From e556bbcee03a7ffab00b3748f3370be7f915c772 Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Tue, 15 Mar 2016 07:17:13 +0100
Subject: libpng: CVE-2015-8126

Fixes buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions

References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126

Upstream patches:
https://github.com/glennrp/libpng/commit/81f44665cce4cb1373f049a76f3904e981b7a766
https://github.com/glennrp/libpng/commit/a901eb3ce6087e0afeef988247f1a1aa208cb54d
https://github.com/glennrp/libpng/commit/1bef8e97995c33123665582e57d3ed40b57d5978
https://github.com/glennrp/libpng/commit/83f4c735c88e7f451541c1528d8043c31ba3b466

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Paul Vaduva <Paul.Vaduva@enea.com>
---
 meta/recipes-multimedia/libpng/libpng_1.6.13.bb | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'meta/recipes-multimedia/libpng/libpng_1.6.13.bb')

diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.13.bb b/meta/recipes-multimedia/libpng/libpng_1.6.13.bb
index 3d32bfea2c..80dcc0a63f 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.13.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.13.bb
@@ -10,6 +10,12 @@ LIBV = "16"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/project/libpng/libpng${LIBV}/${PV}/libpng-${PV}.tar.xz \
           "
+SRC_URI += "\
+            file://CVE-2015-8126_1.patch \
+            file://CVE-2015-8126_2.patch \
+            file://CVE-2015-8126_3.patch \
+            file://CVE-2015-8126_4.patch \
+            "
 
 SRC_URI[md5sum] = "9822c25466f060142359f80ed142c9e5"
 SRC_URI[sha256sum] = "d9c8ce54a5fc8052ed794ca65b553384a74c0608b09ae163cbbb07176018e625"
-- 
cgit v1.2.3-54-g00ecf