summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2019-03-05 16:30:03 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-03-06 10:39:25 +0000
commit4e2c4018e03e8498efce9b826551c2fdb373e16d (patch)
tree5eafdfaf519f444664a07a1e4cf08d9fe79fa22c /meta/recipes-multimedia
parent4aafd981b85c3c03937d57a6afaa20546d987a19 (diff)
downloadpoky-4e2c4018e03e8498efce9b826551c2fdb373e16d.tar.gz
libpng: fix CVE-2019-7317
(From OE-Core rev: 983d4757db7d46dcd4116269c4446392e28f16fb) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia')
-rw-r--r--meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch20
-rw-r--r--meta/recipes-multimedia/libpng/libpng_1.6.36.bb3
2 files changed, 22 insertions, 1 deletions
diff --git a/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
new file mode 100644
index 0000000000..6ee1f8da30
--- /dev/null
+++ b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
@@ -0,0 +1,20 @@
1Use-after-free detected with static analysis.
2
3CVE: CVE-2019-7317
4Upstream-Status: Submitted [https://github.com/glennrp/libpng/issues/275]
5Signed-off-by: Ross Burton <ross.burton@intel.com>
6
7diff --git a/png.c b/png.c
8index 9d9926f638..efd1aecfbd 100644
9--- a/png.c
10+++ b/png.c
11@@ -4588,8 +4588,7 @@ png_image_free(png_imagep image)
12 if (image != NULL && image->opaque != NULL &&
13 image->opaque->error_buf == NULL)
14 {
15- /* Ignore errors here: */
16- (void)png_safe_execute(image, png_image_free_function, image);
17+ png_image_free_function(image);
18 image->opaque = NULL;
19 }
20 }
diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb b/meta/recipes-multimedia/libpng/libpng_1.6.36.bb
index 3cf4f7249c..a586237888 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.36.bb
@@ -9,7 +9,8 @@ DEPENDS = "zlib"
9 9
10LIBV = "16" 10LIBV = "16"
11 11
12SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz" 12SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz \
13 file://CVE-2019-7317.patch"
13SRC_URI[md5sum] = "df2be2d29c40937fe1f5349b16bc2826" 14SRC_URI[md5sum] = "df2be2d29c40937fe1f5349b16bc2826"
14SRC_URI[sha256sum] = "eceb924c1fa6b79172fdfd008d335f0e59172a86a66481e09d4089df872aa319" 15SRC_URI[sha256sum] = "eceb924c1fa6b79172fdfd008d335f0e59172a86a66481e09d4089df872aa319"
15 16