poky: sumo refresh 51872d3f99..3b8dc3a88e
Update poky to sumo HEAD.
Andrej Valek (1):
wpa-supplicant: fix CVE-2018-14526
Armin Kuster (2):
xserver-xorg: config: fix NULL value detection for ID_INPUT being unset
binutils: Change the ARM assembler's ADR and ADRl pseudo-ops so that they will only set the bottom bit of imported thumb function symbols if the -mthumb-interwork option is active.
Bruce Ashfield (3):
linux-yocto/4.12: update to v4.12.28
linux-yocto/4.14: update to v4.14.62
linux-yocto/4.14: update to v4.14.67
Changqing Li (6):
libexif: patch for CVE-2017-7544
squashfs-tools: patch for CVE-2015-4645(4646)
libcroco: patch for CVE-2017-7960
libid3tag: patch for CVE-2004-2779
libice: patch for CVE-2017-2626
apr-util: fix ptest fail problem
Chen Qi (2):
util-linux: upgrade 2.32 -> 2.32.1
busybox: move init related configs to init.cfg
Jagadeesh Krishnanjanappa (2):
libarchive: CVE-2017-14501
libcgroup: CVE-2018-14348
Jon Szymaniak (1):
cve-check.bbclass: detect CVE IDs listed on multiple lines
Joshua Lock (1):
os-release: fix to install in the expected location
Khem Raj (1):
serf: Fix Sconstruct build with python 3.7
Konstantin Shemyak (1):
cve-check.bbclass: do not download the CVE DB in package-specific tasks
Mike Looijmans (1):
busybox/mdev-mount.sh: Fix partition detect and cleanup mountpoint on fail
Ross Burton (1):
lrzsz: fix CVE-2018-10195
Sinan Kaya (3):
busybox: CVE-2017-15874
libpng: CVE-2018-13785
sqlite3: CVE-2018-8740
Yadi.hu (1):
busybox: handle syslog
Yi Zhao (2):
blktrace: Security fix CVE-2018-10689
taglib: Security fix CVE-2018-11439
Zheng Ruoqin (1):
glibc: fix CVE-2018-11237
Change-Id: I2eb1fe6574638de745e4bfc106b86fe797b977c8
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/recipes-support/taglib/taglib/CVE-2018-11439.patch b/poky/meta/recipes-support/taglib/taglib/CVE-2018-11439.patch
new file mode 100644
index 0000000..cdd66e6
--- /dev/null
+++ b/poky/meta/recipes-support/taglib/taglib/CVE-2018-11439.patch
@@ -0,0 +1,51 @@
+From 272648ccfcccae30e002ccf34a22e075dd477278 Mon Sep 17 00:00:00 2001
+From: Scott Gayou <github.scott@gmail.com>
+Date: Mon, 4 Jun 2018 11:34:36 -0400
+Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868)
+
+This CVE is caused by a failure to check the minimum length
+of a ogg flac header. This header is detailed in full at:
+https://xiph.org/flac/ogg_mapping.html. Added more strict checking
+for entire header.
+
+Upstream-Status: Backport
+[https://github.com/taglib/taglib/pull/869/commits/272648ccfcccae30e002ccf34a22e075dd477278]
+
+CVE: CVE-2018-11439
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp
+index 53d0450..07ea9dc 100644
+--- a/taglib/ogg/flac/oggflacfile.cpp
++++ b/taglib/ogg/flac/oggflacfile.cpp
+@@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan()
+
+ if(!metadataHeader.startsWith("fLaC")) {
+ // FLAC 1.1.2+
++ // See https://xiph.org/flac/ogg_mapping.html for the header specification.
++ if(metadataHeader.size() < 13)
++ return;
++
++ if(metadataHeader[0] != 0x7f)
++ return;
++
+ if(metadataHeader.mid(1, 4) != "FLAC")
+ return;
+
+- if(metadataHeader[5] != 1)
+- return; // not version 1
++ if(metadataHeader[5] != 1 && metadataHeader[6] != 0)
++ return; // not version 1.0
++
++ if(metadataHeader.mid(9, 4) != "fLaC")
++ return;
+
+ metadataHeader = metadataHeader.mid(13);
+ }
+--
+2.7.4
+