SLFO-pool/GraphicsMagick
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main GraphicsMagick revision 2fa749cb4abcd557783180ab6d51f0e7

Browse Source
This commit is contained in:
Adrian Schröter
2025-04-24 00:02:25 +02:00
parent 5ccc5e123c
commit c83609be54
9 changed files with 304 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
GraphicsMagick-1.3.42.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

BIN
GraphicsMagick-1.3.45.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

14
GraphicsMagick-CVE-2025-27795.patch Normal file
View File

@@ -0,0 +1,14 @@
diff -r db3ff8d00c28 -r 9bbae7314e3c coders/jxl.c
--- a/coders/jxl.c Sat Sep 07 10:14:51 2024 -0500
+++ b/coders/jxl.c Mon Sep 09 08:01:43 2024 -0500
@@ -637,6 +638,9 @@
image->orientation=convert_orientation(basic_info.orientation);
+ if (CheckImagePixelLimits(image, exception) != MagickPass)
+ ThrowJXLReaderException(ResourceLimitError,ImagePixelLimitExceeded,image);
+
pixel_format.endianness=JXL_NATIVE_ENDIAN;
pixel_format.align=0;
if (basic_info.num_color_channels == 1)

43
GraphicsMagick-CVE-2025-27796.patch Normal file
View File

@@ -0,0 +1,43 @@
diff -r cf7cd5ebabb0 -r 883ebf8cae6d coders/wpg.c
--- a/coders/wpg.c Mon Dec 16 10:50:23 2024 -0600
+++ b/coders/wpg.c Thu Dec 19 12:57:33 2024 -0600
@@ -1704,28 +1704,23 @@
ThrowReaderException(CorruptImageError,InvalidColormapIndex,image);
}
- if(pPalette!=NULL &&
- PaletteAllocBytes < 4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries))
- {
- MagickFreeResourceLimitedMemory(pPalette);
- PaletteAllocBytes = 0;
- }
+ /* Assure that buffer is allocated and the current size */
+ if (PaletteAllocBytes != Max(4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries),4*256))
+ {
+ PaletteAllocBytes = Max(4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries),4*256);
+ MagickReallocateResourceLimitedMemory(unsigned char *,pPalette,PaletteAllocBytes);
+ }
if(pPalette==NULL)
- {
- PaletteItems = WPG_Palette.NumOfEntries;
- PaletteAllocBytes = 4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries);
- if(PaletteAllocBytes < 4*256) PaletteAllocBytes = 4*256;
- pPalette = MagickAllocateResourceLimitedMemory(unsigned char *,(size_t)PaletteAllocBytes);
- if(pPalette==NULL)
- ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);
- for(i=0; i<=255; i++)
+ ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);
+
+ PaletteItems = WPG_Palette.NumOfEntries;
+ for(i=0; i<=255; i++)
{
pPalette[4*i] = WPG1_Palette[i].Red;
pPalette[4*i+1] = WPG1_Palette[i].Green;
pPalette[4*i+2] = WPG1_Palette[i].Blue;
pPalette[4*i+3] = OpaqueOpacity;
}
- }
if(ReadBlob(image,(size_t) PaletteItems*4,pPalette+((size_t)4*WPG_Palette.StartIndex)) != (size_t) PaletteItems*4)
{
MagickFreeResourceLimitedMemory(pPalette);

13
GraphicsMagick-CVE-2025-32460.patch Normal file
View File

@@ -0,0 +1,13 @@
Index: GraphicsMagick-1.3.45/coders/jxl.c
===================================================================
--- GraphicsMagick-1.3.45.orig/coders/jxl.c
+++ GraphicsMagick-1.3.45/coders/jxl.c
@@ -657,7 +657,7 @@ static Image *ReadJXLImage(const ImageIn
ThrowJXLReaderException(ResourceLimitError,MemoryAllocationFailed,image);
}
grayscale=MagickTrue;
- pixel_format.num_channels=1;
+ pixel_format.num_channels=image->matte ? 2 : 1;
pixel_format.data_type=(basic_info.bits_per_sample <= 8 ? JXL_TYPE_UINT8 :
(basic_info.bits_per_sample <= 16 ? JXL_TYPE_UINT16 :
JXL_TYPE_FLOAT));

131
GraphicsMagick-disable-insecure-coders.patch
View File

@@ -1,7 +1,7 @@
Index: GraphicsMagick-1.3.42/coders/pdf.c
Index: GraphicsMagick-1.3.45/coders/pdf.c
===================================================================
--- GraphicsMagick-1.3.42.orig/coders/pdf.c
+++ GraphicsMagick-1.3.42/coders/pdf.c
--- GraphicsMagick-1.3.45.orig/coders/pdf.c
+++ GraphicsMagick-1.3.45/coders/pdf.c
@@ -499,7 +499,7 @@ ModuleExport void RegisterPDFImage(void)
entry->seekable_stream=True;
entry->description="Encapsulated Portable Document Format";
@@ -20,10 +20,10 @@ Index: GraphicsMagick-1.3.42/coders/pdf.c
(void) RegisterMagickInfo(entry);
}
Index: GraphicsMagick-1.3.42/coders/ps.c
Index: GraphicsMagick-1.3.45/coders/ps.c
===================================================================
--- GraphicsMagick-1.3.42.orig/coders/ps.c
+++ GraphicsMagick-1.3.42/coders/ps.c
--- GraphicsMagick-1.3.45.orig/coders/ps.c
+++ GraphicsMagick-1.3.45/coders/ps.c
@@ -456,7 +456,7 @@ ModuleExport void RegisterPSImage(void)
entry->adjoin=False;
entry->description="Adobe Encapsulated PostScript Interchange format";
@@ -69,10 +69,10 @@ Index: GraphicsMagick-1.3.42/coders/ps.c
(void) RegisterMagickInfo(entry);
}
Index: GraphicsMagick-1.3.42/coders/ps2.c
Index: GraphicsMagick-1.3.45/coders/ps2.c
===================================================================
--- GraphicsMagick-1.3.42.orig/coders/ps2.c
+++ GraphicsMagick-1.3.42/coders/ps2.c
--- GraphicsMagick-1.3.45.orig/coders/ps2.c
+++ GraphicsMagick-1.3.45/coders/ps2.c
@@ -252,7 +252,7 @@ ModuleExport void RegisterPS2Image(void)
entry->seekable_stream=True;
entry->description="Adobe Level II Encapsulated PostScript";
@@ -91,10 +91,10 @@ Index: GraphicsMagick-1.3.42/coders/ps2.c
(void) RegisterMagickInfo(entry);
}
Index: GraphicsMagick-1.3.42/coders/ps3.c
Index: GraphicsMagick-1.3.45/coders/ps3.c
===================================================================
--- GraphicsMagick-1.3.42.orig/coders/ps3.c
+++ GraphicsMagick-1.3.42/coders/ps3.c
--- GraphicsMagick-1.3.45.orig/coders/ps3.c
+++ GraphicsMagick-1.3.45/coders/ps3.c
@@ -394,7 +394,7 @@ ModuleExport void RegisterPS3Image(void)
entry->description="Adobe Level III Encapsulated PostScript";
entry->seekable_stream=MagickTrue;
@@ -113,68 +113,73 @@ Index: GraphicsMagick-1.3.42/coders/ps3.c
(void) RegisterMagickInfo(entry);
}
Index: GraphicsMagick-1.3.42/config/delegates.mgk.in
Index: GraphicsMagick-1.3.45/config/delegates.mgk.in
===================================================================
--- GraphicsMagick-1.3.42.orig/config/delegates.mgk.in
+++ GraphicsMagick-1.3.42/config/delegates.mgk.in
--- GraphicsMagick-1.3.45.orig/config/delegates.mgk.in
+++ GraphicsMagick-1.3.45/config/delegates.mgk.in
@@ -76,27 +76,27 @@
<delegate decode="dot" command='"@DOTDecodeDelegate@" -Tps "%i" -o "%o"' />
<delegate decode="dvi" command='"@DVIDecodeDelegate@" -q -o "%o" "%i"' />
<delegate decode="edit" stealth="True" command='"@EditorDelegate@" -title "Edit Image Comment" -e vi "%o"' />
- <delegate decode="eps" encode="pdf" mode="bi" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPDFDevice@ "-sOutputFile=%o" -- "%i" -c quit' />
- <delegate decode="eps" encode="ps" mode="bi" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' />
+ <!--delegate decode="eps" encode="pdf" mode="bi" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPDFDevice@ "-sOutputFile=%o" -- "%i" -c quit' /-->
+ <!--delegate decode="eps" encode="ps" mode="bi" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' /-->
- <delegate decode="eps" encode="pdf" mode="bi" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPDFDevice@ "-sOutputFile=%o" -- "%i" -c quit' />
- <delegate decode="eps" encode="ps" mode="bi" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' />
+ <!--delegate decode="eps" encode="pdf" mode="bi" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPDFDevice@ "-sOutputFile=%o" -- "%i" -c quit' /-->
+ <!--delegate decode="eps" encode="ps" mode="bi" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' /-->
<delegate decode="fig" command='"@FIGDecodeDelegate@" -L ps "%i" "%o"' />
<!-- Read monochrome Postscript, EPS, and PDF -->
- <delegate decode="gs-mono" stealth="True" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSMonoDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />
+ <!--delegate decode="gs-mono" stealth="True" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSMonoDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' /-->
- <delegate decode="gs-mono" stealth="True" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSMonoDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />
+ <!--delegate decode="gs-mono" stealth="True" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSMonoDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' /-->
<!-- Read grayscale Postscript, EPS, and PDF -->
- <delegate decode="gs-gray" stealth="True" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSGrayDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />
+ <!--delegate decode="gs-gray" stealth="True" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSGrayDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' /-->
- <delegate decode="gs-gray" stealth="True" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSGrayDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />
+ <!--delegate decode="gs-gray" stealth="True" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSGrayDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' /-->
<!-- Read colormapped Postscript, EPS, and PDF -->
- <delegate decode="gs-palette" stealth="True" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPaletteDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />
+ <!--delegate decode="gs-palette" stealth="True" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPaletteDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' /-->
- <delegate decode="gs-palette" stealth="True" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPaletteDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />
+ <!--delegate decode="gs-palette" stealth="True" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPaletteDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' /-->
<!-- Read color Postscript, EPS, and PDF -->
- <delegate decode="gs-color" stealth="True" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSColorDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />
+ <!--delegate decode="gs-color" stealth="True" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSColorDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' /-->
- <delegate decode="gs-color" stealth="True" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSColorDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />
+ <!--delegate decode="gs-color" stealth="True" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSColorDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' /-->
<!-- Read color+alpha Postscript, EPS, and PDF -->
- <delegate decode="gs-color+alpha" stealth="True" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSColorAlphaDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />
+ <!--delegate decode="gs-color+alpha" stealth="True" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSColorAlphaDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' /-->
- <delegate decode="gs-color+alpha" stealth="True" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSColorAlphaDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />
+ <!--delegate decode="gs-color+alpha" stealth="True" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSColorAlphaDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' /-->
<!-- Read CMYK Postscript, EPS, and PDF -->
- <delegate decode="gs-cmyk" stealth="True" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSCMYKDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />
+ <!--delegate decode="gs-cmyk" stealth="True" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSCMYKDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' /-->
- <delegate decode="gs-cmyk" stealth="True" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSCMYKDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />
+ <!--delegate decode="gs-cmyk" stealth="True" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSCMYKDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' /-->
<!-- Read monochrome PDF using Poppler's pdftoppm -->
<delegate decode="poppler-mono" stealth="True" command='"pdftoppm" "-mono" "-freetype" "yes" "-aa" "yes" "-aaVector" "yes" "-rx" "72" "-ry" "72" "%s" ">" "%s"' />
@@ -119,16 +119,10 @@
<delegate decode="mpeg" command='"@MPEGDecodeDelegate@" -q -b "%i" -f -o3 "%u%%05d"; @GMDelegate@ convert -temporary "%u*.ppm" "miff:%o" ; rm -f "%u"*.ppm ' />
@@ -120,16 +120,16 @@
<!-- Write MPEG file using mpeg2encode -->
<delegate encode="mpeg-encode" stealth="True" command='"@MPEGEncodeDelegate@" "%i" "%o"' />
- <!-- Convert PDF to Encapsulated Poscript using Ghostscript -->
- <delegate decode="pdf" encode="eps" mode="bi" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSEPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' />
- <!-- Convert PDF to Postcript using Ghostscript -->
- <delegate decode="pdf" encode="ps" mode="bi" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' />
<!-- Convert PDF to Encapsulated Poscript using Ghostscript -->
- <delegate decode="pdf" encode="eps" mode="bi" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSEPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' />
+ <!--delegate decode="pdf" encode="eps" mode="bi" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSEPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' /-->
<!-- Convert PDF to Postcript using Ghostscript -->
- <delegate decode="pdf" encode="ps" mode="bi" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' />
+ <!--delegate decode="pdf" encode="ps" mode="bi" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' /-->
<!-- Convert PNM file to IFF ILBM format using ppmtoilbm -->
<delegate decode="pnm" encode="ilbm" mode="encode" command='"@ILBMEncodeDelegate@" -24if "%i" > "%o"' />
<delegate decode="pnm" encode="launch" mode="encode" command='"@LaunchDelegate@" "%i"' />
<delegate decode="pnm" encode="win" mode="encode" command='"@GMDelegate@" display -immutable "%i"' />
- <delegate decode="ps" encode="eps" mode="bi" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSEPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' />
- <delegate decode="ps" encode="pdf" mode="bi" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPDFDevice@ "-sOutputFile=%o" -- "%i" -c quit' />
<delegate decode="ps" encode="print" mode="encode" command='"@PrintDelegate@" "%i"' />
- <delegate decode="ps" encode="eps" mode="bi" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSEPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' />
- <delegate decode="ps" encode="pdf" mode="bi" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPDFDevice@ "-sOutputFile=%o" -- "%i" -c quit' />
- <delegate decode="ps" encode="print" mode="encode" command='"@PrintDelegate@" "%i"' />
+ <!--delegate decode="ps" encode="eps" mode="bi" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSEPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' /-->
+ <!--delegate decode="ps" encode="pdf" mode="bi" command='"@PSDelegate@" -sstdout=%%stderr -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPDFDevice@ "-sOutputFile=%o" -- "%i" -c quit' /-->
+ <!--delegate decode="ps" encode="print" mode="encode" command='"@PrintDelegate@" "%i"' /-->
<!-- Read HTML file -->
<delegate decode="shtml" command='"@HTMLDecodeDelegate@" -U -o "%o" "%i"' />
Index: GraphicsMagick-1.3.42/Makefile.in
<delegate encode="show" stealth="True" command='"@GMDelegate@" display -immutable -delay 0 -window_group %g -title "%l of %f" "%o" &' />
Index: GraphicsMagick-1.3.45/Makefile.in
===================================================================
--- GraphicsMagick-1.3.42.orig/Makefile.in
+++ GraphicsMagick-1.3.42/Makefile.in
@@ -4338,7 +4338,6 @@ TESTS_TESTS = \
--- GraphicsMagick-1.3.45.orig/Makefile.in
+++ GraphicsMagick-1.3.45/Makefile.in
@@ -4386,7 +4386,6 @@ TESTS_TESTS = \
tests/rwfile.tap \
tests/rwfile_sized.tap \
tests/rwfile_miff.tap \
@@ -182,20 +187,20 @@ Index: GraphicsMagick-1.3.42/Makefile.in
tests/rwfile_deep.tap
TESTS_EXTRA_DIST = \
Index: GraphicsMagick-1.3.42/tests/rwblob.tap
Index: GraphicsMagick-1.3.45/tests/rwblob.tap
===================================================================
--- GraphicsMagick-1.3.42.orig/tests/rwblob.tap
+++ GraphicsMagick-1.3.42/tests/rwblob.tap
--- GraphicsMagick-1.3.45.orig/tests/rwblob.tap
+++ GraphicsMagick-1.3.45/tests/rwblob.tap
@@ -10,7 +10,7 @@ rwblob=./rwblob
check_types='bilevel gray pallette truecolor'
check_types='bilevel gray palette truecolor'
# Number of tests we plan to run
-test_plan_fn 213
+test_plan_fn 205
-test_plan_fn 221
+test_plan_fn 213
# ART format
# AAI format
for type in ${check_types}
@@ -68,18 +68,6 @@ do
@@ -74,18 +74,6 @@ do
test_command_fn "DPX ${type}" ${MEMCHECK} ${rwblob} "${SRCDIR}/input_${type}.miff" DPX
done
@@ -214,20 +219,20 @@ Index: GraphicsMagick-1.3.42/tests/rwblob.tap
# FAX format
for type in ${check_types}
do
Index: GraphicsMagick-1.3.42/tests/rwfile.tap
Index: GraphicsMagick-1.3.45/tests/rwfile.tap
===================================================================
--- GraphicsMagick-1.3.42.orig/tests/rwfile.tap
+++ GraphicsMagick-1.3.42/tests/rwfile.tap
@@ -12,7 +12,7 @@ check_types='bilevel gray pallette truec
check_types_noone='bilevel gray pallette truecolor'
--- GraphicsMagick-1.3.45.orig/tests/rwfile.tap
+++ GraphicsMagick-1.3.45/tests/rwfile.tap
@@ -12,7 +12,7 @@ check_types='bilevel gray palette trueco
check_types_noone='bilevel gray palette truecolor'
# Number of tests we plan to run
-test_plan_fn 838 # 828
+test_plan_fn 788 # 828
-test_plan_fn 857
+test_plan_fn 807
# ART format
# AAI format
for type in ${check_types}
@@ -84,48 +84,6 @@ do
@@ -91,48 +91,6 @@ do
test_command_fn "DPX ${type} (stdio)" ${MEMCHECK} ${rwfile} -stdio -filespec "out_${type}_stdio_%d" "${SRCDIR}/input_${type}.miff" DPX
done
@@ -276,7 +281,7 @@ Index: GraphicsMagick-1.3.42/tests/rwfile.tap
# FAX format
for type in ${check_types}
do
@@ -298,13 +256,6 @@ do
@@ -312,13 +270,6 @@ do
test_command_fn "PCX ${type} (stdio)" ${MEMCHECK} ${rwfile} -stdio -filespec "out_${type}_stdio_%d" "${SRCDIR}/input_${type}.miff" PCX
done
@@ -290,7 +295,7 @@ Index: GraphicsMagick-1.3.42/tests/rwfile.tap
# PGM format
for type in ${check_types}
do
@@ -364,27 +315,6 @@ do
@@ -378,27 +329,6 @@ do
done
done

13
GraphicsMagick-return-value.patch Normal file
View File

@@ -0,0 +1,13 @@
Index: GraphicsMagick-1.3.45/coders/wpg.c
===================================================================
--- GraphicsMagick-1.3.45.orig/coders/wpg.c
+++ GraphicsMagick-1.3.45/coders/wpg.c
@@ -1708,7 +1708,7 @@ UnpackRaster1bpp:
if (PaletteAllocBytes != Max(4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries),4*256))
{
PaletteAllocBytes = Max(4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries),4*256);
- MagickReallocateResourceLimitedMemory(unsigned char *,pPalette,PaletteAllocBytes);
+ pPalette=MagickReallocateResourceLimitedMemory(unsigned char *,pPalette,PaletteAllocBytes);
}
if(pPalette==NULL)
ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);

136
GraphicsMagick.changes
View File

@@ -1,3 +1,139 @@
-------------------------------------------------------------------
Tue Apr 15 07:15:10 UTC 2025 - pgajdos@suse.com
- security update
- added patches
fix CVE-2025-32460 [bsc#1241150], heap-based buffer over-read in ReadJXLImage
+ GraphicsMagick-CVE-2025-32460.patch
-------------------------------------------------------------------
Tue Apr 1 08:58:02 UTC 2025 - pgajdos@suse.com
- security update
- added patches
fix CVE-2025-27795 [bsc#1239044], JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
+ GraphicsMagick-CVE-2025-27795.patch
fix CVE-2025-27796 [bsc#1239043], WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation.
+ GraphicsMagick-CVE-2025-27796.patch
use return value of realloc function
+ GraphicsMagick-return-value.patch
-------------------------------------------------------------------
Mon Mar 10 08:58:49 UTC 2025 - pgajdos@suse.com
- version update to 1.3.45
Security Fixes:
* TIFF: Fixed multiple heap and stack buffer overflows (directed by
the source EXIF profile) while writing EXIF into the native TIFF
IFD.
* FITS: Fix problem that the FITS reader could return invalid image
frames with rows or columns set to zero. Other code in the library
crashes, or even asserts, if invalid image frames with rows or
columns set to zero are returned.
* Coverity fixes: Various fixes for Coverity issues raised after the
update to version 2023.12.2.
* Clang Analyzer (scan-build) fixes: Various fixes for new issues
discovered by Clang Analyzer.
Bug fixes:
* configure.ac: Fix a shell syntax error.
* GCC 14: Eliminate some new warnings which appeared while in -Wall
mode.
* JPEG: FormatJPEGSamplingFactors() now properly handles the number of
samples for each colorspace.
* JXL: Additional validations of color channel and alpha channel
depth.
* TGA: Fix issues discovered by Coverity.
* TGA: Fix writing TGA with opacity values in palette.
* TGA: Default orientation is (again) TopLeftOrientation.
* TIFF: Verify that TIFFTAG_BITSPERSAMPLE is within a rational range.
* TXT: Eliminate use of an uninitialized-value in GetColorTuple().
* XML: Improve detection of if the deprecated HTTP and FTP protocols
are supported by libxml2.
New Features:
* Add support for reading the pre-rendered image from the Open Raster
("ORA") format. Actual rendering of Open Raster is not supported.
* Add support for Dune HD AAI Image (aka Auburn Animation Image) image
format ("AAI").
* Add support for a --version option, which produces GNU style summary
version output.
* Identify output now indicates if the image is opaque.
* WebP: Add support for '-define webp:exact=true' to preserve exact
RGB values under transparent areas while writing WebP format.
Enable this automatically when lossless is enabled. If lossless is
enabled, this option may be used to disable exact mode.
* PerlMagick: Add AccessDefinition(), AddDefinition(),
AddDefinitions(), and RemoveDefinitions() methods to supporting
adding, updating, removing definitions.
API Updates:
* Magick++/STL.h: The deprecated std::unary_function is no longer used
given C++'11 or later. Continued use of it caused too many issues
due to an abundance of warnings.
* Wand API PixelSetQuantumColor(): The color argument is now a const
pointer.
Behavior Changes:
* The graphical progress indication in the X11 sub-apps 'animate' and
'display' is disabled due to discovering a tremendous performance
impact while rendering text under Ubuntu 22.04 LTS. The underlying
cause of the performance impact is not yet known. A text-based
progress output to the program's console is available via
`-monitor`.
* MagickMaxFileSystemBlockSize: Place an arbitrary limit (4,194,304
bytes) on maximum filesystem block size.
- modified patches
% GraphicsMagick-disable-insecure-coders.patch (refreshed)
-------------------------------------------------------------------
Mon Mar 25 12:40:12 UTC 2024 - pgajdos@suse.com
- version update to 1.3.43
Bug fixes:
* JBIG: Add support for 'width', 'height', and 'pixels', resource
limits. Your mileage may vary.
* WPG: Many fixes based on oss-fuzz testing.
* Ghostscript: When invoking Ghostscript, re-direct Ghostscript stdout
to stderr to avoid output corruption when GM stdout is redirected to
a file.
New Features:
* File write limit: Add support for a per-file write limit (-limit
write or MAGICK_LIMIT_WRITE). This imposes a limit on the number of
uncompressed bytes written. The behavior when the limit is hit is
similar to an unexpected write error, as if the disk is full.
* Resource limit highwater: Resource highwater values are maintained
for successful resource requests and final values are traced
via -debug resource' at the end of program execution. These values
may be used to understand the most restrictive resource limits which
may be applied while still achieving successful operation.
* BMP: Support BI_PNG compression (PNG inside BMP).
* BMP: Support reading 64 bits-per-pixel.
* BMP: Support reading 48 bits-per-pixel.
* HEIF: Call heif_init() and heif_deinit() if they are
available. Support setting image width limit.
* HRZ: Added support for Slow scan TV format.
* JPEG: Added support for reading and writing lossy or lossless 12
bits, and lossless 16-bits using libjpeg-turbo-3.0
* JXL: Improve JXL reader/writer exception information.
* TIFF: Remove miniswhite/minisblack prohibitions when using Group3
and Group4 compression in order to allow using inverted photometric
from the standard.
* TIFF: Store EXIF IFD and GPS IFD tag information natively in TIFF
sub-IFDs, the same as it would be produced in a camera supporting
TIFF. This allows an EXIF profile from HEIF, JPEG, JXL, PNG, WebP,
or from the META coder to be preserved in TIFF.
API Updates:
* ExpandFilenames(): Fix memory leak of existing allocations if
realloc() fails.
- modified patches
% GraphicsMagick-disable-insecure-coders.patch (refreshed)
-------------------------------------------------------------------
Mon Jan 29 10:10:37 UTC 2024 - pgajdos@suse.com
- ghostscript-fonts-std: relax to recommends [bsc#1216604]
-------------------------------------------------------------------
Thu Oct 26 09:38:20 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>

17
GraphicsMagick.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package GraphicsMagick
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
%define pp_so_ver 12
%define wand_so_ver 2
Name: GraphicsMagick
Version: 1.3.42
Version: 1.3.45
Release: 0
Summary: Viewer and Converter for Images
License: MIT
@@ -33,6 +33,14 @@ URL: http://www.GraphicsMagick.org/
Source: https://downloads.sourceforge.net/project/graphicsmagick/graphicsmagick/%{version}/%{name}-%{version}.tar.xz
Patch0: GraphicsMagick-perl-linkage.patch
Patch1: GraphicsMagick-disable-insecure-coders.patch
# CVE-2025-27795 [bsc#1239044], JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
Patch2: GraphicsMagick-CVE-2025-27795.patch
# CVE-2025-27796 [bsc#1239043], WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation.
Patch3: GraphicsMagick-CVE-2025-27796.patch
# use return value of realloc function
Patch4: GraphicsMagick-return-value.patch
# CVE-2025-32460 [bsc#1241150], heap-based buffer over-read in ReadJXLImage
Patch5: GraphicsMagick-CVE-2025-32460.patch
BuildRequires: cups-client
BuildRequires: dcraw
BuildRequires: gcc-c++
@@ -95,7 +103,7 @@ Summary: Configuration for the GraphicsMagick image conversion library
Group: System/Libraries
# %{_libdir}/GraphicsMagick-*/config/type-ghostscript.mgk references fonts
# shipped as part of ghostscript-fonts-std (boo#1216604)
Requires: ghostscript-fonts-std
Recommends: ghostscript-fonts-std
%description -n libGraphicsMagick%{so_ver}-config
GraphicsMagick provides an image manipulation and translation utility
@@ -275,6 +283,9 @@ export MAGICK_CONFIGURE_PATH=$PWD/config
cd PerlMagick
# bsc#1105592
rm -r t/ps
# manually run tests:
# export PERL5LIB="$(pwd)/blib/lib:$(pwd)/blib/arch/auto/Graphics/Magick:$(pwd)"
# perl t/write.t
%make_build test
%post -n libGraphicsMagick-Q%{quant}-%{so_ver} -p /sbin/ldconfig