jasper: patch CVE-2025-8837

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8837 Pick the patch that is referenced by the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2025-11-23 18:43:09 +0100
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2025-11-30 15:13:57 +0100
commit: afb12967238358032fd39e030c23ede6c7ddf968 (patch)
tree: 30c421e2fafeeb0ba20ab78ce3ac9b523392a06e
parent: 42058c812064a7189baa8861bb181454a85c668f (diff)
download: meta-openembedded-afb12967238358032fd39e030c23ede6c7ddf968.tar.gz
2 files changed, 64 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8837.patch b/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8837.patch
new file mode 100644
index 0000000000..7a1eefa6c6
--- /dev/null
+++ b/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8837.patch
@@ -0,0 +1,63 @@
+From 61c37530a3abcb5db2f7a431e91dbb3531ff1816 Mon Sep 17 00:00:00 2001
+From: Michael Adams <mdadams@ece.uvic.ca>
+Date: Tue, 5 Aug 2025 20:46:48 -0700
+Subject: [PATCH] Fixes #402, #403.
+JPEG-2000 (JPC) Decoder:
+- Added the setting of several pointers to null in some cleanup code
+  after the pointed-to memory was freed.  This pointer nulling is not
+  needed normally, but it is needed when certain debugging logs are
+  enabled (so that the debug code understands that the memory associated
+  with the aforementioned pointers has been freed).
+CVE: CVE-2025-8837
+Upstream-Status: Backport [https://github.com/jasper-software/jasper/commit/8308060d3fbc1da10353ac8a95c8ea60eba9c25a]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/libjasper/jpc/jpc_dec.c |  13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+diff --git a/src/libjasper/jpc/jpc_dec.c b/src/libjasper/jpc/jpc_dec.c
+index 2553696..c2600c4 100644
+--- a/src/libjasper/jpc/jpc_dec.c
+++ b/src/libjasper/jpc/jpc_dec.c
+@@ -1107,23 +1107,23 @@ static int jpc_dec_tilefini(jpc_dec_t *dec, jpc_dec_tile_t *tile)
+ 
+        if (tile->cp) {
+                jpc_dec_cp_destroy(tile->cp);
+-               //tile->cp = 0;
+               tile->cp = 0;
+        }
+        if (tile->tcomps) {
+                jas_free(tile->tcomps);
+-               //tile->tcomps = 0;
+               tile->tcomps = 0;
+        }
+        if (tile->pi) {
+                jpc_pi_destroy(tile->pi);
+-               //tile->pi = 0;
+               tile->pi = 0;
+        }
+        if (tile->pkthdrstream) {
+                jas_stream_close(tile->pkthdrstream);
+-               //tile->pkthdrstream = 0;
+               tile->pkthdrstream = 0;
+        }
+        if (tile->pptstab) {
+                jpc_ppxstab_destroy(tile->pptstab);
+-               //tile->pptstab = 0;
+               tile->pptstab = 0;
+        }
+ 
+        tile->state = JPC_TILE_DONE;
+@@ -2259,6 +2259,9 @@ static int jpc_dec_dump(const jpc_dec_t *dec, FILE *out)
+        const jpc_dec_tile_t *tile;
+        for (tileno = 0, tile = dec->tiles; tileno < dec->numtiles;
+          ++tileno, ++tile) {
+               if (!tile->tcomps) {
+                       continue;
+               }
+                assert(!dec->numcomps || tile->tcomps);
+                unsigned compno;
+                const jpc_dec_tcomp_t *tcomp;
diff --git a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
index d78250306b..e972b7b85a 100644
--- a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
+++ b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
@@ -7,6 +7,7 @@ SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=mas
           file://CVE-2023-51257.patch \
           file://CVE-2025-8835.patch \
           file://CVE-2025-8836.patch \
+           file://CVE-2025-8837.patch \
           "
 SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2025-11-23 18:43:09 +0100
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2025-11-30 15:13:57 +0100
commit	afb12967238358032fd39e030c23ede6c7ddf968 (patch)
tree	30c421e2fafeeb0ba20ab78ce3ac9b523392a06e
parent	42058c812064a7189baa8861bb181454a85c668f (diff)
download	meta-openembedded-afb12967238358032fd39e030c23ede6c7ddf968.tar.gz

diff --git a/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8837.patch b/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8837.patch new file mode 100644 index 0000000000..7a1eefa6c6 --- /dev/null +++ b/meta-oe/recipes-graphics/jasper/jasper/CVE-2025-8837.patch
@@ -0,0 +1,63 @@
		1	From 61c37530a3abcb5db2f7a431e91dbb3531ff1816 Mon Sep 17 00:00:00 2001
		2	From: Michael Adams <mdadams@ece.uvic.ca>
		3	Date: Tue, 5 Aug 2025 20:46:48 -0700
		4	Subject: [PATCH] Fixes #402, #403.
		5
		6	JPEG-2000 (JPC) Decoder:
		7	- Added the setting of several pointers to null in some cleanup code
		8	after the pointed-to memory was freed. This pointer nulling is not
		9	needed normally, but it is needed when certain debugging logs are
		10	enabled (so that the debug code understands that the memory associated
		11	with the aforementioned pointers has been freed).
		12
		13	CVE: CVE-2025-8837
		14	Upstream-Status: Backport [https://github.com/jasper-software/jasper/commit/8308060d3fbc1da10353ac8a95c8ea60eba9c25a]
		15
		16	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		17	---
		18	src/libjasper/jpc/jpc_dec.c \| 13 ++++++++-----
		19	1 file changed, 8 insertions(+), 5 deletions(-)
		20
		21	diff --git a/src/libjasper/jpc/jpc_dec.c b/src/libjasper/jpc/jpc_dec.c
		22	index 2553696..c2600c4 100644
		23	--- a/src/libjasper/jpc/jpc_dec.c
		24	+++ b/src/libjasper/jpc/jpc_dec.c
		25	@@ -1107,23 +1107,23 @@ static int jpc_dec_tilefini(jpc_dec_t dec, jpc_dec_tile_t tile)
		26
		27	if (tile->cp) {
		28	jpc_dec_cp_destroy(tile->cp);
		29	- //tile->cp = 0;
		30	+ tile->cp = 0;
		31	}
		32	if (tile->tcomps) {
		33	jas_free(tile->tcomps);
		34	- //tile->tcomps = 0;
		35	+ tile->tcomps = 0;
		36	}
		37	if (tile->pi) {
		38	jpc_pi_destroy(tile->pi);
		39	- //tile->pi = 0;
		40	+ tile->pi = 0;
		41	}
		42	if (tile->pkthdrstream) {
		43	jas_stream_close(tile->pkthdrstream);
		44	- //tile->pkthdrstream = 0;
		45	+ tile->pkthdrstream = 0;
		46	}
		47	if (tile->pptstab) {
		48	jpc_ppxstab_destroy(tile->pptstab);
		49	- //tile->pptstab = 0;
		50	+ tile->pptstab = 0;
		51	}
		52
		53	tile->state = JPC_TILE_DONE;
		54	@@ -2259,6 +2259,9 @@ static int jpc_dec_dump(const jpc_dec_t dec, FILE out)
		55	const jpc_dec_tile_t *tile;
		56	for (tileno = 0, tile = dec->tiles; tileno < dec->numtiles;
		57	++tileno, ++tile) {
		58	+ if (!tile->tcomps) {
		59	+ continue;
		60	+ }
		61	assert(!dec->numcomps \|\| tile->tcomps);
		62	unsigned compno;
		63	const jpc_dec_tcomp_t *tcomp;


diff --git a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb index d78250306b..e972b7b85a 100644 --- a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb +++ b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
@@ -7,6 +7,7 @@ SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=mas
7	file://CVE-2023-51257.patch \	7	file://CVE-2023-51257.patch \
8	file://CVE-2025-8835.patch \	8	file://CVE-2025-8835.patch \
9	file://CVE-2025-8836.patch \	9	file://CVE-2025-8836.patch \
		10	file://CVE-2025-8837.patch \
10	"	11	"
11	SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973"	12	SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973"
12		13