Accepting request 1324183 from graphics

versino update to 1.3.46

OBS-URL: https://build.opensuse.org/request/show/1324183
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/GraphicsMagick?expand=0&rev=97

GraphicsMagick-1.3.46.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c7c706a505e9c6c3764156bb94a0c9644d79131785df15a89c9f8721d1abd061
+size 5968736

GraphicsMagick-disable-insecure-coders.patch

@@ -1,7 +1,7 @@
-Index: GraphicsMagick-1.3.43/coders/pdf.c
+Index: GraphicsMagick-1.3.46/coders/pdf.c
 ===================================================================
---- GraphicsMagick-1.3.43.orig/coders/pdf.c
-+++ GraphicsMagick-1.3.43/coders/pdf.c
+--- GraphicsMagick-1.3.46.orig/coders/pdf.c
++++ GraphicsMagick-1.3.46/coders/pdf.c
 @@ -499,7 +499,7 @@ ModuleExport void RegisterPDFImage(void)
    entry->seekable_stream=True;
    entry->description="Encapsulated Portable Document Format";
@@ -20,10 +20,10 @@ Index: GraphicsMagick-1.3.43/coders/pdf.c
    (void) RegisterMagickInfo(entry);
  }
  
-Index: GraphicsMagick-1.3.43/coders/ps.c
+Index: GraphicsMagick-1.3.46/coders/ps.c
 ===================================================================
---- GraphicsMagick-1.3.43.orig/coders/ps.c
-+++ GraphicsMagick-1.3.43/coders/ps.c
+--- GraphicsMagick-1.3.46.orig/coders/ps.c
++++ GraphicsMagick-1.3.46/coders/ps.c
 @@ -456,7 +456,7 @@ ModuleExport void RegisterPSImage(void)
    entry->adjoin=False;
    entry->description="Adobe Encapsulated PostScript Interchange format";
@@ -69,10 +69,10 @@ Index: GraphicsMagick-1.3.43/coders/ps.c
    (void) RegisterMagickInfo(entry);
  }
  
-Index: GraphicsMagick-1.3.43/coders/ps2.c
+Index: GraphicsMagick-1.3.46/coders/ps2.c
 ===================================================================
---- GraphicsMagick-1.3.43.orig/coders/ps2.c
-+++ GraphicsMagick-1.3.43/coders/ps2.c
+--- GraphicsMagick-1.3.46.orig/coders/ps2.c
++++ GraphicsMagick-1.3.46/coders/ps2.c
 @@ -252,7 +252,7 @@ ModuleExport void RegisterPS2Image(void)
    entry->seekable_stream=True;
    entry->description="Adobe Level II Encapsulated PostScript";
@@ -91,10 +91,10 @@ Index: GraphicsMagick-1.3.43/coders/ps2.c
    (void) RegisterMagickInfo(entry);
  }
  
-Index: GraphicsMagick-1.3.43/coders/ps3.c
+Index: GraphicsMagick-1.3.46/coders/ps3.c
 ===================================================================
---- GraphicsMagick-1.3.43.orig/coders/ps3.c
-+++ GraphicsMagick-1.3.43/coders/ps3.c
+--- GraphicsMagick-1.3.46.orig/coders/ps3.c
++++ GraphicsMagick-1.3.46/coders/ps3.c
 @@ -394,7 +394,7 @@ ModuleExport void RegisterPS3Image(void)
    entry->description="Adobe Level III Encapsulated PostScript";
    entry->seekable_stream=MagickTrue;
@@ -113,11 +113,11 @@ Index: GraphicsMagick-1.3.43/coders/ps3.c
    (void) RegisterMagickInfo(entry);
  }
  
-Index: GraphicsMagick-1.3.43/config/delegates.mgk.in
+Index: GraphicsMagick-1.3.46/config/delegates.mgk.in
 ===================================================================
---- GraphicsMagick-1.3.43.orig/config/delegates.mgk.in
-+++ GraphicsMagick-1.3.43/config/delegates.mgk.in
-@@ -76,27 +76,27 @@
+--- GraphicsMagick-1.3.46.orig/config/delegates.mgk.in
++++ GraphicsMagick-1.3.46/config/delegates.mgk.in
+@@ -88,27 +88,27 @@
    <delegate decode="dot" command='"@DOTDecodeDelegate@" -Tps "%i" -o "%o"' />
    <delegate decode="dvi" command='"@DVIDecodeDelegate@" -q -o "%o" "%i"' />
    <delegate decode="edit" stealth="True" command='"@EditorDelegate@" -title "Edit Image Comment" -e vi "%o"' />
@@ -153,7 +153,7 @@ Index: GraphicsMagick-1.3.43/config/delegates.mgk.in
  
    <!-- Read monochrome PDF using Poppler's pdftoppm -->
    <delegate decode="poppler-mono" stealth="True" command='"pdftoppm" "-mono" "-freetype" "yes" "-aa" "yes" "-aaVector" "yes" "-rx" "72" "-ry" "72" "%s" ">" "%s"' />
-@@ -120,16 +120,16 @@
+@@ -132,16 +132,16 @@
    <!-- Write MPEG file using mpeg2encode -->
    <delegate encode="mpeg-encode" stealth="True" command='"@MPEGEncodeDelegate@" "%i" "%o"' />
    <!-- Convert PDF to Encapsulated Poscript using Ghostscript -->
@@ -174,12 +174,12 @@ Index: GraphicsMagick-1.3.43/config/delegates.mgk.in
 +  <!--delegate decode="ps" encode="print" mode="encode" command='"@PrintDelegate@" "%i"' /-->
    <!-- Read HTML file  -->
    <delegate decode="shtml" command='"@HTMLDecodeDelegate@" -U -o "%o" "%i"' />
-   <delegate encode="show" stealth="True" command='"@GMDelegate@" display -immutable -delay 0 -window_group %g -title "%l of %f" "%o" &' />
-Index: GraphicsMagick-1.3.43/Makefile.in
+   <delegate encode="show" stealth="True" command='"@GMDelegate@" display -immutable -delay 0 -window_group %g -title "%l of %f" "%o" &amp;' />
+Index: GraphicsMagick-1.3.46/Makefile.in
 ===================================================================
---- GraphicsMagick-1.3.43.orig/Makefile.in
-+++ GraphicsMagick-1.3.43/Makefile.in
-@@ -4363,7 +4363,6 @@ TESTS_TESTS = \
+--- GraphicsMagick-1.3.46.orig/Makefile.in
++++ GraphicsMagick-1.3.46/Makefile.in
+@@ -4383,7 +4383,6 @@ TESTS_TESTS = \
  	tests/rwfile.tap \
  	tests/rwfile_sized.tap \
  	tests/rwfile_miff.tap \
@@ -187,20 +187,20 @@ Index: GraphicsMagick-1.3.43/Makefile.in
  	tests/rwfile_deep.tap
  
  TESTS_EXTRA_DIST = \
-Index: GraphicsMagick-1.3.43/tests/rwblob.tap
+Index: GraphicsMagick-1.3.46/tests/rwblob.tap
 ===================================================================
---- GraphicsMagick-1.3.43.orig/tests/rwblob.tap
-+++ GraphicsMagick-1.3.43/tests/rwblob.tap
+--- GraphicsMagick-1.3.46.orig/tests/rwblob.tap
++++ GraphicsMagick-1.3.46/tests/rwblob.tap
 @@ -10,7 +10,7 @@ rwblob=./rwblob
  check_types='bilevel gray palette truecolor'
  
  # Number of tests we plan to run
--test_plan_fn 217
-+test_plan_fn 209
+-test_plan_fn 221
++test_plan_fn 213
  
- # ART format
+ # AAI format
  for type in ${check_types}
-@@ -68,18 +68,6 @@ do
+@@ -74,18 +74,6 @@ do
    test_command_fn "DPX ${type}" ${MEMCHECK} ${rwblob} "${SRCDIR}/input_${type}.miff" DPX
  done
  
@@ -219,20 +219,20 @@ Index: GraphicsMagick-1.3.43/tests/rwblob.tap
  # FAX format
  for type in ${check_types}
  do
-Index: GraphicsMagick-1.3.43/tests/rwfile.tap
+Index: GraphicsMagick-1.3.46/tests/rwfile.tap
 ===================================================================
---- GraphicsMagick-1.3.43.orig/tests/rwfile.tap
-+++ GraphicsMagick-1.3.43/tests/rwfile.tap
+--- GraphicsMagick-1.3.46.orig/tests/rwfile.tap
++++ GraphicsMagick-1.3.46/tests/rwfile.tap
 @@ -12,7 +12,7 @@ check_types='bilevel gray palette trueco
  check_types_noone='bilevel gray palette truecolor'
  
  # Number of tests we plan to run
--test_plan_fn 848
-+test_plan_fn 798
+-test_plan_fn 897
++test_plan_fn 847
  
- # ART format
+ # AAI format
  for type in ${check_types}
-@@ -84,48 +84,6 @@ do
+@@ -91,48 +91,6 @@ do
    test_command_fn "DPX ${type} (stdio)" ${MEMCHECK} ${rwfile} -stdio -filespec "out_${type}_stdio_%d" "${SRCDIR}/input_${type}.miff" DPX
  done
  
@@ -281,7 +281,7 @@ Index: GraphicsMagick-1.3.43/tests/rwfile.tap
  # FAX format
  for type in ${check_types}
  do
-@@ -305,13 +263,6 @@ do
+@@ -312,13 +270,6 @@ do
    test_command_fn "PCX ${type} (stdio)" ${MEMCHECK} ${rwfile} -stdio -filespec "out_${type}_stdio_%d" "${SRCDIR}/input_${type}.miff" PCX
  done
  
@@ -295,7 +295,7 @@ Index: GraphicsMagick-1.3.43/tests/rwfile.tap
  # PGM format
  for type in ${check_types}
  do
-@@ -371,27 +322,6 @@ do
+@@ -406,27 +357,6 @@ do
    done
  done
  

GraphicsMagick-perl-linkage.patch

@@ -1,7 +1,7 @@
-Index: GraphicsMagick-1.3.31/PerlMagick/Makefile.PL.in
+Index: GraphicsMagick-1.3.46/PerlMagick/Makefile.PL.in
 ===================================================================
---- GraphicsMagick-1.3.31.orig/PerlMagick/Makefile.PL.in	2018-12-19 11:03:59.273709484 +0100
-+++ GraphicsMagick-1.3.31/PerlMagick/Makefile.PL.in	2018-12-19 11:06:05.822305744 +0100
+--- GraphicsMagick-1.3.46.orig/PerlMagick/Makefile.PL.in
++++ GraphicsMagick-1.3.46/PerlMagick/Makefile.PL.in
 @@ -78,7 +78,7 @@ WriteMakefile
     'INSTALLBIN' => $magick_BIN_DIR,
  

GraphicsMagick.changes

@@ -1,3 +1,126 @@
+-------------------------------------------------------------------
+Mon Dec 22 11:36:09 UTC 2025 - Petr Gajdos <pgajdos@suse.com>
+
+- versino update to 1.3.46
+  * MSL: Use libxml2's SAX handlers for the MVG XML-based scripting
+    implementation.  This removes a lot of archaic cruft which might
+    suffer from security issues.
+  * JP2: Fix Jasper max_samples calculation to avoid DOS due to huge
+    image dimensions.
+  * JXL: Apply image dimension resource limits. Fix heap buffer write
+    overflow while reading image.
+  * SVG: Use libxml2's SAX handlers for the SVG renderer.  This removes
+    a lot of archaic cruft which might suffer from security issues.
+  * WPG: Assure that the palette buffer is allocated and the current
+    size (SourceForge bug #750).
+  * ColorFloodfillImage(): For floodfill, return an error if a clip-mask
+    is present. The problem is that the algorithm may not converge if a
+    clip-mask is present.
+  * ThumbnailImage(): Prevent a divide by zero crash.
+  * other bug fixes
+- modified patches
+  * GraphicsMagick-disable-insecure-coders.patch (refreshed)
+  * GraphicsMagick-perl-linkage.patch (refreshed)
+- deleted patches
+  * GraphicsMagick-CVE-2025-27795.patch (upstreamed)
+  * GraphicsMagick-CVE-2025-27796.patch (upstreamed)
+  * GraphicsMagick-CVE-2025-32460.patch (upstreamed)
+  * GraphicsMagick-return-value.patch (upstreamed)
+
+-------------------------------------------------------------------
+Fri Nov 14 07:04:58 UTC 2025 - pgajdos@suse.com
+
+- recommend xorg-x11-fonts-legacy
+  (https://progress.opensuse.org/issues/192340)
+
+-------------------------------------------------------------------
+Tue Apr 15 07:15:10 UTC 2025 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2025-32460 [bsc#1241150], heap-based buffer over-read in ReadJXLImage
+  + GraphicsMagick-CVE-2025-32460.patch
+
+-------------------------------------------------------------------
+Tue Apr  1 08:58:02 UTC 2025 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2025-27795 [bsc#1239044], JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
+  + GraphicsMagick-CVE-2025-27795.patch
+  fix CVE-2025-27796 [bsc#1239043], WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation.
+  + GraphicsMagick-CVE-2025-27796.patch
+  use return value of realloc function
+  + GraphicsMagick-return-value.patch
+
+-------------------------------------------------------------------
+Mon Mar 10 08:58:49 UTC 2025 - pgajdos@suse.com
+
+- version update to 1.3.45
+  Security Fixes:
+  * TIFF: Fixed multiple heap and stack buffer overflows (directed by
+    the source EXIF profile) while writing EXIF into the native TIFF
+    IFD.
+  * FITS: Fix problem that the FITS reader could return invalid image
+    frames with rows or columns set to zero. Other code in the library
+    crashes, or even asserts, if invalid image frames with rows or
+    columns set to zero are returned.
+  * Coverity fixes: Various fixes for Coverity issues raised after the
+    update to version 2023.12.2.
+  * Clang Analyzer (scan-build) fixes: Various fixes for new issues
+    discovered by Clang Analyzer.
+  
+  Bug fixes:
+  * configure.ac: Fix a shell syntax error.
+  * GCC 14: Eliminate some new warnings which appeared while in -Wall
+    mode.
+  * JPEG: FormatJPEGSamplingFactors() now properly handles the number of
+    samples for each colorspace.
+  * JXL: Additional validations of color channel and alpha channel
+    depth.
+  * TGA: Fix issues discovered by Coverity.
+  * TGA: Fix writing TGA with opacity values in palette.
+  * TGA: Default orientation is (again) TopLeftOrientation.
+  * TIFF: Verify that TIFFTAG_BITSPERSAMPLE is within a rational range.
+  * TXT: Eliminate use of an uninitialized-value in GetColorTuple().
+  * XML: Improve detection of if the deprecated HTTP and FTP protocols
+    are supported by libxml2.
+  
+  New Features:
+  * Add support for reading the pre-rendered image from the Open Raster
+    ("ORA") format. Actual rendering of Open Raster is not supported.
+  * Add support for Dune HD AAI Image (aka Auburn Animation Image) image
+    format ("AAI").
+  * Add support for a --version option, which produces GNU style summary
+    version output.
+  * Identify output now indicates if the image is opaque.
+  * WebP: Add support for '-define webp:exact=true' to preserve exact
+    RGB values under transparent areas while writing WebP format.
+    Enable this automatically when lossless is enabled.  If lossless is
+    enabled, this option may be used to disable exact mode.
+  * PerlMagick: Add AccessDefinition(), AddDefinition(),
+    AddDefinitions(), and RemoveDefinitions() methods to supporting
+    adding, updating, removing definitions.
+  
+  API Updates:
+  * Magick++/STL.h: The deprecated std::unary_function is no longer used
+    given C++'11 or later. Continued use of it caused too many issues
+    due to an abundance of warnings.
+  * Wand API PixelSetQuantumColor(): The color argument is now a const
+    pointer.
+  
+  Behavior Changes:
+  * The graphical progress indication in the X11 sub-apps 'animate' and
+    'display' is disabled due to discovering a tremendous performance
+    impact while rendering text under Ubuntu 22.04 LTS.  The underlying
+    cause of the performance impact is not yet known.  A text-based
+    progress output to the program's console is available via
+    `-monitor`.
+  * MagickMaxFileSystemBlockSize: Place an arbitrary limit (4,194,304
+    bytes) on maximum filesystem block size.
+- modified patches
+  % GraphicsMagick-disable-insecure-coders.patch (refreshed)
+
 -------------------------------------------------------------------
 Mon Mar 25 12:40:12 UTC 2024 - pgajdos@suse.com
 

GraphicsMagick.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package GraphicsMagick
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
 %define pp_so_ver       12
 %define wand_so_ver     2
 Name:           GraphicsMagick
-Version:        1.3.43
+Version:        1.3.46
 Release:        0
 Summary:        Viewer and Converter for Images
 License:        MIT
@@ -57,6 +57,7 @@ BuildRequires:  pkgconfig(zlib)
 %if 0%{?suse_version} > 1500
 BuildRequires:  pkgconfig(libjxl)
 %endif
+Recommends:     xorg-x11-fonts-legacy
 
 %description
 GraphicsMagick provides an image manipulation and translation
@@ -275,6 +276,9 @@ export MAGICK_CONFIGURE_PATH=$PWD/config
 cd PerlMagick
 # bsc#1105592
 rm -r t/ps
+# manually run tests:
+# export PERL5LIB="$(pwd)/blib/lib:$(pwd)/blib/arch/auto/Graphics/Magick:$(pwd)"
+# perl t/write.t
 %make_build test
 
 %post -n libGraphicsMagick-Q%{quant}-%{so_ver} -p /sbin/ldconfig