Sync from SUSE:SLFO:Main ImageMagick revision 9a5641686af9c820e97e1eb2b49f28d4

ImageMagick-0-1-are-special-cases-for-pow.patch

@@ -1,36 +0,0 @@
-diff --git a/MagickCore/statistic.c b/MagickCore/statistic.c
-index 8489fa4a0d1..377c7256a92 100644
---- a/MagickCore/statistic.c
-+++ b/MagickCore/statistic.c
-@@ -377,7 +377,7 @@ static double ApplyEvaluateOperator(RandomInfo *random_info,const Quantum pixel,
-     }
-     case PowEvaluateOperator:
-     {
--      if (PerceptibleReciprocal(value) <= MagickEpsilon)
-+      if (fabs(value) <= MagickEpsilon)
-         break;
-       if (((double) pixel < 0.0) && ((value-floor(value)) > MagickEpsilon))
-         result=(double) -((double) QuantumRange*pow(-(QuantumScale*(double)
-diff --git a/MagickWand/operation.c b/MagickWand/operation.c
-index 38e3145c321..1d853eedeb5 100644
---- a/MagickWand/operation.c
-+++ b/MagickWand/operation.c
-@@ -2477,14 +2477,15 @@ static MagickBooleanType CLISimpleOperatorImage(MagickCLI *cli_wand,
-           if (IsGeometry(arg1) == MagickFalse)
-             CLIWandExceptArgBreak(OptionError,"InvalidArgument",option,arg1);
-           constant=StringToDouble(arg1,(char **) NULL);
--#if 1
-+#if 0
-           /* Using Gamma, via a cache */
-           if (IfPlusOp)
-             constant=PerceptibleReciprocal(constant);
-           (void) GammaImage(_image,constant,_exception);
- #else
-           /* Using Evaluate POW, direct update of values - more accurate */
--          if (IfNormalOp)
-+          if (IfNormalOp && (fabs(constant) <= MagickEpsilon) &&
-+             ((constant-1.0) > MagickEpsilon))
-             constant=PerceptibleReciprocal(constant);
-           (void) EvaluateImage(_image,PowEvaluateOperator,constant,_exception);
-           _image->gamma*=StringToDouble(arg1,(char **) NULL);
-

ImageMagick-7.1.1-43.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmdoeJIACgkQiatj1IJ3
-N3rgoRAAph8B3N6Ssar9NhlOPJ5QlUIjTkBkh/psvKlvYuYAc7g00pQrDdqvnyqn
-+hWwX4s49RP2nxfTx1A7HNaWyOw/xhaV/24FLdadw1HP2SelkX2aad1SDjvUMKA1
-PGaK7v3/V6krCZINW3Yq7Rm3aN/gRxm428YY2yO5N7GBi5KhdcImOcNdLpZzq9Jw
-mr9vXwK9ax/5wop3VAF724qlSNOACS9EqM/Yk+YdGg/ZruVmuVrWG91ySSWzBqSq
-wNwKympBQwZeOkEPd5rGNidFdrGKdym4gxcOp/cz/F0ThtFbQjI8A/3CPaRRKAPW
-0EtigG8x++l5HSrgxXGqQtR+y+m3J2RJ4JdXThL89sZV/mWy3Gjq8YOSxViPm06H
-DIaEDKEV6oK5a8bBs64/JGaKSmjQGqdcpS/FNTRt6OjSZSB+INdmIj19bt8P+WrW
-mnMzskbDMvGpW2DKtqQdvQttiWdeJjUtc8hYUUeyA7dvBAMFyS4gJsvSx60IJF2l
-Kom6fDBn3ZaFGQs1qyTMukONkKoxhwd4S9sTMhWNWrfGGzfyMpJrRA8BHBqc7naw
-yP+ucV4+hYknN7JvuE8ju4PZ6Fyb4fF4TwsiRaN/5FcdBwCMAdNX8oit5PaOBt5u
-Xe7mF8k81e5FKs4XyK0DZC2jALo8AIzGICxM5qGEeiGcecD00Ow=
-=QK9r
------END PGP SIGNATURE-----

ImageMagick-7.1.2-0.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmhzpugACgkQiatj1IJ3
+N3oAxg/+LGUZrTHB3ZHWWHZuL7aTDbWTyZVeCkV7ATnx0fysNsAijQE3F1ZWRXA9
+F8thN4POBodTtLo1WT4txSe15xkgspl/zcBceREtmvnukTLMhxqeh+7puW4ymgso
+UXuwH+ACHK7eTTIMFe57R3cjJYQiVVJ3VfGpa5T9kqHUFY2QR0R1irnsIBIO0Svu
+Xhf4ruxoEmAPqNPeR4SH+XfivrMflm2OXUlTmGJz8eiCs9Q2CLi6UzXadllYN8qj
+i7nBKW6QfWRl1GktwCdNQ5V8by6LbZbH5a+ns+7txyFd73IGIzO69izR6ZTpz+0Z
+haW+TqXlvX36w/QFbKkXzNzHRq5R708uE60htURdP5nKdPsmpuXUK32shNhQv349
+V6z7NxwVVkkvvgVn9c8cXr1BAF//X0WnaXNQqEpggDBYc8wEio+JoS0WwAzoWuSL
+v/oBKQQHB57hUgwGs1TvDzEAx5rDdU/CJf60kfcwMT1ep7Xo7egvFcaXacRmUSsj
+IFWE3GXtXGrcK6QEqv90YbLSbdTW4Li8lWQVd6ZGilfoLLuTwSbVwoEYfdZxvAdy
+PYTgSHzN/v09hn3T4yvQilV2xG8HD8wHr6nnb2EBQX5Nm2ZviUdUdMo4xQeZnhZd
+UafoFf9TK8QoPSQeEYoSIwjuixBHrNuEgNKd1+Lch01K04Xdi+M=
+=cMIz
+-----END PGP SIGNATURE-----

ImageMagick-check-for-pow-zero.patch

@@ -1,23 +0,0 @@
-diff --git a/MagickCore/statistic.c b/MagickCore/statistic.c
-index caa221e7f34..8489fa4a0d1 100644
---- a/MagickCore/statistic.c
-+++ b/MagickCore/statistic.c
-@@ -377,12 +377,13 @@ static double ApplyEvaluateOperator(RandomInfo *random_info,const Quantum pixel,
-     }
-     case PowEvaluateOperator:
-     {
--      if (((double) pixel < 0) && ((value-floor(value)) > MagickEpsilon))
-+      if (PerceptibleReciprocal(value) <= MagickEpsilon)
-+        break;
-+      if (((double) pixel < 0.0) && ((value-floor(value)) > MagickEpsilon))
-         result=(double) -((double) QuantumRange*pow(-(QuantumScale*(double)
--          pixel),(double) value));
-+          pixel),value));
-       else
--        result=(double) QuantumRange*pow(QuantumScale*(double) pixel,
--          (double) value);
-+        result=(double) QuantumRange*pow(QuantumScale*(double) pixel,value);
-       break;
-     }
-     case RightShiftEvaluateOperator:
-

ImageMagick-configuration-SUSE.patch

@@ -1,7 +1,5 @@
-Index: ImageMagick-7.1.1-30/config/policy-secure.xml
-===================================================================
---- ImageMagick-7.1.1-30.orig/config/policy-secure.xml
-+++ ImageMagick-7.1.1-30/config/policy-secure.xml
+--- ImageMagick-7.1.1-30/config/policy.xml
++++ ImageMagick-7.1.1-30/config/policy.xml
 @@ -62,7 +62,7 @@
    <policy domain="resource" name="disk" value="1GiB"/>
    <!-- Set the maximum length of an image sequence.  When this limit is
@@ -11,26 +9,39 @@ Index: ImageMagick-7.1.1-30/config/policy-secure.xml
    <!-- Set the maximum width of an image.  When this limit is exceeded, an
         exception is thrown. -->
    <policy domain="resource" name="width" value="8KP"/>
-@@ -83,17 +83,19 @@
+@@ -83,11 +83,11 @@
    <!-- Replace passphrase for secure distributed processing -->
    <!-- <policy domain="cache" name="shared-secret" value="secret-passphrase" stealth="true"/> -->
    <!-- Do not permit any delegates to execute. -->
 -  <policy domain="delegate" rights="none" pattern="*"/>
-+  <!--policy domain="delegate" rights="none" pattern="*"/-->
++  <!--policy domain="delegate" rights="none" pattern="*"/ -->
    <!-- Do not permit any image filters to load. -->
    <policy domain="filter" rights="none" pattern="*"/>
    <!-- Don't read/write from/to stdin/stdout. -->
 -  <policy domain="path" rights="none" pattern="-"/>
-+  <!--policy domain="path" rights="none" pattern="-"/-->
++  <!--policy domain="path" rights="none" pattern="-"/ -->
    <!-- don't read sensitive paths. -->
    <policy domain="path" rights="none" pattern="/etc/*"/>
    <!-- Indirect reads are not permitted. -->
-   <policy domain="path" rights="none" pattern="@*"/>
-+  <!-- These image types can expose risks on read and write -->
-+  <policy domain="module" rights="none" pattern="{EPHEMERAL,URL,HTTPS,MVG,MSL,TEXT,SHOW,WIN,PLT}"/>
-   <!-- These image types are security risks on read, but write is fine -->
--  <policy domain="module" rights="write" pattern="{MSL,MVG,PS,SVG,URL,XPS}"/>
-+  <policy domain="module" rights="write" pattern="{MSL,MVG,PS,URL,XPS,PDF,EPI,EPS,PCL,PS1,PS2,PS3}"/>
-   <!-- This policy sets the number of times to replace content of certain
-        memory buffers and temporary files before they are freed or deleted. -->
-   <policy domain="system" name="shred" value="1"/>
+@@ -103,4 +103,20 @@
+   <!-- Set the maximum amount of memory in bytes that are permitted for
+        allocation requests. -->
+   <policy domain="system" name="max-memory-request" value="256MiB"/>
++  <!-- Disable insecure coders by default -->
++  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
++  <policy domain="coder" rights="none" pattern="URL" />
++  <policy domain="coder" rights="none" pattern="HTTPS" />
++  <policy domain="coder" rights="none" pattern="MVG" />
++  <policy domain="coder" rights="none" pattern="MSL" />
++  <policy domain="coder" rights="none" pattern="TEXT" />
++  <policy domain="coder" rights="none" pattern="SHOW" />
++  <policy domain="coder" rights="none" pattern="WIN" />
++  <policy domain="coder" rights="none" pattern="PLT" />
++  <policy domain="coder" rights="write" pattern="PS" />
++  <policy domain="coder" rights="write" pattern="PS2" />
++  <policy domain="coder" rights="write" pattern="PS3" />
++  <policy domain="coder" rights="write" pattern="PDF" />
++  <policy domain="coder" rights="write" pattern="XPS" />
++  <policy domain="coder" rights="write" pattern="PCL" />
+ </policymap>
+

ImageMagick-filter.t-disable-Contrast.patch

@@ -1,12 +0,0 @@
---- a/PerlMagick/t/filter.t.orig	2021-10-04 14:07:03.016458903 +0000
-+++ b/PerlMagick/t/filter.t	2021-10-04 14:08:31.717025766 +0000
-@@ -57,7 +57,7 @@ testFilterCompare('input.miff', "fuzz=>$
- testFilterCompare('input.miff', "fuzz=>$fuzz", 'reference/filter/Colorize.miff', 'Colorize', q/fill=>"red", blend=>"50%"/, 0.00001, 0.004);
- ++$test;
- 
--testFilterCompare('input.miff',  q//, 'reference/filter/Contrast.miff', 'Contrast', q//, 0.00001, 0.004);
-+testFilterCompare('input.miff',  q//, 'reference/filter/Contrast.miff', 'Contrast', q//, 0.0002, 0.4);
- ++$test;
- 
- testFilterCompare('input.miff',  q//, 'reference/filter/Convolve.miff', 'Convolve', q/[0.0625, 0.0625, 0.0625, 0.0625, 0.5, 0.0625, 0.0625, 0.0625, 0.0625]/, 0.1, 0.7);
-

ImageMagick-gamma-should-call-GammaImage.patch

@@ -1,14 +0,0 @@
-diff --git a/MagickWand/operation.c b/MagickWand/operation.c
-index bbe00a5e5ca..38e3145c321 100644
---- a/MagickWand/operation.c
-+++ b/MagickWand/operation.c
-@@ -2477,7 +2477,7 @@ static MagickBooleanType CLISimpleOperatorImage(MagickCLI *cli_wand,
-           if (IsGeometry(arg1) == MagickFalse)
-             CLIWandExceptArgBreak(OptionError,"InvalidArgument",option,arg1);
-           constant=StringToDouble(arg1,(char **) NULL);
--#if 0
-+#if 1
-           /* Using Gamma, via a cache */
-           if (IfPlusOp)
-             constant=PerceptibleReciprocal(constant);
-

ImageMagick-library-installable-in-parallel.patch

@@ -1,8 +1,8 @@
-Index: ImageMagick-7.1.1-38/configure
+Index: ImageMagick-7.1.2-0/configure
 ===================================================================
---- ImageMagick-7.1.1-38.orig/configure
-+++ ImageMagick-7.1.1-38/configure
-@@ -35059,7 +35059,9 @@ fi
+--- ImageMagick-7.1.2-0.orig/configure
++++ ImageMagick-7.1.2-0/configure
+@@ -37225,7 +37225,9 @@ fi
  
  
  # Subdirectory to place architecture-dependent configuration files

ImageMagick.changes

@@ -1,3 +1,63 @@
+-------------------------------------------------------------------
+Tue Jul 15 11:36:19 UTC 2025 - pgajdos@suse.com
+
+- version update to 7.1.2.0
+  * magick-config.h: Remove redundant block by @ferdnyc in #8076
+  * Remove generated 'magick.sh' from repo by @ferdnyc in #8075
+  * JXL: Preserve ICC profile for lossless encoding by @ferdnyc in #8074
+  * Support ICN file extension for old Windows icons by @bitplane in #8107
+  * fix build when libjpeg is not in its default location by @mmomtchev in #8172
+  * Change 'Mac OS X' to 'macOS' in descriptions and comments by @gy-mate in #8224
+  * Fix NULL pointer dereference in XWarning by @moon044 in #8230
+- modified patches
+  % ImageMagick-library-installable-in-parallel.patch (refreshed)
+- fixes: CVE-2025-53101 [bsc#1246529]
+         CVE-2025-53014 [bsc#1246530]
+         CVE-2025-53015 [bsc#1246531]
+         CVE-2025-53019 [bsc#1246534]
+
+-------------------------------------------------------------------
+Mon May 26 09:10:06 UTC 2025 - pgajdos@suse.com
+
+- fix config policies [bsc#1243622]
+- modified patches
+  % ImageMagick-configuration-SUSE.patch (refreshed)
+
+-------------------------------------------------------------------
+Thu May 15 20:20:16 UTC 2025 - pgajdos@suse.com
+
+- drop update-alternatives usage, configuration alternative packages
+  now conflict
+- modified patches
+  % ImageMagick-configuration-SUSE.patch (refreshed)
+- added sources
+  + _multibuild
+- remove ImageMagick-filter.t-disable-Contrast.patch needed for i586
+  testing
+
+-------------------------------------------------------------------
+Tue Apr  1 11:44:59 UTC 2025 - pgajdos@suse.com
+
+- version update to 7.1.1.47
+  * try pngalpha if png16malpha not available by @remicollet in #8034
+  * Fix statistic.c GetImageRange initializer by @mtasaka in #8010
+- modified patches
+  % ImageMagick-library-installable-in-parallel.patch (refreshed)
+
+-------------------------------------------------------------------
+Sun Feb 23 20:52:21 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
+
+- version update to 7.1.1.44
+  * Bump azure/trusted-signing-action from 0.5.0 to 0.5.1 in #7895
+  * Enable any dither method such as Floyd-Steinberg for Magick::Image::map()
+    in #7937
+  * Magick++ Documentation Verification in #7906
+  * fix type casting in statistic.c in #7982
+- removed patched (upstreamed)
+  - ImageMagick-0-1-are-special-cases-for-pow.patch
+  - ImageMagick-check-for-pow-zero.patch
+  - ImageMagick-gamma-should-call-GammaImage.patch
+
 -------------------------------------------------------------------
 Mon Jan 20 13:34:51 UTC 2025 - pgajdos@suse.com
 

ImageMagick.spec

@@ -16,23 +16,25 @@
 #
 
 
+%global flavor          @BUILD_FLAVOR@%{nil}
+
 %define debug_build    0
 %define asan_build     0
-%define maj            7
-%define mfr_version    %{maj}.1.1
-%define mfr_revision   43
+%define mfr_version    7.1.2
+%define mfr_revision   0
 %define quantum_depth  16
 %define source_version %{mfr_version}-%{mfr_revision}
 %define clibver        10
 %define cwandver       10
 %define cxxlibver      5
-%define libspec        -%{maj}_Q%{quantum_depth}HDRI
-%define config_dir     ImageMagick-7
+%define libspec        -7_Q%{quantum_depth}HDRI
+%define config_dir     IM-7
 %define test_verbose   1
 # bsc#1088463
 %define urw_base35_fonts 0
 # do/don't pull djvulibre dependency
 %bcond_without djvu
+
 Name:           ImageMagick
 Version:        %{mfr_version}.%{mfr_revision}
 Release:        0
@@ -40,27 +42,15 @@ Summary:        Viewer and Converter for Images
 License:        ImageMagick
 Group:          Productivity/Graphics/Other
 URL:            https://imagemagick.org/
-Source0:        https://imagemagick.org/archive/releases/ImageMagick-%{mfr_version}-%{mfr_revision}.tar.xz
+Source0:        https://imagemagick.org/archive/releases/ImageMagick-%{source_version}.tar.xz
 Source1:        baselibs.conf
-Source2:        https://imagemagick.org/archive/releases/ImageMagick-%{mfr_version}-%{mfr_revision}.tar.xz.asc
+Source2:        https://imagemagick.org/archive/releases/ImageMagick-%{source_version}.tar.xz.asc
 Source3:        ImageMagick.keyring
 # suse specific patches
 Patch0:         ImageMagick-configuration-SUSE.patch
 Patch2:         ImageMagick-library-installable-in-parallel.patch
-#%%ifarch i586
-#%%if %%{?suse_version} < 1550
-Patch4:         ImageMagick-filter.t-disable-Contrast.patch
-#%%endif
-#%%endif
-#%%ifarch s390x
 Patch5:         ImageMagick-s390x-disable-tests.patch
-# https://github.com/ImageMagick/ImageMagick/commit/1afa38ae2fa87cf4eb48040e47d410aa729ce21e
-Patch6:         ImageMagick-check-for-pow-zero.patch
-# https://github.com/ImageMagick/ImageMagick/commit/056ccdbeac41c9b24b625e0139cd25a4cdffb22a
-Patch7:         ImageMagick-gamma-should-call-GammaImage.patch
-# https://github.com/ImageMagick/ImageMagick/commit/be3b73da674520ad3eab52ade2a3cda62af66d15
-Patch8:         ImageMagick-0-1-are-special-cases-for-pow.patch
-#%%endif
+
 BuildRequires:  chrpath
 BuildRequires:  dejavu-fonts
 BuildRequires:  fdupes
@@ -104,104 +94,6 @@ BuildRequires:  ghostscript-fonts-other
 BuildRequires:  ghostscript-fonts-std
 %endif
 
-%package -n perl-PerlMagick
-Summary:        Perl interface for ImageMagick
-Group:          Development/Libraries/Perl
-Requires:       ImageMagick = %{version}
-Requires:       libMagickCore%{libspec}%{clibver} = %{version}
-Requires:       perl = %{perl_version}
-
-%package devel
-Summary:        Development files for ImageMagick's C interface
-Group:          Development/Libraries/C and C++
-Requires:       ImageMagick = %{version}
-Requires:       glibc-devel
-Requires:       libMagickCore%{libspec}%{clibver} = %{version}
-Requires:       libMagickWand%{libspec}%{cwandver} = %{version}
-# bnc#741947:
-Requires:       pkgconfig(bzip2)
-%if !%{debug_build}
-%package extra
-Summary:        Extra codecs for the ImageMagick image viewer/converter
-Group:          Productivity/Graphics/Other
-Requires:       ImageMagick = %{version}
-Requires:       libMagickCore%{libspec}%{clibver} = %{version}
-Recommends:     autotrace
-Recommends:     dcraw
-Recommends:     hp2xx
-Recommends:     libwmf
-Recommends:     netpbm
-Recommends:     transfig
-%endif
-
-%package -n libMagickCore%{libspec}%{clibver}
-Summary:        C runtime library for ImageMagick
-Group:          Productivity/Graphics/Other
-Requires:       imagick-config-7
-Recommends:     ImageMagick-config-7-SUSE
-Recommends:     ghostscript
-Suggests:       ImageMagick-extra = %{version}
-Recommends:     ImageMagick
-
-%package -n libMagickWand%{libspec}%{cwandver}
-Summary:        C runtime library for ImageMagick
-Group:          Productivity/Graphics/Other
-Recommends:     ImageMagick
-
-%package -n libMagick++%{libspec}%{cxxlibver}
-Summary:        C++ interface runtime library for ImageMagick
-Group:          Development/Libraries/C and C++
-Recommends:     ImageMagick
-
-%package -n libMagick++-devel
-Summary:        Development files for ImageMagick's C++ interface
-Group:          Development/Libraries/C and C++
-Requires:       libMagick++%{libspec}%{cxxlibver} = %{version}
-Requires:       libstdc++-devel
-Requires:       pkgconfig(ImageMagick) = %{mfr_version}
-
-%package doc
-Summary:        Document Files for ImageMagick Library
-Group:          Documentation/HTML
-BuildArch:      noarch
-
-%package config-7-upstream-open
-Summary:        Open ImageMagick Security Policy
-Group:          Development/Libraries/C and C++
-Requires(post): update-alternatives
-Requires(postun): update-alternatives
-Provides:       imagick-config-7
-Obsoletes:      config-7-upstream < %{version}
-Provides:       config-7-upstream = %{version}
-
-%package config-7-upstream-limited
-Summary:        Limited ImageMagick Security Policy
-Group:          Development/Libraries/C and C++
-Requires(post): update-alternatives
-Requires(postun): update-alternatives
-Provides:       imagick-config-7
-
-%package config-7-upstream-secure
-Summary:        Secure ImageMagick Security Policy
-Group:          Development/Libraries/C and C++
-Requires(post): update-alternatives
-Requires(postun): update-alternatives
-Provides:       imagick-config-7
-
-%package config-7-upstream-websafe
-Summary:        Web-safe ImageMagick Security Policy
-Group:          Development/Libraries/C and C++
-Requires(post): update-alternatives
-Requires(postun): update-alternatives
-Provides:       imagick-config-7
-
-%package config-7-SUSE
-Summary:        SUSE Provided Configuration
-Group:          Development/Libraries/C and C++
-Requires(post): update-alternatives
-Requires(postun): update-alternatives
-Provides:       imagick-config-7
-
 %description
 ImageMagick is a robust collection of tools and libraries to read,
 write, and manipulate an image in many image formats, including popular
@@ -213,6 +105,31 @@ different image formats. Image processing operations are available from
 the command line as well as through C, C++, and Perl-based programming
 interfaces.
 
+# BEGIN NIL FLAVOR
+%if "%{flavor}" == ""
+
+%package -n perl-PerlMagick
+Summary:        Perl interface for ImageMagick
+Group:          Development/Libraries/Perl
+Requires:       ImageMagick = %{version}
+Requires:       libMagickCore%{libspec}%{clibver} = %{version}
+Requires:       perl = %{perl_version}
+
+%description -n perl-PerlMagick
+PerlMagick is an objected-oriented Perl interface to ImageMagick. Use
+the module to read, manipulate, or write an image or image sequence
+from within a Perl script. This makes it suitable for Web CGI scripts.
+
+%package devel
+Summary:        Development files for ImageMagick's C interface
+Group:          Development/Libraries/C and C++
+Requires:       ImageMagick = %{version}
+Requires:       glibc-devel
+Requires:       libMagickCore%{libspec}%{clibver} = %{version}
+Requires:       libMagickWand%{libspec}%{cwandver} = %{version}
+# bnc#741947:
+Requires:       pkgconfig(bzip2)
+
 %description devel
 ImageMagick is a robust collection of tools and libraries to read,
 write, and manipulate an image in many image formats, including popular
@@ -225,21 +142,32 @@ the command line as well as through C, C++, and Perl-based programming
 interfaces.
 
 %if !%{debug_build}
+%package extra
+Summary:        Extra codecs for the ImageMagick image viewer/converter
+Group:          Productivity/Graphics/Other
+Requires:       ImageMagick = %{version}
+Requires:       libMagickCore%{libspec}%{clibver} = %{version}
+Recommends:     autotrace
+Recommends:     dcraw
+Recommends:     hp2xx
+Recommends:     libwmf
+Recommends:     netpbm
+Recommends:     transfig
+
 %description extra
 This package adds support for djvu, wmf and jpeg2000 formats and
 installs optional helper applications.
-
-ImageMagick is a robust collection of tools and libraries to read,
-write, and manipulate an image in many image formats, including popular
-formats like TIFF, JPEG, PNG, PDF, PhotoCD, and GIF. With ImageMagick,
-you can create images dynamically, making it suitable for Web
-applications. You can also resize, rotate, sharpen, color-reduce, or
-add special effects to an image and save your completed work in many
-different image formats. Image processing operations are available from
-the command line as well as through C, C++, and Perl-based programming
-interfaces.
 %endif
 
+%package -n libMagickCore%{libspec}%{clibver}
+Summary:        C runtime library for ImageMagick
+Group:          Productivity/Graphics/Other
+Requires:       imagick-config-7
+Recommends:     ImageMagick-config-7-SUSE
+Recommends:     ghostscript
+Suggests:       ImageMagick-extra = %{version}
+Recommends:     ImageMagick
+
 %description -n libMagickCore%{libspec}%{clibver}
 ImageMagick is a robust collection of tools and libraries to read,
 write, and manipulate an image in many image formats, including popular
@@ -251,6 +179,11 @@ different image formats. Image processing operations are available from
 the command line as well as through C, C++, and Perl-based programming
 interfaces.
 
+%package -n libMagickWand%{libspec}%{cwandver}
+Summary:        C runtime library for ImageMagick
+Group:          Productivity/Graphics/Other
+Recommends:     ImageMagick
+
 %description -n libMagickWand%{libspec}%{cwandver}
 ImageMagick is a robust collection of tools and libraries to read,
 write, and manipulate an image in many image formats, including popular
@@ -262,10 +195,10 @@ different image formats. Image processing operations are available from
 the command line as well as through C, C++, and Perl-based programming
 interfaces.
 
-%description -n perl-PerlMagick
-PerlMagick is an objected-oriented Perl interface to ImageMagick. Use
-the module to read, manipulate, or write an image or image sequence
-from within a Perl script. This makes it suitable for Web CGI scripts.
+%package -n libMagick++%{libspec}%{cxxlibver}
+Summary:        C++ interface runtime library for ImageMagick
+Group:          Development/Libraries/C and C++
+Recommends:     ImageMagick
 
 %description -n libMagick++%{libspec}%{cxxlibver}
 This is Magick++, the object-oriented C++ API for the ImageMagick
@@ -282,6 +215,13 @@ De-referenced copies are automatically deleted. The image objects
 support value (rather than pointer) semantics so it is trivial to
 support multiple generations of an image in memory at one time.
 
+%package -n libMagick++-devel
+Summary:        Development files for ImageMagick's C++ interface
+Group:          Development/Libraries/C and C++
+Requires:       libMagick++%{libspec}%{cxxlibver} = %{version}
+Requires:       libstdc++-devel
+Requires:       pkgconfig(ImageMagick) = %{mfr_version}
+
 %description -n libMagick++-devel
 This is Magick++, the object-oriented C++ API for the ImageMagick
 image-processing library.
@@ -297,74 +237,31 @@ De-referenced copies are automatically deleted. The image objects
 support value (rather than pointer) semantics so it is trivial to
 support multiple generations of an image in memory at one time.
 
+%package doc
+Summary:        Document Files for ImageMagick Library
+Group:          Documentation/HTML
+BuildArch:      noarch
+
 %description doc
 HTML documentation for ImageMagick library and scene examples.
 
-%description config-7-upstream-open
-This policy is designed for usage in secure settings like those
-protected by firewalls or within Docker containers. Within this framework,
-ImageMagick enjoys broad access to resources and functionalities. This policy
-provides convenient and adaptable options for image manipulation. However,
-it's important to note that it might present security vulnerabilities in
-less regulated conditions. Thus, organizations should thoroughly assess
-the appropriateness of the open policy according to their particular use
-case and security prerequisites.
-
-%description config-7-upstream-limited
-The primary objective of the limited security policy is to find a
-middle ground between convenience and security. This policy involves the
-deactivation of potentially hazardous functionalities, like specific coders
-such as SVG or HTTP. Furthermore, it establishes several constraints on
-the utilization of resources like memory, storage, and processing duration,
-all of which are adjustable. This policy proves advantageous in situations
-where there's a need to mitigate the potential threat of handling possibly
-malicious or demanding images, all while retaining essential capabilities
-for prevalent image formats.
-
-%description config-7-upstream-secure
-This stringent security policy prioritizes the implementation of
-rigorous controls and restricted resource utilization to establish a
-profoundly secure setting while employing ImageMagick. It deactivates
-conceivably hazardous functionalities, including specific coders like
-SVG or HTTP. The policy promotes the tailoring of security measures to
-harmonize with the requirements of the local environment and the guidelines
-of the organization. This protocol encompasses explicit particulars like
-limitations on memory consumption, sanctioned pathways for reading and
-writing, confines on image sequences, the utmost permissible duration of
-workflows, allocation of disk space intended for image data, and even an
-undisclosed passphrase for remote connections. By adopting this robust
-policy, entities can elevate their overall security stance and alleviate
-potential vulnerabilities.
-
-%description config-7-upstream-websafe
-This security protocol designed for web-safe usage focuses on situations
-where ImageMagick is applied in publicly accessible contexts, like websites.
-It deactivates the capability to read from or write to any image formats
-other than web-safe formats like GIF, JPEG, and PNG. Additionally, this
-policy prohibits the execution of image filters and indirect reads, thereby
-thwarting potential security breaches. By implementing these limitations,
-the web-safe policy fortifies the safeguarding of systems accessible to
-the public, reducing the risk of exploiting ImageMagick's capabilities
-for potential attacks.
+%package config-7-SUSE
+Summary:        SUSE Provided Configuration
+Group:          Development/Libraries/C and C++
+Provides:       imagick-config-7
+Conflicts:      imagick-config-7
+BuildArch:      noarch
 
 %description config-7-SUSE
-ImageMagick configuration as provide by SUSE. It is upstream 'secure'
+ImageMagick configuration as provided by SUSE. It is upstream 'secure'
 policy plus disable few other coders for reading and/or writing.
 
 %prep
 %setup -q -n ImageMagick-%{source_version}
 %patch -P 2 -p1
-%ifarch i586
-%if %{?suse_version} < 1550
-%patch -P 4 -p1
-%endif
-%endif
 %ifarch s390x
 %patch -P 5 -p1
 %endif
-%patch -P 6 -p1
-%patch -P 7 -p1
-%patch -P 8 -p1
 
 %build
 # bsc#1088463
@@ -380,6 +277,7 @@ export SHAREARCH_DIRNAME="config%{libspec}%{clibver}"
 export CFLAGS="%{optflags} -O0"
 export CXXFLAGS="%{optflags} -O0"
 %endif
+export CONFIGURE_RELATIVE_PATH=%{config_dir}
 %configure \
   --disable-silent-rules \
   --enable-shared \
@@ -415,8 +313,8 @@ export CXXFLAGS="%{optflags} -O0"
   --without-gcc-arch \
   --enable-pipes=no \
   --enable-reproducible-build=yes \
-  --disable-openmp \
-  --with-security-policy=open # open for %%check
+  --disable-openmp
+
 %if %{asan_build}
 sed -i -e 's/\(^CFLAGS.*\)/\1 -fsanitize=address/' \
        -e 's/\(^LIBS =.*\)/\1 -lasan/' \
@@ -435,18 +333,19 @@ chmod -x PerlMagick/demo/*.pl
 exit 0
 
 %check
+%ifarch i586
+# do not report test issues related to 32-bit architectures upstream,
+# they do not want to dedicate any time to fix them:
+# https://github.com/ImageMagick/ImageMagick/issues/1215
+exit 0
+%endif
 %if %{debug_build} || %{asan_build}
 # testsuite does not succeed for some reason
 # research TODO
 exit 0
 %endif
-%ifarch i586
-# do not report test issues related to 32-bit architectures upstream,
-# they do not want to dedicate any time to fix them:
-# https://github.com/ImageMagick/ImageMagick/issues/1215
-rm PerlMagick/t/montage.t
-sed -i -e 's:averageImages ::' -e 's:1..13:1..12:' Magick++/tests/tests.tap
-%endif
+# ensure we do not block any coder by security policy
+cp config/policy-open.xml config/policy.xml
 %make_build check
 export MAGICK_CODER_MODULE_PATH=$PWD/coders/.libs
 export MAGICK_CODER_FILTER_PATH=$PWD/filters/.libs
@@ -459,24 +358,17 @@ sed -i 's:TEST_VERBOSE=0:TEST_VERBOSE=1:' Makefile
 cd ..
 
 %install
-%make_install pkgdocdir=%{_defaultdocdir}/ImageMagick-%{maj}/
-# configuration magic
-mv -t %{buildroot}%{_sysconfdir}/ImageMagick* %{buildroot}%{_datadir}/ImageMagick*/*.xml
-for policy in open limited secure websafe; do
-  cp -r %{buildroot}%{_sysconfdir}/%{config_dir}{,-upstream-$policy}
-  cp config/policy-$policy.xml %{buildroot}%{_sysconfdir}/%{config_dir}-upstream-$policy
-done
-mv %{buildroot}%{_sysconfdir}/%{config_dir}{,-SUSE}
-cp config/policy-secure.xml %{buildroot}%{_sysconfdir}/%{config_dir}-SUSE
-patch --fuzz=0 --dir %{buildroot}%{_sysconfdir}/%{config_dir}-SUSE < %{PATCH0}
-mkdir -p  %{buildroot}%{_sysconfdir}/alternatives/
-ln -sf %{_sysconfdir}/alternatives/%{config_dir} %{buildroot}%{_sysconfdir}/%{config_dir}
+%make_install pkgdocdir=%{_defaultdocdir}/ImageMagick-7/
+# default policy (SUSE)
+cp config/policy-secure.xml config/policy.xml
+patch --fuzz=0 -p1 < %{PATCH0}
+cp config/policy.xml %{buildroot}%{_sysconfdir}/%{config_dir}
 # symlink header file relative to /usr/include/ImageMagick-7/
 # so that inclusions like wand/*.h and magick/*.h work
-ln -s ./MagickCore %{buildroot}%{_includedir}/ImageMagick-%{maj}/magick
-ln -s ./MagickWand %{buildroot}%{_includedir}/ImageMagick-%{maj}/wand
+ln -s ./MagickCore %{buildroot}%{_includedir}/ImageMagick-7/magick
+ln -s ./MagickWand %{buildroot}%{_includedir}/ImageMagick-7/wand
 # these will be included via %%doc
-rm -r %{buildroot}%{_datadir}/doc/ImageMagick-%{maj}/
+rm -r %{buildroot}%{_datadir}/doc/ImageMagick-7/
 rm %{buildroot}%{_libdir}/*.la
 # remove RPATH from perl module
 perl_module=$(find %{buildroot}%{_prefix}/lib/perl5 -name '*.so')
@@ -486,8 +378,8 @@ chmod 555 $perl_module
 # remove %%{buildroot} from distributed file
 sed -i 's:%{buildroot}::' %{buildroot}/%{_libdir}/ImageMagick-%{mfr_version}/config%{libspec}%{clibver}/configure.xml
 #remove duplicates
-%fdupes -s %{buildroot}%{_defaultdocdir}/ImageMagick-%{maj}
-%fdupes -s %{buildroot}%{_includedir}/ImageMagick-%{maj}
+%fdupes -s %{buildroot}%{_defaultdocdir}/ImageMagick-7
+%fdupes -s %{buildroot}%{_includedir}/ImageMagick-7
 %fdupes -s %{buildroot}%{_libdir}/pkgconfig
 %perl_process_packlist
 
@@ -498,96 +390,14 @@ sed -i 's:%{buildroot}::' %{buildroot}/%{_libdir}/ImageMagick-%{mfr_version}/con
 %post -n libMagick++%{libspec}%{cxxlibver} -p /sbin/ldconfig
 %postun -n libMagick++%{libspec}%{cxxlibver} -p /sbin/ldconfig
 
-%pretrans config-7-upstream-open -p <lua>
--- this %pretrans to be removed soon [bug#1122033#37]
-path = "%{_sysconfdir}/%{config_dir}"
-st = posix.stat(path)
-if st and st.type == "directory" then
-  os.remove(path .. ".rpmmoved")
-  os.rename(path, path .. ".rpmmoved")
-end
-
-%pretrans config-7-upstream-limited -p <lua>
--- this %pretrans to be removed soon [bug#1122033#c37]
-path = "%{_sysconfdir}/%{config_dir}"
-st = posix.stat(path)
-if st and st.type == "directory" then
-  os.remove(path .. ".rpmmoved")
-  os.rename(path, path .. ".rpmmoved")
-end
-
-%pretrans config-7-upstream-secure -p <lua>
--- this %pretrans to be removed soon [bug#1122033#c37]
-path = "%{_sysconfdir}/%{config_dir}"
-st = posix.stat(path)
-if st and st.type == "directory" then
-  os.remove(path .. ".rpmmoved")
-  os.rename(path, path .. ".rpmmoved")
-end
-
-%pretrans config-7-SUSE -p <lua>
--- this %pretrans to be removed soon [bug#1122033#c37]
-path = "%{_sysconfdir}/%{config_dir}"
-st = posix.stat(path)
-if st and st.type == "directory" then
-  os.remove(path .. ".rpmmoved")
-  os.rename(path, path .. ".rpmmoved")
-end
-
-%pretrans config-7-upstream-websafe -p <lua>
--- this %pretrans to be removed soon [bug#1122033#c37]
-path = "%{_sysconfdir}/%{config_dir}"
-st = posix.stat(path)
-if st and st.type == "directory" then
-  os.remove(path .. ".rpmmoved")
-  os.rename(path, path .. ".rpmmoved")
-end
-
-%post config-7-upstream-open
-%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir}  %{config_dir}   %{_sysconfdir}/%{config_dir}-upstream-open  1
-
-%postun config-7-upstream-open
-if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
-    %{_sbindir}/update-alternatives --quiet --remove %{config_dir}  %{_sysconfdir}/%{config_dir}-upstream
-fi
-
-%post config-7-upstream-limited
-%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir}  %{config_dir}   %{_sysconfdir}/%{config_dir}-upstream-limited  5
-
-%postun config-7-upstream-limited
-if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
-    %{_sbindir}/update-alternatives --quiet --remove %{config_dir}  %{_sysconfdir}/%{config_dir}-upstream-limited
-fi
-
-%post config-7-upstream-secure
-%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir}  %{config_dir}   %{_sysconfdir}/%{config_dir}-upstream-secure  10
-
-%postun config-7-upstream-secure
-if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
-    %{_sbindir}/update-alternatives --quiet --remove %{config_dir}  %{_sysconfdir}/%{config_dir}-upstream-secure
-fi
-
-%post config-7-SUSE
-%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir}  %{config_dir}   %{_sysconfdir}/%{config_dir}-SUSE      15
-
-%postun config-7-SUSE
-if [ ! -d %{_sysconfdir}/%{config_dir}-SUSE ] ; then
-    %{_sbindir}/update-alternatives --quiet --remove %{config_dir}  %{_sysconfdir}/%{config_dir}-SUSE
-fi
-
-%post config-7-upstream-websafe
-%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir}  %{config_dir}   %{_sysconfdir}/%{config_dir}-upstream-websafe  20
-
-%postun config-7-upstream-websafe
-if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
-    %{_sbindir}/update-alternatives --quiet --remove %{config_dir}  %{_sysconfdir}/%{config_dir}-upstream-websafe
-fi
-
 %files
 %license LICENSE
 %{_bindir}/[^MW]*
 %{_mandir}/man1/*
 %exclude %{_mandir}/man1/*-config.1%{ext_man}
+%{_datadir}/ImageMagick-7
+%{_sysconfdir}/%{config_dir}
+%exclude %{_sysconfdir}/%{config_dir}/policy.xml
 
 %files -n libMagickCore%{libspec}%{clibver}
 %license LICENSE
@@ -659,36 +469,149 @@ fi
 %{_mandir}/man1/Magick++-config.1%{?ext_man}
 
 %files doc
-%{_defaultdocdir}/ImageMagick-%{maj}
-
-%files config-7-upstream-open
-%dir %{_sysconfdir}/ImageMagick*-upstream-open/
-%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-open/*
-%{_sysconfdir}/%{config_dir}
-%ghost %{_sysconfdir}/alternatives/%{config_dir}
-
-%files config-7-upstream-limited
-%dir %{_sysconfdir}/ImageMagick*-upstream-limited/
-%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-limited/*
-%{_sysconfdir}/%{config_dir}
-%ghost %{_sysconfdir}/alternatives/%{config_dir}
-
-%files config-7-upstream-secure
-%dir %{_sysconfdir}/ImageMagick*-upstream-secure/
-%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-secure/*
-%{_sysconfdir}/%{config_dir}
-%ghost %{_sysconfdir}/alternatives/%{config_dir}
+%{_defaultdocdir}/ImageMagick-7
 
 %files config-7-SUSE
-%dir %{_sysconfdir}/ImageMagick*-SUSE/
-%config %{_sysconfdir}/ImageMagick*-SUSE/*
-%{_sysconfdir}/%{config_dir}
-%ghost %{_sysconfdir}/alternatives/%{config_dir}
+%{_sysconfdir}/%{config_dir}/policy.xml
+
+%endif
+# END NIL FLAVOR
+
+%if "%{flavor}" == "config_open"
+%package config-7-upstream-open
+Summary:        Open ImageMagick Security Policy
+Group:          Development/Libraries/C and C++
+Provides:       imagick-config-7
+Obsoletes:      config-7-upstream < %{version}
+Provides:       config-7-upstream = %{version}
+Conflicts:      imagick-config-7
+BuildArch:      noarch
+
+%description config-7-upstream-open
+This policy is designed for usage in secure settings like those
+protected by firewalls or within Docker containers. Within this framework,
+ImageMagick enjoys broad access to resources and functionalities. This policy
+provides convenient and adaptable options for image manipulation. However,
+it's important to note that it might present security vulnerabilities in
+less regulated conditions. Thus, organizations should thoroughly assess
+the appropriateness of the open policy according to their particular use
+case and security prerequisites.
+
+%prep
+%setup -q -n ImageMagick-%{source_version}
+
+%build
+
+%install
+mkdir -p %{buildroot}%{_sysconfdir}/%{config_dir}/
+cp config/policy-open.xml %{buildroot}%{_sysconfdir}/%{config_dir}/policy.xml
+
+%files config-7-upstream-open
+%dir %{_sysconfdir}/%{config_dir}
+%config(noreplace) %{_sysconfdir}/%{config_dir}/policy.xml
+%endif
+
+%if "%{flavor}" == "config_limited"
+%package config-7-upstream-limited
+Summary:        Limited ImageMagick Security Policy
+Group:          Development/Libraries/C and C++
+Provides:       imagick-config-7
+Conflicts:      imagick-config-7
+BuildArch:      noarch
+
+%description config-7-upstream-limited
+The primary objective of the limited security policy is to find a
+middle ground between convenience and security. This policy involves the
+deactivation of potentially hazardous functionalities, like specific coders
+such as SVG or HTTP. Furthermore, it establishes several constraints on
+the utilization of resources like memory, storage, and processing duration,
+all of which are adjustable. This policy proves advantageous in situations
+where there's a need to mitigate the potential threat of handling possibly
+malicious or demanding images, all while retaining essential capabilities
+for prevalent image formats.
+
+%prep
+%setup -q -n ImageMagick-%{source_version}
+
+%build
+
+%install
+mkdir -p %{buildroot}%{_sysconfdir}/%{config_dir}/
+cp config/policy-limited.xml %{buildroot}%{_sysconfdir}/%{config_dir}/policy.xml
+
+%files config-7-upstream-limited
+%dir %{_sysconfdir}/%{config_dir}
+%config(noreplace) %{_sysconfdir}/%{config_dir}/policy.xml
+%endif
+
+%if "%{flavor}" == "config_secure"
+%package config-7-upstream-secure
+Summary:        Secure ImageMagick Security Policy
+Group:          Development/Libraries/C and C++
+Provides:       imagick-config-7
+Conflicts:      imagick-config-7
+BuildArch:      noarch
+
+%description config-7-upstream-secure
+This stringent security policy prioritizes the implementation of
+rigorous controls and restricted resource utilization to establish a
+profoundly secure setting while employing ImageMagick. It deactivates
+conceivably hazardous functionalities, including specific coders like
+SVG or HTTP. The policy promotes the tailoring of security measures to
+harmonize with the requirements of the local environment and the guidelines
+of the organization. This protocol encompasses explicit particulars like
+limitations on memory consumption, sanctioned pathways for reading and
+writing, confines on image sequences, the utmost permissible duration of
+workflows, allocation of disk space intended for image data, and even an
+undisclosed passphrase for remote connections. By adopting this robust
+policy, entities can elevate their overall security stance and alleviate
+potential vulnerabilities.
+
+%prep
+%setup -q -n ImageMagick-%{source_version}
+
+%build
+
+%install
+mkdir -p %{buildroot}%{_sysconfdir}/%{config_dir}/
+cp config/policy-secure.xml %{buildroot}%{_sysconfdir}/%{config_dir}/policy.xml
+
+%files config-7-upstream-secure
+%dir %{_sysconfdir}/%{config_dir}
+%config(noreplace) %{_sysconfdir}/%{config_dir}/policy.xml
+%endif
+
+%if "%{flavor}" == "config_websafe"
+%package config-7-upstream-websafe
+Summary:        Web-safe ImageMagick Security Policy
+Group:          Development/Libraries/C and C++
+Provides:       imagick-config-7
+Conflicts:      imagick-config-7
+BuildArch:      noarch
+
+%description config-7-upstream-websafe
+This security protocol designed for web-safe usage focuses on situations
+where ImageMagick is applied in publicly accessible contexts, like websites.
+It deactivates the capability to read from or write to any image formats
+other than web-safe formats like GIF, JPEG, and PNG. Additionally, this
+policy prohibits the execution of image filters and indirect reads, thereby
+thwarting potential security breaches. By implementing these limitations,
+the web-safe policy fortifies the safeguarding of systems accessible to
+the public, reducing the risk of exploiting ImageMagick's capabilities
+for potential attacks.
+
+%prep
+%setup -q -n ImageMagick-%{source_version}
+
+%build
+
+%install
+mkdir -p %{buildroot}%{_sysconfdir}/%{config_dir}/
+cp config/policy-websafe.xml %{buildroot}%{_sysconfdir}/%{config_dir}/policy.xml
 
 %files config-7-upstream-websafe
-%dir %{_sysconfdir}/ImageMagick*-upstream-websafe/
-%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-websafe/*
-%{_sysconfdir}/%{config_dir}
-%ghost %{_sysconfdir}/alternatives/%{config_dir}
+%dir %{_sysconfdir}/%{config_dir}
+%config(noreplace) %{_sysconfdir}/%{config_dir}/policy.xml
+%endif
 
 %changelog

_multibuild

@@ -0,0 +1,6 @@
+<multibuild>
+  <package>config_open</package>
+  <package>config_limited</package>
+  <package>config_secure</package>
+  <package>config_websafe</package>
+</multibuild>