[Buildroot] [PATCH] package/opencv4 (-contrib): security bump to v4.12.0
Thomas Perale
thomas.perale at mind.be
Thu Sep 25 20:16:52 UTC 2025
In reply of:
> This fixes the following vulnerability:
> - CVE-2025-53644:
> OpenCV is an Open Source Computer Vision Library. Versions prior to
> 4.12.0 have an uninitialized pointer variable on stack that may lead
> to arbitrary heap buffer write when reading crafted JPEG images.
> Version 4.12.0 fixes the vulnerability.
> https://www.cve.org/CVERecord?id=CVE-2025-53644
>
> Signed-off-by: Titouan Christophe <titouan.christophe at mind.be>
Applied to 2025.02.x, 2025.05.x & 2025.08.x. Thanks
> ---
> package/opencv4-contrib/opencv4-contrib.hash | 2 +-
> package/opencv4-contrib/opencv4-contrib.mk | 2 +-
> package/opencv4/opencv4.hash | 2 +-
> package/opencv4/opencv4.mk | 2 +-
> 4 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/package/opencv4-contrib/opencv4-contrib.hash b/package/opencv4-contrib/opencv4-contrib.hash
> index b406f3d11e..dc9e810318 100644
> --- a/package/opencv4-contrib/opencv4-contrib.hash
> +++ b/package/opencv4-contrib/opencv4-contrib.hash
> @@ -1,3 +1,3 @@
> # Locally calculated
> -sha256 2dfc5957201de2aa785064711125af6abb2e80a64e2dc246aca4119b19687041 opencv4-contrib-4.11.0.tar.gz
> +sha256 4197722b4c5ed42b476d42e29beb29a52b6b25c34ec7b4d589c3ae5145fee98e opencv4-contrib-4.12.0.tar.gz
> sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 LICENSE
> diff --git a/package/opencv4-contrib/opencv4-contrib.mk b/package/opencv4-contrib/opencv4-contrib.mk
> index 3961ca4a25..c1273237aa 100644
> --- a/package/opencv4-contrib/opencv4-contrib.mk
> +++ b/package/opencv4-contrib/opencv4-contrib.mk
> @@ -5,7 +5,7 @@
> ################################################################################
>
> # When updating the version, please also update opencv4
> -OPENCV4_CONTRIB_VERSION = 4.11.0
> +OPENCV4_CONTRIB_VERSION = 4.12.0
> OPENCV4_CONTRIB_SITE = $(call github,opencv,opencv_contrib,$(OPENCV4_CONTRIB_VERSION))
> OPENCV4_CONTRIB_INSTALL_TARGET = NO
> OPENCV4_CONTRIB_LICENSE = Apache-2.0
> diff --git a/package/opencv4/opencv4.hash b/package/opencv4/opencv4.hash
> index 6a3501b051..a39b199166 100644
> --- a/package/opencv4/opencv4.hash
> +++ b/package/opencv4/opencv4.hash
> @@ -1,3 +1,3 @@
> # Locally calculated
> -sha256 9a7c11f924eff5f8d8070e297b322ee68b9227e003fd600d4b8122198091665f opencv4-4.11.0.tar.gz
> +sha256 44c106d5bb47efec04e531fd93008b3fcd1d27138985c5baf4eafac0e1ec9e9d opencv4-4.12.0.tar.gz
> sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 LICENSE
> diff --git a/package/opencv4/opencv4.mk b/package/opencv4/opencv4.mk
> index d3df1a39f7..9691eb78e8 100644
> --- a/package/opencv4/opencv4.mk
> +++ b/package/opencv4/opencv4.mk
> @@ -5,7 +5,7 @@
> ################################################################################
>
> # When updating the version, please also update opencv4-contrib
> -OPENCV4_VERSION = 4.11.0
> +OPENCV4_VERSION = 4.12.0
> OPENCV4_SITE = $(call github,opencv,opencv,$(OPENCV4_VERSION))
> OPENCV4_INSTALL_STAGING = YES
> OPENCV4_LICENSE = Apache-2.0
> --
> 2.51.0
>
> _______________________________________________
> buildroot mailing list
> buildroot at buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
More information about the buildroot
mailing list