Hello, Yes that was the V2. Changes included adding the CVE tag and Signed-off-by in the included patch. ________________________________ From: Denys Dmytriyenko <[email protected]> Sent: March 23, 2020 4:32 PM To: Sajal, Sakib <[email protected]> Cc: [email protected] <[email protected]> Subject: Re: [OE-core] [PATCH] libpng: Fix CVE-2019-6129
Hi, Is this v2? Should say so in the subject. Also, should mention the changes from v1 under the commit log. On Mon, Mar 23, 2020 at 02:28:23PM -0700, Sakib Sajal wrote: > Fix memory leak in png_create_info_struct. > > Upstream-Status: Submitted [https://github.com/glennrp/libpng/pull/293] BTW, Upstream-Status: should be in the patch, not in the commit log. > CVE: CVE-2019-6129 > > Signed-off-by: Sakib Sajal <[email protected]> > --- > .../libpng/0001-Repair-of-CVE-2019-6129.patch | 27 +++++++++++++++++++ > .../libpng/libpng_1.6.37.bb | 5 +++- > 2 files changed, 31 insertions(+), 1 deletion(-) > create mode 100644 > meta/recipes-multimedia/libpng/libpng/0001-Repair-of-CVE-2019-6129.patch > > diff --git > a/meta/recipes-multimedia/libpng/libpng/0001-Repair-of-CVE-2019-6129.patch > b/meta/recipes-multimedia/libpng/libpng/0001-Repair-of-CVE-2019-6129.patch > new file mode 100644 > index 0000000000..1bb2da1984 > --- /dev/null > +++ b/meta/recipes-multimedia/libpng/libpng/0001-Repair-of-CVE-2019-6129.patch > @@ -0,0 +1,27 @@ > +From ed73b082d0296c6181f2ac11e8dd78e8f7c6d66b Mon Sep 17 00:00:00 2001 > +From: tangyaofang <[email protected]> > +Date: Mon, 10 Jun 2019 11:30:15 +0800 > +Subject: [PATCH] Repair of CVE-2019-6129 > + > +CVE: CVE-2019-6129 > +Signed-off-by: Sakib Sajal <[email protected]> > +--- > + contrib/tools/pngcp.c | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/contrib/tools/pngcp.c b/contrib/tools/pngcp.c > +index 16d4e7f4d..a02d5b7ff 100644 > +--- a/contrib/tools/pngcp.c > ++++ b/contrib/tools/pngcp.c > +@@ -506,7 +506,7 @@ static void > + display_clean_read(struct display *dp) > + { > + if (dp->read_pp != NULL) > +- png_destroy_read_struct(&dp->read_pp, NULL, NULL); > ++ png_destroy_read_struct(&dp->read_pp, (dp->ip!=NULL ? &dp->ip : > NULL), NULL); > + > + if (dp->fp != NULL) > + { > +-- > +2.20.1 > + > diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.37.bb > b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb > index 8c53d11642..f33b942cd7 100644 > --- a/meta/recipes-multimedia/libpng/libpng_1.6.37.bb > +++ b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb > @@ -7,7 +7,10 @@ DEPENDS = "zlib" > > LIBV = "16" > > -SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz" > +SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz \ > + file://0001-Repair-of-CVE-2019-6129.patch \ > + " > + > SRC_URI[md5sum] = "015e8e15db1eecde5f2eb9eb5b6e59e9" > SRC_URI[sha256sum] = > "505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca" > > -- > 2.24.1 > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#136622): https://lists.openembedded.org/g/openembedded-core/message/136622 Mute This Topic: https://lists.openembedded.org/mt/72501079/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
