[Buildroot] [git commit branch/2023.02.x] package/graphicsmagick: security bump to version 1.3.40

Peter Korsgaard peter at korsgaard.com
Fri Jun 16 08:34:44 UTC 2023 

commit: https://git.buildroot.net/buildroot/commit/?id=9da144a812f8744e99fffc7f9771fb39b416b090
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2023.02.x

Fixes the following security issues:

1.3.39:
- oss-fuzz: Several security fixes originating from oss-fuzz testing.
- ALL: Replace strcpy() with strlcpy(), replace strcat() with strlcat(),
  replace sprintf() with snprintf().  Prefer using bounded string functions.
  This change is made for the purpose of increasing safety than to address
  any existing demonstrated concern.

1.3.40:
- DCX: Fixed heap overflow when writing more than 1023 scenes, and also
  eliminated use of uninitialized memory.

Signed-off-by: Grzegorz Blach <grzegorz at blach.pl>
[Peter: mark as security fix, extend commit message]
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
(cherry picked from commit fd3ff0761c741723afc556f5eaf96e1941264eb4)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 package/graphicsmagick/graphicsmagick.hash | 2 +-
 package/graphicsmagick/graphicsmagick.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/graphicsmagick/graphicsmagick.hash b/package/graphicsmagick/graphicsmagick.hash
index 80130da5d6..a894aedf11 100644
--- a/package/graphicsmagick/graphicsmagick.hash
+++ b/package/graphicsmagick/graphicsmagick.hash
@@ -1,3 +1,3 @@
 # Locally computed:
-sha256  d60cd9db59351d2b9cb19beb443170acaa28f073d13d258f67b3627635e32675  GraphicsMagick-1.3.38.tar.xz
+sha256  97dc1a9d4e89c77b25a3b24505e7ff1653b88f9bfe31f189ce10804b8efa7746  GraphicsMagick-1.3.40.tar.xz
 sha256  0a20e661de942ebe115a354d0ec6d1d42b93856ea765f813f350a5ce5024cdb7  Copyright.txt
diff --git a/package/graphicsmagick/graphicsmagick.mk b/package/graphicsmagick/graphicsmagick.mk
index dbaa8ddf70..76b826ceef 100644
--- a/package/graphicsmagick/graphicsmagick.mk
+++ b/package/graphicsmagick/graphicsmagick.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GRAPHICSMAGICK_VERSION = 1.3.38
+GRAPHICSMAGICK_VERSION = 1.3.40
 GRAPHICSMAGICK_SOURCE = GraphicsMagick-$(GRAPHICSMAGICK_VERSION).tar.xz
 GRAPHICSMAGICK_SITE = https://downloads.sourceforge.net/project/graphicsmagick/graphicsmagick/$(GRAPHICSMAGICK_VERSION)
 GRAPHICSMAGICK_LICENSE = MIT

More information about the buildroot mailing list