From 3f8d565e396a751f2a68c6378c98bb4e059b653f Mon Sep 17 00:00:00 2001 From: Sakib Sajal Date: Tue, 5 Oct 2021 15:32:36 -0400 Subject: gd: upgrade v2.3.2 -> v2.3.3 Changes: i) removed patches contained in newer version ii) LIC_FILES_CHKSUM changed because of the following commits: 6013c7bc Just make it easier for the doc 82d26095 merge duplicate COPYING files Signed-off-by: Sakib Sajal Signed-off-by: Armin Kuster --- ...d-out-of-bands-in-reading-tga-header-file.patch | 33 ------------- meta-oe/recipes-support/gd/gd_2.3.2.bb | 55 ---------------------- meta-oe/recipes-support/gd/gd_2.3.3.bb | 54 +++++++++++++++++++++ 3 files changed, 54 insertions(+), 88 deletions(-) delete mode 100644 meta-oe/recipes-support/gd/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch delete mode 100644 meta-oe/recipes-support/gd/gd_2.3.2.bb create mode 100644 meta-oe/recipes-support/gd/gd_2.3.3.bb diff --git a/meta-oe/recipes-support/gd/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch b/meta-oe/recipes-support/gd/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch deleted file mode 100644 index 649b9b744f..0000000000 --- a/meta-oe/recipes-support/gd/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 8b111b2b4a4842179be66db68d84dda91a246032 Mon Sep 17 00:00:00 2001 -From: maryam ebrahimzadeh -Date: Mon, 19 Jul 2021 10:07:13 +0430 -Subject: [PATCH] fix read out-of-bands in reading tga header file - -CVE: CVE-2021-38115 -Upstream-Status: Backport [8b111b2b4a4842179be66db68d84dda91a246032] - -Signed-off-by: Sakib Sajal ---- - src/gd_tga.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/gd_tga.c b/src/gd_tga.c -index cae9428..286febb 100644 ---- a/src/gd_tga.c -+++ b/src/gd_tga.c -@@ -191,7 +191,11 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga) - return -1; - } - -- gdGetBuf(tga->ident, tga->identsize, ctx); -+ -+ if (gdGetBuf(tga->ident, tga->identsize, ctx) != tga->identsize) { -+ gd_error("fail to read header ident"); -+ return -1; -+ } - } - - return 1; --- -2.25.1 - diff --git a/meta-oe/recipes-support/gd/gd_2.3.2.bb b/meta-oe/recipes-support/gd/gd_2.3.2.bb deleted file mode 100644 index 557b45dc49..0000000000 --- a/meta-oe/recipes-support/gd/gd_2.3.2.bb +++ /dev/null @@ -1,55 +0,0 @@ -SUMMARY = "gd is a library used to create PNG, JPEG, or WBMP images" -DESCRIPTION = "The gd graphics library allows your code to quickly draw images \ -complete with lines, arcs, text, multiple colors, cut and paste from other \ -images, and flood fills, and to write out the result as a PNG or JPEG file. \ -This is particularly useful in Web applications, where PNG and JPEG are two \ -of the formats accepted for inline images by most browsers. Note that gd is not \ -a paint program." -HOMEPAGE = "http://libgd.github.io/" - -SECTION = "libs" -LICENSE = "GD" -LIC_FILES_CHKSUM = "file://COPYING;md5=8e5bc8627b9494741c905d65238c66b7" - -DEPENDS = "freetype libpng jpeg zlib tiff" - -SRC_URI = "git://github.com/libgd/libgd.git;branch=master \ - file://0001-fix-read-out-of-bands-in-reading-tga-header-file.patch \ - " - -SRCREV = "2e40f55bfb460fc9d8cbcd290a0c9eb908d5af7e" - -S = "${WORKDIR}/git" - -inherit autotools binconfig gettext pkgconfig - -EXTRA_OECONF += " --disable-rpath \ - --with-jpeg=${STAGING_LIBDIR}/.. \ - --with-freetype=yes \ - --without-fontconfig \ - --without-webp \ - --without-xpm \ - --without-x \ - " - -EXTRA_OEMAKE = 'LDFLAGS="${LDFLAGS}"' - -DEBUG_OPTIMIZATION_append = " -Wno-error=maybe-uninitialized" - -do_install_append_class-target() { - # cleanup buildpaths from gdlib.pc - sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/gdlib.pc -} - -PACKAGES += "${PN}-tools" - -FILES_${PN} = "${libdir}/lib*${SOLIBS}" -FILES_${PN}-tools = "${bindir}/*" - -PROVIDES += "${PN}-tools" -RPROVIDES_${PN}-tools = "${PN}-tools" -RDEPENDS_${PN}-tools = "perl perl-module-strict" - -CVE_PRODUCT = "libgd" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-oe/recipes-support/gd/gd_2.3.3.bb b/meta-oe/recipes-support/gd/gd_2.3.3.bb new file mode 100644 index 0000000000..f95ee714b6 --- /dev/null +++ b/meta-oe/recipes-support/gd/gd_2.3.3.bb @@ -0,0 +1,54 @@ +SUMMARY = "gd is a library used to create PNG, JPEG, or WBMP images" +DESCRIPTION = "The gd graphics library allows your code to quickly draw images \ +complete with lines, arcs, text, multiple colors, cut and paste from other \ +images, and flood fills, and to write out the result as a PNG or JPEG file. \ +This is particularly useful in Web applications, where PNG and JPEG are two \ +of the formats accepted for inline images by most browsers. Note that gd is not \ +a paint program." +HOMEPAGE = "http://libgd.github.io/" + +SECTION = "libs" +LICENSE = "GD" +LIC_FILES_CHKSUM = "file://COPYING;md5=ace63adfdac78400fc30fa22ee9c1bb1" + +DEPENDS = "freetype libpng jpeg zlib tiff" + +SRC_URI = "git://github.com/libgd/libgd.git;nobranch=1 \ + " + +SRCREV = "b5319a41286107b53daa0e08e402aa1819764bdc" + +S = "${WORKDIR}/git" + +inherit autotools binconfig gettext pkgconfig + +EXTRA_OECONF += " --disable-rpath \ + --with-jpeg=${STAGING_LIBDIR}/.. \ + --with-freetype=yes \ + --without-fontconfig \ + --without-webp \ + --without-xpm \ + --without-x \ + " + +EXTRA_OEMAKE = 'LDFLAGS="${LDFLAGS}"' + +DEBUG_OPTIMIZATION_append = " -Wno-error=maybe-uninitialized" + +do_install_append_class-target() { + # cleanup buildpaths from gdlib.pc + sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/gdlib.pc +} + +PACKAGES += "${PN}-tools" + +FILES_${PN} = "${libdir}/lib*${SOLIBS}" +FILES_${PN}-tools = "${bindir}/*" + +PROVIDES += "${PN}-tools" +RPROVIDES_${PN}-tools = "${PN}-tools" +RDEPENDS_${PN}-tools = "perl perl-module-strict" + +CVE_PRODUCT = "libgd" + +BBCLASSEXTEND = "native nativesdk" -- cgit 1.2.3-korg