[Buildroot] [git commit branch/2025.02.x] package/openjpeg: bump version to 2.5.4
Titouan Christophe
titouan.christophe at mind.be
Tue Sep 30 08:19:48 UTC 2025
commit: https://git.buildroot.net/buildroot/commit/?id=367470848013def164722cdbc1954ab1199fa6c5
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2025.02.x
And drop now included security patch. For details, see:
https://github.com/uclouvain/openjpeg/releases/tag/v2.5.4
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Signed-off-by: Julien Olivain <ju.o at free.fr>
(cherry picked from commit 4655cfd8f306be2f1421e070b5686c6637bf4c5a)
Signed-off-by: Titouan Christophe <titouan.christophe at mind.be>
---
...0001-check-for-error-after-parsing-header.patch | 41 ----------------------
package/openjpeg/openjpeg.hash | 2 +-
package/openjpeg/openjpeg.mk | 5 +--
3 files changed, 2 insertions(+), 46 deletions(-)
diff --git a/package/openjpeg/0001-check-for-error-after-parsing-header.patch b/package/openjpeg/0001-check-for-error-after-parsing-header.patch
deleted file mode 100644
index 9a02fbf3d4..0000000000
--- a/package/openjpeg/0001-check-for-error-after-parsing-header.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From f809b80c67717c152a5ad30bf06774f00da4fd2d Mon Sep 17 00:00:00 2001
-From: Sebastian Rasmussen <sebras at gmail.com>
-Date: Thu, 16 Jan 2025 02:13:43 +0100
-Subject: [PATCH] opj_jp2_read_header: Check for error after parsing header.
-
-Consider the case where the caller has not set the p_image
-pointer to NULL before calling opj_read_header().
-
-If opj_j2k_read_header_procedure() fails while obtaining the rest
-of the marker segment when calling opj_stream_read_data() because
-the data stream is too short, then opj_j2k_read_header() will
-never have the chance to initialize p_image, leaving it
-uninitialized.
-
-opj_jp2_read_header() will check the p_image value whether
-opj_j2k_read_header() suceeded or failed. This may be detected as
-an error in valgrind or ASAN.
-
-The fix is to check whether opj_j2k_read_header() suceeded before
-using the output argument p_image.
-
-Upstream: https://github.com/uclouvain/openjpeg/commit/f809b80c67717c152a5ad30bf06774f00da4fd2d
-CVE: CVE-2025-54874
-Signed-off-by: Thomas Perale <thomas.perale at mind.be>
----
- src/lib/openjp2/jp2.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/lib/openjp2/jp2.c b/src/lib/openjp2/jp2.c
-index 4df055a54..da5063186 100644
---- a/src/lib/openjp2/jp2.c
-+++ b/src/lib/openjp2/jp2.c
-@@ -2873,7 +2873,7 @@ OPJ_BOOL opj_jp2_read_header(opj_stream_private_t *p_stream,
- p_image,
- p_manager);
-
-- if (p_image && *p_image) {
-+ if (ret && p_image && *p_image) {
- /* Set Image Color Space */
- if (jp2->enumcs == 16) {
- (*p_image)->color_space = OPJ_CLRSPC_SRGB;
diff --git a/package/openjpeg/openjpeg.hash b/package/openjpeg/openjpeg.hash
index 1992d5ca6a..3fda2a243b 100644
--- a/package/openjpeg/openjpeg.hash
+++ b/package/openjpeg/openjpeg.hash
@@ -1,3 +1,3 @@
# Locally computed:
-sha256 368fe0468228e767433c9ebdea82ad9d801a3ad1e4234421f352c8b06e7aa707 openjpeg-2.5.3.tar.gz
+sha256 a695fbe19c0165f295a8531b1e4e855cd94d0875d2f88ec4b61080677e27188a openjpeg-2.5.4.tar.gz
sha256 a6af136f3e15038a666b61f376612a07d9a4e48cb7c01adbf3e33b3f14ab49b6 LICENSE
diff --git a/package/openjpeg/openjpeg.mk b/package/openjpeg/openjpeg.mk
index 7b1352c222..bc5d8143a6 100644
--- a/package/openjpeg/openjpeg.mk
+++ b/package/openjpeg/openjpeg.mk
@@ -4,16 +4,13 @@
#
################################################################################
-OPENJPEG_VERSION = 2.5.3
+OPENJPEG_VERSION = 2.5.4
OPENJPEG_SITE = $(call github,uclouvain,openjpeg,v$(OPENJPEG_VERSION))
OPENJPEG_LICENSE = BSD-2-Clause
OPENJPEG_LICENSE_FILES = LICENSE
OPENJPEG_CPE_ID_VENDOR = uclouvain
OPENJPEG_INSTALL_STAGING = YES
-# 0001-check-for-error-after-parsing-header.patch
-OPENJPEG_IGNORE_CVES += CVE-2025-54874
-
OPENJPEG_DEPENDENCIES += $(if $(BR2_PACKAGE_ZLIB),zlib)
OPENJPEG_DEPENDENCIES += $(if $(BR2_PACKAGE_LIBPNG),libpng)
OPENJPEG_DEPENDENCIES += $(if $(BR2_PACKAGE_TIFF),tiff)
More information about the buildroot
mailing list