diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000000000000000000000000000000000..f087b429e2f81a9f37b28a8308e2210f84df6c9b --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.tar.gz filter=lfs diff=lfs merge=lfs -text diff --git a/.lfsconfig b/.lfsconfig new file mode 100644 index 0000000000000000000000000000000000000000..a4ef267ce8a776277967ce3c6a39f94f34e3bb73 --- /dev/null +++ b/.lfsconfig @@ -0,0 +1,2 @@ +[lfs] + url = https://artlfs.openeuler.openatom.cn/src-openEuler/ImageMagick diff --git a/7.1.1-8.tar.gz b/7.1.1-8.tar.gz deleted file mode 100644 index d4543d5c320cb077b892d0b3c9db7c5803f598db..0000000000000000000000000000000000000000 Binary files a/7.1.1-8.tar.gz and /dev/null differ diff --git a/CVE-2023-34151.patch b/CVE-2023-34151.patch deleted file mode 100644 index 902d5cde13b9f89ed31e6c2f6ac5194bf331f88c..0000000000000000000000000000000000000000 --- a/CVE-2023-34151.patch +++ /dev/null @@ -1,281 +0,0 @@ -From 3d6d98d8a2be30d74172ab43b5b8e874d2deb158 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Wed, 17 May 2023 21:06:15 -0400 -Subject: [PATCH] properly cast double to size_t - (https://github.com/ImageMagick/ImageMagick/issues/6341) - -Link: https://github.com/ImageMagick/ImageMagick/commit/3d6d98d8a2be30d74172ab43b5b8e874d2deb158 - ---- - MagickCore/annotate.c | 4 ++-- - MagickCore/draw.c | 2 +- - MagickCore/geometry.c | 6 +++--- - MagickCore/shear.c | 6 +++--- - MagickCore/visual-effects.c | 4 ++-- - coders/caption.c | 10 +++++----- - coders/label.c | 10 +++++----- - coders/pcl.c | 4 ++-- - coders/pdf.c | 4 ++-- - coders/ps.c | 4 ++-- - coders/ps2.c | 4 ++-- - coders/ps3.c | 4 ++-- - coders/svg.c | 4 ++-- - 13 files changed, 33 insertions(+), 33 deletions(-) - -diff --git a/MagickCore/annotate.c b/MagickCore/annotate.c -index bd2da50f36..b635d36bfb 100644 ---- a/MagickCore/annotate.c -+++ b/MagickCore/annotate.c -@@ -341,7 +341,7 @@ MagickExport MagickBooleanType AnnotateImage(Image *image, - (void) CloneString(&annotate->text,textlist[i]); - if ((metrics.width == 0) || (annotate->gravity != NorthWestGravity)) - (void) GetTypeMetrics(image,annotate,&metrics,exception); -- height=(size_t) floor(metrics.ascent-metrics.descent+0.5); -+ height=CastDoubleToUnsigned(metrics.ascent-metrics.descent+0.5); - if (height == 0) - height=draw_info->pointsize; - height+=(size_t) floor(draw_info->interline_spacing+0.5); -@@ -673,7 +673,7 @@ MagickExport ssize_t FormatMagickCaption(Image *image,DrawInfo *draw_info, - status=GetTypeMetrics(image,draw_info,metrics,exception); - if (status == MagickFalse) - break; -- width=(size_t) floor(metrics->width+draw_info->stroke_width+0.5); -+ width=CastDoubleToUnsigned(metrics->width+draw_info->stroke_width+0.5); - if (width <= image->columns) - continue; - if (s != (char *) NULL) -diff --git a/MagickCore/draw.c b/MagickCore/draw.c -index 3d46ba2cb3..d88729d9da 100644 ---- a/MagickCore/draw.c -+++ b/MagickCore/draw.c -@@ -3515,7 +3515,7 @@ static MagickBooleanType RenderMVGContent(Image *image, - (void) GetNextToken(q,&q,extent,token); - if (*token == ',') - (void) GetNextToken(q,&q,extent,token); -- region.height=(size_t) floor(GetDrawValue(token,&next_token)+ -+ region.height=CastDoubleToUnsigned(GetDrawValue(token,&next_token)+ - 0.5); - if (token == next_token) - ThrowPointExpectedException(token,exception); -diff --git a/MagickCore/geometry.c b/MagickCore/geometry.c -index 977183b576..4d201f36d6 100644 ---- a/MagickCore/geometry.c -+++ b/MagickCore/geometry.c -@@ -1515,8 +1515,8 @@ MagickExport MagickStatusType ParseMetaGeometry(const char *geometry,ssize_t *x, - scale.y=geometry_info.sigma; - if ((percent_flags & SigmaValue) == 0) - scale.y=scale.x; -- *width=(size_t) floor(scale.x*stasis_width/100.0+0.5); -- *height=(size_t) floor(scale.y*stasis_height/100.0+0.5); -+ *width=CastDoubleToUnsigned(scale.x*stasis_width/100.0+0.5); -+ *height=CastDoubleToUnsigned(scale.y*stasis_height/100.0+0.5); - stasis_width=(*width); - stasis_height=(*height); - } -@@ -1536,7 +1536,7 @@ MagickExport MagickStatusType ParseMetaGeometry(const char *geometry,ssize_t *x, - if (geometry_ratio >= image_ratio) - { - *width=stasis_width; -- *height=(size_t) floor((double) (PerceptibleReciprocal( -+ *height=CastDoubleToUnsigned((double) (PerceptibleReciprocal( - geometry_ratio)*stasis_height*image_ratio)+0.5); - } - else -diff --git a/MagickCore/shear.c b/MagickCore/shear.c -index 5cfa7be965..04e785ea6c 100644 ---- a/MagickCore/shear.c -+++ b/MagickCore/shear.c -@@ -1768,9 +1768,9 @@ MagickExport Image *ShearRotateImage(const Image *image,const double degrees, - */ - width=integral_image->columns; - height=integral_image->rows; -- bounds.width=(size_t) floor(fabs((double) height*shear.x)+width+0.5); -- bounds.height=(size_t) floor(fabs((double) bounds.width*shear.y)+height+0.5); -- shear_width=(size_t) floor(fabs((double) bounds.height*shear.x)+ -+ bounds.width=CastDoubleToUnsigned(fabs((double) height*shear.x)+width+0.5); -+ bounds.height=CastDoubleToUnsigned(fabs((double) bounds.width*shear.y)+height+0.5); -+ shear_width=CastDoubleToUnsigned(fabs((double) bounds.height*shear.x)+ - bounds.width+0.5); - bounds.x=CastDoubleToLong(floor((double) ((shear_width > bounds.width) ? - width : bounds.width-shear_width+2)/2.0+0.5)); -diff --git a/MagickCore/visual-effects.c b/MagickCore/visual-effects.c -index 80024212e8..5257865ee3 100644 ---- a/MagickCore/visual-effects.c -+++ b/MagickCore/visual-effects.c -@@ -2060,8 +2060,8 @@ MagickExport Image *ShadowImage(const Image *image,const double alpha, - (void) SetImageColorspace(clone_image,sRGBColorspace,exception); - (void) SetImageVirtualPixelMethod(clone_image,EdgeVirtualPixelMethod, - exception); -- border_info.width=(size_t) floor(2.0*sigma+0.5); -- border_info.height=(size_t) floor(2.0*sigma+0.5); -+ border_info.width=CastDoubleToUnsigned(2.0*sigma+0.5); -+ border_info.height=CastDoubleToUnsigned(2.0*sigma+0.5); - border_info.x=0; - border_info.y=0; - (void) QueryColorCompliance("none",AllCompliance,&clone_image->border_color, -diff --git a/coders/caption.c b/coders/caption.c -index 81aeb15830..35f551b31d 100644 ---- a/coders/caption.c -+++ b/coders/caption.c -@@ -169,7 +169,7 @@ static Image *ReadCAPTIONImage(const ImageInfo *image_info, - return(DestroyImageList(image)); - (void) SetImageProperty(image,"caption",caption,exception); - draw_info=CloneDrawInfo(image_info,(DrawInfo *) NULL); -- width=(size_t) floor(0.5*draw_info->pointsize*strlen(caption)+0.5); -+ width=CastDoubleToUnsigned(0.5*draw_info->pointsize*strlen(caption)+0.5); - if (AcquireMagickResource(WidthResource,width) == MagickFalse) - { - caption=DestroyString(caption); -@@ -277,8 +277,8 @@ static Image *ReadCAPTIONImage(const ImageInfo *image_info, - if (status == MagickFalse) - break; - AdjustTypeMetricBounds(&metrics); -- width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5); -- height=(size_t) floor(metrics.height-metrics.underline_position+ -+ width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5); -+ height=CastDoubleToUnsigned(metrics.height-metrics.underline_position+ - draw_info->interline_spacing+draw_info->stroke_width+0.5); - if ((image->columns != 0) && (image->rows != 0)) - { -@@ -310,8 +310,8 @@ static Image *ReadCAPTIONImage(const ImageInfo *image_info, - if (status == MagickFalse) - break; - AdjustTypeMetricBounds(&metrics); -- width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5); -- height=(size_t) floor(metrics.height-metrics.underline_position+ -+ width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5); -+ height=CastDoubleToUnsigned(metrics.height-metrics.underline_position+ - draw_info->interline_spacing+draw_info->stroke_width+0.5); - if ((image->columns != 0) && (image->rows != 0)) - { -diff --git a/coders/label.c b/coders/label.c -index 1ec2508f60..5d08035a25 100644 ---- a/coders/label.c -+++ b/coders/label.c -@@ -151,7 +151,7 @@ static Image *ReadLABELImage(const ImageInfo *image_info, - return(DestroyImageList(image)); - (void) SetImageProperty(image,"label",label,exception); - draw_info=CloneDrawInfo(image_info,(DrawInfo *) NULL); -- width=(size_t) floor(0.5*draw_info->pointsize*strlen(label)+0.5); -+ width=CastDoubleToUnsigned(0.5*draw_info->pointsize*strlen(label)+0.5); - if (AcquireMagickResource(WidthResource,width) == MagickFalse) - { - label=DestroyString(label); -@@ -214,8 +214,8 @@ static Image *ReadLABELImage(const ImageInfo *image_info, - if (status == MagickFalse) - break; - AdjustTypeMetricBounds(&metrics); -- width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5); -- height=(size_t) floor(metrics.height-metrics.underline_position+ -+ width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5); -+ height=CastDoubleToUnsigned(metrics.height-metrics.underline_position+ - draw_info->stroke_width+0.5); - if ((image->columns != 0) && (image->rows != 0)) - { -@@ -249,8 +249,8 @@ static Image *ReadLABELImage(const ImageInfo *image_info, - if (status == MagickFalse) - break; - AdjustTypeMetricBounds(&metrics); -- width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5); -- height=(size_t) floor(metrics.height-metrics.underline_position+ -+ width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5); -+ height=CastDoubleToUnsigned(metrics.height-metrics.underline_position+ - draw_info->stroke_width+0.5); - if ((image->columns != 0) && (image->rows != 0)) - { -diff --git a/coders/pcl.c b/coders/pcl.c -index b5f6818bd3..0dae2772fa 100644 ---- a/coders/pcl.c -+++ b/coders/pcl.c -@@ -334,8 +334,8 @@ static Image *ReadPCLImage(const ImageInfo *image_info,ExceptionInfo *exception) - image->resolution.x,image->resolution.y); - if (image_info->ping != MagickFalse) - (void) FormatLocaleString(density,MagickPathExtent,"2.0x2.0"); -- page.width=(size_t) floor(page.width*image->resolution.x/delta.x+0.5); -- page.height=(size_t) floor(page.height*image->resolution.y/delta.y+0.5); -+ page.width=CastDoubleToUnsigned(page.width*image->resolution.x/delta.x+0.5); -+ page.height=CastDoubleToUnsigned(page.height*image->resolution.y/delta.y+0.5); - (void) FormatLocaleString(options,MagickPathExtent,"-g%.20gx%.20g ",(double) - page.width,(double) page.height); - image=DestroyImage(image); -diff --git a/coders/pdf.c b/coders/pdf.c -index 2cf36bf1e9..5ba15aee2f 100644 ---- a/coders/pdf.c -+++ b/coders/pdf.c -@@ -1867,9 +1867,9 @@ static MagickBooleanType WritePDFImage(const ImageInfo *image_info,Image *image, - (void) ParseMetaGeometry(temp,&geometry.x,&geometry.y, - &geometry.width,&geometry.height); - scale.x=(double) (geometry.width*delta.x)/resolution.x; -- geometry.width=(size_t) floor(scale.x+0.5); -+ geometry.width=CastDoubleToUnsigned(scale.x+0.5); - scale.y=(double) (geometry.height*delta.y)/resolution.y; -- geometry.height=(size_t) floor(scale.y+0.5); -+ geometry.height=CastDoubleToUnsigned(scale.y+0.5); - (void) ParseAbsoluteGeometry(temp,&media_info); - (void) ParseGravityGeometry(image,temp,&page_info,exception); - if (image->gravity != UndefinedGravity) -diff --git a/coders/ps.c b/coders/ps.c -index ce2bb91765..47e48f1f38 100644 ---- a/coders/ps.c -+++ b/coders/ps.c -@@ -1527,9 +1527,9 @@ static MagickBooleanType WritePSImage(const ImageInfo *image_info,Image *image, - (void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y, - &geometry.width,&geometry.height); - scale.x=PerceptibleReciprocal(resolution.x)*geometry.width*delta.x; -- geometry.width=(size_t) floor(scale.x+0.5); -+ geometry.width=CastDoubleToUnsigned(scale.x+0.5); - scale.y=PerceptibleReciprocal(resolution.y)*geometry.height*delta.y; -- geometry.height=(size_t) floor(scale.y+0.5); -+ geometry.height=CastDoubleToUnsigned(scale.y+0.5); - (void) ParseAbsoluteGeometry(page_geometry,&media_info); - (void) ParseGravityGeometry(image,page_geometry,&page_info,exception); - if (image->gravity != UndefinedGravity) -diff --git a/coders/ps2.c b/coders/ps2.c -index 766874dc02..eb2d7cbda2 100644 ---- a/coders/ps2.c -+++ b/coders/ps2.c -@@ -533,9 +533,9 @@ static MagickBooleanType WritePS2Image(const ImageInfo *image_info,Image *image, - (void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y, - &geometry.width,&geometry.height); - scale.x=PerceptibleReciprocal(resolution.x)*geometry.width*delta.x; -- geometry.width=(size_t) floor(scale.x+0.5); -+ geometry.width=CastDoubleToUnsigned(scale.x+0.5); - scale.y=PerceptibleReciprocal(resolution.y)*geometry.height*delta.y; -- geometry.height=(size_t) floor(scale.y+0.5); -+ geometry.height=CastDoubleToUnsigned(scale.y+0.5); - (void) ParseAbsoluteGeometry(page_geometry,&media_info); - (void) ParseGravityGeometry(image,page_geometry,&page_info,exception); - if (image->gravity != UndefinedGravity) -diff --git a/coders/ps3.c b/coders/ps3.c -index b75787bd02..fd547fff41 100644 ---- a/coders/ps3.c -+++ b/coders/ps3.c -@@ -985,9 +985,9 @@ static MagickBooleanType WritePS3Image(const ImageInfo *image_info,Image *image, - (void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y, - &geometry.width,&geometry.height); - scale.x=PerceptibleReciprocal(resolution.x)*geometry.width*delta.x; -- geometry.width=(size_t) floor(scale.x+0.5); -+ geometry.width=CastDoubleToUnsigned(scale.x+0.5); - scale.y=PerceptibleReciprocal(resolution.y)*geometry.height*delta.y; -- geometry.height=(size_t) floor(scale.y+0.5); -+ geometry.height=CastDoubleToUnsigned(scale.y+0.5); - (void) ParseAbsoluteGeometry(page_geometry,&media_info); - (void) ParseGravityGeometry(image,page_geometry,&page_info,exception); - if (image->gravity != UndefinedGravity) -diff --git a/coders/svg.c b/coders/svg.c -index 5a1e61c76a..1155133390 100644 ---- a/coders/svg.c -+++ b/coders/svg.c -@@ -2826,10 +2826,10 @@ static void SVGStartElement(void *context,const xmlChar *name, - svg_info->view_box=svg_info->bounds; - svg_info->width=0; - if (svg_info->bounds.width >= MagickEpsilon) -- svg_info->width=(size_t) floor(svg_info->bounds.width+0.5); -+ svg_info->width=CastDoubleToUnsigned(svg_info->bounds.width+0.5); - svg_info->height=0; - if (svg_info->bounds.height >= MagickEpsilon) -- svg_info->height=(size_t) floor(svg_info->bounds.height+0.5); -+ svg_info->height=CastDoubleToUnsigned(svg_info->bounds.height+0.5); - (void) FormatLocaleFile(svg_info->file,"viewbox 0 0 %.20g %.20g\n", - (double) svg_info->width,(double) svg_info->height); - sx=PerceptibleReciprocal(svg_info->view_box.width)*svg_info->width; diff --git a/CVE-2023-34153.patch b/CVE-2023-34153.patch deleted file mode 100644 index f13101d832af95cb1907b7fbbf17de08329692e3..0000000000000000000000000000000000000000 --- a/CVE-2023-34153.patch +++ /dev/null @@ -1,138 +0,0 @@ -From d31c80d15a2c82fc1dd8e889e0f97b0219079a57 Mon Sep 17 00:00:00 2001 -From: Dirk Lemstra -Date: Wed, 17 May 2023 23:33:30 +0200 -Subject: [PATCH] Make sure options are properly quoted to resolve the issue - reported in #6338. - -Link: https://github.com/ImageMagick/ImageMagick/commit/d31c80d15a2c82fc1dd8e889e0f97b0219079a57 - ---- - MagickCore/delegate-private.h | 19 +++++++++++++++++++ - coders/pdf.c | 14 +++----------- - coders/video.c | 24 ++++++++---------------- - 3 files changed, 30 insertions(+), 27 deletions(-) - -diff --git a/MagickCore/delegate-private.h b/MagickCore/delegate-private.h -index 2851316dd6..2d9a8d42ac 100644 ---- a/MagickCore/delegate-private.h -+++ b/MagickCore/delegate-private.h -@@ -18,6 +18,7 @@ - #ifndef MAGICKCORE_DELEGATE_PRIVATE_H - #define MAGICKCORE_DELEGATE_PRIVATE_H - -+#include "MagickCore/locale_.h" - #include "MagickCore/string_.h" - - #if defined(MAGICKCORE_GS_DELEGATE) -@@ -110,6 +111,24 @@ static inline char *SanitizeDelegateString(const char *source) - return(sanitize_source); - } - -+static inline void FormatSanitizedDelegateOption(char *string, -+ const size_t length,const char *windows_format, -+ const char *non_windows_format,const char *option) -+{ -+ char -+ *sanitized_option; -+ -+ sanitized_option=SanitizeDelegateString(option); -+#if defined(MAGICKCORE_WINDOWS_SUPPORT) -+ magick_unreferenced(non_windows_format); -+ (void) FormatLocaleString(string,length,windows_format,sanitized_option); -+#else -+ magick_unreferenced(windows_format); -+ (void) FormatLocaleString(string,length,non_windows_format,sanitized_option); -+#endif -+ sanitized_option=DestroyString(sanitized_option); -+} -+ - extern MagickPrivate MagickBooleanType - DelegateComponentGenesis(void); - -diff --git a/coders/pdf.c b/coders/pdf.c -index 926661e023..2cf36bf1e9 100644 ---- a/coders/pdf.c -+++ b/coders/pdf.c -@@ -625,18 +625,10 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception) - if (option != (char *) NULL) - { - char -- passphrase[MagickPathExtent], -- *sanitize_passphrase; -+ passphrase[MagickPathExtent]; - -- sanitize_passphrase=SanitizeDelegateString(option); --#if defined(MAGICKCORE_WINDOWS_SUPPORT) -- (void) FormatLocaleString(passphrase,MagickPathExtent, -- "\"-sPDFPassword=%s\" ",sanitize_passphrase); --#else -- (void) FormatLocaleString(passphrase,MagickPathExtent, -- "-sPDFPassword='%s' ",sanitize_passphrase); --#endif -- sanitize_passphrase=DestroyString(sanitize_passphrase); -+ FormatSanitizedDelegateOption(passphrase,MagickPathExtent, -+ "\"-sPDFPassword=%s\" ","-sPDFPassword='%s' ",option); - (void) ConcatenateMagickString(options,passphrase,MagickPathExtent); - } - read_info=CloneImageInfo(image_info); -diff --git a/coders/video.c b/coders/video.c -index e7cfcc0d72..ab546448b2 100644 ---- a/coders/video.c -+++ b/coders/video.c -@@ -217,8 +217,7 @@ static Image *ReadVIDEOImage(const ImageInfo *image_info, - message[MagickPathExtent]; - - char -- *options, -- *sanitized_option; -+ *options; - - const char - *intermediate_format, -@@ -234,19 +233,15 @@ static Image *ReadVIDEOImage(const ImageInfo *image_info, - option=GetImageOption(image_info,"video:vsync"); - if (option != (const char *) NULL) - { -- sanitized_option=SanitizeDelegateString(option); -- (void) FormatLocaleString(command,MagickPathExtent," -vsync %s", -- sanitized_option); -- DestroyString(sanitized_option); -+ FormatSanitizedDelegateOption(command,MagickPathExtent, -+ " -vsync \"%s\""," -vsync '%s'",option); - (void) ConcatenateMagickString(options,command,MagickPathExtent); - } - option=GetImageOption(image_info,"video:pixel-format"); - if (option != (const char *) NULL) - { -- sanitized_option=SanitizeDelegateString(option); -- (void) FormatLocaleString(command,MagickPathExtent," -pix_fmt %s", -- sanitized_option); -- DestroyString(sanitized_option); -+ FormatSanitizedDelegateOption(command,MagickPathExtent, -+ " -pix_fmt \"%s\""," -pix_fmt '%s'",option); - (void) ConcatenateMagickString(options,command,MagickPathExtent); - } - else -@@ -685,8 +680,7 @@ static MagickBooleanType WriteVIDEOImage(const ImageInfo *image_info, - message[MagickPathExtent]; - - char -- *options, -- *sanitized_option; -+ *options; - - const char - *option; -@@ -700,10 +694,8 @@ static MagickBooleanType WriteVIDEOImage(const ImageInfo *image_info, - option=GetImageOption(image_info,"video:pixel-format"); - if (option != (const char *) NULL) - { -- sanitized_option=SanitizeDelegateString(option); -- (void) FormatLocaleString(command,MagickPathExtent," -pix_fmt %s", -- sanitized_option); -- DestroyString(sanitized_option); -+ FormatSanitizedDelegateOption(command,MagickPathExtent, -+ " -pix_fmt \"%s\""," -pix_fmt '%s'",option); - (void) ConcatenateMagickString(options,command,MagickPathExtent); - } - AcquireUniqueFilename(write_info->unique); diff --git a/CVE-2023-3428.patch b/CVE-2023-3428.patch deleted file mode 100644 index 4b406fbf332fdf4f95b6328d635f5329390d7d40..0000000000000000000000000000000000000000 --- a/CVE-2023-3428.patch +++ /dev/null @@ -1,25 +0,0 @@ -From a531d28e31309676ce8168c3b6dbbb5374b78790 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Mon, 26 Jun 2023 19:38:12 -0400 -Subject: [PATCH] heap-buffer-overflow in ImageMagick <= 7.1.1-12, contributed - by Hardik shah of Vehere (Dawn Treaders team) - -Origin: https://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790 - ---- - coders/tiff.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/coders/tiff.c b/coders/tiff.c -index 9e0d0b1201..df4274cacd 100644 ---- a/coders/tiff.c -+++ b/coders/tiff.c -@@ -2010,7 +2010,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info, - number_pixels=(MagickSizeType) columns*rows; - if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse) - ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed"); -- extent=4*(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff), -+ extent=4*(samples_per_pixel+1)*MagickMax((rows+1)*TIFFTileRowSize(tiff), - TIFFTileSize(tiff)); - tile_pixels=(unsigned char *) AcquireQuantumMemory(extent, - sizeof(*tile_pixels)); diff --git a/CVE-2023-34474-and-CVE-2023-34475.patch b/CVE-2023-34474-and-CVE-2023-34475.patch deleted file mode 100644 index 6f811bc929f7deb705fdfa8f9045b44d2c924783..0000000000000000000000000000000000000000 --- a/CVE-2023-34474-and-CVE-2023-34475.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 1061db7f80fdc9ef572ac60b55f408f7bab6e1b0 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Mon, 15 May 2023 14:22:11 -0400 -Subject: [PATCH] carefully crafted image files (TIM2, JPEG) no longer overflow - buffer nor use heap after free (thanks to Juzhi Lu, Zhen Zhou, Likang Luo of - NSFOCUS Security Team) - -Origin: https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0 - ---- - MagickCore/profile.c | 5 +++-- - coders/tim2.c | 4 +++- - 2 files changed, 6 insertions(+), 3 deletions(-) - -diff --git a/MagickCore/profile.c b/MagickCore/profile.c -index 57909092d2..382583a524 100644 ---- a/MagickCore/profile.c -+++ b/MagickCore/profile.c -@@ -2458,11 +2458,12 @@ static void ReplaceXmpValue(StringInfo *profile,size_t start,size_t end, - if (new_length > length) - SetStringInfoLength(profile,new_length); - datum=(char *) GetStringInfoDatum(profile); -- memmove(datum+start+value_length,datum+end,length-end); -- memcpy(datum+start,value,value_length); -+ (void) memmove(datum+start+value_length,datum+end,length-end); -+ (void) memcpy(datum+start,value,value_length); - if (new_length < length) - { - SetStringInfoLength(profile,new_length); -+ datum=(char *) GetStringInfoDatum(profile); - *(datum+new_length)='\0'; - } - } -diff --git a/coders/tim2.c b/coders/tim2.c -index 0445985dcc..d30afaf05d 100644 ---- a/coders/tim2.c -+++ b/coders/tim2.c -@@ -517,10 +517,12 @@ static MagickBooleanType ReadTIM2ImageData(const ImageInfo *image_info, - /* - * ### Read CLUT Data ### - */ -- clut_data=(unsigned char *) AcquireQuantumMemory(1,header->clut_size); -+ clut_data=(unsigned char *) AcquireQuantumMemory(2, -+ MagickMax(header->clut_size,image->colors)); - if (clut_data == (unsigned char *) NULL) - ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed", - image_info->filename); -+ (void) memset(clut_data,0,2*MagickMax(header->clut_size,image->colors)); - count=ReadBlob(image,header->clut_size,clut_data); - if (count != (ssize_t) (header->clut_size)) - { diff --git a/CVE-2023-5341.patch b/CVE-2023-5341.patch deleted file mode 100644 index 5ab101d84153fd6e5380ad0a540bfccec17a63e4..0000000000000000000000000000000000000000 --- a/CVE-2023-5341.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 97b99a741321c9a89491ebb6dab66d1215413595 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sat, 7 Oct 2023 10:22:57 +0800 -Subject: [PATCH] check for BMP file size, poc provided by Hardik Shah of - Vehere (Dawn Treaders team) - ---- - coders/bmp.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/coders/bmp.c b/coders/bmp.c -index 8ff76bb..bb9ce2f 100644 ---- a/coders/bmp.c -+++ b/coders/bmp.c -@@ -629,6 +629,9 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception) - " BMP header size: %u",bmp_info.size); - if (bmp_info.size > 124) - ThrowReaderException(CorruptImageError,"ImproperImageHeader"); -+ if ((bmp_info.file_size != 0) && -+ ((MagickSizeType) bmp_info.file_size > GetBlobSize(image))) -+ ThrowReaderException(CorruptImageError,"ImproperImageHeader"); - if (bmp_info.offset_bits < bmp_info.size) - ThrowReaderException(CorruptImageError,"ImproperImageHeader"); - bmp_info.offset_bits=MagickMax(14+bmp_info.size,bmp_info.offset_bits); --- -2.27.0 - diff --git a/CVE-2025-43965.patch b/CVE-2025-43965.patch deleted file mode 100644 index 790476847a245d49c985ca287ead955ef18994a2..0000000000000000000000000000000000000000 --- a/CVE-2025-43965.patch +++ /dev/null @@ -1,22 +0,0 @@ -From bac413a26073923d3ffb258adaab07fb3fe8fdc9 Mon Sep 17 00:00:00 2001 -From: Dirk Lemstra -Date: Sat, 8 Feb 2025 23:31:39 +0100 -Subject: [PATCH] Update the image depth after this has been changed by - SetQuantumFormat. - ---- - coders/miff.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/coders/miff.c b/coders/miff.c -index 66f8d3850bf..77e92500679 100644 ---- a/coders/miff.c -+++ b/coders/miff.c -@@ -1335,6 +1335,7 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, - if (quantum_format != UndefinedQuantumFormat) - { - status=SetQuantumFormat(image,quantum_info,quantum_format); -+ image->depth=quantum_info->depth; - if (status == MagickFalse) - ThrowMIFFException(ResourceLimitError,"MemoryAllocationFailed"); - } diff --git a/CVE-2025-46393.patch b/CVE-2025-46393.patch deleted file mode 100644 index acdcb8bc273ad10585eeff7fd78a10626ca3fd5a..0000000000000000000000000000000000000000 --- a/CVE-2025-46393.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 81ac8a0d2eb21739842ed18c48c7646b7eef65b8 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Fri, 7 Feb 2025 20:57:15 -0500 -Subject: [PATCH] multispectral MIFF images renders all channels in arbitrary - order - ---- - coders/miff.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/coders/miff.c b/coders/miff.c -index 355455bc50e..398f66d0b66 100644 ---- a/coders/miff.c -+++ b/coders/miff.c -@@ -1347,10 +1347,10 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, - packet_size+=image->depth/8; - if (image->colorspace == CMYKColorspace) - packet_size+=image->depth/8; -+ if (image->number_meta_channels != 0) -+ packet_size=GetImageChannels(image)*image->depth/8; - if (image->compression == RLECompression) - packet_size++; -- if (image->number_meta_channels != 0) -- packet_size+=image->number_meta_channels*image->depth/8; - compress_extent=MagickMax(MagickMax(BZipMaxExtent(packet_size* - image->columns),LZMAMaxExtent(packet_size*image->columns)), - ZipMaxExtent(packet_size*image->columns)); -@@ -2171,7 +2171,7 @@ static MagickBooleanType WriteMIFFImage(const ImageInfo *image_info, - if (compression == RLECompression) - packet_size++; - if (image->number_meta_channels != 0) -- packet_size+=image->number_meta_channels*image->depth/8; -+ packet_size=GetImageChannels(image)*image->depth/8; - length=MagickMax(BZipMaxExtent(packet_size*image->columns),ZipMaxExtent( - packet_size*image->columns)); - if ((compression == BZipCompression) || (compression == ZipCompression)) diff --git a/CVE-2025-53014.patch b/CVE-2025-53014.patch deleted file mode 100644 index 6af6308a11d9fc85d27572385e429ef3cf4619b7..0000000000000000000000000000000000000000 --- a/CVE-2025-53014.patch +++ /dev/null @@ -1,25 +0,0 @@ -From: Dirk Lemstra -Date: Thu, 26 Jun 2025 23:01:07 +0200 -Subject: Correct out of bounds read of a single byte. - -origin: https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03 -bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f -bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2025-53014 -bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339 ---- - MagickCore/image.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/MagickCore/image.c b/MagickCore/image.c -index 261d750..1b242f8 100644 ---- a/MagickCore/image.c -+++ b/MagickCore/image.c -@@ -1678,7 +1678,7 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info, - q=(char *) p+1; - if (*q == '%') - { -- p=q+1; -+ p++; - continue; - } - field_width=0; diff --git a/CVE-2025-53015_1-pre.patch b/CVE-2025-53015_1-pre.patch deleted file mode 100644 index e29a266ca80c0ba755219cd8ea69a213b123b542..0000000000000000000000000000000000000000 --- a/CVE-2025-53015_1-pre.patch +++ /dev/null @@ -1,194 +0,0 @@ -From 3e4f327d44acc41538b86c1386048d8e489d9c7c Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sat, 5 Aug 2023 22:52:40 -0400 -Subject: [PATCH] eliminate compiler warnings - -Origin: https://github.com/ImageMagick/ImageMagick/commit/3e4f327d44acc41538b86c1386048d8e489d9c7c - ---- - MagickCore/cache.c | 52 ++++++++++++++++++++------------------ - MagickCore/image-private.h | 2 +- - 2 files changed, 29 insertions(+), 25 deletions(-) - -diff --git a/MagickCore/cache.c b/MagickCore/cache.c -index c0adc66389e..4dccc1dcf88 100644 ---- a/MagickCore/cache.c -+++ b/MagickCore/cache.c -@@ -650,7 +650,7 @@ static MagickBooleanType ClonePixelCacheOnDisk( - number_bytes=write(clone_info->file,buffer,(size_t) count); - if (number_bytes != count) - break; -- extent+=number_bytes; -+ extent+=(size_t) number_bytes; - } - buffer=(unsigned char *) RelinquishMagickMemory(buffer); - if (extent != cache_info->length) -@@ -2789,14 +2789,14 @@ MagickPrivate const Quantum *GetVirtualPixelCacheNexus(const Image *image, - if (pixels == (Quantum *) NULL) - return((const Quantum *) NULL); - q=pixels; -- offset=(MagickOffsetType) nexus_info->region.y*cache_info->columns+ -+ offset=nexus_info->region.y*(MagickOffsetType) cache_info->columns+ - nexus_info->region.x; - length=(MagickSizeType) (nexus_info->region.height-1L)*cache_info->columns+ - nexus_info->region.width-1L; - number_pixels=(MagickSizeType) cache_info->columns*cache_info->rows; - if ((offset >= 0) && (((MagickSizeType) offset+length) < number_pixels)) -- if ((x >= 0) && ((ssize_t) (x+columns-1) < (ssize_t) cache_info->columns) && -- (y >= 0) && ((ssize_t) (y+rows-1) < (ssize_t) cache_info->rows)) -+ if ((x >= 0) && ((x+(ssize_t) columns-1) < (ssize_t) cache_info->columns) && -+ (y >= 0) && ((y+(ssize_t) rows-1) < (ssize_t) cache_info->rows)) - { - MagickBooleanType - status; -@@ -2914,13 +2914,14 @@ MagickPrivate const Quantum *GetVirtualPixelCacheNexus(const Image *image, - if ((virtual_pixel_method == EdgeVirtualPixelMethod) || - (virtual_pixel_method == UndefinedVirtualPixelMethod)) - y_offset=EdgeY(y_offset,cache_info->rows); -- for (u=0; u < (ssize_t) columns; u+=length) -+ for (u=0; u < (ssize_t) columns; u+=(ssize_t) length) - { - ssize_t - x_offset; - - x_offset=x+u; -- length=(MagickSizeType) MagickMin(cache_info->columns-x_offset,columns-u); -+ length=(MagickSizeType) MagickMin((ssize_t) cache_info->columns- -+ x_offset,(ssize_t) columns-u); - if (((x_offset < 0) || (x_offset >= (ssize_t) cache_info->columns)) || - ((y_offset < 0) || (y_offset >= (ssize_t) cache_info->rows)) || - (length == 0)) -@@ -3568,11 +3569,11 @@ static inline MagickOffsetType WritePixelCacheRegion( - for (i=0; i < (MagickOffsetType) length; i+=count) - { - #if !defined(MAGICKCORE_HAVE_PWRITE) -- count=write(cache_info->file,buffer+i,(size_t) MagickMin(length-i,(size_t) -- MAGICK_SSIZE_MAX)); -+ count=write(cache_info->file,buffer+i,(size_t) MagickMin(length- -+ (MagickSizeType) i,MAGICK_SSIZE_MAX)); - #else -- count=pwrite(cache_info->file,buffer+i,(size_t) MagickMin(length-i,(size_t) -- MAGICK_SSIZE_MAX),offset+i); -+ count=pwrite(cache_info->file,buffer+i,(size_t) MagickMin(length- -+ (MagickSizeType) i,MAGICK_SSIZE_MAX),offset+i); - #endif - if (count <= 0) - { -@@ -4081,7 +4082,8 @@ MagickExport MagickBooleanType PersistPixelCache(Image *image, - cache_info->offset=(*offset); - if (OpenPixelCache(image,ReadMode,exception) == MagickFalse) - return(MagickFalse); -- *offset+=cache_info->length+page_size-(cache_info->length % page_size); -+ *offset=(*offset+(MagickOffsetType) cache_info->length+page_size- -+ ((MagickOffsetType) cache_info->length % page_size)); - return(MagickTrue); - } - /* -@@ -4114,7 +4116,8 @@ MagickExport MagickBooleanType PersistPixelCache(Image *image, - status=OpenPixelCacheOnDisk(clone_info,WriteMode); - if (status != MagickFalse) - status=ClonePixelCacheRepository(clone_info,cache_info,exception); -- *offset+=cache_info->length+page_size-(cache_info->length % page_size); -+ *offset=(*offset+(MagickOffsetType) cache_info->length+page_size- -+ ((MagickOffsetType) cache_info->length % page_size)); - clone_info=(CacheInfo *) DestroyPixelCache(clone_info); - return(status); - } -@@ -4191,11 +4194,12 @@ MagickPrivate Quantum *QueueAuthenticPixelCacheNexus(Image *image, - "PixelsAreNotAuthentic","`%s'",image->filename); - return((Quantum *) NULL); - } -- offset=(MagickOffsetType) y*cache_info->columns+x; -+ offset=y*(MagickOffsetType) cache_info->columns+x; - if (offset < 0) - return((Quantum *) NULL); - number_pixels=(MagickSizeType) cache_info->columns*cache_info->rows; -- offset+=(MagickOffsetType) (rows-1)*cache_info->columns+columns-1; -+ offset+=((MagickOffsetType) rows-1)*(MagickOffsetType) cache_info->columns+ -+ (MagickOffsetType) columns-1; - if ((MagickSizeType) offset >= number_pixels) - return((Quantum *) NULL); - /* -@@ -4398,11 +4402,11 @@ static inline MagickOffsetType ReadPixelCacheRegion( - for (i=0; i < (MagickOffsetType) length; i+=count) - { - #if !defined(MAGICKCORE_HAVE_PREAD) -- count=read(cache_info->file,buffer+i,(size_t) MagickMin(length-i,(size_t) -- MAGICK_SSIZE_MAX)); -+ count=read(cache_info->file,buffer+i,(size_t) MagickMin(length- -+ (MagickSizeType) i,(size_t) MAGICK_SSIZE_MAX)); - #else -- count=pread(cache_info->file,buffer+i,(size_t) MagickMin(length-i,(size_t) -- MAGICK_SSIZE_MAX),offset+i); -+ count=pread(cache_info->file,buffer+i,(size_t) MagickMin(length- -+ (MagickSizeType) i,(size_t) MAGICK_SSIZE_MAX),offset+i); - #endif - if (count <= 0) - { -@@ -4439,7 +4443,7 @@ static MagickBooleanType ReadPixelCacheMetacontent( - return(MagickFalse); - if (nexus_info->authentic_pixel_cache != MagickFalse) - return(MagickTrue); -- offset=(MagickOffsetType) nexus_info->region.y*cache_info->columns+ -+ offset=nexus_info->region.y*(MagickOffsetType) cache_info->columns+ - nexus_info->region.x; - length=(MagickSizeType) nexus_info->region.width* - cache_info->metacontent_extent; -@@ -4464,7 +4468,7 @@ static MagickBooleanType ReadPixelCacheMetacontent( - length=extent; - rows=1UL; - } -- p=(unsigned char *) cache_info->metacontent+offset* -+ p=(unsigned char *) cache_info->metacontent+offset*(MagickOffsetType) - cache_info->metacontent_extent; - for (y=0; y < (ssize_t) rows; y++) - { -@@ -4501,7 +4505,7 @@ static MagickBooleanType ReadPixelCacheMetacontent( - cache_info->metacontent_extent,length,(unsigned char *) q); - if (count != (MagickOffsetType) length) - break; -- offset+=cache_info->columns; -+ offset+=(MagickOffsetType) cache_info->columns; - q+=cache_info->metacontent_extent*nexus_info->region.width; - } - if (IsFileDescriptorLimitExceeded() != MagickFalse) -@@ -4675,7 +4679,7 @@ static MagickBooleanType ReadPixelCachePixels( - cache_info->number_channels*sizeof(*q),length,(unsigned char *) q); - if (count != (MagickOffsetType) length) - break; -- offset+=cache_info->columns; -+ offset+=(MagickOffsetType) cache_info->columns; - q+=cache_info->number_channels*nexus_info->region.width; - } - if (IsFileDescriptorLimitExceeded() != MagickFalse) -@@ -5701,7 +5705,7 @@ static MagickBooleanType WritePixelCacheMetacontent(CacheInfo *cache_info, - if (count != (MagickOffsetType) length) - break; - p+=cache_info->metacontent_extent*nexus_info->region.width; -- offset+=cache_info->columns; -+ offset+=(MagickOffsetType) cache_info->columns; - } - if (IsFileDescriptorLimitExceeded() != MagickFalse) - (void) ClosePixelCacheOnDisk(cache_info); -@@ -5868,7 +5872,7 @@ static MagickBooleanType WritePixelCachePixels( - if (count != (MagickOffsetType) length) - break; - p+=cache_info->number_channels*nexus_info->region.width; -- offset+=cache_info->columns; -+ offset+=(MagickOffsetType) cache_info->columns; - } - if (IsFileDescriptorLimitExceeded() != MagickFalse) - (void) ClosePixelCacheOnDisk(cache_info); -diff --git a/MagickCore/image-private.h b/MagickCore/image-private.h -index c156cf0ee16..8ffcae53688 100644 ---- a/MagickCore/image-private.h -+++ b/MagickCore/image-private.h -@@ -51,7 +51,7 @@ extern "C" { - #define MagickSQ2PI 2.50662827463100024161235523934010416269302368164062 - #define MAGICK_SIZE_MAX (SIZE_MAX) - #define MAGICK_SSIZE_MAX (SSIZE_MAX) --#define MAGICK_SSIZE_MIN (-(SSIZE_MAX)-1) -+#define MAGICK_SSIZE_MIN (-SSIZE_MAX-1) - #define MatteColor "#bdbdbd" /* gray */ - #define MatteColorRGBA ScaleShortToQuantum(0xbdbd),\ - ScaleShortToQuantum(0xbdbd),ScaleShortToQuantum(0xbdbd),OpaqueAlpha diff --git a/CVE-2025-53015_1.patch b/CVE-2025-53015_1.patch deleted file mode 100644 index 9dc5974cbe2a6a80722eb9590e3eaca95498e5e5..0000000000000000000000000000000000000000 --- a/CVE-2025-53015_1.patch +++ /dev/null @@ -1,48 +0,0 @@ -From: Dirk Lemstra -Date: Fri, 2 May 2025 18:33:17 +0200 -Subject: [PATCH] Added extra checks to make sure we don't get stuck in the - while loop. - -origin: https://github.com/ImageMagick/ImageMagick/commit/229fa96a988a21d78318bbca61245a6ed1ee33a0 -bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g -bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2025-53015 -bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339 ---- - MagickCore/image-private.h | 1 + - MagickCore/profile.c | 11 +++++++++++ - 2 files changed, 12 insertions(+) - -diff --git a/MagickCore/image-private.h b/MagickCore/image-private.h -index 4ce71c3..11dca10 100644 ---- a/MagickCore/image-private.h -+++ b/MagickCore/image-private.h -@@ -52,6 +52,7 @@ extern "C" { - #define MAGICK_SIZE_MAX (SIZE_MAX) - #define MAGICK_SSIZE_MAX (SSIZE_MAX) - #define MAGICK_SSIZE_MIN (-SSIZE_MAX-1) -+#define MAGICK_ULONG_MAX (ULONG_MAX) - #define MatteColor "#bdbdbd" /* gray */ - #define MatteColorRGBA ScaleShortToQuantum(0xbdbd),\ - ScaleShortToQuantum(0xbdbd),ScaleShortToQuantum(0xbdbd),OpaqueAlpha -diff --git a/MagickCore/profile.c b/MagickCore/profile.c -index 7eea1d3..85c1801 100644 ---- a/MagickCore/profile.c -+++ b/MagickCore/profile.c -@@ -2571,6 +2571,17 @@ static void GetXmpNumeratorAndDenominator(double value, - *denominator=1; - if (value <= MagickEpsilon) - return; -+ if (value > (double) MAGICK_ULONG_MAX) -+ { -+ *numerator = MAGICK_ULONG_MAX; -+ *denominator = 1; -+ return; -+ } -+ if (floor(value) == value) -+ { -+ *numerator = (unsigned long) value; -+ *denominator = 1; -+ } - *numerator=1; - df=1.0; - while(fabs(df - value) > MagickEpsilon) diff --git a/CVE-2025-53015_2.patch b/CVE-2025-53015_2.patch deleted file mode 100644 index 956e91d9843edb314b9a2b5a30137867d680cdd1..0000000000000000000000000000000000000000 --- a/CVE-2025-53015_2.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Dirk Lemstra -Date: Mon, 12 May 2025 22:23:48 +0200 -Subject: Added missing return. - -origin: https://github.com/ImageMagick/ImageMagick/commit/38631605e6ab744548a561797472cf8648bcfe26 -bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g -bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2025-53015 -bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339 ---- - MagickCore/profile.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/MagickCore/profile.c b/MagickCore/profile.c -index 85c1801..a68e54f 100644 ---- a/MagickCore/profile.c -+++ b/MagickCore/profile.c -@@ -2581,6 +2581,7 @@ static void GetXmpNumeratorAndDenominator(double value, - { - *numerator = (unsigned long) value; - *denominator = 1; -+ return; - } - *numerator=1; - df=1.0; diff --git a/CVE-2025-53019.patch b/CVE-2025-53019.patch deleted file mode 100644 index 4e5798c545438b8feece7652e0c73c3a4df36ccb..0000000000000000000000000000000000000000 --- a/CVE-2025-53019.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Dirk Lemstra -Date: Fri, 27 Jun 2025 14:51:57 +0200 -Subject: Fixed memory leak when entering StreamImage multiple times. - -origin: https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c -bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc ---- - MagickCore/stream.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/MagickCore/stream.c b/MagickCore/stream.c -index 786dabb..22a0c9e 100644 ---- a/MagickCore/stream.c -+++ b/MagickCore/stream.c -@@ -1321,7 +1321,8 @@ MagickExport Image *StreamImage(const ImageInfo *image_info, - image_info->filename); - read_info=CloneImageInfo(image_info); - stream_info->image_info=image_info; -- stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL); -+ if (stream_info->quantum_info == (QuantumInfo *) NULL) -+ stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL); - if (stream_info->quantum_info == (QuantumInfo *) NULL) - { - read_info=DestroyImageInfo(read_info); diff --git a/CVE-2025-53101.patch b/CVE-2025-53101.patch deleted file mode 100644 index 36eded9a6d1d7762613a15cf0349bee9b90fe145..0000000000000000000000000000000000000000 --- a/CVE-2025-53101.patch +++ /dev/null @@ -1,54 +0,0 @@ -From: Cristy -Date: Fri, 27 Jun 2025 20:02:12 -0400 -Subject: [PATCH] - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9 - -origin: backport, https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774 -bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9 ---- - MagickCore/image.c | 15 ++++++++------- - 1 file changed, 8 insertions(+), 7 deletions(-) - -diff --git a/MagickCore/image.c b/MagickCore/image.c -index 1b242f8..63d6ef0 100644 ---- a/MagickCore/image.c -+++ b/MagickCore/image.c -@@ -1665,7 +1665,6 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info, - canonical; - - ssize_t -- field_width, - offset; - - canonical=MagickFalse; -@@ -1681,22 +1680,24 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info, - p++; - continue; - } -- field_width=0; -- if (*q == '0') -- field_width=(ssize_t) strtol(q,&q,10); - switch (*q) - { - case 'd': - case 'o': - case 'x': - { -+ ssize_t -+ count; -+ - q++; - c=(*q); - *q='\0'; -- (void) FormatLocaleString(filename+(p-format-offset),(size_t) -+ count=FormatLocaleString(filename+(p-format-offset),(size_t) - (MagickPathExtent-(p-format-offset)),p,value); -- offset+=(4-field_width); -- *q=c; -+ if ((count <= 0) || (count > (MagickPathExtent-(p-format-offset)))) -+ return(0); -+ offset+=(ssize_t) ((q-p)-count); -+ *q=(char) c; - (void) ConcatenateMagickString(filename,q,MagickPathExtent); - canonical=MagickTrue; - if (*(q-1) != '%') diff --git a/CVE-2025-55004.patch b/CVE-2025-55004.patch deleted file mode 100644 index 9f404433c1de8773902666dbddd992fe68d5414f..0000000000000000000000000000000000000000 --- a/CVE-2025-55004.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 55d97055e00a7bc7ae2776c99824002fbb4a72aa Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Thu, 7 Aug 2025 19:14:00 -0400 -Subject: [PATCH] - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw - ---- - coders/png.c | 33 ++++++++++----------------------- - 1 file changed, 10 insertions(+), 23 deletions(-) - -diff --git a/coders/png.c b/coders/png.c -index 5b7cda5..5d240a1 100644 ---- a/coders/png.c -+++ b/coders/png.c -@@ -4802,37 +4802,24 @@ static Image *ReadOneJNGImage(MngReadInfo *mng_info, - jng_image=ReadImage(alpha_image_info,exception); - - if (jng_image != (Image *) NULL) -- for (y=0; y < (ssize_t) image->rows; y++) - { -- s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception); -- q=GetAuthenticPixels(image,0,y,image->columns,1,exception); -- if ((s == (const Quantum *) NULL) || (q == (Quantum *) NULL)) -- break; -+ image->alpha_trait=BlendPixelTrait; -+ for (y=0; y < (ssize_t) image->rows; y++) -+ { -+ s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception); -+ q=GetAuthenticPixels(image,0,y,image->columns,1,exception); -+ if ((s == (const Quantum *) NULL) || (q == (Quantum *) NULL)) -+ break; - -- if (image->alpha_trait != UndefinedPixelTrait) - for (x=(ssize_t) image->columns; x != 0; x--) - { - SetPixelAlpha(image,GetPixelRed(jng_image,s),q); - q+=GetPixelChannels(image); - s+=GetPixelChannels(jng_image); - } -- -- else -- for (x=(ssize_t) image->columns; x != 0; x--) -- { -- Quantum -- alpha; -- -- alpha=GetPixelRed(jng_image,s); -- SetPixelAlpha(image,alpha,q); -- if (alpha != OpaqueAlpha) -- image->alpha_trait=BlendPixelTrait; -- q+=GetPixelChannels(image); -- s+=GetPixelChannels(jng_image); -- } -- -- if (SyncAuthenticPixels(image,exception) == MagickFalse) -- break; -+ if (SyncAuthenticPixels(image,exception) == MagickFalse) -+ break; -+ } - } - (void) RelinquishUniqueFileResource(alpha_image->filename); - alpha_image=DestroyImageList(alpha_image); --- -2.50.1 - diff --git a/CVE-2025-55005.patch b/CVE-2025-55005.patch deleted file mode 100644 index 4a5f5b86640937201f5a6787a0fd8dc73d8b3295..0000000000000000000000000000000000000000 --- a/CVE-2025-55005.patch +++ /dev/null @@ -1,31 +0,0 @@ -From b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Thu, 7 Aug 2025 22:05:10 -0400 -Subject: [PATCH] - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp - ---- - MagickCore/colorspace.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c -index 7ac78a683d8..4b4866a60e4 100644 ---- a/MagickCore/colorspace.c -+++ b/MagickCore/colorspace.c -@@ -2420,10 +2420,16 @@ static MagickBooleanType TransformsRGBImage(Image *image, - value=GetImageProperty(image,"reference-black",exception); - if (value != (const char *) NULL) - reference_black=StringToDouble(value,(char **) NULL); -+ if (reference_black > 1024.0) -+ reference_black=1024.0; - reference_white=ReferenceWhite; - value=GetImageProperty(image,"reference-white",exception); - if (value != (const char *) NULL) - reference_white=StringToDouble(value,(char **) NULL); -+ if (reference_white > 1024.0) -+ reference_white=1024.0; -+ if (reference_black > reference_white) -+ reference_black=reference_white; - logmap=(Quantum *) AcquireQuantumMemory((size_t) MaxMap+1UL, - sizeof(*logmap)); - if (logmap == (Quantum *) NULL) diff --git a/CVE-2025-55154.patch b/CVE-2025-55154.patch deleted file mode 100644 index 591a25c05b2fbbee4f10796e2402294dd10ea09e..0000000000000000000000000000000000000000 --- a/CVE-2025-55154.patch +++ /dev/null @@ -1,76 +0,0 @@ -From db986e4782e9f6cc42a0e50151dc4fe43641b337 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sat, 9 Aug 2025 08:28:23 -0400 -Subject: [PATCH] - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82 - ---- - coders/png.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/coders/png.c b/coders/png.c -index f7ae779b2fe..f6ea0bbde8d 100644 ---- a/coders/png.c -+++ b/coders/png.c -@@ -6404,19 +6404,19 @@ static Image *ReadOneMNGImage(MngReadInfo* mng_info, - mng_info->magn_methy = 1; - if (mng_info->magn_methx == 1) - { -- magnified_width=mng_info->magn_ml; -+ magnified_width=(size_t) mng_info->magn_ml; - - if (image->columns > 1) - magnified_width += mng_info->magn_mr; - - if (image->columns > 2) -- magnified_width += (png_uint_32) -+ magnified_width += (size_t) - ((image->columns-2)*(mng_info->magn_mx)); - } - - else - { -- magnified_width=(png_uint_32) image->columns; -+ magnified_width=(size_t) image->columns; - - if (image->columns > 1) - magnified_width += mng_info->magn_ml-1; -@@ -6425,25 +6425,25 @@ static Image *ReadOneMNGImage(MngReadInfo* mng_info, - magnified_width += mng_info->magn_mr-1; - - if (image->columns > 3) -- magnified_width += (png_uint_32) -+ magnified_width += (size_t) - ((image->columns-3)*(mng_info->magn_mx-1)); - } - - if (mng_info->magn_methy == 1) - { -- magnified_height=mng_info->magn_mt; -+ magnified_height=(size_t) mng_info->magn_mt; - - if (image->rows > 1) - magnified_height += mng_info->magn_mb; - - if (image->rows > 2) -- magnified_height += (png_uint_32) -+ magnified_height += (size_t) - ((image->rows-2)*(mng_info->magn_my)); - } - - else - { -- magnified_height=(png_uint_32) image->rows; -+ magnified_height=(size_t) image->rows; - - if (image->rows > 1) - magnified_height += mng_info->magn_mt-1; -@@ -6452,7 +6452,7 @@ static Image *ReadOneMNGImage(MngReadInfo* mng_info, - magnified_height += mng_info->magn_mb-1; - - if (image->rows > 3) -- magnified_height += (png_uint_32) -+ magnified_height += (size_t) - ((image->rows-3)*(mng_info->magn_my-1)); - } - diff --git a/CVE-2025-55160.patch b/CVE-2025-55160.patch deleted file mode 100644 index 31fa927161c7cde63e1323435254d5d420835d90..0000000000000000000000000000000000000000 --- a/CVE-2025-55160.patch +++ /dev/null @@ -1,156 +0,0 @@ -From 63d8769dd6a8f32f4096c71be9e08a2c081e47da Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sun, 10 Aug 2025 08:28:28 -0400 -Subject: [PATCH] - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x - ---- - MagickCore/artifact.c | 17 ++++++++++++++++- - MagickCore/option.c | 17 ++++++++++++++++- - MagickCore/profile.c | 19 ++++++++++++++++++- - MagickCore/property.c | 18 ++++++++++++++++-- - 4 files changed, 66 insertions(+), 5 deletions(-) - -diff --git a/MagickCore/artifact.c b/MagickCore/artifact.c -index dae6aaaf0b1..764ef75a44b 100644 ---- a/MagickCore/artifact.c -+++ b/MagickCore/artifact.c -@@ -99,6 +99,21 @@ - % o clone_image: the source image for artifacts to clone. - % - */ -+ -+typedef char -+ *(*CloneKeyFunc)(const char *), -+ *(*CloneValueFunc)(const char *); -+ -+static inline void *CloneArtifactKey(void *key) -+{ -+ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key)); -+} -+ -+static inline void *CloneArtifactValue(void *value) -+{ -+ return((void *) ((CloneValueFunc) ConstantString)((const char *) value)); -+} -+ - MagickExport MagickBooleanType CloneImageArtifacts(Image *image, - const Image *clone_image) - { -@@ -117,7 +132,7 @@ MagickExport MagickBooleanType CloneImageArtifacts(Image *image, - if (image->artifacts != (void *) NULL) - DestroyImageArtifacts(image); - image->artifacts=CloneSplayTree((SplayTreeInfo *) clone_image->artifacts, -- (void *(*)(void *)) ConstantString,(void *(*)(void *)) ConstantString); -+ CloneArtifactKey,CloneArtifactValue); - } - return(MagickTrue); - } -diff --git a/MagickCore/option.c b/MagickCore/option.c -index 621b0f9b26d..f844f44d6af 100644 ---- a/MagickCore/option.c -+++ b/MagickCore/option.c -@@ -2361,6 +2361,21 @@ static const OptionInfo - % o clone_info: the source image info for options to clone. - % - */ -+ -+typedef char -+ *(*CloneKeyFunc)(const char *), -+ *(*CloneValueFunc)(const char *); -+ -+static inline void *CloneOptionKey(void *key) -+{ -+ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key)); -+} -+ -+static inline void *CloneOptionValue(void *value) -+{ -+ return((void *) ((CloneValueFunc) ConstantString)((const char *) value)); -+} -+ - MagickExport MagickBooleanType CloneImageOptions(ImageInfo *image_info, - const ImageInfo *clone_info) - { -@@ -2376,7 +2391,7 @@ MagickExport MagickBooleanType CloneImageOptions(ImageInfo *image_info, - if (image_info->options != (void *) NULL) - DestroyImageOptions(image_info); - image_info->options=CloneSplayTree((SplayTreeInfo *) clone_info->options, -- (void *(*)(void *)) ConstantString,(void *(*)(void *)) ConstantString); -+ CloneOptionKey,CloneOptionValue); - } - return(MagickTrue); - } -diff --git a/MagickCore/profile.c b/MagickCore/profile.c -index fac191845f1..8e38b301bb1 100644 ---- a/MagickCore/profile.c -+++ b/MagickCore/profile.c -@@ -143,6 +143,23 @@ typedef struct _CMSExceptionInfo - % o clone_image: the clone image. - % - */ -+ -+typedef char -+ *(*CloneKeyFunc)(const char *); -+ -+typedef StringInfo -+ *(*CloneValueFunc)(const StringInfo *); -+ -+static inline void *CloneProfileKey(void *key) -+{ -+ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key)); -+} -+ -+static inline void *CloneProfileValue(void *value) -+{ -+ return((void *) ((CloneValueFunc) CloneStringInfo)((const StringInfo *) value)); -+} -+ - MagickExport MagickBooleanType CloneImageProfiles(Image *image, - const Image *clone_image) - { -@@ -157,7 +174,7 @@ MagickExport MagickBooleanType CloneImageProfiles(Image *image, - if (image->profiles != (void *) NULL) - DestroyImageProfiles(image); - image->profiles=CloneSplayTree((SplayTreeInfo *) clone_image->profiles, -- (void *(*)(void *)) ConstantString,(void *(*)(void *)) CloneStringInfo); -+ CloneProfileKey,CloneProfileValue); - } - return(MagickTrue); - } -diff --git a/MagickCore/property.c b/MagickCore/property.c -index 09ae365dfa2..976ca34d70a 100644 ---- a/MagickCore/property.c -+++ b/MagickCore/property.c -@@ -131,6 +131,21 @@ - % o clone_image: the clone image. - % - */ -+ -+typedef char -+ *(*CloneKeyFunc)(const char *), -+ *(*CloneValueFunc)(const char *); -+ -+static inline void *ClonePropertyKey(void *key) -+{ -+ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key)); -+} -+ -+static inline void *ClonePropertyValue(void *value) -+{ -+ return((void *) ((CloneValueFunc) ConstantString)((const char *) value)); -+} -+ - MagickExport MagickBooleanType CloneImageProperties(Image *image, - const Image *clone_image) - { -@@ -195,8 +210,7 @@ MagickExport MagickBooleanType CloneImageProperties(Image *image, - if (image->properties != (void *) NULL) - DestroyImageProperties(image); - image->properties=CloneSplayTree((SplayTreeInfo *) -- clone_image->properties,(void *(*)(void *)) ConstantString, -- (void *(*)(void *)) ConstantString); -+ clone_image->properties,ClonePropertyKey,ClonePropertyValue); - } - return(MagickTrue); - } diff --git a/ImageMagick-7.1.2-2.tar.gz b/ImageMagick-7.1.2-2.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..d3100252a9810f5cdea27740ad30454bfc84fcaf --- /dev/null +++ b/ImageMagick-7.1.2-2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f511deb5827b07906e0558640a436a96644949dfd6bb21b1a641b09690ac3bdc +size 15719110 diff --git a/ImageMagick.spec b/ImageMagick.spec index deeda047b7d57eeedeb83f672b10ce1969efa6e3..0d0a22b43451f7e3ca6eb98ca8e3567ad0145719 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -1,28 +1,13 @@ Name: ImageMagick Epoch: 1 -Version: 7.1.1.8 -Release: 8 +Version: 7.1.2.2 +Release: 1 Summary: Create, edit, compose, or convert bitmap images License: ImageMagick and MIT Url: http://www.imagemagick.org/ -Source0: https://github.com/ImageMagick/ImageMagick/archive/refs/tags/7.1.1-8.tar.gz -Patch0: CVE-2023-34151.patch -Patch1: CVE-2023-34153.patch -Patch2: CVE-2023-34474-and-CVE-2023-34475.patch -Patch3: CVE-2023-3428.patch -Patch4: CVE-2023-5341.patch -Patch5: CVE-2025-43965.patch -Patch6: CVE-2025-46393.patch -Patch7: CVE-2025-53014.patch -Patch8: CVE-2025-53015_1-pre.patch -Patch9: CVE-2025-53015_1.patch -Patch10: CVE-2025-53015_2.patch -Patch11: CVE-2025-53101.patch -Patch12: CVE-2025-53019.patch -Patch13: CVE-2025-55004.patch -Patch14: CVE-2025-55005.patch -Patch15: CVE-2025-55154.patch -Patch16: CVE-2025-55160.patch +%global VER %(foo=%{version}; echo ${foo:0:5}) +%global Patchlevel %(foo=%{version}; echo ${foo:6}) +Source0: https://github.com/ImageMagick/ImageMagick/archive/%{VER}-%{Patchlevel}/%{name}-%{VER}-%{Patchlevel}.tar.gz BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel @@ -89,7 +74,7 @@ Requires: ImageMagick-devel = %{epoch}:%{version}-%{release} Development files for ImageMagick-c++. %prep -%autosetup -n ImageMagick-7.1.1-8 -p1 +%autosetup -n %{name}-%{VER}-%{Patchlevel} -p1 install -d Magick++/examples cp -p Magick++/demo/*.cpp Magick++/demo/*.miff Magick++/examples @@ -106,7 +91,7 @@ export CFLAGS="%{optflags} -DIMPNG_SETJMP_IS_THREAD_SAFE" %install %make_install -cp -a www/source %{buildroot}%{_datadir}/doc/ImageMagick-7.1.1 +cp -a www/source %{buildroot}%{_datadir}/doc/ImageMagick-%{VER} rm %{buildroot}%{_libdir}/*.la %{__perl} -MExtUtils::MakeMaker -e 'MY->fixin(@ARGV)' PerlMagick/demo/*.pl @@ -131,11 +116,12 @@ rm PerlMagick/demo/Generic.ttf /sbin/ldconfig %files -%doc LICENSE NOTICE AUTHORS.txt +%license LICENSE +%doc NOTICE AUTHORS.txt %{_bindir}/[a-z]* %{_libdir}/libMagickCore-7.Q16HDRI.so.10* %{_libdir}/libMagickWand-7.Q16HDRI.so.10* -%{_libdir}/ImageMagick-7.1.1 +%{_libdir}/ImageMagick-%{VER} %{_datadir}/ImageMagick-7 %dir %{_sysconfdir}/ImageMagick-7 %config(noreplace) %{_sysconfdir}/ImageMagick-7/*.xml @@ -153,23 +139,21 @@ rm PerlMagick/demo/Generic.ttf %{_includedir}/%{name}-7/MagickCore/* %files help -%doc README.txt NEWS.txt QuickStart.txt +%doc README.md %doc %{_datadir}/doc/ImageMagick-7 -%doc %{_datadir}/doc/ImageMagick-7.1.1 -%{_mandir}/man[145]/[a-z]* -%{_mandir}/man1/* -%{_mandir}/man3/* +%doc %{_datadir}/doc/ImageMagick-%{VER} +%{_mandir}/man?/* %files perl -f perl-pkg-files %doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt %files c++ -%doc Magick++/AUTHORS Magick++/ChangeLog Magick++/NEWS Magick++/README -%doc www/Magick++/COPYING +%license Magick++/LICENSE +%doc Magick++/AUTHORS %{_libdir}/libMagick++-7.Q16HDRI.so.5* %files c++-devel -%doc Magick++/examples +%doc Magick++/demo %{_bindir}/Magick++-config %{_includedir}/ImageMagick-7/Magick++* %{_libdir}/libMagick++-7.Q16HDRI.so @@ -177,39 +161,39 @@ rm PerlMagick/demo/Generic.ttf %{_libdir}/pkgconfig/ImageMagick* %changelog -* Fri Aug 15 2025 yaoxin <1024769339@qq.com> - 1:7.1.1.8-8 +* Thu Aug 28 2025 yaoxin <1024769339@qq.com> - 1:7.1.2.2-1 +- Update to 7.1.2.2 for fix CVE-2025-55212, CVE-2025-55298, CVE-2025-57803 + +* Fri Aug 15 2025 yaoxin <1024769339@qq.com> - 1:7.1.1.15-4 - Fix CVE-2025-55004, CVE-2025-55005, CVE-2025-55154, CVE-2025-55160 -* Mon Jul 21 2025 wangkai <13474090681@163.com> - 1:7.1.1.8-7 +* Mon Jul 21 2025 wangkai <13474090681@163.com> - 1:7.1.1.15-3 - Fix CVE-2025-53014, CVE-2025-53015, CVE-2025-53019, CVE-2025-53101 -* Tue Apr 29 2025 yaoxin <1024769339@qq.com> - 1:7.1.1.8-6 +* Tue Apr 29 2025 yaoxin <1024769339@qq.com> - 1:7.1.1.15-2 - Fix CVE-2025-43965 and CVE-2025-46393 -* Sat Oct 7 2023 liningjie - 1:7.1.1.8-5 +* Mon Oct 23 2023 wulei - 1:7.1.1.15-1 +- Update to 7.1.1.15 + +* Sat Oct 7 2023 liningjie - 1:7.1.1.11-3 - Fix CVE-2023-5341 -* Mon Jul 24 2023 wangkai <13474090681@163.com> - 1:7.1.1.8-4 +* Mon Jul 24 2023 wangkai <13474090681@163.com> - 1:7.1.1.11-2 - Fix CVE-2023-3428 -* Thu Jun 29 2023 wangkai <13474090681@163.com> - 1:7.1.1.8-3 -- Fix CVE-2023-34474 and CVE-2023-34475 - -* Thu Jun 08 2023 wangkai <13474090681@163.com> - 1:7.1.1.8-2 -- Fix CVE-2023-34151 and CVE-2023-34153 +* Thu Jun 08 2023 wangkai <13474090681@163.com> - 1:7.1.1.11-1 +- Update to 7.1.1.11 for Fix CVE-2023-34151,CVE-2023-34153 * Mon Apr 24 2023 wangkai <13474090681@163.com> - 1:7.1.1.8-1 - Update to 7.1.1.8 for Fix CVE-2023-1289,CVE-2023-1906 -* Thu Feb 09 2023 yaoxin - 1:7.1.0.28-6 -- Fix CVE-2022-44267 and CVE-2022-44268 +* Thu Feb 09 2023 yaoxin - 1:7.1.0.28-5 +- Fix CVE-2022-44267,CVE-2022-44268 and CVE-2022-3213 -* Tue Nov 22 2022 yaoxin - 1:7.1.0.28-5 +* Tue Nov 22 2022 yaoxin - 1:7.1.0.28-4 - Fix CVE-2022-32547 -* Thu Oct 13 2022 chenwenjie - 1:7.1.0.28-4 -- fix CVE-2022-3213 - * Fri Aug 19 2022 cenhuilin - 1:7.1.0.28-3 - fix CVE-2022-1115 @@ -222,15 +206,6 @@ rm PerlMagick/demo/Generic.ttf * Thu Mar 10 2022 wangkai - 7.1.0.27-1 - Update to 7.1.0.27 for fix CVE-2021-39212 CVE-2021-3596 -* Wed Feb 23 2022 xu_ping - 7.1.0.0-3 -- OpenEXR upgrade abandoned ilmbase-devel,reference Imath-devel instead - -* Sat Feb 19 2022 xu_ping - 7.1.0.0-2 -- Add requires open-sans-fonts to fix unable to read font `helvetica` - -* Fri Dec 31 2021 wulei - 7.1.0.0-1 -- Package update - * Thu Jun 03 2021 wangyue - 6.9.10.67-25 - Fix CVE-2020-27756 CVE-2020-25667 CVE-2020-27753