| Message ID | 20250714085727.160771-1-sanakazi720@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [kirkstone,PATCHv2] fix-cipher-leak.patch: Fix patch-fuzz | expand |
Please follow the convention for commit messages and start with "recipe-name:". On Mon, Jul 14, 2025 at 3:59 PM Sana Kazi via lists.openembedded.org <sanakazi720=gmail.com@lists.openembedded.org> wrote: > > Refresh fix-cipher-leak.patch to fix patch-fuzz issue. > > Signed-off-by: Sana Kazi <sanakazi720@gmail.com> > --- > .../imagemagick/files/fix-cipher-leak.patch | 51 ++++++++++--------- > 1 file changed, 26 insertions(+), 25 deletions(-) > > diff --git a/meta-oe/recipes-support/imagemagick/files/fix-cipher-leak.patch b/meta-oe/recipes-support/imagemagick/files/fix-cipher-leak.patch > index a8985757f2..28fbd9e9ea 100644 > --- a/meta-oe/recipes-support/imagemagick/files/fix-cipher-leak.patch > +++ b/meta-oe/recipes-support/imagemagick/files/fix-cipher-leak.patch > @@ -9,7 +9,7 @@ Subject: [PATCH] possible divide by zero + clear buffers > MagickCore/memory.c | 22 ++++++++++++++++------ > MagickCore/signature.c | 2 +- > coders/thumbnail.c | 3 ++- > - 5 files changed, 41 insertions(+), 25 deletions(-) > + 5 files changed, 33 insertions(+), 22 deletions(-) > > CVE: CVE-2021-20311 > CVE: CVE-2021-20312 > @@ -19,35 +19,34 @@ Upstream-Status: Backport[https://github.com/ImageMagick/ImageMagick/commit/70aa > Comment: Refreshed patch based on the codebase > > Signed-off-by: Sana Kazi Sana.Kazi@kpit.com > + > diff --git a/MagickCore/cipher.c b/MagickCore/cipher.c > -index 057b11c4720..91ad1d1d662 100644 > +index 908266457..4548f0d60 100644 > --- a/MagickCore/cipher.c > +++ b/MagickCore/cipher.c > -@@ -484,8 +484,8 @@ static void EncipherAESBlock(AESInfo *ae > +@@ -482,8 +482,8 @@ static void EncipherAESBlock(AESInfo *aes_info,const unsigned char *plaintext, > Reset registers. > */ > alpha=0; > - (void) memset(key,0,sizeof(key)); > - (void) memset(text,0,sizeof(text)); > + (void) ResetMagickMemory(key,0,sizeof(key)); > -+ (void) ResetMagickMemory(text,0,sizeof(text)); > ++ (void) ResetMagickMemory(text,0,sizeof(text)); > } > - > - > + > /* > -@@ -708,8 +708,8 @@ MagickExport MagickBooleanType PasskeyDe > +@@ -706,8 +706,8 @@ MagickExport MagickBooleanType PasskeyDecipherImage(Image *image, > */ > quantum_info=DestroyQuantumInfo(quantum_info); > aes_info=DestroyAESInfo(aes_info); > - (void) memset(input_block,0,sizeof(input_block)); > - (void) memset(output_block,0,sizeof(output_block)); > + (void) ResetMagickMemory(input_block,0,sizeof(input_block)); > -+ (void) ResetMagickMemory(output_block,0,sizeof(output_block)); > ++ (void) ResetMagickMemory(output_block,0,sizeof(output_block)); > return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse); > } > - > - > -@@ -925,8 +925,8 @@ MagickExport MagickBooleanType PasskeyEn > + > +@@ -923,8 +923,8 @@ MagickExport MagickBooleanType PasskeyEncipherImage(Image *image, > */ > quantum_info=DestroyQuantumInfo(quantum_info); > aes_info=DestroyAESInfo(aes_info); > @@ -57,13 +56,12 @@ index 057b11c4720..91ad1d1d662 100644 > + (void) ResetMagickMemory(output_block,0,sizeof(output_block)); > return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse); > } > - > - > + > diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c > -index 2ffc72f88fa..e3b7df339f6 100644 > +index ac9f7e91b..b78b84b47 100644 > --- a/MagickCore/colorspace.c > +++ b/MagickCore/colorspace.c > -@@ -940,15 +940,15 @@ static MagickBooleanType sRGBTransformImage(Image *image, > +@@ -850,15 +850,15 @@ static MagickBooleanType sRGBTransformImage(Image *image, > if (logmap == (Quantum *) NULL) > ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed", > image->filename); > @@ -83,7 +81,7 @@ index 2ffc72f88fa..e3b7df339f6 100644 > image_view=AcquireAuthenticCacheView(image,exception); > #if defined(MAGICKCORE_OPENMP_SUPPORT) > #pragma omp parallel for schedule(static) shared(status) \ > -@@ -2502,14 +2502,14 @@ static MagickBooleanType TransformsRGBImage(Image *image, > +@@ -2394,14 +2394,14 @@ static MagickBooleanType TransformsRGBImage(Image *image, > if (logmap == (Quantum *) NULL) > ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed", > image->filename); > @@ -103,10 +101,10 @@ index 2ffc72f88fa..e3b7df339f6 100644 > logmap[i]=QuantumRange; > if (image->storage_class == PseudoClass) > diff --git a/MagickCore/memory.c b/MagickCore/memory.c > -index 2598044486a..01bc80d86c5 100644 > +index 060b05e71..5db57acc7 100644 > --- a/MagickCore/memory.c > +++ b/MagickCore/memory.c > -@@ -1269,26 +1269,36 @@ MagickExport MemoryInfo *RelinquishVirtualMemory(MemoryInfo *memory_info) > +@@ -1230,26 +1230,36 @@ MagickExport MemoryInfo *RelinquishVirtualMemory(MemoryInfo *memory_info) > % % > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% > % > @@ -144,13 +142,13 @@ index 2598044486a..01bc80d86c5 100644 > assert(memory != (void *) NULL); > - return(memset(memory,byte,size)); > + while (n-- != 0) > -+ *p++=(unsigned char) c; > -+ return(memory); > ++ *p++=(unsigned char) c; > ++ return(memory); > } > - > + > /* > diff --git a/MagickCore/signature.c b/MagickCore/signature.c > -index 2d9b0801523..1f79c91b11b 100644 > +index f0f0e42e0..f21feda27 100644 > --- a/MagickCore/signature.c > +++ b/MagickCore/signature.c > @@ -736,7 +736,7 @@ RestoreMSCWarning > @@ -160,10 +158,10 @@ index 2d9b0801523..1f79c91b11b 100644 > - (void) memset(W,0,sizeof(W)); > + (void) ResetMagickMemory(W,0,sizeof(W)); > } > - > + > /* > diff --git a/coders/thumbnail.c b/coders/thumbnail.c > -index 59d97380d9e..e92dd312011 100644 > +index 1f7900aef..169bcfea8 100644 > --- a/coders/thumbnail.c > +++ b/coders/thumbnail.c > @@ -199,7 +199,8 @@ static MagickBooleanType WriteTHUMBNAILImage(const ImageInfo *image_info, > @@ -172,7 +170,10 @@ index 59d97380d9e..e92dd312011 100644 > } > - if ((q+length) > (GetStringInfoDatum(profile)+GetStringInfoLength(profile))) > + if ((q > (GetStringInfoDatum(profile)+GetStringInfoLength(profile))) || > -+ (length > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)-q))) > ++ (length > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)-q))) > ThrowWriterException(CoderError,"ImageDoesNotHaveAThumbnail"); > thumbnail_image=BlobToImage(image_info,q,length,exception); > if (thumbnail_image == (Image *) NULL) > +-- > +2.25.1 > + > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#118534): https://lists.openembedded.org/g/openembedded-devel/message/118534 > Mute This Topic: https://lists.openembedded.org/mt/114147644/3617156 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [martin.jansa@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta-oe/recipes-support/imagemagick/files/fix-cipher-leak.patch b/meta-oe/recipes-support/imagemagick/files/fix-cipher-leak.patch index a8985757f2..28fbd9e9ea 100644 --- a/meta-oe/recipes-support/imagemagick/files/fix-cipher-leak.patch +++ b/meta-oe/recipes-support/imagemagick/files/fix-cipher-leak.patch @@ -9,7 +9,7 @@ Subject: [PATCH] possible divide by zero + clear buffers MagickCore/memory.c | 22 ++++++++++++++++------ MagickCore/signature.c | 2 +- coders/thumbnail.c | 3 ++- - 5 files changed, 41 insertions(+), 25 deletions(-) + 5 files changed, 33 insertions(+), 22 deletions(-) CVE: CVE-2021-20311 CVE: CVE-2021-20312 @@ -19,35 +19,34 @@ Upstream-Status: Backport[https://github.com/ImageMagick/ImageMagick/commit/70aa Comment: Refreshed patch based on the codebase Signed-off-by: Sana Kazi Sana.Kazi@kpit.com + diff --git a/MagickCore/cipher.c b/MagickCore/cipher.c -index 057b11c4720..91ad1d1d662 100644 +index 908266457..4548f0d60 100644 --- a/MagickCore/cipher.c +++ b/MagickCore/cipher.c -@@ -484,8 +484,8 @@ static void EncipherAESBlock(AESInfo *ae +@@ -482,8 +482,8 @@ static void EncipherAESBlock(AESInfo *aes_info,const unsigned char *plaintext, Reset registers. */ alpha=0; - (void) memset(key,0,sizeof(key)); - (void) memset(text,0,sizeof(text)); + (void) ResetMagickMemory(key,0,sizeof(key)); -+ (void) ResetMagickMemory(text,0,sizeof(text)); ++ (void) ResetMagickMemory(text,0,sizeof(text)); } - - + /* -@@ -708,8 +708,8 @@ MagickExport MagickBooleanType PasskeyDe +@@ -706,8 +706,8 @@ MagickExport MagickBooleanType PasskeyDecipherImage(Image *image, */ quantum_info=DestroyQuantumInfo(quantum_info); aes_info=DestroyAESInfo(aes_info); - (void) memset(input_block,0,sizeof(input_block)); - (void) memset(output_block,0,sizeof(output_block)); + (void) ResetMagickMemory(input_block,0,sizeof(input_block)); -+ (void) ResetMagickMemory(output_block,0,sizeof(output_block)); ++ (void) ResetMagickMemory(output_block,0,sizeof(output_block)); return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse); } - - -@@ -925,8 +925,8 @@ MagickExport MagickBooleanType PasskeyEn + +@@ -923,8 +923,8 @@ MagickExport MagickBooleanType PasskeyEncipherImage(Image *image, */ quantum_info=DestroyQuantumInfo(quantum_info); aes_info=DestroyAESInfo(aes_info); @@ -57,13 +56,12 @@ index 057b11c4720..91ad1d1d662 100644 + (void) ResetMagickMemory(output_block,0,sizeof(output_block)); return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse); } - - + diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c -index 2ffc72f88fa..e3b7df339f6 100644 +index ac9f7e91b..b78b84b47 100644 --- a/MagickCore/colorspace.c +++ b/MagickCore/colorspace.c -@@ -940,15 +940,15 @@ static MagickBooleanType sRGBTransformImage(Image *image, +@@ -850,15 +850,15 @@ static MagickBooleanType sRGBTransformImage(Image *image, if (logmap == (Quantum *) NULL) ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed", image->filename); @@ -83,7 +81,7 @@ index 2ffc72f88fa..e3b7df339f6 100644 image_view=AcquireAuthenticCacheView(image,exception); #if defined(MAGICKCORE_OPENMP_SUPPORT) #pragma omp parallel for schedule(static) shared(status) \ -@@ -2502,14 +2502,14 @@ static MagickBooleanType TransformsRGBImage(Image *image, +@@ -2394,14 +2394,14 @@ static MagickBooleanType TransformsRGBImage(Image *image, if (logmap == (Quantum *) NULL) ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed", image->filename); @@ -103,10 +101,10 @@ index 2ffc72f88fa..e3b7df339f6 100644 logmap[i]=QuantumRange; if (image->storage_class == PseudoClass) diff --git a/MagickCore/memory.c b/MagickCore/memory.c -index 2598044486a..01bc80d86c5 100644 +index 060b05e71..5db57acc7 100644 --- a/MagickCore/memory.c +++ b/MagickCore/memory.c -@@ -1269,26 +1269,36 @@ MagickExport MemoryInfo *RelinquishVirtualMemory(MemoryInfo *memory_info) +@@ -1230,26 +1230,36 @@ MagickExport MemoryInfo *RelinquishVirtualMemory(MemoryInfo *memory_info) % % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % @@ -144,13 +142,13 @@ index 2598044486a..01bc80d86c5 100644 assert(memory != (void *) NULL); - return(memset(memory,byte,size)); + while (n-- != 0) -+ *p++=(unsigned char) c; -+ return(memory); ++ *p++=(unsigned char) c; ++ return(memory); } - + /* diff --git a/MagickCore/signature.c b/MagickCore/signature.c -index 2d9b0801523..1f79c91b11b 100644 +index f0f0e42e0..f21feda27 100644 --- a/MagickCore/signature.c +++ b/MagickCore/signature.c @@ -736,7 +736,7 @@ RestoreMSCWarning @@ -160,10 +158,10 @@ index 2d9b0801523..1f79c91b11b 100644 - (void) memset(W,0,sizeof(W)); + (void) ResetMagickMemory(W,0,sizeof(W)); } - + /* diff --git a/coders/thumbnail.c b/coders/thumbnail.c -index 59d97380d9e..e92dd312011 100644 +index 1f7900aef..169bcfea8 100644 --- a/coders/thumbnail.c +++ b/coders/thumbnail.c @@ -199,7 +199,8 @@ static MagickBooleanType WriteTHUMBNAILImage(const ImageInfo *image_info, @@ -172,7 +170,10 @@ index 59d97380d9e..e92dd312011 100644 } - if ((q+length) > (GetStringInfoDatum(profile)+GetStringInfoLength(profile))) + if ((q > (GetStringInfoDatum(profile)+GetStringInfoLength(profile))) || -+ (length > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)-q))) ++ (length > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)-q))) ThrowWriterException(CoderError,"ImageDoesNotHaveAThumbnail"); thumbnail_image=BlobToImage(image_info,q,length,exception); if (thumbnail_image == (Image *) NULL) +-- +2.25.1 +
Refresh fix-cipher-leak.patch to fix patch-fuzz issue. Signed-off-by: Sana Kazi <sanakazi720@gmail.com> --- .../imagemagick/files/fix-cipher-leak.patch | 51 ++++++++++--------- 1 file changed, 26 insertions(+), 25 deletions(-)