Ubuntu
librsvg package

librsvg ftbfs in the jammy release pocket

Bug #1976259 reported by Matthias Klose on 2022-05-30

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	librsvg (Ubuntu)	Fix Released	High	Sebastien Bacher

Bug Description

as seen in a test rebuild, this package fails to build in the jammy release pocket (note the log behind the link might go away):

https://launchpadlibrarian.net/604216345/buildlog_ubuntu-jammy-i386.librsvg_2.52.5+dfsg-3_BUILDING.txt.gz

test url_resolver::tests::allows_relative ... ok

failures:

---- transform::tests::parses_transform_list stdout ----
thread 'transform::tests::parses_transform_list' panicked at 'assertion failed: t1.y0.approx_eq(t2.y0, (epsilon, 1))', src/transform.rs:716:9

---- transform::tests::parses_valid_transform stdout ----
thread 'transform::tests::parses_valid_transform' panicked at 'assertion failed: t1.y0.approx_eq(t2.y0, (epsilon, 1))', src/transform.rs:716:9

failures:
transform::tests::parses_transform_list
transform::tests::parses_valid_transform

test result: FAILED. 254 passed; 2 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.02s

error: test failed, to rerun pass '--lib'
make[5]: *** [Makefile:1537: check-local] Error 101

Tags:

CVE References

2023-38633

Matthias Klose (doko) on 2022-05-30

tags:

added: ftbfs rls-jj-incoming

Sebastien Bacher (seb128) on 2022-05-31

Changed in librsvg (Ubuntu):
importance:	Undecided → High
status:	New → Triaged

Sebastien Bacher (seb128) on 2022-05-31

Changed in librsvg (Ubuntu):
assignee:	nobody → Sebastien Bacher (seb128)
tags:	removed: rls-jj-incoming

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-08-01:

This bug was fixed in the package librsvg - 2.52.5+dfsg-3ubuntu0.2

---------------
librsvg (2.52.5+dfsg-3ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Arbitrary file read when xinclude href has special
    characters
    - debian/patches/CVE-2023-38633.patch: validate URLs in
      include/librsvg/rsvg.h, src/error.rs, src/lib.rs,
      src/url_resolver.rs, tests/*.
    - CVE-2023-38633
  * Don't fail the build on tests error for i386 (LP: #1976259)

-- Marc Deslauriers <email address hidden> Fri, 28 Jul 2023 08:55:53 -0400

Changed in librsvg (Ubuntu):
status:	Triaged → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulibrsvg package