mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
0002d5d0826613b7efb2293e9d311f8dec353fb4
poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb
Peter Marko 0002d5d082 libpng: patch CVE-2025-66293 
Pick patches per nvd report [1] and github advisory [2].

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-66293
[2] https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f

(From OE-Core rev: c33ebd0882288a962c089b423cc2468a7c84c2e7)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-12-12 08:49:37 -08:00

83 lines
3.5 KiB
BlitzBasic
Raw Blame History

SUMMARY = "PNG image format decoding library"
DESCRIPTION = "An open source project to develop and maintain the reference \
library for use in applications that read, create, and manipulate PNG \
(Portable Network Graphics) raster image files. "
HOMEPAGE = "http://www.libpng.org/"
SECTION = "libs"
LICENSE = "Libpng"
LIC_FILES_CHKSUM = "file://LICENSE;md5=5c900cc124ba35a274073b5de7639b13"
DEPENDS = "zlib"
LIBV = "16"
SRC_URI = "\
${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz \
file://run-ptest \
file://CVE-2025-64505-01.patch \
file://CVE-2025-64505-02.patch \
file://CVE-2025-64505-03.patch \
file://CVE-2025-64506.patch \
file://CVE-2025-64720.patch \
file://CVE-2025-65018-01.patch \
file://CVE-2025-65018-02.patch \
file://CVE-2025-66293-01.patch \
file://CVE-2025-66293-02.patch \
"
SRC_URI[sha256sum] = "1f4696ce70b4ee5f85f1e1623dc1229b210029fa4b7aee573df3e2ba7b036937"
MIRRORS += "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/older-releases/"
UPSTREAM_CHECK_URI = "http://libpng.org/pub/png/libpng.html"
BINCONFIG = "${bindir}/libpng-config ${bindir}/libpng16-config"
inherit autotools binconfig-disabled pkgconfig ptest
# Work around missing symbols
EXTRA_OECONF:append:class-target = " ${@bb.utils.contains("TUNE_FEATURES", "neon", "--enable-arm-neon=on", "--enable-arm-neon=off", d)}"
PACKAGES =+ "${PN}-tools"
FILES:${PN}-tools = "${bindir}/png-fix-itxt ${bindir}/pngfix ${bindir}/pngcp"
# CVE-2019-17371 is actually a memory leak in gif2png 2.x
CVE_CHECK_IGNORE += "CVE-2019-17371"
RDEPENDS:${PN}-ptest += "make bash gawk"
do_install_ptest() {
# Install test scripts to ptest path
install -d ${D}${PTEST_PATH}/src/tests
install -m 755 ${S}/tests/* ${D}${PTEST_PATH}/src/tests
install -m 755 ${S}/test-driver ${D}${PTEST_PATH}/src
install -d ${D}${PTEST_PATH}/src/tests/scripts
install -m 755 ${S}/scripts/*.awk ${D}${PTEST_PATH}/src/tests/scripts
install -m 644 ${S}/scripts/pnglib* ${S}/scripts/*.c ${S}/scripts/*.def ${S}/scripts/macro.lst ${D}${PTEST_PATH}/src/tests/scripts
install -m 644 ${S}/scripts/pnglibconf.h.prebuilt ${D}${PTEST_PATH}/src/tests/scripts/pnglibconf.h
install -d ${D}${PTEST_PATH}/src/contrib/tools
install -m 755 ${S}/contrib/tools/*.sh ${D}${PTEST_PATH}/src/contrib/tools
install -m 644 ${S}/contrib/tools/*.c ${S}/contrib/tools/*.h ${D}${PTEST_PATH}/src/contrib/tools
# Install .libs directory binaries to ptest path
install -m 755 ${B}/.libs/pngtest ${B}/.libs/pngstest ${B}/.libs/pngimage ${B}/.libs/pngunknown ${B}/.libs/pngvalid ${D}${PTEST_PATH}/src
# Copy png files to ptest path
cd ${S} && find contrib -name '*.png' | cpio -pd ${D}${PTEST_PATH}/src
# Install Makefile and png files
install -m 644 ${S}/pngtest.png ${D}${PTEST_PATH}/src
install -m 644 ${S}/*.png ${S}/*.h ${S}/*.c ${S}/*.dfa ${B}/pnglibconf.out ${S}/Makefile.am ${S}/Makefile.in ${D}${PTEST_PATH}/src/tests
sed -e 's/^abs_srcdir = ..*/abs_srcdir = \.\./' \
-e 's/^top_srcdir = ..*/top_srcdir = \.\./' \
-e 's/^srcdir = ..*/srcdir = \./' \
-e 's/^Makefile: ..*/Makefile: /' \
-e 's/check-TESTS: $(check_PROGRAMS)/check-TESTS:/g' \
${B}/Makefile > ${D}${PTEST_PATH}/src/Makefile
sed -e 's|#!/bin/awk|#!/usr/bin/awk|g' -i ${D}${PTEST_PATH}/src/tests/scripts/*.awk
}
BBCLASSEXTEND = "native nativesdk"
Reference in New Issue View Git Blame Copy Permalink