gd: fix CVE-2017-6363

Backport the CVE patch from the upstream to fix the heap-based buffer over-read in tiffWriter. Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Haiqing Bai <Haiqing.Bai@windriver.com> 2020-03-04 14:24:13 +0800
committer: Armin Kuster <akuster808@gmail.com> 2020-03-21 19:44:00 -0700
commit: 9aea795890af4de0b8e6587f1f2778109446736d (patch)
tree: e60217743287f27233e8a274814bd1a8cb368214 /meta-oe/recipes-support/gd/gd_2.2.5.bb
parent: 9e60d30669a2ad0598e9abf0cd15ee06b523986b (diff)
download: meta-openembedded-contrib-9aea795890af4de0b8e6587f1f2778109446736d.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/gd/gd_2.2.5.bb b/meta-oe/recipes-support/gd/gd_2.2.5.bb
index 35f9bb2516..dda2e67d6d 100644
--- a/meta-oe/recipes-support/gd/gd_2.2.5.bb
+++ b/meta-oe/recipes-support/gd/gd_2.2.5.bb
@@ -17,6 +17,7 @@ SRC_URI = "git://github.com/libgd/libgd.git;branch=GD-2.2 \
            file://0001-annotate.c-gdft.c-Replace-strncpy-with-memccpy-to-fi.patch \
            file://CVE-2018-1000222.patch \
            file://CVE-2019-6978.patch \
+           file://CVE-2017-6363.patch \
           "
 
 SRCREV = "8255231b68889597d04d451a72438ab92a405aba"
author	Haiqing Bai <Haiqing.Bai@windriver.com>	2020-03-04 14:24:13 +0800
committer	Armin Kuster <akuster808@gmail.com>	2020-03-21 19:44:00 -0700
commit	9aea795890af4de0b8e6587f1f2778109446736d (patch)
tree	e60217743287f27233e8a274814bd1a8cb368214 /meta-oe/recipes-support/gd/gd_2.2.5.bb
parent	9e60d30669a2ad0598e9abf0cd15ee06b523986b (diff)
download	meta-openembedded-contrib-9aea795890af4de0b8e6587f1f2778109446736d.tar.gz