pool/GraphicsMagick
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

merge into: pool:slfo-main
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main
...
pull from: pool:factory
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main

4 Commits
slfo-main ... factory

Author SHA256 Message Date
Dominique Leuenberger
8bdfdac3bc Accepting request 1324183 from graphics 
versino update to 1.3.46

OBS-URL: https://build.opensuse.org/request/show/1324183
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/GraphicsMagick?expand=0&rev=97
 2025-12-24 12:15:16 +00:00
Petr Gajdos
2b984ee473 versino update to 1.3.46 
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=167
 2025-12-22 11:42:25 +00:00
Ana Guerrero
385649e176 Accepting request 1317714 from graphics 
- recommend xorg-x11-fonts-legacy
  (https://progress.opensuse.org/issues/192340)

OBS-URL: https://build.opensuse.org/request/show/1317714
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/GraphicsMagick?expand=0&rev=96
 2025-11-17 11:08:25 +00:00
Petr Gajdos
4242722e08 checkin 
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=165
 2025-11-14 07:05:57 +00:00
10 changed files with 74 additions and 129 deletions
Expand all files Collapse all files

BIN
GraphicsMagick-1.3.45.tar.xz LFS
View File

Binary file not shown.

3
GraphicsMagick-1.3.46.tar.xz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c7c706a505e9c6c3764156bb94a0c9644d79131785df15a89c9f8721d1abd061
size 5968736

14
GraphicsMagick-CVE-2025-27795.patch
View File

@@ -1,14 +0,0 @@
diff -r db3ff8d00c28 -r 9bbae7314e3c coders/jxl.c
--- a/coders/jxl.c Sat Sep 07 10:14:51 2024 -0500
+++ b/coders/jxl.c Mon Sep 09 08:01:43 2024 -0500
@@ -637,6 +638,9 @@
image->orientation=convert_orientation(basic_info.orientation);
+ if (CheckImagePixelLimits(image, exception) != MagickPass)
+ ThrowJXLReaderException(ResourceLimitError,ImagePixelLimitExceeded,image);
+
pixel_format.endianness=JXL_NATIVE_ENDIAN;
pixel_format.align=0;
if (basic_info.num_color_channels == 1)

43
GraphicsMagick-CVE-2025-27796.patch
View File

@@ -1,43 +0,0 @@
diff -r cf7cd5ebabb0 -r 883ebf8cae6d coders/wpg.c
--- a/coders/wpg.c Mon Dec 16 10:50:23 2024 -0600
+++ b/coders/wpg.c Thu Dec 19 12:57:33 2024 -0600
@@ -1704,28 +1704,23 @@
ThrowReaderException(CorruptImageError,InvalidColormapIndex,image);
}
- if(pPalette!=NULL &&
- PaletteAllocBytes < 4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries))
- {
- MagickFreeResourceLimitedMemory(pPalette);
- PaletteAllocBytes = 0;
- }
+ /* Assure that buffer is allocated and the current size */
+ if (PaletteAllocBytes != Max(4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries),4*256))
+ {
+ PaletteAllocBytes = Max(4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries),4*256);
+ MagickReallocateResourceLimitedMemory(unsigned char *,pPalette,PaletteAllocBytes);
+ }
if(pPalette==NULL)
- {
- PaletteItems = WPG_Palette.NumOfEntries;
- PaletteAllocBytes = 4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries);
- if(PaletteAllocBytes < 4*256) PaletteAllocBytes = 4*256;
- pPalette = MagickAllocateResourceLimitedMemory(unsigned char *,(size_t)PaletteAllocBytes);
- if(pPalette==NULL)
- ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);
- for(i=0; i<=255; i++)
+ ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);
+
+ PaletteItems = WPG_Palette.NumOfEntries;
+ for(i=0; i<=255; i++)
{
pPalette[4*i] = WPG1_Palette[i].Red;
pPalette[4*i+1] = WPG1_Palette[i].Green;
pPalette[4*i+2] = WPG1_Palette[i].Blue;
pPalette[4*i+3] = OpaqueOpacity;
}
- }
if(ReadBlob(image,(size_t) PaletteItems*4,pPalette+((size_t)4*WPG_Palette.StartIndex)) != (size_t) PaletteItems*4)
{
MagickFreeResourceLimitedMemory(pPalette);

13
GraphicsMagick-CVE-2025-32460.patch
View File

@@ -1,13 +0,0 @@
Index: GraphicsMagick-1.3.45/coders/jxl.c
===================================================================
--- GraphicsMagick-1.3.45.orig/coders/jxl.c
+++ GraphicsMagick-1.3.45/coders/jxl.c
@@ -657,7 +657,7 @@ static Image *ReadJXLImage(const ImageIn
ThrowJXLReaderException(ResourceLimitError,MemoryAllocationFailed,image);
}
grayscale=MagickTrue;
- pixel_format.num_channels=1;
+ pixel_format.num_channels=image->matte ? 2 : 1;
pixel_format.data_type=(basic_info.bits_per_sample <= 8 ? JXL_TYPE_UINT8 :
(basic_info.bits_per_sample <= 16 ? JXL_TYPE_UINT16 :
JXL_TYPE_FLOAT));

62
GraphicsMagick-disable-insecure-coders.patch
View File

@@ -1,7 +1,7 @@
Index: GraphicsMagick-1.3.45/coders/pdf.c
Index: GraphicsMagick-1.3.46/coders/pdf.c
===================================================================
--- GraphicsMagick-1.3.45.orig/coders/pdf.c
+++ GraphicsMagick-1.3.45/coders/pdf.c
--- GraphicsMagick-1.3.46.orig/coders/pdf.c
+++ GraphicsMagick-1.3.46/coders/pdf.c
@@ -499,7 +499,7 @@ ModuleExport void RegisterPDFImage(void)
entry->seekable_stream=True;
entry->description="Encapsulated Portable Document Format";
@@ -20,10 +20,10 @@ Index: GraphicsMagick-1.3.45/coders/pdf.c
(void) RegisterMagickInfo(entry);
}
Index: GraphicsMagick-1.3.45/coders/ps.c
Index: GraphicsMagick-1.3.46/coders/ps.c
===================================================================
--- GraphicsMagick-1.3.45.orig/coders/ps.c
+++ GraphicsMagick-1.3.45/coders/ps.c
--- GraphicsMagick-1.3.46.orig/coders/ps.c
+++ GraphicsMagick-1.3.46/coders/ps.c
@@ -456,7 +456,7 @@ ModuleExport void RegisterPSImage(void)
entry->adjoin=False;
entry->description="Adobe Encapsulated PostScript Interchange format";
@@ -69,10 +69,10 @@ Index: GraphicsMagick-1.3.45/coders/ps.c
(void) RegisterMagickInfo(entry);
}
Index: GraphicsMagick-1.3.45/coders/ps2.c
Index: GraphicsMagick-1.3.46/coders/ps2.c
===================================================================
--- GraphicsMagick-1.3.45.orig/coders/ps2.c
+++ GraphicsMagick-1.3.45/coders/ps2.c
--- GraphicsMagick-1.3.46.orig/coders/ps2.c
+++ GraphicsMagick-1.3.46/coders/ps2.c
@@ -252,7 +252,7 @@ ModuleExport void RegisterPS2Image(void)
entry->seekable_stream=True;
entry->description="Adobe Level II Encapsulated PostScript";
@@ -91,10 +91,10 @@ Index: GraphicsMagick-1.3.45/coders/ps2.c
(void) RegisterMagickInfo(entry);
}
Index: GraphicsMagick-1.3.45/coders/ps3.c
Index: GraphicsMagick-1.3.46/coders/ps3.c
===================================================================
--- GraphicsMagick-1.3.45.orig/coders/ps3.c
+++ GraphicsMagick-1.3.45/coders/ps3.c
--- GraphicsMagick-1.3.46.orig/coders/ps3.c
+++ GraphicsMagick-1.3.46/coders/ps3.c
@@ -394,7 +394,7 @@ ModuleExport void RegisterPS3Image(void)
entry->description="Adobe Level III Encapsulated PostScript";
entry->seekable_stream=MagickTrue;
@@ -113,11 +113,11 @@ Index: GraphicsMagick-1.3.45/coders/ps3.c
(void) RegisterMagickInfo(entry);
}
Index: GraphicsMagick-1.3.45/config/delegates.mgk.in
Index: GraphicsMagick-1.3.46/config/delegates.mgk.in
===================================================================
--- GraphicsMagick-1.3.45.orig/config/delegates.mgk.in
+++ GraphicsMagick-1.3.45/config/delegates.mgk.in
@@ -76,27 +76,27 @@
--- GraphicsMagick-1.3.46.orig/config/delegates.mgk.in
+++ GraphicsMagick-1.3.46/config/delegates.mgk.in
@@ -88,27 +88,27 @@
<delegate decode="dot" command='"@DOTDecodeDelegate@" -Tps "%i" -o "%o"' />
<delegate decode="dvi" command='"@DVIDecodeDelegate@" -q -o "%o" "%i"' />
<delegate decode="edit" stealth="True" command='"@EditorDelegate@" -title "Edit Image Comment" -e vi "%o"' />
@@ -153,7 +153,7 @@ Index: GraphicsMagick-1.3.45/config/delegates.mgk.in
<!-- Read monochrome PDF using Poppler's pdftoppm -->
<delegate decode="poppler-mono" stealth="True" command='"pdftoppm" "-mono" "-freetype" "yes" "-aa" "yes" "-aaVector" "yes" "-rx" "72" "-ry" "72" "%s" ">" "%s"' />
@@ -120,16 +120,16 @@
@@ -132,16 +132,16 @@
<!-- Write MPEG file using mpeg2encode -->
<delegate encode="mpeg-encode" stealth="True" command='"@MPEGEncodeDelegate@" "%i" "%o"' />
<!-- Convert PDF to Encapsulated Poscript using Ghostscript -->
@@ -174,12 +174,12 @@ Index: GraphicsMagick-1.3.45/config/delegates.mgk.in
+ <!--delegate decode="ps" encode="print" mode="encode" command='"@PrintDelegate@" "%i"' /-->
<!-- Read HTML file -->
<delegate decode="shtml" command='"@HTMLDecodeDelegate@" -U -o "%o" "%i"' />
<delegate encode="show" stealth="True" command='"@GMDelegate@" display -immutable -delay 0 -window_group %g -title "%l of %f" "%o" &' />
Index: GraphicsMagick-1.3.45/Makefile.in
<delegate encode="show" stealth="True" command='"@GMDelegate@" display -immutable -delay 0 -window_group %g -title "%l of %f" "%o" &amp;' />
Index: GraphicsMagick-1.3.46/Makefile.in
===================================================================
--- GraphicsMagick-1.3.45.orig/Makefile.in
+++ GraphicsMagick-1.3.45/Makefile.in
@@ -4386,7 +4386,6 @@ TESTS_TESTS = \
--- GraphicsMagick-1.3.46.orig/Makefile.in
+++ GraphicsMagick-1.3.46/Makefile.in
@@ -4383,7 +4383,6 @@ TESTS_TESTS = \
tests/rwfile.tap \
tests/rwfile_sized.tap \
tests/rwfile_miff.tap \
@@ -187,10 +187,10 @@ Index: GraphicsMagick-1.3.45/Makefile.in
tests/rwfile_deep.tap
TESTS_EXTRA_DIST = \
Index: GraphicsMagick-1.3.45/tests/rwblob.tap
Index: GraphicsMagick-1.3.46/tests/rwblob.tap
===================================================================
--- GraphicsMagick-1.3.45.orig/tests/rwblob.tap
+++ GraphicsMagick-1.3.45/tests/rwblob.tap
--- GraphicsMagick-1.3.46.orig/tests/rwblob.tap
+++ GraphicsMagick-1.3.46/tests/rwblob.tap
@@ -10,7 +10,7 @@ rwblob=./rwblob
check_types='bilevel gray palette truecolor'
@@ -219,16 +219,16 @@ Index: GraphicsMagick-1.3.45/tests/rwblob.tap
# FAX format
for type in ${check_types}
do
Index: GraphicsMagick-1.3.45/tests/rwfile.tap
Index: GraphicsMagick-1.3.46/tests/rwfile.tap
===================================================================
--- GraphicsMagick-1.3.45.orig/tests/rwfile.tap
+++ GraphicsMagick-1.3.45/tests/rwfile.tap
--- GraphicsMagick-1.3.46.orig/tests/rwfile.tap
+++ GraphicsMagick-1.3.46/tests/rwfile.tap
@@ -12,7 +12,7 @@ check_types='bilevel gray palette trueco
check_types_noone='bilevel gray palette truecolor'
# Number of tests we plan to run
-test_plan_fn 857
+test_plan_fn 807
-test_plan_fn 897
+test_plan_fn 847
# AAI format
for type in ${check_types}
@@ -295,7 +295,7 @@ Index: GraphicsMagick-1.3.45/tests/rwfile.tap
# PGM format
for type in ${check_types}
do
@@ -378,27 +329,6 @@ do
@@ -406,27 +357,6 @@ do
done
done

6
GraphicsMagick-perl-linkage.patch
View File

@@ -1,7 +1,7 @@
Index: GraphicsMagick-1.3.31/PerlMagick/Makefile.PL.in
Index: GraphicsMagick-1.3.46/PerlMagick/Makefile.PL.in
===================================================================
--- GraphicsMagick-1.3.31.orig/PerlMagick/Makefile.PL.in 2018-12-19 11:03:59.273709484 +0100
+++ GraphicsMagick-1.3.31/PerlMagick/Makefile.PL.in 2018-12-19 11:06:05.822305744 +0100
--- GraphicsMagick-1.3.46.orig/PerlMagick/Makefile.PL.in
+++ GraphicsMagick-1.3.46/PerlMagick/Makefile.PL.in
@@ -78,7 +78,7 @@ WriteMakefile
'INSTALLBIN' => $magick_BIN_DIR,

13
GraphicsMagick-return-value.patch
View File

@@ -1,13 +0,0 @@
Index: GraphicsMagick-1.3.45/coders/wpg.c
===================================================================
--- GraphicsMagick-1.3.45.orig/coders/wpg.c
+++ GraphicsMagick-1.3.45/coders/wpg.c
@@ -1708,7 +1708,7 @@ UnpackRaster1bpp:
if (PaletteAllocBytes != Max(4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries),4*256))
{
PaletteAllocBytes = Max(4*(WPG_Palette.StartIndex+WPG_Palette.NumOfEntries),4*256);
- MagickReallocateResourceLimitedMemory(unsigned char *,pPalette,PaletteAllocBytes);
+ pPalette=MagickReallocateResourceLimitedMemory(unsigned char *,pPalette,PaletteAllocBytes);
}
if(pPalette==NULL)
ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);

35
GraphicsMagick.changes
View File

@@ -1,3 +1,38 @@
-------------------------------------------------------------------
Mon Dec 22 11:36:09 UTC 2025 - Petr Gajdos <pgajdos@suse.com>
- versino update to 1.3.46
* MSL: Use libxml2's SAX handlers for the MVG XML-based scripting
implementation. This removes a lot of archaic cruft which might
suffer from security issues.
* JP2: Fix Jasper max_samples calculation to avoid DOS due to huge
image dimensions.
* JXL: Apply image dimension resource limits. Fix heap buffer write
overflow while reading image.
* SVG: Use libxml2's SAX handlers for the SVG renderer. This removes
a lot of archaic cruft which might suffer from security issues.
* WPG: Assure that the palette buffer is allocated and the current
size (SourceForge bug #750).
* ColorFloodfillImage(): For floodfill, return an error if a clip-mask
is present. The problem is that the algorithm may not converge if a
clip-mask is present.
* ThumbnailImage(): Prevent a divide by zero crash.
* other bug fixes
- modified patches
* GraphicsMagick-disable-insecure-coders.patch (refreshed)
* GraphicsMagick-perl-linkage.patch (refreshed)
- deleted patches
* GraphicsMagick-CVE-2025-27795.patch (upstreamed)
* GraphicsMagick-CVE-2025-27796.patch (upstreamed)
* GraphicsMagick-CVE-2025-32460.patch (upstreamed)
* GraphicsMagick-return-value.patch (upstreamed)
-------------------------------------------------------------------
Fri Nov 14 07:04:58 UTC 2025 - pgajdos@suse.com
- recommend xorg-x11-fonts-legacy
(https://progress.opensuse.org/issues/192340)
-------------------------------------------------------------------
Tue Apr 15 07:15:10 UTC 2025 - pgajdos@suse.com

11
GraphicsMagick.spec
View File

@@ -24,7 +24,7 @@
%define pp_so_ver 12
%define wand_so_ver 2
Name: GraphicsMagick
Version: 1.3.45
Version: 1.3.46
Release: 0
Summary: Viewer and Converter for Images
License: MIT
@@ -33,14 +33,6 @@ URL: http://www.GraphicsMagick.org/
Source: https://downloads.sourceforge.net/project/graphicsmagick/graphicsmagick/%{version}/%{name}-%{version}.tar.xz
Patch0: GraphicsMagick-perl-linkage.patch
Patch1: GraphicsMagick-disable-insecure-coders.patch
# CVE-2025-27795 [bsc#1239044], JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
Patch2: GraphicsMagick-CVE-2025-27795.patch
# CVE-2025-27796 [bsc#1239043], WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation.
Patch3: GraphicsMagick-CVE-2025-27796.patch
# use return value of realloc function
Patch4: GraphicsMagick-return-value.patch
# CVE-2025-32460 [bsc#1241150], heap-based buffer over-read in ReadJXLImage
Patch5: GraphicsMagick-CVE-2025-32460.patch
BuildRequires: cups-client
BuildRequires: dcraw
BuildRequires: gcc-c++
@@ -65,6 +57,7 @@ BuildRequires: pkgconfig(zlib)
%if 0%{?suse_version} > 1500
BuildRequires: pkgconfig(libjxl)
%endif
Recommends: xorg-x11-fonts-legacy
%description
GraphicsMagick provides an image manipulation and translation