diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000000000000000000000000000000000..f087b429e2f81a9f37b28a8308e2210f84df6c9b --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.tar.gz filter=lfs diff=lfs merge=lfs -text diff --git a/.lfsconfig b/.lfsconfig new file mode 100644 index 0000000000000000000000000000000000000000..a4ef267ce8a776277967ce3c6a39f94f34e3bb73 --- /dev/null +++ b/.lfsconfig @@ -0,0 +1,2 @@ +[lfs] + url = https://artlfs.openeuler.openatom.cn/src-openEuler/ImageMagick diff --git a/7.1.1-15.tar.gz b/7.1.1-15.tar.gz deleted file mode 100644 index cc2953741186fb6ae604a573fd59845dd1c26851..0000000000000000000000000000000000000000 Binary files a/7.1.1-15.tar.gz and /dev/null differ diff --git a/CVE-2023-5341.patch b/CVE-2023-5341.patch deleted file mode 100644 index 5ab101d84153fd6e5380ad0a540bfccec17a63e4..0000000000000000000000000000000000000000 --- a/CVE-2023-5341.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 97b99a741321c9a89491ebb6dab66d1215413595 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sat, 7 Oct 2023 10:22:57 +0800 -Subject: [PATCH] check for BMP file size, poc provided by Hardik Shah of - Vehere (Dawn Treaders team) - ---- - coders/bmp.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/coders/bmp.c b/coders/bmp.c -index 8ff76bb..bb9ce2f 100644 ---- a/coders/bmp.c -+++ b/coders/bmp.c -@@ -629,6 +629,9 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception) - " BMP header size: %u",bmp_info.size); - if (bmp_info.size > 124) - ThrowReaderException(CorruptImageError,"ImproperImageHeader"); -+ if ((bmp_info.file_size != 0) && -+ ((MagickSizeType) bmp_info.file_size > GetBlobSize(image))) -+ ThrowReaderException(CorruptImageError,"ImproperImageHeader"); - if (bmp_info.offset_bits < bmp_info.size) - ThrowReaderException(CorruptImageError,"ImproperImageHeader"); - bmp_info.offset_bits=MagickMax(14+bmp_info.size,bmp_info.offset_bits); --- -2.27.0 - diff --git a/CVE-2025-43965.patch b/CVE-2025-43965.patch deleted file mode 100644 index 790476847a245d49c985ca287ead955ef18994a2..0000000000000000000000000000000000000000 --- a/CVE-2025-43965.patch +++ /dev/null @@ -1,22 +0,0 @@ -From bac413a26073923d3ffb258adaab07fb3fe8fdc9 Mon Sep 17 00:00:00 2001 -From: Dirk Lemstra -Date: Sat, 8 Feb 2025 23:31:39 +0100 -Subject: [PATCH] Update the image depth after this has been changed by - SetQuantumFormat. - ---- - coders/miff.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/coders/miff.c b/coders/miff.c -index 66f8d3850bf..77e92500679 100644 ---- a/coders/miff.c -+++ b/coders/miff.c -@@ -1335,6 +1335,7 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, - if (quantum_format != UndefinedQuantumFormat) - { - status=SetQuantumFormat(image,quantum_info,quantum_format); -+ image->depth=quantum_info->depth; - if (status == MagickFalse) - ThrowMIFFException(ResourceLimitError,"MemoryAllocationFailed"); - } diff --git a/CVE-2025-46393.patch b/CVE-2025-46393.patch deleted file mode 100644 index acdcb8bc273ad10585eeff7fd78a10626ca3fd5a..0000000000000000000000000000000000000000 --- a/CVE-2025-46393.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 81ac8a0d2eb21739842ed18c48c7646b7eef65b8 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Fri, 7 Feb 2025 20:57:15 -0500 -Subject: [PATCH] multispectral MIFF images renders all channels in arbitrary - order - ---- - coders/miff.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/coders/miff.c b/coders/miff.c -index 355455bc50e..398f66d0b66 100644 ---- a/coders/miff.c -+++ b/coders/miff.c -@@ -1347,10 +1347,10 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, - packet_size+=image->depth/8; - if (image->colorspace == CMYKColorspace) - packet_size+=image->depth/8; -+ if (image->number_meta_channels != 0) -+ packet_size=GetImageChannels(image)*image->depth/8; - if (image->compression == RLECompression) - packet_size++; -- if (image->number_meta_channels != 0) -- packet_size+=image->number_meta_channels*image->depth/8; - compress_extent=MagickMax(MagickMax(BZipMaxExtent(packet_size* - image->columns),LZMAMaxExtent(packet_size*image->columns)), - ZipMaxExtent(packet_size*image->columns)); -@@ -2171,7 +2171,7 @@ static MagickBooleanType WriteMIFFImage(const ImageInfo *image_info, - if (compression == RLECompression) - packet_size++; - if (image->number_meta_channels != 0) -- packet_size+=image->number_meta_channels*image->depth/8; -+ packet_size=GetImageChannels(image)*image->depth/8; - length=MagickMax(BZipMaxExtent(packet_size*image->columns),ZipMaxExtent( - packet_size*image->columns)); - if ((compression == BZipCompression) || (compression == ZipCompression)) diff --git a/CVE-2025-53014.patch b/CVE-2025-53014.patch deleted file mode 100644 index 6af6308a11d9fc85d27572385e429ef3cf4619b7..0000000000000000000000000000000000000000 --- a/CVE-2025-53014.patch +++ /dev/null @@ -1,25 +0,0 @@ -From: Dirk Lemstra -Date: Thu, 26 Jun 2025 23:01:07 +0200 -Subject: Correct out of bounds read of a single byte. - -origin: https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03 -bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f -bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2025-53014 -bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339 ---- - MagickCore/image.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/MagickCore/image.c b/MagickCore/image.c -index 261d750..1b242f8 100644 ---- a/MagickCore/image.c -+++ b/MagickCore/image.c -@@ -1678,7 +1678,7 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info, - q=(char *) p+1; - if (*q == '%') - { -- p=q+1; -+ p++; - continue; - } - field_width=0; diff --git a/CVE-2025-53015_1-pre.patch b/CVE-2025-53015_1-pre.patch deleted file mode 100644 index e29a266ca80c0ba755219cd8ea69a213b123b542..0000000000000000000000000000000000000000 --- a/CVE-2025-53015_1-pre.patch +++ /dev/null @@ -1,194 +0,0 @@ -From 3e4f327d44acc41538b86c1386048d8e489d9c7c Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sat, 5 Aug 2023 22:52:40 -0400 -Subject: [PATCH] eliminate compiler warnings - -Origin: https://github.com/ImageMagick/ImageMagick/commit/3e4f327d44acc41538b86c1386048d8e489d9c7c - ---- - MagickCore/cache.c | 52 ++++++++++++++++++++------------------ - MagickCore/image-private.h | 2 +- - 2 files changed, 29 insertions(+), 25 deletions(-) - -diff --git a/MagickCore/cache.c b/MagickCore/cache.c -index c0adc66389e..4dccc1dcf88 100644 ---- a/MagickCore/cache.c -+++ b/MagickCore/cache.c -@@ -650,7 +650,7 @@ static MagickBooleanType ClonePixelCacheOnDisk( - number_bytes=write(clone_info->file,buffer,(size_t) count); - if (number_bytes != count) - break; -- extent+=number_bytes; -+ extent+=(size_t) number_bytes; - } - buffer=(unsigned char *) RelinquishMagickMemory(buffer); - if (extent != cache_info->length) -@@ -2789,14 +2789,14 @@ MagickPrivate const Quantum *GetVirtualPixelCacheNexus(const Image *image, - if (pixels == (Quantum *) NULL) - return((const Quantum *) NULL); - q=pixels; -- offset=(MagickOffsetType) nexus_info->region.y*cache_info->columns+ -+ offset=nexus_info->region.y*(MagickOffsetType) cache_info->columns+ - nexus_info->region.x; - length=(MagickSizeType) (nexus_info->region.height-1L)*cache_info->columns+ - nexus_info->region.width-1L; - number_pixels=(MagickSizeType) cache_info->columns*cache_info->rows; - if ((offset >= 0) && (((MagickSizeType) offset+length) < number_pixels)) -- if ((x >= 0) && ((ssize_t) (x+columns-1) < (ssize_t) cache_info->columns) && -- (y >= 0) && ((ssize_t) (y+rows-1) < (ssize_t) cache_info->rows)) -+ if ((x >= 0) && ((x+(ssize_t) columns-1) < (ssize_t) cache_info->columns) && -+ (y >= 0) && ((y+(ssize_t) rows-1) < (ssize_t) cache_info->rows)) - { - MagickBooleanType - status; -@@ -2914,13 +2914,14 @@ MagickPrivate const Quantum *GetVirtualPixelCacheNexus(const Image *image, - if ((virtual_pixel_method == EdgeVirtualPixelMethod) || - (virtual_pixel_method == UndefinedVirtualPixelMethod)) - y_offset=EdgeY(y_offset,cache_info->rows); -- for (u=0; u < (ssize_t) columns; u+=length) -+ for (u=0; u < (ssize_t) columns; u+=(ssize_t) length) - { - ssize_t - x_offset; - - x_offset=x+u; -- length=(MagickSizeType) MagickMin(cache_info->columns-x_offset,columns-u); -+ length=(MagickSizeType) MagickMin((ssize_t) cache_info->columns- -+ x_offset,(ssize_t) columns-u); - if (((x_offset < 0) || (x_offset >= (ssize_t) cache_info->columns)) || - ((y_offset < 0) || (y_offset >= (ssize_t) cache_info->rows)) || - (length == 0)) -@@ -3568,11 +3569,11 @@ static inline MagickOffsetType WritePixelCacheRegion( - for (i=0; i < (MagickOffsetType) length; i+=count) - { - #if !defined(MAGICKCORE_HAVE_PWRITE) -- count=write(cache_info->file,buffer+i,(size_t) MagickMin(length-i,(size_t) -- MAGICK_SSIZE_MAX)); -+ count=write(cache_info->file,buffer+i,(size_t) MagickMin(length- -+ (MagickSizeType) i,MAGICK_SSIZE_MAX)); - #else -- count=pwrite(cache_info->file,buffer+i,(size_t) MagickMin(length-i,(size_t) -- MAGICK_SSIZE_MAX),offset+i); -+ count=pwrite(cache_info->file,buffer+i,(size_t) MagickMin(length- -+ (MagickSizeType) i,MAGICK_SSIZE_MAX),offset+i); - #endif - if (count <= 0) - { -@@ -4081,7 +4082,8 @@ MagickExport MagickBooleanType PersistPixelCache(Image *image, - cache_info->offset=(*offset); - if (OpenPixelCache(image,ReadMode,exception) == MagickFalse) - return(MagickFalse); -- *offset+=cache_info->length+page_size-(cache_info->length % page_size); -+ *offset=(*offset+(MagickOffsetType) cache_info->length+page_size- -+ ((MagickOffsetType) cache_info->length % page_size)); - return(MagickTrue); - } - /* -@@ -4114,7 +4116,8 @@ MagickExport MagickBooleanType PersistPixelCache(Image *image, - status=OpenPixelCacheOnDisk(clone_info,WriteMode); - if (status != MagickFalse) - status=ClonePixelCacheRepository(clone_info,cache_info,exception); -- *offset+=cache_info->length+page_size-(cache_info->length % page_size); -+ *offset=(*offset+(MagickOffsetType) cache_info->length+page_size- -+ ((MagickOffsetType) cache_info->length % page_size)); - clone_info=(CacheInfo *) DestroyPixelCache(clone_info); - return(status); - } -@@ -4191,11 +4194,12 @@ MagickPrivate Quantum *QueueAuthenticPixelCacheNexus(Image *image, - "PixelsAreNotAuthentic","`%s'",image->filename); - return((Quantum *) NULL); - } -- offset=(MagickOffsetType) y*cache_info->columns+x; -+ offset=y*(MagickOffsetType) cache_info->columns+x; - if (offset < 0) - return((Quantum *) NULL); - number_pixels=(MagickSizeType) cache_info->columns*cache_info->rows; -- offset+=(MagickOffsetType) (rows-1)*cache_info->columns+columns-1; -+ offset+=((MagickOffsetType) rows-1)*(MagickOffsetType) cache_info->columns+ -+ (MagickOffsetType) columns-1; - if ((MagickSizeType) offset >= number_pixels) - return((Quantum *) NULL); - /* -@@ -4398,11 +4402,11 @@ static inline MagickOffsetType ReadPixelCacheRegion( - for (i=0; i < (MagickOffsetType) length; i+=count) - { - #if !defined(MAGICKCORE_HAVE_PREAD) -- count=read(cache_info->file,buffer+i,(size_t) MagickMin(length-i,(size_t) -- MAGICK_SSIZE_MAX)); -+ count=read(cache_info->file,buffer+i,(size_t) MagickMin(length- -+ (MagickSizeType) i,(size_t) MAGICK_SSIZE_MAX)); - #else -- count=pread(cache_info->file,buffer+i,(size_t) MagickMin(length-i,(size_t) -- MAGICK_SSIZE_MAX),offset+i); -+ count=pread(cache_info->file,buffer+i,(size_t) MagickMin(length- -+ (MagickSizeType) i,(size_t) MAGICK_SSIZE_MAX),offset+i); - #endif - if (count <= 0) - { -@@ -4439,7 +4443,7 @@ static MagickBooleanType ReadPixelCacheMetacontent( - return(MagickFalse); - if (nexus_info->authentic_pixel_cache != MagickFalse) - return(MagickTrue); -- offset=(MagickOffsetType) nexus_info->region.y*cache_info->columns+ -+ offset=nexus_info->region.y*(MagickOffsetType) cache_info->columns+ - nexus_info->region.x; - length=(MagickSizeType) nexus_info->region.width* - cache_info->metacontent_extent; -@@ -4464,7 +4468,7 @@ static MagickBooleanType ReadPixelCacheMetacontent( - length=extent; - rows=1UL; - } -- p=(unsigned char *) cache_info->metacontent+offset* -+ p=(unsigned char *) cache_info->metacontent+offset*(MagickOffsetType) - cache_info->metacontent_extent; - for (y=0; y < (ssize_t) rows; y++) - { -@@ -4501,7 +4505,7 @@ static MagickBooleanType ReadPixelCacheMetacontent( - cache_info->metacontent_extent,length,(unsigned char *) q); - if (count != (MagickOffsetType) length) - break; -- offset+=cache_info->columns; -+ offset+=(MagickOffsetType) cache_info->columns; - q+=cache_info->metacontent_extent*nexus_info->region.width; - } - if (IsFileDescriptorLimitExceeded() != MagickFalse) -@@ -4675,7 +4679,7 @@ static MagickBooleanType ReadPixelCachePixels( - cache_info->number_channels*sizeof(*q),length,(unsigned char *) q); - if (count != (MagickOffsetType) length) - break; -- offset+=cache_info->columns; -+ offset+=(MagickOffsetType) cache_info->columns; - q+=cache_info->number_channels*nexus_info->region.width; - } - if (IsFileDescriptorLimitExceeded() != MagickFalse) -@@ -5701,7 +5705,7 @@ static MagickBooleanType WritePixelCacheMetacontent(CacheInfo *cache_info, - if (count != (MagickOffsetType) length) - break; - p+=cache_info->metacontent_extent*nexus_info->region.width; -- offset+=cache_info->columns; -+ offset+=(MagickOffsetType) cache_info->columns; - } - if (IsFileDescriptorLimitExceeded() != MagickFalse) - (void) ClosePixelCacheOnDisk(cache_info); -@@ -5868,7 +5872,7 @@ static MagickBooleanType WritePixelCachePixels( - if (count != (MagickOffsetType) length) - break; - p+=cache_info->number_channels*nexus_info->region.width; -- offset+=cache_info->columns; -+ offset+=(MagickOffsetType) cache_info->columns; - } - if (IsFileDescriptorLimitExceeded() != MagickFalse) - (void) ClosePixelCacheOnDisk(cache_info); -diff --git a/MagickCore/image-private.h b/MagickCore/image-private.h -index c156cf0ee16..8ffcae53688 100644 ---- a/MagickCore/image-private.h -+++ b/MagickCore/image-private.h -@@ -51,7 +51,7 @@ extern "C" { - #define MagickSQ2PI 2.50662827463100024161235523934010416269302368164062 - #define MAGICK_SIZE_MAX (SIZE_MAX) - #define MAGICK_SSIZE_MAX (SSIZE_MAX) --#define MAGICK_SSIZE_MIN (-(SSIZE_MAX)-1) -+#define MAGICK_SSIZE_MIN (-SSIZE_MAX-1) - #define MatteColor "#bdbdbd" /* gray */ - #define MatteColorRGBA ScaleShortToQuantum(0xbdbd),\ - ScaleShortToQuantum(0xbdbd),ScaleShortToQuantum(0xbdbd),OpaqueAlpha diff --git a/CVE-2025-53015_1.patch b/CVE-2025-53015_1.patch deleted file mode 100644 index 9dc5974cbe2a6a80722eb9590e3eaca95498e5e5..0000000000000000000000000000000000000000 --- a/CVE-2025-53015_1.patch +++ /dev/null @@ -1,48 +0,0 @@ -From: Dirk Lemstra -Date: Fri, 2 May 2025 18:33:17 +0200 -Subject: [PATCH] Added extra checks to make sure we don't get stuck in the - while loop. - -origin: https://github.com/ImageMagick/ImageMagick/commit/229fa96a988a21d78318bbca61245a6ed1ee33a0 -bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g -bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2025-53015 -bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339 ---- - MagickCore/image-private.h | 1 + - MagickCore/profile.c | 11 +++++++++++ - 2 files changed, 12 insertions(+) - -diff --git a/MagickCore/image-private.h b/MagickCore/image-private.h -index 4ce71c3..11dca10 100644 ---- a/MagickCore/image-private.h -+++ b/MagickCore/image-private.h -@@ -52,6 +52,7 @@ extern "C" { - #define MAGICK_SIZE_MAX (SIZE_MAX) - #define MAGICK_SSIZE_MAX (SSIZE_MAX) - #define MAGICK_SSIZE_MIN (-SSIZE_MAX-1) -+#define MAGICK_ULONG_MAX (ULONG_MAX) - #define MatteColor "#bdbdbd" /* gray */ - #define MatteColorRGBA ScaleShortToQuantum(0xbdbd),\ - ScaleShortToQuantum(0xbdbd),ScaleShortToQuantum(0xbdbd),OpaqueAlpha -diff --git a/MagickCore/profile.c b/MagickCore/profile.c -index 7eea1d3..85c1801 100644 ---- a/MagickCore/profile.c -+++ b/MagickCore/profile.c -@@ -2571,6 +2571,17 @@ static void GetXmpNumeratorAndDenominator(double value, - *denominator=1; - if (value <= MagickEpsilon) - return; -+ if (value > (double) MAGICK_ULONG_MAX) -+ { -+ *numerator = MAGICK_ULONG_MAX; -+ *denominator = 1; -+ return; -+ } -+ if (floor(value) == value) -+ { -+ *numerator = (unsigned long) value; -+ *denominator = 1; -+ } - *numerator=1; - df=1.0; - while(fabs(df - value) > MagickEpsilon) diff --git a/CVE-2025-53015_2.patch b/CVE-2025-53015_2.patch deleted file mode 100644 index 956e91d9843edb314b9a2b5a30137867d680cdd1..0000000000000000000000000000000000000000 --- a/CVE-2025-53015_2.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Dirk Lemstra -Date: Mon, 12 May 2025 22:23:48 +0200 -Subject: Added missing return. - -origin: https://github.com/ImageMagick/ImageMagick/commit/38631605e6ab744548a561797472cf8648bcfe26 -bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g -bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2025-53015 -bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339 ---- - MagickCore/profile.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/MagickCore/profile.c b/MagickCore/profile.c -index 85c1801..a68e54f 100644 ---- a/MagickCore/profile.c -+++ b/MagickCore/profile.c -@@ -2581,6 +2581,7 @@ static void GetXmpNumeratorAndDenominator(double value, - { - *numerator = (unsigned long) value; - *denominator = 1; -+ return; - } - *numerator=1; - df=1.0; diff --git a/CVE-2025-53019.patch b/CVE-2025-53019.patch deleted file mode 100644 index 4e5798c545438b8feece7652e0c73c3a4df36ccb..0000000000000000000000000000000000000000 --- a/CVE-2025-53019.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Dirk Lemstra -Date: Fri, 27 Jun 2025 14:51:57 +0200 -Subject: Fixed memory leak when entering StreamImage multiple times. - -origin: https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c -bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc ---- - MagickCore/stream.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/MagickCore/stream.c b/MagickCore/stream.c -index 786dabb..22a0c9e 100644 ---- a/MagickCore/stream.c -+++ b/MagickCore/stream.c -@@ -1321,7 +1321,8 @@ MagickExport Image *StreamImage(const ImageInfo *image_info, - image_info->filename); - read_info=CloneImageInfo(image_info); - stream_info->image_info=image_info; -- stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL); -+ if (stream_info->quantum_info == (QuantumInfo *) NULL) -+ stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL); - if (stream_info->quantum_info == (QuantumInfo *) NULL) - { - read_info=DestroyImageInfo(read_info); diff --git a/CVE-2025-53101.patch b/CVE-2025-53101.patch deleted file mode 100644 index 36eded9a6d1d7762613a15cf0349bee9b90fe145..0000000000000000000000000000000000000000 --- a/CVE-2025-53101.patch +++ /dev/null @@ -1,54 +0,0 @@ -From: Cristy -Date: Fri, 27 Jun 2025 20:02:12 -0400 -Subject: [PATCH] - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9 - -origin: backport, https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774 -bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9 ---- - MagickCore/image.c | 15 ++++++++------- - 1 file changed, 8 insertions(+), 7 deletions(-) - -diff --git a/MagickCore/image.c b/MagickCore/image.c -index 1b242f8..63d6ef0 100644 ---- a/MagickCore/image.c -+++ b/MagickCore/image.c -@@ -1665,7 +1665,6 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info, - canonical; - - ssize_t -- field_width, - offset; - - canonical=MagickFalse; -@@ -1681,22 +1680,24 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info, - p++; - continue; - } -- field_width=0; -- if (*q == '0') -- field_width=(ssize_t) strtol(q,&q,10); - switch (*q) - { - case 'd': - case 'o': - case 'x': - { -+ ssize_t -+ count; -+ - q++; - c=(*q); - *q='\0'; -- (void) FormatLocaleString(filename+(p-format-offset),(size_t) -+ count=FormatLocaleString(filename+(p-format-offset),(size_t) - (MagickPathExtent-(p-format-offset)),p,value); -- offset+=(4-field_width); -- *q=c; -+ if ((count <= 0) || (count > (MagickPathExtent-(p-format-offset)))) -+ return(0); -+ offset+=(ssize_t) ((q-p)-count); -+ *q=(char) c; - (void) ConcatenateMagickString(filename,q,MagickPathExtent); - canonical=MagickTrue; - if (*(q-1) != '%') diff --git a/CVE-2025-55004.patch b/CVE-2025-55004.patch deleted file mode 100644 index 9f404433c1de8773902666dbddd992fe68d5414f..0000000000000000000000000000000000000000 --- a/CVE-2025-55004.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 55d97055e00a7bc7ae2776c99824002fbb4a72aa Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Thu, 7 Aug 2025 19:14:00 -0400 -Subject: [PATCH] - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw - ---- - coders/png.c | 33 ++++++++++----------------------- - 1 file changed, 10 insertions(+), 23 deletions(-) - -diff --git a/coders/png.c b/coders/png.c -index 5b7cda5..5d240a1 100644 ---- a/coders/png.c -+++ b/coders/png.c -@@ -4802,37 +4802,24 @@ static Image *ReadOneJNGImage(MngReadInfo *mng_info, - jng_image=ReadImage(alpha_image_info,exception); - - if (jng_image != (Image *) NULL) -- for (y=0; y < (ssize_t) image->rows; y++) - { -- s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception); -- q=GetAuthenticPixels(image,0,y,image->columns,1,exception); -- if ((s == (const Quantum *) NULL) || (q == (Quantum *) NULL)) -- break; -+ image->alpha_trait=BlendPixelTrait; -+ for (y=0; y < (ssize_t) image->rows; y++) -+ { -+ s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception); -+ q=GetAuthenticPixels(image,0,y,image->columns,1,exception); -+ if ((s == (const Quantum *) NULL) || (q == (Quantum *) NULL)) -+ break; - -- if (image->alpha_trait != UndefinedPixelTrait) - for (x=(ssize_t) image->columns; x != 0; x--) - { - SetPixelAlpha(image,GetPixelRed(jng_image,s),q); - q+=GetPixelChannels(image); - s+=GetPixelChannels(jng_image); - } -- -- else -- for (x=(ssize_t) image->columns; x != 0; x--) -- { -- Quantum -- alpha; -- -- alpha=GetPixelRed(jng_image,s); -- SetPixelAlpha(image,alpha,q); -- if (alpha != OpaqueAlpha) -- image->alpha_trait=BlendPixelTrait; -- q+=GetPixelChannels(image); -- s+=GetPixelChannels(jng_image); -- } -- -- if (SyncAuthenticPixels(image,exception) == MagickFalse) -- break; -+ if (SyncAuthenticPixels(image,exception) == MagickFalse) -+ break; -+ } - } - (void) RelinquishUniqueFileResource(alpha_image->filename); - alpha_image=DestroyImageList(alpha_image); --- -2.50.1 - diff --git a/CVE-2025-55005.patch b/CVE-2025-55005.patch deleted file mode 100644 index 4a5f5b86640937201f5a6787a0fd8dc73d8b3295..0000000000000000000000000000000000000000 --- a/CVE-2025-55005.patch +++ /dev/null @@ -1,31 +0,0 @@ -From b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Thu, 7 Aug 2025 22:05:10 -0400 -Subject: [PATCH] - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp - ---- - MagickCore/colorspace.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c -index 7ac78a683d8..4b4866a60e4 100644 ---- a/MagickCore/colorspace.c -+++ b/MagickCore/colorspace.c -@@ -2420,10 +2420,16 @@ static MagickBooleanType TransformsRGBImage(Image *image, - value=GetImageProperty(image,"reference-black",exception); - if (value != (const char *) NULL) - reference_black=StringToDouble(value,(char **) NULL); -+ if (reference_black > 1024.0) -+ reference_black=1024.0; - reference_white=ReferenceWhite; - value=GetImageProperty(image,"reference-white",exception); - if (value != (const char *) NULL) - reference_white=StringToDouble(value,(char **) NULL); -+ if (reference_white > 1024.0) -+ reference_white=1024.0; -+ if (reference_black > reference_white) -+ reference_black=reference_white; - logmap=(Quantum *) AcquireQuantumMemory((size_t) MaxMap+1UL, - sizeof(*logmap)); - if (logmap == (Quantum *) NULL) diff --git a/CVE-2025-55154.patch b/CVE-2025-55154.patch deleted file mode 100644 index 591a25c05b2fbbee4f10796e2402294dd10ea09e..0000000000000000000000000000000000000000 --- a/CVE-2025-55154.patch +++ /dev/null @@ -1,76 +0,0 @@ -From db986e4782e9f6cc42a0e50151dc4fe43641b337 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sat, 9 Aug 2025 08:28:23 -0400 -Subject: [PATCH] - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82 - ---- - coders/png.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/coders/png.c b/coders/png.c -index f7ae779b2fe..f6ea0bbde8d 100644 ---- a/coders/png.c -+++ b/coders/png.c -@@ -6404,19 +6404,19 @@ static Image *ReadOneMNGImage(MngReadInfo* mng_info, - mng_info->magn_methy = 1; - if (mng_info->magn_methx == 1) - { -- magnified_width=mng_info->magn_ml; -+ magnified_width=(size_t) mng_info->magn_ml; - - if (image->columns > 1) - magnified_width += mng_info->magn_mr; - - if (image->columns > 2) -- magnified_width += (png_uint_32) -+ magnified_width += (size_t) - ((image->columns-2)*(mng_info->magn_mx)); - } - - else - { -- magnified_width=(png_uint_32) image->columns; -+ magnified_width=(size_t) image->columns; - - if (image->columns > 1) - magnified_width += mng_info->magn_ml-1; -@@ -6425,25 +6425,25 @@ static Image *ReadOneMNGImage(MngReadInfo* mng_info, - magnified_width += mng_info->magn_mr-1; - - if (image->columns > 3) -- magnified_width += (png_uint_32) -+ magnified_width += (size_t) - ((image->columns-3)*(mng_info->magn_mx-1)); - } - - if (mng_info->magn_methy == 1) - { -- magnified_height=mng_info->magn_mt; -+ magnified_height=(size_t) mng_info->magn_mt; - - if (image->rows > 1) - magnified_height += mng_info->magn_mb; - - if (image->rows > 2) -- magnified_height += (png_uint_32) -+ magnified_height += (size_t) - ((image->rows-2)*(mng_info->magn_my)); - } - - else - { -- magnified_height=(png_uint_32) image->rows; -+ magnified_height=(size_t) image->rows; - - if (image->rows > 1) - magnified_height += mng_info->magn_mt-1; -@@ -6452,7 +6452,7 @@ static Image *ReadOneMNGImage(MngReadInfo* mng_info, - magnified_height += mng_info->magn_mb-1; - - if (image->rows > 3) -- magnified_height += (png_uint_32) -+ magnified_height += (size_t) - ((image->rows-3)*(mng_info->magn_my-1)); - } - diff --git a/CVE-2025-55160.patch b/CVE-2025-55160.patch deleted file mode 100644 index 31fa927161c7cde63e1323435254d5d420835d90..0000000000000000000000000000000000000000 --- a/CVE-2025-55160.patch +++ /dev/null @@ -1,156 +0,0 @@ -From 63d8769dd6a8f32f4096c71be9e08a2c081e47da Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sun, 10 Aug 2025 08:28:28 -0400 -Subject: [PATCH] - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x - ---- - MagickCore/artifact.c | 17 ++++++++++++++++- - MagickCore/option.c | 17 ++++++++++++++++- - MagickCore/profile.c | 19 ++++++++++++++++++- - MagickCore/property.c | 18 ++++++++++++++++-- - 4 files changed, 66 insertions(+), 5 deletions(-) - -diff --git a/MagickCore/artifact.c b/MagickCore/artifact.c -index dae6aaaf0b1..764ef75a44b 100644 ---- a/MagickCore/artifact.c -+++ b/MagickCore/artifact.c -@@ -99,6 +99,21 @@ - % o clone_image: the source image for artifacts to clone. - % - */ -+ -+typedef char -+ *(*CloneKeyFunc)(const char *), -+ *(*CloneValueFunc)(const char *); -+ -+static inline void *CloneArtifactKey(void *key) -+{ -+ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key)); -+} -+ -+static inline void *CloneArtifactValue(void *value) -+{ -+ return((void *) ((CloneValueFunc) ConstantString)((const char *) value)); -+} -+ - MagickExport MagickBooleanType CloneImageArtifacts(Image *image, - const Image *clone_image) - { -@@ -117,7 +132,7 @@ MagickExport MagickBooleanType CloneImageArtifacts(Image *image, - if (image->artifacts != (void *) NULL) - DestroyImageArtifacts(image); - image->artifacts=CloneSplayTree((SplayTreeInfo *) clone_image->artifacts, -- (void *(*)(void *)) ConstantString,(void *(*)(void *)) ConstantString); -+ CloneArtifactKey,CloneArtifactValue); - } - return(MagickTrue); - } -diff --git a/MagickCore/option.c b/MagickCore/option.c -index 621b0f9b26d..f844f44d6af 100644 ---- a/MagickCore/option.c -+++ b/MagickCore/option.c -@@ -2361,6 +2361,21 @@ static const OptionInfo - % o clone_info: the source image info for options to clone. - % - */ -+ -+typedef char -+ *(*CloneKeyFunc)(const char *), -+ *(*CloneValueFunc)(const char *); -+ -+static inline void *CloneOptionKey(void *key) -+{ -+ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key)); -+} -+ -+static inline void *CloneOptionValue(void *value) -+{ -+ return((void *) ((CloneValueFunc) ConstantString)((const char *) value)); -+} -+ - MagickExport MagickBooleanType CloneImageOptions(ImageInfo *image_info, - const ImageInfo *clone_info) - { -@@ -2376,7 +2391,7 @@ MagickExport MagickBooleanType CloneImageOptions(ImageInfo *image_info, - if (image_info->options != (void *) NULL) - DestroyImageOptions(image_info); - image_info->options=CloneSplayTree((SplayTreeInfo *) clone_info->options, -- (void *(*)(void *)) ConstantString,(void *(*)(void *)) ConstantString); -+ CloneOptionKey,CloneOptionValue); - } - return(MagickTrue); - } -diff --git a/MagickCore/profile.c b/MagickCore/profile.c -index fac191845f1..8e38b301bb1 100644 ---- a/MagickCore/profile.c -+++ b/MagickCore/profile.c -@@ -143,6 +143,23 @@ typedef struct _CMSExceptionInfo - % o clone_image: the clone image. - % - */ -+ -+typedef char -+ *(*CloneKeyFunc)(const char *); -+ -+typedef StringInfo -+ *(*CloneValueFunc)(const StringInfo *); -+ -+static inline void *CloneProfileKey(void *key) -+{ -+ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key)); -+} -+ -+static inline void *CloneProfileValue(void *value) -+{ -+ return((void *) ((CloneValueFunc) CloneStringInfo)((const StringInfo *) value)); -+} -+ - MagickExport MagickBooleanType CloneImageProfiles(Image *image, - const Image *clone_image) - { -@@ -157,7 +174,7 @@ MagickExport MagickBooleanType CloneImageProfiles(Image *image, - if (image->profiles != (void *) NULL) - DestroyImageProfiles(image); - image->profiles=CloneSplayTree((SplayTreeInfo *) clone_image->profiles, -- (void *(*)(void *)) ConstantString,(void *(*)(void *)) CloneStringInfo); -+ CloneProfileKey,CloneProfileValue); - } - return(MagickTrue); - } -diff --git a/MagickCore/property.c b/MagickCore/property.c -index 09ae365dfa2..976ca34d70a 100644 ---- a/MagickCore/property.c -+++ b/MagickCore/property.c -@@ -131,6 +131,21 @@ - % o clone_image: the clone image. - % - */ -+ -+typedef char -+ *(*CloneKeyFunc)(const char *), -+ *(*CloneValueFunc)(const char *); -+ -+static inline void *ClonePropertyKey(void *key) -+{ -+ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key)); -+} -+ -+static inline void *ClonePropertyValue(void *value) -+{ -+ return((void *) ((CloneValueFunc) ConstantString)((const char *) value)); -+} -+ - MagickExport MagickBooleanType CloneImageProperties(Image *image, - const Image *clone_image) - { -@@ -195,8 +210,7 @@ MagickExport MagickBooleanType CloneImageProperties(Image *image, - if (image->properties != (void *) NULL) - DestroyImageProperties(image); - image->properties=CloneSplayTree((SplayTreeInfo *) -- clone_image->properties,(void *(*)(void *)) ConstantString, -- (void *(*)(void *)) ConstantString); -+ clone_image->properties,ClonePropertyKey,ClonePropertyValue); - } - return(MagickTrue); - } diff --git a/ImageMagick-7.1.2-2.tar.gz b/ImageMagick-7.1.2-2.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..d3100252a9810f5cdea27740ad30454bfc84fcaf --- /dev/null +++ b/ImageMagick-7.1.2-2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f511deb5827b07906e0558640a436a96644949dfd6bb21b1a641b09690ac3bdc +size 15719110 diff --git a/ImageMagick.spec b/ImageMagick.spec index 5318582a99aa1e19bd60c28b6e1f18fa0da9d777..0d0a22b43451f7e3ca6eb98ca8e3567ad0145719 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -1,24 +1,13 @@ Name: ImageMagick Epoch: 1 -Version: 7.1.1.15 -Release: 4 +Version: 7.1.2.2 +Release: 1 Summary: Create, edit, compose, or convert bitmap images License: ImageMagick and MIT Url: http://www.imagemagick.org/ -Source0: https://github.com/ImageMagick/ImageMagick/archive/refs/tags/7.1.1-15.tar.gz -Patch1: CVE-2023-5341.patch -Patch2: CVE-2025-43965.patch -Patch3: CVE-2025-46393.patch -Patch4: CVE-2025-53014.patch -Patch5: CVE-2025-53015_1-pre.patch -Patch6: CVE-2025-53015_1.patch -Patch7: CVE-2025-53015_2.patch -Patch8: CVE-2025-53101.patch -Patch9: CVE-2025-53019.patch -Patch10: CVE-2025-55004.patch -Patch11: CVE-2025-55005.patch -Patch12: CVE-2025-55154.patch -Patch13: CVE-2025-55160.patch +%global VER %(foo=%{version}; echo ${foo:0:5}) +%global Patchlevel %(foo=%{version}; echo ${foo:6}) +Source0: https://github.com/ImageMagick/ImageMagick/archive/%{VER}-%{Patchlevel}/%{name}-%{VER}-%{Patchlevel}.tar.gz BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel @@ -85,7 +74,7 @@ Requires: ImageMagick-devel = %{epoch}:%{version}-%{release} Development files for ImageMagick-c++. %prep -%autosetup -n ImageMagick-7.1.1-15 -p1 +%autosetup -n %{name}-%{VER}-%{Patchlevel} -p1 install -d Magick++/examples cp -p Magick++/demo/*.cpp Magick++/demo/*.miff Magick++/examples @@ -102,7 +91,7 @@ export CFLAGS="%{optflags} -DIMPNG_SETJMP_IS_THREAD_SAFE" %install %make_install -cp -a www/source %{buildroot}%{_datadir}/doc/ImageMagick-7.1.1 +cp -a www/source %{buildroot}%{_datadir}/doc/ImageMagick-%{VER} rm %{buildroot}%{_libdir}/*.la %{__perl} -MExtUtils::MakeMaker -e 'MY->fixin(@ARGV)' PerlMagick/demo/*.pl @@ -127,11 +116,12 @@ rm PerlMagick/demo/Generic.ttf /sbin/ldconfig %files -%doc LICENSE NOTICE AUTHORS.txt +%license LICENSE +%doc NOTICE AUTHORS.txt %{_bindir}/[a-z]* %{_libdir}/libMagickCore-7.Q16HDRI.so.10* %{_libdir}/libMagickWand-7.Q16HDRI.so.10* -%{_libdir}/ImageMagick-7.1.1 +%{_libdir}/ImageMagick-%{VER} %{_datadir}/ImageMagick-7 %dir %{_sysconfdir}/ImageMagick-7 %config(noreplace) %{_sysconfdir}/ImageMagick-7/*.xml @@ -149,23 +139,21 @@ rm PerlMagick/demo/Generic.ttf %{_includedir}/%{name}-7/MagickCore/* %files help -%doc README.txt NEWS.txt QuickStart.txt +%doc README.md %doc %{_datadir}/doc/ImageMagick-7 -%doc %{_datadir}/doc/ImageMagick-7.1.1 -%{_mandir}/man[145]/[a-z]* -%{_mandir}/man1/* -%{_mandir}/man3/* +%doc %{_datadir}/doc/ImageMagick-%{VER} +%{_mandir}/man?/* %files perl -f perl-pkg-files %doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt %files c++ -%doc Magick++/AUTHORS Magick++/ChangeLog Magick++/NEWS Magick++/README -%doc www/Magick++/COPYING +%license Magick++/LICENSE +%doc Magick++/AUTHORS %{_libdir}/libMagick++-7.Q16HDRI.so.5* %files c++-devel -%doc Magick++/examples +%doc Magick++/demo %{_bindir}/Magick++-config %{_includedir}/ImageMagick-7/Magick++* %{_libdir}/libMagick++-7.Q16HDRI.so @@ -173,6 +161,9 @@ rm PerlMagick/demo/Generic.ttf %{_libdir}/pkgconfig/ImageMagick* %changelog +* Thu Aug 28 2025 yaoxin <1024769339@qq.com> - 1:7.1.2.2-1 +- Update to 7.1.2.2 for fix CVE-2025-55212, CVE-2025-55298, CVE-2025-57803 + * Fri Aug 15 2025 yaoxin <1024769339@qq.com> - 1:7.1.1.15-4 - Fix CVE-2025-55004, CVE-2025-55005, CVE-2025-55154, CVE-2025-55160