From patchwork Wed Nov 6 15:37:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178731 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp859937ilf; Wed, 6 Nov 2019 08:43:08 -0800 (PST) X-Google-Smtp-Source: APXvYqxh1dxYcma04y+1rfogyypw5/8hD+JWqzvr1Vjx97UPE9kGQuoWM2CbWDjkpK0WXVlfLVZu X-Received: by 2002:a62:18d8:: with SMTP id 207mr4369894pfy.15.1573058588629; Wed, 06 Nov 2019 08:43:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573058588; cv=none; d=google.com; s=arc-20160816; b=r5lCgUKZMKpeZhhtXRwDCagkpr5+4/+1YTH3mb+TpqXdIceuYxWIUErVW30jlazA/f YG7udlVGNNn1dg3VLc216wsTOyigkgDTR5HEysNnEwKDL2Mb65GU36m2aOWgmqdSnlH9 FX19kYwU9ibFtp9TsjaguHecIMIPrUf8xBgNhv4GHZQNgOKyves8feHb3fKFptyXGajG aDsjqs9ZpNtNXn0ckNM+yZ5Dzl9ZVzY+kTJgtCZLxneFFT2QSf1FxNoioIJv7x691CQ5 qc+kCkdg5yK8GlZi3R/W0hx99dT/i40jdpw12+HunOaptURSbKdzTi8PDBylsUKPc9hq bYFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=uSvkU1Rbp3G04y0jAsYuh0ysFlcxn6plGqMTKPh0/64=; b=X4XOHi6cCJAQ1NAhrERueY9hOerEM+vnEMqfyd0tYe63k2+95TSQQlC/WT4f4ZIKfw yVOH87zb5/TuxW15pFgGNRAXDQPw07zJpuCObr5z5C+NHnYibAwr30PLhZBM+aeyS/1N DKgOzumWlCq/OTXlgVcX3b8zXE8xXxVmQQANmyl8RDV1Mb8ou0CN4pTDeJ9bzX2RLuYV Z+NcQh1S5CHM1ewxahFktCGv3o/lodDJUTtPaFczLUaLXKxMI6rXbTWcOu7gqZt3gckl GuCAjxnatQO3n4gaguGklVqJoh8nYq/aN6UiWdEcycG4RpvygtieDu9EiD9jOUAZhE1E Od5A== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b="B/3NqXgK"; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id t5si30505554pgc.423.2019.11.06.08.43.08; Wed, 06 Nov 2019 08:43:08 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b="B/3NqXgK"; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 6227B7F89E; Wed, 6 Nov 2019 16:42:48 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 223A17F889 for ; Wed, 6 Nov 2019 15:38:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=dCJKtxLAlj1VedhvFZ86eAM28Jmc/NFjiWM5T47hVuU=; b=B/3NqXgKZFsFliJgljESA/y1hQ jRoJ2KDWD6dRuQwUZEquSapT5SQ0qLsujmQGmqK/naYe4N8OxJKyIVc5zoGlKYFnJNPnJeuUOzqBJ bKz83e6oY3XWWKmyiJClqoknGm3DwQwpQK4qAwsjOeeaVVDWhVbx+qKrvPbM9COJ9k+5WDoVg9zRr AvM/N+YqZl9galDHV9OleQK/jCFkykmYADuvDmH10+mSZ23lmGNpkvF7lY9JaKAk/ucSid2NQCnaO PdJOaC+er9lTFn0qaXLtdX38Tdt6Cu8mFXCkKZITuCyfS3mUj5mi4k8GxMHwB4Ny8ANpqaVh6e+p0 wurIz0wg==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOP-0000AJ-Nw; Wed, 06 Nov 2019 17:38:45 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO7-0007a2-5o; Wed, 06 Nov 2019 17:38:27 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:56 +0200 Message-Id: <57017cad7ceeb6360d0fd8cc3116146117212d96.1573047195.git.mikko.rapeli@bmw.de> X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: NEURAL_HAM(-0.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: 57017cad7ceeb6360d0fd8cc3116146117212d96.1573047195.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 41/47] libpng: whitelist CVE-2019-17371 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton This is actually a memory leak in gif2png 2.x, so whitelist it in the libpng recipe. (From OE-Core rev: 341e43ebd935daeb592cb073bf00f80c49a8ec2d) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Conflicts: meta/recipes-multimedia/libpng/libpng_1.6.37.bb --- meta/recipes-multimedia/libpng/libpng_1.6.34.bb | 3 +++ 1 file changed, 3 insertions(+) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.34.bb b/meta/recipes-multimedia/libpng/libpng_1.6.34.bb index 3877d6c..2edf268 100644 --- a/meta/recipes-multimedia/libpng/libpng_1.6.34.bb +++ b/meta/recipes-multimedia/libpng/libpng_1.6.34.bb @@ -30,3 +30,6 @@ PACKAGES =+ "${PN}-tools" FILES_${PN}-tools = "${bindir}/png-fix-itxt ${bindir}/pngfix ${bindir}/pngcp" BBCLASSEXTEND = "native nativesdk" + +# CVE-2019-17371 is actually a memory leak in gif2png 2.x +CVE_CHECK_WHITELIST += "CVE-2019-17371"