0.0.1 Crate: smallvec Version: 0.6.0 Warning: yanked error: 1 vulnerability found! warning: 1 allowed warning found
* Bump version to 2.42.9Federico Mena Quintero2021-04-121-1/+1
|
* Bump version to 2.42.82.42.8Federico Mena Quintero2020-02-252-1/+11
|
* Merge branch 'cve-2019-20446-2.42' into librsvg-2.42Federico Mena Quintero2020-02-2510-40/+310
|\
| * Limit the number of loaded elementsFederico Mena Quintero2020-02-254-0/+43
| | | | | | | | To avoid unbounded memory consumption from malicious files.
| * NodeUse: fix infinite loops due to recursive references of "use" elementsFederico Mena Quintero2020-02-257-18/+213
| |
| * Extract rsvg_drawing_ctx_acquire_node_ref() like in newer branchesFederico Mena Quintero2020-02-252-9/+14
| |
| * Add comment on limits for mitigating attacksFederico Mena Quintero2020-02-251-0/+23
| |
| * Increase the number of elements acquired on each acquisitionFederico Mena Quintero2020-02-251-12/+16
| |
| * Rename num_elements_rendered_through_use to num_elements_acquiredFederico Mena Quintero2020-02-254-8/+8
|/
* Update NEWS2.42.7Federico Mena Quintero2018-08-221-0/+6
|
* Clarify documentation for rsvg_handle_render_cairo() / render_cairo_sub()Federico Mena Quintero2018-08-221-5/+11
|
* rsvg-test.c: Check the return value of rsvg_handle_render_cairo()Federico Mena Quintero2018-08-221-1/+1
|
* tests/errors.c: New set of tests for reported errors from the APIFederico Mena Quintero2018-08-223-1/+259
| | | | | | Although we can't report detailed errors from the rendering functions, we do report a success/failure boolean value. Test this, at least, for problematic files.
* rsvg-convert: Exit with an error code if rendering was unsuccessfulFederico Mena Quintero2018-08-221-2/+7
|
* gitlab#323 - Limit the number of instancings through the <use> elementFederico Mena Quintero2018-08-223-5/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A pathological SVG file can do this: <svg> <defs> <rect id="foo" .../> <g id="foo1"> <use xlink:href="#foo"/> ... repeat 10 times ... </g> <g id="foo2"> <use xlink:href="#foo1"/> ... repeat 10 times ... </g> <g id="foo3"> <use xlink:href="#foo2"/> ... repeat 10 times ... </g> ... etc ... </defs> <use xlink:href="#foo17"/> </svg> This would cause about 10^17 objects to be rendered. While this does not exhaust memory (the objects are not instanced in memory), it would take a really long time to render that many objects. So, we now have a limit on up to 500,000 objects instanced through <use>. We can tweak this limit later, or the way in which it is computed; the point is that we can now detect this situation and propagate an error upstream. https://gitlab.gnome.org/GNOME/librsvg/issues/323
* Keep track of how many elements get instanced through <use> nodesFederico Mena Quintero2018-08-224-0/+17
|
* Post-release version bumpFederico Mena Quintero2018-08-071-1/+1
|
* Update rustfmt configuration2.42.6Federico Mena Quintero2018-08-0710-62/+47
|
* Update NEWSFederico Mena Quintero2018-08-071-0/+11
|
* (#292): Don't panic if we try to clip with an empty bounding boxFederico Mena Quintero2018-06-212-4/+23
| | | | https://gitlab.gnome.org/GNOME/librsvg/issues/292
* CONTRIBUTING.md: Note on formatting commit messagesFederico Mena Quintero2018-06-211-0/+28
|
* (#259): Make test fonts work for installed testsFederico Mena Quintero2018-06-201-6/+10
| | | | | | | Don't hardcode the font locations based on the SRCDIR; actually compute their locations with g_test_build_filename(). https://gitlab.gnome.org/GNOME/librsvg/issues/259
* tests: fix also VPATH build for unit tests.Jehan2018-06-111-1/+2
|
* Makefile: fix VPATH (out-of-tree) builds.Jehan2018-06-113-3/+7
| | | | | In `librsvg/rsvg.h`, the include is "librsvg-enum-types.h", which is a generated file and is therefore inside $(top_builddir)/librsvg/.
* Add test for the light source typeFederico Mena Quintero2018-06-082-0/+16
|
* (#241) rsvg_new_node_light_source() - Fix cut&paste error between ↵Federico Mena Quintero2018-06-081-2/+2
| | | | | | | | | feDistantLight and feSpotLight Sigh, I broke this and never caught it because there weren't tests for filters with light sources. https://gitlab.gnome.org/GNOME/librsvg/issues/241
* Fix find_light_source_in_children()Ivan Molodetskikh2018-06-081-1/+1
| | | | Part of (#241).
* (#282) - Don't reuse the input surface for painting feComposite's outputFederico Mena Quintero2018-06-083-18/+30
| | | | | | | | | | feComposite tried to take a shortcut if one of its inputs is an existing surface, by painting its output to that same surface. However, the overall filter may want to reuse the original surface unchanged. This was causing drop shadows, done like Inkscape's, to be mis-painted. https://gitlab.gnome.org/GNOME/librsvg/issues/282
* configure.ac: Post-release version bumpFederico Mena Quintero2018-06-041-1/+1
|
* COMPILING.md: Update to mention the RUST_TARGET environment variableFederico Mena Quintero2018-06-041-0/+11
|
* Add RUST_TARGET variableFabrice Fontaine2018-06-042-2/+7
| | | | | | | | | | | | Add RUST_TARGET environment variable through AC_ARG_VAR to allow the user to override the rust target name. Indeed, using $host when cross-compiling is not always the good option especially when vendor part of target is not set to unknown but to another value such as buildroot. Indeed, in this case aarch64-buildroot-linux-gnu won't be recognised as a valid target by rust/cargo. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
* Punctuation fix.Federico Mena Quintero2018-06-041-1/+1
|
* Remind people that github will delete their pull requestsFederico Mena Quintero2018-06-041-0/+4
|
* Update NEWS2.42.5Federico Mena Quintero2018-06-011-0/+2
|
* (#266) - Don't ignore the results of filters with errors in attributesFederico Mena Quintero2018-06-016-2/+208
| | | | | | | | | | | The only remaining C nodes are filters. The NodeTrait implementation of CNode::set_atts() was returning Ok(()) always, even if the C code had called rsvg_node_set_attribute_parse_error(). Instead, actually return that error result so the rest of the code will know about it. Additionally, don't render filter primitives that are in error. https://gitlab.gnome.org/GNOME/librsvg/issues/266
* Update NEWSFederico Mena Quintero2018-06-011-0/+7
|
* configure.ac: Bump version to 2.42.5Federico Mena Quintero2018-06-011-1/+1
|
* CONTRIBUTING.md: Note on how to install/update rustfmtFederico Mena Quintero2018-06-011-4/+20
|
* Update .gitlab-ci.yml from masterFederico Mena Quintero2018-06-011-22/+17
|
* Write test artifacts to tests/outputSaurav Sachidanand2018-06-013-8/+24
|
* rustfmt - and update its configurationFederico Mena Quintero2018-06-0117-118/+147
|
* (#276) - Guard against getting a cairo_t in an error state at the toplevel APIFederico Mena Quintero2018-06-012-0/+38
| | | | | | | | | | | | | | | | | | The cairo-dock program was passing a cairo_t in an error state to rsvg_handle_render_cairo(), and so we failed deep in the innards of librsvg when cairo-rs validates the cairo::Context's status. Cairo-dock was doing something like surf = cairo_image_surface_create (... an invalid size ...); cr = cairo_create (surf); rsvg_handle_render_cairo (handle, cr); // we now catch the error right here We catch invalid cr's, emit a warning, and return FALSE from rsvg_handle_render_cairo*(). https://gitlab.gnome.org/GNOME/librsvg/issues/276
* COMPILING.md: Note on how to run `make distcheck` so it will workFederico Mena Quintero2018-06-011-0/+17
|
* Add missing source file to Makefile.am2.42.4Federico Mena Quintero2018-05-071-0/+1
|
* Update NEWSFederico Mena Quintero2018-05-071-1/+2
|
* cond.rs: Use AsciiExt to maintain backwards compatibility.Jordan Petridis2018-05-071-0/+3
| | | | | | | | | | | In rustc 1.23 the "eq_ignore_ascii_case" method of the AsciiExt was implemented directly for the types u8, chat, [u8] and str. This causes the code to built fine with 1.23+ version of rustc but failling for the v1.21 and v1.22 as the method does not exitst. This patch imports the AsciiExt Trait and ignores the compiler warning that would be produced when compiling with 1.23+ version about an unused import.
* RsvgHandle: Document the preferred way to load SVGs from memoryFederico Mena Quintero2018-05-071-0/+12
| | | | https://gitlab.gnome.org/GNOME/librsvg/issues/98
View Lorry Controller Status