pool/ImageMagick
SHA256
11
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

base: pool:factory
Branches Tags
pool:factory pool:slfo-1.2 pool:devel pool:slfo-main
..
compare: pool:slfo-1.2
Branches Tags
pool:factory pool:slfo-1.2 pool:devel pool:slfo-main

1 Commits
factory ... slfo-1.2

Author SHA256 Message Date
Petr Gajdos
62e38932f6 https://build.suse.de/request/show/387454 2025-08-22 14:07:17 +02:00
14 changed files with 697 additions and 57 deletions
Expand all files Collapse all files

BIN
ImageMagick-7.1.2-0.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

16
ImageMagick-7.1.2-0.tar.xz.asc Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmhzpugACgkQiatj1IJ3
N3oAxg/+LGUZrTHB3ZHWWHZuL7aTDbWTyZVeCkV7ATnx0fysNsAijQE3F1ZWRXA9
F8thN4POBodTtLo1WT4txSe15xkgspl/zcBceREtmvnukTLMhxqeh+7puW4ymgso
UXuwH+ACHK7eTTIMFe57R3cjJYQiVVJ3VfGpa5T9kqHUFY2QR0R1irnsIBIO0Svu
Xhf4ruxoEmAPqNPeR4SH+XfivrMflm2OXUlTmGJz8eiCs9Q2CLi6UzXadllYN8qj
i7nBKW6QfWRl1GktwCdNQ5V8by6LbZbH5a+ns+7txyFd73IGIzO69izR6ZTpz+0Z
haW+TqXlvX36w/QFbKkXzNzHRq5R708uE60htURdP5nKdPsmpuXUK32shNhQv349
V6z7NxwVVkkvvgVn9c8cXr1BAF//X0WnaXNQqEpggDBYc8wEio+JoS0WwAzoWuSL
v/oBKQQHB57hUgwGs1TvDzEAx5rDdU/CJf60kfcwMT1ep7Xo7egvFcaXacRmUSsj
IFWE3GXtXGrcK6QEqv90YbLSbdTW4Li8lWQVd6ZGilfoLLuTwSbVwoEYfdZxvAdy
PYTgSHzN/v09hn3T4yvQilV2xG8HD8wHr6nnb2EBQX5Nm2ZviUdUdMo4xQeZnhZd
UafoFf9TK8QoPSQeEYoSIwjuixBHrNuEgNKd1+Lch01K04Xdi+M=
=cMIz
-----END PGP SIGNATURE-----

3
ImageMagick-7.1.2-2.tar.xz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d264a2698f08bad4d261bccbb63413292570e94c0ba506f8368a9fea9613542d
size 10788164

16
ImageMagick-7.1.2-2.tar.xz.asc
View File

@@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmirLi4ACgkQiatj1IJ3
N3ou8xAAnzzqSBaD+uysz4G3dlvdIryCCkXj2e/fUhQ8CA7PVTcaQ6vSc1JQ395O
gYj56Hx2Syrrasu+W2V4yb5NyHuDsm8BTnRuuL8LMRk6kZi0txnMlO3AMoGEKjAq
yjBX2WjJJCkQAuOjQU5RSD5y06kJHaWgdNd7rmYez6XrdehnpmGsDMwiNF2pEaYW
PVz3P5616ctuXHtmacmc7ecS7bmWQb7Z+9B4pSMK9m5Tk90a8YWuGhOxhzxC65M6
gCUEFknSRvXJ65uncwa8nQ6LkfNLx2cXfY0/b+XZQuJbsAhxbzcMCo8MhHlEn/Pv
YVzVv6JHJMyTXGsXm6F3poSJ4U1tww18dL3IoWTf76fbeppeN4YZfaO8jui6pyrW
T2/etLyelXH/y9iDX2nraE0sopbYzdTsfyYmiSfOoapB3HRcS6vstl4dShnU/pEf
KKBjDH+kfnNop2/H5h4lb2tolajjgY70ppOSIU3FZ/asHGffXuoj6ut5ki7mdXBG
zY0Qq2BpATzMrotJVNqKsw95/h2WBkSv1+ODwhobGcIr87QgXa2391u/lTSbslob
nllesc0KIoVIUpNaVM7WeWLNQa8/8znbeDYX2KjPUZAFo3+eaqsDWKv+LRVZoBpa
lfOt1vAswc0UAwIrxWN2A45q5ICKb+kixsOW7tVFowP2pEg+4dM=
=M+9N
-----END PGP SIGNATURE-----

63
ImageMagick-CVE-2025-55004.patch Normal file
View File

@@ -0,0 +1,63 @@
From 55d97055e00a7bc7ae2776c99824002fbb4a72aa Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Thu, 7 Aug 2025 19:14:00 -0400
Subject: [PATCH]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw
---
coders/png.c | 33 ++++++++++-----------------------
1 file changed, 10 insertions(+), 23 deletions(-)
diff --git a/coders/png.c b/coders/png.c
index 5f3d33a4206..f7ae779b2fe 100644
--- a/coders/png.c
+++ b/coders/png.c
@@ -4791,37 +4791,24 @@ static Image *ReadOneJNGImage(MngReadInfo *mng_info,
jng_image=ReadImage(alpha_image_info,exception);
if (jng_image != (Image *) NULL)
- for (y=0; y < (ssize_t) image->rows; y++)
{
- s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception);
- q=GetAuthenticPixels(image,0,y,image->columns,1,exception);
- if ((s == (const Quantum *) NULL) || (q == (Quantum *) NULL))
- break;
+ image->alpha_trait=BlendPixelTrait;
+ for (y=0; y < (ssize_t) image->rows; y++)
+ {
+ s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception);
+ q=GetAuthenticPixels(image,0,y,image->columns,1,exception);
+ if ((s == (const Quantum *) NULL) || (q == (Quantum *) NULL))
+ break;
- if (image->alpha_trait != UndefinedPixelTrait)
for (x=(ssize_t) image->columns; x != 0; x--)
{
SetPixelAlpha(image,GetPixelRed(jng_image,s),q);
q+=(ptrdiff_t) GetPixelChannels(image);
s+=(ptrdiff_t) GetPixelChannels(jng_image);
}
-
- else
- for (x=(ssize_t) image->columns; x != 0; x--)
- {
- Quantum
- alpha;
-
- alpha=GetPixelRed(jng_image,s);
- SetPixelAlpha(image,alpha,q);
- if (alpha != OpaqueAlpha)
- image->alpha_trait=BlendPixelTrait;
- q+=(ptrdiff_t) GetPixelChannels(image);
- s+=(ptrdiff_t) GetPixelChannels(jng_image);
- }
-
- if (SyncAuthenticPixels(image,exception) == MagickFalse)
- break;
+ if (SyncAuthenticPixels(image,exception) == MagickFalse)
+ break;
+ }
}
(void) RelinquishUniqueFileResource(alpha_image->filename);
alpha_image=DestroyImageList(alpha_image);

32
ImageMagick-CVE-2025-55005.patch Normal file
View File

@@ -0,0 +1,32 @@
From b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Thu, 7 Aug 2025 22:05:10 -0400
Subject: [PATCH]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp
---
MagickCore/colorspace.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c
index 7ac78a683d8..4b4866a60e4 100644
--- a/MagickCore/colorspace.c
+++ b/MagickCore/colorspace.c
@@ -2420,10 +2420,16 @@ static MagickBooleanType TransformsRGBImage(Image *image,
value=GetImageProperty(image,"reference-black",exception);
if (value != (const char *) NULL)
reference_black=StringToDouble(value,(char **) NULL);
+ if (reference_black > 1024.0)
+ reference_black=1024.0;
reference_white=ReferenceWhite;
value=GetImageProperty(image,"reference-white",exception);
if (value != (const char *) NULL)
reference_white=StringToDouble(value,(char **) NULL);
+ if (reference_white > 1024.0)
+ reference_white=1024.0;
+ if (reference_black > reference_white)
+ reference_black=reference_white;
logmap=(Quantum *) AcquireQuantumMemory((size_t) MaxMap+1UL,
sizeof(*logmap));
if (logmap == (Quantum *) NULL)

75
ImageMagick-CVE-2025-55154.patch Normal file
View File

@@ -0,0 +1,75 @@
Index: ImageMagick-7.1.2-0/coders/png.c
===================================================================
--- ImageMagick-7.1.2-0.orig/coders/png.c
+++ ImageMagick-7.1.2-0/coders/png.c
@@ -6403,7 +6403,7 @@ static Image *ReadOneMNGImage(MngReadInf
if (((mng_info->magn_methx > 0) && (mng_info->magn_methx <= 5)) &&
((mng_info->magn_methy > 0) && (mng_info->magn_methy <= 5)))
{
- png_uint_32
+ size_t
magnified_height,
magnified_width;
@@ -6417,19 +6417,19 @@ static Image *ReadOneMNGImage(MngReadInf
mng_info->magn_methy = 1;
if (mng_info->magn_methx == 1)
{
- magnified_width=mng_info->magn_ml;
+ magnified_width=(size_t) mng_info->magn_ml;
if (image->columns > 1)
magnified_width += mng_info->magn_mr;
if (image->columns > 2)
- magnified_width += (png_uint_32)
+ magnified_width += (size_t)
((image->columns-2)*(mng_info->magn_mx));
}
else
{
- magnified_width=(png_uint_32) image->columns;
+ magnified_width=(size_t) image->columns;
if (image->columns > 1)
magnified_width += mng_info->magn_ml-1;
@@ -6438,25 +6438,25 @@ static Image *ReadOneMNGImage(MngReadInf
magnified_width += mng_info->magn_mr-1;
if (image->columns > 3)
- magnified_width += (png_uint_32)
+ magnified_width += (size_t)
((image->columns-3)*(mng_info->magn_mx-1));
}
if (mng_info->magn_methy == 1)
{
- magnified_height=mng_info->magn_mt;
+ magnified_height=(size_t) mng_info->magn_mt;
if (image->rows > 1)
magnified_height += mng_info->magn_mb;
if (image->rows > 2)
- magnified_height += (png_uint_32)
+ magnified_height += (size_t)
((image->rows-2)*(mng_info->magn_my));
}
else
{
- magnified_height=(png_uint_32) image->rows;
+ magnified_height=(size_t) image->rows;
if (image->rows > 1)
magnified_height += mng_info->magn_mt-1;
@@ -6465,7 +6465,7 @@ static Image *ReadOneMNGImage(MngReadInf
magnified_height += mng_info->magn_mb-1;
if (image->rows > 3)
- magnified_height += (png_uint_32)
+ magnified_height += (size_t)
((image->rows-3)*(mng_info->magn_my-1));
}

157
ImageMagick-CVE-2025-55160.patch Normal file
View File

@@ -0,0 +1,157 @@
From 63d8769dd6a8f32f4096c71be9e08a2c081e47da Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 10 Aug 2025 08:28:28 -0400
Subject: [PATCH]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x
---
MagickCore/artifact.c | 17 ++++++++++++++++-
MagickCore/option.c | 17 ++++++++++++++++-
MagickCore/profile.c | 19 ++++++++++++++++++-
MagickCore/property.c | 18 ++++++++++++++++--
4 files changed, 66 insertions(+), 5 deletions(-)
diff --git a/MagickCore/artifact.c b/MagickCore/artifact.c
index dae6aaaf0b1..764ef75a44b 100644
--- a/MagickCore/artifact.c
+++ b/MagickCore/artifact.c
@@ -99,6 +99,21 @@
% o clone_image: the source image for artifacts to clone.
%
*/
+
+typedef char
+ *(*CloneKeyFunc)(const char *),
+ *(*CloneValueFunc)(const char *);
+
+static inline void *CloneArtifactKey(void *key)
+{
+ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
+}
+
+static inline void *CloneArtifactValue(void *value)
+{
+ return((void *) ((CloneValueFunc) ConstantString)((const char *) value));
+}
+
MagickExport MagickBooleanType CloneImageArtifacts(Image *image,
const Image *clone_image)
{
@@ -117,7 +132,7 @@ MagickExport MagickBooleanType CloneImageArtifacts(Image *image,
if (image->artifacts != (void *) NULL)
DestroyImageArtifacts(image);
image->artifacts=CloneSplayTree((SplayTreeInfo *) clone_image->artifacts,
- (void *(*)(void *)) ConstantString,(void *(*)(void *)) ConstantString);
+ CloneArtifactKey,CloneArtifactValue);
}
return(MagickTrue);
}
diff --git a/MagickCore/option.c b/MagickCore/option.c
index 621b0f9b26d..f844f44d6af 100644
--- a/MagickCore/option.c
+++ b/MagickCore/option.c
@@ -2361,6 +2361,21 @@ static const OptionInfo
% o clone_info: the source image info for options to clone.
%
*/
+
+typedef char
+ *(*CloneKeyFunc)(const char *),
+ *(*CloneValueFunc)(const char *);
+
+static inline void *CloneOptionKey(void *key)
+{
+ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
+}
+
+static inline void *CloneOptionValue(void *value)
+{
+ return((void *) ((CloneValueFunc) ConstantString)((const char *) value));
+}
+
MagickExport MagickBooleanType CloneImageOptions(ImageInfo *image_info,
const ImageInfo *clone_info)
{
@@ -2376,7 +2391,7 @@ MagickExport MagickBooleanType CloneImageOptions(ImageInfo *image_info,
if (image_info->options != (void *) NULL)
DestroyImageOptions(image_info);
image_info->options=CloneSplayTree((SplayTreeInfo *) clone_info->options,
- (void *(*)(void *)) ConstantString,(void *(*)(void *)) ConstantString);
+ CloneOptionKey,CloneOptionValue);
}
return(MagickTrue);
}
diff --git a/MagickCore/profile.c b/MagickCore/profile.c
index fac191845f1..8e38b301bb1 100644
--- a/MagickCore/profile.c
+++ b/MagickCore/profile.c
@@ -143,6 +143,23 @@ typedef struct _CMSExceptionInfo
% o clone_image: the clone image.
%
*/
+
+typedef char
+ *(*CloneKeyFunc)(const char *);
+
+typedef StringInfo
+ *(*CloneValueFunc)(const StringInfo *);
+
+static inline void *CloneProfileKey(void *key)
+{
+ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
+}
+
+static inline void *CloneProfileValue(void *value)
+{
+ return((void *) ((CloneValueFunc) CloneStringInfo)((const StringInfo *) value));
+}
+
MagickExport MagickBooleanType CloneImageProfiles(Image *image,
const Image *clone_image)
{
@@ -157,7 +174,7 @@ MagickExport MagickBooleanType CloneImageProfiles(Image *image,
if (image->profiles != (void *) NULL)
DestroyImageProfiles(image);
image->profiles=CloneSplayTree((SplayTreeInfo *) clone_image->profiles,
- (void *(*)(void *)) ConstantString,(void *(*)(void *)) CloneStringInfo);
+ CloneProfileKey,CloneProfileValue);
}
return(MagickTrue);
}
diff --git a/MagickCore/property.c b/MagickCore/property.c
index 09ae365dfa2..976ca34d70a 100644
--- a/MagickCore/property.c
+++ b/MagickCore/property.c
@@ -131,6 +131,21 @@
% o clone_image: the clone image.
%
*/
+
+typedef char
+ *(*CloneKeyFunc)(const char *),
+ *(*CloneValueFunc)(const char *);
+
+static inline void *ClonePropertyKey(void *key)
+{
+ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
+}
+
+static inline void *ClonePropertyValue(void *value)
+{
+ return((void *) ((CloneValueFunc) ConstantString)((const char *) value));
+}
+
MagickExport MagickBooleanType CloneImageProperties(Image *image,
const Image *clone_image)
{
@@ -195,8 +210,7 @@ MagickExport MagickBooleanType CloneImageProperties(Image *image,
if (image->properties != (void *) NULL)
DestroyImageProperties(image);
image->properties=CloneSplayTree((SplayTreeInfo *)
- clone_image->properties,(void *(*)(void *)) ConstantString,
- (void *(*)(void *)) ConstantString);
+ clone_image->properties,ClonePropertyKey,ClonePropertyValue);
}
return(MagickTrue);
}

198
ImageMagick-filename-placeholder-regression-1.patch Normal file
View File

@@ -0,0 +1,198 @@
From 82550750ec8f79393b381c3ed349dd495bbab8a7 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sat, 19 Jul 2025 13:40:30 -0400
Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/8261
---
MagickCore/image.c | 134 +++++++++++++++++++--------------------------
1 file changed, 55 insertions(+), 79 deletions(-)
diff --git a/MagickCore/image.c b/MagickCore/image.c
index b646df17041..2f859d14208 100644
--- a/MagickCore/image.c
+++ b/MagickCore/image.c
@@ -1651,34 +1651,41 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
ExceptionInfo *exception)
{
char
- *q;
+ *p = filename,
+ pattern[MagickPathExtent];
const char
- *p;
-
- int
- c;
-
- MagickBooleanType
- canonical;
-
- ssize_t
- offset;
+ *cursor = format;
- canonical=MagickFalse;
- offset=0;
+ /*
+ Start with a copy of the format string.
+ */
(void) CopyMagickString(filename,format,MagickPathExtent);
if (IsStringTrue(GetImageOption(image_info,"filename:literal")) != MagickFalse)
return(strlen(filename));
- for (p=strchr(format,'%'); p != (char *) NULL; p=strchr(p+1,'%'))
+ while ((cursor=strchr(cursor,'%')) != (const char *) NULL)
{
- q=(char *) p+1;
- if (*q == '%')
+ const char
+ *q = cursor;
+
+ ssize_t
+ offset = (ssize_t) (cursor-format);
+
+ cursor++; /* move past '%' */
+ if (*cursor == '%')
{
- p++;
+ /*
+ Escaped %%.
+ */
+ cursor++;
continue;
}
- switch (*q)
+ /*
+ Skip padding digits like %03d.
+ */
+ if (*cursor == '0')
+ (void) strtol(cursor,(char **) &cursor,10);
+ switch (*cursor)
{
case 'd':
case 'o':
@@ -1687,93 +1694,62 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
ssize_t
count;
- q++;
- c=(*q);
- *q='\0';
- count=FormatLocaleString(filename+(p-format-offset),(size_t)
- (MagickPathExtent-(p-format-offset)),p,value);
- if ((count <= 0) || (count > (MagickPathExtent-(p-format-offset))))
+ count=FormatLocaleString(pattern,sizeof(pattern),q,value);
+ if ((count <= 0) || (count >= MagickPathExtent))
return(0);
- offset+=(ssize_t) ((q-p)-count);
- *q=(char) c;
- (void) ConcatenateMagickString(filename,q,MagickPathExtent);
- canonical=MagickTrue;
- if (*(q-1) != '%')
- break;
- p++;
+ if ((offset+count) >= MagickPathExtent)
+ return(0);
+ (void) CopyMagickString(p+offset,pattern,(size_t) (MagickPathExtent-
+ offset));
+ cursor++;
break;
}
case '[':
{
- char
- pattern[MagickPathExtent];
-
const char
- *option;
+ *end = strchr(cursor,']'),
+ *option = (const char *) NULL;
- char
- *r;
-
- ssize_t
- i;
-
- ssize_t
- depth;
+ size_t
+ extent = (size_t) (end-cursor);
/*
- Image option.
+ Handle %[key:value];
*/
- if (strchr(p,']') == (char *) NULL)
+ if (end == (const char *) NULL)
break;
- depth=1;
- r=q+1;
- for (i=0; (i < (MagickPathExtent-1L)) && (*r != '\0'); i++)
- {
- if (*r == '[')
- depth++;
- if (*r == ']')
- depth--;
- if (depth <= 0)
- break;
- pattern[i]=(*r++);
- }
- pattern[i]='\0';
- if (LocaleNCompare(pattern,"filename:",9) != 0)
+ if (extent >= sizeof(pattern))
break;
- option=(const char *) NULL;
+ (void) CopyMagickString(pattern,cursor,extent);
+ pattern[extent]='\0';
if (image != (Image *) NULL)
option=GetImageProperty(image,pattern,exception);
- if ((option == (const char *) NULL) && (image != (Image *) NULL))
+ if ((option == (const char *) NULL) && (image != (Image *)NULL))
option=GetImageArtifact(image,pattern);
if ((option == (const char *) NULL) &&
(image_info != (ImageInfo *) NULL))
option=GetImageOption(image_info,pattern);
if (option == (const char *) NULL)
break;
- q--;
- c=(*q);
- *q='\0';
- (void) CopyMagickString(filename+(p-format-offset),option,(size_t)
- (MagickPathExtent-(p-format-offset)));
- offset+=(ssize_t) strlen(pattern)-(ssize_t) strlen(option)+3;
- *q=(char) c;
- (void) ConcatenateMagickString(filename,r+1,MagickPathExtent);
- canonical=MagickTrue;
- if (*(q-1) != '%')
- break;
- p++;
+ (void) CopyMagickString(p+offset,option,(size_t) (MagickPathExtent-
+ offset));
+ cursor=end+1;
break;
}
default:
break;
}
}
- if (canonical == MagickFalse)
- (void) CopyMagickString(filename,format,MagickPathExtent);
- else
- for (q=filename; *q != '\0'; q++)
- if ((*q == '%') && (*(q+1) == '%'))
- (void) CopyMagickString(q,q+1,(size_t) (MagickPathExtent-(q-filename)));
+ for (p=filename; *p != '\0'; )
+ {
+ /*
+ Replace "%%" with "%".
+ */
+ if ((*p == '%') && (*(p+1) == '%'))
+ (void) memmove(p,p+1,strlen(p)); /* shift left */
+ else
+ p++;
+ }
return(strlen(filename));
}

14
ImageMagick-filename-placeholder-regression-2.patch Normal file
View File

@@ -0,0 +1,14 @@
diff --git a/MagickCore/image.c b/MagickCore/image.c
index 2f859d14208..c19ac09f2b5 100644
--- a/MagickCore/image.c
+++ b/MagickCore/image.c
@@ -1733,6 +1733,8 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
break;
(void) CopyMagickString(p+offset,option,(size_t) (MagickPathExtent-
offset));
+ (void) ConcatenateMagickString(p+offset+strlen(option),end+1,(size_t)
+ (MagickPathExtent-offset-strlen(option)-strlen(end)-1));
cursor=end+1;
break;
}

99
ImageMagick-filename-placeholder-regression-3.patch Normal file
View File

@@ -0,0 +1,99 @@
From 6c7c8d5866b9c0ce6cc76a741e05b9482716101e Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sat, 19 Jul 2025 16:07:21 -0400
Subject: [PATCH] more boundary checks
---
MagickCore/image.c | 35 ++++++++++++++++++++++-------------
1 file changed, 22 insertions(+), 13 deletions(-)
diff --git a/MagickCore/image.c b/MagickCore/image.c
index c19ac09f2b5..a1283ed5f19 100644
--- a/MagickCore/image.c
+++ b/MagickCore/image.c
@@ -1660,6 +1660,8 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
/*
Start with a copy of the format string.
*/
+ assert(format != (const char *) NULL);
+ assert(filename != (char *) NULL);
(void) CopyMagickString(filename,format,MagickPathExtent);
if (IsStringTrue(GetImageOption(image_info,"filename:literal")) != MagickFalse)
return(strlen(filename));
@@ -1683,7 +1685,7 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
/*
Skip padding digits like %03d.
*/
- if (*cursor == '0')
+ if (isdigit((int) ((unsigned char) *cursor)) != 0)
(void) strtol(cursor,(char **) &cursor,10);
switch (*cursor)
{
@@ -1695,9 +1697,8 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
count;
count=FormatLocaleString(pattern,sizeof(pattern),q,value);
- if ((count <= 0) || (count >= MagickPathExtent))
- return(0);
- if ((offset+count) >= MagickPathExtent)
+ if ((count <= 0) || (count >= MagickPathExtent) ||
+ ((offset+count) >= MagickPathExtent))
return(0);
(void) CopyMagickString(p+offset,pattern,(size_t) (MagickPathExtent-
offset));
@@ -1711,7 +1712,9 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
*option = (const char *) NULL;
size_t
- extent = (size_t) (end-cursor);
+ extent = (size_t) (end-cursor-1),
+ option_length,
+ tail_length;
/*
Handle %[key:value];
@@ -1720,21 +1723,27 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
break;
if (extent >= sizeof(pattern))
break;
- (void) CopyMagickString(pattern,cursor,extent);
+ (void) CopyMagickString(pattern,cursor+1,extent+1);
pattern[extent]='\0';
if (image != (Image *) NULL)
- option=GetImageProperty(image,pattern,exception);
- if ((option == (const char *) NULL) && (image != (Image *)NULL))
- option=GetImageArtifact(image,pattern);
- if ((option == (const char *) NULL) &&
+ {
+ option=GetImageProperty(image,pattern,exception);
+ if (option == (const char *) NULL)
+ option=GetImageArtifact(image,pattern);
+ }
+ if ((option == (const char *) NULL) &&
(image_info != (ImageInfo *) NULL))
option=GetImageOption(image_info,pattern);
if (option == (const char *) NULL)
break;
+ option_length=strlen(option);
+ tail_length=strlen(end+1);
+ if ((offset+option_length+tail_length+1) > MagickPathExtent)
+ return(0);
(void) CopyMagickString(p+offset,option,(size_t) (MagickPathExtent-
offset));
- (void) ConcatenateMagickString(p+offset+strlen(option),end+1,(size_t)
- (MagickPathExtent-offset-strlen(option)-strlen(end)-1));
+ (void) ConcatenateMagickString(p+offset+option_length,end+1,(size_t) (
+ MagickPathExtent-offset-option_length-tail_length-1));
cursor=end+1;
break;
}
@@ -1748,7 +1757,7 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
Replace "%%" with "%".
*/
if ((*p == '%') && (*(p+1) == '%'))
- (void) memmove(p,p+1,strlen(p)); /* shift left */
+ (void) memmove(p,p+1,strlen(p+1)+1); /* shift left */
else
p++;
}

8
ImageMagick-library-installable-in-parallel.patch
View File

@@ -1,8 +1,8 @@
Index: ImageMagick-7.1.2-1/configure
Index: ImageMagick-7.1.2-0/configure
===================================================================
--- ImageMagick-7.1.2-1.orig/configure
+++ ImageMagick-7.1.2-1/configure
@@ -37231,7 +37231,9 @@ fi
--- ImageMagick-7.1.2-0.orig/configure
+++ ImageMagick-7.1.2-0/configure
@@ -37225,7 +37225,9 @@ fi
# Subdirectory to place architecture-dependent configuration files

45
ImageMagick.changes
View File

@@ -1,39 +1,22 @@
-------------------------------------------------------------------
Mon Aug 25 20:23:06 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
Wed Aug 20 15:09:46 UTC 2025 - pgajdos@suse.com
- version update to 7.1.2.2
* Fix infinite loop when decoding JXL with -limit height/width by
@Elvyria in #8303
* Bump actions/checkout from 4 to 5 by @dependabot[bot] in #8304
* cache.c: Fix unused function warning by @Dave-Allured in #8309
- fixes
CVE-2025-55298 [bsc#1248780]
CVE-2025-57803 [bsc#1248784]
CVE-2025-55212 [bsc#1248767]
- security update
- added patches
CVE-2025-55004 [bsc#1248076], heap buffer over-read in in ReadOneMNGIMage when processing images with separate alpha channels
+ ImageMagick-CVE-2025-55004.patch
CVE-2025-55005 [bsc#1248077], heap buffer overflow when transforming from Log to sRGB colorspaces
+ ImageMagick-CVE-2025-55005.patch
CVE-2025-55154 [bsc#1248078], integer overflow when performing magnified size calculations in ReadOneMNGIMage can lead to out-of-bounds write
+ ImageMagick-CVE-2025-55154.patch
CVE-2025-55160 [bsc#1248079], undefined behavior due to function-type-mismatch in CloneSplayTree
+ ImageMagick-CVE-2025-55160.patch
-------------------------------------------------------------------
Wed Aug 20 09:11:08 UTC 2025 - pgajdos@suse.com
Tue Aug 5 13:24:46 UTC 2025 - pgajdos@suse.com
- version update to 7.1.2.1
* Add support for Simple File Format Family (SF3) images by @Shinmera in #8243
* Fix validation issues in SF3 by @Shinmera in #8252
* Fix compressed exr reading by @Hadsen in #8285
* Use OpenMP in ashlar by @yerlotic in #8288
* Bump actions/download-artifact from 4 to 5 by @dependabot[bot] in #8296
- modified patches
% ImageMagick-library-installable-in-parallel.patch
- removed patches
- ImageMagick-filename-placeholder-regression-1.patch (upstreamed)
- ImageMagick-filename-placeholder-regression-2.patch (upstreamed)
- ImageMagick-filename-placeholder-regression-3.patch (upstreamed)
- fixes
CVE-2025-55160 [bsc#1248079], CVE-2025-55004 [bsc#1248076]
CVE-2025-55154 [bsc#1248078], CVE-2025-55005 [bsc#1248077]
-------------------------------------------------------------------
Tue Aug 5 10:55:19 UTC 2025 - pgajdos@suse.com
- added patches [bsc#1247475]
- added patches
bsc#1247475 (https://github.com/ImageMagick/ImageMagick/issues/8261)
+ ImageMagick-filename-placeholder-regression-1.patch
+ ImageMagick-filename-placeholder-regression-2.patch
+ ImageMagick-filename-placeholder-regression-3.patch

25
ImageMagick.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package ImageMagick
#
# Copyright (c) 2025 SUSE LLC and contributors
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,7 +21,7 @@
%define debug_build 0
%define asan_build 0
%define mfr_version 7.1.2
%define mfr_revision 2
%define mfr_revision 0
%define quantum_depth 16
%define source_version %{mfr_version}-%{mfr_revision}
%define clibver 10
@@ -30,7 +30,7 @@
%define libspec -7_Q%{quantum_depth}HDRI
%define config_dir IM-7
%define test_verbose 1
# bsc#1088463, https://github.com/ImageMagick/ImageMagick/issues/8261
# bsc#1088463
%define urw_base35_fonts 0
# do/don't pull djvulibre dependency
%bcond_without djvu
@@ -50,6 +50,18 @@ Source3: ImageMagick.keyring
Patch0: ImageMagick-configuration-SUSE.patch
Patch2: ImageMagick-library-installable-in-parallel.patch
Patch5: ImageMagick-s390x-disable-tests.patch
# bsc#1247475 (https://github.com/ImageMagick/ImageMagick/issues/8261)
Patch6: ImageMagick-filename-placeholder-regression-1.patch
Patch7: ImageMagick-filename-placeholder-regression-2.patch
Patch8: ImageMagick-filename-placeholder-regression-3.patch
# CVE-2025-55005 [bsc#1248077], heap buffer overflow when transforming from Log to sRGB colorspaces
Patch9: ImageMagick-CVE-2025-55005.patch
# CVE-2025-55154 [bsc#1248078], integer overflow when performing magnified size calculations in ReadOneMNGIMage can lead to out-of-bounds write
Patch10: ImageMagick-CVE-2025-55154.patch
# CVE-2025-55004 [bsc#1248076], heap buffer over-read in in ReadOneMNGIMage when processing images with separate alpha channels
Patch11: ImageMagick-CVE-2025-55004.patch
# CVE-2025-55160 [bsc#1248079], undefined behavior due to function-type-mismatch in CloneSplayTree
Patch12: ImageMagick-CVE-2025-55160.patch
BuildRequires: chrpath
BuildRequires: dejavu-fonts
@@ -262,6 +274,13 @@ policy plus disable few other coders for reading and/or writing.
%ifarch s390x
%patch -P 5 -p1
%endif
%patch -P 6 -p1
%patch -P 7 -p1
%patch -P 8 -p1
%patch -P 9 -p1
%patch -P 10 -p1
%patch -P 11 -p1
%patch -P 12 -p1
%build
# bsc#1088463