[oe-core] cairo: Using the snapshot version instead of the stable release

All of lore.kernel.org
 help / color / mirror / Atom feed

* [oe-core] cairo: Using the snapshot version instead of the stable release
@ 2021-03-02  6:28 Yi Fan Yu
  2021-03-02  6:28 ` [oe-core][PATCH] cairo: Update 1.16 -> 1.17.4 Yi Fan Yu
  2021-03-02  9:25 ` [oe-core] cairo: Using the snapshot version instead of the stable release Alexander Kanavin
  0 siblings, 2 replies; 4+ messages in thread
From: Yi Fan Yu @ 2021-03-02  6:28 UTC (permalink / raw)
  To: openembedded-core


Thoughts on if its acceptable for Yocto to use a snapshot release for cairo?

current version 1.16 was released on 2018-10-19

Archlinux uses 1.17.4
Linux From Scratch recommends 1.17.2

yifan



^ permalink raw reply	[flat|nested] 4+ messages in thread

* [oe-core][PATCH] cairo: Update 1.16 -> 1.17.4
  2021-03-02  6:28 [oe-core] cairo: Using the snapshot version instead of the stable release Yi Fan Yu
@ 2021-03-02  6:28 ` Yi Fan Yu
  2021-03-02 23:36   ` Randy MacLeod
  2021-03-02  9:25 ` [oe-core] cairo: Using the snapshot version instead of the stable release Alexander Kanavin
  1 sibling, 1 reply; 4+ messages in thread
From: Yi Fan Yu @ 2021-03-02  6:28 UTC (permalink / raw)
  To: openembedded-core

Drop a backported CVE patch:
* CVE-2018-19876

Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
---
 .../cairo/cairo/CVE-2018-19876.patch          | 34 -------------------
 .../{cairo_1.16.0.bb => cairo_1.17.4.bb}      |  7 ++--
 2 files changed, 3 insertions(+), 38 deletions(-)
 delete mode 100644 meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
 rename meta/recipes-graphics/cairo/{cairo_1.16.0.bb => cairo_1.17.4.bb} (94%)

diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch b/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
deleted file mode 100644
index 4252a5663b..0000000000
--- a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-CVE: CVE-2018-19876
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
-From: Carlos Garcia Campos <cgarcia@igalia.com>
-Date: Mon, 19 Nov 2018 12:33:07 +0100
-Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
- cairo_ft_apply_variations
-
-Fixes a crash when using freetype >= 2.9
----
- src/cairo-ft-font.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
-index 325dd61b4..981973f78 100644
---- a/src/cairo-ft-font.c
-+++ b/src/cairo-ft-font.c
-@@ -2393,7 +2393,11 @@ skip:
- done:
-         free (coords);
-         free (current_coords);
-+#if HAVE_FT_DONE_MM_VAR
-+        FT_Done_MM_Var (face->glyph->library, ft_mm_var);
-+#else
-         free (ft_mm_var);
-+#endif
-     }
- }
- 
--- 
-2.11.0
-
diff --git a/meta/recipes-graphics/cairo/cairo_1.16.0.bb b/meta/recipes-graphics/cairo/cairo_1.17.4.bb
similarity index 94%
rename from meta/recipes-graphics/cairo/cairo_1.16.0.bb
rename to meta/recipes-graphics/cairo/cairo_1.17.4.bb
index 68f993d7ca..5155cbbf2c 100644
--- a/meta/recipes-graphics/cairo/cairo_1.16.0.bb
+++ b/meta/recipes-graphics/cairo/cairo_1.17.4.bb
@@ -22,15 +22,14 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=e73e999e0c72b5ac9012424fa157ad77"
 
 DEPENDS = "fontconfig glib-2.0 libpng pixman zlib"
 
-SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \
+SRC_URI = "http://cairographics.org/snapshots/cairo-${PV}.tar.xz \
            file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \
-           file://CVE-2018-19876.patch \
            file://CVE-2019-6461.patch \
            file://CVE-2019-6462.patch \
           "
 
-SRC_URI[md5sum] = "f19e0353828269c22bd72e271243a552"
-SRC_URI[sha256sum] = "5e7b29b3f113ef870d1e3ecf8adf21f923396401604bda16d44be45e66052331"
+SRC_URI[md5sum] = "bf9d0d324ecbd350d0e9308125fa4ce0"
+SRC_URI[sha256sum] = "74b24c1ed436bbe87499179a3b27c43f4143b8676d8ad237a6fa787401959705"
 
 inherit autotools pkgconfig upstream-version-is-even gtk-doc multilib_script
 
-- 
2.29.2


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [oe-core] cairo: Using the snapshot version instead of the stable release
  2021-03-02  6:28 [oe-core] cairo: Using the snapshot version instead of the stable release Yi Fan Yu
  2021-03-02  6:28 ` [oe-core][PATCH] cairo: Update 1.16 -> 1.17.4 Yi Fan Yu
@ 2021-03-02  9:25 ` Alexander Kanavin
  1 sibling, 0 replies; 4+ messages in thread
From: Alexander Kanavin @ 2021-03-02  9:25 UTC (permalink / raw)
  To: Yi Fan Yu; +Cc: OE-core

[-- Attachment #1: Type: text/plain, Size: 540 bytes --]

On Tue, 2 Mar 2021 at 07:29, Yi Fan Yu <yifan.yu@windriver.com> wrote:

>
> Thoughts on if its acceptable for Yocto to use a snapshot release for
> cairo?
>
> current version 1.16 was released on 2018-10-19
>
> Archlinux uses 1.17.4
> Linux From Scratch recommends 1.17.2
>

Fedora, Debian, Ubuntu, opensuse all use 1.16.0.

The 1.17.4 was released in end of November, so with a little patience 1.18
should show up soon enough.

If you need the new features, you can supply the new version from a
separate layer?

Alex

[-- Attachment #2: Type: text/html, Size: 922 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [oe-core][PATCH] cairo: Update 1.16 -> 1.17.4
  2021-03-02  6:28 ` [oe-core][PATCH] cairo: Update 1.16 -> 1.17.4 Yi Fan Yu
@ 2021-03-02 23:36   ` Randy MacLeod
  0 siblings, 0 replies; 4+ messages in thread
From: Randy MacLeod @ 2021-03-02 23:36 UTC (permalink / raw)
  To: Yi Fan Yu; +Cc: openembedded-core

[-- Attachment #1: Type: text/plain, Size: 3287 bytes --]

As Alex said in another thread, we should wait for the 1.18 release. Thanks
for looking into this Yi.

Randy

On Tue., Mar. 2, 2021, 01:29 Yi Fan Yu, <yifan.yu@windriver.com> wrote:

> Drop a backported CVE patch:
> * CVE-2018-19876
>
> Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
> ---
>  .../cairo/cairo/CVE-2018-19876.patch          | 34 -------------------
>  .../{cairo_1.16.0.bb => cairo_1.17.4.bb}      |  7 ++--
>  2 files changed, 3 insertions(+), 38 deletions(-)
>  delete mode 100644 meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
>  rename meta/recipes-graphics/cairo/{cairo_1.16.0.bb => cairo_1.17.4.bb}
> (94%)
>
> diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
> b/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
> deleted file mode 100644
> index 4252a5663b..0000000000
> --- a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
> +++ /dev/null
> @@ -1,34 +0,0 @@
> -CVE: CVE-2018-19876
> -Upstream-Status: Backport
> -Signed-off-by: Ross Burton <ross.burton@intel.com>
> -
> -From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
> -From: Carlos Garcia Campos <cgarcia@igalia.com>
> -Date: Mon, 19 Nov 2018 12:33:07 +0100
> -Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
> - cairo_ft_apply_variations
> -
> -Fixes a crash when using freetype >= 2.9
> ----
> - src/cairo-ft-font.c | 4 ++++
> - 1 file changed, 4 insertions(+)
> -
> -diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
> -index 325dd61b4..981973f78 100644
> ---- a/src/cairo-ft-font.c
> -+++ b/src/cairo-ft-font.c
> -@@ -2393,7 +2393,11 @@ skip:
> - done:
> -         free (coords);
> -         free (current_coords);
> -+#if HAVE_FT_DONE_MM_VAR
> -+        FT_Done_MM_Var (face->glyph->library, ft_mm_var);
> -+#else
> -         free (ft_mm_var);
> -+#endif
> -     }
> - }
> -
> ---
> -2.11.0
> -
> diff --git a/meta/recipes-graphics/cairo/cairo_1.16.0.bb
> b/meta/recipes-graphics/cairo/cairo_1.17.4.bb
> similarity index 94%
> rename from meta/recipes-graphics/cairo/cairo_1.16.0.bb
> rename to meta/recipes-graphics/cairo/cairo_1.17.4.bb
> index 68f993d7ca..5155cbbf2c 100644
> --- a/meta/recipes-graphics/cairo/cairo_1.16.0.bb
> +++ b/meta/recipes-graphics/cairo/cairo_1.17.4.bb
> @@ -22,15 +22,14 @@ LIC_FILES_CHKSUM =
> "file://COPYING;md5=e73e999e0c72b5ac9012424fa157ad77"
>
>  DEPENDS = "fontconfig glib-2.0 libpng pixman zlib"
>
> -SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \
> +SRC_URI = "http://cairographics.org/snapshots/cairo-${PV}.tar.xz \
>             file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \
> -           file://CVE-2018-19876.patch \
>             file://CVE-2019-6461.patch \
>             file://CVE-2019-6462.patch \
>            "
>
> -SRC_URI[md5sum] = "f19e0353828269c22bd72e271243a552"
> -SRC_URI[sha256sum] =
> "5e7b29b3f113ef870d1e3ecf8adf21f923396401604bda16d44be45e66052331"
> +SRC_URI[md5sum] = "bf9d0d324ecbd350d0e9308125fa4ce0"
> +SRC_URI[sha256sum] =
> "74b24c1ed436bbe87499179a3b27c43f4143b8676d8ad237a6fa787401959705"
>
>  inherit autotools pkgconfig upstream-version-is-even gtk-doc
> multilib_script
>
> --
> 2.29.2
>
>
> 
>
>

[-- Attachment #2: Type: text/html, Size: 5188 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-03-02 23:36 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-02  6:28 [oe-core] cairo: Using the snapshot version instead of the stable release Yi Fan Yu
2021-03-02  6:28 ` [oe-core][PATCH] cairo: Update 1.16 -> 1.17.4 Yi Fan Yu
2021-03-02 23:36   ` Randy MacLeod
2021-03-02  9:25 ` [oe-core] cairo: Using the snapshot version instead of the stable release Alexander Kanavin

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.