From patchwork Tue Mar 5 16:30:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 159673 Delivered-To: patch@linaro.org Received: by 2002:a02:5cc1:0:0:0:0:0 with SMTP id w62csp5163522jad; Tue, 5 Mar 2019 08:30:50 -0800 (PST) X-Google-Smtp-Source: APXvYqwDKqicSakKdQ7VeCn6EYifvoic9rTxFi8KjNgV8x+Q6SE/HZlV6PwpROof6cY9FGrKn8DI X-Received: by 2002:a17:902:728f:: with SMTP id d15mr2094922pll.156.1551803450078; Tue, 05 Mar 2019 08:30:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551803450; cv=none; d=google.com; s=arc-20160816; b=y0qsO+oOwv03Q0ymt+0AH/F+x8OFWOFIfSi1iSMinoOZavJti4JWbO0MxHTD1+Dn+2 nGyx2Um1tV018wIyZwisF+/R3GPGpMw6IJjtYl0OHEmNZhKSpFme0hx1vtENMEFZyaWZ 7QqGBGtnCNtw2wVMMrDOTcAMUzTZRoRoll5YZMFF4rg/xx2UOEEcjNfHsHvpzTPqvMxP DrPsWGQ/Oe47yfABLwJTUbLKWW/U677SdQnFi8BIDjr2WT0p/fE4dKaKODTzU4PccIJj hZM8FWJwGcvAlRLjSxx0rb8Ddt5BcGw1Kgm8lRPynGDCW6rJVlOAALQ/1xQ+H+4EzieH NIaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=4Js+yxRedeaYRffI6hjj6RHbGo1C0gCEQyU/mmy3JIY=; b=UM3d/Guz1RPHrv8imIpNLWPy7ON8e8uNvgnp0lAUVtZh0H9iIIKTamwBcxQ9BDanaE duvJWczhS8VsadjAaAwelMx3H05qsBD1Mk6lnZHA2AQlw21+lvv/4DHHZFBdg7LJ63ji TPY0766pYVRwYUgV5mG/fSiST1QLSJ5QjF8gpTYfD3RMuY1sN8KB8LYr4U3h0vEoU5df F5YDskAENjtWVaAh6tovxaTxeRHBsPfrbuftcx1lXGkiZeaQB8kDYqT1SVJeY43AQOkD XFI6uY3bDsbW6bVvr4TtHT9gI7TDd2goZ7VCLeZ5tVRkK9YqZNJX6wXNxM2TDb/f9a/d wuWw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=PUbQHfF5; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id e13si7946242pgu.102.2019.03.05.08.30.49; Tue, 05 Mar 2019 08:30:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=PUbQHfF5; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 86B9D7C753; Tue, 5 Mar 2019 16:30:30 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com [209.85.221.45]) by mail.openembedded.org (Postfix) with ESMTP id 8C4A07C707 for ; Tue, 5 Mar 2019 16:30:12 +0000 (UTC) Received: by mail-wr1-f45.google.com with SMTP id d17so10167457wre.10 for ; Tue, 05 Mar 2019 08:30:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:in-reply-to:references; bh=QI01iJM05/Pn/RM2EjuNK+THl/mdDGYwnktYcGNUeQ4=; b=PUbQHfF5phrymyelB+uSscrKk9Qs5v4Vw8Td9ur01w3/NUDniOmcmKsrvbv/NCN/Az 34aMKEclAR50tL15eROZGt6mWTpNfmyP987ywGqyY09CIX45V3qqtuT3o322Px0Ayb6n sGFybyqJ3MonmQgWJHDUm1zVwrFOwfTENKaLBPAB9GisxBoZFzOU3UxsEodlqes7g0nP uBqPcSTWT8OaP/pYWTME7S/pX9dVRJtRoSEojCCNnVcg58nqm9II2S/UVyNeB21xJ5w1 7dF5/lfI0/7sM9ZwOsJE8A2ErbmqwDy3l10BtQld1TBjWemUTRLXvO3hxHw/ijvZ4x2P VYdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=QI01iJM05/Pn/RM2EjuNK+THl/mdDGYwnktYcGNUeQ4=; b=RnhF9uHlYJR+2aBdzSBFiJX8N6C2g2d4Lx2ni45cXh16f21EkaDPR91WolCcvIu0H0 xhwXuEJWLlHkhYwnNxv8mhp7lBbWaQiRcBY2RHJKOsZMzwtmvR5VHCaFKB7KTiXJ4Ze1 WbLtxIKb9Y3XOKNBfVc0brmuRRgik7XCwUp46OA7QdicZH5FzH+wkLtHMEOYWzeJt53Z BNerU5Te+CmvGfKWdKNVpdA2ra3mR6ejS7cpAhL5CwvY6k4Udv2C7XsqUV5Y0HTwBQbF 4eQn3vWFNBDAts4Yn9Hkb6coj8BCDe+IZch10S3XLoHU67WcGKmBfTXzHu97nkU0upqf O8Kg== X-Gm-Message-State: APjAAAWuPZs4LjX/yhvmwhHx41vhhy6se1dg6P2iUAanpKtUV9tKKUV+ dSmVoYIpo6KZg/0hwxyR3mytz7ym7/c= X-Received: by 2002:adf:f4c8:: with SMTP id h8mr18457861wrp.6.1551803413035; Tue, 05 Mar 2019 08:30:13 -0800 (PST) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id e6sm10511265wrt.14.2019.03.05.08.30.12 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Mar 2019 08:30:12 -0800 (PST) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Tue, 5 Mar 2019 16:30:03 +0000 Message-Id: <20190305163003.16745-5-ross.burton@intel.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190305163003.16745-1-ross.burton@intel.com> References: <20190305163003.16745-1-ross.burton@intel.com> Subject: [OE-core] [PATCH 5/5] libpng: fix CVE-2019-7317 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org Signed-off-by: Ross Burton --- .../libpng/libpng/CVE-2019-7317.patch | 20 ++++++++++++++++++++ meta/recipes-multimedia/libpng/libpng_1.6.36.bb | 3 ++- 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch -- 2.11.0 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch new file mode 100644 index 00000000000..6ee1f8da303 --- /dev/null +++ b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch @@ -0,0 +1,20 @@ +Use-after-free detected with static analysis. + +CVE: CVE-2019-7317 +Upstream-Status: Submitted [https://github.com/glennrp/libpng/issues/275] +Signed-off-by: Ross Burton + +diff --git a/png.c b/png.c +index 9d9926f638..efd1aecfbd 100644 +--- a/png.c ++++ b/png.c +@@ -4588,8 +4588,7 @@ png_image_free(png_imagep image) + if (image != NULL && image->opaque != NULL && + image->opaque->error_buf == NULL) + { +- /* Ignore errors here: */ +- (void)png_safe_execute(image, png_image_free_function, image); ++ png_image_free_function(image); + image->opaque = NULL; + } + } diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb b/meta/recipes-multimedia/libpng/libpng_1.6.36.bb index 3cf4f7249cb..a5862378884 100644 --- a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb +++ b/meta/recipes-multimedia/libpng/libpng_1.6.36.bb @@ -9,7 +9,8 @@ DEPENDS = "zlib" LIBV = "16" -SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz" +SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz \ + file://CVE-2019-7317.patch" SRC_URI[md5sum] = "df2be2d29c40937fe1f5349b16bc2826" SRC_URI[sha256sum] = "eceb924c1fa6b79172fdfd008d335f0e59172a86a66481e09d4089df872aa319"