security update

ImageMagick-7.1.2-0.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmhzpugACgkQiatj1IJ3
-N3oAxg/+LGUZrTHB3ZHWWHZuL7aTDbWTyZVeCkV7ATnx0fysNsAijQE3F1ZWRXA9
-F8thN4POBodTtLo1WT4txSe15xkgspl/zcBceREtmvnukTLMhxqeh+7puW4ymgso
-UXuwH+ACHK7eTTIMFe57R3cjJYQiVVJ3VfGpa5T9kqHUFY2QR0R1irnsIBIO0Svu
-Xhf4ruxoEmAPqNPeR4SH+XfivrMflm2OXUlTmGJz8eiCs9Q2CLi6UzXadllYN8qj
-i7nBKW6QfWRl1GktwCdNQ5V8by6LbZbH5a+ns+7txyFd73IGIzO69izR6ZTpz+0Z
-haW+TqXlvX36w/QFbKkXzNzHRq5R708uE60htURdP5nKdPsmpuXUK32shNhQv349
-V6z7NxwVVkkvvgVn9c8cXr1BAF//X0WnaXNQqEpggDBYc8wEio+JoS0WwAzoWuSL
-v/oBKQQHB57hUgwGs1TvDzEAx5rDdU/CJf60kfcwMT1ep7Xo7egvFcaXacRmUSsj
-IFWE3GXtXGrcK6QEqv90YbLSbdTW4Li8lWQVd6ZGilfoLLuTwSbVwoEYfdZxvAdy
-PYTgSHzN/v09hn3T4yvQilV2xG8HD8wHr6nnb2EBQX5Nm2ZviUdUdMo4xQeZnhZd
-UafoFf9TK8QoPSQeEYoSIwjuixBHrNuEgNKd1+Lch01K04Xdi+M=
-=cMIz
------END PGP SIGNATURE-----

ImageMagick-7.1.2-8.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmj+Hz4ACgkQiatj1IJ3
+N3p+Vg/8CYxJgRHvCO4s3QFacyNM+e9TL4ssBBkkXDf2fk6tYQCqLD+iPqMPswjb
+qYZDsD2oDGCaqnciMIlF1782Gt67tjFFr57ikAJopqILWHBXfL4M81VoehHIjsao
+DS/DuxR/8DoOSsvWzDDEv98On1339HCncPlfbg5NDKEMNeWjq/RdNiFnNspjxhhp
+nbsGN9Eu1ToxIWXG7lA9diRk6wTpyuRqlPrKy1kSYaItjKpR9lkFY4zhCnISGUDr
+pvghTId+oksr1CZaa3SlMN53MGUEMMbl0FhRF6vYhm3bLVQr2s5NVdG/E6W98VAv
+aukurXRy65mJl2ohVzCSfyFi3Y3BFqsLNvqPIE/cYaFuXhDbcd+nrXi5zalSIrA+
+Er58sU8TY6fqA1XLImIhnlyJkZCFB30wyW11eIBmeKQXNL/OpkY0YoUoQT5F7GcZ
+50MlFgDNAUJR3O6C+Wxf8Kpcsvf+1OIJilBWb25+YSMig14nnIjajo2/uXMGoooJ
+XqtQ7HgFdWb6YQi4lsVadqSKTpMeEMsSh2OaUNi5aphME4Q9CFVJrqx1EWBtNP2q
+OteBMak+64cq5ko5qwp/C4/ahPk8agNAXwRkse4ouRkZh12LLHOmaMlGU6KbnQAI
+MboY4jmK+DbymyjiXNt5Qg9CO/hSshYra+tKcDZzpdLQerTNSew=
+=djpT
+-----END PGP SIGNATURE-----

ImageMagick-CVE-2025-65955.patch

@@ -0,0 +1,23 @@
+From 6f81eb15f822ad86e8255be75efad6f9762c32f8 Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk@lemstra.org>
+Date: Sun, 23 Nov 2025 09:17:29 +0100
+Subject: [PATCH] Correct incorrect free (GHSA-q3hc-j9x5-mp9m)
+
+---
+ Magick++/lib/Options.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Magick++/lib/Options.cpp b/Magick++/lib/Options.cpp
+index c25604558a4..027d54719c3 100644
+--- a/Magick++/lib/Options.cpp
++++ b/Magick++/lib/Options.cpp
+@@ -310,7 +310,7 @@ void Magick::Options::fontFamily(const std::string &family_)
+ {
+   if (family_.length() == 0)
+     {
+-      _drawInfo->family=(char *) RelinquishMagickMemory(_drawInfo->font);
++      _drawInfo->family=(char *) RelinquishMagickMemory(_drawInfo->family);
+       DestroyString(RemoveImageOption(imageInfo(),"family"));
+     }
+   else
+

ImageMagick-CVE-2025-66628.patch

@@ -0,0 +1,25 @@
+From bdae0681ad1e572defe62df85834218f01e6d670 Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk@lemstra.org>
+Date: Tue, 2 Dec 2025 22:49:12 +0100
+Subject: [PATCH] Added extra check to avoid an overflow on 32-bit machines
+ (GHSA-6hjr-v6g4-3fm8)
+
+---
+ coders/tim.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/coders/tim.c b/coders/tim.c
+index db60f32e65a..b87e06d2ceb 100644
+--- a/coders/tim.c
++++ b/coders/tim.c
+@@ -231,7 +231,8 @@ static Image *ReadTIMImage(const ImageInfo *image_info,ExceptionInfo *exception)
+     (void) ReadBlobLSBShort(image);
+     width=ReadBlobLSBShort(image);
+     height=ReadBlobLSBShort(image);
+-    image_size=2*width*height;
++    if (HeapOverflowSanityCheckGetSize(2*width,height,&image_size) != MagickFalse)
++      ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+     if (image_size > GetBlobSize(image))
+       ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
+     bytes_per_line=width*2;
+

ImageMagick-CVE-2025-68618.patch

@@ -0,0 +1,107 @@
+From 6f431d445f3ddd609c004a1dde617b0a73e60beb Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Sun, 21 Dec 2025 12:43:08 -0500
+Subject: [PATCH] 
+ https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637
+
+---
+ coders/msl.c | 24 ++++++++++++++++--------
+ coders/svg.c |  8 +++++++-
+ 2 files changed, 23 insertions(+), 9 deletions(-)
+
+diff --git a/coders/msl.c b/coders/msl.c
+index 2424e9883f0..8ede13b81e4 100644
+--- a/coders/msl.c
++++ b/coders/msl.c
+@@ -120,6 +120,7 @@ typedef struct _MSLInfo
+     *exception;
+ 
+   ssize_t
++    depth,
+     n,
+     number_groups;
+ 
+@@ -328,6 +329,10 @@ static void MSLStartElement(void *context,const xmlChar *tag,
+   RectangleInfo
+     geometry;
+ 
++  size_t
++    height,
++    width;
++
+   ssize_t
+     i,
+     j,
+@@ -336,11 +341,6 @@ static void MSLStartElement(void *context,const xmlChar *tag,
+     x,
+     y;
+ 
+-
+-  size_t
+-    height,
+-    width;
+-
+   xmlParserCtxtPtr
+     parser;
+ 
+@@ -352,6 +352,13 @@ static void MSLStartElement(void *context,const xmlChar *tag,
+   exception=AcquireExceptionInfo();
+   parser=(xmlParserCtxtPtr) context;
+   msl_info=(MSLInfo *) parser->_private;
++  if (msl_info->depth++ >= MagickMaxRecursionDepth)
++    {        
++      (void) ThrowMagickException(msl_info->exception,GetMagickModule(),
++        DrawError,"VectorGraphicsNestedTooDeeply","`%s'",tag);
++      xmlStopParser((xmlParserCtxtPtr) context);
++      return;
++    }
+   n=msl_info->n;
+   keyword=(const char *) NULL;
+   value=(char *) NULL;
+@@ -7057,15 +7064,15 @@ static void MSLStartElement(void *context,const xmlChar *tag,
+ 
+ static void MSLEndElement(void *context,const xmlChar *tag)
+ {
+-  ssize_t
+-    n;
+-
+   MSLInfo
+     *msl_info;
+ 
+   xmlParserCtxtPtr
+     parser;
+ 
++  ssize_t
++    n;
++
+   /*
+     Called when the end of an element has been detected.
+   */
+@@ -7158,6 +7165,7 @@ static void MSLEndElement(void *context,const xmlChar *tag)
+   }
+   if (msl_info->content != (char *) NULL)
+     msl_info->content=DestroyString(msl_info->content);
++  msl_info->depth--;
+ }
+ 
+ static void MSLCharacters(void *context,const xmlChar *c,int length)
+diff --git a/coders/svg.c b/coders/svg.c
+index ed662770d23..5d042cce85f 100644
+--- a/coders/svg.c
++++ b/coders/svg.c
+@@ -1250,7 +1250,13 @@ static void SVGStartElement(void *context,const xmlChar *name,
+     name);
+   parser=(xmlParserCtxtPtr) context;
+   svg_info=(SVGInfo *) parser->_private;
+-  svg_info->n++;
++  if (svg_info->n++ > MagickMaxRecursionDepth)
++    {
++      (void) ThrowMagickException(svg_info->exception,GetMagickModule(),
++        DrawError,"VectorGraphicsNestedTooDeeply","`%s'",name);
++      xmlStopParser((xmlParserCtxtPtr) context);
++      return;
++    }
+   svg_info->scale=(double *) ResizeQuantumMemory(svg_info->scale,(size_t)
+     svg_info->n+1,sizeof(*svg_info->scale));
+   if (svg_info->scale == (double *) NULL)
+

ImageMagick-CVE-2025-68950.patch

@@ -0,0 +1,23 @@
+From 204718c2211903949dcfc0df8e65ed066b008dec Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Fri, 26 Dec 2025 11:22:12 -0500
+Subject: [PATCH] 
+ https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7rvh-xqp3-pr8j
+
+---
+ MagickCore/draw.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/MagickCore/draw.c b/MagickCore/draw.c
+index efa1b232661..2cdedaffa75 100644
+--- a/MagickCore/draw.c
++++ b/MagickCore/draw.c
+@@ -5701,6 +5701,7 @@ MagickExport MagickBooleanType DrawPrimitive(Image *image,
+               if ((LocaleCompare(clone_info->magick,"ftp") != 0) &&
+                   (LocaleCompare(clone_info->magick,"http") != 0) &&
+                   (LocaleCompare(clone_info->magick,"https") != 0) &&
++                  (LocaleCompare(clone_info->magick,"mvg") != 0) &&
+                   (LocaleCompare(clone_info->magick,"vid") != 0))
+                 composite_images=ReadImage(clone_info,exception);
+               else
+

ImageMagick-CVE-2025-69204.patch

@@ -0,0 +1,69 @@
+From 2c08c2311693759153c9aa99a6b2dcb5f985681e Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Sat, 27 Dec 2025 14:37:23 -0500
+Subject: [PATCH] 
+ https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hrh7-j8q2-4qcw
+
+---
+ coders/svg.c | 27 ++++++++++++++++++++++-----
+ 1 file changed, 22 insertions(+), 5 deletions(-)
+
+diff --git a/coders/svg.c b/coders/svg.c
+index 5d042cce85f..4ffb7d93e9d 100644
+--- a/coders/svg.c
++++ b/coders/svg.c
+@@ -1250,13 +1250,14 @@ static void SVGStartElement(void *context,const xmlChar *name,
+     name);
+   parser=(xmlParserCtxtPtr) context;
+   svg_info=(SVGInfo *) parser->_private;
+-  if (svg_info->n++ > MagickMaxRecursionDepth)
++  if (svg_info->n >= MagickMaxRecursionDepth)
+     {
+       (void) ThrowMagickException(svg_info->exception,GetMagickModule(),
+         DrawError,"VectorGraphicsNestedTooDeeply","`%s'",name);
+       xmlStopParser((xmlParserCtxtPtr) context);
+       return;
+     }
++  svg_info->n++;
+   svg_info->scale=(double *) ResizeQuantumMemory(svg_info->scale,(size_t)
+     svg_info->n+1,sizeof(*svg_info->scale));
+   if (svg_info->scale == (double *) NULL)
+@@ -4719,17 +4720,33 @@ static MagickBooleanType WriteSVGImage(const ImageInfo *image_info,Image *image,
+       }
+       case PathPrimitive:
+       {
+-        int
+-          number_attributes;
++        size_t
++          number_attributes,
++          quantum;
+ 
+         (void) GetNextToken(q,&q,extent,token);
+         number_attributes=1;
+         for (p=token; *p != '\0'; p++)
+           if (isalpha((int) ((unsigned char) *p)) != 0)
+             number_attributes++;
+-        if (i > ((ssize_t) number_points-6*BezierQuantum*number_attributes-1))
++        if ((6*BezierQuantum) >= (MAGICK_SSIZE_MAX/number_attributes))
+           {
+-            number_points+=(size_t) (6*BezierQuantum*number_attributes);
++            (void) ThrowMagickException(exception,GetMagickModule(),
++              ResourceLimitError,"MemoryAllocationFailed","`%s'",
++              image->filename);
++            break;
++          }
++        quantum=(size_t) 6*BezierQuantum*number_attributes;
++        if (number_points >= (MAGICK_SSIZE_MAX-quantum))
++          {
++            (void) ThrowMagickException(exception,GetMagickModule(),
++              ResourceLimitError,"MemoryAllocationFailed","`%s'",
++              image->filename);
++            break;
++          }
++        if (i > (ssize_t) (number_points-quantum-1))
++          {
++            number_points+=(size_t) quantum;
+             primitive_info=(PrimitiveInfo *) ResizeQuantumMemory(primitive_info,
+               number_points,sizeof(*primitive_info));
+             if (primitive_info == (PrimitiveInfo *) NULL)
+

ImageMagick-configuration-SUSE.patch

@@ -1,5 +1,6 @@
---- ImageMagick-7.1.1-30/config/policy.xml
-+++ ImageMagick-7.1.1-30/config/policy.xml
+diff -ur ImageMagick-7.1.2-8_fix/config/policy-secure.xml ImageMagick-7.1.2-8_fix2/config/policy-secure.xml
+--- ImageMagick-7.1.2-8/config/policy-secure.xml	2025-11-06 15:30:11.995056081 +0100
++++ ImageMagick-7.1.2-8_fix/config/policy-secure.xml	2025-11-06 15:46:05.605527563 +0100
 @@ -62,7 +62,7 @@
    <policy domain="resource" name="disk" value="1GiB"/>
    <!-- Set the maximum length of an image sequence.  When this limit is
@@ -9,7 +10,7 @@
    <!-- Set the maximum width of an image.  When this limit is exceeded, an
         exception is thrown. -->
    <policy domain="resource" name="width" value="8KP"/>
-@@ -83,11 +83,11 @@
+@@ -85,11 +85,11 @@
    <!-- Replace passphrase for secure distributed processing -->
    <!-- <policy domain="cache" name="shared-secret" value="secret-passphrase" stealth="true"/> -->
    <!-- Do not permit any delegates to execute. -->
@@ -22,8 +23,8 @@
 +  <!--policy domain="path" rights="none" pattern="-"/ -->
    <!-- don't read sensitive paths. -->
    <policy domain="path" rights="none" pattern="/etc/*"/>
-   <!-- Indirect reads are not permitted. -->
-@@ -103,4 +103,20 @@
+   <!-- but allow to read own data. -->
+@@ -107,4 +107,20 @@
    <!-- Set the maximum amount of memory in bytes that are permitted for
         allocation requests. -->
    <policy domain="system" name="max-memory-request" value="256MiB"/>
@@ -44,4 +45,3 @@
 +  <policy domain="coder" rights="write" pattern="XPS" />
 +  <policy domain="coder" rights="write" pattern="PCL" />
  </policymap>
-

ImageMagick-library-installable-in-parallel.patch

@@ -1,8 +1,8 @@
-Index: ImageMagick-7.1.2-0/configure
+Index: ImageMagick-7.1.2-3/configure
 ===================================================================
---- ImageMagick-7.1.2-0.orig/configure
-+++ ImageMagick-7.1.2-0/configure
-@@ -37225,7 +37225,9 @@ fi
+--- ImageMagick-7.1.2-3.orig/configure
++++ ImageMagick-7.1.2-3/configure
+@@ -37237,7 +37237,9 @@ fi
  
  
  # Subdirectory to place architecture-dependent configuration files

ImageMagick.changes

@@ -1,3 +1,100 @@
+-------------------------------------------------------------------
+Tue Jan  6 14:56:00 UTC 2026 - Petr Gajdos <pgajdos@suse.com>
+
+- security update
+- added patches
+  CVE-2025-68618 [bsc#1255821], read a malicious SVG file may result in a DoS attack
+  * ImageMagick-CVE-2025-68618.patch
+  CVE-2025-68950 [bsc#1255822], check for circular references in mvg files may lead to stack overflow
+  * ImageMagick-CVE-2025-68950.patch
+  CVE-2025-69204 [bsc#1255823], an integer overflow can lead to a DoS attack
+  * ImageMagick-CVE-2025-69204.patch
+
+-------------------------------------------------------------------
+Fri Dec 12 09:09:26 UTC 2025 - Petr Gajdos <pgajdos@suse.com>
+
+- security update
+- added patches
+  CVE-2025-66628 [bsc#1254820], ImageMagick Integer Overflow leading to out of bounds read (32-bit only)
+  * ImageMagick-CVE-2025-66628.patch
+
+-------------------------------------------------------------------
+Wed Dec 10 14:33:36 UTC 2025 - Petr Gajdos <pgajdos@suse.com>
+
+- security update
+- added patches
+  CVE-2025-65955 [bsc#1254435], ImageMagick use-after-free/double-free
+  * ImageMagick-CVE-2025-65955.patch
+
+-------------------------------------------------------------------
+Thu Nov  6 14:37:08 UTC 2025 - Dirk Stoecker <opensuse@dstoecker.de>
+
+- fix policy to allow own configuration file reads (ImageMagick_policy_etc.patch)
+  adapt ImageMagick-configuration-SUSE.patch and reorder patch handling
+
+-------------------------------------------------------------------
+Wed Oct 29 14:15:50 UTC 2025 - pgajdos@suse.com
+
+- version update to 7.1.2.8
+  * fixes GHSA-wpp4-vqfq-v4hp (CVE-2025-62594 [bsc#1252749])
+
+-------------------------------------------------------------------
+Mon Oct 20 10:33:08 UTC 2025 - pgajdos@suse.com
+
+- version update to 7.1.2.7
+  * fixes GHSA-9pp9-cfwx-54rm (CVE-2025-62171 [bsc#1252282])
+  * otherwise no upstream changelog, see
+    https://github.com/ImageMagick/ImageMagick/compare/7.1.2-2..7.1.2-7
+
+-------------------------------------------------------------------
+Tue Sep  9 12:37:21 UTC 2025 - pgajdos@suse.com
+
+- version update to 7.1.2.3
+  * fixes GHSA-23hg-53q6-hqfg CVE-2025-57807 [bsc#1249362]
+  * Close the blob so we can re-open it again (#8327)
+- modified patches
+  % ImageMagick-library-installable-in-parallel.patch (refreshed)
+
+-------------------------------------------------------------------
+Mon Aug 25 20:23:06 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
+
+- version update to 7.1.2.2
+  * Fix infinite loop when decoding JXL with -limit height/width by
+    @Elvyria in #8303
+  * Bump actions/checkout from 4 to 5 by @dependabot[bot] in #8304
+  * cache.c: Fix unused function warning by @Dave-Allured in #8309
+- fixes
+    CVE-2025-55298 [bsc#1248780]
+    CVE-2025-57803 [bsc#1248784]
+    CVE-2025-55212 [bsc#1248767]
+
+-------------------------------------------------------------------
+Wed Aug 20 09:11:08 UTC 2025 - pgajdos@suse.com
+
+- version update to 7.1.2.1
+  * Add support for Simple File Format Family (SF3) images by @Shinmera in #8243
+  * Fix validation issues in SF3 by @Shinmera in #8252
+  * Fix compressed exr reading by @Hadsen in #8285
+  * Use OpenMP in ashlar by @yerlotic in #8288
+  * Bump actions/download-artifact from 4 to 5 by @dependabot[bot] in #8296
+- modified patches
+  % ImageMagick-library-installable-in-parallel.patch
+- removed patches
+  - ImageMagick-filename-placeholder-regression-1.patch (upstreamed)
+  - ImageMagick-filename-placeholder-regression-2.patch (upstreamed)
+  - ImageMagick-filename-placeholder-regression-3.patch (upstreamed)
+- fixes
+   CVE-2025-55160 [bsc#1248079], CVE-2025-55004 [bsc#1248076]
+   CVE-2025-55154 [bsc#1248078], CVE-2025-55005 [bsc#1248077]
+
+-------------------------------------------------------------------
+Tue Aug  5 10:55:19 UTC 2025 - pgajdos@suse.com
+
+- added patches [bsc#1247475]
+  + ImageMagick-filename-placeholder-regression-1.patch
+  + ImageMagick-filename-placeholder-regression-2.patch
+  + ImageMagick-filename-placeholder-regression-3.patch
+
 -------------------------------------------------------------------
 Tue Jul 15 11:36:19 UTC 2025 - pgajdos@suse.com
 
@@ -4870,4 +4967,3 @@ Tue Nov 11 16:08:36 MET 1997 - ro@suse.de
 Mon Nov  3 17:49:58 MET 1997 - ro@suse.de
 
 - ready for autobuild
-

ImageMagick.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package ImageMagick
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -21,7 +21,7 @@
 %define debug_build    0
 %define asan_build     0
 %define mfr_version    7.1.2
-%define mfr_revision   0
+%define mfr_revision   8
 %define quantum_depth  16
 %define source_version %{mfr_version}-%{mfr_revision}
 %define clibver        10
@@ -30,7 +30,7 @@
 %define libspec        -7_Q%{quantum_depth}HDRI
 %define config_dir     IM-7
 %define test_verbose   1
-# bsc#1088463
+# bsc#1088463, https://github.com/ImageMagick/ImageMagick/issues/8261
 %define urw_base35_fonts 0
 # do/don't pull djvulibre dependency
 %bcond_without djvu
@@ -46,10 +46,24 @@ Source0:        https://imagemagick.org/archive/releases/ImageMagick-%{source_ve
 Source1:        baselibs.conf
 Source2:        https://imagemagick.org/archive/releases/ImageMagick-%{source_version}.tar.xz.asc
 Source3:        ImageMagick.keyring
-# suse specific patches
-Patch0:         ImageMagick-configuration-SUSE.patch
+# do not block read access to own config files
+Patch0:         ImageMagick_policy_etc.patch
+# SUSE configuration
+Patch1:         ImageMagick-configuration-SUSE.patch
+# library installation
 Patch2:         ImageMagick-library-installable-in-parallel.patch
+# disable failing tests
 Patch5:         ImageMagick-s390x-disable-tests.patch
+# CVE-2025-65955 [bsc#1254435], ImageMagick use-after-free/double-free
+Patch6:         ImageMagick-CVE-2025-65955.patch
+# CVE-2025-66628 [bsc#1254820], ImageMagick Integer Overflow leading to out of bounds read (32-bit only)
+Patch7:         ImageMagick-CVE-2025-66628.patch
+# CVE-2025-68618 [bsc#1255821], read a malicious SVG file may result in a DoS attack
+Patch8:         ImageMagick-CVE-2025-68618.patch
+# CVE-2025-68950 [bsc#1255822], check for circular references in mvg files may lead to stack overflow
+Patch9:         ImageMagick-CVE-2025-68950.patch
+# CVE-2025-69204 [bsc#1255823], an integer overflow can lead to a DoS attack
+Patch10:         ImageMagick-CVE-2025-69204.patch
 
 BuildRequires:  chrpath
 BuildRequires:  dejavu-fonts
@@ -258,10 +272,19 @@ policy plus disable few other coders for reading and/or writing.
 
 %prep
 %setup -q -n ImageMagick-%{source_version}
+%patch -P 0 -p1
+# default policy (SUSE)
+cp config/policy-secure.xml config/policy.xml
+%patch -P 1 -p1
 %patch -P 2 -p1
 %ifarch s390x
 %patch -P 5 -p1
 %endif
+%patch -P 6 -p1
+%patch -P 7 -p1
+%patch -P 8 -p1
+%patch -P 9 -p1
+%patch -P 10 -p1
 
 %build
 # bsc#1088463
@@ -359,9 +382,6 @@ cd ..
 
 %install
 %make_install pkgdocdir=%{_defaultdocdir}/ImageMagick-7/
-# default policy (SUSE)
-cp config/policy-secure.xml config/policy.xml
-patch --fuzz=0 -p1 < %{PATCH0}
 cp config/policy.xml %{buildroot}%{_sysconfdir}/%{config_dir}
 # symlink header file relative to /usr/include/ImageMagick-7/
 # so that inclusions like wand/*.h and magick/*.h work

ImageMagick_policy_etc.patch

@@ -0,0 +1,48 @@
+diff -ur ImageMagick-7.1.2-8/config/policy-limited.xml ImageMagick-7.1.2-8_fix/config/policy-limited.xml
+--- ImageMagick-7.1.2-8/config/policy-limited.xml	2025-10-26 12:54:38.000000000 +0100
++++ ImageMagick-7.1.2-8_fix/config/policy-limited.xml	2025-11-06 15:30:05.385948863 +0100
+@@ -82,6 +82,8 @@
+   <!-- <policy domain="path" rights="none" pattern="-"/> -->
+   <!-- don't read sensitive paths. -->
+   <policy domain="path" rights="none" pattern="/etc/*"/>
++  <!-- but allow to read own data. -->
++  <policy domain="path" rights="read" pattern="/etc/IM*"/>
+   <!-- Indirect reads are not permitted. -->
+   <policy domain="path" rights="none" pattern="@*"/>
+   <!-- These image types are security risks on read, but write is fine -->
+diff -ur ImageMagick-7.1.2-8/config/policy-open.xml ImageMagick-7.1.2-8_fix/config/policy-open.xml
+--- ImageMagick-7.1.2-8/config/policy-open.xml	2025-10-26 12:54:38.000000000 +0100
++++ ImageMagick-7.1.2-8_fix/config/policy-open.xml	2025-11-06 15:30:28.217319267 +0100
+@@ -137,6 +137,8 @@
+   <!-- <policy domain="path" rights="none" pattern="-"/> -->
+   <!-- don't read sensitive paths. -->
+   <!-- <policy domain="path" rights="none" pattern="/etc/*"/> -->
++  <!-- but allow to read own data. -->
++  <!-- <policy domain="path" rights="read" pattern="/etc/IM*"/> -->
+   <!-- Indirect reads are not permitted. -->
+   <!-- <policy domain="path" rights="none" pattern="@*"/> -->
+   <!-- These image types are security risks on read, but write is fine -->
+diff -ur ImageMagick-7.1.2-8/config/policy-secure.xml ImageMagick-7.1.2-8_fix/config/policy-secure.xml
+--- ImageMagick-7.1.2-8/config/policy-secure.xml	2025-10-26 12:54:38.000000000 +0100
++++ ImageMagick-7.1.2-8_fix/config/policy-secure.xml	2025-11-06 15:30:11.995056081 +0100
+@@ -92,6 +92,8 @@
+   <policy domain="path" rights="none" pattern="-"/>
+   <!-- don't read sensitive paths. -->
+   <policy domain="path" rights="none" pattern="/etc/*"/>
++  <!-- but allow to read own data. -->
++  <policy domain="path" rights="read" pattern="/etc/IM*"/>
+   <!-- Indirect reads are not permitted. -->
+   <policy domain="path" rights="none" pattern="@*"/>
+   <!-- These image types are security risks on read, but write is fine -->
+diff -ur ImageMagick-7.1.2-8/config/policy-websafe.xml ImageMagick-7.1.2-8_fix/config/policy-websafe.xml
+--- ImageMagick-7.1.2-8/config/policy-websafe.xml	2025-10-26 12:54:38.000000000 +0100
++++ ImageMagick-7.1.2-8_fix/config/policy-websafe.xml	2025-11-06 15:29:57.094814346 +0100
+@@ -88,6 +88,8 @@
+   <policy domain="path" rights="none" pattern="-"/>
+   <!-- don't read sensitive paths. -->
+   <policy domain="path" rights="none" pattern="/etc/*"/>
++  <!-- but allow to read own data. -->
++  <policy domain="path" rights="read" pattern="/etc/IM*"/>
+   <!-- Indirect reads are not permitted. -->
+   <policy domain="path" rights="none" pattern="@*"/>
+   <!-- Deny all image modules and specifically exempt reading or writing