diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-08-23 11:11:46 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-09-27 14:47:44 +0300 |
commit | bba38f38e7e41525c30116a2fe990d113b8157da (patch) | |
tree | 14a0d015f4b144a97c51c896e7a3135b600760a6 /poky/meta/recipes-support/libexif | |
parent | 36b84cde8facab568630eec811e483cf1fc50848 (diff) | |
download | openbmc-bba38f38e7e41525c30116a2fe990d113b8157da.tar.xz |
poky: sumo refresh 51872d3f99..3b8dc3a88e
Update poky to sumo HEAD.
Andrej Valek (1):
wpa-supplicant: fix CVE-2018-14526
Armin Kuster (2):
xserver-xorg: config: fix NULL value detection for ID_INPUT being unset
binutils: Change the ARM assembler's ADR and ADRl pseudo-ops so that they will only set the bottom bit of imported thumb function symbols if the -mthumb-interwork option is active.
Bruce Ashfield (3):
linux-yocto/4.12: update to v4.12.28
linux-yocto/4.14: update to v4.14.62
linux-yocto/4.14: update to v4.14.67
Changqing Li (6):
libexif: patch for CVE-2017-7544
squashfs-tools: patch for CVE-2015-4645(4646)
libcroco: patch for CVE-2017-7960
libid3tag: patch for CVE-2004-2779
libice: patch for CVE-2017-2626
apr-util: fix ptest fail problem
Chen Qi (2):
util-linux: upgrade 2.32 -> 2.32.1
busybox: move init related configs to init.cfg
Jagadeesh Krishnanjanappa (2):
libarchive: CVE-2017-14501
libcgroup: CVE-2018-14348
Jon Szymaniak (1):
cve-check.bbclass: detect CVE IDs listed on multiple lines
Joshua Lock (1):
os-release: fix to install in the expected location
Khem Raj (1):
serf: Fix Sconstruct build with python 3.7
Konstantin Shemyak (1):
cve-check.bbclass: do not download the CVE DB in package-specific tasks
Mike Looijmans (1):
busybox/mdev-mount.sh: Fix partition detect and cleanup mountpoint on fail
Ross Burton (1):
lrzsz: fix CVE-2018-10195
Sinan Kaya (3):
busybox: CVE-2017-15874
libpng: CVE-2018-13785
sqlite3: CVE-2018-8740
Yadi.hu (1):
busybox: handle syslog
Yi Zhao (2):
blktrace: Security fix CVE-2018-10689
taglib: Security fix CVE-2018-11439
Zheng Ruoqin (1):
glibc: fix CVE-2018-11237
Change-Id: I2eb1fe6574638de745e4bfc106b86fe797b977c8
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-support/libexif')
-rw-r--r-- | poky/meta/recipes-support/libexif/libexif/CVE-2017-7544.patch | 40 | ||||
-rw-r--r-- | poky/meta/recipes-support/libexif/libexif_0.6.21.bb | 3 |
2 files changed, 42 insertions, 1 deletions
diff --git a/poky/meta/recipes-support/libexif/libexif/CVE-2017-7544.patch b/poky/meta/recipes-support/libexif/libexif/CVE-2017-7544.patch new file mode 100644 index 0000000000..e49481ff84 --- /dev/null +++ b/poky/meta/recipes-support/libexif/libexif/CVE-2017-7544.patch @@ -0,0 +1,40 @@ +From 8a92f964a66d476ca8907234359e92a70fc1325b Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Tue, 28 Aug 2018 15:12:10 +0800 +Subject: [PATCH] On saving makernotes, make sure the makernote container tags + has a type with 1 byte components. + +Fixes (at least): + https://sourceforge.net/p/libexif/bugs/130 + https://sourceforge.net/p/libexif/bugs/129 + +Upstream-Status: Backport[https://github.com/libexif/libexif/commit/ +c39acd1692023b26290778a02a9232c873f9d71a#diff-830e348923810f00726700b083ec00cd] + +CVE: CVE-2017-7544 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + libexif/exif-data.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/libexif/exif-data.c b/libexif/exif-data.c +index 67df4db..6bf89eb 100644 +--- a/libexif/exif-data.c ++++ b/libexif/exif-data.c +@@ -255,6 +255,12 @@ exif_data_save_data_entry (ExifData *data, ExifEntry *e, + exif_mnote_data_set_offset (data->priv->md, *ds - 6); + exif_mnote_data_save (data->priv->md, &e->data, &e->size); + e->components = e->size; ++ if (exif_format_get_size (e->format) != 1) { ++ /* e->format is taken from input code, ++ * but we need to make sure it is a 1 byte ++ * entity due to the multiplication below. */ ++ e->format = EXIF_FORMAT_UNDEFINED; ++ } + } + } + +-- +2.7.4 + diff --git a/poky/meta/recipes-support/libexif/libexif_0.6.21.bb b/poky/meta/recipes-support/libexif/libexif_0.6.21.bb index cff4caede9..b550a1125c 100644 --- a/poky/meta/recipes-support/libexif/libexif_0.6.21.bb +++ b/poky/meta/recipes-support/libexif/libexif_0.6.21.bb @@ -4,7 +4,8 @@ SECTION = "libs" LICENSE = "LGPLv2.1" LIC_FILES_CHKSUM = "file://COPYING;md5=243b725d71bb5df4a1e5920b344b86ad" -SRC_URI = "${SOURCEFORGE_MIRROR}/libexif/libexif-${PV}.tar.bz2" +SRC_URI = "${SOURCEFORGE_MIRROR}/libexif/libexif-${PV}.tar.bz2 \ + file://CVE-2017-7544.patch" SRC_URI[md5sum] = "27339b89850f28c8f1c237f233e05b27" SRC_URI[sha256sum] = "16cdaeb62eb3e6dfab2435f7d7bccd2f37438d21c5218ec4e58efa9157d4d41a" |