There is a fuzz in this patch, when I apply it on top of the first patch in this series. Could you please rebase it?
Applying patch 0002-ImageMagick-Fix-CVE-2025-53101.patch patching file MagickCore/image.c Hunk #1 succeeded at 1652 (offset 2 lines). Hunk #2 succeeded at 1665 with fuzz 1 (offset 2 lines). On 11/20/25 09:49, Divyanshu Rathore via lists.openembedded.org wrote: > From: Divyanshu Rathore <[email protected]> > > Backport the fix for CVE-2025-53101 > > Add below patch to fix > 0002-ImageMagick-Fix-CVE-2025-53101.patch > > Signed-off-by: Divyanshu Rathore <[email protected]> > --- > .../0002-ImageMagick-Fix-CVE-2025-53101.patch | 60 +++++++++++++++++++ > .../imagemagick/imagemagick_7.0.10.bb | 1 + > 2 files changed, 61 insertions(+) > create mode 100644 > meta-oe/recipes-support/imagemagick/files/0002-ImageMagick-Fix-CVE-2025-53101.patch > > diff --git > a/meta-oe/recipes-support/imagemagick/files/0002-ImageMagick-Fix-CVE-2025-53101.patch > > b/meta-oe/recipes-support/imagemagick/files/0002-ImageMagick-Fix-CVE-2025-53101.patch > new file mode 100644 > index 0000000000..3b31886ae1 > --- /dev/null > +++ > b/meta-oe/recipes-support/imagemagick/files/0002-ImageMagick-Fix-CVE-2025-53101.patch > @@ -0,0 +1,60 @@ > +From cb29701ae86c2a5b46bdf705bf0df7db152eda68 Mon Sep 17 00:00:00 2001 > +From: Divyanshu Rathore <[email protected]> > +Date: Wed, 5 Nov 2025 12:54:53 +0530 > +Subject: [PATCH 6/8] ImageMagick: Fix CVE-2025-53101 > + > +CVE: CVE-2025-53101 > +Upstream-Status: Backport > [https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774] > +Reference: > https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9 > + > +Comment: Refreshed hunk to match latest kirkstone > + > +Signed-off-by: Divyanshu Rathore <[email protected]> > +--- > + MagickCore/image.c | 13 +++++++------ > + 1 file changed, 7 insertions(+), 6 deletions(-) > + > +diff --git a/MagickCore/image.c b/MagickCore/image.c > +index 34804e522..bf9d53325 100644 > +--- a/MagickCore/image.c > ++++ b/MagickCore/image.c > +@@ -1650,7 +1650,6 @@ MagickExport size_t InterpretImageFilename(const > ImageInfo *image_info, > + *p; > + > + ssize_t > +- field_width, > + offset; > + > + canonical=MagickFalse; > +@@ -1664,21 +1663,23 @@ MagickExport size_t InterpretImageFilename(const > ImageInfo *image_info, > + p=q+1; > + continue; > + } > +- field_width=0; > +- if (*q == '0') > +- field_width=(ssize_t) strtol(q,&q,10); > + switch (*q) > + { > + case 'd': > + case 'o': > + case 'x': > + { > ++ ssize_t > ++ count; > ++ > + q++; > + c=(*q); > + *q='\0'; > +- (void) FormatLocaleString(filename+(p-format-offset),(size_t) > ++ count=FormatLocaleString(filename+(p-format-offset),(size_t) > + (MagickPathExtent-(p-format-offset)),p,value); > +- offset+=(4-field_width); > ++ if ((count <= 0) || (count > (MagickPathExtent-(p-format-offset)))) > ++ return(0); > ++ offset+=(ssize_t) ((q-p)-count); > + *q=c; > + (void) ConcatenateMagickString(filename,q,MagickPathExtent); > + canonical=MagickTrue; > +-- > +2.34.1 > + > diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb > b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb > index e0d584f165..9744e1e919 100644 > --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb > +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb > @@ -24,6 +24,7 @@ SRC_URI = > "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt > file://CVE-2023-34474.patch \ > file://CVE-2023-5341.patch \ > file://0001-ImageMagick-Fix-CVE-2025-53014.patch \ > + file://0002-ImageMagick-Fix-CVE-2025-53101.patch \ > " > > SRCREV = "35b4991eb0939a327f3489988c366e21068b0178" > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#121971): https://lists.openembedded.org/g/openembedded-devel/message/121971 Mute This Topic: https://lists.openembedded.org/mt/116392325/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
