diff options
author | Ross Burton <ross.burton@intel.com> | 2019-03-05 16:30:03 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-03-06 10:39:25 +0000 |
commit | 4e2c4018e03e8498efce9b826551c2fdb373e16d (patch) | |
tree | 5eafdfaf519f444664a07a1e4cf08d9fe79fa22c /meta/recipes-multimedia | |
parent | 4aafd981b85c3c03937d57a6afaa20546d987a19 (diff) | |
download | poky-4e2c4018e03e8498efce9b826551c2fdb373e16d.tar.gz |
libpng: fix CVE-2019-7317
(From OE-Core rev: 983d4757db7d46dcd4116269c4446392e28f16fb)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia')
-rw-r--r-- | meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch | 20 | ||||
-rw-r--r-- | meta/recipes-multimedia/libpng/libpng_1.6.36.bb | 3 |
2 files changed, 22 insertions, 1 deletions
diff --git a/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch new file mode 100644 index 0000000000..6ee1f8da30 --- /dev/null +++ b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch | |||
@@ -0,0 +1,20 @@ | |||
1 | Use-after-free detected with static analysis. | ||
2 | |||
3 | CVE: CVE-2019-7317 | ||
4 | Upstream-Status: Submitted [https://github.com/glennrp/libpng/issues/275] | ||
5 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
6 | |||
7 | diff --git a/png.c b/png.c | ||
8 | index 9d9926f638..efd1aecfbd 100644 | ||
9 | --- a/png.c | ||
10 | +++ b/png.c | ||
11 | @@ -4588,8 +4588,7 @@ png_image_free(png_imagep image) | ||
12 | if (image != NULL && image->opaque != NULL && | ||
13 | image->opaque->error_buf == NULL) | ||
14 | { | ||
15 | - /* Ignore errors here: */ | ||
16 | - (void)png_safe_execute(image, png_image_free_function, image); | ||
17 | + png_image_free_function(image); | ||
18 | image->opaque = NULL; | ||
19 | } | ||
20 | } | ||
diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb b/meta/recipes-multimedia/libpng/libpng_1.6.36.bb index 3cf4f7249c..a586237888 100644 --- a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb +++ b/meta/recipes-multimedia/libpng/libpng_1.6.36.bb | |||
@@ -9,7 +9,8 @@ DEPENDS = "zlib" | |||
9 | 9 | ||
10 | LIBV = "16" | 10 | LIBV = "16" |
11 | 11 | ||
12 | SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz" | 12 | SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz \ |
13 | file://CVE-2019-7317.patch" | ||
13 | SRC_URI[md5sum] = "df2be2d29c40937fe1f5349b16bc2826" | 14 | SRC_URI[md5sum] = "df2be2d29c40937fe1f5349b16bc2826" |
14 | SRC_URI[sha256sum] = "eceb924c1fa6b79172fdfd008d335f0e59172a86a66481e09d4089df872aa319" | 15 | SRC_URI[sha256sum] = "eceb924c1fa6b79172fdfd008d335f0e59172a86a66481e09d4089df872aa319" |
15 | 16 | ||