diff --git a/ImageMagick-7.1.1-26.tar.xz b/ImageMagick-7.1.1-26.tar.xz deleted file mode 100644 index 5d84947..0000000 --- a/ImageMagick-7.1.1-26.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6c7eb871fd97a5925fe03386bfab84c7ef6373371ae5e4666902aeafcea917ec -size 10554692 diff --git a/ImageMagick-7.1.1-26.tar.xz.asc b/ImageMagick-7.1.1-26.tar.xz.asc deleted file mode 100644 index 5c5b62f..0000000 --- a/ImageMagick-7.1.1-26.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmWa850ACgkQiatj1IJ3 -N3q8sxAAitWqoI50NFh3KraGfzPKB8FmIfjpBUUTsGATYUvXRxt+oDe6XQ+Kzi1T -SplAbi/IxrDutIcWVhuQa+SbNbL7SwpLvQ1wMWrevSIuTJokjclTTLVBUcJMWurW -6WHOHgfkXlkacAv5vjytbe1lWEFuAljqf6w1F7yJVOFnxuIFtoAZgkTDeMEU3Fkw -qhksxKXbG8ODvsjEDuGRPxI/UwtVznk4OsXs/FOOvuTV6iVum7DfmU6xo5IUkkfD -bCKWzRdjS3DsvNI+Zn5WmUNSoZzDQzyR9WzdwU6Mfeo3mTT6+6uhmkAxk1AJZWUs -oQGglJKZKEu7eEkgbVtZnkFEpoMkNN62McEt0t0DVGtJDkaMRgwie1B6Bfpu31+W -BWkRZWgvqkcOViEE155HTxqAPTMt+M4D58RZkC+qk0her/GwKiH8sx4KjvCmREnF -3zBK6Elr4Qcqqp8kX2nba8k8k0RIjkMdFuWrMcfL5Ro99NK8vo890u14FQPhJ7Nl -zB3YLl8sTPT8vxhl2Zs8zn+FOV7oavAf++7nurHMyWN/hsEhWRWnvluYaYJ09byH -p728xZSq4W8369+nO6jc4j1XzDU8xMcptrGXd/vdox7+Yt58dQ7wWPfJRAD88uf2 -ys67OFFkZsOnLHI76apQBYHqaCzGr0aTFMyMzEGg7su41ijgZo8= -=we2n ------END PGP SIGNATURE----- diff --git a/ImageMagick-7.1.1-29.tar.xz b/ImageMagick-7.1.1-29.tar.xz new file mode 100644 index 0000000..53c8b48 --- /dev/null +++ b/ImageMagick-7.1.1-29.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f140465fbeb0b4724cba4394bc6f6fb32715731c1c62572d586f4f1c8b9b0685 +size 10612124 diff --git a/ImageMagick-7.1.1-29.tar.xz.asc b/ImageMagick-7.1.1-29.tar.xz.asc new file mode 100644 index 0000000..6022ef4 --- /dev/null +++ b/ImageMagick-7.1.1-29.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmXbWjgACgkQiatj1IJ3 +N3qSCA/+ONC4mKQXW6Ak2p4HAkIJz9iLu3MsiKfoPEATNaca+Iu0ud3Td1WYRQa4 +jG8xYlBMpQsAlgUT+Bj1VHNqACAt3j/Vd/1HVErydAxDEtwjIk6kM/+FDAEMa5u1 +aQsDlekd9HIA4tSZpEUtkQJaTrY5IvMClhwZvj5j9hOpKTlARO6qbVOCpmYdGGlW +Awa+nX98A6ftqBgxIa4cIuYcItNLAcpD0Tat9KKHiEY7IvxvajCSGHO5Pb0pLBny +UPd+Z6Ywpn8lBYSAtnYlm+0MPCgJVJwn8F6/4rJ39cMp2xWu9Eu5appTGSGbfbQf +ApNikiSjSlNdRbin6vmcJUXpaaKdZP5vB51qYokUhJuLwpsie3Ritl1HNZEEdqw4 +eJkeYZuQiLYX2HMudJ22UFj4k9SD1DPgjaJ9TR/eKyHsHDDmbJ8ql4IIuB7ss+wd +fTdPrCptDH9XM6xLzQ0CNTYNVw1GAjG8fVjCBJX9n1cGxg6qsfiWbvdLVTOvZN/R +z0vvRwLVTQy0z8EEl7lQD2FrRH8nQiGPXg8xq2rULB0ZRoeEsNT+sOBcUsgLk3hS +EPJqp/YjyPY60X+Hh8stZq6Yyn9wiMZcKQklyFj39i8fNgBbKEvfhHCSTdINyecc +Syk30ovTyHlKwIwDGTs8EwOphgkwLst3pB+Tfi6hdc5C7zaw7YY= +=Tg17 +-----END PGP SIGNATURE----- diff --git a/ImageMagick.changes b/ImageMagick.changes index cdaae4f..7bb1a94 100644 --- a/ImageMagick.changes +++ b/ImageMagick.changes @@ -1,3 +1,44 @@ +------------------------------------------------------------------- +Tue Feb 27 20:28:12 UTC 2024 - Arjen de Korte + +- version update to 7.1.1.29 + https://github.com/ImageMagick/Website/blob/main/ChangeLog.md + +------------------------------------------------------------------- +Thu Feb 22 07:57:01 UTC 2024 - Michael Vetter + +- Use %patch -P N instead of deprecated %patchN. + +------------------------------------------------------------------- +Sun Feb 11 20:57:22 UTC 2024 - Arjen de Korte + +- version update to 7.1.1.28 + https://github.com/ImageMagick/Website/blob/main/ChangeLog.md + +------------------------------------------------------------------- +Sun Jan 21 19:12:06 UTC 2024 - Arjen de Korte + +- version update to 7.1.1.27 + https://github.com/ImageMagick/Website/blob/main/ChangeLog.md + +------------------------------------------------------------------- +Tue Jan 16 14:54:49 UTC 2024 - pgajdos@suse.com + +- only one configuration again, based on upstream 'secure' policy +- other upstream policies packaged in documentation + +------------------------------------------------------------------- +Mon Jan 15 14:30:40 UTC 2024 - pgajdos@suse.com + +- use correct policy.xml + +------------------------------------------------------------------- +Sun Jan 14 10:57:43 UTC 2024 - munix9@googlemail.com + +- Fix incomplete removal of update-alternatives for config +- Replace obsolete 'otherproviders(imagick-%{config_spec})' with + 'Conflicts: imagick-%{config_spec}' + ------------------------------------------------------------------- Fri Jan 12 15:32:08 UTC 2024 - Arjen de Korte diff --git a/ImageMagick.spec b/ImageMagick.spec index 016128a..9cadf8b 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -20,15 +20,13 @@ %define asan_build 0 %define maj 7 %define mfr_version %{maj}.1.1 -%define mfr_revision 26 +%define mfr_revision 29 %define quantum_depth 16 %define source_version %{mfr_version}-%{mfr_revision} %define clibver 10 %define cwandver 10 %define cxxlibver 5 %define libspec -%{maj}_Q%{quantum_depth}HDRI -%define config_dir ImageMagick-7 -%define config_spec config-7 %define test_verbose 1 # bsc#1088463 %define urw_base35_fonts 0 @@ -98,6 +96,13 @@ BuildRequires: urw-base35-fonts BuildRequires: ghostscript-fonts-other BuildRequires: ghostscript-fonts-std %endif +Obsoletes: ImageMagick-config-7-SUSE < 7.1.1.27 +Provides: ImageMagick-config-7-SUSE = %{version} +Obsoletes: ImageMagick-config-7-upstream < 7.1.1.27 +Obsoletes: ImageMagick-config-7-upstream-open < 7.1.1.27 +Obsoletes: ImageMagick-config-7-upstream-secure < 7.1.1.27 +Obsoletes: ImageMagick-config-7-upstream-websafe < 7.1.1.27 +Obsoletes: imagemagick-config-7-upstream-limited < 7.1.1.27 %package -n perl-PerlMagick Summary: Perl interface for ImageMagick @@ -132,19 +137,19 @@ Recommends: transfig %package -n libMagickCore%{libspec}%{clibver} Summary: C runtime library for ImageMagick Group: Productivity/Graphics/Other -Requires: imagick-%{config_spec} -Recommends: %{config_spec}-SUSE Recommends: ghostscript -Suggests: %{name}-extra = %{version} +Suggests: ImageMagick-extra = %{version} +Recommends: ImageMagick %package -n libMagickWand%{libspec}%{cwandver} Summary: C runtime library for ImageMagick Group: Productivity/Graphics/Other +Recommends: ImageMagick %package -n libMagick++%{libspec}%{cxxlibver} Summary: C++ interface runtime library for ImageMagick Group: Development/Libraries/C and C++ -Requires: %{name} +Recommends: ImageMagick %package -n libMagick++-devel Summary: Development files for ImageMagick's C++ interface @@ -158,38 +163,6 @@ Summary: Document Files for ImageMagick Library Group: Documentation/HTML BuildArch: noarch -%package %{config_spec}-upstream-open -Summary: Open ImageMagick Security Policy -Group: Development/Libraries/C and C++ -Provides: imagick-%{config_spec} -Conflicts: otherproviders(imagick-%{config_spec}) -Obsoletes: %{config_spec}-upstream < %{version} -Provides: %{config_spec}-upstream = %{version} - -%package %{config_spec}-upstream-limited -Summary: Limited ImageMagick Security Policy -Group: Development/Libraries/C and C++ -Provides: imagick-%{config_spec} -Conflicts: otherproviders(imagick-%{config_spec}) - -%package %{config_spec}-upstream-secure -Summary: Secure ImageMagick Security Policy -Group: Development/Libraries/C and C++ -Provides: imagick-%{config_spec} -Conflicts: otherproviders(imagick-%{config_spec}) - -%package %{config_spec}-upstream-websafe -Summary: Web-safe ImageMagick Security Policy -Group: Development/Libraries/C and C++ -Provides: imagick-%{config_spec} -Conflicts: otherproviders(imagick-%{config_spec}) - -%package %{config_spec}-SUSE -Summary: SUSE Provided Configuration -Group: Development/Libraries/C and C++ -Provides: imagick-%{config_spec} -Conflicts: otherproviders(imagick-%{config_spec}) - %description ImageMagick is a robust collection of tools and libraries to read, write, and manipulate an image in many image formats, including popular @@ -288,67 +261,17 @@ support multiple generations of an image in memory at one time. %description doc HTML documentation for ImageMagick library and scene examples. -%description %{config_spec}-upstream-open -This policy is designed for usage in secure settings like those -protected by firewalls or within Docker containers. Within this framework, -ImageMagick enjoys broad access to resources and functionalities. This policy -provides convenient and adaptable options for image manipulation. However, -it's important to note that it might present security vulnerabilities in -less regulated conditions. Thus, organizations should thoroughly assess -the appropriateness of the open policy according to their particular use -case and security prerequisites. - -%description %{config_spec}-upstream-limited -The primary objective of the limited security policy is to find a -middle ground between convenience and security. This policy involves the -deactivation of potentially hazardous functionalities, like specific coders -such as SVG or HTTP. Furthermore, it establishes several constraints on -the utilization of resources like memory, storage, and processing duration, -all of which are adjustable. This policy proves advantageous in situations -where there's a need to mitigate the potential threat of handling possibly -malicious or demanding images, all while retaining essential capabilities -for prevalent image formats. - -%description %{config_spec}-upstream-secure -This stringent security policy prioritizes the implementation of -rigorous controls and restricted resource utilization to establish a -profoundly secure setting while employing ImageMagick. It deactivates -conceivably hazardous functionalities, including specific coders like -SVG or HTTP. The policy promotes the tailoring of security measures to -harmonize with the requirements of the local environment and the guidelines -of the organization. This protocol encompasses explicit particulars like -limitations on memory consumption, sanctioned pathways for reading and -writing, confines on image sequences, the utmost permissible duration of -workflows, allocation of disk space intended for image data, and even an -undisclosed passphrase for remote connections. By adopting this robust -policy, entities can elevate their overall security stance and alleviate -potential vulnerabilities. - -%description %{config_spec}-upstream-websafe -This security protocol designed for web-safe usage focuses on situations -where ImageMagick is applied in publicly accessible contexts, like websites. -It deactivates the capability to read from or write to any image formats -other than web-safe formats like GIF, JPEG, and PNG. Additionally, this -policy prohibits the execution of image filters and indirect reads, thereby -thwarting potential security breaches. By implementing these limitations, -the web-safe policy fortifies the safeguarding of systems accessible to -the public, reducing the risk of exploiting ImageMagick's capabilities -for potential attacks. - -%description %{config_spec}-SUSE -ImageMagick configuration as provide by SUSE. It is upstream 'secure' -policy plus disable few other coders for reading and/or writing. - %prep %setup -q -n ImageMagick-%{source_version} -%patch2 -p1 +%patch -P 0 -p1 +%patch -P 2 -p1 %ifarch i586 %if %{?suse_version} < 1550 -%patch4 -p1 +%patch -P 4 -p1 %endif %endif %ifarch s390x -%patch5 -p1 +%patch -P 5 -p1 %endif %build @@ -400,7 +323,8 @@ export CXXFLAGS="%{optflags} -O0" --without-gcc-arch \ --enable-pipes=no \ --enable-reproducible-build=yes \ - --disable-openmp + --disable-openmp \ + --with-security-policy=open # open for %%check %if %{asan_build} sed -i -e 's/\(^CFLAGS.*\)/\1 -fsanitize=address/' \ -e 's/\(^LIBS =.*\)/\1 -lasan/' \ @@ -410,7 +334,7 @@ sed -i -e 's/\(^CFLAGS.*\)/\1 -fsanitize=address/' \ # [1] http://pkgs.fedoraproject.org/cgit/ImageMagick.git/tree/ImageMagick.spec %make_build all %make_build -j1 perl-build -# mostly because */demo is used later with %check +# mostly because */demo is used later with %%check # polutting dir with .libs etc. cp -r Magick++/demo Magick++/examples cp -r PerlMagick/demo PerlMagick/examples @@ -443,24 +367,13 @@ sed -i 's:TEST_VERBOSE=0:TEST_VERBOSE=1:' Makefile cd .. %install -%make_install pkgdocdir=%{_defaultdocdir}/%{name}-%{maj}/ -# configuration magic -mv -t %{buildroot}%{_sysconfdir}/%{name}* %{buildroot}%{_datadir}/%{name}*/*.xml -for policy in open limited secure websafe; do - cp -r %{buildroot}%{_sysconfdir}/%{config_dir}{,-upstream-$policy} - cp config/policy-$policy.xml %{buildroot}%{_sysconfdir}/%{config_dir}-upstream-$policy -done -mv %{buildroot}%{_sysconfdir}/%{config_dir}{,-SUSE} -cp config/policy-secure.xml %{buildroot}%{_sysconfdir}/%{config_dir}-SUSE -patch --fuzz=0 --dir %{buildroot}%{_sysconfdir}/%{config_dir}-SUSE < %{PATCH0} -mkdir -p %{buildroot}%{_sysconfdir}/alternatives/ -ln -sf %{_sysconfdir}/alternatives/%{config_dir} %{buildroot}%{_sysconfdir}/%{config_dir} -# symlink header file relative to /usr/include/ImageMagick-7/ -# so that inclusions like wand/*.h and magick/*.h work -ln -s ./MagickCore %{buildroot}%{_includedir}/%{name}-%{maj}/magick -ln -s ./MagickWand %{buildroot}%{_includedir}/%{name}-%{maj}/wand -# these will be included via %doc -rm -r %{buildroot}%{_datadir}/doc/%{name}-%{maj}/ +%make_install pkgdocdir=%{_defaultdocdir}/ImageMagick-%{maj}/ +# suse modified secure policy as a default +cp config/policy-secure.xml %{buildroot}/etc/ImageMagick-%{maj}/policy.xml +ln -s ./MagickCore %{buildroot}%{_includedir}/ImageMagick-%{maj}/magick +ln -s ./MagickWand %{buildroot}%{_includedir}/ImageMagick-%{maj}/wand +# these will be included via %%doc +rm -r %{buildroot}%{_datadir}/doc/ImageMagick-%{maj}/ rm %{buildroot}%{_libdir}/*.la # remove RPATH from perl module perl_module=$(find %{buildroot}%{_prefix}/lib/perl5 -name '*.so') @@ -470,8 +383,8 @@ chmod 555 $perl_module # remove %%{buildroot} from distributed file sed -i 's:%{buildroot}::' %{buildroot}/%{_libdir}/ImageMagick-%{mfr_version}/config%{libspec}%{clibver}/configure.xml #remove duplicates -%fdupes -s %{buildroot}%{_defaultdocdir}/%{name}-%{maj} -%fdupes -s %{buildroot}%{_includedir}/%{name}-%{maj} +%fdupes -s %{buildroot}%{_defaultdocdir}/ImageMagick-%{maj} +%fdupes -s %{buildroot}%{_includedir}/ImageMagick-%{maj} %fdupes -s %{buildroot}%{_libdir}/pkgconfig %perl_process_packlist @@ -485,9 +398,13 @@ sed -i 's:%{buildroot}::' %{buildroot}/%{_libdir}/ImageMagick-%{mfr_version}/con %files %license LICENSE %doc NEWS.txt +%doc config/policy-{open,limited,secure,websafe}.xml %{_bindir}/[^MW]* %{_mandir}/man1/* %exclude %{_mandir}/man1/*-config.1%{ext_man} +%dir %{_sysconfdir}/ImageMagick-%{maj} +%config(noreplace) %{_sysconfdir}/ImageMagick-%{maj}/* +%{_datadir}/ImageMagick-%{maj} %files -n libMagickCore%{libspec}%{clibver} %license LICENSE @@ -559,36 +476,6 @@ sed -i 's:%{buildroot}::' %{buildroot}/%{_libdir}/ImageMagick-%{mfr_version}/con %{_mandir}/man1/Magick++-config.1%{?ext_man} %files doc -%{_defaultdocdir}/%{name}-%{maj} - -%files %{config_spec}-upstream-open -%dir %{_sysconfdir}/ImageMagick*-upstream-open/ -%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-open/* -%{_sysconfdir}/%{config_dir} -%ghost %{_sysconfdir}/alternatives/%{config_dir} - -%files %{config_spec}-upstream-limited -%dir %{_sysconfdir}/ImageMagick*-upstream-limited/ -%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-limited/* -%{_sysconfdir}/%{config_dir} -%ghost %{_sysconfdir}/alternatives/%{config_dir} - -%files %{config_spec}-upstream-secure -%dir %{_sysconfdir}/ImageMagick*-upstream-secure/ -%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-secure/* -%{_sysconfdir}/%{config_dir} -%ghost %{_sysconfdir}/alternatives/%{config_dir} - -%files %{config_spec}-SUSE -%dir %{_sysconfdir}/ImageMagick*-SUSE/ -%config %{_sysconfdir}/ImageMagick*-SUSE/* -%{_sysconfdir}/%{config_dir} -%ghost %{_sysconfdir}/alternatives/%{config_dir} - -%files %{config_spec}-upstream-websafe -%dir %{_sysconfdir}/ImageMagick*-upstream-websafe/ -%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-websafe/* -%{_sysconfdir}/%{config_dir} -%ghost %{_sysconfdir}/alternatives/%{config_dir} +%{_defaultdocdir}/ImageMagick-%{maj} %changelog