From: "Andreas Müller" <schnitzeltony@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [PATCH][v2] giflib: upgrade 5.1.4 -> 5.2.1
Date: Sat, 22 May 2021 10:26:05 +0200 [thread overview]
Message-ID: <20210522082605.16975-1-schnitzeltony@gmail.com> (raw)
* Project removed autotools configuration files. So it is now a pure Makefile
build which requires autotools-brokensep
* Checked sources: Back ported CVE-patch can go
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
---
V2:
* explain autotool -> -brokensep in commit message
* add comment in do_install explaining why we tailored it
.../giflib/files/CVE-2019-15133.patch | 23 -------------------
.../{giflib_5.1.4.bb => giflib_5.2.1.bb} | 20 ++++++++--------
2 files changed, 11 insertions(+), 32 deletions(-)
delete mode 100644 meta-oe/recipes-devtools/giflib/files/CVE-2019-15133.patch
rename meta-oe/recipes-devtools/giflib/{giflib_5.1.4.bb => giflib_5.2.1.bb} (50%)
diff --git a/meta-oe/recipes-devtools/giflib/files/CVE-2019-15133.patch b/meta-oe/recipes-devtools/giflib/files/CVE-2019-15133.patch
deleted file mode 100644
index 9957be82f..000000000
--- a/meta-oe/recipes-devtools/giflib/files/CVE-2019-15133.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From 799eb6a3af8a3dd81e2429bf11a72a57e541f908 Mon Sep 17 00:00:00 2001
-From: "Eric S. Raymond" <esr@thyrsus.com>
-Date: Sun, 17 Mar 2019 12:37:21 -0400
-Subject: [PATCH] Address SF bug #119: MemorySanitizer: FPE on unknown address
-
----
- dgif_lib.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Upstream-status: Backport [https://sourceforge.net/p/giflib/code/ci/799eb6a3af8a3dd81e2429bf11a72a57e541f908/]
-CVE: CVE-2019-15133
-
---- a/lib/dgif_lib.c 2021-01-13 19:28:18.923493586 +0100
-+++ b/lib/dgif_lib.c 2021-01-13 19:28:55.245863085 +0100
-@@ -1099,7 +1099,7 @@ DGifSlurp(GifFileType *GifFile)
-
- sp = &GifFile->SavedImages[GifFile->ImageCount - 1];
- /* Allocate memory for the image */
-- if (sp->ImageDesc.Width < 0 && sp->ImageDesc.Height < 0 &&
-+ if (sp->ImageDesc.Width <= 0 && sp->ImageDesc.Height <= 0 &&
- sp->ImageDesc.Width > (INT_MAX / sp->ImageDesc.Height)) {
- return GIF_ERROR;
- }
diff --git a/meta-oe/recipes-devtools/giflib/giflib_5.1.4.bb b/meta-oe/recipes-devtools/giflib/giflib_5.2.1.bb
similarity index 50%
rename from meta-oe/recipes-devtools/giflib/giflib_5.1.4.bb
rename to meta-oe/recipes-devtools/giflib/giflib_5.2.1.bb
index 1871bab46..d8757ef58 100644
--- a/meta-oe/recipes-devtools/giflib/giflib_5.1.4.bb
+++ b/meta-oe/recipes-devtools/giflib/giflib_5.2.1.bb
@@ -3,14 +3,19 @@ SECTION = "libs"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://COPYING;md5=ae11c61b04b2917be39b11f78d71519a"
-SRC_URI = " \
- ${SOURCEFORGE_MIRROR}/giflib/${BP}.tar.bz2 \
- file://CVE-2019-15133.patch \
-"
-
CVE_PRODUCT = "giflib_project:giflib"
-inherit autotools
+DEPENDS = "xmlto-native"
+
+SRC_URI = "${SOURCEFORGE_MIRROR}/giflib/${BP}.tar.gz"
+SRC_URI[sha256sum] = "31da5562f44c5f15d63340a09a4fd62b48c45620cd302f77a6d9acf0077879bd"
+
+inherit autotools-brokensep
+
+do_install() {
+ # using autotools's default will end up in /usr/local
+ oe_runmake DESTDIR=${D} PREFIX=${prefix} LIBDIR=${libdir} install
+}
PACKAGES += "${PN}-utils"
FILES_${PN} = "${libdir}/libgif.so.*"
@@ -19,6 +24,3 @@ FILES_${PN}-utils = "${bindir}"
BBCLASSEXTEND = "native"
RDEPENDS_${PN}-utils = "perl"
-
-SRC_URI[md5sum] = "2c171ced93c0e83bb09e6ccad8e3ba2b"
-SRC_URI[sha256sum] = "df27ec3ff24671f80b29e6ab1c4971059c14ac3db95406884fc26574631ba8d5"
--
2.31.1
next reply other threads:[~2021-05-22 8:26 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-22 8:26 Andreas Müller [this message]
2021-05-22 12:47 ` [oe] [PATCH][v2] giflib: upgrade 5.1.4 -> 5.2.1 Khem Raj
2021-05-22 15:18 ` Andreas Müller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210522082605.16975-1-schnitzeltony@gmail.com \
--to=schnitzeltony@gmail.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.