From patchwork Tue Nov  5 21:44:45 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adrian Bunk <bunk@stusta.de>
X-Patchwork-Id: 178570
Delivered-To: patch@linaro.org
Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp1337392ilf;
 Tue, 5 Nov 2019 13:45:56 -0800 (PST)
X-Google-Smtp-Source: APXvYqyWhmbRmN54V0RXrUXW6to3q3g5CPx4y96Aqa/WpKu97seKy3WD8NpoiDrUFWWvxSEZEW+j
X-Received: by 2002:a62:ac06:: with SMTP id v6mr9421501pfe.210.1572990356817; 
 Tue, 05 Nov 2019 13:45:56 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1572990356; cv=none;
 d=google.com; s=arc-20160816;
 b=CYQbpDlssfk3lIuUeZJJ1SrL0vCsDyn3mUvbMAmbzSsUWLu1bM0fV3WKx8GUvx9Vvu
 H4OhG2oj6SLe2w0/oChruaPwkWOU6wfAaxS8aS858Fd4TptL5BznHdfYGxEi1dZrOo4b
 yZKbvTCypeidsVCJamFLbUB7QFt1fhrelHdC+fuXEQqSkAhVuzo1hWAMX00igePZdz+J
 LOlD3/h3FPhm9+TR0PlQ4jwjAooPsdxwwqdDS4RmpE1Ms1IcjHaUoQVEsqe0aOFXLbd6
 YRu+Fitc6uhofRvIAzYo9IqfJH0hxpXaw8RE2OJ2gXDnfZOMwzB9mjXo+w3tZ5kIOsRv
 ob0w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=errors-to:sender:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
 :list-id:precedence:subject:message-id:date:to:from:dkim-signature
 :delivered-to;
 bh=/TrjQwLi6M5/aNtmApj07a8xiKPR7PHVHWJLccwHQXM=;
 b=FRs2I7BLr6fOUj1X2UHGRI4Uf3dQ8ijM51GJYnkgmOV655XCJ4QFb7eFyBNXz13Cpb
 Il7UxJCsh5/HTD0TyBGSqj8nEaqZDIpDFzwE+vUXcwpV3hHX2Rhl3cRREBFGXxA4AIZo
 u7j4/FsczeR/AHW0TUHNfkcJrjzksX2xF7nYail7ychiqB8BWMZGs3Mm010f9MKQ6bUo
 o0z9016ieYwFQlTi6k5d7Ckux8g4PlLiGrwNHDMCroRRfSqzIG/r8l9c3phGUi3w0Qqq
 voVkGnSIeT/ulL1cNonTnRLGVfeDY19d7BiGHsM4CfzsNC+X7DtdK6P6IyxSwr5jacPt
 Tr0A==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@stusta.de
 header.s=default header.b="r4oI/wQa"; 
 spf=pass (google.com: best guess record for domain of
 openembedded-core-bounces@lists.openembedded.org designates
 140.211.169.62 as permitted sender)
 smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org;
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=stusta.de
Return-Path: <openembedded-core-bounces@lists.openembedded.org>
Received: from mail.openembedded.org (mail.openembedded.org.
 [140.211.169.62]) by mx.google.com with ESMTP id
 23si24297287pga.145.2019.11.05.13.45.56; 
 Tue, 05 Nov 2019 13:45:56 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 openembedded-core-bounces@lists.openembedded.org designates
 140.211.169.62 as permitted sender) client-ip=140.211.169.62; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@stusta.de
 header.s=default header.b="r4oI/wQa"; 
 spf=pass (google.com: best guess record for domain of
 openembedded-core-bounces@lists.openembedded.org designates
 140.211.169.62 as permitted sender)
 smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org;
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=stusta.de
Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost
 [127.0.0.1])
 by mail.openembedded.org (Postfix) with ESMTP id D51D97F9A3;
 Tue,  5 Nov 2019 21:45:07 +0000 (UTC)
X-Original-To: openembedded-core@lists.openembedded.org
Delivered-To: openembedded-core@lists.openembedded.org
Received: from mail.stusta.mhn.de (mail.stusta.mhn.de [141.84.69.5])
 by mail.openembedded.org (Postfix) with ESMTP id 197A07F8BB
 for <openembedded-core@lists.openembedded.org>;
 Tue,  5 Nov 2019 21:44:52 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by mail.stusta.mhn.de (Postfix) with ESMTPSA id 47739K0lZqzHg
 for <openembedded-core@lists.openembedded.org>;
 Tue,  5 Nov 2019 22:44:53 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stusta.de;
 s=default; t=1572990293;
 bh=E0e5uwTMv8ZnE0VPmAcw8sv0xaRWuUqKQjCW16CQsW8=;
 h=From:To:Subject:Date:From;
 b=r4oI/wQa19wwudPeZf2f3ag7ULS47KMVFKhlOM9/rTGp2W1HMZoOVBQZbQ7b7aAub
 7LZBcFnMG2CRCD9kGC2i30MzLBLvJmEcBrLO5N2rFzeC2OhMkpCxZW5tnIs/4HeJFs
 PYKFboW4MACkVuO+svi+DZhb+jZ6D79ikgjgcg2NPCyplNJfMB/X57uer+Kxw5ePA+
 LJEfnC7yDz4DvOJI1PhCKbNRoVnUbxtcEsWhIYs3bP3ozVjSfkFKBN6+fLd60FIBCv
 aWQ4efG5nbfT+gRK3O3MIdCr2p5zRDD9V/sMqHG8wKSmJ5X2fd14hnyUXzEk0m2PCm
 eXwFqLCJHKYCY2FVtAjAuJ1mJelRid3pO9zCsnpBrlfYMqVvmPz2gTbFDlAbPkm+Qo
 ey40MjeOg8tHr7CDNKTPuxx4q082gWV1ZUTt20x6ul0MFgG1JADuQJ8coVnCg5TVS9
 zmcPlKJwdFbZIhV3+Pgle/iZTUGQ3WxaLcpZ9rf+TlwaU+kjJJDhoc4SDKq2x7pOXS
 xa8OFgaRRC1HrJSt3xpCsapKKww85NAGAwqx0wKoumZsTSkcGBlBpuLncDzNa4YnzU
 Xr09oQC9G6VB8XKl+8pFWyirs9RQi2wmPWQpgHjOAX9RM6qUgsCKn4fvRNJ1T9M0UP
 cBub9tpykPPxI/MMwawtzPRs=
From: Adrian Bunk <bunk@stusta.de>
To: openembedded-core@lists.openembedded.org
Date: Tue,  5 Nov 2019 23:44:45 +0200
Message-Id: <20191105214448.2511-9-bunk@stusta.de>
X-Mailer: git-send-email 2.17.1
Subject: [OE-core] [warrior][PATCH] libsndfile1: whitelist CVE-2018-13419
X-BeenThere: openembedded-core@lists.openembedded.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Patches and discussions about the oe-core layer
 <openembedded-core.lists.openembedded.org>
List-Unsubscribe: <http://lists.openembedded.org/mailman/options/openembedded-core>, 
 <mailto:openembedded-core-request@lists.openembedded.org?subject=unsubscribe>
List-Archive: <http://lists.openembedded.org/pipermail/openembedded-core/>
List-Post: <mailto:openembedded-core@lists.openembedded.org>
List-Help: <mailto:openembedded-core-request@lists.openembedded.org?subject=help>
List-Subscribe: <http://lists.openembedded.org/mailman/listinfo/openembedded-core>, 
 <mailto:openembedded-core-request@lists.openembedded.org?subject=subscribe>
MIME-Version: 1.0
Sender: openembedded-core-bounces@lists.openembedded.org
Errors-To: openembedded-core-bounces@lists.openembedded.org

From: Ross Burton <ross.burton@intel.com>

This is a memory leak that nobody else can replicate and has been rejected by
upstream.

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
---
 meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb | 3 +++
 1 file changed, 3 insertions(+)

-- 
2.17.1

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index 77393db847..6044bf09c7 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -38,3 +38,6 @@ do_configure_prepend_arm() {
 	export ac_cv_sys_file_offset_bits=64
 }
 
+# This can't be replicated and is just a memory leak.
+# https://github.com/erikd/libsndfile/issues/398
+CVE_CHECK_WHITELIST += "CVE-2018-13419"