From fbe015523fd9ef214d3c988e727f57196a4b1f27 Mon Sep 17 00:00:00 2001
From: Armin Kuster <akuster@mvista.com>
Date: Fri, 5 Feb 2016 06:03:48 -0800
Subject: libpng: Security fix CVE-2015-8126

libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions

Adjusted dir location to match the version.

(From OE-Core master rev: d0a8313a03711ff881ad89b6cfc545f66a0bc018)

(From OE-Core rev: 20a1f80f554c2dc9da414c5846fb5bafd73e2cac)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-multimedia/libpng/libpng_1.6.16.bb | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'meta/recipes-multimedia/libpng/libpng_1.6.16.bb')

diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.16.bb b/meta/recipes-multimedia/libpng/libpng_1.6.16.bb
index a8677e8a37..8b9260589e 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.16.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.16.bb
@@ -10,6 +10,12 @@ LIBV = "16"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/project/libpng/libpng${LIBV}/${PV}/libpng-${PV}.tar.xz \
           "
+SRC_URI += "\
+            file://CVE-2015-8126_1.patch \
+            file://CVE-2015-8126_2.patch \
+            file://CVE-2015-8126_3.patch \
+            file://CVE-2015-8126_4.patch \
+            "
 
 SRC_URI[md5sum] = "23b7286b5d4a86de950fd2ffc5cac742"
 SRC_URI[sha256sum] = "42f754df633e4e700544e5913cbe2fd4928bbfccdc07708a5cf84e59827fbe60"
-- 
cgit v1.2.3-54-g00ecf