From patchwork Sun Nov 10 14:54:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anuj Mittal X-Patchwork-Id: 179040 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp5471555ilf; Sun, 10 Nov 2019 06:55:19 -0800 (PST) X-Google-Smtp-Source: APXvYqxtSbsXD1xpquHcEPlydsbo2y9P13w5Pz68NyJSyPUdCCdD5R7YdQRBSEfzOlg6ZNypmpeR X-Received: by 2002:a17:90a:8a12:: with SMTP id w18mr19362343pjn.51.1573397719449; Sun, 10 Nov 2019 06:55:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573397719; cv=none; d=google.com; s=arc-20160816; b=tPGjJlCojTVywI81AGIPJO3E0QzXQJoUWyBXPvzUzQHvFnD3uEbG4RcDO8MP+QdARy ay7byVCUCpOpdoKGvypKNG82idg7PWyR7Nl/ydX0Gd/B9b2/ZC7RrhVnoCALERU6ylPP c3hAWnwM1IAQan50gAkQDKeVKy6UodfjmW3mRCiurQNXvjflEtHZ/SHB2jYseIG0WM0o 7aszt6/aKU2mcbzEE4KMT/889ZvoTosjb9+ozAc4QJSx5NUI9zVQpEDUHRfsNjBQJgYf 1N6dlogcElZFX3Wvs0rbkyCbuGD2eolzxcBVqBh29eOb1BP9gLUqXiuopCYBBWtRImgy nUlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :delivered-to; bh=cgVGKRGY9v+RSr1nee2VzDIbo0UzR9veN9ZJMSit3Nw=; b=UzywiQwZbvguB2ALecBN4cOLklp42A+oOZFVNc4vVTO0wIJM10e5XYJ7rTV/JtAhqB hFjxSObdLWEk3KO/qG3n3k1ySa84M6Cj8XON0lc8zIO/cAsPq5c+pltIfxo7Gy/M9+yW XGJIjU0oScNk7bO3Po54kk10nFAC5c5sOwQZcxnKeXH5zUB/PIk2wtSe5chT8yQ1gKe9 h2PJjcJproFUnA55zNLdjusPL9q6P0oC7gCg48Y2gEPrN+WSKGYbNOUB7EVOqsFxuLX4 S5XwFZfe+kfXhKywi5wate5haiA53jvlWqOAfCx9aTyrk7IditOGjw/zb05cxi9aP2pa wYsw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id q12si14427659pgk.383.2019.11.10.06.55.19; Sun, 10 Nov 2019 06:55:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 3F7837FA15; Sun, 10 Nov 2019 14:54:56 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mail.openembedded.org (Postfix) with ESMTP id 624387F987 for ; Sun, 10 Nov 2019 14:54:44 +0000 (UTC) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Nov 2019 06:54:45 -0800 X-IronPort-AV: E=Sophos;i="5.68,289,1569308400"; d="scan'208";a="197423083" Received: from wkwak-mobl1.gar.corp.intel.com (HELO anmitta2-mobl1.gar.corp.intel.com) ([10.252.8.93]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Nov 2019 06:54:44 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Date: Sun, 10 Nov 2019 22:54:14 +0800 Message-Id: <20191110145416.5171-6-anuj.mittal@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20191110145416.5171-1-anuj.mittal@intel.com> References: <20191110145416.5171-1-anuj.mittal@intel.com> MIME-Version: 1.0 Subject: [OE-core] [PATCH 5/7] libsndfile1: whitelist CVE-2018-13419 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton This is a memory leak that nobody else can replicate and has been rejected by upstream. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Adrian Bunk Signed-off-by: Anuj Mittal --- meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb | 4 ++++ 1 file changed, 4 insertions(+) -- 2.21.0 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb index ffb45855a4..7855008f3d 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb +++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb @@ -33,3 +33,7 @@ PACKAGECONFIG[alsa] = "--enable-alsa,--disable-alsa,alsa-lib" PACKAGECONFIG[regtest] = "--enable-sqlite,--disable-sqlite,sqlite3" inherit autotools lib_package pkgconfig + +# This can't be replicated and is just a memory leak. +# https://github.com/erikd/libsndfile/issues/398 +CVE_CHECK_WHITELIST += "CVE-2018-13419"