[prev in list] [next in list] [prev in thread] [next in thread]
List: openembedded-core
Subject: Re: [OE-core] [PATCH] cairo: upgrade 1.16.0 -> 1.17.4
From: "Alexander Kanavin" <alex.kanavin () gmail ! com>
Date: 2021-03-31 15:48:56
Message-ID: CANNYZj9uPZeUDLiH2zC3EtYV9+j+6YJ_z4m8H7ajZcExJud_uw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
This is a development version, which is made very clearly:
https://cairographics.org/snapshots/
What's the rationale for this update?
Alex
On Wed, 31 Mar 2021 at 16:22, wangmy <wangmy@fujitsu.com> wrote:
> CVE-2018-19876.patch
> removed since it is included in 1.17.4
>
> Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
> ---
> .../cairo/cairo/CVE-2018-19876.patch | 34 -------------------
> .../{cairo_1.16.0.bb => cairo_1.17.4.bb} | 7 ++--
> 2 files changed, 3 insertions(+), 38 deletions(-)
> delete mode 100644 meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
> rename meta/recipes-graphics/cairo/{cairo_1.16.0.bb => cairo_1.17.4.bb}
> (94%)
>
> diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
> b/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
> deleted file mode 100644
> index 4252a5663b..0000000000
> --- a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
> +++ /dev/null
> @@ -1,34 +0,0 @@
> -CVE: CVE-2018-19876
> -Upstream-Status: Backport
> -Signed-off-by: Ross Burton <ross.burton@intel.com>
> -
> -From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
> -From: Carlos Garcia Campos <cgarcia@igalia.com>
> -Date: Mon, 19 Nov 2018 12:33:07 +0100
> -Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
> - cairo_ft_apply_variations
> -
> -Fixes a crash when using freetype >= 2.9
> ----
> - src/cairo-ft-font.c | 4 ++++
> - 1 file changed, 4 insertions(+)
> -
> -diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
> -index 325dd61b4..981973f78 100644
> ---- a/src/cairo-ft-font.c
> -+++ b/src/cairo-ft-font.c
> -@@ -2393,7 +2393,11 @@ skip:
> - done:
> - free (coords);
> - free (current_coords);
> -+#if HAVE_FT_DONE_MM_VAR
> -+ FT_Done_MM_Var (face->glyph->library, ft_mm_var);
> -+#else
> - free (ft_mm_var);
> -+#endif
> - }
> - }
> -
> ---
> -2.11.0
> -
> diff --git a/meta/recipes-graphics/cairo/cairo_1.16.0.bb
> b/meta/recipes-graphics/cairo/cairo_1.17.4.bb
> similarity index 94%
> rename from meta/recipes-graphics/cairo/cairo_1.16.0.bb
> rename to meta/recipes-graphics/cairo/cairo_1.17.4.bb
> index 68f993d7ca..e92540c49e 100644
> --- a/meta/recipes-graphics/cairo/cairo_1.16.0.bb
> +++ b/meta/recipes-graphics/cairo/cairo_1.17.4.bb
> @@ -22,15 +22,14 @@ LIC_FILES_CHKSUM =
> "file://COPYING;md5=e73e999e0c72b5ac9012424fa157ad77"
>
> DEPENDS = "fontconfig glib-2.0 libpng pixman zlib"
>
> -SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \
> +SRC_URI = "https://cairographics.org/snapshots/cairo-${PV}.tar.xz \
> file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \
> - file://CVE-2018-19876.patch \
> file://CVE-2019-6461.patch \
> file://CVE-2019-6462.patch \
> "
>
> -SRC_URI[md5sum] = "f19e0353828269c22bd72e271243a552"
> -SRC_URI[sha256sum] =
> "5e7b29b3f113ef870d1e3ecf8adf21f923396401604bda16d44be45e66052331"
> +SRC_URI[md5sum] = "bf9d0d324ecbd350d0e9308125fa4ce0"
> +SRC_URI[sha256sum] =
> "74b24c1ed436bbe87499179a3b27c43f4143b8676d8ad237a6fa787401959705"
>
> inherit autotools pkgconfig upstream-version-is-even gtk-doc
> multilib_script
>
> --
> 2.25.1
>
>
>
>
>
[Attachment #5 (text/html)]
<div dir="ltr"><div>This is a development version, which is made very \
clearly:</div><div><a \
href="https://cairographics.org/snapshots/">https://cairographics.org/snapshots/</a></div><div><br></div><div>What's \
the rationale for this \
update?<br></div><div><br></div><div>Alex<br></div></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, 31 Mar 2021 at 16:22, \
wangmy <<a href="mailto:wangmy@fujitsu.com">wangmy@fujitsu.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">CVE-2018-19876.patch<br> removed since it is \
included in 1.17.4<br> <br>
Signed-off-by: Wang Mingyu <<a href="mailto:wangmy@fujitsu.com" \
target="_blank">wangmy@fujitsu.com</a>><br>
---<br>
.../cairo/cairo/CVE-2018-19876.patch | 34 -------------------<br>
.../{<a href="http://cairo_1.16.0.bb" rel="noreferrer" \
target="_blank">cairo_1.16.0.bb</a> => <a href="http://cairo_1.17.4.bb" \
rel="noreferrer" target="_blank">cairo_1.17.4.bb</a>} | 7 ++--<br> 2 files \
changed, 3 insertions(+), 38 deletions(-)<br> delete mode 100644 \
meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch<br> rename \
meta/recipes-graphics/cairo/{<a href="http://cairo_1.16.0.bb" rel="noreferrer" \
target="_blank">cairo_1.16.0.bb</a> => <a href="http://cairo_1.17.4.bb" \
rel="noreferrer" target="_blank">cairo_1.17.4.bb</a>} (94%)<br> <br>
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch \
b/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch<br> deleted file mode \
100644<br> index 4252a5663b..0000000000<br>
--- a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch<br>
+++ /dev/null<br>
@@ -1,34 +0,0 @@<br>
-CVE: CVE-2018-19876<br>
-Upstream-Status: Backport<br>
-Signed-off-by: Ross Burton <<a href="mailto:ross.burton@intel.com" \
target="_blank">ross.burton@intel.com</a>><br>
-<br>
-From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001<br>
-From: Carlos Garcia Campos <<a href="mailto:cgarcia@igalia.com" \
target="_blank">cgarcia@igalia.com</a>><br>
-Date: Mon, 19 Nov 2018 12:33:07 +0100<br>
-Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in<br>
- cairo_ft_apply_variations<br>
-<br>
-Fixes a crash when using freetype >= 2.9<br>
----<br>
- src/cairo-ft-font.c | 4 ++++<br>
- 1 file changed, 4 insertions(+)<br>
-<br>
-diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c<br>
-index 325dd61b4..981973f78 100644<br>
---- a/src/cairo-ft-font.c<br>
-+++ b/src/cairo-ft-font.c<br>
-@@ -2393,7 +2393,11 @@ skip:<br>
- done:<br>
- free (coords);<br>
- free (current_coords);<br>
-+#if HAVE_FT_DONE_MM_VAR<br>
-+ FT_Done_MM_Var (face->glyph->library, ft_mm_var);<br>
-+#else<br>
- free (ft_mm_var);<br>
-+#endif<br>
- }<br>
- }<br>
- <br>
--- <br>
-2.11.0<br>
-<br>
diff --git a/meta/recipes-graphics/cairo/<a href="http://cairo_1.16.0.bb" \
rel="noreferrer" target="_blank">cairo_1.16.0.bb</a> b/meta/recipes-graphics/cairo/<a \
href="http://cairo_1.17.4.bb" rel="noreferrer" \
target="_blank">cairo_1.17.4.bb</a><br> similarity index 94%<br>
rename from meta/recipes-graphics/cairo/<a href="http://cairo_1.16.0.bb" \
rel="noreferrer" target="_blank">cairo_1.16.0.bb</a><br> rename to \
meta/recipes-graphics/cairo/<a href="http://cairo_1.17.4.bb" rel="noreferrer" \
target="_blank">cairo_1.17.4.bb</a><br> index 68f993d7ca..e92540c49e 100644<br>
--- a/meta/recipes-graphics/cairo/<a href="http://cairo_1.16.0.bb" rel="noreferrer" \
target="_blank">cairo_1.16.0.bb</a><br>
+++ b/meta/recipes-graphics/cairo/<a href="http://cairo_1.17.4.bb" rel="noreferrer" \
target="_blank">cairo_1.17.4.bb</a><br> @@ -22,15 +22,14 @@ LIC_FILES_CHKSUM = \
"file://COPYING;md5=e73e999e0c72b5ac9012424fa157ad77"<br> <br>
DEPENDS = "fontconfig glib-2.0 libpng pixman zlib"<br>
<br>
-SRC_URI = "<a href="http://cairographics.org/releases/cairo-$%7BPV%7D.tar.xz" \
rel="noreferrer" target="_blank">http://cairographics.org/releases/cairo-${PV}.tar.xz</a> \
\<br> +SRC_URI = "<a \
href="https://cairographics.org/snapshots/cairo-$%7BPV%7D.tar.xz" rel="noreferrer" \
target="_blank">https://cairographics.org/snapshots/cairo-${PV}.tar.xz</a> \
\<br>
file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \<br>
- file://CVE-2018-19876.patch \<br>
file://CVE-2019-6461.patch \<br>
file://CVE-2019-6462.patch \<br>
"<br>
<br>
-SRC_URI[md5sum] = "f19e0353828269c22bd72e271243a552"<br>
-SRC_URI[sha256sum] = \
"5e7b29b3f113ef870d1e3ecf8adf21f923396401604bda16d44be45e66052331"<br> \
+SRC_URI[md5sum] = "bf9d0d324ecbd350d0e9308125fa4ce0"<br> \
+SRC_URI[sha256sum] = \
"74b24c1ed436bbe87499179a3b27c43f4143b8676d8ad237a6fa787401959705"<br> <br>
inherit autotools pkgconfig upstream-version-is-even gtk-doc multilib_script<br>
<br>
-- <br>
2.25.1<br>
<br>
<br>
<br>
<br>
</blockquote></div>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#150119): https://lists.openembedded.org/g/openembedded-core/message/150119
Mute This Topic: https://lists.openembedded.org/mt/81750615/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic