imagemagick: Fix CVE vulnerablities

Fix following CVEs for imagemagick: CVE-2021-20311, CVE-2021-20312, CVE-2021-20313 CVE-2021-20309, CVE-2021-20310, CVE-2021-3610 CVE-2022-0284, CVE-2022-2719 fix-cipher-leak.patch fixes CVE-2021-20311, CVE-2021-20312, CVE-2021-20313 Ignore following CVES as current version is not affected by them: CVE-2014-9826, CVE-2016-7538, CVE-2017-5506 Signed-off-by: Sana Kazi <sanakazi720@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-04-20 11:38:34 +00:00 · 2025-05-12 14:02:11 +05:30
parent de4550a2b7
commit 9063cb0d9f
7 changed files with 448 additions and 1 deletions
--- a/meta-oe/recipes-support/imagemagick/files/CVE-2021-20309.patch
+++ b/meta-oe/recipes-support/imagemagick/files/CVE-2021-20309.patch
@@ -0,0 +1,25 @@
+From 94174beff065cb5683d09d79e992c3ebbdead311 Mon Sep 17 00:00:00 2001
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Thu, 25 Feb 2021 19:34:39 -0500
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/3296
+
+CVE: CVE-2021-20309
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311.patch]
+Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
+---
+ MagickCore/visual-effects.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/MagickCore/visual-effects.c b/MagickCore/visual-effects.c
+index 789660231b9..60a227951f9 100644
+--- a/MagickCore/visual-effects.c
+++ b/MagickCore/visual-effects.c
+@@ -3360,7 +3360,7 @@ MagickExport Image *WaveImage(const Image *image,const double amplitude,
+     }
+   for (i=0; i < (ssize_t) wave_image->columns; i++)
+     sine_map[i]=(float) fabs(amplitude)+amplitude*sin((double)
+-      ((2.0*MagickPI*i)/wave_length));
+      ((2.0*MagickPI*i)*PerceptibleReciprocal(wave_length)));
+   /*
+     Wave image.
+   */
--- a/meta-oe/recipes-support/imagemagick/files/CVE-2021-20310.patch
+++ b/meta-oe/recipes-support/imagemagick/files/CVE-2021-20310.patch
@@ -0,0 +1,31 @@
+From 75f6f5032690077cae3eaeda3c0165cc765eaeb5 Mon Sep 17 00:00:00 2001
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Thu, 25 Feb 2021 19:31:37 -0500
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/3295
+
+CVE: CVE-2021-20310
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/75f6f5032690077cae3eaeda3c0165cc765eaeb5.patch]
+Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
+---
+ MagickCore/colorspace.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c
+index e3b7df339f6..9c5ea11e300 100644
+--- a/MagickCore/colorspace.c
+++ b/MagickCore/colorspace.c
+@@ -329,11 +329,11 @@ static void inline ConvertXYZToJzazbz(const double X,const double Y,
+   L=0.41478972*Xp+0.579999*Yp+0.0146480*Zp;
+   M=(-0.2015100)*Xp+1.120649*Yp+0.0531008*Zp;
+   S=(-0.0166008)*Xp+0.264800*Yp+0.6684799*Zp;
+-  gamma=pow(L/white_luminance,Jzazbz_n);
+  gamma=pow(L*PerceptibleReciprocal(white_luminance),Jzazbz_n);
+   Lp=pow((Jzazbz_c1+Jzazbz_c2*gamma)/(1.0+Jzazbz_c3*gamma),Jzazbz_p);
+-  gamma=pow(M/white_luminance,Jzazbz_n);
+  gamma=pow(M*PerceptibleReciprocal(white_luminance),Jzazbz_n);
+   Mp=pow((Jzazbz_c1+Jzazbz_c2*gamma)/(1.0+Jzazbz_c3*gamma),Jzazbz_p);
+-  gamma=pow(S/white_luminance,Jzazbz_n);
+  gamma=pow(S*PerceptibleReciprocal(white_luminance),Jzazbz_n);
+   Sp=pow((Jzazbz_c1+Jzazbz_c2*gamma)/(1.0+Jzazbz_c3*gamma),Jzazbz_p);
+   Iz=0.5*Lp+0.5*Mp;
+   *az=3.52400*Lp-4.066708*Mp+0.542708*Sp+0.5;
--- a/meta-oe/recipes-support/imagemagick/files/CVE-2021-3610.patch
+++ b/meta-oe/recipes-support/imagemagick/files/CVE-2021-3610.patch
@@ -0,0 +1,26 @@
+From 930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3 Mon Sep 17 00:00:00 2001
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Thu, 27 May 2021 10:30:17 -0400
+Subject: [PATCH] eliminate heap buffer overflow vulnerability, thanks to
+ ZhangJiaxing (@r0fm1a) from Codesafe Team of Legendsec at Qi'anxin Group
+
+CVE: CVE-2021-3610
+Upstream-Status: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3.patch]
+Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
+---
+ coders/tiff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index 277b9788be5..b88ce368ba5 100644
+--- a/coders/tiff.c
+++ b/coders/tiff.c
+@@ -1894,7 +1894,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+         /*
+           Convert stripped TIFF image.
+         */
+-        extent=2*TIFFStripSize(tiff);
+        extent=4*TIFFStripSize(tiff);
+ #if defined(TIFF_VERSION_BIG)
+         extent+=image->columns*sizeof(uint64);
+ #else
--- a/meta-oe/recipes-support/imagemagick/files/CVE-2022-0284.patch
+++ b/meta-oe/recipes-support/imagemagick/files/CVE-2022-0284.patch
@@ -0,0 +1,34 @@
+From e50f19fd73c792ebe912df8ab83aa51a243a3da7 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Wed, 19 Jan 2022 16:26:12 -0500
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/4729
+
+CVE: CVE-2022-0284
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/e50f19fd73c792ebe912df8ab83aa51a243a3da7.patch]
+Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
+---
+ coders/xpm.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/coders/xpm.c b/coders/xpm.c
+index 782ed732544..5f73df8bca4 100644
+--- a/coders/xpm.c
+++ b/coders/xpm.c
+@@ -773,7 +773,7 @@ static MagickBooleanType WritePICONImage(const ImageInfo *image_info,
+               break;
+             for (x=0; x < (ssize_t) picon->columns; x++)
+             {
+-              if (GetPixelAlpha(image,q) == (Quantum) TransparentAlpha)
+              if (GetPixelAlpha(picon,q) == (Quantum) TransparentAlpha)
+                 transparent=MagickTrue;
+               else
+                 SetPixelAlpha(picon,OpaqueAlpha,q);
+@@ -804,7 +804,7 @@ static MagickBooleanType WritePICONImage(const ImageInfo *image_info,
+           break;
+         for (x=0; x < (ssize_t) picon->columns; x++)
+         {
+-          if (GetPixelAlpha(image,q) == (Quantum) TransparentAlpha)
+          if (GetPixelAlpha(picon,q) == (Quantum) TransparentAlpha)
+             SetPixelIndex(picon,(Quantum) picon->colors,q);
+           q+=GetPixelChannels(picon);
+         }
--- a/meta-oe/recipes-support/imagemagick/files/CVE-2022-2719.patch
+++ b/meta-oe/recipes-support/imagemagick/files/CVE-2022-2719.patch
@@ -0,0 +1,136 @@
+From 716496e6df0add89e9679d6da9c0afca814cfe49 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Sun, 3 Apr 2022 14:35:29 -0400
+Subject: [PATCH] do not attempt to write a null image list (thanks to Vinay
+ Rohila)
+
+CVE: CVE-2022-2719
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/716496e6df0add89e9679d6da9c0afca814cfe49.patch]
+Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
+---
+ MagickWand/operation.c |  3 ++-
+ coders/tim2.c          | 30 ++++++++++++++----------------
+ 2 files changed, 16 insertions(+), 17 deletions(-)
+
+diff --git a/MagickWand/operation.c b/MagickWand/operation.c
+index 383dc7c8098..95596035367 100644
+--- a/MagickWand/operation.c
+++ b/MagickWand/operation.c
+@@ -4893,7 +4893,8 @@ WandPrivate void CLINoImageOperator(Magi
+       if (IfPlusOp)
+         write_images=CloneImageList(_images,_exception);
+       write_info=CloneImageInfo(_image_info);
+-      (void) WriteImages(write_info,write_images,arg1,_exception);
+      if (write_images != (Image *) NULL)
+        (void) WriteImages(write_info,write_images,arg1,_exception);      
+       write_info=DestroyImageInfo(write_info);
+       if (IfPlusOp)
+         write_images=DestroyImageList(write_images);
+diff --git a/coders/tim2.c b/coders/tim2.c
+index e55170d8205..110542e45ba 100644
+--- a/coders/tim2.c
+++ b/coders/tim2.c
+@@ -60,8 +60,7 @@
+ #include "MagickCore/static.h"
+ #include "MagickCore/string_.h"
+ #include "MagickCore/module.h"
+-
+-
+
+ /*
+  Typedef declarations
+ */
+@@ -123,8 +122,7 @@ typedef enum
+   RGB24=1,
+   RGBA16=2,
+ } TIM2ColorEncoding;
+-
+-
+
+ /*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ %                                                                             %
+@@ -142,7 +140,8 @@ typedef enum
+ %
+ %  The format of the ReadTIM2Image method is:
+ %
+-%      Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception)
+%      Image *ReadTIM2Image(const ImageInfo *image_info,
+%        ExceptionInfo *exception)
+ %
+ %  A description of each parameter follows:
+ %
+@@ -600,13 +599,13 @@ static MagickBooleanType ReadTIM2ImageData(const ImageInfo *image_info,
+           image_info->filename);
+         break;
+     }
+-    if (csm==CSM1)
+    if (csm == CSM1)
+       {
+         PixelInfo
+           *oldColormap;
+ 
+-        oldColormap=(PixelInfo *) AcquireQuantumMemory((size_t)(image->colors)+1,
+-          sizeof(*image->colormap));
+        oldColormap=(PixelInfo *) AcquireQuantumMemory((size_t)(image->colors)+
+          1,sizeof(*image->colormap));
+         if (oldColormap == (PixelInfo *) NULL)
+           ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed",
+             image_info->filename);
+@@ -617,7 +616,8 @@ static MagickBooleanType ReadTIM2ImageData(const ImageInfo *image_info,
+   return(status);
+ }
+ 
+-static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception)
+static Image *ReadTIM2Image(const ImageInfo *image_info,
+  ExceptionInfo *exception)
+ {
+   Image
+     *image;
+@@ -626,6 +626,7 @@ static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception
+     status;
+ 
+   ssize_t
+    i,
+     str_read;
+ 
+   TIM2FileHeader
+@@ -685,7 +686,7 @@ static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception
+    */
+   if (file_header.image_count != 1)
+     ThrowReaderException(CoderError,"NumberOfImagesIsNotSupported");
+-  for (int i=0; i < file_header.image_count; ++i)
+  for (i=0; i < (ssize_t) file_header.image_count; i++)
+   {
+     char
+       clut_depth,
+@@ -780,8 +781,7 @@ static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception
+         break;
+       }
+     image=SyncNextImageInList(image);
+-    status=SetImageProgress(image,LoadImagesTag,image->scene-1,
+-      image->scene);
+    status=SetImageProgress(image,LoadImagesTag,image->scene-1,image->scene);
+     if (status == MagickFalse)
+       break;
+   }
+@@ -790,8 +790,7 @@ static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception
+     return(DestroyImageList(image));
+   return(GetFirstImageInList(image));
+ }
+-
+-
+
+ /*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ %                                                                             %
+@@ -825,8 +824,7 @@ ModuleExport size_t RegisterTIM2Image(void)
+   (void) RegisterMagickInfo(entry);
+   return(MagickImageCoderSignature);
+ }
+-
+-
+
+ /*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ %                                                                             %
--- a/meta-oe/recipes-support/imagemagick/files/fix-cipher-leak.patch
+++ b/meta-oe/recipes-support/imagemagick/files/fix-cipher-leak.patch
@@ -0,0 +1,178 @@
+From 70aa86f5d5d8aa605a918ed51f7574f433a18482 Mon Sep 17 00:00:00 2001
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Thu, 25 Feb 2021 17:05:14 -0500
+Subject: [PATCH] possible divide by zero + clear buffers
+
+---
+ MagickCore/cipher.c     | 12 ++++++------
+ MagickCore/colorspace.c | 16 ++++++++--------
+ MagickCore/memory.c     | 22 ++++++++++++++++------
+ MagickCore/signature.c  |  2 +-
+ coders/thumbnail.c      |  3 ++-
+ 5 files changed, 41 insertions(+), 25 deletions(-)
+
+CVE: CVE-2021-20311
+CVE: CVE-2021-20312
+CVE: CVE-2021-20313
+
+Upstream-Status: Backport[https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482.patch]
+Comment: Refreshed patch based on the codebase
+
+Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
+diff --git a/MagickCore/cipher.c b/MagickCore/cipher.c
+index 057b11c4720..91ad1d1d662 100644
+--- a/MagickCore/cipher.c
+++ b/MagickCore/cipher.c
+@@ -484,8 +484,8 @@ static void EncipherAESBlock(AESInfo *ae
+     Reset registers.
+   */
+   alpha=0;
+-  (void) memset(key,0,sizeof(key));
+-  (void) memset(text,0,sizeof(text));
+  (void) ResetMagickMemory(key,0,sizeof(key));
+  (void) ResetMagickMemory(text,0,sizeof(text));  
+ }
+ 
+
+ /*
+@@ -708,8 +708,8 @@ MagickExport MagickBooleanType PasskeyDe
+   */
+   quantum_info=DestroyQuantumInfo(quantum_info);
+   aes_info=DestroyAESInfo(aes_info);
+-  (void) memset(input_block,0,sizeof(input_block));
+-  (void) memset(output_block,0,sizeof(output_block));
+  (void) ResetMagickMemory(input_block,0,sizeof(input_block));
+  (void) ResetMagickMemory(output_block,0,sizeof(output_block));  
+   return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse);
+ }
+ 
+
+@@ -925,8 +925,8 @@ MagickExport MagickBooleanType PasskeyEn
+   */
+   quantum_info=DestroyQuantumInfo(quantum_info);
+   aes_info=DestroyAESInfo(aes_info);
+-  (void) memset(input_block,0,sizeof(input_block));
+-  (void) memset(output_block,0,sizeof(output_block));
+  (void) ResetMagickMemory(input_block,0,sizeof(input_block));
+  (void) ResetMagickMemory(output_block,0,sizeof(output_block));
+   return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse);
+ }
+ 
+
+diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c
+index 2ffc72f88fa..e3b7df339f6 100644
+--- a/MagickCore/colorspace.c
+++ b/MagickCore/colorspace.c
+@@ -940,15 +940,15 @@ static MagickBooleanType sRGBTransformImage(Image *image,
+       if (logmap == (Quantum *) NULL)
+         ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed",
+           image->filename);
+-      black=pow(10.0,(reference_black-reference_white)*(gamma/density)*0.002/
+-        film_gamma);
+      black=pow(10.0,(reference_black-reference_white)*(gamma/density)*0.002*
+        PerceptibleReciprocal(film_gamma));
+ #if defined(MAGICKCORE_OPENMP_SUPPORT)
+       #pragma omp parallel for schedule(static)
+ #endif
+       for (i=0; i <= (ssize_t) MaxMap; i++)
+         logmap[i]=ScaleMapToQuantum((double) (MaxMap*(reference_white+
+-          log10(black+(1.0*i/MaxMap)*(1.0-black))/((gamma/density)*0.002/
+-          film_gamma))/1024.0));
+          log10(black+(1.0*i/MaxMap)*(1.0-black))/((gamma/density)*0.002*
+          PerceptibleReciprocal(film_gamma)))/1024.0));
+       image_view=AcquireAuthenticCacheView(image,exception);
+ #if defined(MAGICKCORE_OPENMP_SUPPORT)
+       #pragma omp parallel for schedule(static) shared(status) \
+@@ -2502,14 +2502,14 @@ static MagickBooleanType TransformsRGBImage(Image *image,
+       if (logmap == (Quantum *) NULL)
+         ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed",
+           image->filename);
+-      black=pow(10.0,(reference_black-reference_white)*(gamma/density)*0.002/
+-        film_gamma);
+      black=pow(10.0,(reference_black-reference_white)*(gamma/density)*0.002*
+        PerceptibleReciprocal(film_gamma));
+       for (i=0; i <= (ssize_t) (reference_black*MaxMap/1024.0); i++)
+         logmap[i]=(Quantum) 0;
+       for ( ; i < (ssize_t) (reference_white*MaxMap/1024.0); i++)
+         logmap[i]=ClampToQuantum(QuantumRange/(1.0-black)*
+-          (pow(10.0,(1024.0*i/MaxMap-reference_white)*(gamma/density)*0.002/
+-          film_gamma)-black));
+          (pow(10.0,(1024.0*i/MaxMap-reference_white)*(gamma/density)*0.002*
+          PerceptibleReciprocal(film_gamma))-black));
+       for ( ; i <= (ssize_t) MaxMap; i++)
+         logmap[i]=QuantumRange;
+       if (image->storage_class == PseudoClass)
+diff --git a/MagickCore/memory.c b/MagickCore/memory.c
+index 2598044486a..01bc80d86c5 100644
+--- a/MagickCore/memory.c
+++ b/MagickCore/memory.c
+@@ -1269,26 +1269,36 @@ MagickExport MemoryInfo *RelinquishVirtualMemory(MemoryInfo *memory_info)
+ %                                                                             %
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ %
+-%  ResetMagickMemory() fills the first size bytes of the memory area pointed to
+-%  by memory with the constant byte c.
+%  ResetMagickMemory() fills the first size bytes of the memory area pointed to %  by memory with the constant byte c.  We use a volatile pointer when
+%  updating the byte string.  Most compilers will avoid optimizing away access
+%  to a volatile pointer, even if the pointer appears to be unused after the
+%  call.
+ %
+ %  The format of the ResetMagickMemory method is:
+ %
+-%      void *ResetMagickMemory(void *memory,int byte,const size_t size)
+%      void *ResetMagickMemory(void *memory,int c,const size_t size)
+ %
+ %  A description of each parameter follows:
+ %
+ %    o memory: a pointer to a memory allocation.
+ %
+-%    o byte: set the memory to this value.
+%    o c: set the memory to this value.
+ %
+ %    o size: size of the memory to reset.
+ %
+ */
+-MagickExport void *ResetMagickMemory(void *memory,int byte,const size_t size)
+MagickExport void *ResetMagickMemory(void *memory,int c,const size_t size)
+ {
+  volatile unsigned char
+    *p = memory;
+
+  size_t
+    n = size;
+
+   assert(memory != (void *) NULL);
+-  return(memset(memory,byte,size));
+  while (n-- != 0)
+  	*p++=(unsigned char) c;
+  return(memory);
+ }
+ 
+ /*
+diff --git a/MagickCore/signature.c b/MagickCore/signature.c
+index 2d9b0801523..1f79c91b11b 100644
+--- a/MagickCore/signature.c
+++ b/MagickCore/signature.c
+@@ -736,7 +736,7 @@ RestoreMSCWarning
+   T=0;
+   T1=0;
+   T2=0;
+-  (void) memset(W,0,sizeof(W));
+  (void) ResetMagickMemory(W,0,sizeof(W));
+ }
+ 
+ /*
+diff --git a/coders/thumbnail.c b/coders/thumbnail.c
+index 59d97380d9e..e92dd312011 100644
+--- a/coders/thumbnail.c
+++ b/coders/thumbnail.c
+@@ -199,7 +199,8 @@ static MagickBooleanType WriteTHUMBNAILImage(const ImageInfo *image_info,
+       break;
+     q++;
+   }
+-  if ((q+length) > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)))
+  if ((q > (GetStringInfoDatum(profile)+GetStringInfoLength(profile))) ||
+      (length > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)-q)))
+     ThrowWriterException(CoderError,"ImageDoesNotHaveAThumbnail");
+   thumbnail_image=BlobToImage(image_info,q,length,exception);
+   if (thumbnail_image == (Image *) NULL)
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -11,11 +11,28 @@ DEPENDS = "lcms bzip2 jpeg libpng tiff zlib fftw freetype libtool"

 BASE_PV := "${PV}"
 PV .= "-62"
-SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https"
+SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https \
+    file://CVE-2021-20309.patch \
+    file://CVE-2021-20310.patch \
+    file://CVE-2021-3610.patch \
+    file://CVE-2022-0284.patch \
+    file://fix-cipher-leak.patch \
+    file://CVE-2022-2719.patch \
+"
+
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"

 S = "${WORKDIR}/git"

+# current version is not affected by the CVE which affects versions at least earlier than 6.9.4-0
+CVE_CHECK_IGNORE += "CVE-2014-9826"
+
+# current version is not affected by the CVE which affects versions at least earlier than 6.9.4-0
+CVE_CHECK_IGNORE += "CVE-2016-7538"
+
+# current version is not affected by the CVE which affects versions at least earlier than 7.0.4-4
+CVE_CHECK_IGNORE += "CVE-2017-5506"
+
 inherit autotools pkgconfig update-alternatives

 # xml disabled because it's using xml2-config --prefix to determine prefix which returns just /usr with our libxml2