From patchwork Sun Nov 10 14:54:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anuj Mittal X-Patchwork-Id: 179038 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp5471391ilf; Sun, 10 Nov 2019 06:55:07 -0800 (PST) X-Google-Smtp-Source: APXvYqzDrdbgJzGR6vsg5cjLLjhXuM06ZDjRwbEtsxAN4cqQmiI68wEn5kNOfJxnI9iq9A3IVyDh X-Received: by 2002:a63:e307:: with SMTP id f7mr24174289pgh.101.1573397707427; Sun, 10 Nov 2019 06:55:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573397707; cv=none; d=google.com; s=arc-20160816; b=uBK2OU1RNPIpT7kFQTw26HPbTq/ElJeeAjJoCdyE+qE7yks6R4l3PidnVjyrGCBg5E 0cmSsMmhlZKD6DGQdvG4pJr1ehyz34v9le0boxUgSTojfMt4Q7Ahm6lwz4G+eLr5PuTT fYM51IEd71xXEixpAe/nD8/Tv2sgr2+fS2/E5T9MMZcdIO5mJdHB9tDFlSkB+1nDKSne bnKc4KdcAZ7Y0GXgl5BrDnEobTR/CoENg5kY4CRYWBRixQfLMrfFZE7p9xVLdlky63hK zyOuRwi/AEzpdwXw8tlw+nOadfbsBdPMoFs81UIJ3YAIckkE5N2MMeHdBqeDv9Q3DG6o lGew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :delivered-to; bh=8gSYsahjg9/0Ay7psYTEwQ0+ucWTSxmR+EWmajjcSds=; b=MIVDp4Ibs81kZvA1yYLPoVx58DWetGUCnQFJ68yYWrvUEK1b4I9j+eCs2kpgQfgzTp wNQGwf+GSortnjoFZ6aLCe3c+9/X79fC0tgGfKQI8bPMsH73JU1n9L3N4QJuQ6OfDtar 7YvO5JU58Fo1HQ2LBpUzZuYaRk2AtB9Zp9etyFCjB858w6BRp0tKW8n0YJLLcWWIMgwY WaY+cV12hvMa+zDWNwFaF1nWkzWFvk2P2ro7wmiAtaOWJNXNu1BG8jnKQSJCq8XrRQ92 UtSowI9t0ldE7bFw69SW2dElCQ/9uOdqdzCr34kMO5y8pkYD96gZpQQfhnQtaTNGz61n bPyQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id f9si14212896pgl.301.2019.11.10.06.55.06; Sun, 10 Nov 2019 06:55:07 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id E0A697F9C6; Sun, 10 Nov 2019 14:54:53 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mail.openembedded.org (Postfix) with ESMTP id 46AB77F96A for ; Sun, 10 Nov 2019 14:54:40 +0000 (UTC) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Nov 2019 06:54:41 -0800 X-IronPort-AV: E=Sophos;i="5.68,289,1569308400"; d="scan'208";a="197423076" Received: from wkwak-mobl1.gar.corp.intel.com (HELO anmitta2-mobl1.gar.corp.intel.com) ([10.252.8.93]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Nov 2019 06:54:40 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Date: Sun, 10 Nov 2019 22:54:12 +0800 Message-Id: <20191110145416.5171-4-anuj.mittal@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20191110145416.5171-1-anuj.mittal@intel.com> References: <20191110145416.5171-1-anuj.mittal@intel.com> MIME-Version: 1.0 Subject: [OE-core] [PATCH 3/7] libpng: whitelist CVE-2019-17371 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton This is actually a memory leak in gif2png 2.x, so whitelist it in the libpng recipe. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Adrian Bunk Signed-off-by: Anuj Mittal --- meta/recipes-multimedia/libpng/libpng_1.6.37.bb | 3 +++ 1 file changed, 3 insertions(+) -- 2.21.0 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.37.bb b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb index 66af2f3d60..2ed87a8437 100644 --- a/meta/recipes-multimedia/libpng/libpng_1.6.37.bb +++ b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb @@ -29,3 +29,6 @@ PACKAGES =+ "${PN}-tools" FILES_${PN}-tools = "${bindir}/png-fix-itxt ${bindir}/pngfix ${bindir}/pngcp" BBCLASSEXTEND = "native nativesdk" + +# CVE-2019-17371 is actually a memory leak in gif2png 2.x +CVE_CHECK_WHITELIST += "CVE-2019-17371"