Re: [oe] [meta-oe][hardknott][PATCH] gd: upgrade 2.3.2 -> 2.3.3

From: akuster808 <akuster808@gmail.com>
To: Sakib Sajal <sakib.sajal@windriver.com>,
	openembedded-devel@lists.openembedded.org
Subject: Re: [oe] [meta-oe][hardknott][PATCH] gd: upgrade 2.3.2 -> 2.3.3
Date: Sun, 26 Sep 2021 13:23:13 -0700	[thread overview]
Message-ID: <12ad9aa4-8ab9-6197-9e85-5f3a89eab5f2@gmail.com> (raw)
In-Reply-To: <20210921200820.8490-1-sakib.sajal@windriver.com>

On 9/21/21 1:08 PM, Sakib Sajal wrote:
> Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>

> ---
>  ...-of-bands-in-reading-tga-header-file.patch | 33 -------------------
>  .../gd/{gd_2.3.2.bb => gd_2.3.3.bb}           |  7 ++--
>  2 files changed, 3 insertions(+), 37 deletions(-)
>  delete mode 100644 meta-oe/recipes-support/gd/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch
>  rename meta-oe/recipes-support/gd/{gd_2.3.2.bb => gd_2.3.3.bb} (84%)
>
> diff --git a/meta-oe/recipes-support/gd/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch b/meta-oe/recipes-support/gd/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch
> deleted file mode 100644
> index 649b9b744..000000000
> --- a/meta-oe/recipes-support/gd/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch
> +++ /dev/null
> @@ -1,33 +0,0 @@
> -From 8b111b2b4a4842179be66db68d84dda91a246032 Mon Sep 17 00:00:00 2001
> -From: maryam ebrahimzadeh <maryam.ebr@student.sharif.edu>
> -Date: Mon, 19 Jul 2021 10:07:13 +0430
> -Subject: [PATCH] fix read out-of-bands in reading tga header file
> -
> -CVE: CVE-2021-38115
> -Upstream-Status: Backport [8b111b2b4a4842179be66db68d84dda91a246032]
> -
> -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> ----
> - src/gd_tga.c | 6 +++++-
> - 1 file changed, 5 insertions(+), 1 deletion(-)
> -
> -diff --git a/src/gd_tga.c b/src/gd_tga.c
> -index cae9428..286febb 100644
> ---- a/src/gd_tga.c
> -+++ b/src/gd_tga.c
> -@@ -191,7 +191,11 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga)
> - 			return -1;
> - 		}
> - 
> --		gdGetBuf(tga->ident, tga->identsize, ctx);
> -+		
> -+		if (gdGetBuf(tga->ident, tga->identsize, ctx) != tga->identsize) {
> -+			gd_error("fail to read header ident");
> -+			return -1;
> -+		}
> - 	}
> - 
> - 	return 1;
> --- 
> -2.25.1
> -
> diff --git a/meta-oe/recipes-support/gd/gd_2.3.2.bb b/meta-oe/recipes-support/gd/gd_2.3.3.bb
> similarity index 84%
> rename from meta-oe/recipes-support/gd/gd_2.3.2.bb
> rename to meta-oe/recipes-support/gd/gd_2.3.3.bb
> index 557b45dc4..e129dc5a9 100644
> --- a/meta-oe/recipes-support/gd/gd_2.3.2.bb
> +++ b/meta-oe/recipes-support/gd/gd_2.3.3.bb
> @@ -9,15 +9,14 @@ HOMEPAGE = "http://libgd.github.io/"
>  
>  SECTION = "libs"
>  LICENSE = "GD"
> -LIC_FILES_CHKSUM = "file://COPYING;md5=8e5bc8627b9494741c905d65238c66b7"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=ace63adfdac78400fc30fa22ee9c1bb1"

Why did the LIC_FILES_CHKSUM change?

>  
>  DEPENDS = "freetype libpng jpeg zlib tiff"
>  
> -SRC_URI = "git://github.com/libgd/libgd.git;branch=master \
> -           file://0001-fix-read-out-of-bands-in-reading-tga-header-file.patch \
> +SRC_URI = "git://github.com/libgd/libgd.git;nobranch=1\
>            "

Why was the patch dropped? no mention in the commit message.

-armin
>  
> -SRCREV = "2e40f55bfb460fc9d8cbcd290a0c9eb908d5af7e"
> +SRCREV = "b5319a41286107b53daa0e08e402aa1819764bdc"
>  
>  S = "${WORKDIR}/git"
>  
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#93038): https://lists.openembedded.org/g/openembedded-devel/message/93038
> Mute This Topic: https://lists.openembedded.org/mt/85774777/3616698
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [akuster808@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>