deleted file mode 100644
@@ -1,55 +0,0 @@
-From a486d800b60d0af4cc0836bf7ed8f21e12974129 Mon Sep 17 00:00:00 2001
-From: James Zern <jzern@google.com>
-Date: Wed, 22 Feb 2023 22:15:47 -0800
-Subject: [PATCH] EncodeAlphaInternal: clear result->bw on error
-
-This avoids a double free should the function fail prior to
-VP8BitWriterInit() and a previous trial result's buffer carried over.
-Previously in ApplyFiltersAndEncode() trial.bw (with a previous
-iteration's buffer) would be freed, followed by best.bw pointing to the
-same buffer.
-
-Since:
-187d379d add a fallback to ALPHA_NO_COMPRESSION
-
-In addition, check the return value of VP8BitWriterInit() in this
-function.
-
-Bug: webp:603
-Change-Id: Ic258381ee26c8c16bc211d157c8153831c8c6910
-
-CVE: CVE-2023-1999
-Upstream-Status: Backport [https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129]
-Signed-off-by: Nikhil R <nikhil.r@kpit.com>
----
- src/enc/alpha_enc.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/enc/alpha_enc.c b/src/enc/alpha_enc.c
-index f7c02690e3..7d205586fe 100644
---- a/src/enc/alpha_enc.c
-+++ b/src/enc/alpha_enc.c
-@@ -13,6 +13,7 @@
-
- #include <assert.h>
- #include <stdlib.h>
-+#include <string.h>
-
- #include "src/enc/vp8i_enc.h"
- #include "src/dsp/dsp.h"
-@@ -148,6 +149,7 @@ static int EncodeAlphaInternal(const uint8_t* const data, int width, int height,
- }
- } else {
- VP8LBitWriterWipeOut(&tmp_bw);
-+ memset(&result->bw, 0, sizeof(result->bw));
- return 0;
- }
- }
-@@ -162,7 +164,7 @@ static int EncodeAlphaInternal(const uint8_t* const data, int width, int height,
- header = method | (filter << 2);
- if (reduce_levels) header |= ALPHA_PREPROCESSED_LEVELS << 4;
-
-- VP8BitWriterInit(&result->bw, ALPHA_HEADER_LEN + output_size);
-+ if (!VP8BitWriterInit(&result->bw, ALPHA_HEADER_LEN + output_size)) ok = 0;
- ok = ok && VP8BitWriterAppend(&result->bw, &header, ALPHA_HEADER_LEN);
- ok = ok && VP8BitWriterAppend(&result->bw, output, output_size);
similarity index 93%
rename from meta/recipes-multimedia/webp/libwebp_1.3.0.bb
rename to meta/recipes-multimedia/webp/libwebp_1.3.1.bb
@@ -14,14 +14,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6e8dee932c26f2dab503abf70c96d8bb \
file://PATENTS;md5=c6926d0cb07d296f886ab6e0cc5a85b7"
SRC_URI = "http://downloads.webmproject.org/releases/webp/${BP}.tar.gz"
-SRC_URI[sha256sum] = "64ac4614db292ae8c5aa26de0295bf1623dbb3985054cb656c55e67431def17c"
+SRC_URI[sha256sum] = "b3779627c2dfd31e3d8c4485962c2efe17785ef975e2be5c8c0c9e6cd3c4ef66"
UPSTREAM_CHECK_URI = "http://downloads.webmproject.org/releases/webp/index.html"
-SRC_URI += " \
- file://CVE-2023-1999.patch \
-"
-
EXTRA_OECONF = " \
--disable-wic \
--enable-libwebpmux \
Hello, this email is a notification from the Auto Upgrade Helper that the automatic attempt to upgrade the recipe *libwebp* to *1.3.1* has Succeeded. Next steps: - apply the patch: git am 0001-libwebp-upgrade-1.3.0-1.3.1.patch - check the changes to upstream patches and summarize them in the commit message, - compile an image that contains the package - perform some basic sanity tests - amend the patch and sign it off: git commit -s --reset-author --amend - send it to the appropriate mailing list Alternatively, if you believe the recipe should not be upgraded at this time, you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that automatic upgrades would no longer be attempted. Please review the attached files for further information and build/update failures. Any problem please file a bug at https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler Regards, The Upgrade Helper -- >8 -- From 58abc51bd485adcd8ea532f8384bb12c6f6a0f77 Mon Sep 17 00:00:00 2001 From: Upgrade Helper <auh@yoctoproject.org> Date: Sat, 1 Jul 2023 14:19:17 +0000 Subject: [PATCH] libwebp: upgrade 1.3.0 -> 1.3.1 --- .../webp/files/CVE-2023-1999.patch | 55 ------------------- .../{libwebp_1.3.0.bb => libwebp_1.3.1.bb} | 6 +- 2 files changed, 1 insertion(+), 60 deletions(-) delete mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-1999.patch rename meta/recipes-multimedia/webp/{libwebp_1.3.0.bb => libwebp_1.3.1.bb} (93%)