[PATCHv2] cairo: update to v1.17.4

Message ID 20220314071037.3702941-1-f_l_k@t-online.de
State New
Headers show
Series [PATCHv2] cairo: update to v1.17.4 | expand

Commit Message

Markus Volk March 14, 2022, 7:10 a.m. UTC
-remove CVE-2018-19876.patch that was applied upstream
-add backported patch to remove automagic from symbol_lookup
-switch build system to meson

https://www.cairographics.org/news/cairo-1.17.4/

Signed-off-by: Markus Volk <f_l_k@t-online.de>
---
 ...patch-to-make-symbol-lookup-optional.patch | 58 +++++++++++
 .../cairo/cairo/CVE-2018-19876.patch          | 34 -------
 meta/recipes-graphics/cairo/cairo_1.16.0.bb   | 99 -------------------
 meta/recipes-graphics/cairo/cairo_1.17.4.bb   | 88 +++++++++++++++++
 4 files changed, 146 insertions(+), 133 deletions(-)
 create mode 100644 meta/recipes-graphics/cairo/cairo/0001-cairo-backport-patch-to-make-symbol-lookup-optional.patch
 delete mode 100644 meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
 delete mode 100644 meta/recipes-graphics/cairo/cairo_1.16.0.bb
 create mode 100644 meta/recipes-graphics/cairo/cairo_1.17.4.bb

Comments

Alexander Kanavin March 14, 2022, 8:13 a.m. UTC | #1
1.17.4 is not a release, it is a development snapshot.

Alex

On Mon, 14 Mar 2022 at 08:10, Markus Volk <f_l_k@t-online.de> wrote:
>
> -remove CVE-2018-19876.patch that was applied upstream
> -add backported patch to remove automagic from symbol_lookup
> -switch build system to meson
>
> https://www.cairographics.org/news/cairo-1.17.4/
>
> Signed-off-by: Markus Volk <f_l_k@t-online.de>
> ---
>  ...patch-to-make-symbol-lookup-optional.patch | 58 +++++++++++
>  .../cairo/cairo/CVE-2018-19876.patch          | 34 -------
>  meta/recipes-graphics/cairo/cairo_1.16.0.bb   | 99 -------------------
>  meta/recipes-graphics/cairo/cairo_1.17.4.bb   | 88 +++++++++++++++++
>  4 files changed, 146 insertions(+), 133 deletions(-)
>  create mode 100644 meta/recipes-graphics/cairo/cairo/0001-cairo-backport-patch-to-make-symbol-lookup-optional.patch
>  delete mode 100644 meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
>  delete mode 100644 meta/recipes-graphics/cairo/cairo_1.16.0.bb
>  create mode 100644 meta/recipes-graphics/cairo/cairo_1.17.4.bb
>
> diff --git a/meta/recipes-graphics/cairo/cairo/0001-cairo-backport-patch-to-make-symbol-lookup-optional.patch b/meta/recipes-graphics/cairo/cairo/0001-cairo-backport-patch-to-make-symbol-lookup-optional.patch
> new file mode 100644
> index 0000000000..e118d2c84a
> --- /dev/null
> +++ b/meta/recipes-graphics/cairo/cairo/0001-cairo-backport-patch-to-make-symbol-lookup-optional.patch
> @@ -0,0 +1,58 @@
> +From 623e718303202f92180fcfac47c38f1989c256b8 Mon Sep 17 00:00:00 2001
> +From: Markus Volk <f_l_k@t-online.de>
> +Date: Sun, 13 Mar 2022 19:16:29 +0100
> +Subject: [PATCH] cairo: backport patch to make symbol-lookup optional
> +
> +Upstream-Status: Backport
> +
> +Signed-off-by: Markus Volk <f_l_k@t-online.de>
> +---
> + meson.build       | 16 ++++++++--------
> + meson_options.txt |  4 ++++
> + 2 files changed, 12 insertions(+), 8 deletions(-)
> +
> +diff --git a/meson.build b/meson.build
> +index b159b4071..fbd9e670b 100644
> +--- a/meson.build
> ++++ b/meson.build
> +@@ -657,14 +657,14 @@ if zlib_dep.found() and png_dep.found()
> +   }]
> + endif
> +
> +-# Untested, libiberty.h is in a libiberty subfolder for me
> +-# FIXME: automagic
> +-bfd_dep = cc.find_library('bfd', required: false)
> +-if bfd_dep.found() and cc.has_function('bfd_openr', dependencies: [bfd_dep])
> +-  if cc.has_header('libiberty.h')
> +-    conf.set('HAVE_BFD', 1)
> +-    deps += [bfd_dep]
> +-  endif
> ++bfd_dep = cc.find_library('bfd', has_headers: ['bfd.h'], required: get_option('symbol-lookup'))
> ++if bfd_dep.found() and \
> ++   cc.has_function('bfd_openr', dependencies: [bfd_dep]) and \
> ++   cc.links(files('meson-cc-tests/bfd-section-flags.c'), name: 'bfd_section_flags', dependencies: bfd_dep)
> ++  conf.set('HAVE_BFD', 1)
> ++  deps += [bfd_dep]
> ++elif get_option('symbol-lookup').enabled()
> ++  error('symbol lookup via bfd was enabled via options but is not available (bfd might be too old)')
> + endif
> +
> + # Untested, see above
> +diff --git a/meson_options.txt b/meson_options.txt
> +index ff11fe7ed..46e48b12e 100644
> +--- a/meson_options.txt
> ++++ b/meson_options.txt
> +@@ -23,6 +23,10 @@ option('zlib', type : 'feature', value : 'auto') # script, ps, pdf, xml surfaces
> + # Tests
> + option('tests', type : 'feature', value : 'auto')
> +
> ++#Symbol lookup
> ++option('symbol-lookup', type: 'feature', value : 'auto',
> ++       description: 'Symbol lookup in debug utils via binutils/bfd')
> ++
> + # Util deps
> + option('gtk2-utils', type : 'feature', value : 'disabled')
> +
> +--
> +2.25.1
> +
> diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch b/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
> deleted file mode 100644
> index 4252a5663b..0000000000
> --- a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
> +++ /dev/null
> @@ -1,34 +0,0 @@
> -CVE: CVE-2018-19876
> -Upstream-Status: Backport
> -Signed-off-by: Ross Burton <ross.burton@intel.com>
> -
> -From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
> -From: Carlos Garcia Campos <cgarcia@igalia.com>
> -Date: Mon, 19 Nov 2018 12:33:07 +0100
> -Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
> - cairo_ft_apply_variations
> -
> -Fixes a crash when using freetype >= 2.9
> ----
> - src/cairo-ft-font.c | 4 ++++
> - 1 file changed, 4 insertions(+)
> -
> -diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
> -index 325dd61b4..981973f78 100644
> ---- a/src/cairo-ft-font.c
> -+++ b/src/cairo-ft-font.c
> -@@ -2393,7 +2393,11 @@ skip:
> - done:
> -         free (coords);
> -         free (current_coords);
> -+#if HAVE_FT_DONE_MM_VAR
> -+        FT_Done_MM_Var (face->glyph->library, ft_mm_var);
> -+#else
> -         free (ft_mm_var);
> -+#endif
> -     }
> - }
> -
> ---
> -2.11.0
> -
> diff --git a/meta/recipes-graphics/cairo/cairo_1.16.0.bb b/meta/recipes-graphics/cairo/cairo_1.16.0.bb
> deleted file mode 100644
> index 0b5d1d548f..0000000000
> --- a/meta/recipes-graphics/cairo/cairo_1.16.0.bb
> +++ /dev/null
> @@ -1,99 +0,0 @@
> -SUMMARY = "The Cairo 2D vector graphics library"
> -DESCRIPTION = "Cairo is a multi-platform library providing anti-aliased \
> -vector-based rendering for multiple target backends. Paths consist \
> -of line segments and cubic splines and can be rendered at any width \
> -with various join and cap styles. All colors may be specified with \
> -optional translucence (opacity/alpha) and combined using the \
> -extended Porter/Duff compositing algebra as found in the X Render \
> -Extension."
> -HOMEPAGE = "http://cairographics.org"
> -BUGTRACKER = "http://bugs.freedesktop.org"
> -SECTION = "libs"
> -
> -LICENSE = "(MPL-1.1 | LGPL-2.1-only) & GPL-3.0-or-later"
> -LICENSE:${PN} = "MPL-1.1 | LGPL-2.1-only"
> -LICENSE:${PN}-dev = "MPL-1.1 | LGPL-2.1-only"
> -LICENSE:${PN}-doc = "MPL-1.1 | LGPL-2.1-only"
> -LICENSE:${PN}-gobject = "MPL-1.1 | LGPL-2.1-only"
> -LICENSE:${PN}-script-interpreter = "MPL-1.1 | LGPL-2.1-only"
> -LICENSE:${PN}-perf-utils = "GPL-3.0-or-later"
> -
> -LIC_FILES_CHKSUM = "file://COPYING;md5=e73e999e0c72b5ac9012424fa157ad77"
> -
> -DEPENDS = "fontconfig glib-2.0 libpng pixman zlib"
> -
> -SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \
> -           file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \
> -           file://CVE-2018-19876.patch \
> -           file://CVE-2019-6461.patch \
> -           file://CVE-2019-6462.patch \
> -           file://CVE-2020-35492.patch \
> -          "
> -
> -SRC_URI[md5sum] = "f19e0353828269c22bd72e271243a552"
> -SRC_URI[sha256sum] = "5e7b29b3f113ef870d1e3ecf8adf21f923396401604bda16d44be45e66052331"
> -
> -inherit autotools pkgconfig upstream-version-is-even gtk-doc multilib_script
> -
> -MULTILIB_SCRIPTS = "${PN}-perf-utils:${bindir}/cairo-trace"
> -
> -X11DEPENDS = "virtual/libx11 libsm libxrender libxext"
> -
> -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'directfb', d)} \
> -                   ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 xcb', '', d)} \
> -                   ${@bb.utils.contains('DISTRO_FEATURES', 'x11 opengl', 'opengl', '', d)} \
> -                   trace"
> -PACKAGECONFIG:class-native = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 xcb', '', d)}"
> -PACKAGECONFIG:class-nativesdk = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 xcb', '', d)}"
> -
> -PACKAGECONFIG[x11] = "--with-x=yes -enable-xlib,--with-x=no --disable-xlib,${X11DEPENDS}"
> -PACKAGECONFIG[xcb] = "--enable-xcb,--disable-xcb,libxcb"
> -PACKAGECONFIG[directfb] = "--enable-directfb=yes,,directfb"
> -PACKAGECONFIG[valgrind] = "--enable-valgrind=yes,--disable-valgrind,valgrind"
> -PACKAGECONFIG[egl] = "--enable-egl=yes,--disable-egl,virtual/egl"
> -PACKAGECONFIG[glesv2] = "--enable-glesv2,--disable-glesv2,virtual/libgles2"
> -PACKAGECONFIG[opengl] = "--enable-gl,--disable-gl,virtual/libgl"
> -PACKAGECONFIG[trace] = "--enable-trace,--disable-trace"
> -
> -EXTRA_OECONF += " \
> -    ${@bb.utils.contains('TARGET_FPU', 'soft', '--disable-some-floating-point', '', d)} \
> -    --enable-tee \
> -"
> -
> -# We don't depend on binutils so we need to disable this
> -export ac_cv_lib_bfd_bfd_openr="no"
> -# Ensure we don't depend on LZO
> -export ac_cv_lib_lzo2_lzo2a_decompress="no"
> -
> -do_install:append () {
> -       rm -rf ${D}${bindir}/cairo-sphinx
> -       rm -rf ${D}${libdir}/cairo/cairo-fdr*
> -       rm -rf ${D}${libdir}/cairo/cairo-sphinx*
> -       rm -rf ${D}${libdir}/cairo/.debug/cairo-fdr*
> -       rm -rf ${D}${libdir}/cairo/.debug/cairo-sphinx*
> -       [ ! -d ${D}${bindir} ] ||
> -               rmdir -p --ignore-fail-on-non-empty ${D}${bindir}
> -       [ ! -d ${D}${libdir}/cairo ] ||
> -               rmdir -p --ignore-fail-on-non-empty ${D}${libdir}/cairo
> -}
> -
> -PACKAGES =+ "cairo-gobject cairo-script-interpreter cairo-perf-utils"
> -
> -SUMMARY:cairo-gobject = "The Cairo library GObject wrapper library"
> -DESCRIPTION:cairo-gobject = "A GObject wrapper library for the Cairo API."
> -
> -SUMMARY:cairo-script-interpreter = "The Cairo library script interpreter"
> -DESCRIPTION:cairo-script-interpreter = "The Cairo script interpreter implements \
> -CairoScript.  CairoScript is used by tracing utilities to enable the ability \
> -to replay rendering."
> -
> -DESCRIPTION:cairo-perf-utils = "The Cairo library performance utilities"
> -
> -FILES:${PN} = "${libdir}/libcairo.so.*"
> -FILES:${PN}-gobject = "${libdir}/libcairo-gobject.so.*"
> -FILES:${PN}-script-interpreter = "${libdir}/libcairo-script-interpreter.so.*"
> -FILES:${PN}-perf-utils = "${bindir}/cairo-trace* ${libdir}/cairo/*.la ${libdir}/cairo/libcairo-trace.so"
> -
> -BBCLASSEXTEND = "native nativesdk"
> -
> -UPSTREAM_CHECK_REGEX = "cairo-(?P<pver>\d+(\.\d+)+).tar.xz"
> diff --git a/meta/recipes-graphics/cairo/cairo_1.17.4.bb b/meta/recipes-graphics/cairo/cairo_1.17.4.bb
> new file mode 100644
> index 0000000000..856b47213a
> --- /dev/null
> +++ b/meta/recipes-graphics/cairo/cairo_1.17.4.bb
> @@ -0,0 +1,88 @@
> +SUMMARY = "The Cairo 2D vector graphics library"
> +DESCRIPTION = "Cairo is a multi-platform library providing anti-aliased \
> +vector-based rendering for multiple target backends. Paths consist \
> +of line segments and cubic splines and can be rendered at any width \
> +with various join and cap styles. All colors may be specified with \
> +optional translucence (opacity/alpha) and combined using the \
> +extended Porter/Duff compositing algebra as found in the X Render \
> +Extension."
> +HOMEPAGE = "http://cairographics.org"
> +BUGTRACKER = "http://bugs.freedesktop.org"
> +SECTION = "libs"
> +
> +LICENSE = "(MPL-1.1 | LGPL-2.1-only) & GPL-3.0-or-later"
> +LICENSE:${PN} = "MPL-1.1 | LGPL-2.1-only"
> +LICENSE:${PN}-dev = "MPL-1.1 | LGPL-2.1-only"
> +LICENSE:${PN}-doc = "MPL-1.1 | LGPL-2.1-only"
> +LICENSE:${PN}-gobject = "MPL-1.1 | LGPL-2.1-only"
> +LICENSE:${PN}-script-interpreter = "MPL-1.1 | LGPL-2.1-only"
> +LICENSE:${PN}-perf-utils = "GPL-3.0-or-later"
> +
> +LIC_FILES_CHKSUM = "file://COPYING;md5=e73e999e0c72b5ac9012424fa157ad77"
> +
> +DEPENDS = "glib-2.0 pixman"
> +
> +SRC_URI = " \
> +       https://cairographics.org/snapshots/cairo-${PV}.tar.xz \
> +       file://0001-cairo-backport-patch-to-make-symbol-lookup-optional.patch \
> +       file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \
> +       file://CVE-2019-6461.patch \
> +       file://CVE-2019-6462.patch \
> +       file://CVE-2020-35492.patch \
> +"
> +
> +SRC_URI[sha256sum] = "74b24c1ed436bbe87499179a3b27c43f4143b8676d8ad237a6fa787401959705"
> +
> +inherit meson pkgconfig upstream-version-is-even multilib_script
> +
> +PACKAGECONFIG ??= " \
> +       fontconfig \
> +       freetype \
> +       png \
> +       zlib \
> +       lzo \
> +       ${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)} \
> +       ${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'glesv3', '', d)} \
> +"
> +
> +PACKAGECONFIG[x11] = "-Dgl-backend=gl -Dxcb=enabled -Dxlib=enabled,-Dxcb=disabled -Dxlib=disabled,virtual/libx11 virtual/libgl libsm libxrender libxext libxcb"
> +PACKAGECONFIG[fontconfig] = ",,fontconfig"
> +PACKAGECONFIG[freetype] = ",,freetype"
> +PACKAGECONFIG[glesv2] = "-Dgl-backend=glesv2 -Dglesv2=enabled"
> +PACKAGECONFIG[glesv3] = "-Dgl-backend=glesv3 -Dglesv3=enabled"
> +PACKAGECONFIG[png] = ",,libpng"
> +PACKAGECONFIG[xml] = ",,libxml2"
> +PACKAGECONFIG[zlib] = ",,zlib"
> +PACKAGECONFIG[lzo] = ",,lzo"
> +PACKAGECONFIG[tee] = "-Dtee=enabled,-Dtee=disabled"
> +
> +EXTRA_OEMESON = "-Dtests=disabled -Dsymbol-lookup=disabled"
> +
> +do_install:append () {
> +       rm -rf ${D}${bindir}/cairo-sphinx
> +       rm -rf ${D}${libdir}/cairo/libcairo-fdr*
> +       rm -rf ${D}${libdir}/cairo/libcairo-sphinx*
> +       rm -rf ${D}${libdir}/cairo/.debug/libcairo-fdr*
> +       rm -rf ${D}${libdir}/cairo/.debug/libcairo-sphinx*
> +}
> +
> +PACKAGES =+ "cairo-gobject cairo-script-interpreter cairo-perf-utils"
> +
> +SUMMARY:cairo-gobject = "The Cairo library GObject wrapper library"
> +DESCRIPTION:cairo-gobject = "A GObject wrapper library for the Cairo API."
> +
> +SUMMARY:cairo-script-interpreter = "The Cairo library script interpreter"
> +DESCRIPTION:cairo-script-interpreter = "The Cairo script interpreter implements \
> +CairoScript.  CairoScript is used by tracing utilities to enable the ability \
> +to replay rendering."
> +
> +DESCRIPTION:cairo-perf-utils = "The Cairo library performance utilities"
> +
> +FILES:${PN} = "${libdir}/libcairo.so.*"
> +FILES:${PN}-gobject = "${libdir}/libcairo-gobject.so.*"
> +FILES:${PN}-script-interpreter = "${libdir}/libcairo-script-interpreter.so.*"
> +FILES:${PN}-perf-utils = "${bindir}/cairo-trace* ${libdir}/cairo/*.la ${libdir}/cairo/libcairo-trace.so"
> +
> +BBCLASSEXTEND = "native nativesdk"
> +
> +UPSTREAM_CHECK_REGEX = "cairo-(?P<pver>\d+(\.\d+)+).tar.xz"
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#163127): https://lists.openembedded.org/g/openembedded-core/message/163127
> Mute This Topic: https://lists.openembedded.org/mt/89768457/1686489
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
Markus Volk March 14, 2022, 8:21 a.m. UTC | #2
Am 14.03.22 um 09:13 schrieb Alexander Kanavin:
> 1.17.4 is not a release, it is a development snapshot.
>
> Alex
>

https://gitlab.freedesktop.org/cairo/cairo/-/tags

https://www.cairographics.org/news/

That was not mentioned here. I just thought because 16.0.0 is from 2018 
and some things might have been improved since then.
Markus Volk March 14, 2022, 8:27 a.m. UTC | #3
Am 14.03.22 um 09:21 schrieb Markus Volk:
>
> Am 14.03.22 um 09:13 schrieb Alexander Kanavin:
>> 1.17.4 is not a release, it is a development snapshot.
>>
>> Alex
>>
>
Ah, I see. But on gitlab it is not well visible.
Thanks and sorry for the noise
Alexander Kanavin March 14, 2022, 8:27 a.m. UTC | #4
On Mon, 14 Mar 2022 at 09:21, Markus Volk <f_l_k@t-online.de> wrote:
> https://gitlab.freedesktop.org/cairo/cairo/-/tags
>
> https://www.cairographics.org/news/
>
> That was not mentioned here. I just thought because 16.0.0 is from 2018
> and some things might have been improved since then.

The SRC_URI prefix changed from http://cairographics.org/releases/ to
http://cairographics.org/snapshots/, that should've given you pause.

Also:
note 'inherit upstream-version-is-even' in the recipe
check what's written here https://www.cairographics.org/snapshots/
check what debian is carrying
https://packages.debian.org/search?searchon=sourcenames&keywords=cairo

Alex
Markus Volk March 14, 2022, 8:42 a.m. UTC | #5
Am 14.03.22 um 09:27 schrieb Alexander Kanavin:
> On Mon, 14 Mar 2022 at 09:21, Markus Volk <f_l_k@t-online.de> wrote:
>> https://gitlab.freedesktop.org/cairo/cairo/-/tags
>>
>> https://www.cairographics.org/news/
>>
>> That was not mentioned here. I just thought because 16.0.0 is from 2018
>> and some things might have been improved since then.
> The SRC_URI prefix changed from http://cairographics.org/releases/ to
> http://cairographics.org/snapshots/, that should've given you pause.
>
> i've rewritten this recipe some months ago and was using it since without knowing that this was a snapshot
Thanks for the input.

I have been using this recipe for months now without knowing about it. I 
was using gitlab for SRC_URI

and just switched to tarball before sending this patch to the mailing 
list. In fact I was paused for a short

time, but since it is called release on gitlab and without the input you 
gave, not long enough
Markus Volk March 14, 2022, 9:07 a.m. UTC | #6
> The SRC_URI prefix changed from http://cairographics.org/releases/ to
> http://cairographics.org/snapshots/, that should've given you pause.
>
> Also:
> note 'inherit upstream-version-is-even' in the recipe
> check what's written here https://www.cairographics.org/snapshots/
> check what debian is carrying
> https://packages.debian.org/search?searchon=sourcenames&keywords=cairo
>
> Alex

just when I thought it was a bit inconvenient to have only one version 
every few years

and no bugfix versions in between i found that there is something like 
that on gitlab.

https://gitlab.freedesktop.org/cairo/cairo/-/commits/1.16/
Alexander Kanavin March 14, 2022, 9:12 a.m. UTC | #7
On Mon, 14 Mar 2022 at 10:07, Markus Volk <f_l_k@t-online.de> wrote:
> just when I thought it was a bit inconvenient to have only one version
> every few years
>
> and no bugfix versions in between i found that there is something like
> that on gitlab.
>
> https://gitlab.freedesktop.org/cairo/cairo/-/commits/1.16/

I'm fairly sure it's a question of lacking maintainers. It's a major
problem everywhere, the market economy just doesn't reward that work.

Alex

Patch

diff --git a/meta/recipes-graphics/cairo/cairo/0001-cairo-backport-patch-to-make-symbol-lookup-optional.patch b/meta/recipes-graphics/cairo/cairo/0001-cairo-backport-patch-to-make-symbol-lookup-optional.patch
new file mode 100644
index 0000000000..e118d2c84a
--- /dev/null
+++ b/meta/recipes-graphics/cairo/cairo/0001-cairo-backport-patch-to-make-symbol-lookup-optional.patch
@@ -0,0 +1,58 @@ 
+From 623e718303202f92180fcfac47c38f1989c256b8 Mon Sep 17 00:00:00 2001
+From: Markus Volk <f_l_k@t-online.de>
+Date: Sun, 13 Mar 2022 19:16:29 +0100
+Subject: [PATCH] cairo: backport patch to make symbol-lookup optional
+
+Upstream-Status: Backport
+
+Signed-off-by: Markus Volk <f_l_k@t-online.de>
+---
+ meson.build       | 16 ++++++++--------
+ meson_options.txt |  4 ++++
+ 2 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index b159b4071..fbd9e670b 100644
+--- a/meson.build
++++ b/meson.build
+@@ -657,14 +657,14 @@ if zlib_dep.found() and png_dep.found()
+   }]
+ endif
+ 
+-# Untested, libiberty.h is in a libiberty subfolder for me
+-# FIXME: automagic
+-bfd_dep = cc.find_library('bfd', required: false)
+-if bfd_dep.found() and cc.has_function('bfd_openr', dependencies: [bfd_dep])
+-  if cc.has_header('libiberty.h')
+-    conf.set('HAVE_BFD', 1)
+-    deps += [bfd_dep]
+-  endif
++bfd_dep = cc.find_library('bfd', has_headers: ['bfd.h'], required: get_option('symbol-lookup'))
++if bfd_dep.found() and \
++   cc.has_function('bfd_openr', dependencies: [bfd_dep]) and \
++   cc.links(files('meson-cc-tests/bfd-section-flags.c'), name: 'bfd_section_flags', dependencies: bfd_dep)
++  conf.set('HAVE_BFD', 1)
++  deps += [bfd_dep]
++elif get_option('symbol-lookup').enabled()
++  error('symbol lookup via bfd was enabled via options but is not available (bfd might be too old)')
+ endif
+ 
+ # Untested, see above
+diff --git a/meson_options.txt b/meson_options.txt
+index ff11fe7ed..46e48b12e 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -23,6 +23,10 @@ option('zlib', type : 'feature', value : 'auto') # script, ps, pdf, xml surfaces
+ # Tests
+ option('tests', type : 'feature', value : 'auto')
+ 
++#Symbol lookup
++option('symbol-lookup', type: 'feature', value : 'auto',
++       description: 'Symbol lookup in debug utils via binutils/bfd')
++
+ # Util deps
+ option('gtk2-utils', type : 'feature', value : 'disabled')
+ 
+-- 
+2.25.1
+
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch b/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
deleted file mode 100644
index 4252a5663b..0000000000
--- a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
+++ /dev/null
@@ -1,34 +0,0 @@ 
-CVE: CVE-2018-19876
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
-From: Carlos Garcia Campos <cgarcia@igalia.com>
-Date: Mon, 19 Nov 2018 12:33:07 +0100
-Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
- cairo_ft_apply_variations
-
-Fixes a crash when using freetype >= 2.9
----
- src/cairo-ft-font.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
-index 325dd61b4..981973f78 100644
---- a/src/cairo-ft-font.c
-+++ b/src/cairo-ft-font.c
-@@ -2393,7 +2393,11 @@ skip:
- done:
-         free (coords);
-         free (current_coords);
-+#if HAVE_FT_DONE_MM_VAR
-+        FT_Done_MM_Var (face->glyph->library, ft_mm_var);
-+#else
-         free (ft_mm_var);
-+#endif
-     }
- }
- 
--- 
-2.11.0
-
diff --git a/meta/recipes-graphics/cairo/cairo_1.16.0.bb b/meta/recipes-graphics/cairo/cairo_1.16.0.bb
deleted file mode 100644
index 0b5d1d548f..0000000000
--- a/meta/recipes-graphics/cairo/cairo_1.16.0.bb
+++ /dev/null
@@ -1,99 +0,0 @@ 
-SUMMARY = "The Cairo 2D vector graphics library"
-DESCRIPTION = "Cairo is a multi-platform library providing anti-aliased \
-vector-based rendering for multiple target backends. Paths consist \
-of line segments and cubic splines and can be rendered at any width \
-with various join and cap styles. All colors may be specified with \
-optional translucence (opacity/alpha) and combined using the \
-extended Porter/Duff compositing algebra as found in the X Render \
-Extension."
-HOMEPAGE = "http://cairographics.org"
-BUGTRACKER = "http://bugs.freedesktop.org"
-SECTION = "libs"
-
-LICENSE = "(MPL-1.1 | LGPL-2.1-only) & GPL-3.0-or-later"
-LICENSE:${PN} = "MPL-1.1 | LGPL-2.1-only"
-LICENSE:${PN}-dev = "MPL-1.1 | LGPL-2.1-only"
-LICENSE:${PN}-doc = "MPL-1.1 | LGPL-2.1-only"
-LICENSE:${PN}-gobject = "MPL-1.1 | LGPL-2.1-only"
-LICENSE:${PN}-script-interpreter = "MPL-1.1 | LGPL-2.1-only"
-LICENSE:${PN}-perf-utils = "GPL-3.0-or-later"
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=e73e999e0c72b5ac9012424fa157ad77"
-
-DEPENDS = "fontconfig glib-2.0 libpng pixman zlib"
-
-SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \
-           file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \
-           file://CVE-2018-19876.patch \
-           file://CVE-2019-6461.patch \
-           file://CVE-2019-6462.patch \
-           file://CVE-2020-35492.patch \
-          "
-
-SRC_URI[md5sum] = "f19e0353828269c22bd72e271243a552"
-SRC_URI[sha256sum] = "5e7b29b3f113ef870d1e3ecf8adf21f923396401604bda16d44be45e66052331"
-
-inherit autotools pkgconfig upstream-version-is-even gtk-doc multilib_script
-
-MULTILIB_SCRIPTS = "${PN}-perf-utils:${bindir}/cairo-trace"
-
-X11DEPENDS = "virtual/libx11 libsm libxrender libxext"
-
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'directfb', d)} \
-                   ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 xcb', '', d)} \
-                   ${@bb.utils.contains('DISTRO_FEATURES', 'x11 opengl', 'opengl', '', d)} \
-                   trace"
-PACKAGECONFIG:class-native = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 xcb', '', d)}"
-PACKAGECONFIG:class-nativesdk = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 xcb', '', d)}"
-
-PACKAGECONFIG[x11] = "--with-x=yes -enable-xlib,--with-x=no --disable-xlib,${X11DEPENDS}"
-PACKAGECONFIG[xcb] = "--enable-xcb,--disable-xcb,libxcb"
-PACKAGECONFIG[directfb] = "--enable-directfb=yes,,directfb"
-PACKAGECONFIG[valgrind] = "--enable-valgrind=yes,--disable-valgrind,valgrind"
-PACKAGECONFIG[egl] = "--enable-egl=yes,--disable-egl,virtual/egl"
-PACKAGECONFIG[glesv2] = "--enable-glesv2,--disable-glesv2,virtual/libgles2"
-PACKAGECONFIG[opengl] = "--enable-gl,--disable-gl,virtual/libgl"
-PACKAGECONFIG[trace] = "--enable-trace,--disable-trace"
-
-EXTRA_OECONF += " \
-    ${@bb.utils.contains('TARGET_FPU', 'soft', '--disable-some-floating-point', '', d)} \
-    --enable-tee \
-"
-
-# We don't depend on binutils so we need to disable this
-export ac_cv_lib_bfd_bfd_openr="no"
-# Ensure we don't depend on LZO
-export ac_cv_lib_lzo2_lzo2a_decompress="no"
-
-do_install:append () {
-	rm -rf ${D}${bindir}/cairo-sphinx
-	rm -rf ${D}${libdir}/cairo/cairo-fdr*
-	rm -rf ${D}${libdir}/cairo/cairo-sphinx*
-	rm -rf ${D}${libdir}/cairo/.debug/cairo-fdr*
-	rm -rf ${D}${libdir}/cairo/.debug/cairo-sphinx*
-	[ ! -d ${D}${bindir} ] ||
-		rmdir -p --ignore-fail-on-non-empty ${D}${bindir}
-	[ ! -d ${D}${libdir}/cairo ] ||
-		rmdir -p --ignore-fail-on-non-empty ${D}${libdir}/cairo
-}
-
-PACKAGES =+ "cairo-gobject cairo-script-interpreter cairo-perf-utils"
-
-SUMMARY:cairo-gobject = "The Cairo library GObject wrapper library"
-DESCRIPTION:cairo-gobject = "A GObject wrapper library for the Cairo API."
-
-SUMMARY:cairo-script-interpreter = "The Cairo library script interpreter"
-DESCRIPTION:cairo-script-interpreter = "The Cairo script interpreter implements \
-CairoScript.  CairoScript is used by tracing utilities to enable the ability \
-to replay rendering."
-
-DESCRIPTION:cairo-perf-utils = "The Cairo library performance utilities"
-
-FILES:${PN} = "${libdir}/libcairo.so.*"
-FILES:${PN}-gobject = "${libdir}/libcairo-gobject.so.*"
-FILES:${PN}-script-interpreter = "${libdir}/libcairo-script-interpreter.so.*"
-FILES:${PN}-perf-utils = "${bindir}/cairo-trace* ${libdir}/cairo/*.la ${libdir}/cairo/libcairo-trace.so"
-
-BBCLASSEXTEND = "native nativesdk"
-
-UPSTREAM_CHECK_REGEX = "cairo-(?P<pver>\d+(\.\d+)+).tar.xz"
diff --git a/meta/recipes-graphics/cairo/cairo_1.17.4.bb b/meta/recipes-graphics/cairo/cairo_1.17.4.bb
new file mode 100644
index 0000000000..856b47213a
--- /dev/null
+++ b/meta/recipes-graphics/cairo/cairo_1.17.4.bb
@@ -0,0 +1,88 @@ 
+SUMMARY = "The Cairo 2D vector graphics library"
+DESCRIPTION = "Cairo is a multi-platform library providing anti-aliased \
+vector-based rendering for multiple target backends. Paths consist \
+of line segments and cubic splines and can be rendered at any width \
+with various join and cap styles. All colors may be specified with \
+optional translucence (opacity/alpha) and combined using the \
+extended Porter/Duff compositing algebra as found in the X Render \
+Extension."
+HOMEPAGE = "http://cairographics.org"
+BUGTRACKER = "http://bugs.freedesktop.org"
+SECTION = "libs"
+
+LICENSE = "(MPL-1.1 | LGPL-2.1-only) & GPL-3.0-or-later"
+LICENSE:${PN} = "MPL-1.1 | LGPL-2.1-only"
+LICENSE:${PN}-dev = "MPL-1.1 | LGPL-2.1-only"
+LICENSE:${PN}-doc = "MPL-1.1 | LGPL-2.1-only"
+LICENSE:${PN}-gobject = "MPL-1.1 | LGPL-2.1-only"
+LICENSE:${PN}-script-interpreter = "MPL-1.1 | LGPL-2.1-only"
+LICENSE:${PN}-perf-utils = "GPL-3.0-or-later"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=e73e999e0c72b5ac9012424fa157ad77"
+
+DEPENDS = "glib-2.0 pixman"
+
+SRC_URI = " \
+	https://cairographics.org/snapshots/cairo-${PV}.tar.xz \
+	file://0001-cairo-backport-patch-to-make-symbol-lookup-optional.patch \
+	file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \
+	file://CVE-2019-6461.patch \
+	file://CVE-2019-6462.patch \
+	file://CVE-2020-35492.patch \
+"
+
+SRC_URI[sha256sum] = "74b24c1ed436bbe87499179a3b27c43f4143b8676d8ad237a6fa787401959705"
+
+inherit meson pkgconfig upstream-version-is-even multilib_script
+
+PACKAGECONFIG ??= " \
+	fontconfig \
+	freetype \
+	png \
+	zlib \
+	lzo \
+	${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)} \
+	${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'glesv3', '', d)} \
+"
+
+PACKAGECONFIG[x11] = "-Dgl-backend=gl -Dxcb=enabled -Dxlib=enabled,-Dxcb=disabled -Dxlib=disabled,virtual/libx11 virtual/libgl libsm libxrender libxext libxcb"
+PACKAGECONFIG[fontconfig] = ",,fontconfig"
+PACKAGECONFIG[freetype] = ",,freetype"
+PACKAGECONFIG[glesv2] = "-Dgl-backend=glesv2 -Dglesv2=enabled"
+PACKAGECONFIG[glesv3] = "-Dgl-backend=glesv3 -Dglesv3=enabled"
+PACKAGECONFIG[png] = ",,libpng"
+PACKAGECONFIG[xml] = ",,libxml2"
+PACKAGECONFIG[zlib] = ",,zlib"
+PACKAGECONFIG[lzo] = ",,lzo"
+PACKAGECONFIG[tee] = "-Dtee=enabled,-Dtee=disabled"
+
+EXTRA_OEMESON = "-Dtests=disabled -Dsymbol-lookup=disabled"
+
+do_install:append () {
+	rm -rf ${D}${bindir}/cairo-sphinx
+	rm -rf ${D}${libdir}/cairo/libcairo-fdr*
+	rm -rf ${D}${libdir}/cairo/libcairo-sphinx*
+	rm -rf ${D}${libdir}/cairo/.debug/libcairo-fdr*
+	rm -rf ${D}${libdir}/cairo/.debug/libcairo-sphinx*
+}
+
+PACKAGES =+ "cairo-gobject cairo-script-interpreter cairo-perf-utils"
+
+SUMMARY:cairo-gobject = "The Cairo library GObject wrapper library"
+DESCRIPTION:cairo-gobject = "A GObject wrapper library for the Cairo API."
+
+SUMMARY:cairo-script-interpreter = "The Cairo library script interpreter"
+DESCRIPTION:cairo-script-interpreter = "The Cairo script interpreter implements \
+CairoScript.  CairoScript is used by tracing utilities to enable the ability \
+to replay rendering."
+
+DESCRIPTION:cairo-perf-utils = "The Cairo library performance utilities"
+
+FILES:${PN} = "${libdir}/libcairo.so.*"
+FILES:${PN}-gobject = "${libdir}/libcairo-gobject.so.*"
+FILES:${PN}-script-interpreter = "${libdir}/libcairo-script-interpreter.so.*"
+FILES:${PN}-perf-utils = "${bindir}/cairo-trace* ${libdir}/cairo/*.la ${libdir}/cairo/libcairo-trace.so"
+
+BBCLASSEXTEND = "native nativesdk"
+
+UPSTREAM_CHECK_REGEX = "cairo-(?P<pver>\d+(\.\d+)+).tar.xz"