* [meta-oe][PATCH] openjpeg: Fix CVE-2020-6851
@ 2020-03-11 14:58 Sakib Sajal
2020-03-11 15:02 ` ✗ patchtest: failure for " Patchwork
0 siblings, 1 reply; 2+ messages in thread
From: Sakib Sajal @ 2020-03-11 14:58 UTC (permalink / raw)
To: openembedded-core
From: Yue Tao <Yue.Tao@windriver.com>
Backport patch from upstream to fix heap-based buffer overflow
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Sakib Sajal <Sakib.Sajal@windriver.com>
---
.../openjpeg/openjpeg/CVE-2020-6851.patch | 32 +++++++++++++++++++
.../openjpeg/openjpeg_2.3.1.bb | 1 +
2 files changed, 33 insertions(+)
create mode 100644 meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-6851.patch
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-6851.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-6851.patch
new file mode 100644
index 000000000..9f2fc901f
--- /dev/null
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-6851.patch
@@ -0,0 +1,32 @@
+From 024b8407392cb0b82b04b58ed256094ed5799e04 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 11 Jan 2020 01:51:19 +0100
+Subject: [PATCH] opj_j2k_update_image_dimensions(): reject images whose
+ coordinates are beyond INT_MAX (fixes #1228)
+
+---
+ src/lib/openjp2/j2k.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index 14f6ff41..922550eb 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -9236,6 +9236,14 @@ static OPJ_BOOL opj_j2k_update_image_dim
+ l_img_comp = p_image->comps;
+ for (it_comp = 0; it_comp < p_image->numcomps; ++it_comp) {
+ OPJ_INT32 l_h, l_w;
++ if (p_image->x0 > (OPJ_UINT32)INT_MAX ||
++ p_image->y0 > (OPJ_UINT32)INT_MAX ||
++ p_image->x1 > (OPJ_UINT32)INT_MAX ||
++ p_image->y1 > (OPJ_UINT32)INT_MAX) {
++ opj_event_msg(p_manager, EVT_ERROR,
++ "Image coordinates above INT_MAX are not supported\n");
++ return OPJ_FALSE;
++ }
+
+ l_img_comp->x0 = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)p_image->x0,
+ (OPJ_INT32)l_img_comp->dx);
+--
+2.17.1
+
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb
index ffd4099b4..4045148dd 100644
--- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb
@@ -8,6 +8,7 @@ DEPENDS = "libpng tiff lcms zlib"
SRC_URI = " \
git://github.com/uclouvain/openjpeg.git \
file://0002-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \
+ file://CVE-2020-6851.patch \
"
SRCREV = "57096325457f96d8cd07bd3af04fe81d7a2ba788"
S = "${WORKDIR}/git"
--
2.24.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* ✗ patchtest: failure for openjpeg: Fix CVE-2020-6851
2020-03-11 14:58 [meta-oe][PATCH] openjpeg: Fix CVE-2020-6851 Sakib Sajal
@ 2020-03-11 15:02 ` Patchwork
0 siblings, 0 replies; 2+ messages in thread
From: Patchwork @ 2020-03-11 15:02 UTC (permalink / raw)
To: Sakib Sajal; +Cc: openembedded-core
== Series Details ==
Series: openjpeg: Fix CVE-2020-6851
Revision: 1
URL : https://patchwork.openembedded.org/series/23201/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:
* Patch [meta-oe] openjpeg: Fix CVE-2020-6851
Issue Series sent to the wrong mailing list [test_target_mailing_list]
Suggested fix Check the project's README (meta-oe) and send the patch to the indicated list
* Issue Series does not apply on top of target branch [test_series_merge_on_head]
Suggested fix Rebase your series on top of targeted branch
Targeted branch master (currently at baecda5b32)
* Patch [meta-oe] openjpeg: Fix CVE-2020-6851
Issue Missing or incorrectly formatted CVE tag in included patch file [test_cve_tag_format]
Suggested fix Correct or include the CVE tag on cve patch with format: "CVE: CVE-YYYY-XXXX"
* Issue A patch file has been added, but does not have a Signed-off-by tag [test_signed_off_by_presence]
Suggested fix Sign off the added patch file (meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-6851.patch)
* Issue Added patch file is missing Upstream-Status in the header [test_upstream_status_presence_format]
Suggested fix Add Upstream-Status: <Valid status> to the header of meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-6851.patch
Standard format Upstream-Status: <Valid status>
Valid status Pending, Accepted, Backport, Denied, Inappropriate [reason], Submitted [where]
If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).
---
Guidelines: https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-03-11 15:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-03-11 14:58 [meta-oe][PATCH] openjpeg: Fix CVE-2020-6851 Sakib Sajal
2020-03-11 15:02 ` ✗ patchtest: failure for " Patchwork
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox