On Mon, Nov 04, 2019 at 12:42:51PM +0000, Ross Burton wrote:
> This is actually a memory leak in gif2png 2.x, so whitelist it in the libpng
> recipe.
>
> Signed-off-by: Ross Burton <[email protected]>
> ---
> meta/recipes-multimedia/libpng/libpng_1.6.37.bb | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
> b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
> index 66af2f3d60e..07970e14360 100644
> --- a/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
> +++ b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
> @@ -29,3 +29,6 @@ PACKAGES =+ "${PN}-tools"
> FILES_${PN}-tools = "${bindir}/png-fix-itxt ${bindir}/pngfix ${bindir}/pngcp"
>
> BBCLASSEXTEND = "native nativesdk"
> +
> +# CVE-2019-17371 is actually a memory leak in gif2png 2.x
> +CVE_CHECK_WHITELIST = "CVE-2019-17371"
These should use += to not overwrite whitelists defined by
the distribution or the user.
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
--
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core
