diff --git a/ImageMagick-7.1.1-15.tar.xz b/ImageMagick-7.1.1-15.tar.xz
deleted file mode 100644
index 3361f7f..0000000
--- a/ImageMagick-7.1.1-15.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c8589ea233f678b0474daaba19a55ce783b52b25495fb5ba93ac1d377f65bb2f
-size 10200668
diff --git a/ImageMagick-7.1.1-15.tar.xz.asc b/ImageMagick-7.1.1-15.tar.xz.asc
deleted file mode 100644
index 28437b9..0000000
--- a/ImageMagick-7.1.1-15.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmTGad0ACgkQiatj1IJ3
-N3q70A//VACuhnStqbXC+miIR0u7kOzip6uCszmV+X5w7L4ePCdke6Hp7CoSLATo
-/BJUt+CU2K8a6exHwx4tTTtNm9ALASFfubL9aUCjKCh+83H6dnHgI5NpS2gSsNMD
-i+FRlmm0yKKYTZZqwgWkTYDWJvnHhEEtVX+C1vgAyljlusjb+bSmEVGYPdh+EXca
-rMF2bnOT3GG+MiLvI93wJAqhIGz1Zh85Ywf+wzSRaRby2z3cvH6RUMbfQXD1bOQL
-l3BT+vtEsw6+GV37iWzqhVwFMWBYNzJDZUsUN6V9HmcnLdKVpPLT9a1jDZhBBDzc
-kH5f4iaseG3jp7rz9BbXYQGMC8iRpZv+Ty3ew+EzjZ5Bt7ThxXVl/VnfofXOI6de
-m2qj2SnLF/G3BFctpfTVYO4SWiED1/aNt5k8S0KHuYRKmGzjGf3vBV0LBIMKXs4y
-VTpCm1p+RcUjHD9MKEcRpsGi6KGyLH4dZlKDwXhQ/Vcj8hg7DvvS+O2uPq/QjXPg
-Dzlp0JkdRHAIMWR7Jf1XEVe1IPfl4lrxQnQkX1SxVMQExa/vXflQR91el9ijeVTv
-2EEMx6hzzp07ZmQvFBCruY/gliPwyZdCY2/BmwHJ0hMekg9Z4p8NLcna+rtEMaBJ
-E7IjHdHcXXxwDPCNGpeiNLSdO/oi3Il+Z0nVFqw0pI3AbojUde8=
-=0QMW
------END PGP SIGNATURE-----
diff --git a/ImageMagick-7.1.1-17.tar.xz b/ImageMagick-7.1.1-17.tar.xz
new file mode 100644
index 0000000..553f159
--- /dev/null
+++ b/ImageMagick-7.1.1-17.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1178b2062569d83314feb9ce586eaf1144c5daa3da3784ea641cee6d28cec00b
+size 10222236
diff --git a/ImageMagick-7.1.1-17.tar.xz.asc b/ImageMagick-7.1.1-17.tar.xz.asc
new file mode 100644
index 0000000..f49af2f
--- /dev/null
+++ b/ImageMagick-7.1.1-17.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmUKIgoACgkQiatj1IJ3
+N3o8dg//YEt4TKYNJVn7T7plRPKcIkMygVJssF+23l7RQMCPnvI1seFPfM+I8HNZ
+0FWSTR2AHDBMKPSb9P4Ztu6e7DrOsllx7Nu28FMj6/2uHzL1341azC72wOp/aCHo
+VDr/D8BnoYU9EAptnRxyIGgEqCpzKeu4sVlwyAx9ydoYUy1i1hGauQHNGhIXsAUm
+b7/rB7nMjbB67aTl3q7LbKQO26O4frpDmxJgEh65cL1rst5LdgQXFUM+o+Y2ZfMf
+a/4cvVcmb5KSplqn1PJUZrc6rjEeJO3w3hEYkEMxoOXLaujXzKpg6Gf540HdsHH8
+9HdNcrxwXLZsKrzrSHWaSPWihgEqGryHKH9PjF4gSLh+k0uYJRtBPRm/17tu5d/a
+Tl2CC4n5RZqkq4lB7ofYJ2O838HSrNN43j3TA2qVPBorsMxJvw/Q5xVSusn4Pt0F
+ZLkpSSnHSeKZMURT2q/ptoSkmAx9/G4FO1Pe9su5hT/5JZGewV+3rGWtyBLwpHkg
+LL3d0FkzONf7LuT1fALtZV4hr0xn3L8zBb99jHh+nKYxFrk+M7sqwnJyd9uXHt8o
+uVbuxfIiZz8J1sB+0BbTW/9zeDJDdZ+fs+13BsBFaHILaIGqdijuAZ8VZJfWUDPj
+qOm826vFF3VouRThoxSWhwN4WJ6JR+bIZKKL+Fzustzf3uZ5aKI=
+=K65O
+-----END PGP SIGNATURE-----
diff --git a/ImageMagick-configuration-SUSE.patch b/ImageMagick-configuration-SUSE.patch
index 0c6d61c..68bdbe5 100644
--- a/ImageMagick-configuration-SUSE.patch
+++ b/ImageMagick-configuration-SUSE.patch
@@ -1,29 +1,15 @@
---- ImageMagick-7.1.0-43/config/policy.xml
-+++ ImageMagick-7.1.0-43/config/policy.xml
-@@ -79,5 +79,26 @@
-
-
-
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-
-
+--- a/config/policy-secure.xml
++++ b/config/policy-secure.xml
+@@ -92,8 +92,10 @@
+
+
+
++
++
+
+-
++
+
+
+
diff --git a/ImageMagick-library-installable-in-parallel.patch b/ImageMagick-library-installable-in-parallel.patch
index f16d461..5624892 100644
--- a/ImageMagick-library-installable-in-parallel.patch
+++ b/ImageMagick-library-installable-in-parallel.patch
@@ -1,8 +1,8 @@
-Index: ImageMagick-7.1.1-15/configure
+Index: ImageMagick-7.1.1-17/configure
===================================================================
---- ImageMagick-7.1.1-15.orig/configure
-+++ ImageMagick-7.1.1-15/configure
-@@ -35317,7 +35317,9 @@ fi
+--- ImageMagick-7.1.1-17.orig/configure
++++ ImageMagick-7.1.1-17/configure
+@@ -34840,7 +34840,9 @@ fi
# Subdirectory to place architecture-dependent configuration files
diff --git a/ImageMagick.changes b/ImageMagick.changes
index d05b53b..c8a209e 100644
--- a/ImageMagick.changes
+++ b/ImageMagick.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Thu Sep 21 15:26:22 UTC 2023 - pgajdos@suse.com
+
+- version update to 7.1.1.17
+ * upstream changelog:
+ https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-17---2023-09-19
+- modified patches
+ % ImageMagick-library-installable-in-parallel.patch (refreshed)
+- follow upstream, create open, limited, secure and websafe alternative
+ configuration packages with different policy.xml
+- removing p7zip redundant dependency
+
-------------------------------------------------------------------
Tue Aug 22 13:11:14 UTC 2023 - pgajdos@suse.com
@@ -23,6 +35,9 @@ Tue May 30 08:33:42 UTC 2023 - pgajdos@suse.com
- version update to 7.1.1.11
* upstream changelog:
https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-11---2023-05-29
+ * [bsc#1200389] CVE-2022-32546
+ * [bsc#1211792] CVE-2023-34153
+ * [bsc#1211791] CVE-2023-34151
-------------------------------------------------------------------
Thu May 25 08:05:03 UTC 2023 - pgajdos@suse.com
@@ -66,6 +81,7 @@ Tue Mar 14 13:30:28 UTC 2023 - pgajdos@suse.com
https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
- modified patches
% ImageMagick-library-installable-in-parallel.patch (refreshed)
+- [bsc#1209141] CVE-2023-1289
-------------------------------------------------------------------
Mon Mar 13 08:45:26 UTC 2023 - Martin Pluskal
@@ -150,6 +166,8 @@ Wed Oct 26 09:27:50 UTC 2022 - Dirk Müller
* latest automake configuration
* fix undefined-shift in ReadTGAImage @ https://oss-fuzz.com/testcase?key=5129864151957504
* prevent divide by zero exception
+- [bsc#1207982] CVE-2022-44267
+- [bsc#1207983] CVE-2022-44268
-------------------------------------------------------------------
Wed Oct 12 08:06:39 UTC 2022 - Paolo Stivanin
@@ -158,6 +176,7 @@ Wed Oct 12 08:06:39 UTC 2022 - Paolo Stivanin
upstream changelog:
https://raw.githubusercontent.com/ImageMagick/Website/main/ChangeLog.md
- rebae ImageMagick-library-installable-in-parallel.patch
+- [bsc#1203450] CVE-2022-3213
-------------------------------------------------------------------
Wed Sep 28 14:10:28 UTC 2022 - Dirk Müller
@@ -358,6 +377,9 @@ Tue Apr 19 13:37:18 UTC 2022 - Dirk Müller
* Fixes #4985: 4e+26 is outside the range of representable values of type
'unsigned long' at
- fix typo on update-alternatives call
+- CVE-2022-2719 [bsc#1202250]
+- [bsc#1199350] CVE-2022-28463
+- [bsc#1200387] CVE-2022-32547
-------------------------------------------------------------------
Sun Apr 17 12:36:12 UTC 2022 - Christian Boltz
@@ -370,6 +392,8 @@ Thu Apr 7 07:29:22 UTC 2022 - pgajdos@suse.com
- version update to 7.1.0.29
see ChangeLog.md for details
(https://github.com/ImageMagick/ImageMagick/blob/main/ChangeLog.md)
+ * CVE-2022-1115 [bsc#1198701]
+ * [bsc#1200389] (CVE-2022-32546
-------------------------------------------------------------------
Wed Mar 23 21:46:16 UTC 2022 - Dirk Müller
@@ -379,6 +403,8 @@ Wed Mar 23 21:46:16 UTC 2022 - Dirk Müller
* fix PS and EPS %%BoundingBox not being parsed
* fix stack based buffer overflow in _TIFFVGetField (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42549)
* fix heap buffer overflow in dcm image reading (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45640)
+ * CVE-2022-1114 [bsc#1198700]
+ * [bsc#1200388] CVE-2022-32545
-------------------------------------------------------------------
Tue Mar 15 11:34:13 UTC 2022 - pgajdos@suse.com
@@ -438,6 +464,7 @@ Wed Feb 2 13:08:44 UTC 2022 - pgajdos@suse.com
https://github.com/ImageMagick/ImageMagick/discussions/4533).
* Add support for formatted text (reference
https://github.com/ImageMagick/ImageMagick/discussions/4515).
+ * CVE-2022-0284 [bsc#1195563]
-------------------------------------------------------------------
Thu Dec 30 09:38:20 UTC 2021 - Dirk Müller
@@ -446,6 +473,7 @@ Thu Dec 30 09:38:20 UTC 2021 - Dirk Müller
* support -integral option.
* possible DoS for certain SVG constructs (reference
https://github.com/ImageMagick/ImageMagick/issues/4626).
+ * CVE-2021-4219 [bsc#1196337]
-------------------------------------------------------------------
Tue Dec 21 23:12:27 UTC 2021 - Dirk Müller
diff --git a/ImageMagick.spec b/ImageMagick.spec
index c1d8edc..a232054 100644
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@@ -20,7 +20,7 @@
%define asan_build 0
%define maj 7
%define mfr_version %{maj}.1.1
-%define mfr_revision 15
+%define mfr_revision 17
%define quantum_depth 16
%define source_version %{mfr_version}-%{mfr_revision}
%define clibver 10
@@ -84,11 +84,6 @@ BuildRequires: pkgconfig(libwebpmux)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(lqr-1)
BuildRequires: pkgconfig(pango)
-%if 0%{?suse_version} > 1500
-BuildRequires: p7zip-full
-%else
-BuildRequires: p7zip
-%endif
%if %{with djvu}
BuildRequires: pkgconfig(ddjvuapi)
%endif
@@ -162,15 +157,38 @@ Summary: Document Files for ImageMagick Library
Group: Documentation/HTML
BuildArch: noarch
-%package %{config_spec}-upstream
-Summary: Upstream Configuration Files
+%package %{config_spec}-upstream-open
+Summary: Open ImageMagick Security Policy
+Group: Development/Libraries/C and C++
+Requires(post): update-alternatives
+Requires(postun):update-alternatives
+Provides: imagick-%{config_spec}
+Obsoletes: %{config_spec}-upstream < %{version}
+Provides: %{config_spec}-upstream = %{version}
+
+%package %{config_spec}-upstream-limited
+Summary: Limited ImageMagick Security Policy
+Group: Development/Libraries/C and C++
+Requires(post): update-alternatives
+Requires(postun):update-alternatives
+Provides: imagick-%{config_spec}
+
+%package %{config_spec}-upstream-secure
+Summary: Secure ImageMagick Security Policy
+Group: Development/Libraries/C and C++
+Requires(post): update-alternatives
+Requires(postun):update-alternatives
+Provides: imagick-%{config_spec}
+
+%package %{config_spec}-upstream-websafe
+Summary: Web-safe ImageMagick Security Policy
Group: Development/Libraries/C and C++
Requires(post): update-alternatives
Requires(postun):update-alternatives
Provides: imagick-%{config_spec}
%package %{config_spec}-SUSE
-Summary: Upstream Configuration Files
+Summary: SUSE Provided Configuration
Group: Development/Libraries/C and C++
Requires(post): update-alternatives
Requires(postun):update-alternatives
@@ -274,20 +292,56 @@ support multiple generations of an image in memory at one time.
%description doc
HTML documentation for ImageMagick library and scene examples.
-%description %{config_spec}-upstream
-ImageMagick configuration as supplied by upstream. It does not
-provide any security restrictions. ImageMagick will be vulnerable
-for example by ImageTragick or PS/PDF coder issues. It should
-be used in trusted environment. Version or maintenance updates
-will not overwrite user changes in system configuration.
+%description %{config_spec}-upstream-open
+This policy is designed for usage in secure settings like those
+protected by firewalls or within Docker containers. Within this framework,
+ImageMagick enjoys broad access to resources and functionalities. This policy
+provides convenient and adaptable options for image manipulation. However,
+it's important to note that it might present security vulnerabilities in
+less regulated conditions. Thus, organizations should thoroughly assess
+the appropriateness of the open policy according to their particular use
+case and security prerequisites.
+
+%description %{config_spec}-upstream-limited
+The primary objective of the limited security policy is to find a
+middle ground between convenience and security. This policy involves the
+deactivation of potentially hazardous functionalities, like specific coders
+such as SVG or HTTP. Furthermore, it establishes several constraints on
+the utilization of resources like memory, storage, and processing duration,
+all of which are adjustable. This policy proves advantageous in situations
+where there's a need to mitigate the potential threat of handling possibly
+malicious or demanding images, all while retaining essential capabilities
+for prevalent image formats.
+
+%description %{config_spec}-upstream-secure
+This stringent security policy prioritizes the implementation of
+rigorous controls and restricted resource utilization to establish a
+profoundly secure setting while employing ImageMagick. It deactivates
+conceivably hazardous functionalities, including specific coders like
+SVG or HTTP. The policy promotes the tailoring of security measures to
+harmonize with the requirements of the local environment and the guidelines
+of the organization. This protocol encompasses explicit particulars like
+limitations on memory consumption, sanctioned pathways for reading and
+writing, confines on image sequences, the utmost permissible duration of
+workflows, allocation of disk space intended for image data, and even an
+undisclosed passphrase for remote connections. By adopting this robust
+policy, entities can elevate their overall security stance and alleviate
+potential vulnerabilities.
+
+%description %{config_spec}-upstream-websafe
+This security protocol designed for web-safe usage focuses on situations
+where ImageMagick is applied in publicly accessible contexts, like websites.
+It deactivates the capability to read from or write to any image formats
+other than web-safe formats like GIF, JPEG, and PNG. Additionally, this
+policy prohibits the execution of image filters and indirect reads, thereby
+thwarting potential security breaches. By implementing these limitations,
+the web-safe policy fortifies the safeguarding of systems accessible to
+the public, reducing the risk of exploiting ImageMagick's capabilities
+for potential attacks.
%description %{config_spec}-SUSE
-ImageMagick configuration as provide by SUSE. It is more security
-aware than config-upstream variant. It does disable some coders,
-that are insecure by design to prevent user to use them
-inadvertently. Configuration can be subject of change by future
-version and maintenance updates and system changes will not be
-preserved.
+ImageMagick configuration as provide by SUSE. It is upstream 'secure'
+policy plus disable few other coders for reading and/or writing.
%prep
%setup -q -n ImageMagick-%{source_version}
@@ -363,9 +417,9 @@ cp -r Magick++/demo Magick++/examples
cp -r PerlMagick/demo PerlMagick/examples
# other improvements
chmod -x PerlMagick/demo/*.pl
+exit 0
%check
-exit 0
%if %{debug_build} || %{asan_build}
# testsuite does not succeed for some reason
# research TODO
@@ -390,8 +444,12 @@ cd ..
%make_install pkgdocdir=%{_defaultdocdir}/%{name}-%{maj}/
# configuration magic
mv -t %{buildroot}%{_sysconfdir}/%{name}* %{buildroot}%{_datadir}/%{name}*/*.xml
-mv %{buildroot}%{_sysconfdir}/%{config_dir}{,-upstream}
-cp -r %{buildroot}%{_sysconfdir}/%{config_dir}{-upstream,-SUSE}
+for policy in open limited secure websafe; do
+ cp -r %{buildroot}%{_sysconfdir}/%{config_dir}{,-upstream-$policy}
+ cp config/policy-$policy.xml %{buildroot}%{_sysconfdir}/%{config_dir}-upstream-$policy
+done
+mv %{buildroot}%{_sysconfdir}/%{config_dir}{,-SUSE}
+cp config/policy-secure.xml %{buildroot}%{_sysconfdir}/%{config_dir}-SUSE
patch --fuzz=0 --dir %{buildroot}%{_sysconfdir}/%{config_dir}-SUSE < %{PATCH0}
mkdir -p %{buildroot}%{_sysconfdir}/alternatives/
ln -sf %{_sysconfdir}/alternatives/%{config_dir} %{buildroot}%{_sysconfdir}/%{config_dir}
@@ -421,7 +479,32 @@ sed -i 's:%{buildroot}::' %{buildroot}/%{_libdir}/ImageMagick-%{mfr_version}/con
%postun -n libMagickWand%{libspec}%{cwandver} -p /sbin/ldconfig
%post -n libMagick++%{libspec}%{cxxlibver} -p /sbin/ldconfig
%postun -n libMagick++%{libspec}%{cxxlibver} -p /sbin/ldconfig
-%pretrans %{config_spec}-upstream -p
+
+%post %{config_spec}-upstream-open
+%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-open 1
+
+%postun %{config_spec}-upstream-open
+if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
+ %{_sbindir}/update-alternatives --quiet --remove %{config_dir} %{_sysconfdir}/%{config_dir}-upstream
+fi
+
+%post %{config_spec}-upstream-limited
+%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-limited 5
+
+%postun %{config_spec}-upstream-limited
+if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
+ %{_sbindir}/update-alternatives --quiet --remove %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-limited
+fi
+
+%post %{config_spec}-upstream-secure
+%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-secure 10
+
+%postun %{config_spec}-upstream-secure
+if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
+ %{_sbindir}/update-alternatives --quiet --remove %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-secure
+fi
+
+%pretrans %{config_spec}-upstream-open -p
-- this %pretrans to be removed soon [bug#1122033#c37]
path = "%{_sysconfdir}/%{config_dir}"
st = posix.stat(path)
@@ -430,13 +513,22 @@ if st and st.type == "directory" then
os.rename(path, path .. ".rpmmoved")
end
-%post %{config_spec}-upstream
-%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-upstream 1
-
-%postun %{config_spec}-upstream
-if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
- %{_sbindir}/update-alternatives --quiet --remove %{config_dir} %{_sysconfdir}/%{config_dir}-upstream
-fi
+%pretrans %{config_spec}-upstream-limited -p
+-- this %pretrans to be removed soon [bug#1122033#c37]
+path = "%{_sysconfdir}/%{config_dir}"
+st = posix.stat(path)
+if st and st.type == "directory" then
+ os.remove(path .. ".rpmmoved")
+ os.rename(path, path .. ".rpmmoved")
+end
+%pretrans %{config_spec}-upstream-secure -p
+-- this %pretrans to be removed soon [bug#1122033#c37]
+path = "%{_sysconfdir}/%{config_dir}"
+st = posix.stat(path)
+if st and st.type == "directory" then
+ os.remove(path .. ".rpmmoved")
+ os.rename(path, path .. ".rpmmoved")
+end
%pretrans %{config_spec}-SUSE -p
-- this %pretrans to be removed soon [bug#1122033#c37]
@@ -447,14 +539,31 @@ if st and st.type == "directory" then
os.rename(path, path .. ".rpmmoved")
end
+%pretrans %{config_spec}-upstream-websafe -p
+-- this %pretrans to be removed soon [bug#1122033#c37]
+path = "%{_sysconfdir}/%{config_dir}"
+st = posix.stat(path)
+if st and st.type == "directory" then
+ os.remove(path .. ".rpmmoved")
+ os.rename(path, path .. ".rpmmoved")
+end
+
%post %{config_spec}-SUSE
-%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-SUSE 10
+%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-SUSE 15
%postun %{config_spec}-SUSE
if [ ! -d %{_sysconfdir}/%{config_dir}-SUSE ] ; then
%{_sbindir}/update-alternatives --quiet --remove %{config_dir} %{_sysconfdir}/%{config_dir}-SUSE
fi
+%post %{config_spec}-upstream-websafe
+%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-websafe 20
+
+%postun %{config_spec}-upstream-websafe
+if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
+ %{_sbindir}/update-alternatives --quiet --remove %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-websafe
+fi
+
%files
%license LICENSE
%doc NEWS.txt
@@ -534,9 +643,21 @@ fi
%files doc
%{_defaultdocdir}/%{name}-%{maj}
-%files %{config_spec}-upstream
-%dir %{_sysconfdir}/ImageMagick*-upstream/
-%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream/*
+%files %{config_spec}-upstream-open
+%dir %{_sysconfdir}/ImageMagick*-upstream-open/
+%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-open/*
+%{_sysconfdir}/%{config_dir}
+%ghost %{_sysconfdir}/alternatives/%{config_dir}
+
+%files %{config_spec}-upstream-limited
+%dir %{_sysconfdir}/ImageMagick*-upstream-limited/
+%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-limited/*
+%{_sysconfdir}/%{config_dir}
+%ghost %{_sysconfdir}/alternatives/%{config_dir}
+
+%files %{config_spec}-upstream-secure
+%dir %{_sysconfdir}/ImageMagick*-upstream-secure/
+%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-secure/*
%{_sysconfdir}/%{config_dir}
%ghost %{_sysconfdir}/alternatives/%{config_dir}
@@ -546,4 +667,10 @@ fi
%{_sysconfdir}/%{config_dir}
%ghost %{_sysconfdir}/alternatives/%{config_dir}
+%files %{config_spec}-upstream-websafe
+%dir %{_sysconfdir}/ImageMagick*-upstream-websafe/
+%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-websafe/*
+%{_sysconfdir}/%{config_dir}
+%ghost %{_sysconfdir}/alternatives/%{config_dir}
+
%changelog