diff options
| author | Sona Sarmadi <sona.sarmadi@enea.com> | 2018-09-17 10:12:53 +0200 |
|---|---|---|
| committer | Sona Sarmadi <sona.sarmadi@enea.com> | 2018-09-17 10:12:53 +0200 |
| commit | 3efb0bdd5c79f5dcb21495e9b444721603ae93f0 (patch) | |
| tree | 3d4e079b714e4d4dca74982f91313364f0dd2ea6 | |
| parent | bef574e8d1aedbbb99d0dea6f2d2b1e5166743ae (diff) | |
| download | meta-el-common-3efb0bdd5c79f5dcb21495e9b444721603ae93f0.tar.gz | |
libpng: fix for CVE-2018-13785
ref: https://nvd.nist.gov/vuln/detail/CVE-2018-13785
Change-Id: I1e4f17816bca50dd405ac7ee7c16d8d9aa7e0b21
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
| -rw-r--r-- | recipes-multimedia/libpng/libpng/CVE-2018-13785.patch | 40 | ||||
| -rw-r--r-- | recipes-multimedia/libpng/libpng_%.bbappend | 5 |
2 files changed, 45 insertions, 0 deletions
diff --git a/recipes-multimedia/libpng/libpng/CVE-2018-13785.patch b/recipes-multimedia/libpng/libpng/CVE-2018-13785.patch new file mode 100644 index 0000000..0d8aaf8 --- /dev/null +++ b/recipes-multimedia/libpng/libpng/CVE-2018-13785.patch | |||
| @@ -0,0 +1,40 @@ | |||
| 1 | From 8a05766cb74af05c04c53e6c9d60c13fc4d59bf2 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Cosmin Truta <ctruta@gmail.com> | ||
| 3 | Date: Sun, 17 Jun 2018 22:56:29 -0400 | ||
| 4 | Subject: [PATCH] [libpng16] Fix the calculation of row_factor in | ||
| 5 | png_check_chunk_length | ||
| 6 | |||
| 7 | (Bug report by Thuan Pham, SourceForge issue #278) | ||
| 8 | |||
| 9 | CVE: CVE-2018-13785 | ||
| 10 | Upstream-Status: Backport | ||
| 11 | |||
| 12 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
| 13 | --- | ||
| 14 | pngrutil.c | 9 ++++++--- | ||
| 15 | 1 file changed, 6 insertions(+), 3 deletions(-) | ||
| 16 | |||
| 17 | diff --git a/pngrutil.c b/pngrutil.c | ||
| 18 | index 95571b5..5ba995a 100644 | ||
| 19 | --- a/pngrutil.c | ||
| 20 | +++ b/pngrutil.c | ||
| 21 | @@ -3167,10 +3167,13 @@ png_check_chunk_length(png_const_structrp png_ptr, const png_uint_32 length) | ||
| 22 | { | ||
| 23 | png_alloc_size_t idat_limit = PNG_UINT_31_MAX; | ||
| 24 | size_t row_factor = | ||
| 25 | - (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1) | ||
| 26 | - + 1 + (png_ptr->interlaced? 6: 0)); | ||
| 27 | + (size_t)png_ptr->width | ||
| 28 | + * (size_t)png_ptr->channels | ||
| 29 | + * (png_ptr->bit_depth > 8? 2: 1) | ||
| 30 | + + 1 | ||
| 31 | + + (png_ptr->interlaced? 6: 0); | ||
| 32 | if (png_ptr->height > PNG_UINT_32_MAX/row_factor) | ||
| 33 | - idat_limit=PNG_UINT_31_MAX; | ||
| 34 | + idat_limit = PNG_UINT_31_MAX; | ||
| 35 | else | ||
| 36 | idat_limit = png_ptr->height * row_factor; | ||
| 37 | row_factor = row_factor > 32566? 32566 : row_factor; | ||
| 38 | -- | ||
| 39 | 1.9.1 | ||
| 40 | |||
diff --git a/recipes-multimedia/libpng/libpng_%.bbappend b/recipes-multimedia/libpng/libpng_%.bbappend new file mode 100644 index 0000000..948941d --- /dev/null +++ b/recipes-multimedia/libpng/libpng_%.bbappend | |||
| @@ -0,0 +1,5 @@ | |||
| 1 | # look for files in the layer first | ||
| 2 | FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" | ||
| 3 | |||
| 4 | SRC_URI += "file://CVE-2018-13785.patch \ | ||
| 5 | " | ||