From 193236933b0f4ab91b1625b64e2187e2db4e0e8f Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Fri, 5 Apr 2019 15:28:33 -0400 Subject: reset upstream subtrees to HEAD Reset the following subtrees on HEAD: poky: 8217b477a1(master) meta-xilinx: 64aa3d35ae(master) meta-openembedded: 0435c9e193(master) meta-raspberrypi: 490a4441ac(master) meta-security: cb6d1c85ee(master) Squashed patches: meta-phosphor: drop systemd 239 patches meta-phosphor: mrw-api: use correct install path Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d Signed-off-by: Brad Bishop --- .../libid3tag/libid3tag/10_utf16.dpatch | 33 ---------------------- .../libid3tag/libid3tag/10_utf16.patch | 33 ++++++++++++++++++++++ .../libid3tag/libid3tag_0.15.1b.bb | 2 +- 3 files changed, 34 insertions(+), 34 deletions(-) delete mode 100644 poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch create mode 100644 poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch (limited to 'poky/meta/recipes-multimedia/libid3tag') diff --git a/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch b/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch deleted file mode 100644 index 8d09ce7b6..000000000 --- a/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch +++ /dev/null @@ -1,33 +0,0 @@ -libid3tag: patch for CVE-2004-2779 - -The patch comes from -https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch - -Upstream-Status: Pending - -CVE: CVE-2004-2779 - -Signed-off-by: Changqing Li - -diff -urNad libid3tag-0.15.1b/utf16.c /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c ---- libid3tag-0.15.1b/utf16.c 2006-01-13 15:26:29.000000000 +0100 -+++ /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c 2006-01-13 15:27:19.000000000 +0100 -@@ -282,5 +282,18 @@ - - free(utf16); - -+ if (end == *ptr && length % 2 != 0) -+ { -+ /* We were called with a bogus length. It should always -+ * be an even number. We can deal with this in a few ways: -+ * - Always give an error. -+ * - Try and parse as much as we can and -+ * - return an error if we're called again when we -+ * already tried to parse everything we can. -+ * - tell that we parsed it, which is what we do here. -+ */ -+ (*ptr)++; -+ } -+ - return ucs4; - } diff --git a/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch b/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch new file mode 100644 index 000000000..8d09ce7b6 --- /dev/null +++ b/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch @@ -0,0 +1,33 @@ +libid3tag: patch for CVE-2004-2779 + +The patch comes from +https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch + +Upstream-Status: Pending + +CVE: CVE-2004-2779 + +Signed-off-by: Changqing Li + +diff -urNad libid3tag-0.15.1b/utf16.c /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c +--- libid3tag-0.15.1b/utf16.c 2006-01-13 15:26:29.000000000 +0100 ++++ /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c 2006-01-13 15:27:19.000000000 +0100 +@@ -282,5 +282,18 @@ + + free(utf16); + ++ if (end == *ptr && length % 2 != 0) ++ { ++ /* We were called with a bogus length. It should always ++ * be an even number. We can deal with this in a few ways: ++ * - Always give an error. ++ * - Try and parse as much as we can and ++ * - return an error if we're called again when we ++ * already tried to parse everything we can. ++ * - tell that we parsed it, which is what we do here. ++ */ ++ (*ptr)++; ++ } ++ + return ucs4; + } diff --git a/poky/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb b/poky/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb index fe3164610..43edd3fe6 100644 --- a/poky/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb +++ b/poky/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb @@ -13,7 +13,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/mad/libid3tag-${PV}.tar.gz \ file://addpkgconfig.patch \ file://obsolete_automake_macros.patch \ file://0001-Fix-gperf-3.1-incompatibility.patch \ - file://10_utf16.dpatch \ + file://10_utf16.patch \ " UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/mad/files/libid3tag/" UPSTREAM_CHECK_REGEX = "/projects/mad/files/libid3tag/(?P.*)/$" -- cgit v1.2.3