From patchwork Sun Nov 23 17:43:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 75257 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D201DCFC518 for ; Sun, 23 Nov 2025 17:43:19 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.19118.1763919792210201186 for ; Sun, 23 Nov 2025 09:43:12 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=UHAthl6T; spf=pass (domain: gmail.com, ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-477bf34f5f5so18132095e9.0 for ; Sun, 23 Nov 2025 09:43:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763919790; x=1764524590; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=4TEpoHmaYQxjlTC9qeVs15x9ks9gJM5DXcPyVNcIqX8=; b=UHAthl6Tom9XDnmyRQZHSY7SB/DuVN5b0YAOnMqXuZWZAcfyHAESCCdqj5fG2uKFRx zWRXbQxS2pxKq2lASLvfNldXH4VxbA2JNlkrMQA0bxRlbGDk+5fzM/Tm/Q+1jktpTeco DPUn3zWuPYBmgTl5u0qCGt4+Y190jlIiOkSmUsDJVEIUWthgydvI06991sToDq4409XO j63NYKkPYm+4dV1xgJyvZOU6ILdiZmAv7NmyDOyR7p2G4O8zenzzb2u0OIHH59NARNVc S6qNFWffeNx1wCAsuZzcbpnI05+AsoVkxk2QzBJHm+NBhPP6BzJyMkUQQclQ9vbF+W9J PV8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763919790; x=1764524590; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4TEpoHmaYQxjlTC9qeVs15x9ks9gJM5DXcPyVNcIqX8=; b=bLST6RjIZqh5AGJD3r5wrcdUVc7dOh9j42mjgq1XUeLf6Dm7iFEDDpZ0lxfxfph6Gh lXLDk7xaHp9zxv+7LooARdCAokv1gQe9cbSDe/i6yiEIsV8Q7raWysTr5oOHY7bhaSK0 TqGiZ31N1QboBFjgMI+f7T4DjHrjo2jY4bGsTCJOaKW+FYGfBT6dZs65LSeQLzcZzT3m hO6cSwasTBOvxmFTNOH7N2IEdWwqC5l3IqD7sbks/nxJaLHSAFb/eGwEhroQhlBwcUjg CMx9+T0mQvqB02VVOYCxcp4b76Za4bzVLDu+Z8ttl4ArPWl0wQOz6eC+7yXnZYullKrT yY5Q== X-Gm-Message-State: AOJu0Yx863fkE/SB7piieG7JoSTDmcABtZYEWs3cJAulWFxJ2ILc9Iqc f2oKmojLsX/jDrNJNZhsvAc4BV4GB8c0ZPSmt94HWc7BxjFIZITYEqENlucTe3Z5 X-Gm-Gg: ASbGncuH+Zr0W++ul015MBg+bru9HL/JVuD+DCLi/ZFXUV2/ptX3tX6qhRUUO9xOOuh a2EFjK3ZqWDSOXRl1oKO4iEkC1TugC3fnfHbxx3CdYdFUKlA51tJYUUkVXzAMN18+ON8OyqMmwt pBaB9PbK2n3VVlpqXYVAefmD/yv/iVb/2G3k9hEfHbuKy/PmtcHQ39uJCUGSuZacD3atnd8YjYo zlhpeFr8Zr24J/ELqFLhbkxY8Cyhr9qJwfBcXKun9EXn+WRAt+fGwzLbxRk2vvNnvLHYyZCJvAD yrw3Wf9rbeGUz/V2plVaHNzu3yJOCRo1V3Rjk+67lXbXDDHUT6f4zS49DsHOl6dwklJ/odzZITp 9Co1B35Nw0fa/VmsD36gt8Dji4/ahpMfhZfj3NMFslewIFvtSxSkbAcXgIdu5P0Y1e98XZvoH+N 8o5hOhlDIQ40FpUVbzueg= X-Google-Smtp-Source: AGHT+IGKsw1GjLbRR25tc5f3sNXtErroZD1NP0jpdU3biLEruBL2SMCzXchsSVTM4DRqbb3GePSJ8w== X-Received: by 2002:a05:600c:1f8f:b0:477:5c45:8100 with SMTP id 5b1f17b1804b1-477c01df155mr106132135e9.24.1763919790244; Sun, 23 Nov 2025 09:43:10 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-477bf1f3e63sm156733795e9.7.2025.11.23.09.43.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Nov 2025 09:43:09 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 1/4] jasper: patch CVE-2023-51257 Date: Sun, 23 Nov 2025 18:43:06 +0100 Message-ID: <20251123174309.2625557-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 23 Nov 2025 17:43:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121998 Details: https://nvd.nist.gov/vuln/detail/CVE-2023-51257 Pick the patch that's marked to solve the issue linked in the nvd report. Signed-off-by: Gyorgy Sarvari --- .../jasper/jasper/CVE-2023-51257.patch | 40 +++++++++++++++++++ .../recipes-graphics/jasper/jasper_2.0.33.bb | 4 +- 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch diff --git a/meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch b/meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch new file mode 100644 index 0000000000..96c23698b9 --- /dev/null +++ b/meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch @@ -0,0 +1,40 @@ +From b19a51001e681d6c4bbc32b43bd425dee7f2caff Mon Sep 17 00:00:00 2001 +From: Michael Adams +Date: Thu, 14 Dec 2023 19:04:19 -0800 +Subject: [PATCH] Fixes #367. + +Fixed an integer-overflow bug in the ICC profile parsing code. +Added another invalid image to the test set. + +CVE: CVE-2023-51257 +Upstream-Status: Backport [https://github.com/jasper-software/jasper/commit/aeef5293c978158255ad4f127089644745602f2a] +Signed-off-by: Gyorgy Sarvari +--- + src/libjasper/base/jas_icc.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/libjasper/base/jas_icc.c b/src/libjasper/base/jas_icc.c +index 905b823..7e69bd4 100644 +--- a/src/libjasper/base/jas_icc.c ++++ b/src/libjasper/base/jas_icc.c +@@ -1295,10 +1295,20 @@ static int jas_icctxt_input(jas_iccattrval_t *attrval, jas_stream_t *in, + { + jas_icctxt_t *txt = &attrval->data.txt; + txt->string = 0; ++ /* The string must at least contain a single null character. */ ++ if (cnt < 1) { ++ goto error; ++ } + if (!(txt->string = jas_malloc(cnt))) + goto error; + if (jas_stream_read(in, txt->string, cnt) != cnt) + goto error; ++ /* Ensure that the string is null terminated. */ ++ if (txt->string[cnt - 1] != '\0') { ++ goto error; ++ } ++ /* The following line is redundant, unless we do not enforce that ++ the last character must be null. */ + txt->string[cnt - 1] = '\0'; + if (strlen(txt->string) + 1 != cnt) + goto error; diff --git a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb index 27dff82df5..522adba93d 100644 --- a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb +++ b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb @@ -3,7 +3,9 @@ HOMEPAGE = "https://jasper-software.github.io/jasper/" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=a80440d1d8f17d041c71c7271d6e06eb" -SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master" +SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master \ + file://CVE-2023-51257.patch \ + " SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973" CVE_CHECK_IGNORE += "\ From patchwork Sun Nov 23 17:43:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 75259 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EF84DCFD31C for ; Sun, 23 Nov 2025 17:43:19 +0000 (UTC) Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.17915.1763919792664379179 for ; Sun, 23 Nov 2025 09:43:12 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=mQH3orcX; spf=pass (domain: gmail.com, ip: 209.85.221.52, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f52.google.com with SMTP id ffacd0b85a97d-42b3c965df5so1801092f8f.1 for ; Sun, 23 Nov 2025 09:43:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763919791; x=1764524591; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=H3a+R9nmPdnbgzEHSDtdmmFHODau20iI8ZzYRWZdRZA=; b=mQH3orcXIwQNkdmkORUjiOtkqVMJ6pmoeIis49ajyXeJ6jnWvQyVHT43ux39ZtReix 1z859+xVGOkJQ9p633PnXPcmQJB4nv03J79NWekNkCMNGjr7e3eHW9mAOxU4nMvYYC/H vAmH0GgxWizW0yjM/VEKWdyEv5UxtGs6Y8VjHZmmdAQouP8fEeBIGmUjxU+Wafu1WnUj osqiOqWQIJgx95O52IGBWwcGG7u5kA1q5a52j4JmyaEF+aOlBi94jQUrQAISGDXARC8n wa5rM1WVOrn198h3+RdOMq5PhtWtPW4O5EkuT/E4L+Q7YrrPGUNCy+jDxj3GBff+Zp43 o2Hw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763919791; x=1764524591; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=H3a+R9nmPdnbgzEHSDtdmmFHODau20iI8ZzYRWZdRZA=; b=E4wZj59lQ7mCuFMDiK4618m1eQgTUj3MrSBeoAqEIdfcgWvu7ULHLCpUnbO/2ppP0C 9kjhM02mF+BBDQKJKNGH8ZZ2/iN8QyXwfIHuTVj6mJ7ypBr3NsweaZ1mwgWs5RIRafud o/33tHKBvZK6/atVCs02Ixd1EUJL+oBCo3WsOPD1nS2LHGgGB/8v4WDjhBcAHUhqTvZm KiBNXKdmSmpzLBAMFamgskwG2sQAlDAQlR2hhzHzXYni8kimuntsy/bzDHu7k/CmFvwZ bnJvuR45aiaYPIWjvlsNzmVJpTnRc/2HRLlhLPh4WKjcvJSD1p/bIu5fyGimnQ+h2+vQ 7ztA== X-Gm-Message-State: AOJu0Yyjo960RTU4qRc4FYg+oNnLx+8PtLigAk/oelkP25PvbDFEEyOQ ccVyA9LAich5zxs/YD1BcWeFKIihGAqnE1qkOap7rwZWMH61f6GFehjlghOh9DWV X-Gm-Gg: ASbGncumji/GrgOh0U6QYNqV0hnnwEiGKMCyAX9EVPnJvUJQGbQmheVGeBLLk4HrIxc gkD0ymL11LH+DxsH837eGIo9ijvHY/zGJ6SctsG9U/Ra3zo8paMB8g6vlxUUnM4AvS7jOGiX/36 wbAjksjBEon8iu3wcDLcCIuj2HtV29JyQISRmuzI1LDIsObsKc7mMy0gwW7KKjUXMIpYi3ocG/K gsgKAap9yVFe504x2Ex6Qx50Dx6Np6/NaG3Jy23uakX8GNa42bXE0pdZZx+CioUQQN9K4wFyM3u wjW2Q5pcAX7C2gMm4RMEtBMWBbn/MpIztoOmFV1RoX3xv6VoxxqvnFRpaywRgJwYNUJRK5YkOby TwDKdb1VhWJ5cf3r/lTozdzPY9aP2OK8s3h9i/2dL2hx44/PzZP4dRioE+NLtJnSo+SFOlvtyjD t2eg8eInqH X-Google-Smtp-Source: AGHT+IH5JqBeaCeDxQfQrs7qsOVrcda9VbJiBY4rBE8JTCnAIYOfBu1eYCnbBrR2elJ6kJNMhLcWjw== X-Received: by 2002:a05:600c:35cf:b0:477:9a28:b0a4 with SMTP id 5b1f17b1804b1-477c00ee003mr119354685e9.0.1763919790881; Sun, 23 Nov 2025 09:43:10 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-477bf1f3e63sm156733795e9.7.2025.11.23.09.43.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Nov 2025 09:43:10 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 2/4] jasper: patch CVE-2025-8835 Date: Sun, 23 Nov 2025 18:43:07 +0100 Message-ID: <20251123174309.2625557-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251123174309.2625557-1-skandigraun@gmail.com> References: <20251123174309.2625557-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 23 Nov 2025 17:43:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121999 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8835 Pick the patch that is referenced by the nvd report. Signed-off-by: Gyorgy Sarvari --- .../jasper/jasper/CVE-2025-8835.patch | 170 ++++++++++++++++++ .../recipes-graphics/jasper/jasper_2.0.33.bb | 1 + 2 files changed, 171 insertions(+) create mode 100644 meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8835.patch diff --git a/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8835.patch b/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8835.patch new file mode 100644 index 0000000000..d781d24361 --- /dev/null +++ b/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8835.patch @@ -0,0 +1,170 @@ +From 8c72f24556b2418f5689713eb706014423473a73 Mon Sep 17 00:00:00 2001 +From: Michael Adams +Date: Tue, 29 Jul 2025 20:16:35 -0700 +Subject: [PATCH] Fixes #400. + +Added a check for a missing color component in the jas_image_chclrspc +function. + +CVE: CVE-2025-8835 +Upstream-Status: Backport [https://github.com/jasper-software/jasper/commit/bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52] + +Signed-off-by: Gyorgy Sarvari +--- + src/libjasper/base/jas_image.c | 73 ++++++++++++++++++++++++++++------ + 1 file changed, 61 insertions(+), 12 deletions(-) + +diff --git a/src/libjasper/base/jas_image.c b/src/libjasper/base/jas_image.c +index 68a94e1..bfbf9e5 100644 +--- a/src/libjasper/base/jas_image.c ++++ b/src/libjasper/base/jas_image.c +@@ -112,7 +112,8 @@ static long convert(long val, bool oldsgnd, unsigned oldprec, bool newsgnd, + unsigned newprec); + static void jas_image_calcbbox2(const jas_image_t *image, jas_image_coord_t *tlx, + jas_image_coord_t *tly, jas_image_coord_t *brx, jas_image_coord_t *bry); +- ++static jas_cmcmptfmt_t* jas_cmcmptfmt_array_create(int n); ++static void jas_cmcmptfmt_array_destroy(jas_cmcmptfmt_t* cmptfmts, int n); + /******************************************************************************\ + * Global data. + \******************************************************************************/ +@@ -409,6 +410,36 @@ static void jas_image_cmpt_destroy(jas_image_cmpt_t *cmpt) + jas_free(cmpt); + } + ++static jas_cmcmptfmt_t* jas_cmcmptfmt_array_create(int n) ++{ ++ jas_cmcmptfmt_t* cmptfmts; ++ JAS_DBGLOG(10, ("jas_cmcmptfmt_array_create(%d)\n", n)); ++ if (!(cmptfmts = jas_alloc2(n, sizeof(jas_cmcmptfmt_t)))) { ++ return 0; ++ } ++ for (int i = 0; i < n; ++i) { ++ cmptfmts[i].buf = 0; ++ } ++ JAS_DBGLOG(10, ("jas_cmcmptfmt_array_create(%d) returning %p\n", n, ++ JAS_CAST(void *, cmptfmts))); ++ return cmptfmts; ++} ++ ++static void jas_cmcmptfmt_array_destroy(jas_cmcmptfmt_t* cmptfmts, int n) ++{ ++ assert(cmptfmts); ++ assert(n > 0); ++ JAS_DBGLOG(10, ("jas_cmcmptfmt_array_destroy(%p, %d)\n", ++ JAS_CAST(void *, cmptfmts), n)); ++ for (int i = 0; i < n; ++i) { ++ if (cmptfmts[i].buf) { ++ jas_free(cmptfmts[i].buf); ++ } ++ cmptfmts[i].buf = 0; ++ } ++ jas_free(cmptfmts); ++} ++ + /******************************************************************************\ + * Load and save operations. + \******************************************************************************/ +@@ -1470,12 +1501,15 @@ jas_image_t *jas_image_chclrspc(jas_image_t *image, const jas_cmprof_t *outprof, + jas_cmcmptfmt_t *incmptfmts; + jas_cmcmptfmt_t *outcmptfmts; + ++ assert(image); ++ assert(outprof); ++ + #if 0 + jas_eprintf("IMAGE\n"); + jas_image_dump(image, stderr); + #endif + +- if (image->numcmpts_ == 0) ++ if (!jas_image_numcmpts(image)) + /* can't work with a file with no components; + continuing would crash because we'd attempt to + obtain information about the first component */ +@@ -1483,6 +1517,8 @@ jas_image_dump(image, stderr); + + outimage = 0; + xform = 0; ++ incmptfmts = 0; ++ outcmptfmts = 0; + if (!(inimage = jas_image_copy(image))) + goto error; + image = 0; +@@ -1565,15 +1601,21 @@ jas_image_dump(image, stderr); + } + + inpixmap.numcmpts = numinclrchans; +- if (!(incmptfmts = jas_alloc2(numinclrchans, sizeof(jas_cmcmptfmt_t)))) { ++ assert(numinclrchans != 0); ++ if (!(incmptfmts = jas_cmcmptfmt_array_create(numinclrchans))) { + abort(); + } + inpixmap.cmptfmts = incmptfmts; + for (unsigned i = 0; i < numinclrchans; ++i) { + const int j = jas_image_getcmptbytype(inimage, JAS_IMAGE_CT_COLOR(i)); ++ if (j < 0) { ++ jas_eprintf("missing color component %d\n", i); ++ goto error; ++ } + if (!(incmptfmts[i].buf = jas_alloc2(width, sizeof(long)))) { + goto error; + } ++ assert(j >= 0 && j < jas_image_numcmpts(inimage)); + incmptfmts[i].prec = jas_image_cmptprec(inimage, j); + incmptfmts[i].sgnd = jas_image_cmptsgnd(inimage, j); + incmptfmts[i].width = width; +@@ -1581,15 +1623,20 @@ jas_image_dump(image, stderr); + } + + outpixmap.numcmpts = numoutclrchans; +- if (!(outcmptfmts = jas_alloc2(numoutclrchans, sizeof(jas_cmcmptfmt_t)))) { ++ if (!(outcmptfmts = jas_cmcmptfmt_array_create(numoutclrchans))) { + abort(); + } + outpixmap.cmptfmts = outcmptfmts; + + for (unsigned i = 0; i < numoutclrchans; ++i) { + const int j = jas_image_getcmptbytype(outimage, JAS_IMAGE_CT_COLOR(i)); ++ if (j < 0) { ++ jas_eprintf("missing color component %d\n", i); ++ goto error; ++ } + if (!(outcmptfmts[i].buf = jas_alloc2(width, sizeof(long)))) + goto error; ++ assert(j >= 0 && j < jas_image_numcmpts(outimage)); + outcmptfmts[i].prec = jas_image_cmptprec(outimage, j); + outcmptfmts[i].sgnd = jas_image_cmptsgnd(outimage, j); + outcmptfmts[i].width = width; +@@ -1612,14 +1659,8 @@ jas_image_dump(image, stderr); + } + } + +- for (unsigned i = 0; i < numoutclrchans; ++i) { +- jas_free(outcmptfmts[i].buf); +- } +- jas_free(outcmptfmts); +- for (unsigned i = 0; i < numinclrchans; ++i) { +- jas_free(incmptfmts[i].buf); +- } +- jas_free(incmptfmts); ++ jas_cmcmptfmt_array_destroy(outcmptfmts, numoutclrchans); ++ jas_cmcmptfmt_array_destroy(incmptfmts, numinclrchans); + jas_cmxform_destroy(xform); + jas_image_destroy(inimage); + +@@ -1631,6 +1672,14 @@ jas_image_dump(outimage, stderr); + #endif + return outimage; + error: ++ if (incmptfmts) { ++ assert(numinclrchans); ++ jas_cmcmptfmt_array_destroy(incmptfmts, numinclrchans); ++ } ++ if (outcmptfmts) { ++ assert(numoutclrchans); ++ jas_cmcmptfmt_array_destroy(outcmptfmts, numoutclrchans); ++ } + if (xform) + jas_cmxform_destroy(xform); + if (inimage) diff --git a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb index 522adba93d..c314da539f 100644 --- a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb +++ b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb @@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a80440d1d8f17d041c71c7271d6e06eb" SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master \ file://CVE-2023-51257.patch \ + file://CVE-2025-8835.patch \ " SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973" From patchwork Sun Nov 23 17:43:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 75260 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3682CFD316 for ; Sun, 23 Nov 2025 17:43:19 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.17917.1763919793438560630 for ; Sun, 23 Nov 2025 09:43:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=DBF9fegR; spf=pass (domain: gmail.com, ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-477b5e0323bso23643285e9.0 for ; Sun, 23 Nov 2025 09:43:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763919792; x=1764524592; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fQ1M3qddofyHNonxwcStH++mRiDTQRQHKys5+MfACEc=; b=DBF9fegRAwDwcn32q7JTEPpPBpdZhgadCwelzLt2r91KU5i33y5HUagdjhtv5aCAhz ZIH21Z9KzQnOci0ql3iHhVBNvPaemSUQHX2FB7F9836/i/nI+jAziIBZzPRjmb7dogwn a425vW3TtENYvhpkM5kvma4MLIDEhi1l1bu8Tg4ItsbS0OgPrYZV4jO8ZYbWcX/0KaNw Iqc98duiKkY5ZsUcEeoBO+1zc0gxpcxouJSMrHtMfDTGD3C4kPgVUE+WOx+ARssQJrI6 p1/OTXz3Oxxn7klN3dw7V6K/Kt6ffgv2PftTZ+eSJieY0rDTHMySA32UPEf9b9Qen7Du qyMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763919792; x=1764524592; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=fQ1M3qddofyHNonxwcStH++mRiDTQRQHKys5+MfACEc=; b=lF9APgbnkrleWx1LB7T/xE4I6VPEnfrZhe4mYxoFeJDzGQlRxQzAAohuaDNoFJ3Ym6 VoR30AgPYJKFcGTePvxm0OpGqVDXIOM2URk2xscKSNH7TKzpRand6iPzyhndVslYegNY O1SD8Q73g+gsvKNjzQ9gWgc5gUhtIv2VA7jqirGiIYN6tPZNQoL/Mf69IzjeKo0Sfsag pgCa6NSLC3v+aHiBJ8n8rtasPRvIqKM6RhyDEtVrHoXWLPi8++8q/0ijg1e/OHtciPqw Jd6tfmRqQEOwx0tja23bGVQ0jGQuduzm4ewuE42nybjbdf1P6qVGDe31XtVJwzDIGoSm Nrww== X-Gm-Message-State: AOJu0YzmFnegwrVlP8SpNat/Im3iWWTPeArdoDaHjMAKRfkFWJ21jo3v oZ+dFS1rKZmZrvYc1SZ0XNPf1CP92zXU0r0tJXUWJNM2Rpct4RDx1WkdZ9tvQwrO X-Gm-Gg: ASbGncunSWvVPSiRrjY3El+hYieXynpwDvi8Ud5Tc0QPKIP5BooAHiaYdqiVc4WXzPm NlFvkmxP4jt5kR6zG5V97uGjPofk+XIL/lJklbvg3iiwjmlTt7Wl8O2gsPVnvt3EFie4a3+m7Qr ecp/uIRYrkwGjYbbHLQwxfh6sv0dTo1rJK4hhvZV1BKLXe6jn30TSkzE+36nKtw66cM60M5pPOc +JDSQrXoUh8zUXsgm9gMhUwnlVBh7eeJQ5fvZwYVAwNdiMPT8rCl6rV+kF1SpsAkI0s3IkE4FLr FJa5lxKnxLn6WiyMDNRyGKNV0FeXx7/KwT6Dg/8KqpJwkPUoWWxzr7copM2qIX1+cmnTzLZEr2E t0AFeWcvioGtK1RWeDtzXO13QknnvlmmqZHiYkzhaHFMm4Gm8MFk9xFLQBc0GzBfXEIxImL970l EfauatIxvlhc2+WGYtidY= X-Google-Smtp-Source: AGHT+IECEZ7Md8XPIq6uY/cpQerJbrBh+ZMee9t2Or77SLmexhcDSR27ihL8y2g+emBHFP/YuekrIQ== X-Received: by 2002:a05:600c:628f:b0:477:bf1:8c82 with SMTP id 5b1f17b1804b1-477c053c90amr99110955e9.15.1763919791590; Sun, 23 Nov 2025 09:43:11 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-477bf1f3e63sm156733795e9.7.2025.11.23.09.43.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Nov 2025 09:43:11 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 3/4] jasper: patch CVE-2025-8836 Date: Sun, 23 Nov 2025 18:43:08 +0100 Message-ID: <20251123174309.2625557-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251123174309.2625557-1-skandigraun@gmail.com> References: <20251123174309.2625557-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 23 Nov 2025 17:43:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/122000 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8836 Pick the patch that is referenced by the nvd report. Signed-off-by: Gyorgy Sarvari --- .../jasper/jasper/CVE-2025-8836.patch | 78 +++++++++++++++++++ .../recipes-graphics/jasper/jasper_2.0.33.bb | 1 + 2 files changed, 79 insertions(+) create mode 100644 meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8836.patch diff --git a/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8836.patch b/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8836.patch new file mode 100644 index 0000000000..247d1064ca --- /dev/null +++ b/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8836.patch @@ -0,0 +1,78 @@ +From 0e045908b1fec6748688cbc13bd3dc3703ddb17e Mon Sep 17 00:00:00 2001 +From: Michael Adams +Date: Sat, 2 Aug 2025 18:00:39 -0700 +Subject: [PATCH] Fixes #401. + +JPEG-2000 (JPC) Encoder: +- Added some missing range checking on several coding parameters + (e.g., precint width/height and codeblock width/height). + +CVE: CVE-2025-8836 +Upstream-Status: Backport [https://github.com/jasper-software/jasper/commit/79185d32d7a444abae441935b20ae4676b3513d4] +Signed-off-by: Gyorgy Sarvari +--- + src/libjasper/jpc/jpc_enc.c | 30 ++++++++++++++++++++++++------ + src/libjasper/jpc/jpc_t2dec.c | 3 ++- + 2 files changed, 26 insertions(+), 7 deletions(-) + +diff --git a/src/libjasper/jpc/jpc_enc.c b/src/libjasper/jpc/jpc_enc.c +index 93013f9..c957e3f 100644 +--- a/src/libjasper/jpc/jpc_enc.c ++++ b/src/libjasper/jpc/jpc_enc.c +@@ -474,18 +474,36 @@ static jpc_enc_cp_t *cp_create(const char *optstr, jas_image_t *image) + cp->tileheight = atoi(jas_tvparser_getval(tvp)); + break; + case OPT_PRCWIDTH: +- prcwidthexpn = jpc_floorlog2(atoi(jas_tvparser_getval(tvp))); ++ i = atoi(jas_tvparser_getval(tvp)); ++ if (i <= 0) { ++ jas_eprintf("invalid precinct width (%d)\n", i); ++ goto error; ++ } ++ prcwidthexpn = jpc_floorlog2(i); + break; + case OPT_PRCHEIGHT: +- prcheightexpn = jpc_floorlog2(atoi(jas_tvparser_getval(tvp))); ++ i = atoi(jas_tvparser_getval(tvp)); ++ if (i <= 0) { ++ jas_eprintf("invalid precinct height (%d)\n", i); ++ goto error; ++ } ++ prcheightexpn = jpc_floorlog2(i); + break; + case OPT_CBLKWIDTH: +- tccp->cblkwidthexpn = +- jpc_floorlog2(atoi(jas_tvparser_getval(tvp))); ++ i = atoi(jas_tvparser_getval(tvp)); ++ if (i <= 0) { ++ jas_eprintf("invalid code block width (%d)\n", i); ++ goto error; ++ } ++ tccp->cblkwidthexpn = jpc_floorlog2(i); + break; + case OPT_CBLKHEIGHT: +- tccp->cblkheightexpn = +- jpc_floorlog2(atoi(jas_tvparser_getval(tvp))); ++ i = atoi(jas_tvparser_getval(tvp)); ++ if (i <= 0) { ++ jas_eprintf("invalid code block height (%d)\n", i); ++ goto error; ++ } ++ tccp->cblkheightexpn = jpc_floorlog2(i); + break; + case OPT_MODE: + if ((tagid = jas_taginfo_nonull(jas_taginfos_lookup(modetab, +diff --git a/src/libjasper/jpc/jpc_t2dec.c b/src/libjasper/jpc/jpc_t2dec.c +index e52b549..6e1f1f7 100644 +--- a/src/libjasper/jpc/jpc_t2dec.c ++++ b/src/libjasper/jpc/jpc_t2dec.c +@@ -337,7 +337,8 @@ static int jpc_dec_decodepkt(jpc_dec_t *dec, jas_stream_t *pkthdrstream, jas_str + const unsigned n = JAS_MIN((unsigned)numnewpasses, maxpasses); + mycounter += n; + numnewpasses -= n; +- if ((len = jpc_bitstream_getbits(inb, cblk->numlenbits + jpc_floorlog2(n))) < 0) { ++ if ((len = jpc_bitstream_getbits(inb, ++ cblk->numlenbits + jpc_floorlog2(n))) < 0) { + jpc_bitstream_close(inb); + return -1; + } diff --git a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb index c314da539f..d78250306b 100644 --- a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb +++ b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a80440d1d8f17d041c71c7271d6e06eb" SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master \ file://CVE-2023-51257.patch \ file://CVE-2025-8835.patch \ + file://CVE-2025-8836.patch \ " SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973" From patchwork Sun Nov 23 17:43:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 75258 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D011ACFA46B for ; Sun, 23 Nov 2025 17:43:19 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.17919.1763919794495034783 for ; Sun, 23 Nov 2025 09:43:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=JDvjn49d; spf=pass (domain: gmail.com, ip: 209.85.128.49, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-47755de027eso18936115e9.0 for ; Sun, 23 Nov 2025 09:43:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763919793; x=1764524593; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=lFHUmWvI8WFSqTbyZIFrgHJWLtSpUrmStq+f20iAwmU=; b=JDvjn49dMk0aRFMEHUbbL1rh8SRq3IA7HXEK+NNSYksApLZ2dOUpIC8IF+dNTyBaKH voyZnvI9sA7RFVhkz/IXCl2ihRGjc+15j5upUp8XGAYWvsBZLfP7cMCjE3KAvccwk5Uw nsKKt+DRmSUxzHoEtthZqm4uRG7VuFnsxiqBlfOtyalEXdA6Hor9ZpdudPq4OTsiUMu8 WbyEMnmKgJEPtp1tTObWBj93Wh6Em4rsWMEuFE3vbNOUnd0PjEyCqlebqP/YXDpicXxJ rNnGg0MSSpKzHxTqlMUi2XKBimXfzcPwNhmLrzKD4ltiVnTgO+0N2RUGIcUYnNval6f9 zyjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763919793; x=1764524593; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=lFHUmWvI8WFSqTbyZIFrgHJWLtSpUrmStq+f20iAwmU=; b=Q4GyTakdzNQrwYIEQUvZk/ZeOrYZ9UIScWa34gXw7LSK1Mh8+pcxgXXZFkjM0uBts+ 4TbUKyyt7nPWR06ghajvk37PspB6NzJrSdmgoj+3ZbJJvJdXUq2qpaiES9JHwbYO0pHV nXhZyCZ6DiWsf9g59RJAXs75EZBXuqVdVqpEhAVxdbR1n1EzD/3bkqAokr/iLXQoMpPj cJ8hbl5hQ1/2fic0OZ2Qv8Cj0yo6g+LuG0UBWDrEs5xcHXHeNDeltvSQH5PTy5rEOLw7 BmYtKs529JTEUNu0wDKd5f9yhAGmhm42uaGNfqyP9eXTQDyWhrmrfxHDWeUt8i8Vy4X0 drqg== X-Gm-Message-State: AOJu0YzYSFvkogxJzW1FFGdR2jgvNlG3uNc2+29PdSxNtVSY6DHP8hM5 k3CoiavbsSTUACilltJdk4zvNCNNEvfTPOiE3wLmmrvF2sFOQPctisyJkVX80vF8 X-Gm-Gg: ASbGnct8ddwAjm5HTT7POTt9sNjS4Pb52WXFE2d0stuWwvi6MEhWInq792pggfC0PYK Mz4nxBaYJZUjS+o89yDfUcfRgnbcbPz3rytf7YnPw5jo8KJU6tdSxbmjBUqidg2edPvBr/gial7 +xtitFosVdRHlh2gILG8t5aj3VBZPKmMFPb3nUtgH/atffn3yU8j97V9YYPVY2QYLUyHWhYXGfa +WfA/Ltn7qAhFfklFEWDqOVjleSrrF25MeXgO6G+f/D2BKZSFXTWUYAPrtvT7aAPHoCHDivztvy xeb8R+T7/cWOwZ6oeUuzOCrU5Q+RAoBYPF88560sMlt5+uCr0AnWaxiN42GzAOg3llJgfab5NGy juXeLWx0TEPH6RIDWwMfd3ar+7cOZfAp7P7HBrYSMwomltpy7v8lGZsZvWuJzRlsdtrP6lkJiuq SBZyQkC8bN X-Google-Smtp-Source: AGHT+IEhfYZ3+rO1bLUKccHseTVA5SK3Op444AdlVsQlFHWK3dme11K2oSu3lyOwaXU+HB2q2DPTsQ== X-Received: by 2002:a05:600c:4f49:b0:45d:d8d6:7fcc with SMTP id 5b1f17b1804b1-477c01dfe16mr100997705e9.27.1763919792536; Sun, 23 Nov 2025 09:43:12 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-477bf1f3e63sm156733795e9.7.2025.11.23.09.43.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Nov 2025 09:43:11 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 4/4] jasper: patch CVE-2025-8837 Date: Sun, 23 Nov 2025 18:43:09 +0100 Message-ID: <20251123174309.2625557-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251123174309.2625557-1-skandigraun@gmail.com> References: <20251123174309.2625557-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 23 Nov 2025 17:43:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/122001 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8837 Pick the patch that is referenced by the nvd report. Signed-off-by: Gyorgy Sarvari --- .../jasper/jasper/CVE-2025-8837.patch | 63 +++++++++++++++++++ .../recipes-graphics/jasper/jasper_2.0.33.bb | 1 + 2 files changed, 64 insertions(+) create mode 100644 meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8837.patch diff --git a/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8837.patch b/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8837.patch new file mode 100644 index 0000000000..7a1eefa6c6 --- /dev/null +++ b/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8837.patch @@ -0,0 +1,63 @@ +From 61c37530a3abcb5db2f7a431e91dbb3531ff1816 Mon Sep 17 00:00:00 2001 +From: Michael Adams +Date: Tue, 5 Aug 2025 20:46:48 -0700 +Subject: [PATCH] Fixes #402, #403. + +JPEG-2000 (JPC) Decoder: +- Added the setting of several pointers to null in some cleanup code + after the pointed-to memory was freed. This pointer nulling is not + needed normally, but it is needed when certain debugging logs are + enabled (so that the debug code understands that the memory associated + with the aforementioned pointers has been freed). + +CVE: CVE-2025-8837 +Upstream-Status: Backport [https://github.com/jasper-software/jasper/commit/8308060d3fbc1da10353ac8a95c8ea60eba9c25a] + +Signed-off-by: Gyorgy Sarvari +--- + src/libjasper/jpc/jpc_dec.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/src/libjasper/jpc/jpc_dec.c b/src/libjasper/jpc/jpc_dec.c +index 2553696..c2600c4 100644 +--- a/src/libjasper/jpc/jpc_dec.c ++++ b/src/libjasper/jpc/jpc_dec.c +@@ -1107,23 +1107,23 @@ static int jpc_dec_tilefini(jpc_dec_t *dec, jpc_dec_tile_t *tile) + + if (tile->cp) { + jpc_dec_cp_destroy(tile->cp); +- //tile->cp = 0; ++ tile->cp = 0; + } + if (tile->tcomps) { + jas_free(tile->tcomps); +- //tile->tcomps = 0; ++ tile->tcomps = 0; + } + if (tile->pi) { + jpc_pi_destroy(tile->pi); +- //tile->pi = 0; ++ tile->pi = 0; + } + if (tile->pkthdrstream) { + jas_stream_close(tile->pkthdrstream); +- //tile->pkthdrstream = 0; ++ tile->pkthdrstream = 0; + } + if (tile->pptstab) { + jpc_ppxstab_destroy(tile->pptstab); +- //tile->pptstab = 0; ++ tile->pptstab = 0; + } + + tile->state = JPC_TILE_DONE; +@@ -2259,6 +2259,9 @@ static int jpc_dec_dump(const jpc_dec_t *dec, FILE *out) + const jpc_dec_tile_t *tile; + for (tileno = 0, tile = dec->tiles; tileno < dec->numtiles; + ++tileno, ++tile) { ++ if (!tile->tcomps) { ++ continue; ++ } + assert(!dec->numcomps || tile->tcomps); + unsigned compno; + const jpc_dec_tcomp_t *tcomp; diff --git a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb index d78250306b..e972b7b85a 100644 --- a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb +++ b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb @@ -7,6 +7,7 @@ SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=mas file://CVE-2023-51257.patch \ file://CVE-2025-8835.patch \ file://CVE-2025-8836.patch \ + file://CVE-2025-8837.patch \ " SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973"