2 files changed, 43 insertions, 1 deletions
diff --git a/meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch b/meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch
new file mode 100644
index 0000000000..96c23698b9
--- /dev/null
+++ b/meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch
@@ -0,0 +1,40 @@
+From b19a51001e681d6c4bbc32b43bd425dee7f2caff Mon Sep 17 00:00:00 2001
+From: Michael Adams <mdadams@ece.uvic.ca>
+Date: Thu, 14 Dec 2023 19:04:19 -0800
+Subject: [PATCH] Fixes #367.
+Fixed an integer-overflow bug in the ICC profile parsing code.
+Added another invalid image to the test set.
+CVE: CVE-2023-51257
+Upstream-Status: Backport [https://github.com/jasper-software/jasper/commit/aeef5293c978158255ad4f127089644745602f2a]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/libjasper/base/jas_icc.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+diff --git a/src/libjasper/base/jas_icc.c b/src/libjasper/base/jas_icc.c
+index 905b823..7e69bd4 100644
+--- a/src/libjasper/base/jas_icc.c
+++ b/src/libjasper/base/jas_icc.c
+@@ -1295,10 +1295,20 @@ static int jas_icctxt_input(jas_iccattrval_t *attrval, jas_stream_t *in,
+ {
+        jas_icctxt_t *txt = &attrval->data.txt;
+        txt->string = 0;
+       /* The string must at least contain a single null character. */
+       if (cnt < 1) {
+               goto error;
+       }
+        if (!(txt->string = jas_malloc(cnt)))
+                goto error;
+        if (jas_stream_read(in, txt->string, cnt) != cnt)
+                goto error;
+       /* Ensure that the string is null terminated. */
+       if (txt->string[cnt - 1] != '\0') {
+               goto error;
+       }
+       /* The following line is redundant, unless we do not enforce that
+       the last character must be null. */
+        txt->string[cnt - 1] = '\0';
+        if (strlen(txt->string) + 1 != cnt)
+                goto error;
diff --git a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
index 27dff82df5..522adba93d 100644
--- a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
+++ b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
@@ -3,7 +3,9 @@ HOMEPAGE = "https://jasper-software.github.io/jasper/"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=a80440d1d8f17d041c71c7271d6e06eb"
-SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master"
+SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master \
+           file://CVE-2023-51257.patch \
+           "
 SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973"
 CVE_CHECK_IGNORE += "\

diff --git a/meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch b/meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch new file mode 100644 index 0000000000..96c23698b9 --- /dev/null +++ b/meta-oe/recipes-graphics/jasper/jasper/CVE-2023-51257.patch
@@ -0,0 +1,40 @@
		1	From b19a51001e681d6c4bbc32b43bd425dee7f2caff Mon Sep 17 00:00:00 2001
		2	From: Michael Adams <mdadams@ece.uvic.ca>
		3	Date: Thu, 14 Dec 2023 19:04:19 -0800
		4	Subject: [PATCH] Fixes #367.
		5
		6	Fixed an integer-overflow bug in the ICC profile parsing code.
		7	Added another invalid image to the test set.
		8
		9	CVE: CVE-2023-51257
		10	Upstream-Status: Backport [https://github.com/jasper-software/jasper/commit/aeef5293c978158255ad4f127089644745602f2a]
		11	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		12	---
		13	src/libjasper/base/jas_icc.c \| 10 ++++++++++
		14	1 file changed, 10 insertions(+)
		15
		16	diff --git a/src/libjasper/base/jas_icc.c b/src/libjasper/base/jas_icc.c
		17	index 905b823..7e69bd4 100644
		18	--- a/src/libjasper/base/jas_icc.c
		19	+++ b/src/libjasper/base/jas_icc.c
		20	@@ -1295,10 +1295,20 @@ static int jas_icctxt_input(jas_iccattrval_t attrval, jas_stream_t in,
		21	{
		22	jas_icctxt_t *txt = &attrval->data.txt;
		23	txt->string = 0;
		24	+ /* The string must at least contain a single null character. */
		25	+ if (cnt < 1) {
		26	+ goto error;
		27	+ }
		28	if (!(txt->string = jas_malloc(cnt)))
		29	goto error;
		30	if (jas_stream_read(in, txt->string, cnt) != cnt)
		31	goto error;
		32	+ /* Ensure that the string is null terminated. */
		33	+ if (txt->string[cnt - 1] != '\0') {
		34	+ goto error;
		35	+ }
		36	+ /* The following line is redundant, unless we do not enforce that
		37	+ the last character must be null. */
		38	txt->string[cnt - 1] = '\0';
		39	if (strlen(txt->string) + 1 != cnt)
		40	goto error;


diff --git a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb index 27dff82df5..522adba93d 100644 --- a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb +++ b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
@@ -3,7 +3,9 @@ HOMEPAGE = "https://jasper-software.github.io/jasper/"
3	LICENSE = "MIT"	3	LICENSE = "MIT"
4	LIC_FILES_CHKSUM = "file://LICENSE;md5=a80440d1d8f17d041c71c7271d6e06eb"	4	LIC_FILES_CHKSUM = "file://LICENSE;md5=a80440d1d8f17d041c71c7271d6e06eb"
5		5
6	SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master"	6	SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master \
		7	file://CVE-2023-51257.patch \
		8	"
7	SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973"	9	SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973"
8		10
9	CVE_CHECK_IGNORE += "\	11	CVE_CHECK_IGNORE += "\