libpng: fix CVE-2019-7317

(From OE-Core rev: 983d4757db7d46dcd4116269c4446392e28f16fb) (From OE-Core rev: ab4483fbd95fecb951e765ebc7da918b503142ca) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@intel.com> 2019-03-05 16:30:03 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-03-24 16:48:38 +0000
commit: 22febdc60ee903a89c96663e702920e027b9fab1 (patch)
tree: 6b3f8c34256638b32cb137997ee9d66ec7da34a9 /meta
parent: c707714cfe8d4f734ab88926a890ec768593ba5e (diff)
download: poky-22febdc60ee903a89c96663e702920e027b9fab1.tar.gz
2 files changed, 22 insertions, 1 deletions
diff --git a/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
new file mode 100644
index 0000000000..6ee1f8da30
--- /dev/null
+++ b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
@@ -0,0 +1,20 @@
+Use-after-free detected with static analysis.
+CVE: CVE-2019-7317
+Upstream-Status: Submitted [https://github.com/glennrp/libpng/issues/275]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+diff --git a/png.c b/png.c
+index 9d9926f638..efd1aecfbd 100644
+--- a/png.c
+++ b/png.c
+@@ -4588,8 +4588,7 @@ png_image_free(png_imagep image)
+    if (image != NULL && image->opaque != NULL &&
+       image->opaque->error_buf == NULL)
+    {
+-      /* Ignore errors here: */
+-      (void)png_safe_execute(image, png_image_free_function, image);
+      png_image_free_function(image);
+       image->opaque = NULL;
+    }
+ }
diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb b/meta/recipes-multimedia/libpng/libpng_1.6.36.bb
index 3cf4f7249c..a586237888 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.36.bb
@@ -9,7 +9,8 @@ DEPENDS = "zlib"
 LIBV = "16"
-SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz"
+SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz \
+           file://CVE-2019-7317.patch"
 SRC_URI[md5sum] = "df2be2d29c40937fe1f5349b16bc2826"
 SRC_URI[sha256sum] = "eceb924c1fa6b79172fdfd008d335f0e59172a86a66481e09d4089df872aa319"
author	Ross Burton <ross.burton@intel.com>	2019-03-05 16:30:03 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-03-24 16:48:38 +0000
commit	22febdc60ee903a89c96663e702920e027b9fab1 (patch)
tree	6b3f8c34256638b32cb137997ee9d66ec7da34a9 /meta
parent	c707714cfe8d4f734ab88926a890ec768593ba5e (diff)
download	poky-22febdc60ee903a89c96663e702920e027b9fab1.tar.gz

diff --git a/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch new file mode 100644 index 0000000000..6ee1f8da30 --- /dev/null +++ b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
@@ -0,0 +1,20 @@
		1	Use-after-free detected with static analysis.
		2
		3	CVE: CVE-2019-7317
		4	Upstream-Status: Submitted [https://github.com/glennrp/libpng/issues/275]
		5	Signed-off-by: Ross Burton <ross.burton@intel.com>
		6
		7	diff --git a/png.c b/png.c
		8	index 9d9926f638..efd1aecfbd 100644
		9	--- a/png.c
		10	+++ b/png.c
		11	@@ -4588,8 +4588,7 @@ png_image_free(png_imagep image)
		12	if (image != NULL && image->opaque != NULL &&
		13	image->opaque->error_buf == NULL)
		14	{
		15	- /* Ignore errors here: */
		16	- (void)png_safe_execute(image, png_image_free_function, image);
		17	+ png_image_free_function(image);
		18	image->opaque = NULL;
		19	}
		20	}


diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb b/meta/recipes-multimedia/libpng/libpng_1.6.36.bb index 3cf4f7249c..a586237888 100644 --- a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb +++ b/meta/recipes-multimedia/libpng/libpng_1.6.36.bb
@@ -9,7 +9,8 @@ DEPENDS = "zlib"
9		9
10	LIBV = "16"	10	LIBV = "16"
11		11
12	SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz"	12	SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz \
		13	file://CVE-2019-7317.patch"
13	SRC_URI[md5sum] = "df2be2d29c40937fe1f5349b16bc2826"	14	SRC_URI[md5sum] = "df2be2d29c40937fe1f5349b16bc2826"
14	SRC_URI[sha256sum] = "eceb924c1fa6b79172fdfd008d335f0e59172a86a66481e09d4089df872aa319"	15	SRC_URI[sha256sum] = "eceb924c1fa6b79172fdfd008d335f0e59172a86a66481e09d4089df872aa319"
15		16