mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-29 09:32:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
a405e12bebcb5ddea7ac0e2d088ea3f083d9eee1
poky/meta/recipes-multimedia/webp/libwebp_1.1.0.bb
Soumya Sambu a405e12beb libwebp: Fix CVE-2023-4863 
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187
allowed a remote attacker to perform an out of bounds memory write via
a crafted HTML page.

Removed CVE-2023-5129.patch as CVE-2023-5129 is duplicate of CVE-2023-4863.

CVE: CVE-2023-4863

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
https://security-tracker.debian.org/tracker/CVE-2023-4863
https://bugzilla.redhat.com/show_bug.cgi?id=2238431#c12

(From OE-Core rev: b69bef1169cb33c153384be81845eaf903dc1570)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2023-11-17 06:00:32 -10:00

63 lines
2.3 KiB
BlitzBasic
Raw Blame History

SUMMARY = "WebP is an image format designed for the Web"
DESCRIPTION = "WebP is a method of lossy and lossless compression that can be \
used on a large variety of photographic, translucent and \
graphical images found on the web. The degree of lossy \
compression is adjustable so a user can choose the trade-off \
between file size and image quality. WebP typically achieves \
an average of 30% more compression than JPEG and JPEG 2000, \
without loss of image quality."
HOMEPAGE = "https://developers.google.com/speed/webp/"
SECTION = "libs"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=6e8dee932c26f2dab503abf70c96d8bb \
file://PATENTS;md5=c6926d0cb07d296f886ab6e0cc5a85b7"
SRC_URI = "http://downloads.webmproject.org/releases/webp/${BP}.tar.gz"
SRC_URI[md5sum] = "7e047f2cbaf584dff7a8a7e0f8572f18"
SRC_URI[sha256sum] = "98a052268cc4d5ece27f76572a7f50293f439c17a98e67c4ea0c7ed6f50ef043"
UPSTREAM_CHECK_URI = "http://downloads.webmproject.org/releases/webp/index.html"
SRC_URI += " \
file://CVE-2023-1999.patch \
file://CVE-2023-4863-0001.patch \
file://CVE-2023-4863-0002.patch \
"
EXTRA_OECONF = " \
--disable-wic \
--enable-libwebpmux \
--enable-libwebpdemux \
--enable-threading \
"
# Do not trust configure to determine if neon is available.
#
EXTRA_OECONF_ARM = " \
${@bb.utils.contains("TUNE_FEATURES","neon","--enable-neon","--disable-neon",d)} \
"
EXTRA_OECONF_append_arm = " ${EXTRA_OECONF_ARM}"
EXTRA_OECONF_append_armeb = " ${EXTRA_OECONF_ARM}"
inherit autotools lib_package
PACKAGECONFIG ??= ""
# libwebpdecoder is a subset of libwebp, don't build it unless requested
PACKAGECONFIG[decoder] = "--enable-libwebpdecoder,--disable-libwebpdecoder"
# Apply for examples programs: cwebp and dwebp
PACKAGECONFIG[gif] = "--enable-gif,--disable-gif,giflib"
PACKAGECONFIG[jpeg] = "--enable-jpeg,--disable-jpeg,jpeg"
PACKAGECONFIG[png] = "--enable-png,--disable-png,,libpng"
PACKAGECONFIG[tiff] = "--enable-tiff,--disable-tiff,tiff"
# Apply only for example program vwebp
PACKAGECONFIG[gl] = "--enable-gl,--disable-gl,mesa-glut"
PACKAGES =+ "${PN}-gif2webp"
DESCRIPTION_${PN}-gif2webp = "Simple tool to convert animated GIFs to WebP"
FILES_${PN}-gif2webp = "${bindir}/gif2webp"
Reference in New Issue View Git Blame Copy Permalink