From 73a77e86275f347b8d6ce716e00d1271c6a562f7 Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Mon, 6 Oct 2025 20:03:36 +0200 Subject: [PATCH] jasper: upgrade 4.2.4 -> 4.2.8 The upgrade contains fixes for the following vulenrabilities: CVE-2025-8835, CVE-2025-8836, CVE-2025-8837 Changelog: 4.2.8: Fixed a bug in the JPC decoder that could cause bad memory accesses if the debug level is set sufficiently high. 4.2.7: Added some missing range checking on several coding parameters in the JPC encoder. 4.2.6: Added a check for a missing color component in the jas_image_chclrspc function. Fixed a minor build problem related to the use of -Wstrict-prototypes with Clang. 4.2.5: Made a change to a configuration header file in order to avoid undesirable compiler warnings when JasPer is used in C++ code Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --- .../jasper/{jasper_4.2.4.bb => jasper_4.2.8.bb} | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) rename meta-oe/recipes-graphics/jasper/{jasper_4.2.4.bb => jasper_4.2.8.bb} (81%) diff --git a/meta-oe/recipes-graphics/jasper/jasper_4.2.4.bb b/meta-oe/recipes-graphics/jasper/jasper_4.2.8.bb similarity index 81% rename from meta-oe/recipes-graphics/jasper/jasper_4.2.4.bb rename to meta-oe/recipes-graphics/jasper/jasper_4.2.8.bb index 4796a85190..dd3cf3fdb6 100644 --- a/meta-oe/recipes-graphics/jasper/jasper_4.2.4.bb +++ b/meta-oe/recipes-graphics/jasper/jasper_4.2.8.bb @@ -4,9 +4,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a80440d1d8f17d041c71c7271d6e06eb" SRC_URI = "https://github.com/jasper-software/${BPN}/releases/download/version-${PV}/${BP}.tar.gz" -SRC_URI[sha256sum] = "6a597613d8d84c500b5b83bf0eec06cd3707c23d19957f70354ac2394c9914e7" - -CVE_STATUS[CVE-2015-8751] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +SRC_URI[sha256sum] = "98058a94fbff57ec6e31dcaec37290589de0ba6f47c966f92654681a56c71fae" inherit cmake multilib_header