6 年之前 · 22febdc60e
--- a/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
+++ b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
@@ -0,0 +1,20 @@
 
				+Use-after-free detected with static analysis.
			
 
				+
			
 
				+CVE: CVE-2019-7317
			
 
				+Upstream-Status: Submitted [https://github.com/glennrp/libpng/issues/275]
			
 
				+Signed-off-by: Ross Burton <ross.burton@intel.com>
			
 
				+
			
 
				+diff --git a/png.c b/png.c
			
 
				+index 9d9926f638..efd1aecfbd 100644
			
 
				+--- a/png.c
			
 
				++++ b/png.c
			
 
				+@@ -4588,8 +4588,7 @@ png_image_free(png_imagep image)
			
 
				+    if (image != NULL && image->opaque != NULL &&
			
 
				+       image->opaque->error_buf == NULL)
			
 
				+    {
			
 
				+-      /* Ignore errors here: */
			
 
				+-      (void)png_safe_execute(image, png_image_free_function, image);
			
 
				++      png_image_free_function(image);
			
 
				+       image->opaque = NULL;
			
 
				+    }
			
 
				+ }
			
--- a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.36.bb
@@ -9,7 +9,8 @@ DEPENDS = "zlib"
 
				 
			
 
				 LIBV = "16"
			
 
				 
			
 
				-SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz"
			
 
				+SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz \
			
 
				+           file://CVE-2019-7317.patch"
			
 
				 SRC_URI[md5sum] = "df2be2d29c40937fe1f5349b16bc2826"
			
 
				 SRC_URI[sha256sum] = "eceb924c1fa6b79172fdfd008d335f0e59172a86a66481e09d4089df872aa319"