diff options
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-graphics/openjpeg')
4 files changed, 60 insertions, 0 deletions
diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch new file mode 100644 index 000000000..f5ce11a27 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch @@ -0,0 +1,51 @@ +From e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Sun, 28 Jun 2020 14:19:59 +0200 +Subject: [PATCH] opj_decompress: fix double-free on input directory with mix + of valid and invalid images (CVE-2020-15389) + +Fixes #1261 + +Credits to @Ruia-ruia for reporting and analysis. +--- + src/bin/jp2/opj_decompress.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- end of original header --- + +CVE: CVE-2020-15389 + +Upstream-Status: Backport [git://github.com/uclouvain/openjpeg.git] + +Signed-off-by: Joe Slater <joe.slater@windriver.com> + +--- +diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c +index 7eeb0952..2634907f 100644 +--- a/src/bin/jp2/opj_decompress.c ++++ b/src/bin/jp2/opj_decompress.c +@@ -1316,10 +1316,6 @@ static opj_image_t* upsample_image_components(opj_image_t* original) + int main(int argc, char **argv) + { + opj_decompress_parameters parameters; /* decompression parameters */ +- opj_image_t* image = NULL; +- opj_stream_t *l_stream = NULL; /* Stream */ +- opj_codec_t* l_codec = NULL; /* Handle to a decompressor */ +- opj_codestream_index_t* cstr_index = NULL; + + OPJ_INT32 num_images, imageno; + img_fol_t img_fol; +@@ -1393,6 +1389,10 @@ int main(int argc, char **argv) + + /*Decoding image one by one*/ + for (imageno = 0; imageno < num_images ; imageno++) { ++ opj_image_t* image = NULL; ++ opj_stream_t *l_stream = NULL; /* Stream */ ++ opj_codec_t* l_codec = NULL; /* Handle to a decompressor */ ++ opj_codestream_index_t* cstr_index = NULL; + + if (!parameters.quiet) { + fprintf(stderr, "\n"); +-- +2.17.1 + diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-6851.patch b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-6851.patch index 9f2fc901f..1e14149c8 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-6851.patch +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-6851.patch @@ -4,6 +4,10 @@ Date: Sat, 11 Jan 2020 01:51:19 +0100 Subject: [PATCH] opj_j2k_update_image_dimensions(): reject images whose coordinates are beyond INT_MAX (fixes #1228) +CVE: CVE-2020-6851 + +Signed-off-by: Mingde (Matthew) Zeng <matthew.zeng@windriver.com> + --- src/lib/openjp2/j2k.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-8112.patch b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-8112.patch index cb250530e..6158601af 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-8112.patch +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-8112.patch @@ -6,6 +6,10 @@ Subject: [PATCH] opj_tcd_init_tile(): avoid integer overflow That could lead to later assertion failures. Fixes #1231 / CVE-2020-8112 + +CVE: CVE-2020-8112 + +Signed-off-by: Mingde (Matthew) Zeng <matthew.zeng@windriver.com> --- src/lib/openjp2/tcd.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb index 42011efa9..a0740a274 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb @@ -10,6 +10,7 @@ SRC_URI = " \ file://0002-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \ file://CVE-2020-6851.patch \ file://CVE-2020-8112.patch \ + file://CVE-2020-15389.patch \ " SRCREV = "57096325457f96d8cd07bd3af04fe81d7a2ba788" S = "${WORKDIR}/git" |