diff --git a/ImageMagick-configuration-SUSE.patch b/ImageMagick-configuration-SUSE.patch
index 90bf322..4ff23f1 100644
--- a/ImageMagick-configuration-SUSE.patch
+++ b/ImageMagick-configuration-SUSE.patch
@@ -1,7 +1,5 @@
-Index: ImageMagick-7.1.1-30/config/policy-secure.xml
-===================================================================
---- ImageMagick-7.1.1-30.orig/config/policy-secure.xml
-+++ ImageMagick-7.1.1-30/config/policy-secure.xml
+--- ImageMagick-7.1.1-30/config/policy.xml
++++ ImageMagick-7.1.1-30/config/policy.xml
@@ -62,7 +62,7 @@
-@@ -83,17 +83,19 @@
+@@ -83,11 +83,11 @@
-
-+
++
-
-+
++
-
-+
-+
-
--
-+
-
-
+@@ -103,4 +103,20 @@
+
+
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
+
+
diff --git a/ImageMagick-filter.t-disable-Contrast.patch b/ImageMagick-filter.t-disable-Contrast.patch
deleted file mode 100644
index 7ebb911..0000000
--- a/ImageMagick-filter.t-disable-Contrast.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- a/PerlMagick/t/filter.t.orig 2021-10-04 14:07:03.016458903 +0000
-+++ b/PerlMagick/t/filter.t 2021-10-04 14:08:31.717025766 +0000
-@@ -57,7 +57,7 @@ testFilterCompare('input.miff', "fuzz=>$
- testFilterCompare('input.miff', "fuzz=>$fuzz", 'reference/filter/Colorize.miff', 'Colorize', q/fill=>"red", blend=>"50%"/, 0.00001, 0.004);
- ++$test;
-
--testFilterCompare('input.miff', q//, 'reference/filter/Contrast.miff', 'Contrast', q//, 0.00001, 0.004);
-+testFilterCompare('input.miff', q//, 'reference/filter/Contrast.miff', 'Contrast', q//, 0.0002, 0.4);
- ++$test;
-
- testFilterCompare('input.miff', q//, 'reference/filter/Convolve.miff', 'Convolve', q/[0.0625, 0.0625, 0.0625, 0.0625, 0.5, 0.0625, 0.0625, 0.0625, 0.0625]/, 0.1, 0.7);
-
diff --git a/ImageMagick.changes b/ImageMagick.changes
index e81e69d..a74d481 100644
--- a/ImageMagick.changes
+++ b/ImageMagick.changes
@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Mon May 26 09:10:06 UTC 2025 - pgajdos@suse.com
+
+- fix config policies [bsc#1243622]
+- modified patches
+ % ImageMagick-configuration-SUSE.patch (refreshed)
+
+-------------------------------------------------------------------
+Thu May 15 20:20:16 UTC 2025 - pgajdos@suse.com
+
+- drop update-alternatives usage, configuration alternative packages
+ now conflict
+- modified patches
+ % ImageMagick-configuration-SUSE.patch (refreshed)
+- added sources
+ + _multibuild
+- remove ImageMagick-filter.t-disable-Contrast.patch needed for i586
+ testing
+
-------------------------------------------------------------------
Tue Apr 1 11:44:59 UTC 2025 - pgajdos@suse.com
diff --git a/ImageMagick.spec b/ImageMagick.spec
index 5becac6..3af1b6e 100644
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@@ -16,23 +16,25 @@
#
+%global flavor @BUILD_FLAVOR@%{nil}
+
%define debug_build 0
%define asan_build 0
-%define maj 7
-%define mfr_version %{maj}.1.1
+%define mfr_version 7.1.1
%define mfr_revision 47
%define quantum_depth 16
%define source_version %{mfr_version}-%{mfr_revision}
%define clibver 10
%define cwandver 10
%define cxxlibver 5
-%define libspec -%{maj}_Q%{quantum_depth}HDRI
-%define config_dir ImageMagick-7
+%define libspec -7_Q%{quantum_depth}HDRI
+%define config_dir IM-7
%define test_verbose 1
# bsc#1088463
%define urw_base35_fonts 0
# do/don't pull djvulibre dependency
%bcond_without djvu
+
Name: ImageMagick
Version: %{mfr_version}.%{mfr_revision}
Release: 0
@@ -40,21 +42,15 @@ Summary: Viewer and Converter for Images
License: ImageMagick
Group: Productivity/Graphics/Other
URL: https://imagemagick.org/
-Source0: https://imagemagick.org/archive/releases/ImageMagick-%{mfr_version}-%{mfr_revision}.tar.xz
+Source0: https://imagemagick.org/archive/releases/ImageMagick-%{source_version}.tar.xz
Source1: baselibs.conf
-Source2: https://imagemagick.org/archive/releases/ImageMagick-%{mfr_version}-%{mfr_revision}.tar.xz.asc
+Source2: https://imagemagick.org/archive/releases/ImageMagick-%{source_version}.tar.xz.asc
Source3: ImageMagick.keyring
# suse specific patches
Patch0: ImageMagick-configuration-SUSE.patch
Patch2: ImageMagick-library-installable-in-parallel.patch
-#%%ifarch i586
-#%%if %%{?suse_version} < 1550
-Patch4: ImageMagick-filter.t-disable-Contrast.patch
-#%%endif
-#%%endif
-#%%ifarch s390x
Patch5: ImageMagick-s390x-disable-tests.patch
-#%%endif
+
BuildRequires: chrpath
BuildRequires: dejavu-fonts
BuildRequires: fdupes
@@ -98,104 +94,6 @@ BuildRequires: ghostscript-fonts-other
BuildRequires: ghostscript-fonts-std
%endif
-%package -n perl-PerlMagick
-Summary: Perl interface for ImageMagick
-Group: Development/Libraries/Perl
-Requires: ImageMagick = %{version}
-Requires: libMagickCore%{libspec}%{clibver} = %{version}
-Requires: perl = %{perl_version}
-
-%package devel
-Summary: Development files for ImageMagick's C interface
-Group: Development/Libraries/C and C++
-Requires: ImageMagick = %{version}
-Requires: glibc-devel
-Requires: libMagickCore%{libspec}%{clibver} = %{version}
-Requires: libMagickWand%{libspec}%{cwandver} = %{version}
-# bnc#741947:
-Requires: pkgconfig(bzip2)
-%if !%{debug_build}
-%package extra
-Summary: Extra codecs for the ImageMagick image viewer/converter
-Group: Productivity/Graphics/Other
-Requires: ImageMagick = %{version}
-Requires: libMagickCore%{libspec}%{clibver} = %{version}
-Recommends: autotrace
-Recommends: dcraw
-Recommends: hp2xx
-Recommends: libwmf
-Recommends: netpbm
-Recommends: transfig
-%endif
-
-%package -n libMagickCore%{libspec}%{clibver}
-Summary: C runtime library for ImageMagick
-Group: Productivity/Graphics/Other
-Requires: imagick-config-7
-Recommends: ImageMagick-config-7-SUSE
-Recommends: ghostscript
-Suggests: ImageMagick-extra = %{version}
-Recommends: ImageMagick
-
-%package -n libMagickWand%{libspec}%{cwandver}
-Summary: C runtime library for ImageMagick
-Group: Productivity/Graphics/Other
-Recommends: ImageMagick
-
-%package -n libMagick++%{libspec}%{cxxlibver}
-Summary: C++ interface runtime library for ImageMagick
-Group: Development/Libraries/C and C++
-Recommends: ImageMagick
-
-%package -n libMagick++-devel
-Summary: Development files for ImageMagick's C++ interface
-Group: Development/Libraries/C and C++
-Requires: libMagick++%{libspec}%{cxxlibver} = %{version}
-Requires: libstdc++-devel
-Requires: pkgconfig(ImageMagick) = %{mfr_version}
-
-%package doc
-Summary: Document Files for ImageMagick Library
-Group: Documentation/HTML
-BuildArch: noarch
-
-%package config-7-upstream-open
-Summary: Open ImageMagick Security Policy
-Group: Development/Libraries/C and C++
-Requires(post): update-alternatives
-Requires(postun): update-alternatives
-Provides: imagick-config-7
-Obsoletes: config-7-upstream < %{version}
-Provides: config-7-upstream = %{version}
-
-%package config-7-upstream-limited
-Summary: Limited ImageMagick Security Policy
-Group: Development/Libraries/C and C++
-Requires(post): update-alternatives
-Requires(postun): update-alternatives
-Provides: imagick-config-7
-
-%package config-7-upstream-secure
-Summary: Secure ImageMagick Security Policy
-Group: Development/Libraries/C and C++
-Requires(post): update-alternatives
-Requires(postun): update-alternatives
-Provides: imagick-config-7
-
-%package config-7-upstream-websafe
-Summary: Web-safe ImageMagick Security Policy
-Group: Development/Libraries/C and C++
-Requires(post): update-alternatives
-Requires(postun): update-alternatives
-Provides: imagick-config-7
-
-%package config-7-SUSE
-Summary: SUSE Provided Configuration
-Group: Development/Libraries/C and C++
-Requires(post): update-alternatives
-Requires(postun): update-alternatives
-Provides: imagick-config-7
-
%description
ImageMagick is a robust collection of tools and libraries to read,
write, and manipulate an image in many image formats, including popular
@@ -207,6 +105,31 @@ different image formats. Image processing operations are available from
the command line as well as through C, C++, and Perl-based programming
interfaces.
+# BEGIN NIL FLAVOR
+%if "%{flavor}" == ""
+
+%package -n perl-PerlMagick
+Summary: Perl interface for ImageMagick
+Group: Development/Libraries/Perl
+Requires: ImageMagick = %{version}
+Requires: libMagickCore%{libspec}%{clibver} = %{version}
+Requires: perl = %{perl_version}
+
+%description -n perl-PerlMagick
+PerlMagick is an objected-oriented Perl interface to ImageMagick. Use
+the module to read, manipulate, or write an image or image sequence
+from within a Perl script. This makes it suitable for Web CGI scripts.
+
+%package devel
+Summary: Development files for ImageMagick's C interface
+Group: Development/Libraries/C and C++
+Requires: ImageMagick = %{version}
+Requires: glibc-devel
+Requires: libMagickCore%{libspec}%{clibver} = %{version}
+Requires: libMagickWand%{libspec}%{cwandver} = %{version}
+# bnc#741947:
+Requires: pkgconfig(bzip2)
+
%description devel
ImageMagick is a robust collection of tools and libraries to read,
write, and manipulate an image in many image formats, including popular
@@ -219,21 +142,32 @@ the command line as well as through C, C++, and Perl-based programming
interfaces.
%if !%{debug_build}
+%package extra
+Summary: Extra codecs for the ImageMagick image viewer/converter
+Group: Productivity/Graphics/Other
+Requires: ImageMagick = %{version}
+Requires: libMagickCore%{libspec}%{clibver} = %{version}
+Recommends: autotrace
+Recommends: dcraw
+Recommends: hp2xx
+Recommends: libwmf
+Recommends: netpbm
+Recommends: transfig
+
%description extra
This package adds support for djvu, wmf and jpeg2000 formats and
installs optional helper applications.
-
-ImageMagick is a robust collection of tools and libraries to read,
-write, and manipulate an image in many image formats, including popular
-formats like TIFF, JPEG, PNG, PDF, PhotoCD, and GIF. With ImageMagick,
-you can create images dynamically, making it suitable for Web
-applications. You can also resize, rotate, sharpen, color-reduce, or
-add special effects to an image and save your completed work in many
-different image formats. Image processing operations are available from
-the command line as well as through C, C++, and Perl-based programming
-interfaces.
%endif
+%package -n libMagickCore%{libspec}%{clibver}
+Summary: C runtime library for ImageMagick
+Group: Productivity/Graphics/Other
+Requires: imagick-config-7
+Recommends: ImageMagick-config-7-SUSE
+Recommends: ghostscript
+Suggests: ImageMagick-extra = %{version}
+Recommends: ImageMagick
+
%description -n libMagickCore%{libspec}%{clibver}
ImageMagick is a robust collection of tools and libraries to read,
write, and manipulate an image in many image formats, including popular
@@ -245,6 +179,11 @@ different image formats. Image processing operations are available from
the command line as well as through C, C++, and Perl-based programming
interfaces.
+%package -n libMagickWand%{libspec}%{cwandver}
+Summary: C runtime library for ImageMagick
+Group: Productivity/Graphics/Other
+Recommends: ImageMagick
+
%description -n libMagickWand%{libspec}%{cwandver}
ImageMagick is a robust collection of tools and libraries to read,
write, and manipulate an image in many image formats, including popular
@@ -256,10 +195,10 @@ different image formats. Image processing operations are available from
the command line as well as through C, C++, and Perl-based programming
interfaces.
-%description -n perl-PerlMagick
-PerlMagick is an objected-oriented Perl interface to ImageMagick. Use
-the module to read, manipulate, or write an image or image sequence
-from within a Perl script. This makes it suitable for Web CGI scripts.
+%package -n libMagick++%{libspec}%{cxxlibver}
+Summary: C++ interface runtime library for ImageMagick
+Group: Development/Libraries/C and C++
+Recommends: ImageMagick
%description -n libMagick++%{libspec}%{cxxlibver}
This is Magick++, the object-oriented C++ API for the ImageMagick
@@ -276,6 +215,13 @@ De-referenced copies are automatically deleted. The image objects
support value (rather than pointer) semantics so it is trivial to
support multiple generations of an image in memory at one time.
+%package -n libMagick++-devel
+Summary: Development files for ImageMagick's C++ interface
+Group: Development/Libraries/C and C++
+Requires: libMagick++%{libspec}%{cxxlibver} = %{version}
+Requires: libstdc++-devel
+Requires: pkgconfig(ImageMagick) = %{mfr_version}
+
%description -n libMagick++-devel
This is Magick++, the object-oriented C++ API for the ImageMagick
image-processing library.
@@ -291,68 +237,28 @@ De-referenced copies are automatically deleted. The image objects
support value (rather than pointer) semantics so it is trivial to
support multiple generations of an image in memory at one time.
+%package doc
+Summary: Document Files for ImageMagick Library
+Group: Documentation/HTML
+BuildArch: noarch
+
%description doc
HTML documentation for ImageMagick library and scene examples.
-%description config-7-upstream-open
-This policy is designed for usage in secure settings like those
-protected by firewalls or within Docker containers. Within this framework,
-ImageMagick enjoys broad access to resources and functionalities. This policy
-provides convenient and adaptable options for image manipulation. However,
-it's important to note that it might present security vulnerabilities in
-less regulated conditions. Thus, organizations should thoroughly assess
-the appropriateness of the open policy according to their particular use
-case and security prerequisites.
-
-%description config-7-upstream-limited
-The primary objective of the limited security policy is to find a
-middle ground between convenience and security. This policy involves the
-deactivation of potentially hazardous functionalities, like specific coders
-such as SVG or HTTP. Furthermore, it establishes several constraints on
-the utilization of resources like memory, storage, and processing duration,
-all of which are adjustable. This policy proves advantageous in situations
-where there's a need to mitigate the potential threat of handling possibly
-malicious or demanding images, all while retaining essential capabilities
-for prevalent image formats.
-
-%description config-7-upstream-secure
-This stringent security policy prioritizes the implementation of
-rigorous controls and restricted resource utilization to establish a
-profoundly secure setting while employing ImageMagick. It deactivates
-conceivably hazardous functionalities, including specific coders like
-SVG or HTTP. The policy promotes the tailoring of security measures to
-harmonize with the requirements of the local environment and the guidelines
-of the organization. This protocol encompasses explicit particulars like
-limitations on memory consumption, sanctioned pathways for reading and
-writing, confines on image sequences, the utmost permissible duration of
-workflows, allocation of disk space intended for image data, and even an
-undisclosed passphrase for remote connections. By adopting this robust
-policy, entities can elevate their overall security stance and alleviate
-potential vulnerabilities.
-
-%description config-7-upstream-websafe
-This security protocol designed for web-safe usage focuses on situations
-where ImageMagick is applied in publicly accessible contexts, like websites.
-It deactivates the capability to read from or write to any image formats
-other than web-safe formats like GIF, JPEG, and PNG. Additionally, this
-policy prohibits the execution of image filters and indirect reads, thereby
-thwarting potential security breaches. By implementing these limitations,
-the web-safe policy fortifies the safeguarding of systems accessible to
-the public, reducing the risk of exploiting ImageMagick's capabilities
-for potential attacks.
+%package config-7-SUSE
+Summary: SUSE Provided Configuration
+Group: Development/Libraries/C and C++
+Provides: imagick-config-7
+Conflicts: imagick-config-7
+BuildArch: noarch
%description config-7-SUSE
-ImageMagick configuration as provide by SUSE. It is upstream 'secure'
+ImageMagick configuration as provided by SUSE. It is upstream 'secure'
policy plus disable few other coders for reading and/or writing.
%prep
%setup -q -n ImageMagick-%{source_version}
%patch -P 2 -p1
-%ifarch i586
-%if %{?suse_version} < 1550
-%patch -P 4 -p1
-%endif
-%endif
%ifarch s390x
%patch -P 5 -p1
%endif
@@ -371,6 +277,7 @@ export SHAREARCH_DIRNAME="config%{libspec}%{clibver}"
export CFLAGS="%{optflags} -O0"
export CXXFLAGS="%{optflags} -O0"
%endif
+export CONFIGURE_RELATIVE_PATH=%{config_dir}
%configure \
--disable-silent-rules \
--enable-shared \
@@ -406,8 +313,8 @@ export CXXFLAGS="%{optflags} -O0"
--without-gcc-arch \
--enable-pipes=no \
--enable-reproducible-build=yes \
- --disable-openmp \
- --with-security-policy=open # open for %%check
+ --disable-openmp
+
%if %{asan_build}
sed -i -e 's/\(^CFLAGS.*\)/\1 -fsanitize=address/' \
-e 's/\(^LIBS =.*\)/\1 -lasan/' \
@@ -426,18 +333,19 @@ chmod -x PerlMagick/demo/*.pl
exit 0
%check
+%ifarch i586
+# do not report test issues related to 32-bit architectures upstream,
+# they do not want to dedicate any time to fix them:
+# https://github.com/ImageMagick/ImageMagick/issues/1215
+exit 0
+%endif
%if %{debug_build} || %{asan_build}
# testsuite does not succeed for some reason
# research TODO
exit 0
%endif
-%ifarch i586
-# do not report test issues related to 32-bit architectures upstream,
-# they do not want to dedicate any time to fix them:
-# https://github.com/ImageMagick/ImageMagick/issues/1215
-rm PerlMagick/t/montage.t
-sed -i -e 's:averageImages ::' -e 's:1..13:1..12:' Magick++/tests/tests.tap
-%endif
+# ensure we do not block any coder by security policy
+cp config/policy-open.xml config/policy.xml
%make_build check
export MAGICK_CODER_MODULE_PATH=$PWD/coders/.libs
export MAGICK_CODER_FILTER_PATH=$PWD/filters/.libs
@@ -450,24 +358,17 @@ sed -i 's:TEST_VERBOSE=0:TEST_VERBOSE=1:' Makefile
cd ..
%install
-%make_install pkgdocdir=%{_defaultdocdir}/ImageMagick-%{maj}/
-# configuration magic
-mv -t %{buildroot}%{_sysconfdir}/ImageMagick* %{buildroot}%{_datadir}/ImageMagick*/*.xml
-for policy in open limited secure websafe; do
- cp -r %{buildroot}%{_sysconfdir}/%{config_dir}{,-upstream-$policy}
- cp config/policy-$policy.xml %{buildroot}%{_sysconfdir}/%{config_dir}-upstream-$policy
-done
-mv %{buildroot}%{_sysconfdir}/%{config_dir}{,-SUSE}
-cp config/policy-secure.xml %{buildroot}%{_sysconfdir}/%{config_dir}-SUSE
-patch --fuzz=0 --dir %{buildroot}%{_sysconfdir}/%{config_dir}-SUSE < %{PATCH0}
-mkdir -p %{buildroot}%{_sysconfdir}/alternatives/
-ln -sf %{_sysconfdir}/alternatives/%{config_dir} %{buildroot}%{_sysconfdir}/%{config_dir}
+%make_install pkgdocdir=%{_defaultdocdir}/ImageMagick-7/
+# default policy (SUSE)
+cp config/policy-secure.xml config/policy.xml
+patch --fuzz=0 -p1 < %{PATCH0}
+cp config/policy.xml %{buildroot}%{_sysconfdir}/%{config_dir}
# symlink header file relative to /usr/include/ImageMagick-7/
# so that inclusions like wand/*.h and magick/*.h work
-ln -s ./MagickCore %{buildroot}%{_includedir}/ImageMagick-%{maj}/magick
-ln -s ./MagickWand %{buildroot}%{_includedir}/ImageMagick-%{maj}/wand
+ln -s ./MagickCore %{buildroot}%{_includedir}/ImageMagick-7/magick
+ln -s ./MagickWand %{buildroot}%{_includedir}/ImageMagick-7/wand
# these will be included via %%doc
-rm -r %{buildroot}%{_datadir}/doc/ImageMagick-%{maj}/
+rm -r %{buildroot}%{_datadir}/doc/ImageMagick-7/
rm %{buildroot}%{_libdir}/*.la
# remove RPATH from perl module
perl_module=$(find %{buildroot}%{_prefix}/lib/perl5 -name '*.so')
@@ -477,8 +378,8 @@ chmod 555 $perl_module
# remove %%{buildroot} from distributed file
sed -i 's:%{buildroot}::' %{buildroot}/%{_libdir}/ImageMagick-%{mfr_version}/config%{libspec}%{clibver}/configure.xml
#remove duplicates
-%fdupes -s %{buildroot}%{_defaultdocdir}/ImageMagick-%{maj}
-%fdupes -s %{buildroot}%{_includedir}/ImageMagick-%{maj}
+%fdupes -s %{buildroot}%{_defaultdocdir}/ImageMagick-7
+%fdupes -s %{buildroot}%{_includedir}/ImageMagick-7
%fdupes -s %{buildroot}%{_libdir}/pkgconfig
%perl_process_packlist
@@ -489,96 +390,14 @@ sed -i 's:%{buildroot}::' %{buildroot}/%{_libdir}/ImageMagick-%{mfr_version}/con
%post -n libMagick++%{libspec}%{cxxlibver} -p /sbin/ldconfig
%postun -n libMagick++%{libspec}%{cxxlibver} -p /sbin/ldconfig
-%pretrans config-7-upstream-open -p
--- this %pretrans to be removed soon [bug#1122033#37]
-path = "%{_sysconfdir}/%{config_dir}"
-st = posix.stat(path)
-if st and st.type == "directory" then
- os.remove(path .. ".rpmmoved")
- os.rename(path, path .. ".rpmmoved")
-end
-
-%pretrans config-7-upstream-limited -p
--- this %pretrans to be removed soon [bug#1122033#c37]
-path = "%{_sysconfdir}/%{config_dir}"
-st = posix.stat(path)
-if st and st.type == "directory" then
- os.remove(path .. ".rpmmoved")
- os.rename(path, path .. ".rpmmoved")
-end
-
-%pretrans config-7-upstream-secure -p
--- this %pretrans to be removed soon [bug#1122033#c37]
-path = "%{_sysconfdir}/%{config_dir}"
-st = posix.stat(path)
-if st and st.type == "directory" then
- os.remove(path .. ".rpmmoved")
- os.rename(path, path .. ".rpmmoved")
-end
-
-%pretrans config-7-SUSE -p
--- this %pretrans to be removed soon [bug#1122033#c37]
-path = "%{_sysconfdir}/%{config_dir}"
-st = posix.stat(path)
-if st and st.type == "directory" then
- os.remove(path .. ".rpmmoved")
- os.rename(path, path .. ".rpmmoved")
-end
-
-%pretrans config-7-upstream-websafe -p
--- this %pretrans to be removed soon [bug#1122033#c37]
-path = "%{_sysconfdir}/%{config_dir}"
-st = posix.stat(path)
-if st and st.type == "directory" then
- os.remove(path .. ".rpmmoved")
- os.rename(path, path .. ".rpmmoved")
-end
-
-%post config-7-upstream-open
-%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-open 1
-
-%postun config-7-upstream-open
-if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
- %{_sbindir}/update-alternatives --quiet --remove %{config_dir} %{_sysconfdir}/%{config_dir}-upstream
-fi
-
-%post config-7-upstream-limited
-%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-limited 5
-
-%postun config-7-upstream-limited
-if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
- %{_sbindir}/update-alternatives --quiet --remove %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-limited
-fi
-
-%post config-7-upstream-secure
-%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-secure 10
-
-%postun config-7-upstream-secure
-if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
- %{_sbindir}/update-alternatives --quiet --remove %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-secure
-fi
-
-%post config-7-SUSE
-%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-SUSE 15
-
-%postun config-7-SUSE
-if [ ! -d %{_sysconfdir}/%{config_dir}-SUSE ] ; then
- %{_sbindir}/update-alternatives --quiet --remove %{config_dir} %{_sysconfdir}/%{config_dir}-SUSE
-fi
-
-%post config-7-upstream-websafe
-%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-websafe 20
-
-%postun config-7-upstream-websafe
-if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
- %{_sbindir}/update-alternatives --quiet --remove %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-websafe
-fi
-
%files
%license LICENSE
%{_bindir}/[^MW]*
%{_mandir}/man1/*
%exclude %{_mandir}/man1/*-config.1%{ext_man}
+%{_datadir}/ImageMagick-7
+%{_sysconfdir}/%{config_dir}
+%exclude %{_sysconfdir}/%{config_dir}/policy.xml
%files -n libMagickCore%{libspec}%{clibver}
%license LICENSE
@@ -650,36 +469,149 @@ fi
%{_mandir}/man1/Magick++-config.1%{?ext_man}
%files doc
-%{_defaultdocdir}/ImageMagick-%{maj}
-
-%files config-7-upstream-open
-%dir %{_sysconfdir}/ImageMagick*-upstream-open/
-%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-open/*
-%{_sysconfdir}/%{config_dir}
-%ghost %{_sysconfdir}/alternatives/%{config_dir}
-
-%files config-7-upstream-limited
-%dir %{_sysconfdir}/ImageMagick*-upstream-limited/
-%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-limited/*
-%{_sysconfdir}/%{config_dir}
-%ghost %{_sysconfdir}/alternatives/%{config_dir}
-
-%files config-7-upstream-secure
-%dir %{_sysconfdir}/ImageMagick*-upstream-secure/
-%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-secure/*
-%{_sysconfdir}/%{config_dir}
-%ghost %{_sysconfdir}/alternatives/%{config_dir}
+%{_defaultdocdir}/ImageMagick-7
%files config-7-SUSE
-%dir %{_sysconfdir}/ImageMagick*-SUSE/
-%config %{_sysconfdir}/ImageMagick*-SUSE/*
-%{_sysconfdir}/%{config_dir}
-%ghost %{_sysconfdir}/alternatives/%{config_dir}
+%{_sysconfdir}/%{config_dir}/policy.xml
+
+%endif
+# END NIL FLAVOR
+
+%if "%{flavor}" == "config_open"
+%package config-7-upstream-open
+Summary: Open ImageMagick Security Policy
+Group: Development/Libraries/C and C++
+Provides: imagick-config-7
+Obsoletes: config-7-upstream < %{version}
+Provides: config-7-upstream = %{version}
+Conflicts: imagick-config-7
+BuildArch: noarch
+
+%description config-7-upstream-open
+This policy is designed for usage in secure settings like those
+protected by firewalls or within Docker containers. Within this framework,
+ImageMagick enjoys broad access to resources and functionalities. This policy
+provides convenient and adaptable options for image manipulation. However,
+it's important to note that it might present security vulnerabilities in
+less regulated conditions. Thus, organizations should thoroughly assess
+the appropriateness of the open policy according to their particular use
+case and security prerequisites.
+
+%prep
+%setup -q -n ImageMagick-%{source_version}
+
+%build
+
+%install
+mkdir -p %{buildroot}%{_sysconfdir}/%{config_dir}/
+cp config/policy-open.xml %{buildroot}%{_sysconfdir}/%{config_dir}/policy.xml
+
+%files config-7-upstream-open
+%dir %{_sysconfdir}/%{config_dir}
+%config(noreplace) %{_sysconfdir}/%{config_dir}/policy.xml
+%endif
+
+%if "%{flavor}" == "config_limited"
+%package config-7-upstream-limited
+Summary: Limited ImageMagick Security Policy
+Group: Development/Libraries/C and C++
+Provides: imagick-config-7
+Conflicts: imagick-config-7
+BuildArch: noarch
+
+%description config-7-upstream-limited
+The primary objective of the limited security policy is to find a
+middle ground between convenience and security. This policy involves the
+deactivation of potentially hazardous functionalities, like specific coders
+such as SVG or HTTP. Furthermore, it establishes several constraints on
+the utilization of resources like memory, storage, and processing duration,
+all of which are adjustable. This policy proves advantageous in situations
+where there's a need to mitigate the potential threat of handling possibly
+malicious or demanding images, all while retaining essential capabilities
+for prevalent image formats.
+
+%prep
+%setup -q -n ImageMagick-%{source_version}
+
+%build
+
+%install
+mkdir -p %{buildroot}%{_sysconfdir}/%{config_dir}/
+cp config/policy-limited.xml %{buildroot}%{_sysconfdir}/%{config_dir}/policy.xml
+
+%files config-7-upstream-limited
+%dir %{_sysconfdir}/%{config_dir}
+%config(noreplace) %{_sysconfdir}/%{config_dir}/policy.xml
+%endif
+
+%if "%{flavor}" == "config_secure"
+%package config-7-upstream-secure
+Summary: Secure ImageMagick Security Policy
+Group: Development/Libraries/C and C++
+Provides: imagick-config-7
+Conflicts: imagick-config-7
+BuildArch: noarch
+
+%description config-7-upstream-secure
+This stringent security policy prioritizes the implementation of
+rigorous controls and restricted resource utilization to establish a
+profoundly secure setting while employing ImageMagick. It deactivates
+conceivably hazardous functionalities, including specific coders like
+SVG or HTTP. The policy promotes the tailoring of security measures to
+harmonize with the requirements of the local environment and the guidelines
+of the organization. This protocol encompasses explicit particulars like
+limitations on memory consumption, sanctioned pathways for reading and
+writing, confines on image sequences, the utmost permissible duration of
+workflows, allocation of disk space intended for image data, and even an
+undisclosed passphrase for remote connections. By adopting this robust
+policy, entities can elevate their overall security stance and alleviate
+potential vulnerabilities.
+
+%prep
+%setup -q -n ImageMagick-%{source_version}
+
+%build
+
+%install
+mkdir -p %{buildroot}%{_sysconfdir}/%{config_dir}/
+cp config/policy-secure.xml %{buildroot}%{_sysconfdir}/%{config_dir}/policy.xml
+
+%files config-7-upstream-secure
+%dir %{_sysconfdir}/%{config_dir}
+%config(noreplace) %{_sysconfdir}/%{config_dir}/policy.xml
+%endif
+
+%if "%{flavor}" == "config_websafe"
+%package config-7-upstream-websafe
+Summary: Web-safe ImageMagick Security Policy
+Group: Development/Libraries/C and C++
+Provides: imagick-config-7
+Conflicts: imagick-config-7
+BuildArch: noarch
+
+%description config-7-upstream-websafe
+This security protocol designed for web-safe usage focuses on situations
+where ImageMagick is applied in publicly accessible contexts, like websites.
+It deactivates the capability to read from or write to any image formats
+other than web-safe formats like GIF, JPEG, and PNG. Additionally, this
+policy prohibits the execution of image filters and indirect reads, thereby
+thwarting potential security breaches. By implementing these limitations,
+the web-safe policy fortifies the safeguarding of systems accessible to
+the public, reducing the risk of exploiting ImageMagick's capabilities
+for potential attacks.
+
+%prep
+%setup -q -n ImageMagick-%{source_version}
+
+%build
+
+%install
+mkdir -p %{buildroot}%{_sysconfdir}/%{config_dir}/
+cp config/policy-websafe.xml %{buildroot}%{_sysconfdir}/%{config_dir}/policy.xml
%files config-7-upstream-websafe
-%dir %{_sysconfdir}/ImageMagick*-upstream-websafe/
-%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-websafe/*
-%{_sysconfdir}/%{config_dir}
-%ghost %{_sysconfdir}/alternatives/%{config_dir}
+%dir %{_sysconfdir}/%{config_dir}
+%config(noreplace) %{_sysconfdir}/%{config_dir}/policy.xml
+%endif
%changelog
diff --git a/_multibuild b/_multibuild
new file mode 100644
index 0000000..3321dde
--- /dev/null
+++ b/_multibuild
@@ -0,0 +1,6 @@
+
+ config_open
+ config_limited
+ config_secure
+ config_websafe
+