Re: [oe-core][PATCH] cairo: Update 1.16 -> 1.17.4

From: "Randy MacLeod" <rwmacleod@gmail.com>
To: Yi Fan Yu <yifan.yu@windriver.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [oe-core][PATCH] cairo: Update 1.16 -> 1.17.4
Date: Tue, 2 Mar 2021 18:36:04 -0500	[thread overview]
Message-ID: <CAK6=ix6D7YSrT440VPMNJpkFeJTARYdiCvyK25AfkCJfPrbA=g@mail.gmail.com> (raw)
In-Reply-To: <20210302062805.9917-2-yifan.yu@windriver.com>

[-- Attachment #1: Type: text/plain, Size: 3287 bytes --]

As Alex said in another thread, we should wait for the 1.18 release. Thanks
for looking into this Yi.

Randy

On Tue., Mar. 2, 2021, 01:29 Yi Fan Yu, <yifan.yu@windriver.com> wrote:

> Drop a backported CVE patch:
> * CVE-2018-19876
>
> Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
> ---
>  .../cairo/cairo/CVE-2018-19876.patch          | 34 -------------------
>  .../{cairo_1.16.0.bb => cairo_1.17.4.bb}      |  7 ++--
>  2 files changed, 3 insertions(+), 38 deletions(-)
>  delete mode 100644 meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
>  rename meta/recipes-graphics/cairo/{cairo_1.16.0.bb => cairo_1.17.4.bb}
> (94%)
>
> diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
> b/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
> deleted file mode 100644
> index 4252a5663b..0000000000
> --- a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
> +++ /dev/null
> @@ -1,34 +0,0 @@
> -CVE: CVE-2018-19876
> -Upstream-Status: Backport
> -Signed-off-by: Ross Burton <ross.burton@intel.com>
> -
> -From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
> -From: Carlos Garcia Campos <cgarcia@igalia.com>
> -Date: Mon, 19 Nov 2018 12:33:07 +0100
> -Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
> - cairo_ft_apply_variations
> -
> -Fixes a crash when using freetype >= 2.9
> ----
> - src/cairo-ft-font.c | 4 ++++
> - 1 file changed, 4 insertions(+)
> -
> -diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
> -index 325dd61b4..981973f78 100644
> ---- a/src/cairo-ft-font.c
> -+++ b/src/cairo-ft-font.c
> -@@ -2393,7 +2393,11 @@ skip:
> - done:
> -         free (coords);
> -         free (current_coords);
> -+#if HAVE_FT_DONE_MM_VAR
> -+        FT_Done_MM_Var (face->glyph->library, ft_mm_var);
> -+#else
> -         free (ft_mm_var);
> -+#endif
> -     }
> - }
> -
> ---
> -2.11.0
> -
> diff --git a/meta/recipes-graphics/cairo/cairo_1.16.0.bb
> b/meta/recipes-graphics/cairo/cairo_1.17.4.bb
> similarity index 94%
> rename from meta/recipes-graphics/cairo/cairo_1.16.0.bb
> rename to meta/recipes-graphics/cairo/cairo_1.17.4.bb
> index 68f993d7ca..5155cbbf2c 100644
> --- a/meta/recipes-graphics/cairo/cairo_1.16.0.bb
> +++ b/meta/recipes-graphics/cairo/cairo_1.17.4.bb
> @@ -22,15 +22,14 @@ LIC_FILES_CHKSUM =
> "file://COPYING;md5=e73e999e0c72b5ac9012424fa157ad77"
>
>  DEPENDS = "fontconfig glib-2.0 libpng pixman zlib"
>
> -SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \
> +SRC_URI = "http://cairographics.org/snapshots/cairo-${PV}.tar.xz \
>             file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \
> -           file://CVE-2018-19876.patch \
>             file://CVE-2019-6461.patch \
>             file://CVE-2019-6462.patch \
>            "
>
> -SRC_URI[md5sum] = "f19e0353828269c22bd72e271243a552"
> -SRC_URI[sha256sum] =
> "5e7b29b3f113ef870d1e3ecf8adf21f923396401604bda16d44be45e66052331"
> +SRC_URI[md5sum] = "bf9d0d324ecbd350d0e9308125fa4ce0"
> +SRC_URI[sha256sum] =
> "74b24c1ed436bbe87499179a3b27c43f4143b8676d8ad237a6fa787401959705"
>
>  inherit autotools pkgconfig upstream-version-is-even gtk-doc
> multilib_script
>
> --
> 2.29.2
>
>
> 
>
>

[-- Attachment #2: Type: text/html, Size: 5188 bytes --]