From 01415f11a64f825d8fd9f340211941de534fb368e3b21fed02894f25c4e7f019 Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Wed, 6 Sep 2023 09:37:21 +0000 Subject: [PATCH 1/3] - Update to 2.7.0 (bsc#1209538, CVE-2023-27586) in changes OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-CairoSVG?expand=0&rev=29 --- python-CairoSVG.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python-CairoSVG.changes b/python-CairoSVG.changes index 538c00f..5a3cd6b 100644 --- a/python-CairoSVG.changes +++ b/python-CairoSVG.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- Tue May 9 06:33:14 UTC 2023 - Daniel Garcia -- Update to 2.7.0: +- Update to 2.7.0 (bsc#1209538, CVE-2023-27586): WARNING: this is a security update. When processing SVG files, CairoSVG could access other files online, From feb430861631dbbe1972ef02bcdbe8fba6796d99c41b4d660832335c0cd3c948 Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Wed, 6 Sep 2023 10:13:30 +0000 Subject: [PATCH 2/3] - Update to 2.7.1: * Don't draw clipPath when defined after reference * Handle evenodd fill rule with gradients and patterns * Fix ratio and clip for "image" tags with no size * Handle data-URLs in safe mode * Use f-strings OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-CairoSVG?expand=0&rev=30 --- CairoSVG-2.7.0.obscpio | 3 --- CairoSVG-2.7.1.obscpio | 3 +++ CairoSVG.obsinfo | 6 +++--- _service | 6 +++--- python-CairoSVG.changes | 10 ++++++++++ python-CairoSVG.spec | 2 +- 6 files changed, 20 insertions(+), 10 deletions(-) delete mode 100644 CairoSVG-2.7.0.obscpio create mode 100644 CairoSVG-2.7.1.obscpio diff --git a/CairoSVG-2.7.0.obscpio b/CairoSVG-2.7.0.obscpio deleted file mode 100644 index 86ee4e0..0000000 --- a/CairoSVG-2.7.0.obscpio +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:785ec7af79d9915d555ecd4b154621948779e174b9ccc2bb292f4ace6cf4a057 -size 262793742 diff --git a/CairoSVG-2.7.1.obscpio b/CairoSVG-2.7.1.obscpio new file mode 100644 index 0000000..5ba6cde --- /dev/null +++ b/CairoSVG-2.7.1.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c995ce168b987685aacd185899ca887e3313987873e9dcdcc6c65ccf24286352 +size 262794254 diff --git a/CairoSVG.obsinfo b/CairoSVG.obsinfo index 61e6345..f136707 100644 --- a/CairoSVG.obsinfo +++ b/CairoSVG.obsinfo @@ -1,4 +1,4 @@ name: CairoSVG -version: 2.7.0 -mtime: 1679322684 -commit: 33007d4af9195e2bfb2ff9af064c4c2d8e4b2b53 +version: 2.7.1 +mtime: 1691225852 +commit: 0abf992fb701a26c544be9589f06892535834289 diff --git a/_service b/_service index 987a2d1..0de4d3d 100644 --- a/_service +++ b/_service @@ -1,9 +1,9 @@ - + https://github.com/Kozea/CairoSVG.git git enable - 33007d4af9195e2bfb2ff9af064c4c2d8e4b2b53 + 0abf992fb701a26c544be9589f06892535834289 @PARENT_TAG@ @@ -11,5 +11,5 @@ *.tar xz - + diff --git a/python-CairoSVG.changes b/python-CairoSVG.changes index 5a3cd6b..3eb1e2e 100644 --- a/python-CairoSVG.changes +++ b/python-CairoSVG.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Wed Sep 6 10:08:53 UTC 2023 - Daniel Garcia + +- Update to 2.7.1: + * Don't draw clipPath when defined after reference + * Handle evenodd fill rule with gradients and patterns + * Fix ratio and clip for "image" tags with no size + * Handle data-URLs in safe mode + * Use f-strings + ------------------------------------------------------------------- Tue May 9 06:33:14 UTC 2023 - Daniel Garcia diff --git a/python-CairoSVG.spec b/python-CairoSVG.spec index 5d2f17c..a8564c9 100644 --- a/python-CairoSVG.spec +++ b/python-CairoSVG.spec @@ -19,7 +19,7 @@ %define skip_python2 1 %{?sle15_python_module_pythons} Name: python-CairoSVG -Version: 2.7.0 +Version: 2.7.1 Release: 0 Summary: A Python SVG converter based on Cairo License: LGPL-3.0-or-later From 3d2fea72d7027fd305302a34a7c5f1bdbbbd26d459e3330f3c1869257df53210 Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Wed, 6 Sep 2023 10:44:31 +0000 Subject: [PATCH 3/3] - Add bug number to version 2.5.1 (bsc#1180648, CVE-2021-21236) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-CairoSVG?expand=0&rev=31 --- python-CairoSVG.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python-CairoSVG.changes b/python-CairoSVG.changes index 3eb1e2e..1dc6eb2 100644 --- a/python-CairoSVG.changes +++ b/python-CairoSVG.changes @@ -52,7 +52,7 @@ Thu Aug 12 12:01:51 UTC 2021 - John Paul Adrian Glaubitz -- Update to version 2.5.1. +- Update to version 2.5.1 (bsc#1180648, CVE-2021-21236): * Security fix: When processing SVG files, CairoSVG was using two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provided a malicious