[Buildroot] [PATCH 1/4] package/graphicsmagick: add CVE-2008-6621 to IGNORE_CVES

[Buildroot] [PATCH 1/4] package/graphicsmagick: add CVE-2008-6621 to IGNORE_CVES

[Thomas Perale via buildroot]

This vulnerability match on every version of graphicsmagick. Since it's
really old it's unlikely it will be updated and is thus added to
IGNORE_CVES. See [1].

[1] https://nvd.nist.gov//vuln/detail/CVE-2008-6621

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
 package/graphicsmagick/graphicsmagick.mk | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/package/graphicsmagick/graphicsmagick.mk b/package/graphicsmagick/graphicsmagick.mk
index 4b9f3bd23c..40107b3aae 100644
--- a/package/graphicsmagick/graphicsmagick.mk
+++ b/package/graphicsmagick/graphicsmagick.mk
@@ -11,6 +11,10 @@ GRAPHICSMAGICK_LICENSE = MIT
 GRAPHICSMAGICK_LICENSE_FILES = Copyright.txt
 GRAPHICSMAGICK_CPE_ID_VENDOR = graphicsmagick
 
+# Wrong NVD annotations
+# Fixed in version 1.2.3
+GRAPHICSMAGICK_IGNORE_CVES += CVE-2008-6621
+
 # 0001-ReadJXLImage-Apply-image-dimension-resource-limits.patch
 GRAPHICSMAGICK_IGNORE_CVES += CVE-2025-27795
 
-- 
2.53.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

[Buildroot] [PATCH 2/4] package/graphicsmagick: add CVE-2007-0770 to IGNORE_CVES

[Thomas Perale via buildroot]

This vulnerability match on every version of graphicsmagick [1].
It was issued because of an incomplete patch for CVE-2006-5456 and has
been since remediated [2].

Since it's really old it's unlikely it will be updated and is thus added
to IGNORE_CVES.

[1] https://nvd.nist.gov//vuln/detail/CVE-2007-0770
[2] https://bugzilla.redhat.com/show_bug.cgi?id=210921#c5

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
 package/graphicsmagick/graphicsmagick.mk | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/package/graphicsmagick/graphicsmagick.mk b/package/graphicsmagick/graphicsmagick.mk
index 40107b3aae..6c2885b7d8 100644
--- a/package/graphicsmagick/graphicsmagick.mk
+++ b/package/graphicsmagick/graphicsmagick.mk
@@ -15,6 +15,11 @@ GRAPHICSMAGICK_CPE_ID_VENDOR = graphicsmagick
 # Fixed in version 1.2.3
 GRAPHICSMAGICK_IGNORE_CVES += CVE-2008-6621
 
+# Wrong NVD annotations englobbing all versions
+# Wrong patch for CVE-2006-5456 later updated
+# https://bugzilla.redhat.com/show_bug.cgi?id=210921#c5
+GRAPHICSMAGICK_IGNORE_CVES += CVE-2007-0770
+
 # 0001-ReadJXLImage-Apply-image-dimension-resource-limits.patch
 GRAPHICSMAGICK_IGNORE_CVES += CVE-2025-27795
 
-- 
2.53.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

[Buildroot] [PATCH 3/4] package/graphicsmagick: add patch for CVE-2025-27796

[Thomas Perale via buildroot]

Fixes the following vulnerability:

- CVE-2025-27796:
    ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette
    buffer allocation, resulting in out-of-bounds access to heap memory in
    ReadBlob.

For more information, see
  - https://www.cve.org/CVERecord?id=CVE-2025-27796
  - https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
 ...er-is-allocated-and-the-current-size.patch | 55 +++++++++++++++++++
 package/graphicsmagick/graphicsmagick.mk      |  3 +
 2 files changed, 58 insertions(+)
 create mode 100644 package/graphicsmagick/0003-Assure-that-palette-buffer-is-allocated-and-the-current-size.patch

diff --git a/package/graphicsmagick/0003-Assure-that-palette-buffer-is-allocated-and-the-current-size.patch b/package/graphicsmagick/0003-Assure-that-palette-buffer-is-allocated-and-the-current-size.patch
new file mode 100644
index 0000000000..8a98034833
--- /dev/null
+++ b/package/graphicsmagick/0003-Assure-that-palette-buffer-is-allocated-and-the-current-size.patch
@@ -0,0 +1,55 @@
+# HG changeset patch
+# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+# Date 1734634653 21600
+#      Thu Dec 19 12:57:33 2024 -0600
+# Node ID 883ebf8cae6dfa5873d975fe3476b1a188ef3f9f
+# Parent  cf7cd5ebabb0ca40204de7539f4fb9ae02121958
+ReadWPGImage(): Assure that palette buffer is allocated and the current size.
+
+CVE: CVE-2025-27796
+Upstream: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f
+[thomas: remove changelog and binary]
+Signed-off-by: Thomas Perale <thomas.perale@mind.be>
+
+diff --git a/coders/wpg.c b/coders/wpg.c
+--- a/coders/wpg.c
++++ b/coders/wpg.c
+@@ -1704,28 +1704,23 @@
+                 ThrowReaderException(CorruptImageError,InvalidColormapIndex,image);
+               }
+ 
+-              if(pPalette!=NULL &&
+-                 PaletteAllocBytes < 4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries))
+-              {
+-                MagickFreeResourceLimitedMemory(pPalette);
+-                PaletteAllocBytes = 0;
+-              }
++              /* Assure that buffer is allocated and the current size */
++              if (PaletteAllocBytes != Max(4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries),4*256))
++                {
++                  PaletteAllocBytes = Max(4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries),4*256);
++                  MagickReallocateResourceLimitedMemory(unsigned char *,pPalette,PaletteAllocBytes);
++                }
+               if(pPalette==NULL)
+-              {
+-                PaletteItems = WPG_Palette.NumOfEntries;
+-                PaletteAllocBytes = 4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries);
+-                if(PaletteAllocBytes < 4*256) PaletteAllocBytes = 4*256;
+-                pPalette = MagickAllocateResourceLimitedMemory(unsigned char *,(size_t)PaletteAllocBytes);
+-                if(pPalette==NULL)
+-                    ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);
+-                for(i=0; i<=255; i++)
++                ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);
++
++              PaletteItems = WPG_Palette.NumOfEntries;
++              for(i=0; i<=255; i++)
+                 {
+                   pPalette[4*i] = WPG1_Palette[i].Red;
+                   pPalette[4*i+1] = WPG1_Palette[i].Green;
+                   pPalette[4*i+2] = WPG1_Palette[i].Blue;
+                   pPalette[4*i+3] = OpaqueOpacity;
+                 }
+-              }
+               if(ReadBlob(image,(size_t) PaletteItems*4,pPalette+((size_t)4*WPG_Palette.StartIndex)) != (size_t) PaletteItems*4)
+               {
+                 MagickFreeResourceLimitedMemory(pPalette);
diff --git a/package/graphicsmagick/graphicsmagick.mk b/package/graphicsmagick/graphicsmagick.mk
index 6c2885b7d8..e329e51b70 100644
--- a/package/graphicsmagick/graphicsmagick.mk
+++ b/package/graphicsmagick/graphicsmagick.mk
@@ -26,6 +26,9 @@ GRAPHICSMAGICK_IGNORE_CVES += CVE-2025-27795
 # 0002-ReadJXLImage-pixel_format-num_channels-needs-to-be.patch
 GRAPHICSMAGICK_IGNORE_CVES += CVE-2025-32460
 
+# 0003-Assure-that-palette-buffer-is-allocated-and-the-current-size.patch
+GRAPHICSMAGICK_IGNORE_CVES += CVE-2025-27796
+
 GRAPHICSMAGICK_INSTALL_STAGING = YES
 GRAPHICSMAGICK_CONFIG_SCRIPTS = GraphicsMagick-config GraphicsMagickWand-config
 
-- 
2.53.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

[Buildroot] [PATCH 4/4] package/graphicsmagick: bump to v1.3.46

[Thomas Perale via buildroot]

For more information, see the release note:

- http://www.graphicsmagick.org/NEWS.html#october-29-2025
- https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/compare/GraphicsMagick-1_3_45...GraphicsMagick-1_3_46

This release include now upstream fixes for CVE-2025-27795,
CVE-2025-32460, CVE-2025-27796.

Copyright year updated in [1].

[1] https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/13454c83b42327a29796b2bf418e4f90f5fc9292

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
 ...pply-image-dimension-resource-limits.patch | 33 ----------
 ...ixel_format-num_channels-needs-to-be.patch | 61 -------------------
 ...er-is-allocated-and-the-current-size.patch | 55 -----------------
 package/graphicsmagick/graphicsmagick.hash    |  4 +-
 package/graphicsmagick/graphicsmagick.mk      | 11 +---
 5 files changed, 3 insertions(+), 161 deletions(-)
 delete mode 100644 package/graphicsmagick/0001-ReadJXLImage-Apply-image-dimension-resource-limits.patch
 delete mode 100644 package/graphicsmagick/0002-ReadJXLImage-pixel_format-num_channels-needs-to-be.patch
 delete mode 100644 package/graphicsmagick/0003-Assure-that-palette-buffer-is-allocated-and-the-current-size.patch

diff --git a/package/graphicsmagick/0001-ReadJXLImage-Apply-image-dimension-resource-limits.patch b/package/graphicsmagick/0001-ReadJXLImage-Apply-image-dimension-resource-limits.patch
deleted file mode 100644
index 56122e466e..0000000000
--- a/package/graphicsmagick/0001-ReadJXLImage-Apply-image-dimension-resource-limits.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-# HG changeset patch
-# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
-# Date 1725886903 18000
-#      Mon Sep 09 08:01:43 2024 -0500
-# Node ID 9bbae7314e3c3b19b830591010ed90bb136b9c42
-# Parent  db3ff8d00c28c38895e1600a28706ce251dac570
-ReadJXLImage(): Apply image dimension resource limits. Addresses oss-fuzz Issue 69728
-
-CVE: CVE-2025-27795
-Upstream: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-[Peter: drop ChangeLog/version changes]
-diff --git a/coders/jxl.c b/coders/jxl.c
---- a/coders/jxl.c
-+++ b/coders/jxl.c
-@@ -571,6 +571,7 @@
-                                       basic_info.alpha_bits, basic_info.num_color_channels,
-                                       basic_info.have_animation == JXL_FALSE ? "False" : "True");
-               }
-+
-             if (basic_info.num_extra_channels)
-               {
-                 size_t index;
-@@ -637,6 +638,9 @@
- 
-             image->orientation=convert_orientation(basic_info.orientation);
- 
-+            if (CheckImagePixelLimits(image, exception) != MagickPass)
-+              ThrowJXLReaderException(ResourceLimitError,ImagePixelLimitExceeded,image);
-+
-             pixel_format.endianness=JXL_NATIVE_ENDIAN;
-             pixel_format.align=0;
-             if (basic_info.num_color_channels == 1)
diff --git a/package/graphicsmagick/0002-ReadJXLImage-pixel_format-num_channels-needs-to-be.patch b/package/graphicsmagick/0002-ReadJXLImage-pixel_format-num_channels-needs-to-be.patch
deleted file mode 100644
index 004594523c..0000000000
--- a/package/graphicsmagick/0002-ReadJXLImage-pixel_format-num_channels-needs-to-be.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-# HG changeset patch
-# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
-# Date 1743004970 18000
-#      Wed Mar 26 11:02:50 2025 -0500
-# Node ID 8e56520435df50f618a03f2721a39a70a515f1cb
-# Parent  036a1376a2a6dc9504c5148249cbd8feaef72de6
-ReadJXLImage(): pixel_format.num_channels needs to be 2 for grayscale matte.
-
-CVE: CVE-2025-32460
-Upstream: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-[Peter: drop ChangeLog/version changes]
-
-diff --git a/coders/jxl.c b/coders/jxl.c
---- a/coders/jxl.c
-+++ b/coders/jxl.c
-@@ -658,7 +658,7 @@
-                       ThrowJXLReaderException(ResourceLimitError,MemoryAllocationFailed,image);
-                   }
-                 grayscale=MagickTrue;
--                pixel_format.num_channels=1;
-+                pixel_format.num_channels=image->matte ? 2 : 1;
-                 pixel_format.data_type=(basic_info.bits_per_sample <= 8 ? JXL_TYPE_UINT8 :
-                                         (basic_info.bits_per_sample <= 16 ? JXL_TYPE_UINT16 :
-                                          JXL_TYPE_FLOAT));
-@@ -843,6 +843,24 @@
-             size_t
-               out_len;
- 
-+            if (image->logging)
-+              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                                    "JxlPixelFormat:\n"
-+                                    "    num_channels: %u\n"
-+                                    "    data_type: %s\n"
-+                                    "    endianness: %s\n"
-+                                    "    align: %" MAGICK_SIZE_T_F "u",
-+                                    pixel_format.num_channels,
-+                                    pixel_format.data_type == JXL_TYPE_FLOAT ? "float" :
-+                                    (pixel_format.data_type == JXL_TYPE_UINT8 ? "uint8" :
-+                                     (pixel_format.data_type == JXL_TYPE_UINT16 ? "uint16" :
-+                                      (pixel_format.data_type == JXL_TYPE_FLOAT16 ? "float16" :
-+                                       "unknown"))) ,
-+                                    pixel_format.endianness == JXL_NATIVE_ENDIAN ? "native" :
-+                                    (pixel_format.endianness == JXL_LITTLE_ENDIAN ? "little" :
-+                                     (pixel_format.endianness == JXL_BIG_ENDIAN ? "big" : "unknown")),
-+                                    pixel_format.align);
-+
-             status=JxlDecoderImageOutBufferSize(jxl_decoder,&pixel_format,&out_len);
-             if (status != JXL_DEC_SUCCESS)
-               {
-@@ -852,6 +870,10 @@
-                 break;
-               }
- 
-+            if (image->logging)
-+              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                                    "JxlDecoderImageOutBufferSize() returns %" MAGICK_SIZE_T_F "u",
-+                                    (MAGICK_SIZE_T) out_len);
-             out_buf=MagickAllocateResourceLimitedArray(unsigned char *,out_len,sizeof(*out_buf));
-             if (out_buf == (unsigned char *) NULL)
-               ThrowJXLReaderException(ResourceLimitError,MemoryAllocationFailed,image);
diff --git a/package/graphicsmagick/0003-Assure-that-palette-buffer-is-allocated-and-the-current-size.patch b/package/graphicsmagick/0003-Assure-that-palette-buffer-is-allocated-and-the-current-size.patch
deleted file mode 100644
index 8a98034833..0000000000
--- a/package/graphicsmagick/0003-Assure-that-palette-buffer-is-allocated-and-the-current-size.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-# HG changeset patch
-# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
-# Date 1734634653 21600
-#      Thu Dec 19 12:57:33 2024 -0600
-# Node ID 883ebf8cae6dfa5873d975fe3476b1a188ef3f9f
-# Parent  cf7cd5ebabb0ca40204de7539f4fb9ae02121958
-ReadWPGImage(): Assure that palette buffer is allocated and the current size.
-
-CVE: CVE-2025-27796
-Upstream: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f
-[thomas: remove changelog and binary]
-Signed-off-by: Thomas Perale <thomas.perale@mind.be>
-
-diff --git a/coders/wpg.c b/coders/wpg.c
---- a/coders/wpg.c
-+++ b/coders/wpg.c
-@@ -1704,28 +1704,23 @@
-                 ThrowReaderException(CorruptImageError,InvalidColormapIndex,image);
-               }
- 
--              if(pPalette!=NULL &&
--                 PaletteAllocBytes < 4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries))
--              {
--                MagickFreeResourceLimitedMemory(pPalette);
--                PaletteAllocBytes = 0;
--              }
-+              /* Assure that buffer is allocated and the current size */
-+              if (PaletteAllocBytes != Max(4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries),4*256))
-+                {
-+                  PaletteAllocBytes = Max(4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries),4*256);
-+                  MagickReallocateResourceLimitedMemory(unsigned char *,pPalette,PaletteAllocBytes);
-+                }
-               if(pPalette==NULL)
--              {
--                PaletteItems = WPG_Palette.NumOfEntries;
--                PaletteAllocBytes = 4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries);
--                if(PaletteAllocBytes < 4*256) PaletteAllocBytes = 4*256;
--                pPalette = MagickAllocateResourceLimitedMemory(unsigned char *,(size_t)PaletteAllocBytes);
--                if(pPalette==NULL)
--                    ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);
--                for(i=0; i<=255; i++)
-+                ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);
-+
-+              PaletteItems = WPG_Palette.NumOfEntries;
-+              for(i=0; i<=255; i++)
-                 {
-                   pPalette[4*i] = WPG1_Palette[i].Red;
-                   pPalette[4*i+1] = WPG1_Palette[i].Green;
-                   pPalette[4*i+2] = WPG1_Palette[i].Blue;
-                   pPalette[4*i+3] = OpaqueOpacity;
-                 }
--              }
-               if(ReadBlob(image,(size_t) PaletteItems*4,pPalette+((size_t)4*WPG_Palette.StartIndex)) != (size_t) PaletteItems*4)
-               {
-                 MagickFreeResourceLimitedMemory(pPalette);
diff --git a/package/graphicsmagick/graphicsmagick.hash b/package/graphicsmagick/graphicsmagick.hash
index 044214c8fc..0a2e926c3f 100644
--- a/package/graphicsmagick/graphicsmagick.hash
+++ b/package/graphicsmagick/graphicsmagick.hash
@@ -1,3 +1,3 @@
 # Locally computed:
-sha256  dcea5167414f7c805557de2d7a47a9b3147bcbf617b91f5f0f4afe5e6543026b  GraphicsMagick-1.3.45.tar.xz
-sha256  27d121f97ad71ff506ac5a6a9539e969154f3a66f3da24fd5b6f268acd106295  Copyright.txt
+sha256  c7c706a505e9c6c3764156bb94a0c9644d79131785df15a89c9f8721d1abd061  GraphicsMagick-1.3.46.tar.xz
+sha256  a610fd86484bf7c80b53f84f9644995c25c74f1dd711f16d2608bbe81176d18b  Copyright.txt
diff --git a/package/graphicsmagick/graphicsmagick.mk b/package/graphicsmagick/graphicsmagick.mk
index e329e51b70..0b7875b5cc 100644
--- a/package/graphicsmagick/graphicsmagick.mk
+++ b/package/graphicsmagick/graphicsmagick.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GRAPHICSMAGICK_VERSION = 1.3.45
+GRAPHICSMAGICK_VERSION = 1.3.46
 GRAPHICSMAGICK_SOURCE = GraphicsMagick-$(GRAPHICSMAGICK_VERSION).tar.xz
 GRAPHICSMAGICK_SITE = https://downloads.sourceforge.net/project/graphicsmagick/graphicsmagick/$(GRAPHICSMAGICK_VERSION)
 GRAPHICSMAGICK_LICENSE = MIT
@@ -20,15 +20,6 @@ GRAPHICSMAGICK_IGNORE_CVES += CVE-2008-6621
 # https://bugzilla.redhat.com/show_bug.cgi?id=210921#c5
 GRAPHICSMAGICK_IGNORE_CVES += CVE-2007-0770
 
-# 0001-ReadJXLImage-Apply-image-dimension-resource-limits.patch
-GRAPHICSMAGICK_IGNORE_CVES += CVE-2025-27795
-
-# 0002-ReadJXLImage-pixel_format-num_channels-needs-to-be.patch
-GRAPHICSMAGICK_IGNORE_CVES += CVE-2025-32460
-
-# 0003-Assure-that-palette-buffer-is-allocated-and-the-current-size.patch
-GRAPHICSMAGICK_IGNORE_CVES += CVE-2025-27796
-
 GRAPHICSMAGICK_INSTALL_STAGING = YES
 GRAPHICSMAGICK_CONFIG_SCRIPTS = GraphicsMagick-config GraphicsMagickWand-config
 
-- 
2.53.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/4] package/graphicsmagick: add CVE-2008-6621 to IGNORE_CVES

[Julien Olivain via buildroot]

On 03/03/2026 09:13, Thomas Perale via buildroot wrote:
> This vulnerability match on every version of graphicsmagick. Since it's
> really old it's unlikely it will be updated and is thus added to
> IGNORE_CVES. See [1].
> 
> [1] https://nvd.nist.gov//vuln/detail/CVE-2008-6621
> 
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>

I applied patches 1 to 3 of this series to master, thanks.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 4/4] package/graphicsmagick: bump to v1.3.46

[Julien Olivain via buildroot]

On 03/03/2026 09:13, Thomas Perale via buildroot wrote:
> For more information, see the release note:
> 
> - http://www.graphicsmagick.org/NEWS.html#october-29-2025
> - 
> https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/compare/GraphicsMagick-1_3_45...GraphicsMagick-1_3_46
> 
> This release include now upstream fixes for CVE-2025-27795,
> CVE-2025-32460, CVE-2025-27796.
> 
> Copyright year updated in [1].
> 
> [1] 
> https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/13454c83b42327a29796b2bf418e4f90f5fc9292
> 
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>

Since we are already in the 2026.02-rc3 release cycle, I would prefer to 
apply
this patch a bit later, after 2026.02 is release (hopefully, very soon).

Best regards,

Julien.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 4/4] package/graphicsmagick: bump to v1.3.46

[Julien Olivain via buildroot]

Hi,

On 03/03/2026 18:38, Julien Olivain via buildroot wrote:
> On 03/03/2026 09:13, Thomas Perale via buildroot wrote:
>> For more information, see the release note:
>> 
>> - http://www.graphicsmagick.org/NEWS.html#october-29-2025
>> - 
>> https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/compare/GraphicsMagick-1_3_45...GraphicsMagick-1_3_46
>> 
>> This release include now upstream fixes for CVE-2025-27795,
>> CVE-2025-32460, CVE-2025-27796.
>> 
>> Copyright year updated in [1].
>> 
>> [1] 
>> https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/13454c83b42327a29796b2bf418e4f90f5fc9292
>> 
>> Signed-off-by: Thomas Perale <thomas.perale@mind.be>
> 
> Since we are already in the 2026.02-rc3 release cycle, I would prefer 
> to apply
> this patch a bit later, after 2026.02 is release (hopefully, very 
> soon).

Now 2026.02 was released, I applied this patch on master, thanks.

> Best regards,
> 
> Julien.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 2/4] package/graphicsmagick: add CVE-2007-0770 to IGNORE_CVES

[Thomas Perale via buildroot]

In reply of:
> This vulnerability match on every version of graphicsmagick [1].
> It was issued because of an incomplete patch for CVE-2006-5456 and has
> been since remediated [2].
> 
> Since it's really old it's unlikely it will be updated and is thus added
> to IGNORE_CVES.
> 
> [1] https://nvd.nist.gov//vuln/detail/CVE-2007-0770
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=210921#c5
> 
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>

Applied to 2025.02.x & 2025.11.x. Thanks

> ---
>  package/graphicsmagick/graphicsmagick.mk | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/package/graphicsmagick/graphicsmagick.mk b/package/graphicsmagick/graphicsmagick.mk
> index 40107b3aae..6c2885b7d8 100644
> --- a/package/graphicsmagick/graphicsmagick.mk
> +++ b/package/graphicsmagick/graphicsmagick.mk
> @@ -15,6 +15,11 @@ GRAPHICSMAGICK_CPE_ID_VENDOR = graphicsmagick
>  # Fixed in version 1.2.3
>  GRAPHICSMAGICK_IGNORE_CVES += CVE-2008-6621
>  
> +# Wrong NVD annotations englobbing all versions
> +# Wrong patch for CVE-2006-5456 later updated
> +# https://bugzilla.redhat.com/show_bug.cgi?id=210921#c5
> +GRAPHICSMAGICK_IGNORE_CVES += CVE-2007-0770
> +
>  # 0001-ReadJXLImage-Apply-image-dimension-resource-limits.patch
>  GRAPHICSMAGICK_IGNORE_CVES += CVE-2025-27795
>  
> -- 
> 2.53.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/4] package/graphicsmagick: add CVE-2008-6621 to IGNORE_CVES

[Thomas Perale via buildroot]

In reply of:
> This vulnerability match on every version of graphicsmagick. Since it's
> really old it's unlikely it will be updated and is thus added to
> IGNORE_CVES. See [1].
> 
> [1] https://nvd.nist.gov//vuln/detail/CVE-2008-6621
> 
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>

Applied to 2025.02.x & 2025.11.x. Thanks

> ---
>  package/graphicsmagick/graphicsmagick.mk | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/package/graphicsmagick/graphicsmagick.mk b/package/graphicsmagick/graphicsmagick.mk
> index 4b9f3bd23c..40107b3aae 100644
> --- a/package/graphicsmagick/graphicsmagick.mk
> +++ b/package/graphicsmagick/graphicsmagick.mk
> @@ -11,6 +11,10 @@ GRAPHICSMAGICK_LICENSE = MIT
>  GRAPHICSMAGICK_LICENSE_FILES = Copyright.txt
>  GRAPHICSMAGICK_CPE_ID_VENDOR = graphicsmagick
>  
> +# Wrong NVD annotations
> +# Fixed in version 1.2.3
> +GRAPHICSMAGICK_IGNORE_CVES += CVE-2008-6621
> +
>  # 0001-ReadJXLImage-Apply-image-dimension-resource-limits.patch
>  GRAPHICSMAGICK_IGNORE_CVES += CVE-2025-27795
>  
> -- 
> 2.53.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 3/4] package/graphicsmagick: add patch for CVE-2025-27796

[Thomas Perale via buildroot]

In reply of:
> Fixes the following vulnerability:
> 
> - CVE-2025-27796:
>     ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette
>     buffer allocation, resulting in out-of-bounds access to heap memory in
>     ReadBlob.
> 
> For more information, see
>   - https://www.cve.org/CVERecord?id=CVE-2025-27796
>   - https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3
> 
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>

Applied to 2025.02.x & 2025.11.x. Thanks

> ---
>  ...er-is-allocated-and-the-current-size.patch | 55 +++++++++++++++++++
>  package/graphicsmagick/graphicsmagick.mk      |  3 +
>  2 files changed, 58 insertions(+)
>  create mode 100644 package/graphicsmagick/0003-Assure-that-palette-buffer-is-allocated-and-the-current-size.patch
> 
> diff --git a/package/graphicsmagick/0003-Assure-that-palette-buffer-is-allocated-and-the-current-size.patch b/package/graphicsmagick/0003-Assure-that-palette-buffer-is-allocated-and-the-current-size.patch
> new file mode 100644
> index 0000000000..8a98034833
> --- /dev/null
> +++ b/package/graphicsmagick/0003-Assure-that-palette-buffer-is-allocated-and-the-current-size.patch
> @@ -0,0 +1,55 @@
> +# HG changeset patch
> +# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
> +# Date 1734634653 21600
> +#      Thu Dec 19 12:57:33 2024 -0600
> +# Node ID 883ebf8cae6dfa5873d975fe3476b1a188ef3f9f
> +# Parent  cf7cd5ebabb0ca40204de7539f4fb9ae02121958
> +ReadWPGImage(): Assure that palette buffer is allocated and the current size.
> +
> +CVE: CVE-2025-27796
> +Upstream: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f
> +[thomas: remove changelog and binary]
> +Signed-off-by: Thomas Perale <thomas.perale@mind.be>
> +
> +diff --git a/coders/wpg.c b/coders/wpg.c
> +--- a/coders/wpg.c
> ++++ b/coders/wpg.c
> +@@ -1704,28 +1704,23 @@
> +                 ThrowReaderException(CorruptImageError,InvalidColormapIndex,image);
> +               }
> + 
> +-              if(pPalette!=NULL &&
> +-                 PaletteAllocBytes < 4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries))
> +-              {
> +-                MagickFreeResourceLimitedMemory(pPalette);
> +-                PaletteAllocBytes = 0;
> +-              }
> ++              /* Assure that buffer is allocated and the current size */
> ++              if (PaletteAllocBytes != Max(4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries),4*256))
> ++                {
> ++                  PaletteAllocBytes = Max(4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries),4*256);
> ++                  MagickReallocateResourceLimitedMemory(unsigned char *,pPalette,PaletteAllocBytes);
> ++                }
> +               if(pPalette==NULL)
> +-              {
> +-                PaletteItems = WPG_Palette.NumOfEntries;
> +-                PaletteAllocBytes = 4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries);
> +-                if(PaletteAllocBytes < 4*256) PaletteAllocBytes = 4*256;
> +-                pPalette = MagickAllocateResourceLimitedMemory(unsigned char *,(size_t)PaletteAllocBytes);
> +-                if(pPalette==NULL)
> +-                    ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);
> +-                for(i=0; i<=255; i++)
> ++                ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);
> ++
> ++              PaletteItems = WPG_Palette.NumOfEntries;
> ++              for(i=0; i<=255; i++)
> +                 {
> +                   pPalette[4*i] = WPG1_Palette[i].Red;
> +                   pPalette[4*i+1] = WPG1_Palette[i].Green;
> +                   pPalette[4*i+2] = WPG1_Palette[i].Blue;
> +                   pPalette[4*i+3] = OpaqueOpacity;
> +                 }
> +-              }
> +               if(ReadBlob(image,(size_t) PaletteItems*4,pPalette+((size_t)4*WPG_Palette.StartIndex)) != (size_t) PaletteItems*4)
> +               {
> +                 MagickFreeResourceLimitedMemory(pPalette);
> diff --git a/package/graphicsmagick/graphicsmagick.mk b/package/graphicsmagick/graphicsmagick.mk
> index 6c2885b7d8..e329e51b70 100644
> --- a/package/graphicsmagick/graphicsmagick.mk
> +++ b/package/graphicsmagick/graphicsmagick.mk
> @@ -26,6 +26,9 @@ GRAPHICSMAGICK_IGNORE_CVES += CVE-2025-27795
>  # 0002-ReadJXLImage-pixel_format-num_channels-needs-to-be.patch
>  GRAPHICSMAGICK_IGNORE_CVES += CVE-2025-32460
>  
> +# 0003-Assure-that-palette-buffer-is-allocated-and-the-current-size.patch
> +GRAPHICSMAGICK_IGNORE_CVES += CVE-2025-27796
> +
>  GRAPHICSMAGICK_INSTALL_STAGING = YES
>  GRAPHICSMAGICK_CONFIG_SCRIPTS = GraphicsMagick-config GraphicsMagickWand-config
>  
> -- 
> 2.53.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot