diff options
| author |   Ross Burton <ross.burton@intel.com> | 2019-03-05 16:30:03 +0000 |
|---|---|---|
| committer |   Armin Kuster <akuster808@gmail.com> | 2019-03-22 14:40:46 -0700 |
| commit | ab4483fbd95fecb951e765ebc7da918b503142ca (patch) | |
| tree | 5f5a1ce5f622ebde48cd47dd5b36a8fbbcd8df7c /meta/recipes-multimedia | |
| parent | 181d15b438ffa1d9da10399d33368906b464e4eb (diff) | |
| download | openembedded-core-contrib-ab4483fbd95fecb951e765ebc7da918b503142ca.tar.gz | |
libpng: fix CVE-2019-7317
(From OE-Core rev: 983d4757db7d46dcd4116269c4446392e28f16fb)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta/recipes-multimedia')
| -rw-r--r-- | meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch | 20 | ||||
| -rw-r--r-- | meta/recipes-multimedia/libpng/libpng_1.6.36.bb | 3 |
2 files changed, 22 insertions, 1 deletions
diff --git a/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch new file mode 100644 index 0000000000..6ee1f8da30 --- /dev/null +++ b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch @@ -0,0 +1,20 @@ +Use-after-free detected with static analysis. + +CVE: CVE-2019-7317 +Upstream-Status: Submitted [https://github.com/glennrp/libpng/issues/275] +Signed-off-by: Ross Burton <ross.burton@intel.com> + +diff --git a/png.c b/png.c +index 9d9926f638..efd1aecfbd 100644 +--- a/png.c ++++ b/png.c +@@ -4588,8 +4588,7 @@ png_image_free(png_imagep image) + if (image != NULL && image->opaque != NULL && + image->opaque->error_buf == NULL) + { +- /* Ignore errors here: */ +- (void)png_safe_execute(image, png_image_free_function, image); ++ png_image_free_function(image); + image->opaque = NULL; + } + } diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb b/meta/recipes-multimedia/libpng/libpng_1.6.36.bb index 3cf4f7249c..a586237888 100644 --- a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb +++ b/meta/recipes-multimedia/libpng/libpng_1.6.36.bb @@ -9,7 +9,8 @@ DEPENDS = "zlib" LIBV = "16" -SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz" +SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz \ + file://CVE-2019-7317.patch" SRC_URI[md5sum] = "df2be2d29c40937fe1f5349b16bc2826" SRC_URI[sha256sum] = "eceb924c1fa6b79172fdfd008d335f0e59172a86a66481e09d4089df872aa319" |