From patchwork Sat Mar 15 14:18:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: auh@yoctoproject.org X-Patchwork-Id: 59119 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2BEBC369A6 for ; Sat, 15 Mar 2025 14:18:31 +0000 (UTC) Received: from a27-191.smtp-out.us-west-2.amazonses.com (a27-191.smtp-out.us-west-2.amazonses.com [54.240.27.191]) by mx.groups.io with SMTP id smtpd.web11.10365.1742048297131722748 for ; Sat, 15 Mar 2025 07:18:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@yoctoproject.org header.s=rnkzp2s7ci3kogmesvov2nwn7wcc2dgx header.b=NGTPpcWm; dkim=pass header.i=@amazonses.com header.s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx header.b=PMXv1Awc; spf=pass (domain: us-west-2.amazonses.com, ip: 54.240.27.191, mailfrom: 010101959a2baf20-114a3f16-69db-4cae-86e2-f52ad6bb7416-000000@us-west-2.amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=rnkzp2s7ci3kogmesvov2nwn7wcc2dgx; d=yoctoproject.org; t=1742048309; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date; bh=OG4j4WrBAkEjVME6SPx2Nm1rGn+evO5owGq56d9FzcU=; b=NGTPpcWmnVgn+w+Xd64Q19RkkTt3CUoge5wOQETPOsUhEpPxR0HFoDllD0kME66K LnA9QUrzgXMHAxVxjIxuXhYerwA57L2RNUMGV65p6T7ENE0X5C6NFRS2WxcaqiiWHuL O/5/dePnV+V9lCVjB5VLa8WpksXeeIXZVOxTb2AQ= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx; d=amazonses.com; t=1742048309; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date:Feedback-ID; bh=OG4j4WrBAkEjVME6SPx2Nm1rGn+evO5owGq56d9FzcU=; b=PMXv1Awca/hWPZzpxe3IkPjxSc0JMaJwVvQeKsphe0sQgh1VRSOK24kwC5uk6kCV ltlQk05AsbZhq0PF8hvg0aOSN7FS5bdQ2v1GSYu56tP2RLm8EYlsfL+WW85PcfdVm1z AcuGHEvreFO6S4nhflukJaxbdDs+k68G1mYAG28c= MIME-Version: 1.0 From: auh@yoctoproject.org To: Anuj Mittal Cc: openembedded-core@lists.openembedded.org Subject: [AUH] cairo: upgrading to 1.18.4 SUCCEEDED Message-ID: <010101959a2baf20-114a3f16-69db-4cae-86e2-f52ad6bb7416-000000@us-west-2.amazonses.com> Date: Sat, 15 Mar 2025 14:18:29 +0000 Feedback-ID: ::1.us-west-2.9np3MYPs3fEaOBysGKSlUD4KtcmPijcmS9Az2Hwf7iQ=:AmazonSES X-SES-Outgoing: 2025.03.15-54.240.27.191 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 15 Mar 2025 14:18:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/212945 Hello, this email is a notification from the Auto Upgrade Helper that the automatic attempt to upgrade the recipe(s) *cairo* to *1.18.4* has Succeeded. Next steps: - apply the patch: git am 0001-cairo-upgrade-1.18.2-1.18.4.patch - check the changes to upstream patches and summarize them in the commit message, - compile an image that contains the package - perform some basic sanity tests - amend the patch and sign it off: git commit -s --reset-author --amend - send it to the appropriate mailing list Alternatively, if you believe the recipe should not be upgraded at this time, you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that automatic upgrades would no longer be attempted. Please review the attached files for further information and build/update failures. Any problem please file a bug at https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler Regards, The Upgrade Helper -- >8 -- From 3ae6ba16d050abc0e115318ce7973a99247c4ec1 Mon Sep 17 00:00:00 2001 From: Upgrade Helper Date: Sat, 15 Mar 2025 11:55:11 +0000 Subject: [PATCH] cairo: upgrade 1.18.2 -> 1.18.4 --- ...tmap_surface-bsc1036789-CVE-2017-7475.diff | 19 +++++++++++++------ .../{cairo_1.18.2.bb => cairo_1.18.4.bb} | 2 +- 2 files changed, 14 insertions(+), 7 deletions(-) rename meta/recipes-graphics/cairo/{cairo_1.18.2.bb => cairo_1.18.4.bb} (97%) diff --git a/meta/recipes-graphics/cairo/cairo/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff b/meta/recipes-graphics/cairo/cairo/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff index 6c761bf2a7..79ef16dfb9 100644 --- a/meta/recipes-graphics/cairo/cairo/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff +++ b/meta/recipes-graphics/cairo/cairo/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff @@ -1,4 +1,8 @@ -Cairo: Fix Denial-of-Service Attack due to Logical Problem in Program +From 054ad9b65e074899c82e75cfc6623cfe29ab1fea Mon Sep 17 00:00:00 2001 +From: Fan Xin +Date: Tue, 6 Jun 2017 15:57:52 +0900 +Subject: [PATCH] Cairo: Fix Denial-of-Service Attack due to Logical Problem in + Program https://bugs.freedesktop.org/show_bug.cgi?id=100763 @@ -6,12 +10,15 @@ CVE: CVE-2017-7475 Upstream-Status: Submitted [https://gitlab.freedesktop.org/cairo/cairo/-/issues/80] Signed-off-by: Fan Xin +--- + src/cairo-ft-font.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) -Index: cairo-1.15.4/src/cairo-ft-font.c -=================================================================== ---- cairo-1.15.4.orig/src/cairo-ft-font.c -+++ cairo-1.15.4/src/cairo-ft-font.c -@@ -1149,7 +1149,7 @@ _get_bitmap_surface (FT_Bitmap *bi +diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c +index b5d08ee..5e20ae1 100644 +--- a/src/cairo-ft-font.c ++++ b/src/cairo-ft-font.c +@@ -1220,7 +1220,7 @@ _get_bitmap_surface (FT_Bitmap *bitmap, width = bitmap->width; height = bitmap->rows; diff --git a/meta/recipes-graphics/cairo/cairo_1.18.2.bb b/meta/recipes-graphics/cairo/cairo_1.18.4.bb similarity index 97% rename from meta/recipes-graphics/cairo/cairo_1.18.2.bb rename to meta/recipes-graphics/cairo/cairo_1.18.4.bb index 65ee310212..81c7aa66f0 100644 --- a/meta/recipes-graphics/cairo/cairo_1.18.2.bb +++ b/meta/recipes-graphics/cairo/cairo_1.18.4.bb @@ -32,7 +32,7 @@ SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \ file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \ " -SRC_URI[sha256sum] = "a62b9bb42425e844cc3d6ddde043ff39dbabedd1542eba57a2eb79f85889d45a" +SRC_URI[sha256sum] = "445ed8208a6e4823de1226a74ca319d3600e83f6369f99b14265006599c32ccb" inherit meson pkgconfig upstream-version-is-even gtk-doc multilib_script