Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update libpng to newer version #4

Open
HCLJason opened this issue May 6, 2021 · 6 comments
Open

Update libpng to newer version #4

HCLJason opened this issue May 6, 2021 · 6 comments

Comments

@HCLJason
Copy link

HCLJason commented May 6, 2021

The current libpng is on 1.6.18, and there are multiple vulnerabilities. Looking at the main libpng page, there's multiple that affect this port.

CVE-2019-7317
CVE-2015-7981
CVE-2015-8126
CVE-2016-10087

Can we please update this to include the changes from the newest version (currently 1.6.37)?
@kripken
Copy link
Member

kripken commented May 17, 2021

Sounds good. Assuming we can use the upstream repo as discussed in the other issue, then to upgrade, a PR to emscripten-core/emscripten would just need to update tools/ports/libpng.py to a new revision (and switch repos).

@HCLJason
Copy link
Author

I did have trouble compiling it if we named the release anything but version_1. When I checked for a hard-coded version_1, grep turned up empty.

We need to merge the PR, create a new release, then add the sha512 into the tools/ports/libpng.py file.

@kripken
Copy link
Member

kripken commented May 18, 2021

Not sure I follow. Why does the name version_1 matter?

Several emscripten ports do not use version_X names, and they use non-ports repos, for example see icu.

@HCLJason
Copy link
Author

I'm not sure. It threw path errors when I used v1.6.37 and version_2. I tested using a version_1 tag of the v1.6.37 branch and it worked.

@kripken
Copy link
Member

kripken commented May 19, 2021

Can you attach the patch you tried with? I can take a look at it locally. It seems like this should work, so maybe you've hit a bug.

@HCLJason
Copy link
Author

Yes.

Patch (for freetype, since I'm updating that to use upstream and it's failing):

TAG = 'VER-2-10-4'
HASH = '795dfc6b3f14b25cda4f2e76637e7453390ef775bd6b7dc380d5aa03d923890bdff46d3f40e52b54a49c05207efa4e9cbdc9281cb5babb51750919bbda1c80b9'

def needed(settings):
return settings.USE_FREETYPE

def get(ports, settings, shared):
ports.fetch_project('freetype', 'http://git.savannah.gnu.org/cgit/freetype/freetype2.git/snapshot/freetype2-' + TAG + '.tar.gz', 'FreeType-' + TAG, sha512hash=HASH)

Build logs with the error:

system_libs:INFO: retrieving port: freetype from http://git.savannah.gnu.org/cgit/freetype/freetype2.git/snapshot/freetype2-VER-2-10-4.tar.gz
system_libs:INFO: unpacking port: freetype
cache:INFO: generating port: sysroot/lib/wasm32-emscripten/libfreetype.a... (this will be cached in "/local/emsdk/upstream/emscripten/cache/sysroot/lib/wasm32-emscripten/libfreetype.a" for subsequent builds)
configure: cmake -B/local/emsdk/upstream/emscripten/cache/ports-builds/freetype -H/local/emsdk/upstream/emscripten/cache/ports/freetype/FreeType-VER-2-10-4 -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/local/emsdk/upstream/emscripten/cache/ports-builds/freetype -DCMAKE_CXX_FLAGS="-pthread" -DCMAKE_C_FLAGS="-pthread" -DCMAKE_TOOLCHAIN_FILE=/local/emsdk/upstream/emscripten/cmake/Modules/Platform/Emscripten.cmake -DCMAKE_CROSSCOMPILING_EMULATOR="/local/emsdk/node/14.15.5_64bit/bin/node"

CMake Error: The source directory "/local/emsdk/upstream/emscripten/cache/ports/freetype/FreeType-VER-2-10-4" does not exist.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kripken @HCLJason