From patchwork Tue Nov 5 21:38:10 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adrian Bunk X-Patchwork-Id: 178560 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp1330611ilf; Tue, 5 Nov 2019 13:38:24 -0800 (PST) X-Google-Smtp-Source: APXvYqz/bRXwxnYthSvhq4yTc6llDnRGtO06+58EL2aXRSzeAaX6iw3LesQM9nuUT+1UIp4E0xud X-Received: by 2002:a17:90a:f496:: with SMTP id bx22mr1527913pjb.101.1572989904299; Tue, 05 Nov 2019 13:38:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1572989904; cv=none; d=google.com; s=arc-20160816; b=ZFg0iO8r8COo1X2vRopVYrBSpXdn37B0Yux+Gh/Iy9ao4GL/zmJgGuzPzhwVfQ6B3J Y9iZl2/PUq2w3EkerNsyIYA6jrVQQv2saCs+J0vVhO4FWxSDPI2P0TnSZlRTc2Rh1IuX hJQEn5NjUHU9mExMCGB0hcTKVcaGR00rCgkhyTObcHKPWib5QX49LVMlMfnS3RO1YPNC DrADDQ89P4G8MNhzrJz+1UyTyBxdwg/aBb5WxyTlhiZmSE92+JLjm+rQYxmRuUEg9MsQ k0FFaTc7aXmynX9NJ6/ccwDnu1yjGJwF60H81vcMmDdacs4BfMh0GEdq+FL1qZ3L6klA VCKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:dkim-signature :delivered-to; bh=QV4pmsjc/7hyP91tfxyMZDn/gPSoQ7M4j/XcYM6gDqc=; b=UWXNcQYiC9xynwiABNZju+L/aa/TXfad24TSzbBmB/a6ExhAhkb+5s6HOw3GSmJ4M2 V1MTzuVeWQ6VFTkBr/i0JCDtiZGv49ru2nO/k2UKFl3UnLxYk1uXnQcUu9Sew58NnuDD P7d/jR6/O5d0Q4YvDDtyDQMQdqscIkqUqoWAZG9JJdk4oSWczxrUrvCoCBTu/GP1vVDP LUGTEWU34FucNW0jeXQv5XJPStkTqMW6xOJxpDwpN6QENpfPSU1hv89CDovLYLDvFCmP RgK8B8ONxzEubOj0hi23ZG1EPv5eVXBDx7RMhTorersQUzFLiqfFeB+KOO72RJhLmK7v bIwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@stusta.de header.s=default header.b=QDH3q+uA; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=stusta.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id v12si672408pjn.5.2019.11.05.13.38.23; Tue, 05 Nov 2019 13:38:24 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@stusta.de header.s=default header.b=QDH3q+uA; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=stusta.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 9C5DC7F897; Tue, 5 Nov 2019 21:38:17 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.stusta.mhn.de (mail.stusta.mhn.de [141.84.69.5]) by mail.openembedded.org (Postfix) with ESMTP id 5ACF67F895 for ; Tue, 5 Nov 2019 21:38:14 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by mail.stusta.mhn.de (Postfix) with ESMTPSA id 47731f5wBdzHg for ; Tue, 5 Nov 2019 22:38:14 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stusta.de; s=default; t=1572989895; bh=l+KLi24m/ifZ9xdUypSiZYT//10ar/wDi87WfYSI2Ng=; h=From:To:Subject:Date:From; b=QDH3q+uAqLoLCVfpCmjZfgNd4NDB0EgsHybvj75NocZbZ10hyAWWCewT89efpvlqp 8sEArNkhoU41noaabTOT1gonu4kJdG3R0pUfUCIXwJt50h3Bwh4M+abWPWku8lKWtl v/N7txBnKY5DuD3H53wS0TaYE/A9q1K1hR1r/0JYQ27XE2EbN8nydR2DPyRngJia9G cT4GheivZ+w9fERD33xvKfrdhwte7t4Yr7LoLcBlq1+d+GtCn6Bh7okcve8WzN2Lrz +3ZsCSEwH9BJRSmJTR9r4KQ81pAc9D66qh0NrUKlUOp0cmLLfgUX1aH8BPQsxti/Kg 25WHg0JE81DEDUBHOJC41BvYCbD67nE3vLdz7bh4VlXP7VqqVobdA2rNfv7wZxRd0n LDvfuozqK4TqAnLBDnYrqzDLkm0Zr7EsBq9oePWsW1vaUrGGi37pjGMuGNEys6Kvah PkAGi4/VKm8qdFknlVLBRbYXU0ZmOwBFsQLDsAznKnAVKBze6Pe/idB9pxyRECJI+c C8WMAaWb72f9kWxAwOdhBpTHYvCB7WxGRZIT3O7rFWlsG40a7C/DmZonX6L3G0lJUk Z1pcTuT64GNjDo7gj5lER5zsxzhcvhjy5VsYu4M7ZYFmiUEqaR2lw1pLPawXkaj2fd lHfmHYriQh1MgUg7jHv0Bs/I= From: Adrian Bunk To: openembedded-core@lists.openembedded.org Date: Tue, 5 Nov 2019 23:38:10 +0200 Message-Id: <20191105213813.27546-2-bunk@stusta.de> X-Mailer: git-send-email 2.17.1 Subject: [OE-core] [zeus][PATCH] libsndfile1: whitelist CVE-2018-13419 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton This is a memory leak that nobody else can replicate and has been rejected by upstream. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Adrian Bunk --- meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb | 4 ++++ 1 file changed, 4 insertions(+) -- 2.17.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb index ffb45855a4..7855008f3d 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb +++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb @@ -33,3 +33,7 @@ PACKAGECONFIG[alsa] = "--enable-alsa,--disable-alsa,alsa-lib" PACKAGECONFIG[regtest] = "--enable-sqlite,--disable-sqlite,sqlite3" inherit autotools lib_package pkgconfig + +# This can't be replicated and is just a memory leak. +# https://github.com/erikd/libsndfile/issues/398 +CVE_CHECK_WHITELIST += "CVE-2018-13419"