2 files changed, 52 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch
new file mode 100644
index 0000000000..f5ce11a27f
--- /dev/null
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch
@@ -0,0 +1,51 @@
+From e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 28 Jun 2020 14:19:59 +0200
+Subject: [PATCH] opj_decompress: fix double-free on input directory with mix
+ of valid and invalid images (CVE-2020-15389)
+Fixes #1261
+Credits to @Ruia-ruia for reporting and analysis.
+---
+ src/bin/jp2/opj_decompress.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+ 
+--- end of original header ---
+CVE: CVE-2020-15389
+Upstream-Status: Backport [git://github.com/uclouvain/openjpeg.git]
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+---
+diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
+index 7eeb0952..2634907f 100644
+--- a/src/bin/jp2/opj_decompress.c
+++ b/src/bin/jp2/opj_decompress.c
+@@ -1316,10 +1316,6 @@ static opj_image_t* upsample_image_components(opj_image_t* original)
+ int main(int argc, char **argv)
+ {
+     opj_decompress_parameters parameters;           /* decompression parameters */
+-    opj_image_t* image = NULL;
+-    opj_stream_t *l_stream = NULL;              /* Stream */
+-    opj_codec_t* l_codec = NULL;                /* Handle to a decompressor */
+-    opj_codestream_index_t* cstr_index = NULL;
+ 
+     OPJ_INT32 num_images, imageno;
+     img_fol_t img_fol;
+@@ -1393,6 +1389,10 @@ int main(int argc, char **argv)
+ 
+     /*Decoding image one by one*/
+     for (imageno = 0; imageno < num_images ; imageno++)  {
+        opj_image_t* image = NULL;
+        opj_stream_t *l_stream = NULL;              /* Stream */
+        opj_codec_t* l_codec = NULL;                /* Handle to a decompressor */
+        opj_codestream_index_t* cstr_index = NULL;
+ 
+         if (!parameters.quiet) {
+             fprintf(stderr, "\n");
+-- 
+2.17.1
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb
index 42011efa97..a0740a2740 100644
--- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb
@@ -10,6 +10,7 @@ SRC_URI = " \
    file://0002-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \
    file://CVE-2020-6851.patch \
    file://CVE-2020-8112.patch \
+    file://CVE-2020-15389.patch \
 "
 SRCREV = "57096325457f96d8cd07bd3af04fe81d7a2ba788"
 S = "${WORKDIR}/git"

diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch new file mode 100644 index 0000000000..f5ce11a27f --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch
@@ -0,0 +1,51 @@
		1	From e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 Mon Sep 17 00:00:00 2001
		2	From: Even Rouault <even.rouault@spatialys.com>
		3	Date: Sun, 28 Jun 2020 14:19:59 +0200
		4	Subject: [PATCH] opj_decompress: fix double-free on input directory with mix
		5	of valid and invalid images (CVE-2020-15389)
		6
		7	Fixes #1261
		8
		9	Credits to @Ruia-ruia for reporting and analysis.
		10	---
		11	src/bin/jp2/opj_decompress.c \| 8 ++++----
		12	1 file changed, 4 insertions(+), 4 deletions(-)
		13
		14	--- end of original header ---
		15
		16	CVE: CVE-2020-15389
		17
		18	Upstream-Status: Backport [git://github.com/uclouvain/openjpeg.git]
		19
		20	Signed-off-by: Joe Slater <joe.slater@windriver.com>
		21
		22	---
		23	diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
		24	index 7eeb0952..2634907f 100644
		25	--- a/src/bin/jp2/opj_decompress.c
		26	+++ b/src/bin/jp2/opj_decompress.c
		27	@@ -1316,10 +1316,6 @@ static opj_image_t* upsample_image_components(opj_image_t* original)
		28	int main(int argc, char **argv)
		29	{
		30	opj_decompress_parameters parameters; /* decompression parameters */
		31	- opj_image_t* image = NULL;
		32	- opj_stream_t l_stream = NULL; / Stream */
		33	- opj_codec_t* l_codec = NULL; /* Handle to a decompressor */
		34	- opj_codestream_index_t* cstr_index = NULL;
		35
		36	OPJ_INT32 num_images, imageno;
		37	img_fol_t img_fol;
		38	@@ -1393,6 +1389,10 @@ int main(int argc, char **argv)
		39
		40	/Decoding image one by one/
		41	for (imageno = 0; imageno < num_images ; imageno++) {
		42	+ opj_image_t* image = NULL;
		43	+ opj_stream_t l_stream = NULL; / Stream */
		44	+ opj_codec_t* l_codec = NULL; /* Handle to a decompressor */
		45	+ opj_codestream_index_t* cstr_index = NULL;
		46
		47	if (!parameters.quiet) {
		48	fprintf(stderr, "\n");
		49	--
		50	2.17.1
		51


diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb index 42011efa97..a0740a2740 100644 --- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb
@@ -10,6 +10,7 @@ SRC_URI = " \
10	file://0002-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \	10	file://0002-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \
11	file://CVE-2020-6851.patch \	11	file://CVE-2020-6851.patch \
12	file://CVE-2020-8112.patch \	12	file://CVE-2020-8112.patch \
		13	file://CVE-2020-15389.patch \
13	"	14	"
14	SRCREV = "57096325457f96d8cd07bd3af04fe81d7a2ba788"	15	SRCREV = "57096325457f96d8cd07bd3af04fe81d7a2ba788"
15	S = "${WORKDIR}/git"	16	S = "${WORKDIR}/git"