pool/ImageMagick
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

Compare commits

base: pool:factory
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main
..
compare: pool:slfo-main
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main

8 Commits
factory ... slfo-main

Author SHA256 Message Date
Petr Gajdos
9ae6cfe1af security update 2026-01-06 15:56:27 +01:00
Petr Gajdos
2a05cdb8cd - security update 2025-12-12 10:11:04 +01:00
Petr Gajdos
29ba11c386 - security update 2025-12-10 15:33:53 +01:00
Petr Gajdos
3f400bf2c2 add patch 2025-11-10 17:20:34 +01:00
Petr Gajdos
2a14913da1 bsc#1253110 2025-11-10 17:20:05 +01:00
Petr Gajdos
b1aaed6ab6 add sources 2025-10-30 11:22:09 +01:00
Petr Gajdos
45269a4c86 7.1.2-7 2025-10-30 11:21:27 +01:00
Petr Gajdos
f4b12eeaba version update to 7.1.2-7 2025-10-20 14:12:46 +02:00
13 changed files with 307 additions and 54 deletions
Expand all files Collapse all files

3
ImageMagick-7.1.2-13.tar.xz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:968e022c8c7ee620680bac658628ef0f582be7b8aa71b386a9a9d068ec17dbd2
size 10805152

16
ImageMagick-7.1.2-13.tar.xz.asc
View File

@@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmludfcACgkQiatj1IJ3
N3rRAhAAoeXH5xDosG846p3e+VAif8DiYCb1fkdHaPesq/exAQYTHHUpv0lkC0+8
9GZQ4/0GZlMMF4IJHUxfSBCwdbVQonx3ttg87ZGICfIJ9OJsAqUHzTxwzEipxHg5
Ow+ZmHl5bv927fiW6x0gKXuHmjyp4g2uF71PbFLUjHKhGc5swvcm4pjH7dbc7cx3
aZV6gAbYCzbsZhmCJ59lbrAbfPewMaUPq80YtwLoBo0WRte2klZ116PjN/hVNOEb
wWzNFu9ZVrP5xFY5SLLQELBYEop22TGcfzFicUVRGLvIcNE3Lc5oKgVHWENjd5Xa
gde7TVKcSHVAphdBoXyW7si9ibORIk6QyqbCobzPgbARTBEjWdDSHFgwdWSkCBAO
qnqilvqXiJYHPErMIN0FTVMuVckMWEmV2pmJlORvapTdYJv4ROd0wzPP6OAynju+
ODHm6HAoEO2Kg2aCA3nxOfww0samtvu7XJdiPV7kTTKxz1wEIz7A+Z5vfIyYFlDH
9wcD1hAoEABV9nkShuAjF/XGPap1a1Va0vKX/q4eG77NHjAPIcdbiBmI+XOGgSRK
CRQdGI502QZ2A4bH7oxgax8UQgQWIVPHGBLZxJLniFwpH3IQ6BEq9miDFQGc4bSq
b3y2MZ/R3WEVCafmOt9F6/L8OsZ3hF11e8WAoLsrUcEH9WD7d3U=
=toTL
-----END PGP SIGNATURE-----

BIN
ImageMagick-7.1.2-8.tar.xz LFS Normal file
View File

Binary file not shown.

16
ImageMagick-7.1.2-8.tar.xz.asc Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmj+Hz4ACgkQiatj1IJ3
N3p+Vg/8CYxJgRHvCO4s3QFacyNM+e9TL4ssBBkkXDf2fk6tYQCqLD+iPqMPswjb
qYZDsD2oDGCaqnciMIlF1782Gt67tjFFr57ikAJopqILWHBXfL4M81VoehHIjsao
DS/DuxR/8DoOSsvWzDDEv98On1339HCncPlfbg5NDKEMNeWjq/RdNiFnNspjxhhp
nbsGN9Eu1ToxIWXG7lA9diRk6wTpyuRqlPrKy1kSYaItjKpR9lkFY4zhCnISGUDr
pvghTId+oksr1CZaa3SlMN53MGUEMMbl0FhRF6vYhm3bLVQr2s5NVdG/E6W98VAv
aukurXRy65mJl2ohVzCSfyFi3Y3BFqsLNvqPIE/cYaFuXhDbcd+nrXi5zalSIrA+
Er58sU8TY6fqA1XLImIhnlyJkZCFB30wyW11eIBmeKQXNL/OpkY0YoUoQT5F7GcZ
50MlFgDNAUJR3O6C+Wxf8Kpcsvf+1OIJilBWb25+YSMig14nnIjajo2/uXMGoooJ
XqtQ7HgFdWb6YQi4lsVadqSKTpMeEMsSh2OaUNi5aphME4Q9CFVJrqx1EWBtNP2q
OteBMak+64cq5ko5qwp/C4/ahPk8agNAXwRkse4ouRkZh12LLHOmaMlGU6KbnQAI
MboY4jmK+DbymyjiXNt5Qg9CO/hSshYra+tKcDZzpdLQerTNSew=
=djpT
-----END PGP SIGNATURE-----

23
ImageMagick-CVE-2025-65955.patch Normal file
View File

@@ -0,0 +1,23 @@
From 6f81eb15f822ad86e8255be75efad6f9762c32f8 Mon Sep 17 00:00:00 2001
From: Dirk Lemstra <dirk@lemstra.org>
Date: Sun, 23 Nov 2025 09:17:29 +0100
Subject: [PATCH] Correct incorrect free (GHSA-q3hc-j9x5-mp9m)
---
Magick++/lib/Options.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Magick++/lib/Options.cpp b/Magick++/lib/Options.cpp
index c25604558a4..027d54719c3 100644
--- a/Magick++/lib/Options.cpp
+++ b/Magick++/lib/Options.cpp
@@ -310,7 +310,7 @@ void Magick::Options::fontFamily(const std::string &family_)
{
if (family_.length() == 0)
{
- _drawInfo->family=(char *) RelinquishMagickMemory(_drawInfo->font);
+ _drawInfo->family=(char *) RelinquishMagickMemory(_drawInfo->family);
DestroyString(RemoveImageOption(imageInfo(),"family"));
}
else

25
ImageMagick-CVE-2025-66628.patch Normal file
View File

@@ -0,0 +1,25 @@
From bdae0681ad1e572defe62df85834218f01e6d670 Mon Sep 17 00:00:00 2001
From: Dirk Lemstra <dirk@lemstra.org>
Date: Tue, 2 Dec 2025 22:49:12 +0100
Subject: [PATCH] Added extra check to avoid an overflow on 32-bit machines
(GHSA-6hjr-v6g4-3fm8)
---
coders/tim.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/coders/tim.c b/coders/tim.c
index db60f32e65a..b87e06d2ceb 100644
--- a/coders/tim.c
+++ b/coders/tim.c
@@ -231,7 +231,8 @@ static Image *ReadTIMImage(const ImageInfo *image_info,ExceptionInfo *exception)
(void) ReadBlobLSBShort(image);
width=ReadBlobLSBShort(image);
height=ReadBlobLSBShort(image);
- image_size=2*width*height;
+ if (HeapOverflowSanityCheckGetSize(2*width,height,&image_size) != MagickFalse)
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
if (image_size > GetBlobSize(image))
ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
bytes_per_line=width*2;

107
ImageMagick-CVE-2025-68618.patch Normal file
View File

@@ -0,0 +1,107 @@
From 6f431d445f3ddd609c004a1dde617b0a73e60beb Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 21 Dec 2025 12:43:08 -0500
Subject: [PATCH]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637
---
coders/msl.c | 24 ++++++++++++++++--------
coders/svg.c | 8 +++++++-
2 files changed, 23 insertions(+), 9 deletions(-)
diff --git a/coders/msl.c b/coders/msl.c
index 2424e9883f0..8ede13b81e4 100644
--- a/coders/msl.c
+++ b/coders/msl.c
@@ -120,6 +120,7 @@ typedef struct _MSLInfo
*exception;
ssize_t
+ depth,
n,
number_groups;
@@ -328,6 +329,10 @@ static void MSLStartElement(void *context,const xmlChar *tag,
RectangleInfo
geometry;
+ size_t
+ height,
+ width;
+
ssize_t
i,
j,
@@ -336,11 +341,6 @@ static void MSLStartElement(void *context,const xmlChar *tag,
x,
y;
-
- size_t
- height,
- width;
-
xmlParserCtxtPtr
parser;
@@ -352,6 +352,13 @@ static void MSLStartElement(void *context,const xmlChar *tag,
exception=AcquireExceptionInfo();
parser=(xmlParserCtxtPtr) context;
msl_info=(MSLInfo *) parser->_private;
+ if (msl_info->depth++ >= MagickMaxRecursionDepth)
+ {
+ (void) ThrowMagickException(msl_info->exception,GetMagickModule(),
+ DrawError,"VectorGraphicsNestedTooDeeply","`%s'",tag);
+ xmlStopParser((xmlParserCtxtPtr) context);
+ return;
+ }
n=msl_info->n;
keyword=(const char *) NULL;
value=(char *) NULL;
@@ -7057,15 +7064,15 @@ static void MSLStartElement(void *context,const xmlChar *tag,
static void MSLEndElement(void *context,const xmlChar *tag)
{
- ssize_t
- n;
-
MSLInfo
*msl_info;
xmlParserCtxtPtr
parser;
+ ssize_t
+ n;
+
/*
Called when the end of an element has been detected.
*/
@@ -7158,6 +7165,7 @@ static void MSLEndElement(void *context,const xmlChar *tag)
}
if (msl_info->content != (char *) NULL)
msl_info->content=DestroyString(msl_info->content);
+ msl_info->depth--;
}
static void MSLCharacters(void *context,const xmlChar *c,int length)
diff --git a/coders/svg.c b/coders/svg.c
index ed662770d23..5d042cce85f 100644
--- a/coders/svg.c
+++ b/coders/svg.c
@@ -1250,7 +1250,13 @@ static void SVGStartElement(void *context,const xmlChar *name,
name);
parser=(xmlParserCtxtPtr) context;
svg_info=(SVGInfo *) parser->_private;
- svg_info->n++;
+ if (svg_info->n++ > MagickMaxRecursionDepth)
+ {
+ (void) ThrowMagickException(svg_info->exception,GetMagickModule(),
+ DrawError,"VectorGraphicsNestedTooDeeply","`%s'",name);
+ xmlStopParser((xmlParserCtxtPtr) context);
+ return;
+ }
svg_info->scale=(double *) ResizeQuantumMemory(svg_info->scale,(size_t)
svg_info->n+1,sizeof(*svg_info->scale));
if (svg_info->scale == (double *) NULL)

23
ImageMagick-CVE-2025-68950.patch Normal file
View File

@@ -0,0 +1,23 @@
From 204718c2211903949dcfc0df8e65ed066b008dec Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Fri, 26 Dec 2025 11:22:12 -0500
Subject: [PATCH]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7rvh-xqp3-pr8j
---
MagickCore/draw.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/MagickCore/draw.c b/MagickCore/draw.c
index efa1b232661..2cdedaffa75 100644
--- a/MagickCore/draw.c
+++ b/MagickCore/draw.c
@@ -5701,6 +5701,7 @@ MagickExport MagickBooleanType DrawPrimitive(Image *image,
if ((LocaleCompare(clone_info->magick,"ftp") != 0) &&
(LocaleCompare(clone_info->magick,"http") != 0) &&
(LocaleCompare(clone_info->magick,"https") != 0) &&
+ (LocaleCompare(clone_info->magick,"mvg") != 0) &&
(LocaleCompare(clone_info->magick,"vid") != 0))
composite_images=ReadImage(clone_info,exception);
else

69
ImageMagick-CVE-2025-69204.patch Normal file
View File

@@ -0,0 +1,69 @@
From 2c08c2311693759153c9aa99a6b2dcb5f985681e Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sat, 27 Dec 2025 14:37:23 -0500
Subject: [PATCH]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hrh7-j8q2-4qcw
---
coders/svg.c | 27 ++++++++++++++++++++++-----
1 file changed, 22 insertions(+), 5 deletions(-)
diff --git a/coders/svg.c b/coders/svg.c
index 5d042cce85f..4ffb7d93e9d 100644
--- a/coders/svg.c
+++ b/coders/svg.c
@@ -1250,13 +1250,14 @@ static void SVGStartElement(void *context,const xmlChar *name,
name);
parser=(xmlParserCtxtPtr) context;
svg_info=(SVGInfo *) parser->_private;
- if (svg_info->n++ > MagickMaxRecursionDepth)
+ if (svg_info->n >= MagickMaxRecursionDepth)
{
(void) ThrowMagickException(svg_info->exception,GetMagickModule(),
DrawError,"VectorGraphicsNestedTooDeeply","`%s'",name);
xmlStopParser((xmlParserCtxtPtr) context);
return;
}
+ svg_info->n++;
svg_info->scale=(double *) ResizeQuantumMemory(svg_info->scale,(size_t)
svg_info->n+1,sizeof(*svg_info->scale));
if (svg_info->scale == (double *) NULL)
@@ -4719,17 +4720,33 @@ static MagickBooleanType WriteSVGImage(const ImageInfo *image_info,Image *image,
}
case PathPrimitive:
{
- int
- number_attributes;
+ size_t
+ number_attributes,
+ quantum;
(void) GetNextToken(q,&q,extent,token);
number_attributes=1;
for (p=token; *p != '\0'; p++)
if (isalpha((int) ((unsigned char) *p)) != 0)
number_attributes++;
- if (i > ((ssize_t) number_points-6*BezierQuantum*number_attributes-1))
+ if ((6*BezierQuantum) >= (MAGICK_SSIZE_MAX/number_attributes))
{
- number_points+=(size_t) (6*BezierQuantum*number_attributes);
+ (void) ThrowMagickException(exception,GetMagickModule(),
+ ResourceLimitError,"MemoryAllocationFailed","`%s'",
+ image->filename);
+ break;
+ }
+ quantum=(size_t) 6*BezierQuantum*number_attributes;
+ if (number_points >= (MAGICK_SSIZE_MAX-quantum))
+ {
+ (void) ThrowMagickException(exception,GetMagickModule(),
+ ResourceLimitError,"MemoryAllocationFailed","`%s'",
+ image->filename);
+ break;
+ }
+ if (i > (ssize_t) (number_points-quantum-1))
+ {
+ number_points+=(size_t) quantum;
primitive_info=(PrimitiveInfo *) ResizeQuantumMemory(primitive_info,
number_points,sizeof(*primitive_info));
if (primitive_info == (PrimitiveInfo *) NULL)

2
ImageMagick-configuration-SUSE.patch
View File

@@ -2,7 +2,7 @@ diff -ur ImageMagick-7.1.2-8_fix/config/policy-secure.xml ImageMagick-7.1.2-8_fi
--- ImageMagick-7.1.2-8/config/policy-secure.xml 2025-11-06 15:30:11.995056081 +0100
+++ ImageMagick-7.1.2-8_fix/config/policy-secure.xml 2025-11-06 15:46:05.605527563 +0100
@@ -62,7 +62,7 @@
<policy domain="resource" name="disk" value="2GiB"/>
<policy domain="resource" name="disk" value="1GiB"/>
<!-- Set the maximum length of an image sequence. When this limit is
exceeded, an exception is thrown. -->
- <policy domain="resource" name="list-length" value="32"/>

8
ImageMagick-library-installable-in-parallel.patch
View File

@@ -1,8 +1,8 @@
Index: ImageMagick-7.1.2-11/configure
Index: ImageMagick-7.1.2-3/configure
===================================================================
--- ImageMagick-7.1.2-11.orig/configure
+++ ImageMagick-7.1.2-11/configure
@@ -37253,7 +37253,9 @@ fi
--- ImageMagick-7.1.2-3.orig/configure
+++ ImageMagick-7.1.2-3/configure
@@ -37237,7 +37237,9 @@ fi
# Subdirectory to place architecture-dependent configuration files

47
ImageMagick.changes
View File

@@ -1,39 +1,30 @@
-------------------------------------------------------------------
Mon Jan 19 18:33:04 UTC 2026 - Arjen de Korte <suse+build@de-korte.org>
Tue Jan 6 14:56:00 UTC 2026 - Petr Gajdos <pgajdos@suse.com>
- version update to 7.1.2.13
* no upstream changelog, see
https://github.com/ImageMagick/ImageMagick/compare/7.1.2-12..7.1.2-13
- modified patches
* ImageMagick-configuration-SUSE.patch (refreshed)
- security update
- added patches
CVE-2025-68618 [bsc#1255821], read a malicious SVG file may result in a DoS attack
* ImageMagick-CVE-2025-68618.patch
CVE-2025-68950 [bsc#1255822], check for circular references in mvg files may lead to stack overflow
* ImageMagick-CVE-2025-68950.patch
CVE-2025-69204 [bsc#1255823], an integer overflow can lead to a DoS attack
* ImageMagick-CVE-2025-69204.patch
-------------------------------------------------------------------
Tue Jan 6 09:32:47 UTC 2026 - Petr Gajdos <pgajdos@suse.com>
Fri Dec 12 09:09:26 UTC 2025 - Petr Gajdos <pgajdos@suse.com>
- version update to 7.1.2.12
* no upstream changelog, see
https://github.com/ImageMagick/ImageMagick/compare/7.1.2-11..7.1.2-12
* fixes CVE-2025-68618 [bsc#1255821]
CVE-2025-68950 [bsc#1255822]
CVE-2025-69204 [bsc#1255823]
- security update
- added patches
CVE-2025-66628 [bsc#1254820], ImageMagick Integer Overflow leading to out of bounds read (32-bit only)
* ImageMagick-CVE-2025-66628.patch
-------------------------------------------------------------------
Mon Dec 22 08:39:43 UTC 2025 - Petr Gajdos <pgajdos@suse.com>
Wed Dec 10 14:33:36 UTC 2025 - Petr Gajdos <pgajdos@suse.com>
- version update to 7.1.2.11
* no upstream changelog, see
https://github.com/ImageMagick/ImageMagick/compare/7.1.2-10..7.1.2-11
- modified patches
* ImageMagick-library-installable-in-parallel.patch (refreshed)
-------------------------------------------------------------------
Sun Dec 7 15:06:32 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
- version update to 7.1.2.10
* no upstream changelog, see
https://github.com/ImageMagick/ImageMagick/compare/7.1.2-8..7.1.2-10
- fixes CVE-2025-65955 [bsc#1254435]
CVE-2025-66628 [bsc#1254820]
- security update
- added patches
CVE-2025-65955 [bsc#1254435], ImageMagick use-after-free/double-free
* ImageMagick-CVE-2025-65955.patch
-------------------------------------------------------------------
Thu Nov 6 14:37:08 UTC 2025 - Dirk Stoecker <opensuse@dstoecker.de>

19
ImageMagick.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package ImageMagick
#
# Copyright (c) 2026 SUSE LLC and contributors
# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,7 +21,7 @@
%define debug_build 0
%define asan_build 0
%define mfr_version 7.1.2
%define mfr_revision 13
%define mfr_revision 8
%define quantum_depth 16
%define source_version %{mfr_version}-%{mfr_revision}
%define clibver 10
@@ -54,6 +54,16 @@ Patch1: ImageMagick-configuration-SUSE.patch
Patch2: ImageMagick-library-installable-in-parallel.patch
# disable failing tests
Patch5: ImageMagick-s390x-disable-tests.patch
# CVE-2025-65955 [bsc#1254435], ImageMagick use-after-free/double-free
Patch6: ImageMagick-CVE-2025-65955.patch
# CVE-2025-66628 [bsc#1254820], ImageMagick Integer Overflow leading to out of bounds read (32-bit only)
Patch7: ImageMagick-CVE-2025-66628.patch
# CVE-2025-68618 [bsc#1255821], read a malicious SVG file may result in a DoS attack
Patch8: ImageMagick-CVE-2025-68618.patch
# CVE-2025-68950 [bsc#1255822], check for circular references in mvg files may lead to stack overflow
Patch9: ImageMagick-CVE-2025-68950.patch
# CVE-2025-69204 [bsc#1255823], an integer overflow can lead to a DoS attack
Patch10: ImageMagick-CVE-2025-69204.patch
BuildRequires: chrpath
BuildRequires: dejavu-fonts
@@ -270,6 +280,11 @@ cp config/policy-secure.xml config/policy.xml
%ifarch s390x
%patch -P 5 -p1
%endif
%patch -P 6 -p1
%patch -P 7 -p1
%patch -P 8 -p1
%patch -P 9 -p1
%patch -P 10 -p1
%build
# bsc#1088463