Sync from SUSE:SLFO:Main ImageMagick revision 9a5641686af9c820e97e1eb2b49f28d4

ImageMagick-7.1.1-21.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmU0f0MACgkQiatj1IJ3
-N3qD5A//Wn6lXGgyL6rLFtiHxGvCEmW6iZG2gvNTHRMEshnVIix41xvpDMn/Oduh
-o+rJ8KID+dPnOUzOhgX5dl0JYxUQg1Qd5OwbtMOqJf6DtiHLKGGyKK9+iu1GX3pW
-MRimmkEZWJj4ro28SCdlk/694VWJG9QynbE4opoj3a0HF63RPvHdG9FEb86tGMJs
-B61gT4jkLMiEVEBN7pDDSCxcveabEG0QRB0CwcQKg3LEcqgHmf69qmCSDvXgxN8F
-LOWvwP2kt7Gqh9OOruR4by+91SrV5Y+ckh0zS18wbQL7k346prqP0lUaa/oUCuDT
-LszX9hXG6tK0T2kl25kct6fFOP5FCsy5pV5BoUu7GAVgz4ISC+/FzxHecdx2lLTg
-YePZPdWG21/1FvLiX5YTCC1FLaiPGs6Fg9n21kskxKZZHXfXWwLkDNUXolSH+DLQ
-92xBEDYTePmemD7cf7dduOUt5UgtQcHhLoaHKFvM1AWTBh7PoWlWF4OeinmPONC3
-+R2cGlXEVtpzo8bGVgx4epYAmbvHtLJXT9ckl32p5kow6fVc+f5hsaP2cKSzAEW+
-UJlgfOFk0sKX1k3RZLgnWu9co0r5gsi2ZWZbyqlmWZlJfR9FxFfM4zni+ipe4HTp
-Z59bCP+z1NMCUyOI4mc/i2L8Fd9YItCG0scweuw8fugsPs/EN1w=
-=8EVl
------END PGP SIGNATURE-----

ImageMagick-7.1.2-0.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmhzpugACgkQiatj1IJ3
+N3oAxg/+LGUZrTHB3ZHWWHZuL7aTDbWTyZVeCkV7ATnx0fysNsAijQE3F1ZWRXA9
+F8thN4POBodTtLo1WT4txSe15xkgspl/zcBceREtmvnukTLMhxqeh+7puW4ymgso
+UXuwH+ACHK7eTTIMFe57R3cjJYQiVVJ3VfGpa5T9kqHUFY2QR0R1irnsIBIO0Svu
+Xhf4ruxoEmAPqNPeR4SH+XfivrMflm2OXUlTmGJz8eiCs9Q2CLi6UzXadllYN8qj
+i7nBKW6QfWRl1GktwCdNQ5V8by6LbZbH5a+ns+7txyFd73IGIzO69izR6ZTpz+0Z
+haW+TqXlvX36w/QFbKkXzNzHRq5R708uE60htURdP5nKdPsmpuXUK32shNhQv349
+V6z7NxwVVkkvvgVn9c8cXr1BAF//X0WnaXNQqEpggDBYc8wEio+JoS0WwAzoWuSL
+v/oBKQQHB57hUgwGs1TvDzEAx5rDdU/CJf60kfcwMT1ep7Xo7egvFcaXacRmUSsj
+IFWE3GXtXGrcK6QEqv90YbLSbdTW4Li8lWQVd6ZGilfoLLuTwSbVwoEYfdZxvAdy
+PYTgSHzN/v09hn3T4yvQilV2xG8HD8wHr6nnb2EBQX5Nm2ZviUdUdMo4xQeZnhZd
+UafoFf9TK8QoPSQeEYoSIwjuixBHrNuEgNKd1+Lch01K04Xdi+M=
+=cMIz
+-----END PGP SIGNATURE-----

ImageMagick-configuration-SUSE.patch

@@ -1,15 +1,47 @@
---- a/config/policy-secure.xml
-+++ b/config/policy-secure.xml
-@@ -92,8 +92,10 @@
+--- ImageMagick-7.1.1-30/config/policy.xml
++++ ImageMagick-7.1.1-30/config/policy.xml
+@@ -62,7 +62,7 @@
+   <policy domain="resource" name="disk" value="1GiB"/>
+   <!-- Set the maximum length of an image sequence.  When this limit is
+        exceeded, an exception is thrown. -->
+-  <policy domain="resource" name="list-length" value="32"/>
++  <policy domain="resource" name="list-length" value="128"/>
+   <!-- Set the maximum width of an image.  When this limit is exceeded, an
+        exception is thrown. -->
+   <policy domain="resource" name="width" value="8KP"/>
+@@ -83,11 +83,11 @@
+   <!-- Replace passphrase for secure distributed processing -->
+   <!-- <policy domain="cache" name="shared-secret" value="secret-passphrase" stealth="true"/> -->
+   <!-- Do not permit any delegates to execute. -->
+-  <policy domain="delegate" rights="none" pattern="*"/>
++  <!--policy domain="delegate" rights="none" pattern="*"/ -->
+   <!-- Do not permit any image filters to load. -->
+   <policy domain="filter" rights="none" pattern="*"/>
+   <!-- Don't read/write from/to stdin/stdout. -->
+-  <policy domain="path" rights="none" pattern="-"/>
++  <!--policy domain="path" rights="none" pattern="-"/ -->
+   <!-- don't read sensitive paths. -->
    <policy domain="path" rights="none" pattern="/etc/*"/>
    <!-- Indirect reads are not permitted. -->
-   <policy domain="path" rights="none" pattern="@*"/>
-+  <!-- These image types can expose risks on read and write -->
-+  <policy domain="module" rights="none" pattern="{EPHEMERAL,URL,HTTPS,MVG,MSL,TEXT,SHOW,WIN,PLT}"/>
-   <!-- These image types are security risks on read, but write is fine -->
--  <policy domain="module" rights="write" pattern="{MSL,MVG,PS,SVG,URL,XPS}"/>
-+  <policy domain="module" rights="write" pattern="{MSL,MVG,PS,SVG,URL,XPS,PDF,EPI,EPS,PCL,PS1,PS2,PS3}"/>
-   <!-- This policy sets the number of times to replace content of certain
-        memory buffers and temporary files before they are freed or deleted. -->
-   <policy domain="system" name="shred" value="1"/>
+@@ -103,4 +103,20 @@
+   <!-- Set the maximum amount of memory in bytes that are permitted for
+        allocation requests. -->
+   <policy domain="system" name="max-memory-request" value="256MiB"/>
++  <!-- Disable insecure coders by default -->
++  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
++  <policy domain="coder" rights="none" pattern="URL" />
++  <policy domain="coder" rights="none" pattern="HTTPS" />
++  <policy domain="coder" rights="none" pattern="MVG" />
++  <policy domain="coder" rights="none" pattern="MSL" />
++  <policy domain="coder" rights="none" pattern="TEXT" />
++  <policy domain="coder" rights="none" pattern="SHOW" />
++  <policy domain="coder" rights="none" pattern="WIN" />
++  <policy domain="coder" rights="none" pattern="PLT" />
++  <policy domain="coder" rights="write" pattern="PS" />
++  <policy domain="coder" rights="write" pattern="PS2" />
++  <policy domain="coder" rights="write" pattern="PS3" />
++  <policy domain="coder" rights="write" pattern="PDF" />
++  <policy domain="coder" rights="write" pattern="XPS" />
++  <policy domain="coder" rights="write" pattern="PCL" />
+ </policymap>
 

ImageMagick-filter.t-disable-Contrast.patch

@@ -1,12 +0,0 @@
---- a/PerlMagick/t/filter.t.orig	2021-10-04 14:07:03.016458903 +0000
-+++ b/PerlMagick/t/filter.t	2021-10-04 14:08:31.717025766 +0000
-@@ -57,7 +57,7 @@ testFilterCompare('input.miff', "fuzz=>$
- testFilterCompare('input.miff', "fuzz=>$fuzz", 'reference/filter/Colorize.miff', 'Colorize', q/fill=>"red", blend=>"50%"/, 0.00001, 0.004);
- ++$test;
- 
--testFilterCompare('input.miff',  q//, 'reference/filter/Contrast.miff', 'Contrast', q//, 0.00001, 0.004);
-+testFilterCompare('input.miff',  q//, 'reference/filter/Contrast.miff', 'Contrast', q//, 0.0002, 0.4);
- ++$test;
- 
- testFilterCompare('input.miff',  q//, 'reference/filter/Convolve.miff', 'Convolve', q/[0.0625, 0.0625, 0.0625, 0.0625, 0.5, 0.0625, 0.0625, 0.0625, 0.0625]/, 0.1, 0.7);
-

ImageMagick-infinite-resource-time-limit.patch

@@ -1,31 +0,0 @@
-Index: ImageMagick-7.1.1-21/MagickCore/resource.c
-===================================================================
---- ImageMagick-7.1.1-21.orig/MagickCore/resource.c
-+++ ImageMagick-7.1.1-21/MagickCore/resource.c
-@@ -136,7 +136,7 @@ static ResourceInfo
-     MagickULLConstant(768),            /* file limit */
-     MagickULLConstant(1),              /* thread limit */
-     MagickULLConstant(0),              /* throttle limit */
--    MagickResourceInfinity             /* time limit */
-+    INT_MAX                            /* time limit */
-   };
- 
- static SemaphoreInfo
-@@ -971,7 +971,7 @@ MagickExport MagickBooleanType ListMagic
-     (void) FormatMagickSize(resource_info.disk_limit,MagickTrue,"B",
-       MagickFormatExtent,disk_limit);
-   (void) CopyMagickString(time_limit,"unlimited",MagickFormatExtent);
--  if (resource_info.time_limit != MagickResourceInfinity)
-+  if (resource_info.time_limit != INT_MAX)
-     FormatTimeToLive(resource_info.time_limit,time_limit);
-   (void) FormatLocaleFile(file,"Resource limits:\n");
-   (void) FormatLocaleFile(file,"  Width: %s\n",width_limit);
-@@ -1333,7 +1333,7 @@ MagickPrivate MagickBooleanType Resource
-         limit,100.0));
-       limit=DestroyString(limit);
-     }
--  (void) SetMagickResourceLimit(TimeResource,MagickResourceInfinity);
-+  (void) SetMagickResourceLimit(TimeResource,INT_MAX);
-   limit=GetEnvironmentValue("MAGICK_TIME_LIMIT");
-   if (limit != (char *) NULL)
-     {

ImageMagick-library-installable-in-parallel.patch

@@ -1,8 +1,8 @@
-Index: ImageMagick-7.1.1-17/configure
+Index: ImageMagick-7.1.2-0/configure
 ===================================================================
---- ImageMagick-7.1.1-17.orig/configure
-+++ ImageMagick-7.1.1-17/configure
-@@ -34840,7 +34840,9 @@ fi
+--- ImageMagick-7.1.2-0.orig/configure
++++ ImageMagick-7.1.2-0/configure
+@@ -37225,7 +37225,9 @@ fi
  
  
  # Subdirectory to place architecture-dependent configuration files

ImageMagick.changes

@@ -1,3 +1,395 @@
+-------------------------------------------------------------------
+Tue Jul 15 11:36:19 UTC 2025 - pgajdos@suse.com
+
+- version update to 7.1.2.0
+  * magick-config.h: Remove redundant block by @ferdnyc in #8076
+  * Remove generated 'magick.sh' from repo by @ferdnyc in #8075
+  * JXL: Preserve ICC profile for lossless encoding by @ferdnyc in #8074
+  * Support ICN file extension for old Windows icons by @bitplane in #8107
+  * fix build when libjpeg is not in its default location by @mmomtchev in #8172
+  * Change 'Mac OS X' to 'macOS' in descriptions and comments by @gy-mate in #8224
+  * Fix NULL pointer dereference in XWarning by @moon044 in #8230
+- modified patches
+  % ImageMagick-library-installable-in-parallel.patch (refreshed)
+- fixes: CVE-2025-53101 [bsc#1246529]
+         CVE-2025-53014 [bsc#1246530]
+         CVE-2025-53015 [bsc#1246531]
+         CVE-2025-53019 [bsc#1246534]
+
+-------------------------------------------------------------------
+Mon May 26 09:10:06 UTC 2025 - pgajdos@suse.com
+
+- fix config policies [bsc#1243622]
+- modified patches
+  % ImageMagick-configuration-SUSE.patch (refreshed)
+
+-------------------------------------------------------------------
+Thu May 15 20:20:16 UTC 2025 - pgajdos@suse.com
+
+- drop update-alternatives usage, configuration alternative packages
+  now conflict
+- modified patches
+  % ImageMagick-configuration-SUSE.patch (refreshed)
+- added sources
+  + _multibuild
+- remove ImageMagick-filter.t-disable-Contrast.patch needed for i586
+  testing
+
+-------------------------------------------------------------------
+Tue Apr  1 11:44:59 UTC 2025 - pgajdos@suse.com
+
+- version update to 7.1.1.47
+  * try pngalpha if png16malpha not available by @remicollet in #8034
+  * Fix statistic.c GetImageRange initializer by @mtasaka in #8010
+- modified patches
+  % ImageMagick-library-installable-in-parallel.patch (refreshed)
+
+-------------------------------------------------------------------
+Sun Feb 23 20:52:21 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
+
+- version update to 7.1.1.44
+  * Bump azure/trusted-signing-action from 0.5.0 to 0.5.1 in #7895
+  * Enable any dither method such as Floyd-Steinberg for Magick::Image::map()
+    in #7937
+  * Magick++ Documentation Verification in #7906
+  * fix type casting in statistic.c in #7982
+- removed patched (upstreamed)
+  - ImageMagick-0-1-are-special-cases-for-pow.patch
+  - ImageMagick-check-for-pow-zero.patch
+  - ImageMagick-gamma-should-call-GammaImage.patch
+
+-------------------------------------------------------------------
+Mon Jan 20 13:34:51 UTC 2025 - pgajdos@suse.com
+
+- fix [bsc#1235113]:
+  https://github.com/ImageMagick/Usage/issues/8
+  https://github.com/ImageMagick/Usage/issues/9
+- added patches
+  fix https://github.com/ImageMagick/ImageMagick/commit/be3b73da674520ad3eab52ade2a3cda62af66d15
+  + ImageMagick-0-1-are-special-cases-for-pow.patch
+  fix https://github.com/ImageMagick/ImageMagick/commit/1afa38ae2fa87cf4eb48040e47d410aa729ce21e
+  + ImageMagick-check-for-pow-zero.patch
+  fix https://github.com/ImageMagick/ImageMagick/commit/056ccdbeac41c9b24b625e0139cd25a4cdffb22a
+  + ImageMagick-gamma-should-call-GammaImage.patch
+
+-------------------------------------------------------------------
+Mon Dec 23 14:47:14 UTC 2024 - pgajdos@suse.com
+
+- version update to 7.1.1.43
+  * no upstream changelog found
+
+-------------------------------------------------------------------
+Sun Nov 17 10:27:30 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
+
+- version update to 7.1.1.41
+  * Fix compiler identification with Clang on Darwin in #7773
+  * revert map changes breaking ABI in #7768
+
+-------------------------------------------------------------------
+Mon Nov 11 19:59:52 UTC 2024 - Yann BOYER <yann.boyer742@gmail.com>
+
+- version update to 7.1.1.40
+  * .cut (Dr Halo) reading when run count in header #7734
+  * Bump azure/trusted-signing-action from 0.4.0 to 0.5.0 #7725
+  * Implement Magic Kernel Sharp 2013 and 2021 #7701
+  * don't process TIFF image if there is an exception
+  * Corrected check for indexed channels in PSD files.
+  * export exception when undo resource limit exceeded
+
+-------------------------------------------------------------------
+Sun Oct  6 20:27:31 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
+
+- version update to 7.1.1.39
+  * Add missing Threshold command to command array of Region of Interest mode #7606
+  * uhdr.c: update uhdr coder for gainmap metadata configuration #7635
+  * uhdr: fix language choice in autoconf #7663
+
+-------------------------------------------------------------------
+Fri Sep 13 15:38:48 UTC 2024 - pgajdos@suse.com
+
+- version update to 7.1.1.38
+  * properly set image byte order 40f6599
+  * set max colormap size for remap 1ffe565
+  * beta release 250b748
+  * deprecate the -respect-paranthesis option 4e7d789
+  * Build fixes. b80c509
+  * save IPTC + ICC profiles are profiles, not properties 25d5335
+  * update copyright year 4caf7d1
+  * Patch to fix reading of the ICC profile. 18377f9
+  * prepping framework to interact with X11 clipboard b20dda3
+  * Build fix. 20a5af3
+  * More build fixes. c36fdf0
+  * Another attempt to silence the warnings. 600708c
+  * Use SetImageProfilePrivate to avoid duplicate allocations. f246eab
+  * support clipboard delegate 39a135a
+  * restore clipboard.c 1070b17
+  * improved rounding 27a0a9c
+  * don't allow negative scenes 8fda05a
+  * eliminate compiler warnings 878daf9
+- modified patches
+  % ImageMagick-library-installable-in-parallel.patch (refreshed)
+
+-------------------------------------------------------------------
+Tue Aug 27 08:21:42 UTC 2024 - pgajdos@suse.com
+
+- version update to 7.1.1.37
+  * Bump azure/trusted-signing-action from 0.3.20 to 0.4.0 #7518
+  * Silence warning and fix HEIC_COMPUTE_NUMERIC_VERSION definition when heic delegate is disabled. #7516
+  * protect macro arguments with parens 86cb2b1
+  * eliminate compiler warnings d90d8b4
+  * correct copyright year 115271e
+  * Ignore multiple exif and xmp profiles for the same jxl frame and fix reading those profiles per frame. c301208
+  * read/write in chunks fff3058
+  * optimize fwrite() arguments ada6785
+  * Renamed Output folder to Artifacts. 2a69677
+  * cancel interactive window selection with right button press ea2a2db
+  * cosmetic 712bde4
+  * eliminate compiler warning 9a9a25c
+  * eliminate compiler warning 0bd1687
+  * Make images mandatory in the issue template. c01fd37
+  * Added extra header detection for avif files. 9fc0590
+  * allow SeekBlob() to set an offset beyond the end of the blob 27c3f99
+  * be less forgiving for invalid image indexes 25db2e5
+  * Fixed problem with empty macros (#7562) 9fda5f2
+  * Added missing null checks for RequestOpenCLDevice. f85448e
+  * Added missing null check for AcquireOpenCLCommandQueue. 295e9c8
+  * persist app1 jpeg profile (ImageMagick/ImageMagick#4713) f0357c7
+  * Fixed build error. b3dd431
+  * Remove some of the dependencies for the macos-13 build. d0bce95
+  * parentheses is the plural of parenthesis 1fac80a
+  * distribute quantization error for -dither FloydSteinberg -depth 5b2825b
+  * release 8a0da9f
+  * properly set image byte order 40f6599
+  * set max colormap size for remap 1ffe565
+
+-------------------------------------------------------------------
+Sat Aug  3 18:26:29 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
+
+- version update to 7.1.1.36
+  * uhdr.c: default initialize range field for hdr/sdr intent inputs to
+    enc by @aayushsoni111 in #7482
+  * Fixed typo in documentation of MagickAdaptiveBlurImage by @JonahEMorgan
+    in #7500
+  * Silence warning when freetype delegate is disabled. by @niclet in #7515
+
+-------------------------------------------------------------------
+Thu Jul 25 08:23:31 UTC 2024 - pgajdos@suse.com
+
+- version update to 7.1.1.35
+  * Also set dpi-x and dpi-y when running rsvg-convert. eac001f
+  * convert sub-command is deprecated d67039e
+  * only operators should disable "identify ping" (ImageMagick/ImageMagick#7441) a262192
+  * fix compiler error ecc21c7
+  * -outdir deprecated 9980efa
+  * Get the correct width and height when heic:preserve-orientation is set to true. ed3a0dd
+  * Set heic image orientation using transform information. ba470aa
+  * Exit earlier when the symlink could not be created when invoking the svg:decode delegate. 8a48edd
+  * Fixed MSYS2 build error. 3b22378
+  * Also set the DNG properties when pinging the image. fc1c61b
+  * Silence warning when lqr delegate is disabled. ae0d69a
+  * Added version check for the heif_properties.h include. 656b4d2
+  * Make sure we always use the i64 version of the "file methods" on Windows. b3e8a78
+  * Changed defines to use method instead of a define. 75b66c4
+  * Changes due to upgrade of libheif. 841f033
+  * smooth the rendering of an ellipse (ImageMagick/ImageMagick#7465) 1bfce2a
+
+-------------------------------------------------------------------
+Sun Jun 23 20:52:45 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
+
+- version update to 7.1.1.34
+  * Bump azure/trusted-signing-action from 0.3.18 to 0.3.19 in #7348
+  * Fix a typo in convert deprecation warning in #7383
+  * Bump azure/trusted-signing-action from 0.3.19 to 0.3.20 in #7388
+  * Updated FontConfig query to include font index, fixing (#7374) in #7409
+- removed patch (upstreamed)
+  - ImageMagick-update-image-signature.patch
+
+-------------------------------------------------------------------
+Sat May 25 21:11:21 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
+
+- version update to 7.1.1.33
+  * Fix typo in #7294
+  * Bump azure/trusted-signing-action from 0.3.16 to 0.3.18 in #7325
+  * Bump caphyon/advinst-github-action from 1.1 to 2.0 in #7326
+- added patch
+  + ImageMagick-update-image-signature.patch
+
+-------------------------------------------------------------------
+Thu May 16 09:06:36 UTC 2024 - pgajdos@suse.com
+
+- reverted update-alternatives usage removal [bsc#1122033][bsc#1220818]
+
+-------------------------------------------------------------------
+Sun May  5 19:33:38 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
+
+- version update to 7.1.1.32
+  * Fix GIF ICC profile reading #7282
+  * uhdr.c: add support for rgb inputs #7273
+
+-------------------------------------------------------------------
+Mon Apr 22 08:01:53 UTC 2024 - pgajdos@suse.com
+
+- version update to 7.1.1.31
+  * Convert big PDF documents is slow #7263
+  * Update release.yml #7258
+  * Update README.md #7245
+  * uhdr.c: verify the availability of error message before accessing it #7229
+- removed patches
+  - ImageMagick-wmflite-detection.patch (upstreamed)
+`
+-------------------------------------------------------------------
+Mon Apr 15 10:19:07 UTC 2024 - pgajdos@suse.com
+
+- relax list-length resource limit, fixes build of python-Wand
+  % ImageMagick-configuration-SUSE.patch
+
+-------------------------------------------------------------------
+Mon Apr  8 14:44:40 UTC 2024 - pgajdos@suse.com
+
+- version update to 7.1.1.30
+  * install perl module into user-specified prefix by @bugfood in #7192
+  * Fix bmp option to bypass file size check by @OnTheList-1 in #7194
+  * add support for encoding/decoding ultrahdr images by @aayushsoni111 in #7198
+  * Updates to uhdr.c by @aayushsoni111 in #7217
+- added patches
+  fix https://github.com/ImageMagick/ImageMagick/issues/7230
+  + ImageMagick-wmflite-detection.patch
+
+-------------------------------------------------------------------
+Fri Mar 22 10:32:38 UTC 2024 - pgajdos@suse.com
+
+- allow stdin/stdout
+- modified patches
+  % ImageMagick-configuration-SUSE.patch
+
+-------------------------------------------------------------------
+Thu Mar 21 08:35:53 UTC 2024 - pgajdos@suse.com
+
+- allow delegates to be executed, was disabled by default policy
+- modified patches
+  % ImageMagick-configuration-SUSE.patch (refreshed)
+  % ImageMagick-library-installable-in-parallel.patch (refreshed)
+
+-------------------------------------------------------------------
+Mon Mar  4 11:55:33 UTC 2024 - pgajdos@suse.com
+
+- enable SVG again
+- modified patches
+  % ImageMagick-configuration-SUSE.patch (refreshed)
+
+-------------------------------------------------------------------
+Sat Mar  2 23:03:12 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
+
+- We can not replace a symlink with a directory on the directly
+  Unregister the whole group manually in %pre with
+  update-alternatives. (boo#1220818)
+  Restore Requires(pre) on update-alternatives for the mean time.
+
+-------------------------------------------------------------------
+Tue Feb 27 20:28:12 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
+
+- version update to 7.1.1.29
+  https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
+
+-------------------------------------------------------------------
+Thu Feb 22 07:57:01 UTC 2024 - Michael Vetter <mvetter@suse.com>
+
+- Use %patch -P N instead of deprecated %patchN.
+
+-------------------------------------------------------------------
+Sun Feb 11 20:57:22 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
+
+- version update to 7.1.1.28
+  https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
+
+-------------------------------------------------------------------
+Sun Jan 21 19:12:06 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
+
+- version update to 7.1.1.27
+  https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
+
+-------------------------------------------------------------------
+Tue Jan 16 14:54:49 UTC 2024 - pgajdos@suse.com
+
+- only one configuration again, based on upstream 'secure' policy
+- other upstream policies packaged in documentation
+
+-------------------------------------------------------------------
+Mon Jan 15 14:30:40 UTC 2024 - pgajdos@suse.com
+
+- use correct policy.xml
+
+-------------------------------------------------------------------
+Sun Jan 14 10:57:43 UTC 2024 - munix9@googlemail.com
+
+- Fix incomplete removal of update-alternatives for config
+- Replace obsolete 'otherproviders(imagick-%{config_spec})' with
+  'Conflicts: imagick-%{config_spec}'
+
+-------------------------------------------------------------------
+Fri Jan 12 15:32:08 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
+
+- version update to 7.1.1.26
+  https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
+
+-------------------------------------------------------------------
+Fri Jan  5 10:49:19 UTC 2024 - pgajdos@suse.com
+
+- drop update-alternatives for config; use exactly one of configuration
+  package provided
+
+-------------------------------------------------------------------
+Wed Jan  3 09:22:56 UTC 2024 - pgajdos@suse.com
+
+- version update to 7.1.1.25
+  https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
+
+-------------------------------------------------------------------
+Sat Dec 30 16:28:50 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 7.1.1.24:
+  * Added extra check for rare case when ImageMagick is build without
+    any delegates.
+  * Corrected order to fix invalid matches.
+  * only fill the alpha channel for alpha floodfill
+  * Make sure we use the lt_ methods like we do elsewhere.
+  * support dng:max-raw-memory define (ImageMagick/ImageMagick#6922)
+  * properly export YUV JP2 images (ImageMagick/ImageMagick#6943)
+  * use : specifier
+  * correct display program name
+  * check for corrupt DJVU images
+  * support UTF-8 comments (ImageMagick/ImageMagick#6949)
+  * do not prefix iTxt key with 'png:'
+  * enhance sampling factor parser (ImageMagick/ImageMagick#6943)
+  * Switch to ubuntu 20.04 in the app-image build.
+  * Corrected packages that need to be install due to ubuntu upgrade.
+  * improve accuracy of image statistics
+  * fx calculations of skewness and kurtosis
+  * Only write comments as itxt when the string contains non ansi
+    chars.
+  * check if the string contains non-Latin1 characters
+  * Corrected patch to check for non-Latin1 characters.
+  * invalid JSON with -ping (ImageMagick/ImageMagick#6966)
+  * throw exception if # of meta channels exceed max
+    https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hx5j-pxvh-rj7r
+  * multiplication result converted to larger type
+  * invalid HTTPS certificates are no longer ignored
+    https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3r24-6m6q-vxmr
+  * multiplication result converted to larger type
+  * eliminate compiler warning
+  * don't include the index channel in the overall image statistics
+  * multiplication result converted to larger type
+
+-------------------------------------------------------------------
+Thu Dec 21 10:13:14 UTC 2023 - pgajdos@suse.com
+
+- version update to 7.1.1.23
+  https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
+- modified patches
+  % ImageMagick-library-installable-in-parallel.patch (refreshed)
+- deleted patches
+  - ImageMagick-infinite-resource-time-limit.patch (upstreamed)
+
 -------------------------------------------------------------------
 Mon Nov 13 10:09:38 UTC 2023 - pgajdos@suse.com
 

ImageMagick.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package ImageMagick
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,24 +16,25 @@
 #
 
 
+%global flavor          @BUILD_FLAVOR@%{nil}
+
 %define debug_build    0
 %define asan_build     0
-%define maj            7
-%define mfr_version    %{maj}.1.1
-%define mfr_revision   21
+%define mfr_version    7.1.2
+%define mfr_revision   0
 %define quantum_depth  16
 %define source_version %{mfr_version}-%{mfr_revision}
 %define clibver        10
 %define cwandver       10
 %define cxxlibver      5
-%define libspec        -%{maj}_Q%{quantum_depth}HDRI
-%define config_dir     ImageMagick-7
-%define config_spec    config-7
+%define libspec        -7_Q%{quantum_depth}HDRI
+%define config_dir     IM-7
 %define test_verbose   1
 # bsc#1088463
 %define urw_base35_fonts 0
 # do/don't pull djvulibre dependency
 %bcond_without djvu
+
 Name:           ImageMagick
 Version:        %{mfr_version}.%{mfr_revision}
 Release:        0
@@ -41,23 +42,15 @@ Summary:        Viewer and Converter for Images
 License:        ImageMagick
 Group:          Productivity/Graphics/Other
 URL:            https://imagemagick.org/
-Source0:        https://imagemagick.org/archive/releases/ImageMagick-%{mfr_version}-%{mfr_revision}.tar.xz
+Source0:        https://imagemagick.org/archive/releases/ImageMagick-%{source_version}.tar.xz
 Source1:        baselibs.conf
-Source2:        https://imagemagick.org/archive/releases/ImageMagick-%{mfr_version}-%{mfr_revision}.tar.xz.asc
+Source2:        https://imagemagick.org/archive/releases/ImageMagick-%{source_version}.tar.xz.asc
 Source3:        ImageMagick.keyring
 # suse specific patches
 Patch0:         ImageMagick-configuration-SUSE.patch
 Patch2:         ImageMagick-library-installable-in-parallel.patch
-#%%ifarch i586
-#%%if %%{?suse_version} < 1550
-Patch4:         ImageMagick-filter.t-disable-Contrast.patch
-#%%endif
-#%%endif
-#%%ifarch s390x
 Patch5:         ImageMagick-s390x-disable-tests.patch
-# https://github.com/ImageMagick/ImageMagick/commit/8f3c56fabc619c1672865257e5aafe33cbfaaf3e https://github.com/ImageMagick/ImageMagick/commit/3a7b915d9a810ce742987b37c935f6ae8b36df10
-Patch6:         ImageMagick-infinite-resource-time-limit.patch
-#%%endif
+
 BuildRequires:  chrpath
 BuildRequires:  dejavu-fonts
 BuildRequires:  fdupes
@@ -101,102 +94,6 @@ BuildRequires:  ghostscript-fonts-other
 BuildRequires:  ghostscript-fonts-std
 %endif
 
-%package -n perl-PerlMagick
-Summary:        Perl interface for ImageMagick
-Group:          Development/Libraries/Perl
-Requires:       ImageMagick = %{version}
-Requires:       libMagickCore%{libspec}%{clibver} = %{version}
-Requires:       perl = %{perl_version}
-
-%package devel
-Summary:        Development files for ImageMagick's C interface
-Group:          Development/Libraries/C and C++
-Requires:       ImageMagick = %{version}
-Requires:       glibc-devel
-Requires:       libMagickCore%{libspec}%{clibver} = %{version}
-Requires:       libMagickWand%{libspec}%{cwandver} = %{version}
-# bnc#741947:
-Requires:       pkgconfig(bzip2)
-%if !%{debug_build}
-%package extra
-Summary:        Extra codecs for the ImageMagick image viewer/converter
-Group:          Productivity/Graphics/Other
-Requires:       ImageMagick = %{version}
-Requires:       libMagickCore%{libspec}%{clibver} = %{version}
-Recommends:     autotrace
-Recommends:     dcraw
-Recommends:     hp2xx
-Recommends:     libwmf
-Recommends:     netpbm
-Recommends:     transfig
-%endif
-
-%package -n libMagickCore%{libspec}%{clibver}
-Summary:        C runtime library for ImageMagick
-Group:          Productivity/Graphics/Other
-Requires:       imagick-%{config_spec}
-Recommends:     %{config_spec}-SUSE
-Recommends:     ghostscript
-Suggests:       %{name}-extra = %{version}
-
-%package -n libMagickWand%{libspec}%{cwandver}
-Summary:        C runtime library for ImageMagick
-Group:          Productivity/Graphics/Other
-
-%package -n libMagick++%{libspec}%{cxxlibver}
-Summary:        C++ interface runtime library for ImageMagick
-Group:          Development/Libraries/C and C++
-Requires:       %{name}
-
-%package -n libMagick++-devel
-Summary:        Development files for ImageMagick's C++ interface
-Group:          Development/Libraries/C and C++
-Requires:       libMagick++%{libspec}%{cxxlibver} = %{version}
-Requires:       libstdc++-devel
-Requires:       pkgconfig(ImageMagick) = %{mfr_version}
-
-%package doc
-Summary:        Document Files for ImageMagick Library
-Group:          Documentation/HTML
-BuildArch:      noarch
-
-%package %{config_spec}-upstream-open
-Summary:        Open ImageMagick Security Policy
-Group:          Development/Libraries/C and C++
-Requires(post): update-alternatives
-Requires(postun):update-alternatives
-Provides:       imagick-%{config_spec}
-Obsoletes:      %{config_spec}-upstream < %{version}
-Provides:       %{config_spec}-upstream = %{version}
-
-%package %{config_spec}-upstream-limited
-Summary:        Limited ImageMagick Security Policy
-Group:          Development/Libraries/C and C++
-Requires(post): update-alternatives
-Requires(postun):update-alternatives
-Provides:       imagick-%{config_spec}
-
-%package %{config_spec}-upstream-secure
-Summary:        Secure ImageMagick Security Policy
-Group:          Development/Libraries/C and C++
-Requires(post): update-alternatives
-Requires(postun):update-alternatives
-Provides:       imagick-%{config_spec}
-
-%package %{config_spec}-upstream-websafe
-Summary:        Web-safe ImageMagick Security Policy
-Group:          Development/Libraries/C and C++
-Requires(post): update-alternatives
-Requires(postun):update-alternatives
-Provides:       imagick-%{config_spec}
-
-%package %{config_spec}-SUSE
-Summary:        SUSE Provided Configuration
-Group:          Development/Libraries/C and C++
-Requires(post): update-alternatives
-Requires(postun):update-alternatives
-Provides:       imagick-%{config_spec}
-
 %description
 ImageMagick is a robust collection of tools and libraries to read,
 write, and manipulate an image in many image formats, including popular
@@ -208,6 +105,31 @@ different image formats. Image processing operations are available from
 the command line as well as through C, C++, and Perl-based programming
 interfaces.
 
+# BEGIN NIL FLAVOR
+%if "%{flavor}" == ""
+
+%package -n perl-PerlMagick
+Summary:        Perl interface for ImageMagick
+Group:          Development/Libraries/Perl
+Requires:       ImageMagick = %{version}
+Requires:       libMagickCore%{libspec}%{clibver} = %{version}
+Requires:       perl = %{perl_version}
+
+%description -n perl-PerlMagick
+PerlMagick is an objected-oriented Perl interface to ImageMagick. Use
+the module to read, manipulate, or write an image or image sequence
+from within a Perl script. This makes it suitable for Web CGI scripts.
+
+%package devel
+Summary:        Development files for ImageMagick's C interface
+Group:          Development/Libraries/C and C++
+Requires:       ImageMagick = %{version}
+Requires:       glibc-devel
+Requires:       libMagickCore%{libspec}%{clibver} = %{version}
+Requires:       libMagickWand%{libspec}%{cwandver} = %{version}
+# bnc#741947:
+Requires:       pkgconfig(bzip2)
+
 %description devel
 ImageMagick is a robust collection of tools and libraries to read,
 write, and manipulate an image in many image formats, including popular
@@ -220,21 +142,32 @@ the command line as well as through C, C++, and Perl-based programming
 interfaces.
 
 %if !%{debug_build}
+%package extra
+Summary:        Extra codecs for the ImageMagick image viewer/converter
+Group:          Productivity/Graphics/Other
+Requires:       ImageMagick = %{version}
+Requires:       libMagickCore%{libspec}%{clibver} = %{version}
+Recommends:     autotrace
+Recommends:     dcraw
+Recommends:     hp2xx
+Recommends:     libwmf
+Recommends:     netpbm
+Recommends:     transfig
+
 %description extra
 This package adds support for djvu, wmf and jpeg2000 formats and
 installs optional helper applications.
-
-ImageMagick is a robust collection of tools and libraries to read,
-write, and manipulate an image in many image formats, including popular
-formats like TIFF, JPEG, PNG, PDF, PhotoCD, and GIF. With ImageMagick,
-you can create images dynamically, making it suitable for Web
-applications. You can also resize, rotate, sharpen, color-reduce, or
-add special effects to an image and save your completed work in many
-different image formats. Image processing operations are available from
-the command line as well as through C, C++, and Perl-based programming
-interfaces.
 %endif
 
+%package -n libMagickCore%{libspec}%{clibver}
+Summary:        C runtime library for ImageMagick
+Group:          Productivity/Graphics/Other
+Requires:       imagick-config-7
+Recommends:     ImageMagick-config-7-SUSE
+Recommends:     ghostscript
+Suggests:       ImageMagick-extra = %{version}
+Recommends:     ImageMagick
+
 %description -n libMagickCore%{libspec}%{clibver}
 ImageMagick is a robust collection of tools and libraries to read,
 write, and manipulate an image in many image formats, including popular
@@ -246,6 +179,11 @@ different image formats. Image processing operations are available from
 the command line as well as through C, C++, and Perl-based programming
 interfaces.
 
+%package -n libMagickWand%{libspec}%{cwandver}
+Summary:        C runtime library for ImageMagick
+Group:          Productivity/Graphics/Other
+Recommends:     ImageMagick
+
 %description -n libMagickWand%{libspec}%{cwandver}
 ImageMagick is a robust collection of tools and libraries to read,
 write, and manipulate an image in many image formats, including popular
@@ -257,10 +195,10 @@ different image formats. Image processing operations are available from
 the command line as well as through C, C++, and Perl-based programming
 interfaces.
 
-%description -n perl-PerlMagick
-PerlMagick is an objected-oriented Perl interface to ImageMagick. Use
-the module to read, manipulate, or write an image or image sequence
-from within a Perl script. This makes it suitable for Web CGI scripts.
+%package -n libMagick++%{libspec}%{cxxlibver}
+Summary:        C++ interface runtime library for ImageMagick
+Group:          Development/Libraries/C and C++
+Recommends:     ImageMagick
 
 %description -n libMagick++%{libspec}%{cxxlibver}
 This is Magick++, the object-oriented C++ API for the ImageMagick
@@ -277,6 +215,13 @@ De-referenced copies are automatically deleted. The image objects
 support value (rather than pointer) semantics so it is trivial to
 support multiple generations of an image in memory at one time.
 
+%package -n libMagick++-devel
+Summary:        Development files for ImageMagick's C++ interface
+Group:          Development/Libraries/C and C++
+Requires:       libMagick++%{libspec}%{cxxlibver} = %{version}
+Requires:       libstdc++-devel
+Requires:       pkgconfig(ImageMagick) = %{mfr_version}
+
 %description -n libMagick++-devel
 This is Magick++, the object-oriented C++ API for the ImageMagick
 image-processing library.
@@ -292,72 +237,31 @@ De-referenced copies are automatically deleted. The image objects
 support value (rather than pointer) semantics so it is trivial to
 support multiple generations of an image in memory at one time.
 
+%package doc
+Summary:        Document Files for ImageMagick Library
+Group:          Documentation/HTML
+BuildArch:      noarch
+
 %description doc
 HTML documentation for ImageMagick library and scene examples.
 
-%description %{config_spec}-upstream-open
-This policy is designed for usage in secure settings like those
-protected by firewalls or within Docker containers. Within this framework,
-ImageMagick enjoys broad access to resources and functionalities. This policy
-provides convenient and adaptable options for image manipulation. However,
-it's important to note that it might present security vulnerabilities in
-less regulated conditions. Thus, organizations should thoroughly assess
-the appropriateness of the open policy according to their particular use
-case and security prerequisites.
+%package config-7-SUSE
+Summary:        SUSE Provided Configuration
+Group:          Development/Libraries/C and C++
+Provides:       imagick-config-7
+Conflicts:      imagick-config-7
+BuildArch:      noarch
 
-%description %{config_spec}-upstream-limited
-The primary objective of the limited security policy is to find a
-middle ground between convenience and security. This policy involves the
-deactivation of potentially hazardous functionalities, like specific coders
-such as SVG or HTTP. Furthermore, it establishes several constraints on
-the utilization of resources like memory, storage, and processing duration,
-all of which are adjustable. This policy proves advantageous in situations
-where there's a need to mitigate the potential threat of handling possibly
-malicious or demanding images, all while retaining essential capabilities
-for prevalent image formats.
-
-%description %{config_spec}-upstream-secure
-This stringent security policy prioritizes the implementation of
-rigorous controls and restricted resource utilization to establish a
-profoundly secure setting while employing ImageMagick. It deactivates
-conceivably hazardous functionalities, including specific coders like
-SVG or HTTP. The policy promotes the tailoring of security measures to
-harmonize with the requirements of the local environment and the guidelines
-of the organization. This protocol encompasses explicit particulars like
-limitations on memory consumption, sanctioned pathways for reading and
-writing, confines on image sequences, the utmost permissible duration of
-workflows, allocation of disk space intended for image data, and even an
-undisclosed passphrase for remote connections. By adopting this robust
-policy, entities can elevate their overall security stance and alleviate
-potential vulnerabilities.
-
-%description %{config_spec}-upstream-websafe
-This security protocol designed for web-safe usage focuses on situations
-where ImageMagick is applied in publicly accessible contexts, like websites.
-It deactivates the capability to read from or write to any image formats
-other than web-safe formats like GIF, JPEG, and PNG. Additionally, this
-policy prohibits the execution of image filters and indirect reads, thereby
-thwarting potential security breaches. By implementing these limitations,
-the web-safe policy fortifies the safeguarding of systems accessible to
-the public, reducing the risk of exploiting ImageMagick's capabilities
-for potential attacks.
-
-%description %{config_spec}-SUSE
-ImageMagick configuration as provide by SUSE. It is upstream 'secure'
+%description config-7-SUSE
+ImageMagick configuration as provided by SUSE. It is upstream 'secure'
 policy plus disable few other coders for reading and/or writing.
 
 %prep
 %setup -q -n ImageMagick-%{source_version}
-%patch2 -p1
-%ifarch i586
-%if %{?suse_version} < 1550
-%patch4 -p1
-%endif
-%endif
+%patch -P 2 -p1
 %ifarch s390x
-%patch5 -p1
+%patch -P 5 -p1
 %endif
-%patch6 -p1
 
 %build
 # bsc#1088463
@@ -373,6 +277,7 @@ export SHAREARCH_DIRNAME="config%{libspec}%{clibver}"
 export CFLAGS="%{optflags} -O0"
 export CXXFLAGS="%{optflags} -O0"
 %endif
+export CONFIGURE_RELATIVE_PATH=%{config_dir}
 %configure \
   --disable-silent-rules \
   --enable-shared \
@@ -390,7 +295,7 @@ export CXXFLAGS="%{optflags} -O0"
   --with-gs-font-dir=%{_datadir}/fonts/ghostscript \
 %endif
   --with-perl \
-  --with-perl-options="INSTALLDIRS=vendor %{?perl_prefix} CC='gcc -L$PWD/magick/.libs' LDDLFLAGS='-shared -L$PWD/magick/.libs'" \
+  --with-perl-options="INSTALLDIRS=vendor INSTALLVENDORARCH=%{perl_vendorarch} INSTALLVENDORMAN3DIR=/usr/share/man/man3" \
   --disable-static \
   --with-gvc \
 %if %{with ddjvuapi}
@@ -409,6 +314,7 @@ export CXXFLAGS="%{optflags} -O0"
   --enable-pipes=no \
   --enable-reproducible-build=yes \
   --disable-openmp
+
 %if %{asan_build}
 sed -i -e 's/\(^CFLAGS.*\)/\1 -fsanitize=address/' \
        -e 's/\(^LIBS =.*\)/\1 -lasan/' \
@@ -418,7 +324,7 @@ sed -i -e 's/\(^CFLAGS.*\)/\1 -fsanitize=address/' \
 # [1] http://pkgs.fedoraproject.org/cgit/ImageMagick.git/tree/ImageMagick.spec
 %make_build all
 %make_build -j1 perl-build
-# mostly because */demo is used later with %check
+# mostly because */demo is used later with %%check
 # polutting dir with .libs etc.
 cp -r Magick++/demo Magick++/examples
 cp -r PerlMagick/demo PerlMagick/examples
@@ -427,18 +333,19 @@ chmod -x PerlMagick/demo/*.pl
 exit 0
 
 %check
+%ifarch i586
+# do not report test issues related to 32-bit architectures upstream,
+# they do not want to dedicate any time to fix them:
+# https://github.com/ImageMagick/ImageMagick/issues/1215
+exit 0
+%endif
 %if %{debug_build} || %{asan_build}
 # testsuite does not succeed for some reason
 # research TODO
 exit 0
 %endif
-%ifarch i586
-# do not report test issues related to 32-bit architectures upstream,
-# they do not want to dedicate any time to fix them:
-# https://github.com/ImageMagick/ImageMagick/issues/1215
-rm PerlMagick/t/montage.t
-sed -i -e 's:averageImages ::' -e 's:1..13:1..12:' Magick++/tests/tests.tap
-%endif
+# ensure we do not block any coder by security policy
+cp config/policy-open.xml config/policy.xml
 %make_build check
 export MAGICK_CODER_MODULE_PATH=$PWD/coders/.libs
 export MAGICK_CODER_FILTER_PATH=$PWD/filters/.libs
@@ -451,24 +358,17 @@ sed -i 's:TEST_VERBOSE=0:TEST_VERBOSE=1:' Makefile
 cd ..
 
 %install
-%make_install pkgdocdir=%{_defaultdocdir}/%{name}-%{maj}/
-# configuration magic
-mv -t %{buildroot}%{_sysconfdir}/%{name}* %{buildroot}%{_datadir}/%{name}*/*.xml
-for policy in open limited secure websafe; do
-  cp -r %{buildroot}%{_sysconfdir}/%{config_dir}{,-upstream-$policy}
-  cp config/policy-$policy.xml %{buildroot}%{_sysconfdir}/%{config_dir}-upstream-$policy
-done
-mv %{buildroot}%{_sysconfdir}/%{config_dir}{,-SUSE}
-cp config/policy-secure.xml %{buildroot}%{_sysconfdir}/%{config_dir}-SUSE
-patch --fuzz=0 --dir %{buildroot}%{_sysconfdir}/%{config_dir}-SUSE < %{PATCH0}
-mkdir -p  %{buildroot}%{_sysconfdir}/alternatives/
-ln -sf %{_sysconfdir}/alternatives/%{config_dir} %{buildroot}%{_sysconfdir}/%{config_dir}
+%make_install pkgdocdir=%{_defaultdocdir}/ImageMagick-7/
+# default policy (SUSE)
+cp config/policy-secure.xml config/policy.xml
+patch --fuzz=0 -p1 < %{PATCH0}
+cp config/policy.xml %{buildroot}%{_sysconfdir}/%{config_dir}
 # symlink header file relative to /usr/include/ImageMagick-7/
 # so that inclusions like wand/*.h and magick/*.h work
-ln -s ./MagickCore %{buildroot}%{_includedir}/%{name}-%{maj}/magick
-ln -s ./MagickWand %{buildroot}%{_includedir}/%{name}-%{maj}/wand
-# these will be included via %doc
-rm -r %{buildroot}%{_datadir}/doc/%{name}-%{maj}/
+ln -s ./MagickCore %{buildroot}%{_includedir}/ImageMagick-7/magick
+ln -s ./MagickWand %{buildroot}%{_includedir}/ImageMagick-7/wand
+# these will be included via %%doc
+rm -r %{buildroot}%{_datadir}/doc/ImageMagick-7/
 rm %{buildroot}%{_libdir}/*.la
 # remove RPATH from perl module
 perl_module=$(find %{buildroot}%{_prefix}/lib/perl5 -name '*.so')
@@ -478,8 +378,8 @@ chmod 555 $perl_module
 # remove %%{buildroot} from distributed file
 sed -i 's:%{buildroot}::' %{buildroot}/%{_libdir}/ImageMagick-%{mfr_version}/config%{libspec}%{clibver}/configure.xml
 #remove duplicates
-%fdupes -s %{buildroot}%{_defaultdocdir}/%{name}-%{maj}
-%fdupes -s %{buildroot}%{_includedir}/%{name}-%{maj}
+%fdupes -s %{buildroot}%{_defaultdocdir}/ImageMagick-7
+%fdupes -s %{buildroot}%{_includedir}/ImageMagick-7
 %fdupes -s %{buildroot}%{_libdir}/pkgconfig
 %perl_process_packlist
 
@@ -490,96 +390,14 @@ sed -i 's:%{buildroot}::' %{buildroot}/%{_libdir}/ImageMagick-%{mfr_version}/con
 %post -n libMagick++%{libspec}%{cxxlibver} -p /sbin/ldconfig
 %postun -n libMagick++%{libspec}%{cxxlibver} -p /sbin/ldconfig
 
-%post %{config_spec}-upstream-open
-%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir}  %{config_dir}   %{_sysconfdir}/%{config_dir}-upstream-open  1
-
-%postun %{config_spec}-upstream-open
-if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
-    %{_sbindir}/update-alternatives --quiet --remove %{config_dir}  %{_sysconfdir}/%{config_dir}-upstream
-fi
-
-%post %{config_spec}-upstream-limited
-%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir}  %{config_dir}   %{_sysconfdir}/%{config_dir}-upstream-limited  5
-
-%postun %{config_spec}-upstream-limited
-if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
-    %{_sbindir}/update-alternatives --quiet --remove %{config_dir}  %{_sysconfdir}/%{config_dir}-upstream-limited
-fi
-
-%post %{config_spec}-upstream-secure
-%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir}  %{config_dir}   %{_sysconfdir}/%{config_dir}-upstream-secure  10
-
-%postun %{config_spec}-upstream-secure
-if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
-    %{_sbindir}/update-alternatives --quiet --remove %{config_dir}  %{_sysconfdir}/%{config_dir}-upstream-secure
-fi
-
-%pretrans %{config_spec}-upstream-open -p <lua>
--- this %pretrans to be removed soon [bug#1122033#c37]
-path = "%{_sysconfdir}/%{config_dir}"
-st = posix.stat(path)
-if st and st.type == "directory" then
-  os.remove(path .. ".rpmmoved")
-  os.rename(path, path .. ".rpmmoved")
-end
-
-%pretrans %{config_spec}-upstream-limited -p <lua>
--- this %pretrans to be removed soon [bug#1122033#c37]
-path = "%{_sysconfdir}/%{config_dir}"
-st = posix.stat(path)
-if st and st.type == "directory" then
-  os.remove(path .. ".rpmmoved")
-  os.rename(path, path .. ".rpmmoved")
-end
-%pretrans %{config_spec}-upstream-secure -p <lua>
--- this %pretrans to be removed soon [bug#1122033#c37]
-path = "%{_sysconfdir}/%{config_dir}"
-st = posix.stat(path)
-if st and st.type == "directory" then
-  os.remove(path .. ".rpmmoved")
-  os.rename(path, path .. ".rpmmoved")
-end
-
-%pretrans %{config_spec}-SUSE -p <lua>
--- this %pretrans to be removed soon [bug#1122033#c37]
-path = "%{_sysconfdir}/%{config_dir}"
-st = posix.stat(path)
-if st and st.type == "directory" then
-  os.remove(path .. ".rpmmoved")
-  os.rename(path, path .. ".rpmmoved")
-end
-
-%pretrans %{config_spec}-upstream-websafe -p <lua>
--- this %pretrans to be removed soon [bug#1122033#c37]
-path = "%{_sysconfdir}/%{config_dir}"
-st = posix.stat(path)
-if st and st.type == "directory" then
-  os.remove(path .. ".rpmmoved")
-  os.rename(path, path .. ".rpmmoved")
-end
-
-%post %{config_spec}-SUSE
-%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir}  %{config_dir}   %{_sysconfdir}/%{config_dir}-SUSE      15
-
-%postun %{config_spec}-SUSE
-if [ ! -d %{_sysconfdir}/%{config_dir}-SUSE ] ; then
-    %{_sbindir}/update-alternatives --quiet --remove %{config_dir}  %{_sysconfdir}/%{config_dir}-SUSE
-fi
-
-%post %{config_spec}-upstream-websafe
-%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir}  %{config_dir}   %{_sysconfdir}/%{config_dir}-upstream-websafe  20
-
-%postun %{config_spec}-upstream-websafe
-if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
-    %{_sbindir}/update-alternatives --quiet --remove %{config_dir}  %{_sysconfdir}/%{config_dir}-upstream-websafe
-fi
-
 %files
 %license LICENSE
-%doc NEWS.txt
 %{_bindir}/[^MW]*
 %{_mandir}/man1/*
 %exclude %{_mandir}/man1/*-config.1%{ext_man}
+%{_datadir}/ImageMagick-7
+%{_sysconfdir}/%{config_dir}
+%exclude %{_sysconfdir}/%{config_dir}/policy.xml
 
 %files -n libMagickCore%{libspec}%{clibver}
 %license LICENSE
@@ -642,7 +460,7 @@ fi
 
 %files -n libMagick++-devel
 %doc Magick++/examples
-%doc Magick++/NEWS Magick++/README Magick++/AUTHORS
+%doc Magick++/AUTHORS
 %{_libdir}/libMagick++*.so
 %{_includedir}/ImageMagick*/Magick++.h
 %{_includedir}/ImageMagick*/Magick++
@@ -651,36 +469,149 @@ fi
 %{_mandir}/man1/Magick++-config.1%{?ext_man}
 
 %files doc
-%{_defaultdocdir}/%{name}-%{maj}
+%{_defaultdocdir}/ImageMagick-7
 
-%files %{config_spec}-upstream-open
-%dir %{_sysconfdir}/ImageMagick*-upstream-open/
-%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-open/*
-%{_sysconfdir}/%{config_dir}
-%ghost %{_sysconfdir}/alternatives/%{config_dir}
+%files config-7-SUSE
+%{_sysconfdir}/%{config_dir}/policy.xml
 
-%files %{config_spec}-upstream-limited
-%dir %{_sysconfdir}/ImageMagick*-upstream-limited/
-%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-limited/*
-%{_sysconfdir}/%{config_dir}
-%ghost %{_sysconfdir}/alternatives/%{config_dir}
+%endif
+# END NIL FLAVOR
 
-%files %{config_spec}-upstream-secure
-%dir %{_sysconfdir}/ImageMagick*-upstream-secure/
-%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-secure/*
-%{_sysconfdir}/%{config_dir}
-%ghost %{_sysconfdir}/alternatives/%{config_dir}
+%if "%{flavor}" == "config_open"
+%package config-7-upstream-open
+Summary:        Open ImageMagick Security Policy
+Group:          Development/Libraries/C and C++
+Provides:       imagick-config-7
+Obsoletes:      config-7-upstream < %{version}
+Provides:       config-7-upstream = %{version}
+Conflicts:      imagick-config-7
+BuildArch:      noarch
 
-%files %{config_spec}-SUSE
-%dir %{_sysconfdir}/ImageMagick*-SUSE/
-%config %{_sysconfdir}/ImageMagick*-SUSE/*
-%{_sysconfdir}/%{config_dir}
-%ghost %{_sysconfdir}/alternatives/%{config_dir}
+%description config-7-upstream-open
+This policy is designed for usage in secure settings like those
+protected by firewalls or within Docker containers. Within this framework,
+ImageMagick enjoys broad access to resources and functionalities. This policy
+provides convenient and adaptable options for image manipulation. However,
+it's important to note that it might present security vulnerabilities in
+less regulated conditions. Thus, organizations should thoroughly assess
+the appropriateness of the open policy according to their particular use
+case and security prerequisites.
 
-%files %{config_spec}-upstream-websafe
-%dir %{_sysconfdir}/ImageMagick*-upstream-websafe/
-%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-websafe/*
-%{_sysconfdir}/%{config_dir}
-%ghost %{_sysconfdir}/alternatives/%{config_dir}
+%prep
+%setup -q -n ImageMagick-%{source_version}
+
+%build
+
+%install
+mkdir -p %{buildroot}%{_sysconfdir}/%{config_dir}/
+cp config/policy-open.xml %{buildroot}%{_sysconfdir}/%{config_dir}/policy.xml
+
+%files config-7-upstream-open
+%dir %{_sysconfdir}/%{config_dir}
+%config(noreplace) %{_sysconfdir}/%{config_dir}/policy.xml
+%endif
+
+%if "%{flavor}" == "config_limited"
+%package config-7-upstream-limited
+Summary:        Limited ImageMagick Security Policy
+Group:          Development/Libraries/C and C++
+Provides:       imagick-config-7
+Conflicts:      imagick-config-7
+BuildArch:      noarch
+
+%description config-7-upstream-limited
+The primary objective of the limited security policy is to find a
+middle ground between convenience and security. This policy involves the
+deactivation of potentially hazardous functionalities, like specific coders
+such as SVG or HTTP. Furthermore, it establishes several constraints on
+the utilization of resources like memory, storage, and processing duration,
+all of which are adjustable. This policy proves advantageous in situations
+where there's a need to mitigate the potential threat of handling possibly
+malicious or demanding images, all while retaining essential capabilities
+for prevalent image formats.
+
+%prep
+%setup -q -n ImageMagick-%{source_version}
+
+%build
+
+%install
+mkdir -p %{buildroot}%{_sysconfdir}/%{config_dir}/
+cp config/policy-limited.xml %{buildroot}%{_sysconfdir}/%{config_dir}/policy.xml
+
+%files config-7-upstream-limited
+%dir %{_sysconfdir}/%{config_dir}
+%config(noreplace) %{_sysconfdir}/%{config_dir}/policy.xml
+%endif
+
+%if "%{flavor}" == "config_secure"
+%package config-7-upstream-secure
+Summary:        Secure ImageMagick Security Policy
+Group:          Development/Libraries/C and C++
+Provides:       imagick-config-7
+Conflicts:      imagick-config-7
+BuildArch:      noarch
+
+%description config-7-upstream-secure
+This stringent security policy prioritizes the implementation of
+rigorous controls and restricted resource utilization to establish a
+profoundly secure setting while employing ImageMagick. It deactivates
+conceivably hazardous functionalities, including specific coders like
+SVG or HTTP. The policy promotes the tailoring of security measures to
+harmonize with the requirements of the local environment and the guidelines
+of the organization. This protocol encompasses explicit particulars like
+limitations on memory consumption, sanctioned pathways for reading and
+writing, confines on image sequences, the utmost permissible duration of
+workflows, allocation of disk space intended for image data, and even an
+undisclosed passphrase for remote connections. By adopting this robust
+policy, entities can elevate their overall security stance and alleviate
+potential vulnerabilities.
+
+%prep
+%setup -q -n ImageMagick-%{source_version}
+
+%build
+
+%install
+mkdir -p %{buildroot}%{_sysconfdir}/%{config_dir}/
+cp config/policy-secure.xml %{buildroot}%{_sysconfdir}/%{config_dir}/policy.xml
+
+%files config-7-upstream-secure
+%dir %{_sysconfdir}/%{config_dir}
+%config(noreplace) %{_sysconfdir}/%{config_dir}/policy.xml
+%endif
+
+%if "%{flavor}" == "config_websafe"
+%package config-7-upstream-websafe
+Summary:        Web-safe ImageMagick Security Policy
+Group:          Development/Libraries/C and C++
+Provides:       imagick-config-7
+Conflicts:      imagick-config-7
+BuildArch:      noarch
+
+%description config-7-upstream-websafe
+This security protocol designed for web-safe usage focuses on situations
+where ImageMagick is applied in publicly accessible contexts, like websites.
+It deactivates the capability to read from or write to any image formats
+other than web-safe formats like GIF, JPEG, and PNG. Additionally, this
+policy prohibits the execution of image filters and indirect reads, thereby
+thwarting potential security breaches. By implementing these limitations,
+the web-safe policy fortifies the safeguarding of systems accessible to
+the public, reducing the risk of exploiting ImageMagick's capabilities
+for potential attacks.
+
+%prep
+%setup -q -n ImageMagick-%{source_version}
+
+%build
+
+%install
+mkdir -p %{buildroot}%{_sysconfdir}/%{config_dir}/
+cp config/policy-websafe.xml %{buildroot}%{_sysconfdir}/%{config_dir}/policy.xml
+
+%files config-7-upstream-websafe
+%dir %{_sysconfdir}/%{config_dir}
+%config(noreplace) %{_sysconfdir}/%{config_dir}/policy.xml
+%endif
 
 %changelog

_multibuild

@@ -0,0 +1,6 @@
+<multibuild>
+  <package>config_open</package>
+  <package>config_limited</package>
+  <package>config_secure</package>
+  <package>config_websafe</package>
+</multibuild>