From patchwork Mon Nov 4 13:51:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 178423 Delivered-To: patch@linaro.org Received: by 2002:ac9:3c86:0:0:0:0:0 with SMTP id w6csp4074708ocf; Mon, 4 Nov 2019 05:51:23 -0800 (PST) X-Google-Smtp-Source: APXvYqypDPJpHoSVieChe6wkUblhXN173yusQMwArLKf8/BJNRG2p7QLsRkEVSDsBzRdFfy2qjVO X-Received: by 2002:a17:90a:eb18:: with SMTP id j24mr23402570pjz.85.1572875483531; Mon, 04 Nov 2019 05:51:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1572875483; cv=none; d=google.com; s=arc-20160816; b=ebg743wxEEgi6MFJlbowqs51d7GOYTz+NLMmVHahv2VprEbRh3UXcL7/5BnhmW6kGD xiU9asR3z1eHKRcRfZD+qH5jYJey6dGhbbbQNquVbyoJ5kbcdcP1q2TWw9+uiZuMF8uw iidN2LPv7o9e1bm6ZrZ+qZqFUTufybmiVVSxWSVc3/db2Gu2vl9CgN70DYdZ1JjJ2/IC 2TgCsD+4k3vryrNe3Qh5N2wErLCdjVMHvHCkaxUYcn4e0E7Squ5H/X4ZxjFOUCfJOxdO h3lzqPgnUIV5VyfEf0tEXzkbfKVPJjW0r8PM/acCkwQ+SyVg9ydFIZADxV4HtVhhtkJD TqKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:delivered-to; bh=4mz6+ufHCC8/ZcHxD68t+4z7HzpRgdIBk8QyTtu6ab0=; b=uvcyrCue+4ssA91Z10tgUuEOx+BG6YaPAoXfdIxNHSK4oPEEDviktj9+ElsWE3UOkz kH3AnKu4ajVqWJ0VyN/hCQIkXTg4wjJjO73SU5E3j0MIJOQoDXbc1ev+WgNCbTOh/2bk nFk0AbRfeKMlvQtf98aThjfoIfjnEHIx8Z9CuqS7IkUwfLkAdyzBFMrGAC6zo+G6uccF qCDKLne+/hT2Tht8pklvpocq4Pq0ZjwkS0xwZdC5LEsQtvJAG3F/7/MhvsiCq4jUVJ55 Ygl1aA63dpFi+IpYHBCRsit+IExOrBA8+A62/VyEK2hn1Q3oVDLmHEUsYDzJnJkwVW/T vmOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=pDQiC5RV; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id u10si18346301plz.302.2019.11.04.05.51.23; Mon, 04 Nov 2019 05:51:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=pDQiC5RV; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 3AB607F8C1; Mon, 4 Nov 2019 13:51:20 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mail.openembedded.org (Postfix) with ESMTP id EA3A57F881 for ; Mon, 4 Nov 2019 13:51:09 +0000 (UTC) Received: by mail-wm1-f49.google.com with SMTP id 11so16787532wmk.0 for ; Mon, 04 Nov 2019 05:51:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Nd8TWsrwP4UAVeP/ecM3jzGX6mFmdvC848p5nq2FRtQ=; b=pDQiC5RVcv/sMIht5I6SAXtqrEp9XYUoEh3iq1/v+Yu58uARigYrDaZu6rHfh55jq4 xLAvCfQ6qyOZzf68bAajaDiQjhXyJPVu4vSadbnqU5cd8jwy2ViyREW63GBZIl0jrwcv wHeUUFLGvBUY3CIUIfFdsX4BV+VTFuoeD6FANpbuJAtxZXphZ6a79/7HOblqUaMY7Cqj /BYEhOfT4TEOcrIf9lo8tCVQmzvjwVVxVkHU2iaag+tT2uDPKaHFTZrlOtBy8L32qlIz 0H3c3/nTt3SJvgAe70RyfPdBiEG2t+M6VZz3Lij7NdC3kkfm0f54AK4QZl9g9qkFhBrm dDFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Nd8TWsrwP4UAVeP/ecM3jzGX6mFmdvC848p5nq2FRtQ=; b=UQkhC9yS+988S5L3vNF6P2XD4n4bXjrRknL8V5fBZnzoeyHVn/90P8us62WxJQaDdJ kt3QsIK0IX3TjvX4gXFVHsuTUV26YXouFLnjTzbQp0yVNX37URperbGNvoz8kZmnjxLC KuifZWixlDkpU493ZmYYTZnXmDc49+MtZdrIq3T35S4tFcdKJlkKoOc9hn1E+/VWKkH7 ZQ6VA15JZSxpPlpIdcHg0Bf+C9ToHTuQ60dwLhSdUVSoPzVeIfvraas6OEh4J0meZYTF QTM+c1NYqmj7hoOYCnmiYQPvpQQcZKy1ta9YrWImI4MtldYimSIxTzjvdpMTGnrWZ21N sNbA== X-Gm-Message-State: APjAAAUJES0UIhZknH4JDsdjf53MApDnmqDRytekk98tQnMTf/81x3yZ e6aNT5Q2DinAA7PYdnjr2zXWY9Damqw= X-Received: by 2002:a7b:cc8b:: with SMTP id p11mr9284468wma.38.1572875470471; Mon, 04 Nov 2019 05:51:10 -0800 (PST) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id d11sm13431368wrn.28.2019.11.04.05.51.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Nov 2019 05:51:09 -0800 (PST) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Mon, 4 Nov 2019 13:51:06 +0000 Message-Id: <20191104135106.14625-2-ross.burton@intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191104135106.14625-1-ross.burton@intel.com> References: <20191104135106.14625-1-ross.burton@intel.com> MIME-Version: 1.0 Subject: [OE-core] [PATCH 2/2] libsndfile1: whitelist CVE-2018-13419 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org This is a memory leak that nobody else can replicate and has been rejected by upstream. Signed-off-by: Ross Burton --- meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb | 4 ++++ 1 file changed, 4 insertions(+) -- 2.20.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb index ffb45855a4b..0ba58399624 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb +++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb @@ -33,3 +33,7 @@ PACKAGECONFIG[alsa] = "--enable-alsa,--disable-alsa,alsa-lib" PACKAGECONFIG[regtest] = "--enable-sqlite,--disable-sqlite,sqlite3" inherit autotools lib_package pkgconfig + +# This can't be replicated and is just a memory leak. +# https://github.com/erikd/libsndfile/issues/398 +CVE_CHECK_WHITELIST = "CVE-2018-13419"