From patchwork Thu Nov 20 08:49:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Divyanshu Rathore X-Patchwork-Id: 75093 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AEA3BCF8874 for ; Thu, 20 Nov 2025 15:26:36 +0000 (UTC) Received: from PNYPR01CU001.outbound.protection.outlook.com (PNYPR01CU001.outbound.protection.outlook.com [52.101.225.33]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.30430.1763629577623277728 for ; Thu, 20 Nov 2025 01:06:18 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@bmwtechworks.in header.s=selector1 header.b=oVA4cewb; spf=pass (domain: bmwtechworks.in, ip: 52.101.225.33, mailfrom: divyanshu.rathore@bmwtechworks.in) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qQyq0iCHj58SF1Ya/Tl5ny0V03ubINtHZxCnMfZV/Zb1MhVSGJRqPB2ADw/yr67D2NZpynqtpXBNHSpxfoxVblguqjgCUrsApSgztDRdG7bxBmAMtQpfbEWnd9gxEga/KD1pqysk437673oV6+qpnXPeMSchzNba6Hih6D/0M7m4tqibZkFTK1RYblVXuA4/tAGLhqZ/hY5KxJNOzLONK3CrIab6eNVfXGdmadqKvSqQBjp0FAKg4UPpPkjzqo1T8BO7xDWRJAUZ9MyZCIK+nheRvfFlyciuzJ6bweO9xFhwrtwRacZYGS3tQ4yfEhERnjPqMEmUUhbKRKxt1D8GvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CUA4pkL+ZHcgUuB6UtQ1gPXVGY6Yea0AWs6C+S/uqJ4=; b=PX0XP5tDd8z1zxM0wD3ygoLFaQoX0H5TMmRtI0mh5v4AnW3hBLCGkS7dxhpCDhFhQ2OWSfYTimcfThmaDcwS3QYSIAkMSpVQ0t4C+zBsHHSZlHjk9vm5RiahaBVzXIi0ULgrHwFPKdnKWAw6yPAxpxmXoe6oUqpzk2pJ8/XMle7dlWdU7G+Xwl88HFf5nNapm+o6KlqVGyy2S/P60buAqaOFLEMNiHbLqgrSpw2WzcfRYBbktsvx7YAQo3aaGlWQ7l3oeGovkn5nkBge9XZZ975VEYdCCDMGwwBFnhrLFmiEG74hREvYiu4cX53uXcGv8jxtWY9VWZsbPjVW8ObxeQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bmwtechworks.in; dmarc=pass action=none header.from=bmwtechworks.in; dkim=pass header.d=bmwtechworks.in; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bmwtechworks.in; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CUA4pkL+ZHcgUuB6UtQ1gPXVGY6Yea0AWs6C+S/uqJ4=; b=oVA4cewbFY86G01/qY9w1pRrc4ePx1FTKJ/hCeH04o49kf0A3UCZSFXvRJ/sAoTWVzIDZ3uyhwCFRhibKKXv/0bhSGjQSdF4r2in5H+xNGoDl8CFHC4AXFWJyz6nUiQp8oNIAe63pkKNphSG7i7+95h3665ZvGNczck+LbL3UqBXCXD4E3pNA9bq8cL0QCXIc0alv9L0f1hRkeUBfYex3AI/rW3Ju9TyZdnpHUtMrZGtVS1zgcmVar2RTkbyngW9ZhWMwSlwp1Fy84k5v7nZSG8TJIMBVoxWwKCu3/P+tD3AYaAaQAo7XGqjMq4U6SpN+p/ejqkGE+PrFhoQPEvlJg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=bmwtechworks.in; Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM (2603:1096:a01:143::11) by MA0P287MB1011.INDP287.PROD.OUTLOOK.COM (2603:1096:a01:e3::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9343.10; Thu, 20 Nov 2025 08:50:07 +0000 Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM ([fe80::9a89:c69c:9878:e483]) by MA0P287MB3378.INDP287.PROD.OUTLOOK.COM ([fe80::9a89:c69c:9878:e483%6]) with mapi id 15.20.9343.009; Thu, 20 Nov 2025 08:50:07 +0000 From: Divyanshu Rathore To: openembedded-devel@lists.openembedded.org CC: Sana.Kazi@bmwtechworks.in, Divyanshu Rathore Subject: [meta-oe][kirkstone][PATCH 01/12] ImageMagick: Fix CVE-2025-53014 Date: Thu, 20 Nov 2025 14:19:48 +0530 Message-ID: <20251120084959.51761-1-Divyanshu.Rathore@bmwtechworks.in> X-Mailer: git-send-email 2.34.1 X-ClientProxiedBy: MA5P287CA0130.INDP287.PROD.OUTLOOK.COM (2603:1096:a01:1d2::12) To MA0P287MB3378.INDP287.PROD.OUTLOOK.COM (2603:1096:a01:143::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MA0P287MB3378:EE_|MA0P287MB1011:EE_ X-MS-Office365-Filtering-Correlation-Id: cd0f311b-08a5-4653-bd01-08de2811ce36 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|10070799003|52116014|376014|366016|1800799024; X-Microsoft-Antispam-Message-Info: JhP/Yu7Ftqcp5OdpldeX2iNE7pNodr1H419+Qx/KZgU6jk2DKzFNx6BwnZqBv0oEVlZICWJo4fd4MBPjUBzOUhdfFGkEZUxSPDVxMeCHrjrWwcYZP1+XB9B7eQrg7ooamehiLoPt3wnsma1NTklufiJeflEZ1xqWGes3IM1iRO3H+4+frxRX+7+gBq2AeWjYI8AnfM/cljn6Py34P8hU1dOIbIvv1z5ygMP/fMfG0v7hGJErU1LLTUgKh/IfU87D5ZszVuyBFpRpVtS0pPkMt/Wp0dihWpIpttp++GW1/wgTOqgHhzfmf3homiXlit8xK49XBdkzkpyUHoJtGXwDWQ0gk9tys6Y2X0j41LKNMuNQYT/HjWng9+jfMXZ4iuV3Fmz7yMEtYjl1dBAIN7C/Tdftft/Y2IlSjIbWSx6npkxKNAukNSHaxeiyKL/lEwFizTh3rWn/lYzws+pbNKhsq0S6nJsBpusmbo3hz6cWupflXsK4Ih1LwweEIAjvBhBLhnk+km1RBwJszHygyWftXqNVBhtl3RfeaTOFGvLO27TZfkoR/uxW//7EUKXfGN5F9Vix2DhakVbcvU5e2Hgs2hKzLm1+PIZkUIqNX3zqdSHmo/NfiemLmwLAf9rtpBuU8H/BjgWvnnrNSNd60ppU8XvmrwDS9XJZW4NdPO7dVakdtWAqMC8YguRy4TZUFglUq9m530WtSGjnJJlyGu3nFfUxlbsE41sIX9PvwlUWB4XBKUdeGATH7nS+GerJtOb/+9iU/L1dhK2HGWD5bu6FHx/mqPZXvGUhftob25ArG0pc4V4bTgI6fuUpLS6UuYecpIvJT6UBMG4R14fWUsXmbcpzTmC+0KJQRaNZb4q731TvN3x/U1AYb5ySUYBxSubSO+3KlCVdP6cDxgacqknXZe27lVD4kthVuA6dJeciJpmzvJECjD6F8rf4619xnh7OhCy1iQ1zsOSHlhq2+1J0gKVFzJiZDNVrLkUiTEhiFFPUPcN7Vo9YF5+Qqv8Ev8oG9XyMfuqL+XJhdyo0Fv8O6P+SlwqEnK3QsPGL2TaQSyf9iMwCnze5YfiqoiCeqRDcs0G0LN7lWxY2K5LLGl2+IBV7lnU3nfaWIMfQ3EhUGNswmg01cPwd6eZMuzAcZwDZVsymMiy0pbrmYze3aF0AmMm0Z78Zpu+8nnXBuNBhVMTEzEGTAAZHACRgpxlCFVXpYs9/rSUMnw6uFruJCPsLd9A3Lzja62ARZuWSPeGYcWoN3Pkq5iJdTdwRMVmR07LsIvrR/4l4T0rD3DouHwNSYNdmdJHFGqyIrIeg0A2WNNTmlxO6JSicnVe2t25XSUx6gx9JuO0FXK/SMoa8R6C5QevlD0OXdF4BbmxyXbNKEluTHzzgHfGOJFg/lNCD2pTpN6ff37THaj6emgvKemF29QjUud/ZjiKCeH4kfeXLl2MWjW77VLEWvlDD0QQoHdcG X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MA0P287MB3378.INDP287.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(52116014)(376014)(366016)(1800799024);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: bRrwQxrbvtXl2Lg12KLPqEIMbFoShgUl4eo/rH0UMaDpderPlMwYgGnThVNHftMLq/dIxbT7VjZEvVqhi2GHoB/5D+elIamUz9lLz7bn94W2EvWIxPpKFF/TXQGOIbULyfE3b57v3hWHuYAqflGlLaCLOngGoZv0YsUdH7KSBLewJ78BdSmwmU8MYzIF0+W0ckhMiDu7Y6GfXgNC2EPF9L/5FZn1IOl61YHF3O3kthgAL3CD5xQiNth0rAze4itogYwuAOtctUw5bToCWQ6NiiFYtCURWgTJI2uAzW+5Klu4pGCSubYDM8Dt+gEhSonZJxg6Gd8f6USPHsos47AorM/wE+vPvQy3OJQSY9Sz9sAWF01NeU1ixzN/1h6n9Ok8nx9QJEPygkxLsqnTt22UFAX2L69leB0gSFpeyLmjeCANzeXERdHq/nSk1E9Pq4okFjfEPOAlxc1MFdOK8Qez8R3lakbrpJLvCit4qUHELubEYUTuZ2Fc71brCRHZ2sZBmps/qyyIzVBAI3xTLJg0zjDfIeacuqOIPLJf9hblukPTjihrZJVdjNpe8uO90bpuKQ4LWkA/Xb1r+r3zqwyzu5MM24+Hn48189lnQF4TKaZp0nM1FqhBoeEMD5uKm/wr5hMUyhw7QTfr8refih4itGonGg0vuBtotdqa/GUskqRDIZUhj53B9+sFTT/ncIm28NxEXjJ7+S3szxV3OabjYFip+8Qdch5Ew3wVp/Ty2zAesUJx4DiUVSPuosnwBb0LY2Rr4JA3fmE59afpryt2q5J2U0Gj2AfmsHhSIN/ZNNs/rX/Ex6y9dTNmN7dXNUEQjnFMixRNE4XXjGVzmoiSxseAVnQnVQrPyoWhXkGm8VsKQlcgCg6CF2xChAwgWUhwNOYQ97q0/7nbAZuGxVTJwlIRzdkWoC/abIMtizA0eiltlzTjLA+xrcmy4otlzdD42nwWrExaHqmuq65Odjfb+Dhi/4iplROELvmpUASW2QyEUb2MC7AVjxEe1xpaQwMIKrjYDPv0RA0izivVr6js6nBP5uMRot5xZqAbEVs0EiLRYUbgLl2M+C06R/bQjGbF1LTF51pZIFpGW5bDkHH+xGfLIfQuErpZB9CIK8lXl/Fmdt2uQeZuE4p7FjsqGdbx0spY7wjmwjJ+/UP+3aE/8MNUFu07sk+42Hy6fyQIZDJVtJ4ARfyfHRiHOc5JSD3dI0p2xJPVJMM8p84Ks8GYHnZ0RuDrDuFMbS+gVbpFEpL22rZN6odcJwgJZiUlbUUmBFC98AfurxxFsd7Pr2KutZBesk6tEpwLUhHYk1jpAoiU200nS47qoZ3IRFvXGEFYyn9X9wnGD14GL8bks4MDrvq14RzslrbbH8kDjTJF4bmpfRjSlJK4jpa91jLOv3vYSvcyikGpSND22FobXl8/jqKLCLVcsMQl7nj6HHLXfqN+eB3AMGpxhB9fQHXIqpX7fR34B6/MlUFG/NPtX9BjPrfx1u57MQ78zPXuhKc3MIysoAMNiLy7M7NkgmbBaK0E0Xmou22Y0DBDlpu6GBTjORKvFnPoOcP9lVAwJ6dK2v1HRxo+PgZxdh2D0XykovyWN/fh6DtK35/FhlzAX3m13I5bHlmX7HhasIJaSNKC0tQamqR4T7+NA9SlOeIewBeJVimovypZuL87DV2EvoAhSKEp04cxVkN7esoQ32yKg9Y= X-OriginatorOrg: bmwtechworks.in X-MS-Exchange-CrossTenant-Network-Message-Id: cd0f311b-08a5-4653-bd01-08de2811ce36 X-MS-Exchange-CrossTenant-AuthSource: MA0P287MB3378.INDP287.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Nov 2025 08:50:07.3619 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 970fa6fd-1031-4cc6-8c56-488f3c61cd05 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: xbZ+rS5lCEBTYEpgTtTR0j2hdfpPo0OBQtnNa5/S+yF+bHIHBAiNttwyC4LFCiu0/T0tKkq0x+3u//EonByZbnrHEa1mtcd/wS9oElnw/WAwh1T1RepfzlAzXmJjtagO X-MS-Exchange-Transport-CrossTenantHeadersStamped: MA0P287MB1011 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 20 Nov 2025 15:26:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121948 From: Divyanshu Rathore Backport the fix for CVE-2025-53014 Add below patch to fix CVE-2025-53014 0001-ImageMagick-Fix-CVE-2025-53014.patch Signed-off-by: Divyanshu Rathore --- .../0001-ImageMagick-Fix-CVE-2025-53014.patch | 32 +++++++++++++++++++ .../imagemagick/imagemagick_7.0.10.bb | 1 + 2 files changed, 33 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/files/0001-ImageMagick-Fix-CVE-2025-53014.patch diff --git a/meta-oe/recipes-support/imagemagick/files/0001-ImageMagick-Fix-CVE-2025-53014.patch b/meta-oe/recipes-support/imagemagick/files/0001-ImageMagick-Fix-CVE-2025-53014.patch new file mode 100644 index 0000000000..1dcfa9d54e --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/files/0001-ImageMagick-Fix-CVE-2025-53014.patch @@ -0,0 +1,32 @@ +From 862fc23489af0d1ade9e1b431d057ec82763dc63 Mon Sep 17 00:00:00 2001 +From: Divyanshu Rathore +Date: Mon, 29 Sep 2025 13:56:59 +0530 +Subject: [PATCH 1/6] ImageMagick: Fix CVE-2025-53014 + +Correct out of bounds read of a single byte. +CVE: CVE-2025-53014 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03.patch] + +Comment: Refreshed hunk to match latest kirkstone + +Signed-off-by: Divyanshu Rathore +--- + MagickCore/image.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/MagickCore/image.c b/MagickCore/image.c +index 34804e522..fe2a1cb5f 100644 +--- a/MagickCore/image.c ++++ b/MagickCore/image.c +@@ -1661,7 +1661,7 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info, + q=(char *) p+1; + if (*q == '%') + { +- p=q+1; ++ p++; + continue; + } + field_width=0; +-- +2.34.1 + diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb index ce5489bb3e..e0d584f165 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb @@ -23,6 +23,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2023-1289.patch \ file://CVE-2023-34474.patch \ file://CVE-2023-5341.patch \ + file://0001-ImageMagick-Fix-CVE-2025-53014.patch \ " SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"