[Buildroot] [git commit branch/2023.05.x] package/libjxl: security bump to version 0.8.2

Sun Sep 24 19:03:00 UTC 2023

commit: https://git.buildroot.net/buildroot/commit/?id=9599db51f53db925798fd3b55fbc8faf2d653edf
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2023.05.x

Fix CVE-2023-35790: An issue was discovered in dec_patch_dictionary.cc
in libjxl before 0.8.2. An integer underflow in patch decoding can lead
to a denial of service, such as an infinite loop.

https://github.com/libjxl/libjxl/releases/tag/v0.8.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Reviewed-by: Julien Olivain <ju.o at free.fr>
Tested-by: Julien Olivain <ju.o at free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
(cherry picked from commit e4572cc705b92f593e87095619b30f016ae507d9)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 package/libjxl/libjxl.hash | 2 +-
 package/libjxl/libjxl.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/libjxl/libjxl.hash b/package/libjxl/libjxl.hash
index 6b4c9d8d0a..c8f98d10ea 100644
--- a/package/libjxl/libjxl.hash
+++ b/package/libjxl/libjxl.hash
@@ -1,4 +1,4 @@
 # Locally computed:
-sha256  60f43921ad3209c9e180563025eda0c0f9b1afac51a2927b9ff59fff3950dc56  libjxl-0.8.1.tar.gz
+sha256  c70916fb3ed43784eb840f82f05d390053a558e2da106e40863919238fa7b420  libjxl-0.8.2.tar.gz
 sha256  8405932022a556380c2d8c272eff154a923feb197233f348ce5f7334fb0a5ede  LICENSE
 sha256  91915f8ae056a68a3c5bdf05d9f6f78bb6903e27a8ca3a8434c9e4ac87300575  PATENTS
diff --git a/package/libjxl/libjxl.mk b/package/libjxl/libjxl.mk
index f603327bf6..47c110eb53 100644
--- a/package/libjxl/libjxl.mk
+++ b/package/libjxl/libjxl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBJXL_VERSION = 0.8.1
+LIBJXL_VERSION = 0.8.2
 LIBJXL_SITE = $(call github,libjxl,libjxl,v$(LIBJXL_VERSION))
 LIBJXL_LICENSE = BSD-3-Clause
 LIBJXL_LICENSE_FILES = LICENSE PATENTS

