* [PATCH] libpng: Fix CVE-2019-6129
@ 2020-03-23 19:35 Sakib Sajal
0 siblings, 0 replies; 2+ messages in thread
From: Sakib Sajal @ 2020-03-23 19:35 UTC (permalink / raw
To: openembedded-core
Fix of memory leak in png_create_info_struct.
Upstream-Status: Submitted [https://github.com/glennrp/libpng/pull/293]
CVE: CVE-2019-6129
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
.../libpng/0001-Repair-of-CVE-2019-6129.patch | 25 +++++++++++++++++++
.../libpng/libpng_1.6.37.bb | 5 +++-
2 files changed, 29 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-multimedia/libpng/libpng/0001-Repair-of-CVE-2019-6129.patch
diff --git a/meta/recipes-multimedia/libpng/libpng/0001-Repair-of-CVE-2019-6129.patch b/meta/recipes-multimedia/libpng/libpng/0001-Repair-of-CVE-2019-6129.patch
new file mode 100644
index 0000000000..9adc5b1bb5
--- /dev/null
+++ b/meta/recipes-multimedia/libpng/libpng/0001-Repair-of-CVE-2019-6129.patch
@@ -0,0 +1,25 @@
+From a0ca4293454ef65e67efca5dc440c601d2835e90 Mon Sep 17 00:00:00 2001
+From: tangyaofang <tangyaofang6666@163.com>
+Date: Mon, 10 Jun 2019 11:30:15 +0800
+Subject: [PATCH] Repair of CVE-2019-6129
+
+---
+ contrib/tools/pngcp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/contrib/tools/pngcp.c b/contrib/tools/pngcp.c
+index 16d4e7f4d..a02d5b7ff 100644
+--- a/contrib/tools/pngcp.c
++++ b/contrib/tools/pngcp.c
+@@ -506,7 +506,7 @@ static void
+ display_clean_read(struct display *dp)
+ {
+ if (dp->read_pp != NULL)
+- png_destroy_read_struct(&dp->read_pp, NULL, NULL);
++ png_destroy_read_struct(&dp->read_pp, (dp->ip!=NULL ? &dp->ip : NULL), NULL);
+
+ if (dp->fp != NULL)
+ {
+--
+2.20.1
+
diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.37.bb b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
index 8c53d11642..f33b942cd7 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
@@ -7,7 +7,10 @@ DEPENDS = "zlib"
LIBV = "16"
-SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz"
+SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz \
+ file://0001-Repair-of-CVE-2019-6129.patch \
+ "
+
SRC_URI[md5sum] = "015e8e15db1eecde5f2eb9eb5b6e59e9"
SRC_URI[sha256sum] = "505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca"
--
2.24.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH] libpng: Fix CVE-2019-6129
@ 2020-03-23 21:28 Sakib Sajal
0 siblings, 0 replies; 2+ messages in thread
From: Sakib Sajal @ 2020-03-23 21:28 UTC (permalink / raw
To: openembedded-core
Fix memory leak in png_create_info_struct.
Upstream-Status: Submitted [https://github.com/glennrp/libpng/pull/293]
CVE: CVE-2019-6129
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
.../libpng/0001-Repair-of-CVE-2019-6129.patch | 27 +++++++++++++++++++
.../libpng/libpng_1.6.37.bb | 5 +++-
2 files changed, 31 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-multimedia/libpng/libpng/0001-Repair-of-CVE-2019-6129.patch
diff --git a/meta/recipes-multimedia/libpng/libpng/0001-Repair-of-CVE-2019-6129.patch b/meta/recipes-multimedia/libpng/libpng/0001-Repair-of-CVE-2019-6129.patch
new file mode 100644
index 0000000000..1bb2da1984
--- /dev/null
+++ b/meta/recipes-multimedia/libpng/libpng/0001-Repair-of-CVE-2019-6129.patch
@@ -0,0 +1,27 @@
+From ed73b082d0296c6181f2ac11e8dd78e8f7c6d66b Mon Sep 17 00:00:00 2001
+From: tangyaofang <tangyaofang6666@163.com>
+Date: Mon, 10 Jun 2019 11:30:15 +0800
+Subject: [PATCH] Repair of CVE-2019-6129
+
+CVE: CVE-2019-6129
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ contrib/tools/pngcp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/contrib/tools/pngcp.c b/contrib/tools/pngcp.c
+index 16d4e7f4d..a02d5b7ff 100644
+--- a/contrib/tools/pngcp.c
++++ b/contrib/tools/pngcp.c
+@@ -506,7 +506,7 @@ static void
+ display_clean_read(struct display *dp)
+ {
+ if (dp->read_pp != NULL)
+- png_destroy_read_struct(&dp->read_pp, NULL, NULL);
++ png_destroy_read_struct(&dp->read_pp, (dp->ip!=NULL ? &dp->ip : NULL), NULL);
+
+ if (dp->fp != NULL)
+ {
+--
+2.20.1
+
diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.37.bb b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
index 8c53d11642..f33b942cd7 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
@@ -7,7 +7,10 @@ DEPENDS = "zlib"
LIBV = "16"
-SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz"
+SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz \
+ file://0001-Repair-of-CVE-2019-6129.patch \
+ "
+
SRC_URI[md5sum] = "015e8e15db1eecde5f2eb9eb5b6e59e9"
SRC_URI[sha256sum] = "505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca"
--
2.24.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-03-23 21:28 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-03-23 19:35 [PATCH] libpng: Fix CVE-2019-6129 Sakib Sajal
-- strict thread matches above, loose matches on Subject: below --
2020-03-23 21:28 Sakib Sajal
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.