mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-10 01:09:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
caac6c06bbeff7691f4f26c1d41e94de3d3c1c9a
poky/meta/recipes-multimedia/webp/libwebp_1.2.4.bb
Soumya Sambu 9f0a8901d1 libwebp: Fix CVE-2023-4863 
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187
allowed a remote attacker to perform an out of bounds memory write via
a crafted HTML page.

Removed CVE-2023-5129.patch as CVE-2023-5129 is duplicate of CVE-2023-4863.

CVE: CVE-2023-4863

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
https://security-tracker.debian.org/tracker/CVE-2023-4863
https://bugzilla.redhat.com/show_bug.cgi?id=2238431#c12

(From OE-Core rev: dbef9bf56fec551b6d1428fcefdadb500172940a)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2023-11-14 06:49:11 -10:00

60 lines
2.3 KiB
BlitzBasic
Raw Blame History

SUMMARY = "WebP is an image format designed for the Web"
DESCRIPTION = "WebP is a method of lossy and lossless compression that can be \
used on a large variety of photographic, translucent and \
graphical images found on the web. The degree of lossy \
compression is adjustable so a user can choose the trade-off \
between file size and image quality. WebP typically achieves \
an average of 30% more compression than JPEG and JPEG 2000, \
without loss of image quality."
HOMEPAGE = "https://developers.google.com/speed/webp/"
SECTION = "libs"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=6e8dee932c26f2dab503abf70c96d8bb \
file://PATENTS;md5=c6926d0cb07d296f886ab6e0cc5a85b7"
SRC_URI = "http://downloads.webmproject.org/releases/webp/${BP}.tar.gz \
file://CVE-2023-1999.patch \
file://CVE-2023-4863-0001.patch \
file://CVE-2023-4863-0002.patch \
"
SRC_URI[sha256sum] = "7bf5a8a28cc69bcfa8cb214f2c3095703c6b73ac5fba4d5480c205331d9494df"
UPSTREAM_CHECK_URI = "http://downloads.webmproject.org/releases/webp/index.html"
EXTRA_OECONF = " \
--disable-wic \
--enable-libwebpmux \
--enable-libwebpdemux \
--enable-threading \
"
# Do not trust configure to determine if neon is available.
#
EXTRA_OECONF_ARM = " \
${@bb.utils.contains("TUNE_FEATURES","neon","--enable-neon","--disable-neon",d)} \
"
EXTRA_OECONF:append:arm = " ${EXTRA_OECONF_ARM}"
EXTRA_OECONF:append:armeb = " ${EXTRA_OECONF_ARM}"
inherit autotools lib_package
PACKAGECONFIG ??= ""
# libwebpdecoder is a subset of libwebp, don't build it unless requested
PACKAGECONFIG[decoder] = "--enable-libwebpdecoder,--disable-libwebpdecoder"
# Apply for examples programs: cwebp and dwebp
PACKAGECONFIG[gif] = "--enable-gif,--disable-gif,giflib"
PACKAGECONFIG[jpeg] = "--enable-jpeg,--disable-jpeg,jpeg"
PACKAGECONFIG[png] = "--enable-png,--disable-png,,libpng"
PACKAGECONFIG[tiff] = "--enable-tiff,--disable-tiff,tiff"
# Apply only for example program vwebp
PACKAGECONFIG[gl] = "--enable-gl,--disable-gl,mesa-glut"
PACKAGES =+ "${PN}-gif2webp"
DESCRIPTION:${PN}-gif2webp = "Simple tool to convert animated GIFs to WebP"
FILES:${PN}-gif2webp = "${bindir}/gif2webp"
Reference in New Issue View Git Blame Copy Permalink