e7988c7060
Fix CVE-2023-38633: A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. https://gitlab.gnome.org/GNOME/librsvg/-/blob/2.50.9/NEWS Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
35 lines
1.2 KiB
Makefile
35 lines
1.2 KiB
Makefile
################################################################################
|
|
#
|
|
# librsvg
|
|
#
|
|
################################################################################
|
|
|
|
LIBRSVG_VERSION_MAJOR = 2.50
|
|
LIBRSVG_VERSION = $(LIBRSVG_VERSION_MAJOR).9
|
|
LIBRSVG_SITE = https://download.gnome.org/sources/librsvg/$(LIBRSVG_VERSION_MAJOR)
|
|
LIBRSVG_SOURCE = librsvg-$(LIBRSVG_VERSION).tar.xz
|
|
LIBRSVG_INSTALL_STAGING = YES
|
|
LIBRSVG_CONF_ENV = \
|
|
LIBS=$(TARGET_NLS_LIBS) \
|
|
RUST_TARGET=$(RUSTC_TARGET_NAME)
|
|
LIBRSVG_CONF_OPTS = --disable-pixbuf-loader --disable-tools
|
|
HOST_LIBRSVG_CONF_OPTS = --enable-introspection=no
|
|
LIBRSVG_DEPENDENCIES = cairo host-gdk-pixbuf gdk-pixbuf host-rustc libglib2 libxml2 pango \
|
|
$(TARGET_NLS_DEPENDENCIES)
|
|
HOST_LIBRSVG_DEPENDENCIES = host-cairo host-gdk-pixbuf host-libglib2 host-libxml2 host-pango host-rustc
|
|
LIBRSVG_LICENSE = LGPL-2.1+
|
|
LIBRSVG_LICENSE_FILES = COPYING.LIB
|
|
LIBRSVG_CPE_ID_VENDOR = gnome
|
|
# We're patching gdk-pixbuf-loader/Makefile.am
|
|
LIBRSVG_AUTORECONF = YES
|
|
|
|
ifeq ($(BR2_PACKAGE_GOBJECT_INTROSPECTION),y)
|
|
LIBRSVG_CONF_OPTS += --enable-introspection
|
|
LIBRSVG_DEPENDENCIES += gobject-introspection
|
|
else
|
|
LIBRSVG_CONF_OPTS += --disable-introspection
|
|
endif
|
|
|
|
$(eval $(autotools-package))
|
|
$(eval $(host-autotools-package))
|