From patchwork Thu Jan 8 10:53:03 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 78260 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5051DD185C8 for ; Thu, 8 Jan 2026 10:53:31 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.3994.1767869608734036160 for ; Thu, 08 Jan 2026 02:53:29 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=akPkwWMd; spf=pass (domain: gmail.com, ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-4779cb0a33fso32791015e9.0 for ; Thu, 08 Jan 2026 02:53:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767869607; x=1768474407; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=RwdlO5A+pt/aNd7E6rAamNFNADjpc/ZY00NwjZBez2E=; b=akPkwWMdvcR5H1WGqBneKFQ81/QKuD5LGS33zRxuEkpRCKDsWKz7S1JJmzvNddbRN7 d1Cq3pMQp67YeIlCd/lgHEJBmUHFN3he1nzKKfWlPnyx+Cwy1BB4GERLrcp+0hADIf7x 3FFoFYgcLNdknEW8+jncEKPMy7fqNlD7grrqVXvFztTXGIK72KdqUPr6taxxHVY7xi04 69DDwAB23QlY3FFWQY6V79gOq/5nOUQ5DnJrfvYF9Opsy+xbjnvLriov7hoQMllDv9ut 3enY+Z/5pn+e4MAd+dN0tLzcG2PI/IicpQX4EmIjFYsuObo9PjxMtllw/wkIypbtgtR+ FLjA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767869607; x=1768474407; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RwdlO5A+pt/aNd7E6rAamNFNADjpc/ZY00NwjZBez2E=; b=fYmWUydlj8Ps1zqdVaXyDBaAUKU3k7VGKrTTfgQ0LnqbxAQLBBGn//bUr557Ppbszi V+J1dmHkMLxlOsi8/M6dKbhhFRRVwdyR6FeWh9o0IUc242WF5WSt0VbIi8jpNdPCrqcf dLuUwMXl/IAMSz61UN6l697neGZneg0dtluQyQgXqQ3alfGJm6x0tYWoMAGsPGu3DoGa OAgk+gkGRgc3VX2VeL8OiVGcHZs5+BokY0YQiHJRp4thsBzIUOwS2SZPRARIwIQJKhwq y76tS9b/nuoRcRojK8TkAD4+p/iAeL7+oyG68YI/yhwp0atgzCtmHm2JRUEEQKaR6UfX gtRQ== X-Gm-Message-State: AOJu0YyXVHaVjFm17FO0GtFSQTQkqTwytsBkyF+/IObaaSmXGTUzhPyA /w9nwAVYtPTbTJRzMcsC4BitsydS7tPNJBmWCQc8UBB+B9/kcBZEzYI5ejAvcA== X-Gm-Gg: AY/fxX7DcGVADwIRugCfeCtZxxw8u3WRK2b2BxYi+jkfXttI+ruhwkF+/W+bhnbbjxy 1USmvylURmAdlCDZH1J5qCttHFoEMI2Tk9OY9M1C1Q0NZlv5zQb7aD3DbMdyEhvB7mUAGjZbJn7 3Ex+EGN5SFMSxOsM+ZsiEmKM27UJSFdObSXw2TMV9Ho2NTGtMS/EiOTX70NcfEAOI/dGhGgjYz4 SIpe3Xh/3p70Iq61jFGwaIp3+X/zWKUfexEyjz87JpKud+zAkzEN43I/dr09wP4j8WIDNsXUp0S 7O9muaJvmjuUi/WMe0b11oWM3hFN+lJAHx+Z820kMCWVD0dqY4jG78oh/MNl7TS5y7FXsMPVeb6 ZncUYHO14Aqa0VvLW3zqaslVxPBEpdECnzrrAJj9mhvkK7ihRH7rN2P4HTw83RYaFsqQf0pZsUf DXURSAaOGyxkhXQU8tRds= X-Google-Smtp-Source: AGHT+IGtXTIHHPO5cyHPc0PpRzEFsa7U/422SCSYoX3Ef0T2WAf8xfPQmhgWIAPB8LTaxftT3AKwmA== X-Received: by 2002:a05:600c:470c:b0:477:557b:691d with SMTP id 5b1f17b1804b1-47d84b39d1cmr62817405e9.25.1767869606822; Thu, 08 Jan 2026 02:53:26 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47d7f68f69dsm148656615e9.1.2026.01.08.02.53.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Jan 2026 02:53:19 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 01/15] imagemagick: upgrade 7.1.1-26 -> 7.1.1-47 Date: Thu, 8 Jan 2026 11:53:03 +0100 Message-ID: <20260108105317.460246-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 08 Jan 2026 10:53:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123255 Contains fixes for CVE-2024-41817, CVE-2025-43965 and CVE-2025-46393 Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index 752fef303b..a8029426da 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -10,9 +10,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2f9de66264141265b203cde9902819ea \ DEPENDS = "lcms bzip2 jpeg libpng tiff zlib fftw freetype libtool" BASE_PV := "${PV}" -PV .= "-26" +PV .= "-47" SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https" -SRCREV = "570a9a048bb0e3a5c221ca87be9408ae35f711e2" +SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" S = "${WORKDIR}/git" From patchwork Thu Jan 8 10:53:04 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 78261 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 340DAD185CB for ; Thu, 8 Jan 2026 10:53:41 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.3997.1767869615672413675 for ; Thu, 08 Jan 2026 02:53:35 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=YVz+8fBz; spf=pass (domain: gmail.com, ip: 209.85.128.42, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-47796a837c7so22583145e9.0 for ; Thu, 08 Jan 2026 02:53:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767869614; x=1768474414; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=7xip1kEeWciGe5mcJKLrn2Rz/alQldRjYaMMqO8Sc2o=; b=YVz+8fBz/wINYxF0TtF8gT+71Rw64AlJDa+4KgSLBjsf68KIWHpc1Hd6KufqhZJtyp FdBaf8F9RhkwoTg5CKW570oY5ctgd4MumMKBZvgkLXyn+sh2RH61DydrdymV0p1MVRWj yRPqd1j2cGx8eX13871HsSHwAjDqnCPc/vYWED3+J0lVmv4eGCD3Ag+Ap2w/eR3Xsy04 qPtw0oxbID5vtIh3OqH4Cy/XnEnyXCXs4rQkAWIC7pWSGeGIxYaOeprkDiypqsHG43Mu i8VFMF2m9BZyKCNwbk0plwl1Wwz0BxvMNyINeMwknC7Yxfk1EeA1n/Gr763zdMtNskce ZZ6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767869614; x=1768474414; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=7xip1kEeWciGe5mcJKLrn2Rz/alQldRjYaMMqO8Sc2o=; b=Em3lUWE6feJMMi8Dc9GVL+9rS9mmiW1fum4mv5uPOq06oB0JL3P6CUY1ooXGb00bmg 499KLb762u2OlxXavVUGpE8uimwstx930NEZUJX390zy2JsRYTplZ0vOaDtM/Sha7L5f Ak/CKOTZhRDD5oRjFHIl+qXwfsfg45XLx7Aed0P2LI2VktVFovCo49GSc1GsqidzdThU 7BR+8//RLrr3kFM8nqSUv/Az+C2HHsbV81xMDvMoWFXxw658VpoCnivoB56kpQWsGmIE 3Md++hHarbeLFNEPt9PXg/xldTs4OnM6Fv8BiCgFHGs5V+vIJAbNVanJyYaoshmN02Pz MVgw== X-Gm-Message-State: AOJu0YwCsfkkCrpuIbK2O9h3053bK3DAWMoFZPVqvFGC/gLpyCQnh7qP X6BF5OdrrnatlNW546CDolto+5qliECIUos04uEK2Q/A2qFKp8uq72vsQFLYBA== X-Gm-Gg: AY/fxX4oZGBEENqMZ7bDUgFQxFSgL8IsMLiatRHPSLMoiH4e0ALv01VcVJnm4opM7dB XuX8oqxtuons0O4zhm2SQa/Prmdw6VNcCusHa2d69soR0DqVfz21IpxgFZBE0iqZVQ/nHN8c3yY uovYDbJfkJxpy+59dCNKU9n2Yc/09WnoIYcVEALAaZ2Bk4KP0SUJ7FDFiyB3g6Jrvq/eLWDKEHJ GJUw/ATzCk4Q72sUtYYm+kjruevnFvuLuRq1k9ycz0G0vsoORNJ0LNua9XaES9XhRCXPxNruWcL nt+240Y5FQcoZ4dopr3KwjMxx+fLNe7s29t3uF5sjJa/+osvNgKKB2Pm8YvMhrJjR0zdOrEKUeA NV8Uf64fCg8u1JLkyoucyL3YfFdM/wR/o2O4T61S57oOO5eFXjidt3DcQ2I8a7UVd+g1oQtUc52 Sa1z9rHgoM X-Google-Smtp-Source: AGHT+IHZK0SA9dzjXnR54SkbVERl/Pw3urGPPMzdz+wvecovI8s/DbRUcot9KaYNmv+znHLU95FgtA== X-Received: by 2002:a05:600c:8217:b0:477:55ce:f3c3 with SMTP id 5b1f17b1804b1-47d84b26cfdmr67194795e9.5.1767869613971; Thu, 08 Jan 2026 02:53:33 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47d7f68f69dsm148656615e9.1.2026.01.08.02.53.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Jan 2026 02:53:28 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 02/15] imagemagick: mark CVE-2023-5341 as patched Date: Thu, 8 Jan 2026 11:53:04 +0100 Message-ID: <20260108105317.460246-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260108105317.460246-1-skandigraun@gmail.com> References: <20260108105317.460246-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 08 Jan 2026 10:53:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123256 Details: https://nvd.nist.gov/vuln/detail/CVE-2023-5341 The fix[1] mentioned in the NVD report has been part of the recipe since 7.1.1-19. [1]: https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1 Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index a8029426da..f947b8e9c6 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -180,3 +180,4 @@ CVE_STATUS[CVE-2017-5506] = "cpe-incorrect: The current version (7.1.1) is not a CVE_STATUS[CVE-2017-5509] = "cpe-incorrect: The current version (7.1.1) is not affected by the CVE which affects versions at least earlier than 7.0.4-4" CVE_STATUS[CVE-2017-5510] = "cpe-incorrect: The current version (7.1.1) is not affected by the CVE which affects versions at least earlier than 7.0.4-4" CVE_STATUS[CVE-2017-5511] = "cpe-incorrect: The current version (7.1.1) is not affected by the CVE which affects versions at least earlier than 7.0.4-3" +CVE_STATUS[CVE-2023-5341] = "fixed-version: Fix is included since 7.1.1-19" From patchwork Thu Jan 8 10:53:05 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 78262 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 340A5D185CA for ; Thu, 8 Jan 2026 10:53:41 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.4000.1767869620303668282 for ; Thu, 08 Jan 2026 02:53:40 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=lk7Ivjiy; spf=pass (domain: gmail.com, ip: 209.85.128.49, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-47d3ffa6720so31103275e9.0 for ; Thu, 08 Jan 2026 02:53:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767869619; x=1768474419; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CCnOXqx78Uq8IAjzFBZYu0m9/DRjl2CMBXpEz/hSNRY=; b=lk7Ivjiy05EX2PHBIBT+wnivyS10SKs9dLbcwkmFDITOA7Vbq8RYKiAsfL4h71J7oa VyYEHdJOPpGCHeK8uC/yb7siK9rioeusK/BU3qpPbLVo542yz6fzseWCHJrg6eNPpotu fcCyI9l4i0QoytpF9uoUqFkJcfq9FEStNvlNOmubAZumLYkWwLM9JE3p9cCLL+o5THMQ wPZSW5VIjb71d1KMWOzIuCU8dt7YQGT2oPnwTLpiHazwwzhndrKYAdN272s/27SJiK23 5wpxDiQQN6U7qQRy0OTGUIsMCQcb39RXoMJcdBDVY/trmGDaCOnWXpf2tb8xPa1yCmfM TC4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767869619; x=1768474419; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=CCnOXqx78Uq8IAjzFBZYu0m9/DRjl2CMBXpEz/hSNRY=; b=Z6K433A5sHaUGcrXnVkPeSJN0D6cnHYE9CvMEq8WkEpl35EIk0tSJou1Mtx9f5G/qZ bAifwWxJ3liiG8ksTK8vBqF4rRXgB5TehMsW7dzB2KISnTRMoiUyd5ugQcK1Tu8f2ShD MlL+2AbW3SYo1WJpcJHyl3wuC5rI295H2uskNaHXrn0e70a9tKt03rX/BqvwYIVAI3Bg BMG4WWS25ueQXVfAFpkOaZglvXQKUQoa2BsP6R+uB06VGCd8qg4KeX0deJ+HNnQMrgaQ qx8+VqAmqGviWwpyTxgpBQMY/bM2I0nkayWu6wy9hHVgOeK7tZwqXqVWX68ZSLEznLvP EDyg== X-Gm-Message-State: AOJu0YzQyyZQ0rOD9ZAAc0iBMz4VHuAbIfRj5Cd+lxqJ149M+hrG7FqM aCw4SNwD07aVH9mLrUdx3xGGzSN0+SO77Rke9kpxb6cV+pnGY5tld1bDbw8Kdw== X-Gm-Gg: AY/fxX51LdKNcOlzrGd3lFDAqG5jP0TbSHMuaelh9NVfkrBrsR46uTmC6phhZQAhcN0 FLJ7oArKKAhTzpuBfJD/qrx4wGv6/hjU5HlAyvmjcLUDCU9HmWPCLioXagX3QixEfxKAX0yyV4d pipghTJx4wkVj6ewePKRkS8cizfMnkPdaOXShsqfOk2K4oP0N0TVZz8nToavKF29UvaMtEGrEXb Oc57r+AqyjVBGZYFsS8QN6nm1xv3Z5k1ohl/jT+F5Gn6u+/FtxuVWoKhDBwl0J5tkmQaLsuqh31 4HTBeq0A0kY3JWjPGd261TcHdclLSkf34eMsfwn+T4VjeuA8TxikBFyIV6mkk9WxXWk2kK1DVzu /TmFlN7l/hvbO7PCTuOCNTZF18PKeUgoNb9tFHvfcbs43sGfCKAM1hagWCXg4KtCxPmwf8m9osJ daDb4yOE3wKZAGHyZXMxU= X-Google-Smtp-Source: AGHT+IHHnk94Lxd1L7dhpw7QZBHOaxvyj2iPCMLdtmZ4ORpkVkODOM4DXF94kGjNgrGUlG9LH1h10g== X-Received: by 2002:a05:600c:4ed4:b0:471:14f5:126f with SMTP id 5b1f17b1804b1-47d84b41181mr75394695e9.33.1767869618563; Thu, 08 Jan 2026 02:53:38 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47d7f68f69dsm148656615e9.1.2026.01.08.02.53.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Jan 2026 02:53:35 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 03/15] imagemagick: patch CVE-2025-53014 Date: Thu, 8 Jan 2026 11:53:05 +0100 Message-ID: <20260108105317.460246-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260108105317.460246-1-skandigraun@gmail.com> References: <20260108105317.460246-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 08 Jan 2026 10:53:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123257 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53014 Pick the commit that is mentioned as a solution at the bottom of the relevant Github advisory[1]. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2025-53014.patch | 25 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 4 ++- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53014.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53014.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53014.patch new file mode 100644 index 0000000000..b20d78e1bb --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53014.patch @@ -0,0 +1,25 @@ +From ebf0f36974e2c9b47d9bb5bf31d19a19c0ce4e8e Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Thu, 26 Jun 2025 23:01:07 +0200 +Subject: [PATCH] Correct out of bounds read of a single byte. + +CVE: CVE-2025-53014 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03] +Signed-off-by: Gyorgy Sarvari +--- + MagickCore/image.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/MagickCore/image.c b/MagickCore/image.c +index 261d75003..1b242f828 100644 +--- a/MagickCore/image.c ++++ b/MagickCore/image.c +@@ -1678,7 +1678,7 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info, + q=(char *) p+1; + if (*q == '%') + { +- p=q+1; ++ p++; + continue; + } + field_width=0; diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index f947b8e9c6..cc77468731 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -11,7 +11,9 @@ DEPENDS = "lcms bzip2 jpeg libpng tiff zlib fftw freetype libtool" BASE_PV := "${PV}" PV .= "-47" -SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https" +SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https \ + file://CVE-2025-53014.patch \ + " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" S = "${WORKDIR}/git" From patchwork Thu Jan 8 10:53:06 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 78264 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3343AD185CC for ; Thu, 8 Jan 2026 10:53:51 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.4002.1767869624601831968 for ; Thu, 08 Jan 2026 02:53:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=dF0/4Egb; spf=pass (domain: gmail.com, ip: 209.85.128.54, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-4779adb38d3so21186185e9.2 for ; Thu, 08 Jan 2026 02:53:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767869623; x=1768474423; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=linxga3dhkfwn+exszfhQnLEa3t1gc5dTEm/i4mJeuk=; b=dF0/4EgbiwDnL1UDetchQosHcTm+aDWUc4dMWz6F+fcHFL8LC+YrUG8hhowqhOhJag TXn804BLE9SVNzUjWyvLuOMxlQ5bTphUe5F1j4qTAqBcNunmjZqyq9ySo9A+c+s7LO3H 2P37mmShpIM0Xbu+VkiQtM+td8qI1lt3QLaJl6qyUpR6/gXyt2ye1f0H1kTTEl9s2vwh T7zSjGtDaacZnO70Mrm7jkqNJDaXpUTtI1CSPiIX5B0KWjPsUs5w5tiqtt4CtatKsikY DqPypLjp6jAEq7IRu/E8pqeyAbnj9J/FKKknLuSJ7G5Byb92WIgdMDBaJuGa06Y5qlhn sEFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767869623; x=1768474423; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=linxga3dhkfwn+exszfhQnLEa3t1gc5dTEm/i4mJeuk=; b=gxGQxsdAP6KK56dxo3Z9LMrKLe7U3UUPYL1EzAObSUo6CpMbOMdyf56l5FMvzTmUUF RDMYQEvpdh3vRSrw2+EdZrb5/5A6XXnY7Mi2ig+0W3xJWR5Z70NbTVt0mEH0auAgwv8B Ex5AZy+U1Fw5YfU7UxneXerxyQxhdk02vejf4eZskjjkU1Mh5AHaA28Fv2ScsKf4HtIZ 0Q4yCL3WG5b0SKWbxR9UNzheykhbcAJOezjlTMYO3EjQcaCm+7rJjfruuVn0rPd9FK3y IEzCXnKS43LFRnL3W3M5gOiY45ENsyOUu0DSl+KRwvoh+PsSxfUSW4zBFIHviJ8hkB9c Q+bg== X-Gm-Message-State: AOJu0Yy68tBk3SaDbXAZHn/FbbTZ+QzyPkoOWXRH5L1ObDDwn1FvW/AY fka6XUzCQCC07AeDwtFpZi31KJStTbtbxLBWYhkoJkbi0uCGJ5yb/SRVi4RU8g== X-Gm-Gg: AY/fxX6rqaOXR+qUX37q7cggzWE9v36YkIrPGCH0oSplbqBO680PCuLE0xrNnPWwEQF cpV7oKMkMdu+wkGTMGiOEyYZsBe/qS9e57hO7xxioRLXxVPm4y1qezABLajpQ0CdekSZeFvY4TO 4huc/f5e76SPI427r+f+sY9QDvcfa66xcF3GtNVTjSL4OlEcNLaVO7fkJgbsw5/wF0Hc63xr1Ig Qg8f4vOzjPc+vGK2I8a1WpofUBm82jz954ykhnBAvGWL9vkXaQx68y29Im/r3e8HE1sceHyHDIe zqEz3wzbXr5gQADz6LM9Il7XnCN3xNmwd44/n6TIM/kgxSqylnAE56sl31J6bHIx8RmHkMHEVou 1xNxnbN8BOAhH20fo1HaKN9LhWXe4oNFPWMJ0keD7xZOwinn3qYjD5+UNNGYvjGizQvOsxJVH7D pMAuKbd0wK X-Google-Smtp-Source: AGHT+IEtueJsz2j9uENf9BQFpBF+CH3keKbzfLT4/7O9oOTu4Mjj2k+fhes8uWJ6Jgm9BKF8h53OkA== X-Received: by 2002:a05:600c:83c7:b0:479:3a86:dc1c with SMTP id 5b1f17b1804b1-47d84b52e31mr64694495e9.36.1767869622706; Thu, 08 Jan 2026 02:53:42 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47d7f68f69dsm148656615e9.1.2026.01.08.02.53.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Jan 2026 02:53:39 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 04/15] imagemagick: patch CVE-2025-53015 Date: Thu, 8 Jan 2026 11:53:06 +0100 Message-ID: <20260108105317.460246-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260108105317.460246-1-skandigraun@gmail.com> References: <20260108105317.460246-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 08 Jan 2026 10:53:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123258 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53015 Backport the patches marked as a solution at the bottom of the relevant github advisory[1]. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2025-53015.patch | 51 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 52 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53015.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53015.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53015.patch new file mode 100644 index 0000000000..26ab56ebab --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53015.patch @@ -0,0 +1,51 @@ +From dee67b151cf3f25bde758d1fac9a42626715b3e5 Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Fri, 2 May 2025 18:33:17 +0200 +Subject: [PATCH] Added extra checks to make sure we don't get stuck in the + while loop. + +Added missing return. + +CVE: CVE-2025-53015 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/229fa96a988a21d78318bbca61245a6ed1ee33a0 and https://github.com/ImageMagick/ImageMagick/commit/38631605e6ab744548a561797472cf8648bcfe26] +Signed-off-by: Gyorgy Sarvari +--- + MagickCore/image-private.h | 1 + + MagickCore/profile.c | 12 ++++++++++++ + 2 files changed, 13 insertions(+) + +diff --git a/MagickCore/image-private.h b/MagickCore/image-private.h +index 4ce71c32c..11dca1072 100644 +--- a/MagickCore/image-private.h ++++ b/MagickCore/image-private.h +@@ -52,6 +52,7 @@ extern "C" { + #define MAGICK_SIZE_MAX (SIZE_MAX) + #define MAGICK_SSIZE_MAX (SSIZE_MAX) + #define MAGICK_SSIZE_MIN (-SSIZE_MAX-1) ++#define MAGICK_ULONG_MAX (ULONG_MAX) + #define MatteColor "#bdbdbd" /* gray */ + #define MatteColorRGBA ScaleShortToQuantum(0xbdbd),\ + ScaleShortToQuantum(0xbdbd),ScaleShortToQuantum(0xbdbd),OpaqueAlpha +diff --git a/MagickCore/profile.c b/MagickCore/profile.c +index 7eea1d32f..a68e54f14 100644 +--- a/MagickCore/profile.c ++++ b/MagickCore/profile.c +@@ -2571,6 +2571,18 @@ static void GetXmpNumeratorAndDenominator(double value, + *denominator=1; + if (value <= MagickEpsilon) + return; ++ if (value > (double) MAGICK_ULONG_MAX) ++ { ++ *numerator = MAGICK_ULONG_MAX; ++ *denominator = 1; ++ return; ++ } ++ if (floor(value) == value) ++ { ++ *numerator = (unsigned long) value; ++ *denominator = 1; ++ return; ++ } + *numerator=1; + df=1.0; + while(fabs(df - value) > MagickEpsilon) diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index cc77468731..47ab5ead4c 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -13,6 +13,7 @@ BASE_PV := "${PV}" PV .= "-47" SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https \ file://CVE-2025-53014.patch \ + file://CVE-2025-53015.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" From patchwork Thu Jan 8 10:53:07 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 78263 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3346ED185CD for ; Thu, 8 Jan 2026 10:53:51 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.4003.1767869629861134867 for ; Thu, 08 Jan 2026 02:53:50 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=OwhpcoBF; spf=pass (domain: gmail.com, ip: 209.85.128.43, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-4779a4fc95aso8934845e9.1 for ; Thu, 08 Jan 2026 02:53:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767869628; x=1768474428; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=x+E0VU0FoaSu6QuhePjxH8pbCZky4JCNUQW5TLL/WAw=; b=OwhpcoBF2KqiGFaw32/N7AVYMkMqgNIA1QPqDXiLJg7rOuSaPwsQzFdsmlvaRTSAlR DXjyyC6uHjNVe5ejvi6ScAsn06S/PzjS44GCzlIm9QJ1IoxV52zSP+X2i99dE3+Pc+IC micnIxA9iyqx65xFeMSo+qHqgc5jaFW/bYXyLYcnhIt/Mlkj2MAzm2rRFB6nAxTW9PnG IIuQce8NSKbFL50krhbzzQGQHxTzMs+OJmIHjQy8GW6uC7/Rdt/DYFJkpZZTLg5lT/V5 CHznLwbXGNNLHLLuFwO1xlWoaq56Ange9jJXrip83VLN3DToXgpKllyzhT1xFL6V+tZ2 LRBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767869628; x=1768474428; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=x+E0VU0FoaSu6QuhePjxH8pbCZky4JCNUQW5TLL/WAw=; b=wkYe2waVBhBUY3N0tFwkJ+cmXBAO/WeTdgnClNTMhDDDlbaulrRgDIZyyZDzBkEyqN hPa4kSEKgeVx/ALSQoMksgsDUWaemw69b/JlQmL/+XPAdA7PtcoQqvd+Ua5dcie1+L5C U3c9QTfMM/BXIAPDMhwTTQB+Kihh8ukSaA5h0ZZB1wo/d5hzlk2c50u2R+oMEydHDXF4 WlIfjoQwCLpkoe8GBshRdMs8ch9LZr0MmwnDoEMpa/sn2fwmlcEVosvvJt1sFuDcEi5n fzV++hTNw7hH0x8cIX4cMeLFUiSPLbWLboIkTgpa1/S1iGb6mGlR7emUX0gbTsWhEM+B JRgA== X-Gm-Message-State: AOJu0Yxhl0LhY6g3Yaz6qOouBBsPhqxpQPVgKs20x8ywnmMvR0qpdpaZ o1Ok4VjjHmxryTher68SV8Agp0OtKIdwlg++JWquSZfwI1CMR/7EBeoMgtRHlg== X-Gm-Gg: AY/fxX47Nb/LXAxGlM0k2ZHXIazLa6KqNjx9G3d4RkXT/VOmB/FegXuBsp3jnD1mRSb +OXdAQOn1TsCITujjDQ3wFkH6VP5cQZNV8Rwxz2G9wTZPyZfpcrVinpNAdm0Vg+Vh0jh6mB5u68 fTAWI4Cqu8jbArsqsi+Ah1TBd1XZHEzvGymMmWzHxN2lv2Y9AC+uX7TNy9QA83HRcfgxzFgilp2 vfvj28d5aj+yYlszbQTRcklVGC6pyFXHFqU+MryPzkQKRZ4yJ6JV8oc9RcNesUq1znOrZQACnS5 oKVDVQiLZviKfiWs2nDwXG7cww0god0volQ1X98ZlqO+Sn0kf8kC79KndWAr2pbkOqfszI9C+OD 1U4xQNEViiGdlCG9lJeMLdgjEgtMC9DeWnCepEVhdjguAO919Zo4iRBip0Puo4n7fhscOJx0iR4 0NWx3Me6XE X-Google-Smtp-Source: AGHT+IESJIbHUl8hOaldWn8WZvFpS4M2w8KYV2Xv5Uyd+qBLda+/y+a5cZbukbEaM/3kKKaxBllXdg== X-Received: by 2002:a05:600c:a30c:b0:479:13e9:3d64 with SMTP id 5b1f17b1804b1-47d848787eemr54849385e9.15.1767869628119; Thu, 08 Jan 2026 02:53:48 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47d7f68f69dsm148656615e9.1.2026.01.08.02.53.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Jan 2026 02:53:44 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 05/15] imagemagick: patch CVE-2025-53019 Date: Thu, 8 Jan 2026 11:53:07 +0100 Message-ID: <20260108105317.460246-5-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260108105317.460246-1-skandigraun@gmail.com> References: <20260108105317.460246-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 08 Jan 2026 10:53:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123259 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53019 Pick the commit that is marked as a fix at the bottom of the relevant github advisory[1]. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2025-53019.patch | 26 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 27 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53019.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53019.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53019.patch new file mode 100644 index 0000000000..63702955cb --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53019.patch @@ -0,0 +1,26 @@ +From 4e32e83e3f57d110b56641f12cc5ed7d007dce29 Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Fri, 27 Jun 2025 14:51:57 +0200 +Subject: [PATCH] Fixed memory leak when entering StreamImage multiple times. + +CVE: CVE-2025-53019 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c] +Signed-off-by: Gyorgy Sarvari +--- + MagickCore/stream.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/MagickCore/stream.c b/MagickCore/stream.c +index 786dabb52..22a0c9eee 100644 +--- a/MagickCore/stream.c ++++ b/MagickCore/stream.c +@@ -1321,7 +1321,8 @@ MagickExport Image *StreamImage(const ImageInfo *image_info, + image_info->filename); + read_info=CloneImageInfo(image_info); + stream_info->image_info=image_info; +- stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL); ++ if (stream_info->quantum_info == (QuantumInfo *) NULL) ++ stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL); + if (stream_info->quantum_info == (QuantumInfo *) NULL) + { + read_info=DestroyImageInfo(read_info); diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index 47ab5ead4c..cb4735e394 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -14,6 +14,7 @@ PV .= "-47" SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https \ file://CVE-2025-53014.patch \ file://CVE-2025-53015.patch \ + file://CVE-2025-53019.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" From patchwork Thu Jan 8 10:53:08 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 78265 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 338C3D185CE for ; Thu, 8 Jan 2026 10:54:01 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.4004.1767869633216173935 for ; Thu, 08 Jan 2026 02:53:53 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=XIw7p8kF; spf=pass (domain: gmail.com, ip: 209.85.128.52, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-47d6a1f08bbso12135845e9.2 for ; Thu, 08 Jan 2026 02:53:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767869632; x=1768474432; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=vJRTcWonr8fUqLFeIuBYlgJOS7IMDyhZBd8BdDgg5ag=; b=XIw7p8kFqIuW6n1QwPRHkYGZO2/HPWpJr00LcVWz2e1UkO+i83wk5GBBxXqJLu75zG jkf14E6lF/xxHFjZSoMx7+oQA1gkcMCX48NT1/3KWMu82r+CWDRGDxvpoHBK3Jg8DHGM 8LDhCf3w6ek7Sd/xXsQKshqXlIkbb8/wKVhvKIaaOAkloTKlGz2jLM0e2Dxq4STIpMmF uQgSFvCxEL2PTDq9JL/1tpQ/IE2ff449X2Ei00iSYt7OAvseg1CfBTEXlm5BzQMoMKyL UaShfanWluXwPhsmL9fuZt1pxWNmh2wUK5sw8MY2KpUpdrvZP/0j9z6KRBN6gnsDaFCe CZlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767869632; x=1768474432; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=vJRTcWonr8fUqLFeIuBYlgJOS7IMDyhZBd8BdDgg5ag=; b=tvqMXDi6HAtpbQ6cXyR/j/IDTtrF0IcxxvvF0GBWTdl4pyArFuSoHV9EB3G/cclQSw GP2d6FD0q86/bNqdDrxROg4tU+Vu8VsOXSQr93A55x9GEQftQE+8/7TrpU9Qq00tb71H 60Qwv5gATvz6gkte6xC8t1WyToAwfcYLBTJ8QaU7bGg1Y8ZriRUL/zhbxl8nqFk6IRs1 APQMuGEAVNbCgjnWS7Smug0xI1jh6xBVOeKIgCRS6DkgeCufMahHinJK1tdweoOhDmu/ kULNncj0ChJG2W9Eclv6OwmDVoQ+W8r0bgdcncs7kiC1XJpv99bmu9kY1iLRSgAHmoC0 gA8g== X-Gm-Message-State: AOJu0YyBQCTdOmQtXvPh7WOn6c3qiqGukn5qMMkeGnrS540dIlVZoOJU ltA37daPLPdQSCAXK1+xBLVn8e58XK6lZdzfSlGavnXIfm5auA3QKAdDAPPxWw== X-Gm-Gg: AY/fxX4lzec03xzXQz+aQiHbiauncH4eYZQvxBGWmbAjS2U+Vvtz0o/KDFtHor5HOje oGIw7RtPpiaw5IG1+kZzmJgwmQev4WpZKKKwm+g5JP+1cA0l3iQb9zz0wq6wz/YfDrkSlL1IW8f 5opVmUZW7puwUj5hXh067ys4EjgnSk2L9EmB7S5l6d/z34k+zwd384VNQOHjiH4Y1E53Qm9gkXU fCnMLLD3+vw+GTTiWyi+CZfdP6wHdEQT3Ta7K38Qjj0EPkna4iQNdn95zXNmcYO5UwGMe1pSQOX 69J4rQiohXG9YGJoBJPfqLjxop61TyeuZAmFVCk0p7f/ukIY+6yw6ISLkgkl8PN9XKLbGQ/6Oim tGn3y4QP68L2CRmTF8ObCNU+HGVqrt7OLmrvAaEL/sJb7RfQ2d5ypuNx87TXWsY1rlXzp/hpoQD FpA7uiK7Jh+NPDEHms11k= X-Google-Smtp-Source: AGHT+IGSDNeG8QxVg1EuPHh2E9jIpbQtccmQtK+CdJLHrKCLO5K60B5JhnymACDmQ2lNj1q9JeLNOA== X-Received: by 2002:a05:600c:3b28:b0:477:8a2a:123e with SMTP id 5b1f17b1804b1-47d84b41bbfmr68591965e9.33.1767869631531; Thu, 08 Jan 2026 02:53:51 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47d7f68f69dsm148656615e9.1.2026.01.08.02.53.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Jan 2026 02:53:48 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 06/15] imagemagick: patch CVE-2025-53101 Date: Thu, 8 Jan 2026 11:53:08 +0100 Message-ID: <20260108105317.460246-6-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260108105317.460246-1-skandigraun@gmail.com> References: <20260108105317.460246-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 08 Jan 2026 10:54:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123260 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53101 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2025-53101.patch | 54 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 55 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53101.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53101.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53101.patch new file mode 100644 index 0000000000..5688ad1372 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53101.patch @@ -0,0 +1,54 @@ +From 682d679b300cdcbb0990742c29cd4397fe43c65d Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Fri, 27 Jun 2025 20:02:12 -0400 +Subject: [PATCH] + https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9 + +CVE: CVE-2025-53101 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774] +Signed-off-by: Gyorgy Sarvari +--- + MagickCore/image.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/MagickCore/image.c b/MagickCore/image.c +index 1b242f828..ca89e9cc4 100644 +--- a/MagickCore/image.c ++++ b/MagickCore/image.c +@@ -1665,7 +1665,6 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info, + canonical; + + ssize_t +- field_width, + offset; + + canonical=MagickFalse; +@@ -1681,21 +1680,23 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info, + p++; + continue; + } +- field_width=0; +- if (*q == '0') +- field_width=(ssize_t) strtol(q,&q,10); + switch (*q) + { + case 'd': + case 'o': + case 'x': + { ++ ssize_t ++ count; ++ + q++; + c=(*q); + *q='\0'; +- (void) FormatLocaleString(filename+(p-format-offset),(size_t) ++ count=FormatLocaleString(filename+(p-format-offset),(size_t) + (MagickPathExtent-(p-format-offset)),p,value); +- offset+=(4-field_width); ++ if ((count <= 0) || (count > (MagickPathExtent-(p-format-offset)))) ++ return(0); ++ offset+=(ssize_t) ((q-p)-count); + *q=c; + (void) ConcatenateMagickString(filename,q,MagickPathExtent); + canonical=MagickTrue; diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index cb4735e394..e486d072be 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -15,6 +15,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-53014.patch \ file://CVE-2025-53015.patch \ file://CVE-2025-53019.patch \ + file://CVE-2025-53101.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" From patchwork Thu Jan 8 10:53:09 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 78266 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3388CD185CD for ; Thu, 8 Jan 2026 10:54:01 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.4005.1767869635328866818 for ; Thu, 08 Jan 2026 02:53:55 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Zbl7EtO6; spf=pass (domain: gmail.com, ip: 209.85.128.41, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-4779a4fc95aso8935375e9.1 for ; Thu, 08 Jan 2026 02:53:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767869634; x=1768474434; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=AQ06v4hGaKQd0vmxXkeIGq5ZXEB5CXBmlklFnBdxv8E=; b=Zbl7EtO6puFc/wAldOWUGBxII7ygBabMRZ5n/z0EsQisHO0IVqZldWTLnn76j4Q2ZZ lc6HhzwDHkXxGfY4z+LKWWQuJHNPFmYBA3CAzylWqkWuGuxKCJPIg7+6XhOlrcnFr0l6 TERterUXGYxH2oqsEtMH5kAfWRjb534F3qHInOozWBiBr4K+74jXNJORepuDtiMACHAF mhuAUW6TPuPzv9ACJijk4jzLdPRe5UP+pp+OgeQipKUTeRlBahpiyaMEZCEMTZxk+xAW WoWFRxpJyokBVGHX3T7hg9J5WCjXGkhIM55fqc+wfLJ/nJQHpXOI+sjYrOPRI9asyaY+ 6fOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767869634; x=1768474434; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=AQ06v4hGaKQd0vmxXkeIGq5ZXEB5CXBmlklFnBdxv8E=; b=hmkKzJNTOC342/fZXdxQq+jlBg8FFwk1AtJPE+2ye0S1YQLYyXfkGf+4hXScIn9tV1 MrjEbQ0heJXvGupVJV2FWoh87amgOeAy0gQJ1MJugP9Jnx8KeJPWZ0ukLeriMDyw8QbK N6Ics189p9Vl5akbKd2G6gcxe5nGN0X493y2x/jyYABS0DdJhguQYCGDQvB4Vx2hvSqR ctwMi+/1XO72mCzONUb1OwMcFfN58bsBdJ4ueoleG5rcIf/J8CQsMp0eDbLb5PDz837F 0uT8KvmltWQ2uLhnSQv8Dqstex5lafqNOhgLtY41CbhJ1Ky6cNjsFE9CrzzYxLejzevp gtKw== X-Gm-Message-State: AOJu0YyqASzrJBvGNTOEV3wCtZtuiG+hoIuUA3qseQV4X0nXg8TQzyjW mx0rRaZCMJuCiSuv7SxJpDAaviMpt+21H3h9CDttuCvIrl0hrCYmYrLGaNd86g== X-Gm-Gg: AY/fxX7SCJudaM0NIqWcsHwz0jVjrow2hm8GbZlZr8rMTALZtHujG0uWD3Nv/FOA0AI 3yix5QRjluwmJxr/xx0hnbZ8fRqMPjQEXYppTqmUrLl/mybFOm75CRxxgwWn+4f8vUxu3BPi5Zp yX+J/IU23ZFHyF8sDwgSLKal9sFnIuS0JrGYFgKRWn80q11YkN7iLBc04RFGHMWCoyndKaCf6CG 0JiNnHNLK/C3fmf5oZ2CRLbYHNHrJRvK8mm/VTczn7dHFI30VO602JEewlAbtReQKrrVHjWgmZf RNNVXqHZBuIncdIHCZLWBpboqpTKwwH10jgg3b1J9Y4KF72cW1euN25N9HQLxV/4f4x54MSddGv yK7KPf4/j2TzRHsyfuUzORSJWeIobNj/g3hW3gmRhpWCjCk6DIqOAl4TeSVVlBjju5S5idixSqi eJ4yTgLGCi X-Google-Smtp-Source: AGHT+IGLfNJmPUcbv12mnA3BbCFoWA1BLIKNzR9jOr2W5nlhqqj7vh2giBYsc7FqBi2OnbDqmZfw8Q== X-Received: by 2002:a05:600c:3541:b0:477:9fa0:7495 with SMTP id 5b1f17b1804b1-47d848787e3mr74849045e9.14.1767869633580; Thu, 08 Jan 2026 02:53:53 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47d7f68f69dsm148656615e9.1.2026.01.08.02.53.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Jan 2026 02:53:52 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 07/15] imagemagick: patch CVE-2025-55004 Date: Thu, 8 Jan 2026 11:53:09 +0100 Message-ID: <20260108105317.460246-7-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260108105317.460246-1-skandigraun@gmail.com> References: <20260108105317.460246-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 08 Jan 2026 10:54:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123261 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55004 Pick the patch that mentions the related github advisory[1] explicitly in its commit message. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2025-55004.patch | 65 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 66 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55004.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55004.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55004.patch new file mode 100644 index 0000000000..44ef34c40b --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55004.patch @@ -0,0 +1,65 @@ +From e3b2eba8a84e7c4222bcf1a843c1677b7406db3f Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Thu, 7 Aug 2025 19:14:00 -0400 +Subject: [PATCH] + https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw + +CVE: CVE-2025-55004 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/55d97055e00a7bc7ae2776c99824002fbb4a72aa] +Signed-off-by: Gyorgy Sarvari +--- + coders/png.c | 33 ++++++++++----------------------- + 1 file changed, 10 insertions(+), 23 deletions(-) + +diff --git a/coders/png.c b/coders/png.c +index 23a96e4d0..c6fae6283 100644 +--- a/coders/png.c ++++ b/coders/png.c +@@ -4785,37 +4785,24 @@ static Image *ReadOneJNGImage(MngReadInfo *mng_info, + jng_image=ReadImage(alpha_image_info,exception); + + if (jng_image != (Image *) NULL) +- for (y=0; y < (ssize_t) image->rows; y++) + { +- s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception); +- q=GetAuthenticPixels(image,0,y,image->columns,1,exception); +- if ((s == (const Quantum *) NULL) || (q == (Quantum *) NULL)) +- break; ++ image->alpha_trait=BlendPixelTrait; ++ for (y=0; y < (ssize_t) image->rows; y++) ++ { ++ s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception); ++ q=GetAuthenticPixels(image,0,y,image->columns,1,exception); ++ if ((s == (const Quantum *) NULL) || (q == (Quantum *) NULL)) ++ break; + +- if (image->alpha_trait != UndefinedPixelTrait) + for (x=(ssize_t) image->columns; x != 0; x--) + { + SetPixelAlpha(image,GetPixelRed(jng_image,s),q); + q+=(ptrdiff_t) GetPixelChannels(image); + s+=(ptrdiff_t) GetPixelChannels(jng_image); + } +- +- else +- for (x=(ssize_t) image->columns; x != 0; x--) +- { +- Quantum +- alpha; +- +- alpha=GetPixelRed(jng_image,s); +- SetPixelAlpha(image,alpha,q); +- if (alpha != OpaqueAlpha) +- image->alpha_trait=BlendPixelTrait; +- q+=(ptrdiff_t) GetPixelChannels(image); +- s+=(ptrdiff_t) GetPixelChannels(jng_image); +- } +- +- if (SyncAuthenticPixels(image,exception) == MagickFalse) +- break; ++ if (SyncAuthenticPixels(image,exception) == MagickFalse) ++ break; ++ } + } + (void) RelinquishUniqueFileResource(alpha_image->filename); + alpha_image=DestroyImageList(alpha_image); diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index e486d072be..caaf813f6e 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-53015.patch \ file://CVE-2025-53019.patch \ file://CVE-2025-53101.patch \ + file://CVE-2025-55004.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" From patchwork Thu Jan 8 10:53:10 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 78268 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 347AFD185CC for ; Thu, 8 Jan 2026 10:54:21 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.4003.1767869638170548166 for ; Thu, 08 Jan 2026 02:53:58 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=OsD/ke4d; spf=pass (domain: gmail.com, ip: 209.85.128.41, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-477619f8ae5so24273585e9.3 for ; Thu, 08 Jan 2026 02:53:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767869636; x=1768474436; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=yfuhMVUs4WU1JvHmvSezdrzeIMpGnyl/LfgKtT5BtYQ=; b=OsD/ke4d2eBOspHp59TQJAZrf94yUGg5moowr8f71haKYWYe+8cBZzDUI7xhLMbLIY 20dEaud7vT0vRBj8BPxNKgcVItlBJEnPTC86ZpJ3zbCBQgT9YJnRvgZvvR9S23lhb+lV l66vzF5gT/WQ9l7bg1MU51mPSnSuKAiziL9yMUBpFCctDLN3rxbV6Txu2l24ZdLJ3NvQ q1Du67tA6x06TmFHtZ07sEAUveveXHLinvpFfvF5+Mq+J/RDYW9C8A/hu57xAv95l2Cr nbRPKc6XN2e2om6By1lF8hqMRH1oslgjPZm/JrNLFTAFJanHKwxp3BUV2jaxs3rbD8kd 6/oA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767869636; x=1768474436; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=yfuhMVUs4WU1JvHmvSezdrzeIMpGnyl/LfgKtT5BtYQ=; b=ex3pFl0d11lftlp0Lh4Ao7MI8Xu7Vjg5LHdFZ2CHZayfpyAO+BP6SwR6fh6sqByECt 5ocY67RVPXRQzFcF/6qaAXbp+b9Pc8N28VeSUdifVbHggiXX7TaDG9Hrd1jLp0UyNf2O dMc1isqdKT5TtPuaZvUsVFr9Sxp8tPjGnsnhFeBZCdxPl2hfyHQKT41VkBitu7+PKaht OZhVFRtZ905MjY33AyS0Cma8mdx55WWxXPxlcKsTMVGkEgSMMzTBklSYznPnbvtYavon L1045NyXbqw6zG2bfpoYVHmbQ4U3Mx3loiR2l8HixAekgrUh8WUS6IKCZNi7q+eiZVNl /u0Q== X-Gm-Message-State: AOJu0YwQeLDwzu7oKKzG7a4EXt5Wu0GjMnwZgcQKLc7JyCD+QqoTUdUu gmZ7RrJEFuMfYHOYAKhOcmI+Nm1hnvPX7JJKzp2t1SzIrUqZPEio5wGl6ED7DQ== X-Gm-Gg: AY/fxX5aZajIz5ldEHJnpnFK5xnY3qtAVqNnk4Js1WH8riL/DhppcnAMJrn/72Y8GZR jgQo60nYCNanSA9IrXhDWIy4kuxFDUrCtZZV+gaIrZL9r9bNRHGp9nj7DE+nRBp18EYf2+8itfY D0pQcwmm7oCejEOiHFSZOYrP+Yh4P15d6nZ0Vv9cO8sGz2OfNdKzbzlKaMD418+lKYjgb9R+ZbC 86RJXAhb1MPcwvvZKdd//q00HDqQDF7E+EPnzG9yy0ysoOAJOcY5bKMCO8vkOnBIWxvqNKQlrfk 7MjHZ7TULcDGcxbH1mMHxacehssjmBd7CdIe/ihPsx+WjOMsxD9D0htpN4uBsftgiHe9TVW9UEY pQs6LliJZWgXjQaIwb3ZuTAAtDb7wCo7j5YKROAQmOLQ3F/+9oxPMa8qmgCS56IVmL0Qu3CfIXt nXr0lUxufx X-Google-Smtp-Source: AGHT+IEogcM6cROJCZUW/QeiuT3a3sZIclQBJBG3UYJCoOcqUGHB/kL+1PN3fIyGjbk90r6IJpg0Qg== X-Received: by 2002:a05:600c:4713:b0:477:1bb6:17de with SMTP id 5b1f17b1804b1-47d84b5b43dmr76111695e9.30.1767869636387; Thu, 08 Jan 2026 02:53:56 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47d7f68f69dsm148656615e9.1.2026.01.08.02.53.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Jan 2026 02:53:54 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 08/15] imagemagick: patch CVE-2025-55005 Date: Thu, 8 Jan 2026 11:53:10 +0100 Message-ID: <20260108105317.460246-8-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260108105317.460246-1-skandigraun@gmail.com> References: <20260108105317.460246-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 08 Jan 2026 10:54:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123262 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55005 Pick the patch that mentions the related github advisory[1] in its commit message. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2025-55005.patch | 34 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55005.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55005.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55005.patch new file mode 100644 index 0000000000..727e66f741 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55005.patch @@ -0,0 +1,34 @@ +From 430c29617ce287db24872cb4e7fbb1e03d117d0a Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Thu, 7 Aug 2025 22:05:10 -0400 +Subject: [PATCH] + https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp + +CVE: CVE-2025-55005 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57] +Signed-off-by: Gyorgy Sarvari +--- + MagickCore/colorspace.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c +index a87defad8..82400ce46 100644 +--- a/MagickCore/colorspace.c ++++ b/MagickCore/colorspace.c +@@ -2420,10 +2420,16 @@ static MagickBooleanType TransformsRGBImage(Image *image, + value=GetImageProperty(image,"reference-black",exception); + if (value != (const char *) NULL) + reference_black=StringToDouble(value,(char **) NULL); ++ if (reference_black > 1024.0) ++ reference_black=1024.0; + reference_white=ReferenceWhite; + value=GetImageProperty(image,"reference-white",exception); + if (value != (const char *) NULL) + reference_white=StringToDouble(value,(char **) NULL); ++ if (reference_white > 1024.0) ++ reference_white=1024.0; ++ if (reference_black > reference_white) ++ reference_black=reference_white; + logmap=(Quantum *) AcquireQuantumMemory((size_t) MaxMap+1UL, + sizeof(*logmap)); + if (logmap == (Quantum *) NULL) diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index caaf813f6e..baf0230590 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -17,6 +17,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-53019.patch \ file://CVE-2025-53101.patch \ file://CVE-2025-55004.patch \ + file://CVE-2025-55005.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" From patchwork Thu Jan 8 10:53:11 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 78270 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 458EED185D5 for ; Thu, 8 Jan 2026 10:54:21 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.4005.1767869642680421367 for ; Thu, 08 Jan 2026 02:54:02 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Y2EaKpDV; spf=pass (domain: gmail.com, ip: 209.85.128.49, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-47a8195e515so21914025e9.0 for ; Thu, 08 Jan 2026 02:54:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767869641; x=1768474441; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VZdn1xgU4bgpzzvwnflAwDvUFo4f5+twS2f/w7Hg/1I=; b=Y2EaKpDVQRph1nGl2QIzAi9XaB+7qE5TsA51xR8UNQprV5X/DkaGHkL9uzWzlzfLZR M6TeCo1qoVC8BnEZLBeU8uOzwOcQQz/B7YEfaIM6MleEX1Es881ZTaOkLLNo2fH8DIIz G/c3iRePBL+VDlotyz2YmbAVbA3YI9dhbwvnabHBdcnESdoAb2jhNzQ0UN0ysGrFdkkd vAmnqJJWTZcOrcPq24Z7D28nzCTJAQHg3+6605eeEgVOhC9NIe5kQm8yHa9YJo1HoXiw ziv9wyG/s/5a4Pcl690bqXACZqcQ7mRu3U5rteYIe+2XVJQGvkVJuDBZIGgaikgV/lB7 l8tA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767869641; x=1768474441; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=VZdn1xgU4bgpzzvwnflAwDvUFo4f5+twS2f/w7Hg/1I=; b=mE/vxjFtug9DqLjDVHT5i+g0t7bX8L7YACeJxbeJWRsJNI7uEJRB+mBahs+7SEb6zI CQ1Bfnrtlyu7TdGFUVWDM0AAO+FA722bTDMlY4yu5m27mXzgwZzfqsqsnARLpd7CGkdz YZP3ZGA5ujWb0SFQSV2eo1TwA7qPD54yn1KhLsjRae39QYW8zH/H6aFEKIRG0KZCj1WH VapEz+dZuO8QmmDxQsdKz7sJ4BKuIcSSSBKcEsMYQ1RkzIw3650UaICJUdXLieUQVp6G vBZbzmQYIJCimvvN0fLRXq7Uw/ShaZG4nn41aZHRE7AJLUyM00w5MZX/QvxCTM+c07xs sTRA== X-Gm-Message-State: AOJu0YzEN92whknTD/JP3mEB5tvCbz51HbTB1E/gQqbYDp536H7L1JNm MOBjF91rYaIoUPjFFTxeI751+RFVF00qqBQ8FaO7Ua2IiljX+ZLLGVquEtssiA== X-Gm-Gg: AY/fxX6QRHZ3ne2mVgDtu0KAQdXejtZ5MVnuubn6ohfiJPizA0mwxet2DbAZ23o+2jX LH418gaS+YeelwRSqxtpSbHyYB249xwJru4IRmM7HSM3TBaLouo0vAGxz84MPbS4A6AzWV5/BEP zRObw7B9kqD+Fd73cmFhNoTWm7seDkFppDwwD0EWqnQ6pYS2QBYtunNwt8fmKyHUcdQj8mUeg7R W8+U1oO5xasqkYDriBaXUp8UktchTFR99r6CGGnYW5TL0KGFr2AHYl8GlQrrRRQYYEFCwu0W6Fk y8CWKkSyqL/r21FEBpm7XtZPNoQiO3qi4a+7xflfQxP4PotPLVnVMH6Kh0t6DstVTFNQpumtQr5 syc6g8fu/fJE76rFUpRiAJd7ZYA366ZqrK+64pHTqJBRcssG3d/xBwsAg4gHFMIDxmxthcRUvEn LA9sy7Vxwg X-Google-Smtp-Source: AGHT+IHdRLopGDtNn6riB78R0EYUUyNWbGzTFEKUzduoslTzR23v01U2jXC96lbvrB+Frh/ehvfM3Q== X-Received: by 2002:a05:600c:820f:b0:477:a978:3a7b with SMTP id 5b1f17b1804b1-47d84b32f09mr63255525e9.22.1767869640986; Thu, 08 Jan 2026 02:54:00 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47d7f68f69dsm148656615e9.1.2026.01.08.02.53.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Jan 2026 02:53:57 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 09/15] imagemagick: patch CVE-2025-55154 Date: Thu, 8 Jan 2026 11:53:11 +0100 Message-ID: <20260108105317.460246-9-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260108105317.460246-1-skandigraun@gmail.com> References: <20260108105317.460246-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 08 Jan 2026 10:54:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123263 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55154 Pick the patch that mentions the related github advisory[1] in its commit message. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82 Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2025-55154.patch | 79 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 80 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55154.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55154.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55154.patch new file mode 100644 index 0000000000..52f4ac1525 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55154.patch @@ -0,0 +1,79 @@ +From 963d61bbea3facd347262316201f3b8b7e3dc470 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 9 Aug 2025 08:28:23 -0400 +Subject: [PATCH] + https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82 + +CVE: CVE-2025-55154 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/db986e4782e9f6cc42a0e50151dc4fe43641b337] +Signed-off-by: Gyorgy Sarvari +--- + coders/png.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/coders/png.c b/coders/png.c +index c6fae6283..0191c6f1f 100644 +--- a/coders/png.c ++++ b/coders/png.c +@@ -6398,19 +6398,19 @@ static Image *ReadOneMNGImage(MngReadInfo* mng_info, + mng_info->magn_methy = 1; + if (mng_info->magn_methx == 1) + { +- magnified_width=mng_info->magn_ml; ++ magnified_width=(size_t) mng_info->magn_ml; + + if (image->columns > 1) + magnified_width += mng_info->magn_mr; + + if (image->columns > 2) +- magnified_width += (png_uint_32) ++ magnified_width += (size_t) + ((image->columns-2)*(mng_info->magn_mx)); + } + + else + { +- magnified_width=(png_uint_32) image->columns; ++ magnified_width=(size_t) image->columns; + + if (image->columns > 1) + magnified_width += mng_info->magn_ml-1; +@@ -6419,25 +6419,25 @@ static Image *ReadOneMNGImage(MngReadInfo* mng_info, + magnified_width += mng_info->magn_mr-1; + + if (image->columns > 3) +- magnified_width += (png_uint_32) ++ magnified_width += (size_t) + ((image->columns-3)*(mng_info->magn_mx-1)); + } + + if (mng_info->magn_methy == 1) + { +- magnified_height=mng_info->magn_mt; ++ magnified_height=(size_t) mng_info->magn_mt; + + if (image->rows > 1) + magnified_height += mng_info->magn_mb; + + if (image->rows > 2) +- magnified_height += (png_uint_32) ++ magnified_height += (size_t) + ((image->rows-2)*(mng_info->magn_my)); + } + + else + { +- magnified_height=(png_uint_32) image->rows; ++ magnified_height=(size_t) image->rows; + + if (image->rows > 1) + magnified_height += mng_info->magn_mt-1; +@@ -6446,7 +6446,7 @@ static Image *ReadOneMNGImage(MngReadInfo* mng_info, + magnified_height += mng_info->magn_mb-1; + + if (image->rows > 3) +- magnified_height += (png_uint_32) ++ magnified_height += (size_t) + ((image->rows-3)*(mng_info->magn_my-1)); + } + diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index baf0230590..dc18169b34 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -18,6 +18,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-53101.patch \ file://CVE-2025-55004.patch \ file://CVE-2025-55005.patch \ + file://CVE-2025-55154.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" From patchwork Thu Jan 8 10:53:12 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 78267 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32538D185CE for ; Thu, 8 Jan 2026 10:54:11 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.4008.1767869646451463546 for ; Thu, 08 Jan 2026 02:54:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Uw21s7FI; spf=pass (domain: gmail.com, ip: 209.85.128.44, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-4779ce2a624so25268715e9.2 for ; Thu, 08 Jan 2026 02:54:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767869645; x=1768474445; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6sXGBaeqPL4CDT894hc7YXmVIRGDJO7tMSjJ2/9IYo8=; b=Uw21s7FIPsgYmVDZnPQLdR66AQ5ryG4zccJmLHFLFr+FZfSl+aYTU00aA+qAEHeFn6 8B3W4FGTHbCUHNOuQ7MbFJ5xlP9bLvZXyEVXc2IGhesGhP4KxTsnlPHM3rW6TttdFThC dSTqD5t3Jb1M15WiyMSaJbT//j9yjwH9TqzJhL+c+fLrV56eB0CYDXH6fNdRLrEjaiOT EWUcyBLwONgpUNANpl2/J/sI4xYMO+HKGdPn0EfXnjSlODHOcmrm75Stc6Susl+/Aj/C 4uuqSJWe8wnYMnU47q8EMyrIFp+6R9WRNVLZZGe0U5eFgOuipByxlBUre7aynY5Jy8si MpmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767869645; x=1768474445; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=6sXGBaeqPL4CDT894hc7YXmVIRGDJO7tMSjJ2/9IYo8=; b=jqBlBZEWQ5GkOiv+qrDekYbca53LlmVwYMY7sFMPbgecK2oKnZXjEiN63IHKfSuh5Z X1YhCrNwwqdrC3Xj7rku0fhxf1k2QgFdZ42QYkBp3w1FhlIt+QwzW1OHFWyv7/iMYisC rZHO+UDNj4kSstemW7+pUonQ6Z/HQkbwdgKWFzf8fEWZkvGWNcXW+bDUQyB/fcgHcFTq Ic1ZlKdCOo/MogFeuG14qybI9zjJAPVo90IStmWhCLHd35jff4FrlcWI7qIy9KFKyJOC O0V6SWDhXKN+Dk9g7E/oSKlHu+2IyxCB879iXVhtFFqxR+0gqwYOwU7dFgEX2vtQJ0dj ZQSw== X-Gm-Message-State: AOJu0Yz1qtX4LujAsMQEaL9fQhJiuEFBzqDMhNsAoTQzM2YUln7sRUn0 auHYzyvGuSRYn6wlNnK1eh1f5xAxDa68DlB9PwHvlHh6SdcHqxNI2hzBPlMNMQ== X-Gm-Gg: AY/fxX78vzfYtqNVqtowgOj3uepMTPfRT95DRPFyJb63tPgALzO3G1lOA3W8OHCSG00 DnHCrOAjq7PCpWos7hKjBsXO3zoO+VkFM/yp1G2PfbKBNEP6bQxRcwtv0l59Wgc06aSSs3ZsSao jYOolayC7JxBlZqk42v2BJN//ZtJHXnB02d0KY2sT+nbvauZwP+X7cJAHTLcaq5IZgQsdlA+9r+ S4lN4qcLYtkVYQhkj/0SVA+xrlL6NIm32/1ZaQ77du6lG3+3hfUeMB51UltCHzORKR39YG7aaFV Hy4NE78pZ4mzonA1lN77/gRoMrppG7neuxAjPLMSRieJ1gSLHDo8FpIc0IthmjoKk+CL7sn8Bpo +DTssUnG/8OEqtd6psyG0Shdl7nFcg+XQkcWCI+GPD4KP3JMsblRRx5KaaPY9/WnijjRf3eMH5p 9/JP2Qm2pP X-Google-Smtp-Source: AGHT+IFgcPZbqirvdih3roPeB2ybsE0TU3LJKtnM6VMiI7D02N9yFll5SdKiw2FrEoC9DztvQEo2IA== X-Received: by 2002:a05:600c:699a:b0:47a:9560:ec28 with SMTP id 5b1f17b1804b1-47d84b1fcd5mr65051635e9.13.1767869644623; Thu, 08 Jan 2026 02:54:04 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47d7f68f69dsm148656615e9.1.2026.01.08.02.54.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Jan 2026 02:54:01 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 10/15] imagemagick: patch CVE-2025-55160 Date: Thu, 8 Jan 2026 11:53:12 +0100 Message-ID: <20260108105317.460246-10-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260108105317.460246-1-skandigraun@gmail.com> References: <20260108105317.460246-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 08 Jan 2026 10:54:11 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123264 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55160 Pick the patch that mentions the related github advisory[1] in its commit message. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2025-55160.patch | 159 ++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 160 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55160.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55160.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55160.patch new file mode 100644 index 0000000000..565322e7ab --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55160.patch @@ -0,0 +1,159 @@ +From fecf9ca80adecb7709446ee226d50ac079a37308 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sun, 10 Aug 2025 08:28:28 -0400 +Subject: [PATCH] + https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x + +CVE: CVE-2025-55160 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/63d8769dd6a8f32f4096c71be9e08a2c081e47da] +Signed-off-by: Gyorgy Sarvari +--- + MagickCore/artifact.c | 17 ++++++++++++++++- + MagickCore/option.c | 17 ++++++++++++++++- + MagickCore/profile.c | 19 ++++++++++++++++++- + MagickCore/property.c | 18 ++++++++++++++++-- + 4 files changed, 66 insertions(+), 5 deletions(-) + +diff --git a/MagickCore/artifact.c b/MagickCore/artifact.c +index dae6aaaf0..764ef75a4 100644 +--- a/MagickCore/artifact.c ++++ b/MagickCore/artifact.c +@@ -99,6 +99,21 @@ + % o clone_image: the source image for artifacts to clone. + % + */ ++ ++typedef char ++ *(*CloneKeyFunc)(const char *), ++ *(*CloneValueFunc)(const char *); ++ ++static inline void *CloneArtifactKey(void *key) ++{ ++ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key)); ++} ++ ++static inline void *CloneArtifactValue(void *value) ++{ ++ return((void *) ((CloneValueFunc) ConstantString)((const char *) value)); ++} ++ + MagickExport MagickBooleanType CloneImageArtifacts(Image *image, + const Image *clone_image) + { +@@ -117,7 +132,7 @@ MagickExport MagickBooleanType CloneImageArtifacts(Image *image, + if (image->artifacts != (void *) NULL) + DestroyImageArtifacts(image); + image->artifacts=CloneSplayTree((SplayTreeInfo *) clone_image->artifacts, +- (void *(*)(void *)) ConstantString,(void *(*)(void *)) ConstantString); ++ CloneArtifactKey,CloneArtifactValue); + } + return(MagickTrue); + } +diff --git a/MagickCore/option.c b/MagickCore/option.c +index eee6f943c..31c5fa99a 100644 +--- a/MagickCore/option.c ++++ b/MagickCore/option.c +@@ -2361,6 +2361,21 @@ static const OptionInfo + % o clone_info: the source image info for options to clone. + % + */ ++ ++typedef char ++ *(*CloneKeyFunc)(const char *), ++ *(*CloneValueFunc)(const char *); ++ ++static inline void *CloneOptionKey(void *key) ++{ ++ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key)); ++} ++ ++static inline void *CloneOptionValue(void *value) ++{ ++ return((void *) ((CloneValueFunc) ConstantString)((const char *) value)); ++} ++ + MagickExport MagickBooleanType CloneImageOptions(ImageInfo *image_info, + const ImageInfo *clone_info) + { +@@ -2376,7 +2391,7 @@ MagickExport MagickBooleanType CloneImageOptions(ImageInfo *image_info, + if (image_info->options != (void *) NULL) + DestroyImageOptions(image_info); + image_info->options=CloneSplayTree((SplayTreeInfo *) clone_info->options, +- (void *(*)(void *)) ConstantString,(void *(*)(void *)) ConstantString); ++ CloneOptionKey,CloneOptionValue); + } + return(MagickTrue); + } +diff --git a/MagickCore/profile.c b/MagickCore/profile.c +index a68e54f14..e131bd6ec 100644 +--- a/MagickCore/profile.c ++++ b/MagickCore/profile.c +@@ -143,6 +143,23 @@ typedef struct _CMSExceptionInfo + % o clone_image: the clone image. + % + */ ++ ++typedef char ++ *(*CloneKeyFunc)(const char *); ++ ++typedef StringInfo ++ *(*CloneValueFunc)(const StringInfo *); ++ ++static inline void *CloneProfileKey(void *key) ++{ ++ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key)); ++} ++ ++static inline void *CloneProfileValue(void *value) ++{ ++ return((void *) ((CloneValueFunc) CloneStringInfo)((const StringInfo *) value)); ++} ++ + MagickExport MagickBooleanType CloneImageProfiles(Image *image, + const Image *clone_image) + { +@@ -157,7 +174,7 @@ MagickExport MagickBooleanType CloneImageProfiles(Image *image, + if (image->profiles != (void *) NULL) + DestroyImageProfiles(image); + image->profiles=CloneSplayTree((SplayTreeInfo *) clone_image->profiles, +- (void *(*)(void *)) ConstantString,(void *(*)(void *)) CloneStringInfo); ++ CloneProfileKey,CloneProfileValue); + } + return(MagickTrue); + } +diff --git a/MagickCore/property.c b/MagickCore/property.c +index f11e87d8a..f8779f3a1 100644 +--- a/MagickCore/property.c ++++ b/MagickCore/property.c +@@ -131,6 +131,21 @@ + % o clone_image: the clone image. + % + */ ++ ++typedef char ++ *(*CloneKeyFunc)(const char *), ++ *(*CloneValueFunc)(const char *); ++ ++static inline void *ClonePropertyKey(void *key) ++{ ++ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key)); ++} ++ ++static inline void *ClonePropertyValue(void *value) ++{ ++ return((void *) ((CloneValueFunc) ConstantString)((const char *) value)); ++} ++ + MagickExport MagickBooleanType CloneImageProperties(Image *image, + const Image *clone_image) + { +@@ -195,8 +210,7 @@ MagickExport MagickBooleanType CloneImageProperties(Image *image, + if (image->properties != (void *) NULL) + DestroyImageProperties(image); + image->properties=CloneSplayTree((SplayTreeInfo *) +- clone_image->properties,(void *(*)(void *)) ConstantString, +- (void *(*)(void *)) ConstantString); ++ clone_image->properties,ClonePropertyKey,ClonePropertyValue); + } + return(MagickTrue); + } diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index dc18169b34..5e9561291c 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -19,6 +19,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-55004.patch \ file://CVE-2025-55005.patch \ file://CVE-2025-55154.patch \ + file://CVE-2025-55160.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" From patchwork Thu Jan 8 10:53:13 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 78271 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3FF55D185D3 for ; Thu, 8 Jan 2026 10:54:21 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.4008.1767869652382842303 for ; Thu, 08 Jan 2026 02:54:12 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=I3DEMFLj; spf=pass (domain: gmail.com, ip: 209.85.128.52, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-47774d3536dso16559155e9.0 for ; Thu, 08 Jan 2026 02:54:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767869651; x=1768474451; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=KRDu7GM5+WekuQTT/gUsA2J6HKvWWh/nZu1zHrbsEDY=; b=I3DEMFLjRLgZOPo00cMeXYxx+beG1yFDKbCEEaZWvHB/WEUHUbb/8LH/0I017MFWSs ca9HCTEtlAka60SmmpZ5ofW1Dn0vccD+/FwMrIkHDEDDp8pDzMSmlS/cf9F2v8I0cteo 2R+tiiH1CYav6INQEp9zTF5SuquGjoaIzC2n60WtRGZROt8P55iBdFGB2Y3uukXyg87h cQr4k2o93DGOvK4v91vi43CDsj7lJmAYv6GByQkE7Z5pOrV49DIGGwiMY7CgaTexWPrQ sVY0lpybGs/LcKnvTgLZLFibH79hylFCSZpbtuXCHfJx+VqkpSryQBNG/3F7TzHoW9+9 PIqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767869651; x=1768474451; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=KRDu7GM5+WekuQTT/gUsA2J6HKvWWh/nZu1zHrbsEDY=; b=k5KTAzqY9H1ghWaeVy9qZ8HOnuly/n4OEy3AGGmXuCo7Q+d6XPMVcZSWbuyy3+0VjX Sjn3lLVc6p3pq4HQbYoadryGC34AcIS+NosPz/cBvvv4TYdasAi/a0IN0vON1bCn/hwR Tdfbi/0H7YW0RrRtZzHVmvG6/k0OHetrh4jX7Rh9IUTWSjTwg8mNbVwiOmagu/nrjy0E 7SJSXiEV6X0rOORYwN1anQsOtfCiDMIzMfaVUYbFqIEeaV9uSuEDM7+/yiB5K2xWAQTO jS8U7+8tP1bJzsot08QHuPG6qUL7PDQVTJSFw1E6u/T5krLk5vZ3yn27NAlGw6Kf1btd a4fw== X-Gm-Message-State: AOJu0Yy6cguBx2zVilMs2xEWtbjkqRbR3Ls6txEhhDax62gH7eJWH1Er pu7e+bRHwhBxKmaYWsiLm0BrsmlaK0AXPJoRr7L9DLC89j3Io1KPYd0PaojRrw== X-Gm-Gg: AY/fxX4TzkyMvtqlWfNJHS+nwhnvNiIEQxSZgsF3ZSPDm5HA7N6tvdDh13sIH+s0vBm ZkACciaNtyF7S1g8JG1QjOuhXmDt36I7xDlatXBfgW1dQgirynzEfqILKQIfoL+B+gvXNjXU6s3 jkK7tRWlHW8uZh4wmM+ZB77GvqHY/W+GfrEp+ME4xrgG1KonmBQWwzkd75e7lcvMWMlokBE7cfS aTQ949IE+xn2s6SO3Zpi0BX2+elXzs+ZFeA4t2lS4PWcjD2eKQsrOBWmBJStM3vBJjZqiabX0kw 2aeWu/6Go2oRa6ioHu2o5V7hakXiSp77RVDcGFWNu4q+iV+Q67jwrJs0o0dMah8bR31q7rVKk07 ECF3DBocNUvkT73t0BhoXH2xSzB33blHaag72BXAiQu42aCkU74gAm22RRywXPYVA6lZ2gu84Yp FqBQ0wGThT X-Google-Smtp-Source: AGHT+IF3CBA3xBSyvxj45RtbR12MIS6DY/FxsbH/7W6vNvBEsjU+eD0Y8e6/ePIrMuQXJ1CS7IdS1Q== X-Received: by 2002:a05:600c:3b05:b0:475:ddad:c3a9 with SMTP id 5b1f17b1804b1-47d84877e51mr72766305e9.13.1767869650698; Thu, 08 Jan 2026 02:54:10 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47d7f68f69dsm148656615e9.1.2026.01.08.02.54.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Jan 2026 02:54:05 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 11/15] imagemagick: patch CVE-2025-55212 Date: Thu, 8 Jan 2026 11:53:13 +0100 Message-ID: <20260108105317.460246-11-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260108105317.460246-1-skandigraun@gmail.com> References: <20260108105317.460246-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 08 Jan 2026 10:54:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123265 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55212 Backport the patch that is mentioned in the NVD advisory. Notes about the backport: The original patch deletes two extra lines compared to the backport: those lines were a previous attempt[1] to solve the same vulnerability, and the final patch reverted them. Since that patch wasn't part of the recipe, those deletions were dropped from the backported patch. The PerceptibleReciprocal function was renamed[2] to MagickSafeReciprocal after the recipe's revision, but there were no functional changes in the function's behavior. [1]: https://github.com/ImageMagick/ImageMagick/commit/43d92bf855155e8e716ecbb50ed94c2ed41ff9f6 [2]: https://github.com/ImageMagick/ImageMagick/commit/7e5d87fe6e9 Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2025-55212.patch | 29 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 30 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55212.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55212.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55212.patch new file mode 100644 index 0000000000..40a1b6fc4d --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55212.patch @@ -0,0 +1,29 @@ +From 3cc6cf85fbe2d147c7b3d48e53f4e9f081448ae8 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sun, 17 Aug 2025 14:33:44 -0400 +Subject: [PATCH] + https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw + +CVE: CVE-2025-55212 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/5f0bcf986b8b5e90567750d31a37af502b73f2af] +Signed-off-by: Gyorgy Sarvari +--- + MagickCore/resize.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/MagickCore/resize.c b/MagickCore/resize.c +index ea6e535f4..298662f8a 100644 +--- a/MagickCore/resize.c ++++ b/MagickCore/resize.c +@@ -4624,8 +4624,9 @@ MagickExport Image *ThumbnailImage(const Image *image,const size_t columns, + x_factor, + y_factor; + +- x_factor=(ssize_t) image->columns/(ssize_t) columns; +- y_factor=(ssize_t) image->rows/(ssize_t) rows; ++ x_factor=(ssize_t) (image->columns*PerceptibleReciprocal((double) ++ columns)); ++ y_factor=(ssize_t) (image->rows*PerceptibleReciprocal((double) rows)); + if ((x_factor > 4) && (y_factor > 4)) + { + thumbnail_image=SampleImage(clone_image,4*columns,4*rows,exception); diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index 5e9561291c..b299f0d2b6 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -20,6 +20,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-55005.patch \ file://CVE-2025-55154.patch \ file://CVE-2025-55160.patch \ + file://CVE-2025-55212.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" From patchwork Thu Jan 8 10:53:14 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 78269 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 331D0D185D0 for ; Thu, 8 Jan 2026 10:54:21 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.4009.1767869657182516929 for ; Thu, 08 Jan 2026 02:54:17 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=BLJRrIje; spf=pass (domain: gmail.com, ip: 209.85.128.44, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-477a2ab455fso28596585e9.3 for ; Thu, 08 Jan 2026 02:54:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767869655; x=1768474455; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=LRzxKmn1A1QGuwPOx61H6Hdz6eIjpGaG9xG2UUuQhZs=; b=BLJRrIjeI6cBSA8wPGeWNMQtaLziSk0955yORUpcIiMdwe7EhPjENAdF2pVU8/IzuU N13f1bVo0PKWSe1V50x2tbXL1zo5VYs2wAH6prsrFxBGui9hsImmPYhgsGjVi4dAngLv jl5q3Hogd1IJ6u43EumkVWknVeIDuXAfeJdtUWGvUBWuX/ECPfu7BKRZZf5NJ1d8hjlr tuIFyaB8j8BgAJJIxkV3AA4xwBLsZUcMAwQ7VnSHLVERPmwsSZkDH8i4RIJr2jzDekVo n1vrInEWdxVN/ZS7kAAo73iM7aCuZamgsbPSffYg4vlPhzyhJUIiZs7T6G1v4iqSbhsm Yz1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767869655; x=1768474455; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=LRzxKmn1A1QGuwPOx61H6Hdz6eIjpGaG9xG2UUuQhZs=; b=pMNABj98MGXhyX89hEfnmSoNHdfVKckLap2J36jzaSALfrVXGm1iCt260OveeKJb30 +4QAhRMwjMXGY6AkLqAYEkca/DLxkcwMnUZ1VdcJYP06wyB+ykI9dM8iLd22aeV6CjRy RTJD7d+TFb62uMEb01Khj7jjwc5WJl5rhgn/lHWnp2yUZ9yLjqxbNajyM6DNia1ILm17 3ge/pEY7F6bR0nqfIoIU1or8TzYSg31X8aBYeeTX7D5W1XC29zWJ5hulnUL79GsIlz5e QMjsENdRsWX6MB7VDqzMJ7sTrdwu0ERS8rCIEGSRqYzrjsOx9b2gTsLHpx/StOFPOsmz 5vTg== X-Gm-Message-State: AOJu0YypSKUyUfIdNncOkYqgvAj2Z24ChdYUGa6o/TjrATw4HWrNjIup ne+eetA8p3CMacXamuP4z+k4jvHhVkStyMEtiUnhzHP6YBBq4+7eJqAjLLK91A== X-Gm-Gg: AY/fxX6Wt12k3F43K8gxCrjKIoQ/7/fwBbbwXiE41h7bVDt1JBnzmTxdiCPvE+SQlCt /rB1imJxxGMHlQ8Cty0M6+4TbsrDsy9ykIZrwox5fyEsfijtXJ/9hFcEpQ8tAe2DufOzPh+hjhe otXU0mmkNbi4LvY5HynzaqzXwt6VVIoVwSIz4l6igZGa1V3u38U/tOirlUR4GlCIZmCrty/31i3 15KLO1Kz/QfnDOoHN+cCvPZb2IylTGFUuLvGjkOalRuMAAmQFGA/z7qvgJk7ryI7OTyp5v0eXxG j7t0A2U32KmgdeCgh/sJJ9sd/s7Tg0pby+VOYO5N3F2Hj1kMq6+bCTyc9M19e6R/RPn8pZ5RvZi v2zeT4vnDji7J/UuByVkfxsw3DXWwvmWiured35scl8eP0ai5ep9Iiefv+XVWk+8Zf3mME7oSpr r2G0DTjFLv X-Google-Smtp-Source: AGHT+IF9f5BKOaFThAAmgnbsC5bZQ5yfgrHcGKgpccXvVivXATHB3qZVSZLsOQUEEIRV7/FqIAQUJg== X-Received: by 2002:a05:600c:1394:b0:47d:3ffa:5f03 with SMTP id 5b1f17b1804b1-47d84b3467emr73562905e9.21.1767869655515; Thu, 08 Jan 2026 02:54:15 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47d7f68f69dsm148656615e9.1.2026.01.08.02.54.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Jan 2026 02:54:11 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 12/15] imagemagick: patch CVE-2025-57803 Date: Thu, 8 Jan 2026 11:53:14 +0100 Message-ID: <20260108105317.460246-12-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260108105317.460246-1-skandigraun@gmail.com> References: <20260108105317.460246-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 08 Jan 2026 10:54:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123266 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57803 Backport the patch that is mentioned in the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2025-57803.patch | 60 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 61 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-57803.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-57803.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-57803.patch new file mode 100644 index 0000000000..0eaf3af163 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-57803.patch @@ -0,0 +1,60 @@ +From 28b22daea4382d3599ea5a5369354d044c51b124 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 23 Aug 2025 09:18:40 -0400 +Subject: [PATCH] + https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mxvv-97wh-cfmm + +CVE: CVE-2025-57803 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/2c55221f4d38193adcb51056c14cf238fbcc35d7] +Signed-off-by: Gyorgy Sarvari +--- + coders/bmp.c | 20 ++++++++++++++++---- + 1 file changed, 16 insertions(+), 4 deletions(-) + +diff --git a/coders/bmp.c b/coders/bmp.c +index e05659b22..5c75e7f23 100644 +--- a/coders/bmp.c ++++ b/coders/bmp.c +@@ -516,6 +516,11 @@ static MagickBooleanType IsBMP(const unsigned char *magick,const size_t length) + % + */ + ++static inline MagickBooleanType BMPOverflowCheck(size_t x,size_t y) ++{ ++ return((y != 0) && (x > 4294967295UL/y) ? MagickTrue : MagickFalse); ++} ++ + static Image *ReadEmbedImage(const ImageInfo *image_info,Image *image, + const char *magick,ExceptionInfo *exception) + { +@@ -609,6 +614,7 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception) + size_t + bit, + bytes_per_line, ++ extent, + length; + + ssize_t +@@ -1110,12 +1116,18 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + if (bmp_info.compression == BI_RLE4) + bmp_info.bits_per_pixel<<=1; +- bytes_per_line=4*((image->columns*bmp_info.bits_per_pixel+31)/32); +- length=(size_t) bytes_per_line*image->rows; ++ extent=image->columns*bmp_info.bits_per_pixel; ++ bytes_per_line=4*((extent+31)/32); ++ if (BMPOverflowCheck(bytes_per_line,image->rows) != MagickFalse) ++ ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile"); ++ length=bytes_per_line*image->rows; + if ((MagickSizeType) (length/256) > blob_size) + ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile"); +- pixel_info=AcquireVirtualMemory(image->rows, +- MagickMax(bytes_per_line,image->columns+1UL)*sizeof(*pixels)); ++ extent=MagickMax(bytes_per_line,image->columns+1UL); ++ if ((BMPOverflowCheck(image->rows,extent) != MagickFalse) || ++ (BMPOverflowCheck(extent,sizeof(*pixels)) != MagickFalse)) ++ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); ++ pixel_info=AcquireVirtualMemory(image->rows,extent*sizeof(*pixels)); + if (pixel_info == (MemoryInfo *) NULL) + ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index b299f0d2b6..14a9d1eefa 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -21,6 +21,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-55154.patch \ file://CVE-2025-55160.patch \ file://CVE-2025-55212.patch \ + file://CVE-2025-57803.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" From patchwork Thu Jan 8 10:53:15 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 78273 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 47169D185CC for ; Thu, 8 Jan 2026 10:54:31 +0000 (UTC) Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.4010.1767869661662529955 for ; Thu, 08 Jan 2026 02:54:21 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=RQPKIPEL; spf=pass (domain: gmail.com, ip: 209.85.128.51, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-47d5e021a53so22571605e9.3 for ; Thu, 08 Jan 2026 02:54:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767869660; x=1768474460; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=zqnklwuLb2Qx5GAWKh5m65A/3PtD9H8oRBb5yUqlJ6g=; b=RQPKIPELF1r7xNy/CiAZAE9Tf3Cq3HIv0A3v2bevMDq54sM1iBYneYusYjJlqk7U+N 40HNU4B/EaNr+znVwlhLRALsoZtSwZRgpDEJnXlD4/iT2ACowKtZ0WlEoqAzYVfux5C0 fqjfjMP4CVlvZS4oUqdCm31dRWl3YTJCQXysDCr9+nI4KKZmbmMYNim5dxmK2ZEif4D6 PHBwkbPx/9k35ft5KE5IZVJ8uoVar1eM2QNJsx57qVHD1XohGYd4TKLu7oI1hD+oQVsn 2VDWwmIrqhH5QwGJ9JEPRLllnSNfnDC96TnepxZm+VvIZM2ZJoPYKJM5xqDASQP+Okxg lI4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767869660; x=1768474460; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=zqnklwuLb2Qx5GAWKh5m65A/3PtD9H8oRBb5yUqlJ6g=; b=RbU77M+CjC1nrLNNlPtmgp5d4oWrWOrEi8KWa9XYuPPh36wUiz5ryhT6mvrvECp5Hr VofAgOfl7KwOjsED24b5n8Wdlp4MXajzNi6pxiPhqS/bU/lep8c5aqUxH7kb93E30KoL KacFFvL1ftldU6OFQ+G0omIAUdco06mit5gANdid8PMTb/XpcFxIaAL9PRYAMeHvAKbo pehEj+upTwTBYvZvckSPxbkeXKZYPr4obKSYgGxykZ8sb9QVDogs2o0CGr4v9Bm0C6AX dd5JZvBRwy+A/skadRLFMCjt9IOaRC4bmCtPvJD8po+lhb3OatXeOhviSYu7jET71mpP Ak9w== X-Gm-Message-State: AOJu0Yw8D6Quzn6Klf4ldPZ/yNZJTqN8w8vCQMFlpaf+3tsyfD4f70Az GsfFo9yh6bx34/Fk4WyC8rGzMRHw1dPGaq3OkLlt+6w6yCndZPhkCy/tlxM7Fg== X-Gm-Gg: AY/fxX5QRULhBtV4TlfQmCxe/lI9BzdzcxZsVzlXE1p3sQJFXsTcEy0UBAgMuYEFg5y +RByDXCDRicSSNm+JD4s28e0am3jW4KyNgyQbBHFPiOWZHc7iktUzQk2V8CmA/M0cZ6nf2CasP/ iD6wegdMU7psDMC+iHoUQdTdF7rwaUOTi5l4u+cJI4wTmfcwZQIEXmEa/wSfESOHWVvVgNMQXXF qQx8HBpsVYIWe9syTVPEDpjrfnskXVxZR9XnIjyT8pTLilWCzIM+MMg8z1SZF4h3Wmqtm9FxsKV ECUoz9zY+70R03EBJv7J7rATxcGAELgBwFE3FC5iHlP91M5/vTmBkyD4XdFWQJtQ5ul8w9ZBPBI fHyckkUmD1CLeSak+f9R5OBhnfX2VY8CCwzodUW7/jFHFrPlZARJX2/Vo43CU7d9TNPH9/COdqh g4hdRNdjWWsboyMTSIF58= X-Google-Smtp-Source: AGHT+IEyVmwRHgYuC0nbXQMzM8TWKEmqNf47Jmp+rtYfxPxCd2QKYChDf80VDU7MJnQk8bRXbjGakA== X-Received: by 2002:a05:600c:190e:b0:477:7c7d:d9b7 with SMTP id 5b1f17b1804b1-47d84b4099amr71060375e9.33.1767869659922; Thu, 08 Jan 2026 02:54:19 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47d7f68f69dsm148656615e9.1.2026.01.08.02.54.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Jan 2026 02:54:16 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 13/15] imagemagick: patch CVE-2025-57807 Date: Thu, 8 Jan 2026 11:53:15 +0100 Message-ID: <20260108105317.460246-13-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260108105317.460246-1-skandigraun@gmail.com> References: <20260108105317.460246-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 08 Jan 2026 10:54:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123267 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57807 Backport the patch that's mentioned in the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2025-57807.patch | 45 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 46 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-57807.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-57807.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-57807.patch new file mode 100644 index 0000000000..e3476e6c02 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-57807.patch @@ -0,0 +1,45 @@ +From c3c9b87cfde14c543c98aa2358da8d4e915715fd Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sun, 24 Aug 2025 12:32:18 -0400 +Subject: [PATCH] + https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg + +CVE: CVE-2025-57807 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e] +Signed-off-by: Gyorgy Sarvari +--- + MagickCore/blob.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/MagickCore/blob.c b/MagickCore/blob.c +index d00b0ac57..5ee81a68b 100644 +--- a/MagickCore/blob.c ++++ b/MagickCore/blob.c +@@ -1630,7 +1630,7 @@ static inline ssize_t WriteBlobStream(Image *image,const size_t length, + extent=(MagickSizeType) (blob_info->offset+(MagickOffsetType) length); + if (extent >= blob_info->extent) + { +- extent=blob_info->extent+blob_info->quantum+length; ++ extent+=blob_info->quantum+length; + blob_info->quantum<<=1; + if (SetBlobExtent(image,extent) == MagickFalse) + return(0); +@@ -5912,12 +5912,15 @@ MagickExport ssize_t WriteBlob(Image *image,const size_t length, + } + case BlobStream: + { +- if ((blob_info->offset+(MagickOffsetType) length) >= +- (MagickOffsetType) blob_info->extent) ++ MagickSizeType ++ extent; ++ ++ extent=(MagickSizeType) (blob_info->offset+(MagickOffsetType) length); ++ if (extent >= blob_info->extent) + { + if (blob_info->mapped != MagickFalse) + return(0); +- blob_info->extent+=length+blob_info->quantum; ++ blob_info->extent=extent+blob_info->quantum+length; + blob_info->quantum<<=1; + blob_info->data=(unsigned char *) ResizeQuantumMemory( + blob_info->data,blob_info->extent+1,sizeof(*blob_info->data)); diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index 14a9d1eefa..7e40784005 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -22,6 +22,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-55160.patch \ file://CVE-2025-55212.patch \ file://CVE-2025-57803.patch \ + file://CVE-2025-57807.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" From patchwork Thu Jan 8 10:53:16 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 78272 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 47195D185D5 for ; Thu, 8 Jan 2026 10:54:31 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.4015.1767869667603353488 for ; Thu, 08 Jan 2026 02:54:27 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=jNpG4wy8; spf=pass (domain: gmail.com, ip: 209.85.128.54, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-47775fb6cb4so17115745e9.0 for ; Thu, 08 Jan 2026 02:54:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767869666; x=1768474466; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=04h9aEm9iJtgIPMsU6gI0R0WJzwyDZ3IT6W8ZflCfMo=; b=jNpG4wy8NRiN15IOe2i+OFYonNmAJdkTjakGBEsbV67hEXIoowfv9vHxOeFIUJLJFN tnqxv0A81nujkcwpey4uV6XGnrztWpJFOaFDtgz28EKrK/TpmhgZNf+S6hN+XWgAvb2W e3gignfQdMPeE3qgRMeOMPDWxepXURGyUwxrZXAty6NG0Z6z4E1/1/SR27tLxGhXEdcu QYqHewwovI40KynQzDnx7tQRHQqE0CJ5Ju0eEeI+yLdenozq1CTziWDGCZqrKJSv7byB 0whWZmCLLcaw2UpxGDhibaF2qj1VvlGJXdl90jZdDTxTEJj9fX5PVwt/1KQF9AuccI6F hw1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767869666; x=1768474466; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=04h9aEm9iJtgIPMsU6gI0R0WJzwyDZ3IT6W8ZflCfMo=; b=jURQxntCvMSiRv6NeOD4Z1/oiMy3hxikiq7f4GMAh2ubspPnkKG8yrzPGgdPF7MmYN 1WfV3lh6FAY9kHu7lIJmLmwwkypTiK2HW3OC077RxB8tOCsmJH5rAFyRzO85Gd6sV2nN RTz/s62IgTjT8Q3czk7qfvBSEbXWQD7pF02pi7Y9DWx4+EP4yVy6ym8U+DegGXOyg+lc WjCGp43uF4OLlSXwsmR+zUHCc48NOUH+NfqOEK6TXTTdzdGPYkFXcdEmboJSqcWW1+jm RhRM5ny7MdY1GICiFjmKhF0MUP7wNeaafs11SJ/j2HsPzPSqc6HeTS7HpvEccUHFGqri 9bVQ== X-Gm-Message-State: AOJu0YzP4fGvNRGeInkqEQMMpmcboDMKb2/qgNY5e6alIP033STMCMf+ ee/eQHGj13cwkGhfXnOQ2fTFNu5IP+x217Xcra8PNCQrM4ZG47n2kgChShY5RQ== X-Gm-Gg: AY/fxX5jCHLzT+u4GPi1oaLBG1srJwwmP/q6gbFAF2NWQybsQZSMkAhrpe5jCDeX2In iv/W7ewOMaW9lMfF+3RJjvSXgQ6XFD0Kt1lYO+VWEsh8XvPDbj5Ze95REqj8UJ3dhRaRf5CpkqG JwL5YEzx0OvpaasiDhuwoJH/q5MF0BhW46NFfJC+kFVmGYCsHJcbZhyfqyRIXQM74WyEpYfwHTm 3UKLVAIvf/ewGPdIS8FMss5g3x9+/WYWCc4CpOHqAcZfbAXu3hZam9/MH/wnGp1kQ1k6ofT5Ong 2M2ugoYqYaBVKnuev0Ys6q2I9+z4qsJlG+755q+lNo/SDIreAewD09bCzhhhdFGJl1cY6I0Dd7e 6kHr24c5lVlcxkYaVxG7Onr0z/e5OfBl7/7FrbFy93+c5Ma63o38pDdDM5hF8+X8AZQwpnjqU1i sMn/IHQz9xZ96Z/D34VrY= X-Google-Smtp-Source: AGHT+IHMGIe3M0CCafjmpAXJBSUDkGmZ5/L2rStAJxqVLyebXrWp3WIhaTLVbbuBS6hOq8VxwTaHKQ== X-Received: by 2002:a05:600c:b86:b0:47a:7aa0:175a with SMTP id 5b1f17b1804b1-47d84b3bc85mr63217535e9.26.1767869665909; Thu, 08 Jan 2026 02:54:25 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47d7f68f69dsm148656615e9.1.2026.01.08.02.54.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Jan 2026 02:54:21 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 14/15] imagemagick: patch CVE-2025-62171 Date: Thu, 8 Jan 2026 11:53:16 +0100 Message-ID: <20260108105317.460246-14-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260108105317.460246-1-skandigraun@gmail.com> References: <20260108105317.460246-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 08 Jan 2026 10:54:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123268 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-62171 Pick the patch that's mentioned by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2025-62171.patch | 26 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 27 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-62171.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-62171.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-62171.patch new file mode 100644 index 0000000000..6b14a19550 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-62171.patch @@ -0,0 +1,26 @@ +From 9214d0e007656d5385d51f31b215cc54225aab3c Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Sun, 12 Oct 2025 20:43:14 +0200 +Subject: [PATCH] Added extra check to resolve issue on 32-bit systems + (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm) + +CVE: CVE-2025-62171 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00] +Signed-off-by: Gyorgy Sarvari +--- + coders/bmp.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/coders/bmp.c b/coders/bmp.c +index 5c75e7f23..7647a0296 100644 +--- a/coders/bmp.c ++++ b/coders/bmp.c +@@ -1116,6 +1116,8 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + if (bmp_info.compression == BI_RLE4) + bmp_info.bits_per_pixel<<=1; ++ if (BMPOverflowCheck(image->columns,bmp_info.bits_per_pixel) != MagickFalse) ++ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + extent=image->columns*bmp_info.bits_per_pixel; + bytes_per_line=4*((extent+31)/32); + if (BMPOverflowCheck(bytes_per_line,image->rows) != MagickFalse) diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index 7e40784005..ed20b67d69 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -23,6 +23,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-55212.patch \ file://CVE-2025-57803.patch \ file://CVE-2025-57807.patch \ + file://CVE-2025-62171.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" From patchwork Thu Jan 8 10:53:17 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 78274 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 47CB5D185D5 for ; Thu, 8 Jan 2026 10:54:41 +0000 (UTC) Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.4018.1767869674810666563 for ; Thu, 08 Jan 2026 02:54:35 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=PVqkM9bb; spf=pass (domain: gmail.com, ip: 209.85.128.50, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-4775ae77516so33624265e9.1 for ; Thu, 08 Jan 2026 02:54:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767869673; x=1768474473; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NaM4fDrFrC4SFavISQPQWmlXqNfYpgfze8J9mBVERJM=; b=PVqkM9bbvk2hzZUfJGC/+mamFVzRT+TXbbeLlog2e8Mu3awMPcc7B3rFCHu3gTNlDH sUNEKCtjsSyjiMItIalutmvy651ryh4USGMPKDwtteF8eM96AxYJNrv3hkDhYozUnIKj V0aP6k2I+IjMFG0wmn0gy6tO/AN8niPb4hqd788KjQe1zzG5PJh3QJ7frpv/FQS0dRW8 JJAj0MIyqp7SHVJuoIHb4vCMfSW7HIfq4gRGBgRG7RR9MC0IjNGiWb8Xkpv3qaa6bXIv FMxK64ZMWjJeR34+EcLmodW4npPo850PpjB2lc+z6l2T4paKtfmS+4tFqCTlaxQshoOF tTnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767869673; x=1768474473; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=NaM4fDrFrC4SFavISQPQWmlXqNfYpgfze8J9mBVERJM=; b=bzuPj7Q6j5PHZtywguSb/5Q9+kiBBFG096FcMhbuAmTqu63PEGG+oslxJw8Y3CfVWn 6fbtLBJJKz+vWArbmuVMbAd/fGw7Q+i2KwMROtNAD0xk6cDY4bmH7IsJWr5ef633CS/M SCuDZGLxMpaP7g029z3+jMOFxPObq8eEdimIWxqPnwzgdgFIrZrWXZkxD9/UfXsIGjVE QKrsU8nRs02n7kIosgBWofVjVLCYX8FAyzWxpDWI0wPWUgGQMLnGsUJa1B8UeD8kFalo W9PSMgoZsubn+jYvZCOeKB6natzGra3TMpSwpn2ncdRfHfMcQu+kQ2LRsaJB5BvBZ5sf LLsg== X-Gm-Message-State: AOJu0YxubN0QCl5WzAGOK3MV6kFu9d+0CLzb0+LJjg3AhbeO3yIvLdG1 n4vBCUifbBP3zR2+vfjg7boi0caDwSp1VB0PT5uSfksnM3HBwtmkh9qjrdTVwA== X-Gm-Gg: AY/fxX6/WxcSisiZ2XQEDdXE+AazFkjPveaQ+v3/mC7IJT80PB/2YZDYwzu9+kagz74 zdL8rpwIaxzd+G/p3J40Pi4GWPWnE5TyJHzS6OCn8qreTmc3ZymeB2tTPs/XfntvvHjyhy70Ri+ Ug3zg5aqrjQvQgAHtjpEAPAslWXp+/l7XyG5ie12xqxO24qnRJ5n8k4IK4p80sYqP2ROggOz005 AHJs5eqlwePRGKQb7LrXnplsMDPJVGIwgy0g0xQnFTXRBo9GhX5+qlvzhBoYlDRqk1uQN4X+387 jgC6Pejlfri9oZpSkB2ueOVHqyCLoZzuZ1brbEpH2PsbkOSlKKZROuS5UzYIC1RtyP+A6nheUMh 8NRxJaCzxdoPB6R0HzpYh3RrGOWiXhO7ZmU+v6zFEuQHSExead2SWIAia7XtWRF1d7DZ9Rey2OQ LMInlLtAlK X-Google-Smtp-Source: AGHT+IGRhMvxI1SSN5AKTUQyAUvjTNpCqR0O6jUO8lSZ6WNtCIxPyfKpSHOdGVS6ELaB1m53XtMdzw== X-Received: by 2002:a05:600c:630f:b0:46e:1abc:1811 with SMTP id 5b1f17b1804b1-47d84b3b75amr60824865e9.27.1767869673152; Thu, 08 Jan 2026 02:54:33 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47d7f68f69dsm148656615e9.1.2026.01.08.02.54.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Jan 2026 02:54:26 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 15/15] imagemagick: patch CVE-2025-65955 Date: Thu, 8 Jan 2026 11:53:17 +0100 Message-ID: <20260108105317.460246-15-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260108105317.460246-1-skandigraun@gmail.com> References: <20260108105317.460246-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 08 Jan 2026 10:54:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123269 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-65955 Pick the patch that is mentioned by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2025-65955.patch | 25 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 26 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-65955.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-65955.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-65955.patch new file mode 100644 index 0000000000..cc88b8ae3b --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-65955.patch @@ -0,0 +1,25 @@ +From c798be8690cd314c115c568ee90136e65c53b90b Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Sun, 23 Nov 2025 09:17:29 +0100 +Subject: [PATCH] Correct incorrect free (GHSA-q3hc-j9x5-mp9m) + +CVE: CVE-2025-65955 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/6f81eb15f822ad86e8255be75efad6f9762c32f8] +Signed-off-by: Gyorgy Sarvari +--- + Magick++/lib/Options.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Magick++/lib/Options.cpp b/Magick++/lib/Options.cpp +index 5d5724c96..eba417cca 100644 +--- a/Magick++/lib/Options.cpp ++++ b/Magick++/lib/Options.cpp +@@ -310,7 +310,7 @@ void Magick::Options::fontFamily(const std::string &family_) + { + if (family_.length() == 0) + { +- _drawInfo->family=(char *) RelinquishMagickMemory(_drawInfo->font); ++ _drawInfo->family=(char *) RelinquishMagickMemory(_drawInfo->family); + DestroyString(RemoveImageOption(imageInfo(),"family")); + } + else diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index ed20b67d69..99632967c2 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -24,6 +24,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-57803.patch \ file://CVE-2025-57807.patch \ file://CVE-2025-62171.patch \ + file://CVE-2025-65955.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"