From patchwork Tue Jan 14 10:09:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peng Zhang X-Patchwork-Id: 55513 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 378A2C02183 for ; Tue, 14 Jan 2025 10:09:34 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.web11.41537.1736849367931931026 for ; Tue, 14 Jan 2025 02:09:27 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=310900c87a=peng.zhang1.cn@windriver.com) Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 50E7aek7016412 for ; Tue, 14 Jan 2025 02:09:27 -0800 Received: from nam02-bn1-obe.outbound.protection.outlook.com (mail-bn1nam02lp2042.outbound.protection.outlook.com [104.47.51.42]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 443mt72nc8-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 14 Jan 2025 02:09:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=PJAUwVywwrqXUNGjITmEaRiVAP2v3hKPma3rNle9hrD0lkeu4iodgsqjRfeWuqgrY7YxhKbpkphb5rditYqNIyGfPpyz8a1XQxClF3CkugNZmd/OJKL2XqGhvKj1/Uhjtc5ePpB/8eLmAOyd8M3JsqdgenMvA3DNEOgpMl3qj5gtfVL5vWaOjJe8IxfDirV9lGAeHQ4H/tgmrXK0OsEPr7K1DN3ErrtUgAqaLj48PTt32wTEgN120A3pPs4iDseliu0rDR6AWN3gHj3eCy7EclgHMCVGkkwIRM43Q4bv5YNi/6HTNYfxoizmAbysXCag9394Bf2nEUIaRrLBKAr7Bg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OM6xPwkpKICN9Ea38yR9NQuRjeLHIr+n0oxWdflk0GA=; b=Tpkm3Y+2P0QroKOhsh5gMSiEikhkb8dvNl72cgxilvZryOCYo55BM7+soPbGkrgyupN2apJbDDKAFTnXs6JC8Iogv++SOePksutYuNYsdyuzDvdAtyfAlESkgheadB3amhYqjhgbgoQJGRMFms7SXWNhU+QxKu6vZfONovtEL3ZGu+zM1ZurGvhEr2zbiOrO4Ld7hGRHOOrKdhcfBUhSXWftOxhDGx0n9n8tpZjdaR6Y94yVqVKPXTVBNOCUK8JI8Ea12M/3EkbTVqHU0lfv3kAUawBB60BhAcvvzQTBeilEMNmDa1zJYxAJVnkMsERxfln6kG8+siSUQBO6RnQbcQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) by SJ0PR11MB6573.namprd11.prod.outlook.com (2603:10b6:a03:44d::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.17; Tue, 14 Jan 2025 10:09:23 +0000 Received: from CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f]) by CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f%7]) with mapi id 15.20.8335.017; Tue, 14 Jan 2025 10:09:23 +0000 From: peng.zhang1.cn@windriver.com To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 1/2] openjpeg: fix CVE-2024-56826 Date: Tue, 14 Jan 2025 18:09:09 +0800 Message-Id: <20250114100910.1538526-1-peng.zhang1.cn@windriver.com> X-Mailer: git-send-email 2.34.1 X-ClientProxiedBy: SI2P153CA0030.APCP153.PROD.OUTLOOK.COM (2603:1096:4:190::15) To CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PR11MB8562:EE_|SJ0PR11MB6573:EE_ X-MS-Office365-Filtering-Correlation-Id: e05768c7-0321-4acc-611d-08dd348384b3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|52116014|376014|38350700014; X-Microsoft-Antispam-Message-Info: 7lzkijQ7wITdmEi+ba/tuFP65xJh6wRNKfvfKGpj1eSNX72BDlB2qDIMXbHsrXE+RQ0ZsyfkrMkdGP1qGDCMN3NyFBoA+iSGOpXjZGsHt9ldnXVL82MdkUa7TT5RyS8ItPohtv1rbfgU4xgkaH6CZ4fWg1P/Ksggkbq9CNaXxyUBMWjVqZA2Wl+qCFAlcitoYKGyFSTS7K9NDcax+XrVLT+56qaE9UzmMXTCN1eEow8O7FRcFn5EVK/X+bPZLY5auZVzqzsY3sN50zvnpyzwfMM15rxq5HGRfpyHoyT1z+79hGxcu+K6p53/fnWWvE2oI7IOspm+BJpr4sFxjGVvUtrHI7o+y39iS+++mkceGqh+6raakoP8kdPa53T0+Bc6trxmoZJ0AzWqSqjrgi+DN9GHDviNw5682OYXYk5CDollNyb1Khdu0YahlxqGlJHpzT8/X+TGHoSM6KmxYs0IIge+53YQXLB7birUelw2lIen1+sPTJYBLzz/BN+CUfQ0enAGddKAahaLHW0SptiMJRlgV+ksdVbPeHR7/erdCo+o8FoYmpizGhOsuihXsQiXjzUE3tUMWyB1V7YUai9GKOl/DhpxLBOc/Q2d47FGZGKh0XIqCAA5ZEzSiBjWe2b9NVvsk9KAsQXWaJfenUCwcgyJzkSMmvFNdt0nLpSjxG+ezE2tLkwZdAJ7x5vJ/0rjZeAMbsQT2DiNoHQFRhnfCoyrs0DiBjazlRDhxNsRatqyiet9Z05JRwaeS/2R3YtyWzl7guFUpP+w+YpDDdUyLsskcK6aOIBxPbJjyQiZhpDUTjDJPznYykKubg5AvjEfJTLvSF3hVoxeb3TKgmY8CcgjPQQ3VjPBv8ZcdGdTi0RlIWLNaycqQRTWc9pY3Y5hQku/Vp+R+Dgd+Xk97mn/JoYWM9/8RQEADw9aaKXFIUHCWBkze1uAaP8ybFUmrdIpWsAjTCbhPDyCYr7aAhwsoGxSCYu8jagbmIAznt4KEFXmH6XIRwhe3sQsgJnO5djKjShJ0SAHvrtpj0r9DBogWDlwqjHZXnUTgEGuunFCPlPHDNGMFO6yDbQEKjPBA//oLu7nSM7JNkbw7OUJ9JzOaIjRqhaeH0jT5Wh/Q3N/UVN/sFOijp+F5D5rCOPGwjvns42b+aqasZIkOgdS+VHigObH29PZOnsf9+hm4f7+Zpnftdc96idgYm1bqEl0wEgOKq/vbDphgwHgG9xgD0Vr5oG7IfpAUZ0AXmZNMSS1Wjva4gWImAp/i65KJyM4PeF74OMB4nIfjJDl9zvBXkZ82zmkfp6oWKabxL1WLu4YpPYmRSqhtA2lrk825UsR9ApPwiMg0RzGHkrprJxSrliXgbHhmte0T0VA5JFOE6nRZ/Lw7UZ3jX8bC276jm84cFgnMiODsqDZM17hs8IzSJ1zqg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR11MB8562.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(52116014)(376014)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 1MuGafSLGjM9roBObPdGvgFCc+53Q+vp/71+8/617+I1ha/mqGGx18bcaUESwbBMJHplssXxjBqXl2thCPlzG/1b5tRx1xnB6NV17CQ4XJ+60oEZZNkyAj6W2PnTTecCoPAI4nsl26+m+D7DejHHeTcU1Wp5yeOq54ITBrw9u0PXenQRGAP3XG5zbDPDkQhU7voArWp+Tglt34j2WWTxtkI8TDtTHVYpf736OUKmVJMng7P8g6ASCRlULNsmaJCmCspURpxTdSGUvx8ekVzrg8GoDt8ednBkamGr1+/lCNUsOryclK1V2KKAcpSbp9qKUi+GHDlRZ+dVROeKSH+HGeS7UhEmKjLImIchrIAnizg2Zl7hiWKufCI8us5jKfsRdZgzEIhU0nFLeAjPa91O4vFxjP+xpYB56yNrkNXeUJRGybs9uXM8kYRDiOrdi0rq1IF0Jvgga8yA3sfVsMm8PWRvv1VijuaB8+3thKtG5zLVYPXEdkWkbNoS4gH8ZehAGAVXmiaXDj70XVXSbqb/KToXuRDJ018/yIeDRyhwqCqrXXQWamzgcWLITASVtsT+s+nNSWPCIQ18tiV9qIa61+yqfYnv1r7O9kXOQIDFXziI7Ho8eAEde8CD1HcWb7Hs2Q1M1vMy4/oE4V3NEUqMvoYAnB+js7SyPyWjf/bgUxfY0+UIcFQxRRIMQ91MYiiF+LHCJRHreYEG7p0ntAKIbw9X3UR1FP+ld49izUCzitKmGLJlzceAoRlCa7LRd9vAm7NPWYF2+LSdPcEaAa3ObBv5WE2V6kOqFK0CvD/w3pvo7+dcE4ebVFF11Nd3WwGZvE6bu0MYH4K5ZE1tCqNsbDHjUX3mk0i35hYEtPPIIlHJuc5j3+mjgf7r6vvu6eRcW8PzKnMHDwgowHIeErNm9ekR18VU1yfSsaK6RenSp/afba1hapb3GptKJxBJfhC3/J8Ot2SA9iUsQbx5GRg/UwzQzUI3T+YjS80TmR84oz9ExCnGUxdL8p/41pPQj7ssjn04F+DupW2Al46hIqQeHeZ4omnFac9u71y2iAsJOE8glOv5bkMny0OMH3/KtHooxnp943PIZ80wW5GXXADFC74oUOJsBkkRVuzGlmuy7g3xaKU7qDs9k5+8bqSeuRHG90mqnppbt5aJ0qm2fpZC543d7+hHVnOm1hdDc3BLNaMBAZVWDK32ZY2dRNZEropGA62RVFymH+iB03Fiok1um8oXW2tJUF251ifzna6Bj+KPVix8Qx2JmMUw73YR2lEBoBgop8Uyz64hHXw5klnNN2e6ZxNeFK3gxSX0KwLAcqklTUm19ETSzsvInfXuoDNjyZgwKClaKirDl3A080SHxCGZ7OhE0lIsTcZVBRNEqFq9xY2K4oM1AO/O65W5ixUwzQx3lVIs95AxV/eRmkTDWzbroRgtd+CGqCIDZRWbhQ61qD0r0jMnvGD0ZNCh3UBgGme6pa2P8uaaZUVx9FiMH8GAd152M9PRht/1HhwNlPwo2IJkayFn3pXpklJyFDrQFPNHGJ2Dr5tqf42XMY282xnRaCB/NkUNeJwzZAr2AHUQr/LlaYhZURZ9gz7dIX0DjEpQ92ljR/9dCKB09134sw== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: e05768c7-0321-4acc-611d-08dd348384b3 X-MS-Exchange-CrossTenant-AuthSource: CH3PR11MB8562.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Jan 2025 10:09:23.0035 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4u0Q/nbY2wJQWSDROIavnDIpc1nVyQFzWjn+todikD+lnwNO0IsBI01Vj2Z/hFY7JYKakC0pyhY/I7VlJocAiwTzilrGnBxoElDRNrUJE14= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB6573 X-Proofpoint-ORIG-GUID: K2czN3vD3ZO2I6mEwGB4pMrLXwFywVpE X-Authority-Analysis: v=2.4 cv=SeoNduRu c=1 sm=1 tr=0 ts=678637d7 cx=c_pps a=x8A/wAfU1CBlff9R7r/2ew==:117 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=VdSt8ZQiCzkA:10 a=bRTqI5nwn0kA:10 a=PYnjg3YJAAAA:8 a=NEAV23lmAAAA:8 a=t7CeM3EgAAAA:8 a=64SeUrbXAAAA:8 a=DWwV0Ru8rSxQCkMTajcA:9 a=FdTzh2GWekK77mhwV6Dw:22 a=HLuTerElwpHB00cmObDT:22 X-Proofpoint-GUID: K2czN3vD3ZO2I6mEwGB4pMrLXwFywVpE X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-01-14_02,2025-01-13_02,2024-11-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015 mlxlogscore=999 mlxscore=0 impostorscore=0 priorityscore=1501 lowpriorityscore=0 bulkscore=0 malwarescore=0 phishscore=0 suspectscore=0 adultscore=0 classifier=spam authscore=0 adjust=0 reason=mlx scancount=1 engine=8.21.0-2411120000 definitions=main-2501140084 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 14 Jan 2025 10:09:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/114878 From: Zhang Peng CVE-2024-56826: A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-56826] [https://github.com/uclouvain/openjpeg/issues/1563] Upstream patches: [https://github.com/uclouvain/openjpeg/commit/98592ee6d6904f1b48e8207238779b89a63befa2] Signed-off-by: Zhang Peng --- ...ix-out-of-bounds-read-accesses-when-.patch | 130 ++++++++++++++++++ .../openjpeg/openjpeg_2.4.0.bb | 1 + 2 files changed, 131 insertions(+) create mode 100644 meta-oe/recipes-graphics/openjpeg/openjpeg/0001-sycc422_to_rgb-fix-out-of-bounds-read-accesses-when-.patch diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/0001-sycc422_to_rgb-fix-out-of-bounds-read-accesses-when-.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/0001-sycc422_to_rgb-fix-out-of-bounds-read-accesses-when-.patch new file mode 100644 index 000000000..1943cf4cc --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/0001-sycc422_to_rgb-fix-out-of-bounds-read-accesses-when-.patch @@ -0,0 +1,130 @@ +From 2bed72075bd17518907a6a57e3411669188e49bd Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Mon, 25 Nov 2024 23:11:24 +0100 +Subject: [PATCH] sycc422_to_rgb(): fix out-of-bounds read accesses when 2 * + width_component_1_or_2 + 1 == with_component_0 + +Fixes #1563 + +Also adjusts sycc420_to_rgb() for potential similar issue (amending +commit 7bd884f8750892de4f50bf4642fcfbe7011c6bdf) + +CVE: CVE-2024-56826 +Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/98592ee6d6904f1b48e8207238779b89a63befa2] + +Signed-off-by: Zhang Peng +--- + src/bin/common/color.c | 42 ++++++++++++++++++++++++++++++++---------- + 1 file changed, 32 insertions(+), 10 deletions(-) + +diff --git a/src/bin/common/color.c b/src/bin/common/color.c +index ae5d648d..e4924a15 100644 +--- a/src/bin/common/color.c ++++ b/src/bin/common/color.c +@@ -158,7 +158,7 @@ static void sycc422_to_rgb(opj_image_t *img) + { + int *d0, *d1, *d2, *r, *g, *b; + const int *y, *cb, *cr; +- size_t maxw, maxh, max, offx, loopmaxw; ++ size_t maxw, maxh, max, offx, loopmaxw, comp12w; + int offset, upb; + size_t i; + +@@ -167,6 +167,7 @@ static void sycc422_to_rgb(opj_image_t *img) + upb = (1 << upb) - 1; + + maxw = (size_t)img->comps[0].w; ++ comp12w = (size_t)img->comps[1].w; + maxh = (size_t)img->comps[0].h; + max = maxw * maxh; + +@@ -212,13 +213,19 @@ static void sycc422_to_rgb(opj_image_t *img) + ++cr; + } + if (j < loopmaxw) { +- sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); ++ if (j / 2 == comp12w) { ++ sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b); ++ } else { ++ sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); ++ } + ++y; + ++r; + ++g; + ++b; +- ++cb; +- ++cr; ++ if (j / 2 < comp12w) { ++ ++cb; ++ ++cr; ++ } + } + } + +@@ -246,7 +253,7 @@ static void sycc420_to_rgb(opj_image_t *img) + { + int *d0, *d1, *d2, *r, *g, *b, *nr, *ng, *nb; + const int *y, *cb, *cr, *ny; +- size_t maxw, maxh, max, offx, loopmaxw, offy, loopmaxh; ++ size_t maxw, maxh, max, offx, loopmaxw, offy, loopmaxh, comp12w; + int offset, upb; + size_t i; + +@@ -255,6 +262,7 @@ static void sycc420_to_rgb(opj_image_t *img) + upb = (1 << upb) - 1; + + maxw = (size_t)img->comps[0].w; ++ comp12w = (size_t)img->comps[1].w; + maxh = (size_t)img->comps[0].h; + max = maxw * maxh; + +@@ -336,19 +344,29 @@ static void sycc420_to_rgb(opj_image_t *img) + ++cr; + } + if (j < loopmaxw) { +- sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); ++ if (j / 2 == comp12w) { ++ sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b); ++ } else { ++ sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); ++ } + ++y; + ++r; + ++g; + ++b; + +- sycc_to_rgb(offset, upb, *ny, *cb, *cr, nr, ng, nb); ++ if (j / 2 == comp12w) { ++ sycc_to_rgb(offset, upb, *ny, 0, 0, nr, ng, nb); ++ } else { ++ sycc_to_rgb(offset, upb, *ny, *cb, *cr, nr, ng, nb); ++ } + ++ny; + ++nr; + ++ng; + ++nb; +- ++cb; +- ++cr; ++ if (j / 2 < comp12w) { ++ ++cb; ++ ++cr; ++ } + } + y += maxw; + r += maxw; +@@ -384,7 +402,11 @@ static void sycc420_to_rgb(opj_image_t *img) + ++cr; + } + if (j < loopmaxw) { +- sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); ++ if (j / 2 == comp12w) { ++ sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b); ++ } else { ++ sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); ++ } + } + } + +-- +2.39.4 + diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb index a619c07aa..9c0fe0e30 100644 --- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb @@ -12,6 +12,7 @@ SRC_URI = " \ file://CVE-2021-29338.patch \ file://CVE-2022-1122.patch \ file://CVE-2021-3575.patch \ + file://0001-sycc422_to_rgb-fix-out-of-bounds-read-accesses-when-.patch \ " SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505" S = "${WORKDIR}/git" From patchwork Tue Jan 14 10:09:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peng Zhang X-Patchwork-Id: 55514 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 223A9E77188 for ; Tue, 14 Jan 2025 10:09:34 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.web10.41100.1736849367546633979 for ; Tue, 14 Jan 2025 02:09:27 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=310900c87a=peng.zhang1.cn@windriver.com) Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 50E7aek6016412 for ; Tue, 14 Jan 2025 02:09:27 -0800 Received: from nam02-bn1-obe.outbound.protection.outlook.com (mail-bn1nam02lp2042.outbound.protection.outlook.com [104.47.51.42]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 443mt72nc8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 14 Jan 2025 02:09:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=rx5cdbyrDEHEymhxkCjRl731BSZYWpEMW8vLqIA2x+dK2CpThWHKd+DHRLkm1LQX+kZFwVv+37yeHKbsMQpgCvYrRu14dsRkNRurnnV4Dmu/d3/QG8wEyTmXx2vZJ9Yh6RU4zr8zB3V/zdh3+lDQI547cC6HSeOaCpS0ZghPqcCdN1IyfQP1uCGqO9n0itomjMD8ZgqrJ1FSCgbaUIUxh/MzlLEs8z1isW7YwEBrKxzAZRPP1ZvINWzhSFAvwwUqeY5y5wpy7rS6s3mGuP0UNKi0hrEuYDQMYoblpXb1eO9hYVXFmqplJvLmoYaCPhy6XCSNSs3Dn/seTNYgiB2Sdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IFshQbyDoPenftY/9kO3LM/+n7LY/EmbnXJ3gYSUTgc=; b=iGBKWljT4L7Pgpo7kPdfu02Z5aztliONTk2nWUw1PKVxpQ+7t12ef/+jEO9lzTCHxDN+Mw3b33RiHCI6j/byP1FCEhyTEcdv3a9AEKOTO96ECyFvt3ODQD7ag4316gLlY8jmKrseF6YW8gb5D4VDkPljWDDlfNilweDFgGrRFtsCyKuHa+wde7/ko1fppNJwlfIqDmFf56mXa/WCnTzpqcfpN2KdA76ekjMFtw035li4m2z2o6/FMBXVwFBMru58c45SoEFhmIsz4e3hIxJIq4CQDB2JSbxvk0U6Dfmls8CyyJyKYNMmFAICaApZ538bjwlHKmLBiFUC4BWSxwCjfg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) by SJ0PR11MB6573.namprd11.prod.outlook.com (2603:10b6:a03:44d::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.17; Tue, 14 Jan 2025 10:09:24 +0000 Received: from CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f]) by CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f%7]) with mapi id 15.20.8335.017; Tue, 14 Jan 2025 10:09:24 +0000 From: peng.zhang1.cn@windriver.com To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 2/2] openjpeg: fix CVE-2024-56827 Date: Tue, 14 Jan 2025 18:09:10 +0800 Message-Id: <20250114100910.1538526-2-peng.zhang1.cn@windriver.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250114100910.1538526-1-peng.zhang1.cn@windriver.com> References: <20250114100910.1538526-1-peng.zhang1.cn@windriver.com> X-ClientProxiedBy: SI2P153CA0030.APCP153.PROD.OUTLOOK.COM (2603:1096:4:190::15) To CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PR11MB8562:EE_|SJ0PR11MB6573:EE_ X-MS-Office365-Filtering-Correlation-Id: 151a2e62-41ad-4483-0533-08dd34838586 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|52116014|376014|38350700014; X-Microsoft-Antispam-Message-Info: yW2fAOm0HuZ4t+k6eg3HZUSWY1k19sO1C57jeYZUEbc44B/lzTvwJSVvx+NJWula5ZqAyoSyBWxGFzRQ+ZEEF6lppIxTnX/+O1EULVY58WWmRvXeWE9m+rJsOpdY1FLdcjs+zsawELADhT6znrLwj5oL/m99qvDh51sF7ucso0O48aVN/Dn2lgWjZI+LnE/CNElsgbM0Xd6oCmoAxmx+PRefs/RBBXkb24rBgofwsoEUWmMOeLEcFTYfIn/NFsbpYEE5xrY3y9s1fBRVReeyAIt+1wvGRKKS9fNaMjeEvdd40e3W08UrzFB/GAax4rRsfg492axgNCAIPqy67csim2fcU6uL59UpJNTQTiivg2/LKDiMg1Bvd8/ZxIQ3daR3MaOmQDlAIdYIFyFTsT/F/E4HQn+BToUFkQ4EfT8hv30qIrHnDUZRAOG+uLpKZj2ZTqHty+LgCjIZoJT/E9ja2Dxt/LSDbFdXFaO/aU29cvLN4Bz1PdwiUELx1qDlsC+7YqU2dDcjR8vLM+3STaTd3geMufVsxQSxTCuVPZ7I5RGqaqHuOvHr7ayWuc+VpiTqeGf9KiZKlTNqqgfnEhT6kd+7hEhyDEBTb9GIA4XZ8Ic7hjePzL03CY4QJzT4Nzbvub4aq0a560jeq7L1FAdn+cRrCrH+016jci34+N2GNtmnkrnnLfwk4crh9INZcfSh19loaIdFukma37DzbkLvBjdnXkoLD7lKJpgA3+hBN8m678CUxvf04W6pVkby3H5QSWv3RKxB2gWWGA5wteFv6Nadb4wHX9Myi6XxNcuFS4kvr9oJT4suaZc1jIG01ipv71jXLOSXMozsMEyZVqv6bZ7cKFROPJQ1aFfKD1S18vGLAU3lo5QUqUoSsNkzdcW7uWq2hzw14lhehnXXAtPZ/kL18kA0Ip9HeUh803nQCRPCOldU0veAuHghwkonOJFn03fWyWAtw3QW2QGU16dmKQi1YWsLDrEjXccmQTxax/eR3S8KdtAtgoAZPe8Hj9z+h/Nd5fF7vJBCMxWM7rjMBtJ5pl/jv2mp2PaMbWAwzjvMaCKha4/o1aHJHJFjnvhqcvUAdKvnCXc3RrmDiT5K4tP0oe7ty32lPcN9zkpK7uIzJgtedKPXWKN9QnylOtgnv315Nh86Qvog0I9oUOXYwWJXQJD0qDjcWHctInjHfwICv4+vS6JzMqyj1vgPzW5cLas7Rd5tgqqdPAsLQdSP9hm87rooD+KtUnV5547QQqVJBNgIUhcZpl0/e4AREgjKJ2okRWcvEskDX83sxzUdAp69DRhqhmQGSSDiZ0yEsg+waXRyX579jqqvlCz+mw7O8i3bPeBixMqugzJChzMQcWUig5vo6NK8JylIlDT9kyZ2RoIjrijEaGCbj2QkFnRoXn3+c6TMF6k9wPAORK6YxA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR11MB8562.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(52116014)(376014)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: pkbKIjN3Jjr3XIAFXVLoNqRiX7yrN6wVg6vHWQk7C787UZtCwzvCBtmBCNQaTGBcbl6+yxNMmJt9u6LH7iSk8ZAwV1n9E7w/dAxDY//AAryI19qW54llMCHKXz+/ks5FADSrsRGFYjk4DugvjrQwRYPt4MH48EN+3hKzsQ1koRHCR9q7MAwAz7B4C75M0QqCw26X8RnIwDJbY7XYKrO5tH16l3SXJVhoKKi2knFEJL59mZTMI4tyTF5z+1kShtOLqWJDjucijrO3/u98XwMLizXaVro7wIPqNvH5PotkswMIpcpOuSxQZrN1STNATPBxLM4wk8Vvve9gnhsFX6zMK9oHSKcOKCX4IyP3jYioCTAYInU3Zw/OSfQ9LfTj1zep02odHGjfx29gkGr1knueLWc5CAlBgKLroNLzxE91/DlXql3MqoawSzV67C5WDuYZG2sWMCL1ijnRasAFmNHAQpePziy491mJ6UQDAQ8AEbGM1ZGi9zqEq0mOkbiztKRPRnGw5N7QfmUbcfkPur2+Wi77M74+LrcLsj5C0p3W9KQ6RsgeRH5TqGxwGu8b1ESqpTyEWndl5OMpULDdCDpv3A4dVeVrFptd0jR/GruCUa8KQlsblAbB2KsaJfekRyKmyloqZ7TxaN5JB2+R9d+LGRwO2Ojx80wVMidvqZHvG5gAo+fXFdIQ99fcm38aWdbn6NycMaFDfiB4qdCCad7qgO96732QApWw7HyiBjrn6jE0LCWGieg6hSgFZQY+khOofwEwXHoJsbn7VAvq6Te4VUG7AeQp7UVMZNu/5HVylYpCXbkp2y7wFuWF2g8urwfQfowdBzyYFKaW+oAwVhbJwfVzekiMFlGOvCzxm5iTUT5DlYg27VCrVa7h5Jj669dx80Ba6JJRhxA4EjhAzfBfUoddEZFU+fZvWdf0JqaLJIX3UT52pQa7IQoTvg7rCoJ3huFJNushI5kj3m2yHMgNbckaR0vftANGp9l8kQedr+LnFDzoPgwBQRAkuWuOX5FJhI+gxAhEI8Wx8mKd0CrKyn9DDLW+Rpvr9gJtl0taigQBzHG02eK35y5Ci18tvtJkB8J9zzYSlEmvOMnhItZ46bUIYdN/xyfsNVv3/xjb+yMGLvYlvEE5qrLkfmTeF2VHy5SmeSP3EZD6JFgjobSaSE8dXCBmpAt/1TWnUzZxQDmn0Qi1pY/hFW67d/dYsKe14EAWH2Z9XC5Rt7yYrfzP6AheZ61r9O/6qWvjjnO1Ruv0/QSCF2omf9QFjMpMWcZCqIFMrarovQ36XjKG4XyRTaoUXr/XW2ciuKG/RCp3R+CqREpdGLI+yRsngX9xnoPxGuXJ9+SWvDsKbKqt5T0jAPGN9ed+yCzhyLJcqco10AmG//dxzpAzBWm9DX0RqkzrODosrXVfQThT8LRCoBp/T+5t38pPg5F1WIiEyPS2Rc2DJ0B1GSn0PmWpEPuIm3QHUlYtvTENgumR0NBPeHKTdQjeHmoLJcFzYEXSATJVK/cHfDzDxv6gzF9zG8l7gAMO9rfRxA6HOYfypRqv+QiMkfLweyfDbNUDZD+B8rcOLJ284Spv5BD8A8niPaG/paam1MJZR5IDnxdQuwDXeWExzQ== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 151a2e62-41ad-4483-0533-08dd34838586 X-MS-Exchange-CrossTenant-AuthSource: CH3PR11MB8562.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Jan 2025 10:09:24.3622 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: z06eGSfCsmLE4xU8XK5Wxi/samHMJlNhZD/DLqt6atQL3zWGPEW5VAq+QTKHo0OI+iLwDY0alei9AUC8WKO9kmx6GXFd8/kmK2TVPvNOjig= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB6573 X-Proofpoint-ORIG-GUID: tqctb07j9Ef0SBLrSi1-Z_obtwwTz5xr X-Authority-Analysis: v=2.4 cv=SeoNduRu c=1 sm=1 tr=0 ts=678637d6 cx=c_pps a=x8A/wAfU1CBlff9R7r/2ew==:117 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=VdSt8ZQiCzkA:10 a=bRTqI5nwn0kA:10 a=PYnjg3YJAAAA:8 a=NEAV23lmAAAA:8 a=t7CeM3EgAAAA:8 a=64SeUrbXAAAA:8 a=pMEJznBF0z_DQNz8OsMA:9 a=FdTzh2GWekK77mhwV6Dw:22 a=HLuTerElwpHB00cmObDT:22 X-Proofpoint-GUID: tqctb07j9Ef0SBLrSi1-Z_obtwwTz5xr X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-01-14_02,2025-01-13_02,2024-11-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015 mlxlogscore=999 mlxscore=0 impostorscore=0 priorityscore=1501 lowpriorityscore=0 bulkscore=0 malwarescore=0 phishscore=0 suspectscore=0 adultscore=0 classifier=spam authscore=0 adjust=0 reason=mlx scancount=1 engine=8.21.0-2411120000 definitions=main-2501140084 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 14 Jan 2025 10:09:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/114877 From: Zhang Peng CVE-2024-56827: A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-56827] [https://github.com/uclouvain/openjpeg/issues/1564] Upstream patches: [https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8] Signed-off-by: Zhang Peng --- ...rker-validate-that-current-tile-part.patch | 33 +++++++++++++++++++ .../openjpeg/openjpeg_2.4.0.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta-oe/recipes-graphics/openjpeg/openjpeg/0001-opj_j2k_add_tlmarker-validate-that-current-tile-part.patch diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/0001-opj_j2k_add_tlmarker-validate-that-current-tile-part.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/0001-opj_j2k_add_tlmarker-validate-that-current-tile-part.patch new file mode 100644 index 000000000..f959a65d9 --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/0001-opj_j2k_add_tlmarker-validate-that-current-tile-part.patch @@ -0,0 +1,33 @@ +From b343d72eb4c4b776b4925b441d18abf6a20b42a7 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Mon, 25 Nov 2024 22:02:54 +0100 +Subject: [PATCH] opj_j2k_add_tlmarker(): validate that current tile-part + number if smaller that total number of tile-parts + +Fixes #1564 + +CVE: CVE-2024-56827 +Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8] + +Signed-off-by: Zhang Peng +--- + src/lib/openjp2/j2k.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index 8e343ab2..08f771a5 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -8227,7 +8227,8 @@ static OPJ_BOOL opj_j2k_add_tlmarker(OPJ_UINT32 tileno, + if (type == J2K_MS_SOT) { + OPJ_UINT32 l_current_tile_part = cstr_index->tile_index[tileno].current_tpsno; + +- if (cstr_index->tile_index[tileno].tp_index) { ++ if (cstr_index->tile_index[tileno].tp_index && ++ l_current_tile_part < cstr_index->tile_index[tileno].nb_tps) { + cstr_index->tile_index[tileno].tp_index[l_current_tile_part].start_pos = pos; + } + +-- +2.39.4 + diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb index 9c0fe0e30..871b324df 100644 --- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb @@ -13,6 +13,7 @@ SRC_URI = " \ file://CVE-2022-1122.patch \ file://CVE-2021-3575.patch \ file://0001-sycc422_to_rgb-fix-out-of-bounds-read-accesses-when-.patch \ + file://0001-opj_j2k_add_tlmarker-validate-that-current-tile-part.patch \ " SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505" S = "${WORKDIR}/git"