Bug#1034645: marked as done (unblock: graphicsmagick/1.4+really1.3.40-4)

To: Sebastian Ramacher <sramacher@respighi.debian.org>
Subject: Bug#1034645: marked as done (unblock: graphicsmagick/1.4+really1.3.40-4)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Fri, 21 Apr 2023 19:09:05 +0000
Message-id: <[🔎] handler.1034645.D1034645.16821039683840966.ackdone@bugs.debian.org>
Reply-to: 1034645@bugs.debian.org
References: <E1ppw56-008Bvo-RY@respighi.debian.org> <[🔎] CAKjSHr2-NrhQiPD_RGtkrD=8PipvxfU8PhP5q1MytdDaRixVMA@mail.gmail.com>

Your message dated Fri, 21 Apr 2023 19:06:04 +0000
with message-id <E1ppw56-008Bvo-RY@respighi.debian.org>
and subject line unblock graphicsmagick
has caused the Debian Bug report #1034645,
regarding unblock: graphicsmagick/1.4+really1.3.40-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1034645: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034645
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: graphicsmagick/1.4+really1.3.40-4
From: László Böszörményi (GCS) <gcs@debian.org>
Date: Thu, 20 Apr 2023 20:39:39 +0200
Message-id: <[🔎] CAKjSHr2-NrhQiPD_RGtkrD=8PipvxfU8PhP5q1MytdDaRixVMA@mail.gmail.com>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Control: affects -1 + src:graphicsmagick

Hi RMs,

Two security fixes were added to graphicsmagick and I would like to
get those to Bookworm.

[ Reason ]
It was found that the MIFF reader was somehow able to provide
attribute data in a way which resulted in a heap overflow. There is
also a memory leak fix.

[ Impact ]
The heap overflow was detected by ASAN, meaning it might be
exploitable. The memory leak is in the handling of the
EXIF:Orientation key, common in images.

[ Tests ]
Upstream test suite.

[ Risks ]
Minimal but if there would be any issue upstream is quick to address them.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock graphicsmagick/1.4+really1.3.40-4

Thanks for considering,
Laszlo/GCS

diff -Nru graphicsmagick-1.4+really1.3.40/debian/changelog graphicsmagick-1.4+really1.3.40/debian/changelog
--- graphicsmagick-1.4+really1.3.40/debian/changelog	2023-01-19 19:44:45.000000000 +0100
+++ graphicsmagick-1.4+really1.3.40/debian/changelog	2023-04-17 19:17:10.000000000 +0200
@@ -1,3 +1,19 @@
+graphicsmagick (1.4+really1.3.40-4) unstable; urgency=medium
+
+  * Remove development ifdef from memory leak fix.
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Mon, 17 Apr 2023 19:17:10 +0200
+
+graphicsmagick (1.4+really1.3.40-3) unstable; urgency=high
+
+  * Backport security fixes:
+    - MIFF reader able to provide attribute data in way which results in
+      a heap overflow,
+    - SetImageAttribute(): eliminate memory leak when handling attribute
+      with key "EXIF:Orientation".
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sun, 16 Apr 2023 14:21:32 +0200
+
 graphicsmagick (1.4+really1.3.40-2) unstable; urgency=medium
 
   * Don't force tiff dependency, let shlibs handle it (closes: #1029212).
diff -Nru graphicsmagick-1.4+really1.3.40/debian/patches/eliminate_memory_leak_when_handling_EXIFOrientation.patch graphicsmagick-1.4+really1.3.40/debian/patches/eliminate_memory_leak_when_handling_EXIFOrientation.patch
--- graphicsmagick-1.4+really1.3.40/debian/patches/eliminate_memory_leak_when_handling_EXIFOrientation.patch	1970-01-01 01:00:00.000000000 +0100
+++ graphicsmagick-1.4+really1.3.40/debian/patches/eliminate_memory_leak_when_handling_EXIFOrientation.patch	2023-04-17 19:17:10.000000000 +0200
@@ -0,0 +1,115 @@
+
+# HG changeset patch
+# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+# Date 1681598921 18000
+# Node ID 3ce01217413bb5b476460bbc8ab11020205eeda0
+# Parent  8bec800dbaef2d72da0e7e997ad45bece0e95893
+SetImageAttribute(): Eliminate memory leak when handling attribute with key "EXIF:Orientation"
+
+diff -r 8bec800dbaef -r 3ce01217413b ChangeLog
+--- a/ChangeLog	Sat Apr 08 18:31:31 2023 -0500
++++ b/ChangeLog	Sat Apr 15 17:48:41 2023 -0500
+@@ -1,3 +1,9 @@
++2023-04-15  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
++
++	* magick/attribute.c (SetImageAttribute): Eliminate memory leak
++	when handling attribute with key "EXIF:Orientation".  (SourceForge
++	issue #707 "memory leaks in gm").
++
+ 2023-04-08  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
+ 
+ 	* coders/mpc.c (ReadMPCImage): If an attribute appears multiple
+diff -r 8bec800dbaef -r 3ce01217413b coders/miff.c
+--- a/coders/miff.c	Sat Apr 08 18:31:31 2023 -0500
++++ b/coders/miff.c	Sat Apr 15 17:48:41 2023 -0500
+@@ -761,6 +761,8 @@ SetNewImageAttribute(Image *image,const
+   MagickPassFail
+     status;
+ 
++  status = SetImageAttribute(image,key,value);
++
+   if (GetImageAttribute(image,key) == (const ImageAttribute *) NULL)
+     status = SetImageAttribute(image,key,value);
+   else
+diff -r 8bec800dbaef -r 3ce01217413b magick/attribute.c
+--- a/magick/attribute.c	Sat Apr 08 18:31:31 2023 -0500
++++ b/magick/attribute.c	Sat Apr 15 17:48:41 2023 -0500
+@@ -3178,9 +3178,6 @@
+   register ImageAttribute
+     *p;
+ 
+-  int
+-    orientation;
+-
+   /*
+     Initialize new attribute.
+   */
+@@ -3271,6 +3268,9 @@
+ 
+           if (LocaleCompare(attribute->key,"EXIF:Orientation") == 0)
+             {
++              int
++                orientation = 0;
++
+               /*
+                 Special handling for EXIF orientation tag.
+                 If new value differs from existing value,
+@@ -3278,17 +3278,19 @@
+                 is valid. Don't append new value to existing value,
+                 replace it instead.
+               */
+-              orientation = MagickAtoI(value);
+-              if (orientation > 0 || orientation <= (int)LeftBottomOrientation)
+-                SetEXIFOrientation(image, orientation);
+-
+-              /* Replace current attribute with new one */
+-              attribute->next = p->next;
+-              if (p->previous == (ImageAttribute *) NULL)
+-                image->attributes=attribute;
+-              else
+-                p->previous->next = attribute;
+-              DestroyImageAttribute(p);
++              if ((MagickAtoIChk(value, &orientation) == MagickPass) &&
++                  (orientation > 0 || orientation <= (int)LeftBottomOrientation))
++                {
++                  SetEXIFOrientation(image, orientation);
++                }
++              /* Assign changed value to attribute in list */
++              if (LocaleCompare(p->value, attribute->value) != 0)
++                {
++                  MagickFreeMemory(p->value);
++                  p->value=attribute->value;
++                  attribute->value = (char *) NULL;
++                }
++              DestroyImageAttribute(attribute);
+               return(MagickPass);
+             }
+           else
+@@ -3296,6 +3298,9 @@
+               /*
+                 Extend existing text string.  This functionality is deprecated!
+               */
++              fprintf(stderr,
++                      "SetImageAttribute: Extending attribute value text is deprecated! (key=\"%s\")\n",
++                      attribute->key);
+               min_l=p->length+attribute->length+1;
+               for (realloc_l=2; realloc_l <= min_l; realloc_l *= 2)
+                     { /* nada */};
+diff -r 8bec800dbaef -r 3ce01217413b www/Changelog.html
+--- a/www/Changelog.html	Sat Apr 08 18:31:31 2023 -0500
++++ b/www/Changelog.html	Sat Apr 15 17:48:41 2023 -0500
+@@ -37,6 +37,14 @@
+ </div>
+ 
+ <div class="document">
++<p>2023-04-15  Bob Friesenhahn  &lt;<a class="reference external" href="mailto:bfriesen&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us";>bfriesen<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
++<blockquote>
++<ul class="simple">
++<li><p>magick/attribute.c (SetImageAttribute): Eliminate memory leak
++when handling attribute with key &quot;EXIF:Orientation&quot;.  (SourceForge
++issue #707 &quot;memory leaks in gm&quot;).</p></li>
++</ul>
++</blockquote>
+ <p>2023-04-08  Bob Friesenhahn  &lt;<a class="reference external" href="mailto:bfriesen&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us";>bfriesen<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
+ <blockquote>
+ <ul class="simple">
diff -Nru graphicsmagick-1.4+really1.3.40/debian/patches/fix_bounds_issue_when_concatenating_string.patch graphicsmagick-1.4+really1.3.40/debian/patches/fix_bounds_issue_when_concatenating_string.patch
--- graphicsmagick-1.4+really1.3.40/debian/patches/fix_bounds_issue_when_concatenating_string.patch	1970-01-01 01:00:00.000000000 +0100
+++ graphicsmagick-1.4+really1.3.40/debian/patches/fix_bounds_issue_when_concatenating_string.patch	2023-04-16 14:21:32.000000000 +0200
@@ -0,0 +1,415 @@
+
+# HG changeset patch
+# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+# Date 1680966869 18000
+# Node ID 27a561878992e8588a9c80f3fce51e66e0b55ebc
+# Parent  5509b7e1b29b17b823d6bfdcf7d1519092bf7d8a
+Address issues from SourceForge issue #706 test case 'bug11'
+
+diff -r 5509b7e1b29b -r 27a561878992 ChangeLog
+--- a/ChangeLog	Sun Apr 02 17:02:20 2023 -0500
++++ b/ChangeLog	Sat Apr 08 10:14:29 2023 -0500
+@@ -1,3 +1,14 @@
++2023-04-08  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
++
++	* coders/mpc.c (ReadMPCImage): If an attribute appears multiple
++	times in the MPC header, only set it once.
++
++	* coders/miff.c (ReadMIFFImage): If an attribute appears multiple
++	times in the MIFF header, only set it once.
++
++	* magick/attribute.c (SetImageAttribute): Fix bounds issue when
++	concatenating string (SourceForge issue #706 test case 'bug11');
++
+ 2023-01-14  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
+ 
+ 	* version.sh: Updated for 1.3.40 release.
+diff -r 5509b7e1b29b -r 27a561878992 coders/miff.c
+--- a/coders/miff.c	Sun Apr 02 17:02:20 2023 -0500
++++ b/coders/miff.c	Sat Apr 08 10:14:29 2023 -0500
+@@ -752,6 +752,23 @@
+ 
+ #define ReadMIFFMaxKeyWordCount 256 /* Arbitrary limit on keywords in one MIFF frame */
+ 
++/*
++  Ignore attempts to set the same attribute multiple times.
++*/
++static MagickPassFail
++SetNewImageAttribute(Image *image,const char *key,const char *value)
++{
++  MagickPassFail
++    status;
++
++  if (GetImageAttribute(image,key) == (const ImageAttribute *) NULL)
++    status = SetImageAttribute(image,key,value);
++  else
++    status = MagickFail;
++
++  return status;
++};
++
+ static Image *ReadMIFFImage(const ImageInfo *image_info,
+   ExceptionInfo *exception)
+ {
+@@ -926,7 +943,7 @@
+               image);
+           *p='\0';
+           (void) LogMagickEvent(CoderEvent,GetMagickModule(),"Comment: \"%s\"", comment);
+-          (void) SetImageAttribute(image,"comment",comment);
++          (void) SetNewImageAttribute(image,"comment",comment);
+           comment_count++;
+           MagickFreeResourceLimitedMemory(comment);
+           c=ReadBlobByte(image);
+@@ -1060,7 +1077,7 @@
+                       exception);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -1135,7 +1152,7 @@
+                     image->columns= MagickAtoL(values);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -1165,7 +1182,7 @@
+                           image->dispose=PreviousDispose;
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -1184,7 +1201,7 @@
+                       &image->chromaticity.green_primary.y);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -1201,7 +1218,7 @@
+                     image->iterations=MagickAtoL(values);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -1225,7 +1242,7 @@
+                     (void) CloneString(&image->montage,values);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -1243,7 +1260,7 @@
+                     image->orientation=StringToOrientationType(values);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -1281,7 +1298,7 @@
+                     number_of_profiles++;
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -1322,7 +1339,7 @@
+                     image->rows= MagickAtoL(values);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -1334,7 +1351,7 @@
+                     image->scene=MagickAtoL(values);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -1351,7 +1368,7 @@
+                         image->units=PixelsPerCentimeterResolution;
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -1363,7 +1380,7 @@
+                     version=MagickAtoF(values);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -1377,13 +1394,13 @@
+                       &image->chromaticity.white_point.y);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+               default:
+               {
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+diff -r 5509b7e1b29b -r 27a561878992 coders/mpc.c
+--- a/coders/mpc.c	Sun Apr 02 17:02:20 2023 -0500
++++ b/coders/mpc.c	Sat Apr 08 10:14:29 2023 -0500
+@@ -1,5 +1,5 @@
+ /*
+-% Copyright (C) 2003-2022 GraphicsMagick Group
++% Copyright (C) 2003-2023 GraphicsMagick Group
+ % Copyright (C) 2002 ImageMagick Studio
+ %
+ % This program is covered by multiple licenses, which are described in
+@@ -146,6 +146,23 @@
+ 
+ #define ReadMPCMaxKeyWordCount 256 /* Arbitrary limit on number of keywords in MPC frame */
+ 
++/*
++  Ignore attempts to set the same attribute multiple times.
++*/
++static MagickPassFail
++SetNewImageAttribute(Image *image,const char *key,const char *value)
++{
++  MagickPassFail
++    status;
++
++  if (GetImageAttribute(image,key) == (const ImageAttribute *) NULL)
++    status = SetImageAttribute(image,key,value);
++  else
++    status = MagickFail;
++
++  return status;
++};
++
+ static Image *ReadMPCImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ {
+   char
+@@ -294,7 +311,7 @@
+             ThrowMPCReaderException(ResourceLimitError,MemoryAllocationFailed,
+               image);
+           *p='\0';
+-          (void) SetImageAttribute(image,"comment",comment);
++          (void) SetNewImageAttribute(image,"comment",comment);
+           comment_count++;
+           MagickFreeResourceLimitedMemory(comment);
+           c=ReadBlobByte(image);
+@@ -429,7 +446,7 @@
+                       exception);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -493,7 +510,7 @@
+                     image->columns= MagickAtoL(values);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -523,7 +540,7 @@
+                           image->dispose=PreviousDispose;
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -535,7 +552,7 @@
+                     image->error.mean_error_per_pixel=MagickAtoF(values);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -560,7 +577,7 @@
+                       &image->chromaticity.green_primary.y);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -577,7 +594,7 @@
+                     image->iterations=MagickAtoL(values);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -617,7 +634,7 @@
+                     (void) CloneString(&image->montage,values);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -635,7 +652,7 @@
+                     image->orientation=StringToOrientationType(values);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -671,7 +688,7 @@
+                     number_of_profiles++;
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -683,7 +700,7 @@
+                     quantum_depth=MagickAtoL(values);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -724,7 +741,7 @@
+                     image->rows=MagickAtoL(values);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -736,7 +753,7 @@
+                     image->scene=MagickAtoL(values);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -753,7 +770,7 @@
+                         image->units=PixelsPerCentimeterResolution;
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+@@ -767,13 +784,13 @@
+                       &image->chromaticity.white_point.y);
+                     break;
+                   }
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+               default:
+               {
+-                (void) SetImageAttribute(image,keyword,
++                (void) SetNewImageAttribute(image,keyword,
+                   *values == '{' ? values+1 : values);
+                 break;
+               }
+diff -r 5509b7e1b29b -r 27a561878992 magick/attribute.c
+--- a/magick/attribute.c	Sun Apr 02 17:02:20 2023 -0500
++++ b/magick/attribute.c	Sat Apr 08 10:14:29 2023 -0500
+@@ -1,5 +1,5 @@
+ /*
+-% Copyright (C) 2003-2022 GraphicsMagick Group
++% Copyright (C) 2003-2023 GraphicsMagick Group
+ % Copyright (C) 2002 ImageMagick Studio
+ %
+ % This program is covered by multiple licenses, which are described in
+@@ -3294,15 +3294,18 @@
+           else
+             {
+               /*
+-                Extend existing text string.
++                Extend existing text string.  This functionality is deprecated!
+               */
+               min_l=p->length+attribute->length+1;
+               for (realloc_l=2; realloc_l <= min_l; realloc_l *= 2)
+                     { /* nada */};
+               MagickReallocMemory(char *,p->value,realloc_l);
+               if (p->value != (char *) NULL)
+-                (void) strlcat(p->value+p->length,attribute->value,min_l);
+-              p->length += attribute->length;
++                {
++                  (void) memcpy(p->value+p->length,attribute->value,min_l-p->length-1);
++                  p->length += attribute->length;
++                  p->value[p->length] = '\0';
++                }
+               DestroyImageAttribute(attribute);
+             }
+           if (p->value != (char *) NULL)
+diff -r 5509b7e1b29b -r 27a561878992 www/Changelog.html
+--- a/www/Changelog.html	Sun Apr 02 17:02:20 2023 -0500
++++ b/www/Changelog.html	Sat Apr 08 10:14:29 2023 -0500
+@@ -37,6 +37,17 @@
+ </div>
+ 
+ <div class="document">
++<p>2023-04-08  Bob Friesenhahn  &lt;<a class="reference external" href="mailto:bfriesen&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us";>bfriesen<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
++<blockquote>
++<ul class="simple">
++<li><p>coders/mpc.c (ReadMPCImage): If an attribute appears multiple
++times in the MPC header, only set it once.</p></li>
++<li><p>coders/miff.c (ReadMIFFImage): If an attribute appears multiple
++times in the MIFF header, only set it once.</p></li>
++<li><p>magick/attribute.c (SetImageAttribute): Fix bounds issue when
++concatenating string (SourceForge issue #706 test case 'bug11');</p></li>
++</ul>
++</blockquote>
+ <p>2023-01-14  Bob Friesenhahn  &lt;<a class="reference external" href="mailto:bfriesen&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us";>bfriesen<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
+ <blockquote>
+ <ul class="simple">
diff -Nru graphicsmagick-1.4+really1.3.40/debian/patches/series graphicsmagick-1.4+really1.3.40/debian/patches/series
--- graphicsmagick-1.4+really1.3.40/debian/patches/series	2023-01-15 08:33:55.000000000 +0100
+++ graphicsmagick-1.4+really1.3.40/debian/patches/series	2023-04-17 19:17:10.000000000 +0200
@@ -1,2 +1,4 @@
 link-demos.diff
 semaphore_O0_ppc64el.patch
+fix_bounds_issue_when_concatenating_string.patch
+eliminate_memory_leak_when_handling_EXIFOrientation.patch

--- End Message ---

--- Begin Message ---

To: 1034645-done@bugs.debian.org

Subject: unblock graphicsmagick

From: Sebastian Ramacher <sramacher@respighi.debian.org>

Date: Fri, 21 Apr 2023 19:06:04 +0000

Message-id: <E1ppw56-008Bvo-RY@respighi.debian.org>
Unblocked.
--- End Message ---

Reply to:

References:
- Bug#1034645: unblock: graphicsmagick/1.4+really1.3.40-4
  - From: László Böszörményi (GCS) <gcs@debian.org>

Prev by Date: NEW changes in stable-new
Next by Date: NEW changes in stable-new
Previous by thread: Processed: unblock: graphicsmagick/1.4+really1.3.40-4
Next by thread: Bug#1034646: [pre-approval] unblock: fuse3/3.14.0-4
Index(es):
- Date
- Thread