Fix information disclosure vulnerability (CVE-2013-1881, bug #486600, thanks to Agostino Sarubbo). Drop vulnerable version.

Package-Manager: portage-2.2.7/cvs/Linux x86_64
Manifest-Sign-Key: 0xCF0ADD61

6 files changed, 386 insertions, 21 deletions

diff --git a/gnome-base/librsvg/ChangeLog b/gnome-base/librsvg/ChangeLog
index 7fcd92dd91f5..e63f29aefe0c 100644
--- a/gnome-base/librsvg/ChangeLog
+++ b/gnome-base/librsvg/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for gnome-base/librsvg
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/gnome-base/librsvg/ChangeLog,v 1.310 2013/09/30 21:57:30 pacho Exp $
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/librsvg/ChangeLog,v 1.311 2013/10/01 17:57:25 tetromino Exp $
+
+*librsvg-2.36.4-r1 (01 Oct 2013)
+
+  01 Oct 2013; Alexandre Rostovtsev <tetromino@gentoo.org>
+  +librsvg-2.36.4-r1.ebuild, -librsvg-2.37.0.ebuild,
+  +files/librsvg-2.36.4-resource-uri-1.patch,
+  +files/librsvg-2.36.4-resource-uri-2.patch,
+  +files/librsvg-2.36.4-resource-uri-3.patch:
+  Fix information disclosure vulnerability (CVE-2013-1881, bug #486600, thanks
+  to Agostino Sarubbo). Drop vulnerable version.
 
 *librsvg-2.39.0 (30 Sep 2013)
 
diff --git a/gnome-base/librsvg/Manifest b/gnome-base/librsvg/Manifest
index c922de28d180..861d9a98c50f 100644
--- a/gnome-base/librsvg/Manifest
+++ b/gnome-base/librsvg/Manifest
@@ -2,18 +2,24 @@
 Hash: SHA256
 
 AUX librsvg-2.36.0-rsvg-view-automagic.patch 1955 SHA256 74577e5f2d0f3de93d3e66f194310d591d66d69581ac6586f44be78ced85e185 SHA512 30e259916ac7d969001350576719de6865e48b0d482028a37a61ecc88e3e33d68eadc31e7933e455490aa226609ddd0236a22c5b8b2af37da9b04158cc5de993 WHIRLPOOL 198850d5a23958919f891269746590f9076b3d3f731c2a4ea6b1e9e0d9023cc8c63769c9ca3eaad5b2586fa4e31e4505a8a87d802102ffceb642e62b3c7bdbfc
+AUX librsvg-2.36.4-resource-uri-1.patch 3668 SHA256 1feffc8fc503971b87157d8d05fb957912c256eb094615f9f5c649ece991b565 SHA512 ae9b171cf0c9e76ce6d2099df90e15671e834e47d8cbcd48ac742521c1a3f68209cc275424a1aa987aff4ceb0a6c9657c148facd41d87c34bd916ea37b013ddf WHIRLPOOL 0d54e10bc06ec72121637083101b28f1c9b0479c6c7542fdec4a5f8f6d0d41f82110f5b20cd9b7d7838a50d9f8ed4e576c2e27ed1aa71a30a84d4181ea0fb941
+AUX librsvg-2.36.4-resource-uri-2.patch 2423 SHA256 00ab1759bdaef45083c30f4b1744555487819774edda4a7aec1165e6a010765a SHA512 8f81b68f92a0dd071021c231c75dc2b8397edc27c77868bce9742ad7dec2ee9f9048656b816932466a271ce499551376573fabefd6e76c42bf44c2f8ededab51 WHIRLPOOL 802477a1c112a6f7fc22dfb658369754c2799bb2730aafa8aa1af960b4f79942c9d1b3059fc7fa4bb50c582f5dd1f292c889bd8ba0575ea44c26d45ee96d6000
+AUX librsvg-2.36.4-resource-uri-3.patch 4543 SHA256 512ff5ace57cc2b40e42128cbe8c9653562c0501593c09b84ec105d56da5ca4d SHA512 60307bbdbcf8e597027b2f7cf7606afafc52855ed09d7fcff42de09cd8522d3bbe468d85a85cd915f81fdb82895565931706a7f8572fe65f31111883e7e68a60 WHIRLPOOL 4ecf3dac3b808eee0cacba6618f3fe75ba2ead09c51b961da68f4d1a4ebc915557220285466b0f31b4ad052a769215b8b1359496a79d6861ed06bed931dd9a30
 DIST librsvg-2.36.4.tar.xz 513028 SHA256 1021935204798f4f0ad3004a09b583668ea94a48593461b147fdcff68a18e6c2 SHA512 447435b2fab0ca7147b68c02a622df8049d56844360e8e361bf5abfbec12c33d46393bad3c099c2819f68d1b7595616d1f35d2cea58ee94d873c1c34e9362d37 WHIRLPOOL 9d8f0f09279be182e061f6b2e0a43d89f62ba5e0aa253373f70266865125b246fd683ed42b134a55e86ebb808bba10207ecc661e1b47e50ce29456d2cdf40a1c
-DIST librsvg-2.37.0.tar.xz 515416 SHA256 06c57dbcb29369d147b4e6ff4257c42ae5120c504c30fb567a27034ee30fd835 SHA512 ba7207258503467cd8ffa041b216800bd558ad57c0868ff03309a1d6fd58757e9e28d9cd29106cb1f9fb3b349c58335cdf40a923a0856df870f1c3a279080265 WHIRLPOOL 98ee4730b4e77851fe3728e0339478b3684e5ac4c7bc954e91cc1bbbbf596360ab93dd359dbf42507fe8a3a4af99ce59e4a84bb75a482665d2b11598764125dd
 DIST librsvg-2.39.0.tar.xz 519088 SHA256 aa47dcde0128eee6e3595d203bc673d9c27389588842f401bf585f31fc65095f SHA512 14e3224c2fad8c92beabce9b486d8cc94e288db5d7d0bda9016fa953ad31456f3934ad847dc7288185fcba840731c25c2eca75288cb2518d2d501abea9ecd98d WHIRLPOOL 3348a50701b3661cb96de039f868c21a319752e2f014329b2ab77bcf6d66ebba1b553f7d10334146a4c3f96d4c0e26defbd02424b8f1deae0483d59e5a3ede50
+EBUILD librsvg-2.36.4-r1.ebuild 2506 SHA256 f3a657dd343ffbb6afb56a25e0adbe53ec1a948c3cbf0fee196394b3024aac72 SHA512 929a91bd31f90be5af8a9da9d96108f485aad4f94dbd284f1c07eed62e814daa02885246f41e6e7b693893b25857a5172135927babf28b531508569cd0f05ccd WHIRLPOOL 1d0799080eb2a3d4ace01032f452c14878ad0cfef41835ea1d1175f0e7b307c227e7d8b172e34cc74a51cdeda26a87296f947813125437dfa29d1896f9ad20e4
 EBUILD librsvg-2.36.4.ebuild 2303 SHA256 c07919618db34c85547406552ea3083dee4122f6ebcb93df7e09fd10ef1d400b SHA512 e92b3942f8b8cfb3a944edacc0e742c91cc06ae8caebbc98e3d7038f95a8670e1f466dbcdbc100a8893754eefeb0b609283257d5e97d8a4ae852a8889024a340 WHIRLPOOL 2872351cc1b3de3751facc8598a1cefc3adcc0cadf19921878b973747ae0ecd9c846191f24eb7e1103408e8cb78c29665ec6c15a13edf348fa7464caf4e9c899
-EBUILD librsvg-2.37.0.ebuild 2317 SHA256 125d746ec94ceb18035d0aefbf66814ed3d76369a1e9952c40bdc8274e3f7ae0 SHA512 a779766112b319bc3618d9d2103f1bdd4a8410d3d1c18b36b4fde023426efaf44ea081e3a840249bfbe30b0028dd8b5f65b09e8d2ae78138e28d35d0ebb0a12c WHIRLPOOL d439830568ff7df1b9123a16dccc72bddaa8c77a080ecd31376762182d95a44c54f4b8a56d97daaca9fefc4c4008dbaf3fee072437b057f3e8ad31f13d33c873
 EBUILD librsvg-2.39.0.ebuild 2304 SHA256 3072c6ebca1ca6f4a52a348c388395a875324ad14cef2b34c58af81022f463ac SHA512 e99daa46d3a9442607a0cacb4a1a3f05ece33b8da6d83250c8acaf464d2bf1dfa0dda5e846611880c9898b20b24ddeae8aa32b2bb397e8eefddd7998e207fbe6 WHIRLPOOL 389f27835922b0d5cf9973f3744f1094ad4ddf86f2b85b46e1f287aadf0698c9b086757974e5c25ddeb3622658e67123b8b259939fb6f6ff26181c2ed7174d23
-MISC ChangeLog 40534 SHA256 3fd27c743dea1c4bc1b605ed0350e85a3a176468b4da26b5243ca4f9eab84902 SHA512 419343a5aa8489fc1c7ff948f82c705b4f61228dfc8668e3b9c26edbddfeb90f39bedbd743812ba97adc3728edd695771e25f3c1c1aa93d3dd575787cea1634a WHIRLPOOL b81eb551a4c754b03f044be28ada0b438140af29a57628dd129c47f8f5cd5c8adc23513aca4122b1060af6d766d4b077fffe8cd353530d383bcab8d717df3da3
+MISC ChangeLog 40951 SHA256 16969ceac76b2ecfcac0c16d0ec83651b915779cdf20d69152e1b2ae85769e98 SHA512 bd825b181bc4aed23b139a9fc58042988efa1ea841078f41a4b19a994557ae7b2671f3d9c4628bfa04f275ac70f262a73737a317a6864b94444a51357918bc7a WHIRLPOOL bfaf1d2362d05bdc63314dbc611adbc5ae4c86ac5e78e5f5700953815118758eda3ecf2fa0b10f287d660e9eed57e16851b5e8f8ec261ba69a2287729eed030d
 MISC metadata.xml 395 SHA256 7f63e0973cef8b5da30264661e4bf924bdd228b26d0301760a70474d6a9a6945 SHA512 9dba6907b92f041a26e18cad46d3080120e19231c09eca5f76d80321a59806b049e56b9fce0ea729603d590609aa92b68de98a47937780ef8e67213cf89f119e WHIRLPOOL a735011b1461245244b67939ab7415401847c4d034ac14b2784538e5143eeacd4649f3a735901e7761bd200531ccf87dcf2578a014473ec79c9b1ac258666669
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.20 (GNU/Linux)
+Version: GnuPG v2.0.21 (GNU/Linux)
 
-iEYEAREIAAYFAlJJ88wACgkQCaWpQKGI+9R2NACcC+Ozx1vOvFj82yuDGNrQqgXC
-3noAn0bGubp2WBcaA6vMxyRuD5UNmjbk
-=LCRD
+iQEcBAEBCAAGBQJSSw0gAAoJEJ0WA1zPCt1hqA0IAKknrULYIdmki362PXfpx4+E
+dq80phmnIZfiQAZ/Qn7DwbCJJobGtJZUmlPlZXEQogoQkjYHWY1gIuz5JCtE0u0C
+8OUu8RXDfG2ct5xlBOkzKtOrmjTYfqTvr289F1Ad3gYh7ha9632rltFGU7GXO3FO
+7DPeKRYVK6oh5f5zIUiIyTMJB0vQFQFTIov8QFmOGg7bvP+lK5Tis9TuRqybGRoI
+m3z6Vd7MeZXj4Msfuw/W1kvdqtTXoH8NZDxN16gT3WAUdiP9vbFrMr8MX4Ft2SiF
+Jp24LLUw7i4loQ5T3mdC/EO1DWKA5T82IkwOaZx6o2rJIq/Z26MXl4cguu5BcsI=
+=15iQ
 -----END PGP SIGNATURE-----
diff --git a/gnome-base/librsvg/files/librsvg-2.36.4-resource-uri-1.patch b/gnome-base/librsvg/files/librsvg-2.36.4-resource-uri-1.patch
new file mode 100644
index 000000000000..4cf6efbf1e1e
--- /dev/null
+++ b/gnome-base/librsvg/files/librsvg-2.36.4-resource-uri-1.patch
@@ -0,0 +1,117 @@
+From 56d0018d911eb5783f22125d9893fce075778c64 Mon Sep 17 00:00:00 2001
+From: Christian Persch <chpe@gnome.org>
+Date: Sun, 3 Mar 2013 20:32:09 +0100
+Subject: [PATCH 1/3] io: Resolve relative URIs
+
+---
+ rsvg-base.c | 81 ++++++++++++++++++++++++++++++++++++++++++++++++-------------
+ 1 file changed, 64 insertions(+), 17 deletions(-)
+
+diff --git a/rsvg-base.c b/rsvg-base.c
+index 6210716..ed383d2 100644
+--- a/rsvg-base.c
++++ b/rsvg-base.c
+@@ -2154,36 +2154,83 @@ _rsvg_handle_allow_load (RsvgHandle *handle,
+     return TRUE;
+ }
+ 
++static char *
++_rsvg_handle_resolve_uri (RsvgHandle *handle,
++                          const char *uri)
++{
++    RsvgHandlePrivate *priv = handle->priv;
++    char *scheme, *resolved_uri;
++    GFile *base, *resolved;
++
++    if (uri == NULL)
++        return NULL;
++
++    scheme = g_uri_parse_scheme (uri);
++    if (scheme != NULL ||
++        priv->base_gfile == NULL ||
++        (base = g_file_get_parent (priv->base_gfile)) == NULL) {
++        g_free (scheme);
++        return g_strdup (uri);
++    }
++
++    resolved = g_file_resolve_relative_path (base, uri);
++    resolved_uri = g_file_get_uri (resolved);
++
++    g_free (scheme);
++    g_object_unref (base);
++    g_object_unref (resolved);
++
++    return resolved_uri;
++}
++
+ guint8* 
+ _rsvg_handle_acquire_data (RsvgHandle *handle,
+-                           const char *uri,
++                           const char *url,
+                            char **content_type,
+                            gsize *len,
+                            GError **error)
+ {
+-    if (!_rsvg_handle_allow_load (handle, uri, error))
+-        return NULL;
++    char *uri;
++    guint8 *data;
++
++    uri = _rsvg_handle_resolve_uri (handle, url);
++
++    if (_rsvg_handle_allow_load (handle, uri, error)) {
++        data = _rsvg_io_acquire_data (uri, 
++                                      rsvg_handle_get_base_uri (handle), 
++                                      content_type, 
++                                      len, 
++                                      handle->priv->cancellable,
++                                      error);
++    } else {
++        data = NULL;
++    }
+ 
+-    return _rsvg_io_acquire_data (uri, 
+-                                  rsvg_handle_get_base_uri (handle), 
+-                                  content_type, 
+-                                  len, 
+-                                  handle->priv->cancellable,
+-                                  error);
++    g_free (uri);
++    return data;
+ }
+ 
+ GInputStream *
+ _rsvg_handle_acquire_stream (RsvgHandle *handle,
+-                             const char *uri,
++                             const char *url,
+                              char **content_type,
+                              GError **error)
+ {
+-    if (!_rsvg_handle_allow_load (handle, uri, error))
+-        return NULL;
++    char *uri;
++    GInputStream *stream;
++
++    uri = _rsvg_handle_resolve_uri (handle, url);
++
++    if (_rsvg_handle_allow_load (handle, uri, error)) {
++        stream = _rsvg_io_acquire_stream (uri, 
++                                          rsvg_handle_get_base_uri (handle), 
++                                          content_type, 
++                                          handle->priv->cancellable,
++                                          error);
++    } else {
++        stream = NULL;
++    }
+ 
+-    return _rsvg_io_acquire_stream (uri, 
+-                                    rsvg_handle_get_base_uri (handle), 
+-                                    content_type, 
+-                                    handle->priv->cancellable,
+-                                    error);
++    g_free (uri);
++    return stream;
+ }
+-- 
+1.8.3.2
+
diff --git a/gnome-base/librsvg/files/librsvg-2.36.4-resource-uri-2.patch b/gnome-base/librsvg/files/librsvg-2.36.4-resource-uri-2.patch
new file mode 100644
index 000000000000..bd5459fc78af
--- /dev/null
+++ b/gnome-base/librsvg/files/librsvg-2.36.4-resource-uri-2.patch
@@ -0,0 +1,57 @@
+From d83e426fff3f6d0fa6042d0930fb70357db24125 Mon Sep 17 00:00:00 2001
+From: Christian Persch <chpe@gnome.org>
+Date: Mon, 11 Feb 2013 22:36:30 +0100
+Subject: [PATCH 2/3] io: Use XML_PARSE_NONET
+
+We don't want to load resources off the net.
+
+Bug #691708.
+---
+ rsvg-base.c | 3 +++
+ rsvg-css.c  | 2 ++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/rsvg-base.c b/rsvg-base.c
+index ed383d2..1f88479 100644
+--- a/rsvg-base.c
++++ b/rsvg-base.c
+@@ -572,6 +572,7 @@ rsvg_start_xinclude (RsvgHandle * ctx, RsvgPropertyBag * atts)
+             goto fallback;
+ 
+         xml_parser = xmlCreatePushParserCtxt (&rsvgSAXHandlerStruct, ctx, NULL, 0, NULL);
++        xml_parser->options |= XML_PARSE_NONET;
+ 
+         buffer = _rsvg_xml_input_buffer_new_from_stream (stream, NULL /* cancellable */, XML_CHAR_ENCODING_NONE, &err);
+         g_object_unref (stream);
+@@ -1111,6 +1112,7 @@ rsvg_handle_write_impl (RsvgHandle * handle, const guchar * buf, gsize count, GE
+     if (handle->priv->ctxt == NULL) {
+         handle->priv->ctxt = xmlCreatePushParserCtxt (&rsvgSAXHandlerStruct, handle, NULL, 0,
+                                                       rsvg_handle_get_base_uri (handle));
++        handle->priv->ctxt->options |= XML_PARSE_NONET;
+ 
+         /* if false, external entities work, but internal ones don't. if true, internal entities
+            work, but external ones don't. favor internal entities, in order to not cause a
+@@ -1767,6 +1769,7 @@ rsvg_handle_read_stream_sync (RsvgHandle   *handle,
+     if (priv->ctxt == NULL) {
+         priv->ctxt = xmlCreatePushParserCtxt (&rsvgSAXHandlerStruct, handle, NULL, 0,
+                                               rsvg_handle_get_base_uri (handle));
++        priv->ctxt->options |= XML_PARSE_NONET;
+ 
+         /* if false, external entities work, but internal ones don't. if true, internal entities
+            work, but external ones don't. favor internal entities, in order to not cause a
+diff --git a/rsvg-css.c b/rsvg-css.c
+index 7813098..3f703cc 100644
+--- a/rsvg-css.c
++++ b/rsvg-css.c
+@@ -836,6 +836,8 @@ rsvg_css_parse_xml_attribute_string (const char *attribute_string)
+     xmlSAX2InitDefaultSAXHandler (&handler, 0);
+     handler.serror = rsvg_xml_noerror;
+     parser = xmlCreatePushParserCtxt (&handler, NULL, tag, strlen (tag) + 1, NULL);
++    parser->options |= XML_PARSE_NONET;
++
+     if (xmlParseDocument (parser) != 0)
+         goto done;
+ 
+-- 
+1.8.3.2
+
diff --git a/gnome-base/librsvg/files/librsvg-2.36.4-resource-uri-3.patch b/gnome-base/librsvg/files/librsvg-2.36.4-resource-uri-3.patch
new file mode 100644
index 000000000000..cb3b46f1c054
--- /dev/null
+++ b/gnome-base/librsvg/files/librsvg-2.36.4-resource-uri-3.patch
@@ -0,0 +1,173 @@
+From f01aded72c38f0e18bc7ff67dee800e380251c8e Mon Sep 17 00:00:00 2001
+From: Christian Persch <chpe@gnome.org>
+Date: Mon, 11 Feb 2013 22:36:58 +0100
+Subject: [PATCH 3/3] io: Implement strict load policy
+
+Allow any file to load from data:, and any resource to load from other
+resources. Only allow file: to load other file: URIs from below the path
+of the base file. Any other loads are denied.
+
+Bug #691708.
+---
+ rsvg-base.c    | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++------
+ rsvg-io.c      |  2 +-
+ rsvg-private.h |  4 +--
+ 3 files changed, 84 insertions(+), 11 deletions(-)
+
+diff --git a/rsvg-base.c b/rsvg-base.c
+index 1f88479..9d7c1ea 100644
+--- a/rsvg-base.c
++++ b/rsvg-base.c
+@@ -25,6 +25,7 @@
+ */
+ 
+ #include "config.h"
++#define _GNU_SOURCE 1
+ 
+ #include "rsvg.h"
+ #include "rsvg-private.h"
+@@ -1002,6 +1003,7 @@ void
+ rsvg_handle_set_base_uri (RsvgHandle * handle, const char *base_uri)
+ {
+     gchar *uri;
++    GFile *file;
+ 
+     g_return_if_fail (handle != NULL);
+ 
+@@ -1013,11 +1015,10 @@ rsvg_handle_set_base_uri (RsvgHandle * handle, const char *base_uri)
+     else
+         uri = rsvg_get_base_uri_from_filename (base_uri);
+ 
+-    if (uri) {
+-        if (handle->priv->base_uri)
+-            g_free (handle->priv->base_uri);
+-        handle->priv->base_uri = uri;
+-    }
++    file = g_file_new_for_uri (uri ? uri : "data:");
++    rsvg_handle_set_base_gfile (handle, file);
++    g_object_unref (file);
++    g_free (uri);
+ }
+ 
+ /**
+@@ -2149,12 +2150,84 @@ _rsvg_handle_allow_load (RsvgHandle *handle,
+                          const char *uri,
+                          GError **error)
+ {
+-    RsvgLoadPolicy policy = handle->priv->load_policy;
++    RsvgHandlePrivate *priv = handle->priv;
++    GFile *base;
++    char *path, *dir;
++    char *scheme = NULL, *cpath = NULL, *cdir = NULL;
+ 
+-    if (policy == RSVG_LOAD_POLICY_ALL_PERMISSIVE)
+-        return TRUE;
++    g_assert (handle->priv->load_policy == RSVG_LOAD_POLICY_STRICT);
++
++    scheme = g_uri_parse_scheme (uri);
++
++    /* Not a valid URI */
++    if (scheme == NULL)
++        goto deny;
++
++    /* Allow loads of data: from any location */
++    if (g_str_equal (scheme, "data"))
++        goto allow;
++
++    /* No base to compare to? */
++    if (priv->base_gfile == NULL)
++        goto deny;
++
++    /* Deny loads from differing URI schemes */
++    if (!g_file_has_uri_scheme (priv->base_gfile, scheme))
++        goto deny;
++
++    /* resource: is allowed to load anything from other resources */
++    if (g_str_equal (scheme, "resource"))
++        goto allow;
++
++    /* Non-file: isn't allowed to load anything */
++    if (!g_str_equal (scheme, "file"))
++        goto deny;
++
++    base = g_file_get_parent (priv->base_gfile);
++    if (base == NULL)
++        goto deny;
+ 
++    dir = g_file_get_path (base);
++    g_object_unref (base);
++
++    /* FIXME portability */
++    cdir = canonicalize_file_name (dir);
++    g_free (dir);
++    if (cdir == NULL)
++        goto deny;
++
++    path = g_filename_from_uri (uri, NULL, NULL);
++    if (path == NULL)
++        goto deny;
++
++    /* FIXME portability */
++    cpath = canonicalize_file_name (path);
++    g_free (path);
++
++    if (cpath == NULL)
++        goto deny;
++
++    /* Now check that @cpath is below @cdir */
++    if (!g_str_has_prefix (cpath, cdir) ||
++        cpath[strlen (cdir)] != G_DIR_SEPARATOR)
++        goto deny;
++
++    /* Allow load! */
++
++ allow:
++    g_free (scheme);
++    free (cpath);
++    free (cdir);
+     return TRUE;
++
++ deny:
++    g_free (scheme);
++    free (cpath);
++    free (cdir);
++
++    g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
++                 "File may not link to URI \"%s\"", uri);
++    return FALSE;
+ }
+ 
+ static char *
+diff --git a/rsvg-io.c b/rsvg-io.c
+index 3d6c8b5..818d2ec 100644
+--- a/rsvg-io.c
++++ b/rsvg-io.c
+@@ -79,7 +79,7 @@ rsvg_acquire_data_data (const char *uri,
+     gboolean base64 = FALSE;
+ 
+     g_assert (out_len != NULL);
+-    g_assert (g_str_has_prefix (uri, "data:"));
++    g_assert (strncmp (uri, "data:", 5) == 0);
+ 
+     mime_type = NULL;
+     start = uri + 5;
+diff --git a/rsvg-private.h b/rsvg-private.h
+index 25283d4..1961eaf 100644
+--- a/rsvg-private.h
++++ b/rsvg-private.h
+@@ -123,10 +123,10 @@ struct RsvgSaxHandler {
+ };
+ 
+ typedef enum {
+-    RSVG_LOAD_POLICY_ALL_PERMISSIVE
++    RSVG_LOAD_POLICY_STRICT
+ } RsvgLoadPolicy;
+ 
+-#define RSVG_LOAD_POLICY_DEFAULT (RSVG_LOAD_POLICY_ALL_PERMISSIVE)
++#define RSVG_LOAD_POLICY_DEFAULT (RSVG_LOAD_POLICY_STRICT)
+ 
+ struct RsvgHandlePrivate {
+     RsvgHandleFlags flags;
+-- 
+1.8.3.2
+
diff --git a/gnome-base/librsvg/librsvg-2.37.0.ebuild b/gnome-base/librsvg/librsvg-2.36.4-r1.ebuild
index b7baebc53ab8..47e8df5071fd 100644
--- a/gnome-base/librsvg/librsvg-2.37.0.ebuild
+++ b/gnome-base/librsvg/librsvg-2.36.4-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/gnome-base/librsvg/librsvg-2.37.0.ebuild,v 1.4 2013/09/03 22:10:11 eva Exp $
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/librsvg/librsvg-2.36.4-r1.ebuild,v 1.1 2013/10/01 17:57:25 tetromino Exp $
 
 EAPI="5"
 GCONF_DEBUG="no"
@@ -15,16 +15,13 @@ HOMEPAGE="https://live.gnome.org/LibRsvg"
 
 LICENSE="LGPL-2"
 SLOT="2"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+gtk +introspection tools vala"
-REQUIRED_USE="
-	vala? ( introspection )
-	tools? ( gtk )"
+REQUIRED_USE="vala? ( introspection )"
 
-RDEPEND="
-	>=dev-libs/glib-2.24:2
+RDEPEND=">=dev-libs/glib-2.24:2
 	>=x11-libs/cairo-1.2
-	>=x11-libs/pango-1.32.6
+	>=x11-libs/pango-1.16
 	>=dev-libs/libxml2-2.7:2
 	>=dev-libs/libcroco-0.6.1
 	x11-libs/gdk-pixbuf:2[introspection?]
@@ -43,9 +40,12 @@ DEPEND="${RDEPEND}
 # >=gtk-doc-am-1.13, gobject-introspection-common, vala-common needed by eautoreconf
 
 src_prepare() {
-	# Make rsvg-view non-automagic
+	# Make rsvg-view non-automagic, upstream bug #653323
 	epatch "${FILESDIR}/${PN}-2.36.0-rsvg-view-automagic.patch"
 
+	# Information disclosure, CVE-2013-1881, bug #486600; fixed in 2.39.0
+	epatch "${FILESDIR}/${P}-resource-uri"-{1,2,3}.patch
+
 	use vala && vala_src_prepare
 
 	eautoreconf
@@ -53,10 +53,13 @@ src_prepare() {
 }
 
 src_configure() {
-	DOCS="AUTHORS ChangeLog README NEWS TODO"
-
 	local myconf=""
 
+	if use gtk && use tools; then
+		myconf="${myconf} --enable-rsvg-view"
+	else
+		myconf="${myconf} --disable-rsvg-view"
+	fi
 	# -Bsymbolic is not supported by the Darwin toolchain
 	if [[ ${CHOST} == *-darwin* ]]; then
 		myconf="${myconf} --disable-Bsymbolic"
@@ -64,8 +67,7 @@ src_configure() {
 
 	gnome2_src_configure \
 		--disable-static \
-		--disable-tools \
-		$(use_enable tools rsvg-view) \
+		$(use_enable tools) \
 		$(use_enable gtk gtk-theme) \
 		$(use_enable introspection) \
 		$(use_enable vala) \