Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ImageMagick for openSUSE:Factory checked in at 2026-02-27 17:02:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ImageMagick (Old) and /work/SRC/openSUSE:Factory/.ImageMagick.new.29461 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ImageMagick" Fri Feb 27 17:02:25 2026 rev:325 rq:1335001 version:7.1.2.15 Changes: -------- --- /work/SRC/openSUSE:Factory/ImageMagick/ImageMagick.changes 2026-01-30 18:22:02.480911107 +0100 +++ /work/SRC/openSUSE:Factory/.ImageMagick.new.29461/ImageMagick.changes 2026-02-27 17:04:37.582983694 +0100 @@ -1,0 +2,42 @@ +Mon Feb 23 21:16:44 UTC 2026 - Arjen de Korte <[email protected]> + +- version update to 7.1.2.15 + * no upstream changelog, see + https://github.com/ImageMagick/ImageMagick/compare/7.1.2-13..7.1.2-15 +- modified patches + * ImageMagick-configuration-SUSE.patch (refreshed) + * ImageMagick_policy_etc.patch (refreshed) +- fixes CVE-2026-24481 [bsc#1258743] + CVE-2026-25794 [bsc#1258749] + CVE-2026-25796 [bsc#1258757] + CVE-2026-25637 [bsc#1258761] + CVE-2026-25576 [bsc#1258748] + CVE-2026-26983 [bsc#1258763] + CVE-2026-26284 [bsc#1258765] + CVE-2026-26283 [bsc#1258767] + CVE-2026-25965 [bsc#1258785] + CVE-2026-25967 [bsc#1258779] + CVE-2026-25989 [bsc#1258771] + CVE-2026-25968 [bsc#1258776] + CVE-2026-24485 [bsc#1258791] + CVE-2026-25985 [bsc#1258813] + CVE-2026-25987 [bsc#1258822] + CVE-2026-25966 [bsc#1258780] + CVE-2026-25799 [bsc#1258786] + CVE-2026-25798 [bsc#1258787] + CVE-2026-25798 [bsc#1258787] + CVE-2026-25795 [bsc#1258792] + CVE-2026-26066 [bsc#1258769] + CVE-2026-25638 [bsc#1258793] + CVE-2026-25797 [bsc#1258770] + CVE-2026-25897 [bsc#1258800] + CVE-2026-25970 [bsc#1258803] + CVE-2026-25982 [bsc#1258772] + CVE-2026-25983 [bsc#1258806] + CVE-2026-25898 [bsc#1258807] + CVE-2026-25971 [bsc#1258774] + CVE-2026-25988 [bsc#1258810] + CVE-2026-25969 [bsc#1258775] + CVE-2026-25986 [bsc#1258819] + +------------------------------------------------------------------- Old: ---- ImageMagick-7.1.2-13.tar.xz ImageMagick-7.1.2-13.tar.xz.asc New: ---- ImageMagick-7.1.2-15.tar.xz ImageMagick-7.1.2-15.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ImageMagick.spec ++++++ --- /var/tmp/diff_new_pack.UhBF0m/_old 2026-02-27 17:04:38.879037320 +0100 +++ /var/tmp/diff_new_pack.UhBF0m/_new 2026-02-27 17:04:38.883037486 +0100 @@ -21,7 +21,7 @@ %define debug_build 0 %define asan_build 0 %define mfr_version 7.1.2 -%define mfr_revision 13 +%define mfr_revision 15 %define quantum_depth 16 %define source_version %{mfr_version}-%{mfr_revision} %define clibver 10 ++++++ ImageMagick-7.1.2-13.tar.xz -> ImageMagick-7.1.2-15.tar.xz ++++++ /work/SRC/openSUSE:Factory/ImageMagick/ImageMagick-7.1.2-13.tar.xz /work/SRC/openSUSE:Factory/.ImageMagick.new.29461/ImageMagick-7.1.2-15.tar.xz differ: char 15, line 1 ++++++ ImageMagick-configuration-SUSE.patch ++++++ --- /var/tmp/diff_new_pack.UhBF0m/_old 2026-02-27 17:04:38.955040465 +0100 +++ /var/tmp/diff_new_pack.UhBF0m/_new 2026-02-27 17:04:38.959040631 +0100 @@ -1,6 +1,6 @@ -diff -ur ImageMagick-7.1.2-8_fix/config/policy-secure.xml ImageMagick-7.1.2-8_fix2/config/policy-secure.xml ---- ImageMagick-7.1.2-8/config/policy-secure.xml 2025-11-06 15:30:11.995056081 +0100 -+++ ImageMagick-7.1.2-8_fix/config/policy-secure.xml 2025-11-06 15:46:05.605527563 +0100 +diff -ur ImageMagick-7.1.2-15.orig/config/policy-secure.xml ImageMagick-7.1.2-15/config/policy-secure.xml +--- ImageMagick-7.1.2-15.orig/config/policy-secure.xml 2026-02-23 22:24:51.662615465 +0100 ++++ ImageMagick-7.1.2-15/config/policy-secure.xml 2026-02-23 22:39:43.613341024 +0100 @@ -62,7 +62,7 @@ <policy domain="resource" name="disk" value="2GiB"/> <!-- Set the maximum length of an image sequence. When this limit is @@ -15,16 +15,16 @@ <!-- <policy domain="cache" name="shared-secret" value="secret-passphrase" stealth="true"/> --> <!-- Do not permit any delegates to execute. --> - <policy domain="delegate" rights="none" pattern="*"/> -+ <!--policy domain="delegate" rights="none" pattern="*"/ --> ++ <!-- <policy domain="delegate" rights="none" pattern="*"/> --> <!-- Do not permit any image filters to load. --> <policy domain="filter" rights="none" pattern="*"/> <!-- Don't read/write from/to stdin/stdout. --> - <policy domain="path" rights="none" pattern="-"/> -+ <!--policy domain="path" rights="none" pattern="-"/ --> - <!-- don't read sensitive paths. --> ++ <!-- <policy domain="path" rights="none" pattern="-"/> --> + <policy domain="path" rights="none" pattern="fd:*"/> + <!-- Sensitive paths are not permitted. --> <policy domain="path" rights="none" pattern="/etc/*"/> - <!-- but allow to read own data. --> -@@ -107,4 +107,20 @@ +@@ -110,4 +110,20 @@ <!-- Set the maximum amount of memory in bytes that are permitted for allocation requests. --> <policy domain="system" name="max-memory-request" value="256MiB"/> ++++++ ImageMagick_policy_etc.patch ++++++ --- /var/tmp/diff_new_pack.UhBF0m/_old 2026-02-27 17:04:39.003042451 +0100 +++ /var/tmp/diff_new_pack.UhBF0m/_new 2026-02-27 17:04:39.007042617 +0100 @@ -1,6 +1,6 @@ -diff -ur ImageMagick-7.1.2-8/config/policy-limited.xml ImageMagick-7.1.2-8_fix/config/policy-limited.xml ---- ImageMagick-7.1.2-8/config/policy-limited.xml 2025-10-26 12:54:38.000000000 +0100 -+++ ImageMagick-7.1.2-8_fix/config/policy-limited.xml 2025-11-06 15:30:05.385948863 +0100 +diff -ur ImageMagick-7.1.2-15.orig/config/policy-limited.xml ImageMagick-7.1.2-15/config/policy-limited.xml +--- ImageMagick-7.1.2-15.orig/config/policy-limited.xml 2026-02-22 22:26:44.000000000 +0100 ++++ ImageMagick-7.1.2-15/config/policy-limited.xml 2026-02-23 22:27:10.002838088 +0100 @@ -82,6 +82,8 @@ <!-- <policy domain="path" rights="none" pattern="-"/> --> <!-- don't read sensitive paths. --> @@ -10,9 +10,9 @@ <!-- Indirect reads are not permitted. --> <policy domain="path" rights="none" pattern="@*"/> <!-- These image types are security risks on read, but write is fine --> -diff -ur ImageMagick-7.1.2-8/config/policy-open.xml ImageMagick-7.1.2-8_fix/config/policy-open.xml ---- ImageMagick-7.1.2-8/config/policy-open.xml 2025-10-26 12:54:38.000000000 +0100 -+++ ImageMagick-7.1.2-8_fix/config/policy-open.xml 2025-11-06 15:30:28.217319267 +0100 +diff -ur ImageMagick-7.1.2-15.orig/config/policy-open.xml ImageMagick-7.1.2-15/config/policy-open.xml +--- ImageMagick-7.1.2-15.orig/config/policy-open.xml 2026-02-22 22:26:44.000000000 +0100 ++++ ImageMagick-7.1.2-15/config/policy-open.xml 2026-02-23 22:28:58.555653280 +0100 @@ -137,6 +137,8 @@ <!-- <policy domain="path" rights="none" pattern="-"/> --> <!-- don't read sensitive paths. --> @@ -22,28 +22,28 @@ <!-- Indirect reads are not permitted. --> <!-- <policy domain="path" rights="none" pattern="@*"/> --> <!-- These image types are security risks on read, but write is fine --> -diff -ur ImageMagick-7.1.2-8/config/policy-secure.xml ImageMagick-7.1.2-8_fix/config/policy-secure.xml ---- ImageMagick-7.1.2-8/config/policy-secure.xml 2025-10-26 12:54:38.000000000 +0100 -+++ ImageMagick-7.1.2-8_fix/config/policy-secure.xml 2025-11-06 15:30:11.995056081 +0100 -@@ -92,6 +92,8 @@ - <policy domain="path" rights="none" pattern="-"/> - <!-- don't read sensitive paths. --> +diff -ur ImageMagick-7.1.2-15.orig/config/policy-secure.xml ImageMagick-7.1.2-15/config/policy-secure.xml +--- ImageMagick-7.1.2-15.orig/config/policy-secure.xml 2026-02-22 22:26:44.000000000 +0100 ++++ ImageMagick-7.1.2-15/config/policy-secure.xml 2026-02-23 22:24:51.662615465 +0100 +@@ -93,6 +93,8 @@ + <policy domain="path" rights="none" pattern="fd:*"/> + <!-- Sensitive paths are not permitted. --> <policy domain="path" rights="none" pattern="/etc/*"/> + <!-- but allow to read own data. --> + <policy domain="path" rights="read" pattern="/etc/IM*"/> - <!-- Indirect reads are not permitted. --> - <policy domain="path" rights="none" pattern="@*"/> - <!-- These image types are security risks on read, but write is fine --> -diff -ur ImageMagick-7.1.2-8/config/policy-websafe.xml ImageMagick-7.1.2-8_fix/config/policy-websafe.xml ---- ImageMagick-7.1.2-8/config/policy-websafe.xml 2025-10-26 12:54:38.000000000 +0100 -+++ ImageMagick-7.1.2-8_fix/config/policy-websafe.xml 2025-11-06 15:29:57.094814346 +0100 -@@ -88,6 +88,8 @@ - <policy domain="path" rights="none" pattern="-"/> - <!-- don't read sensitive paths. --> + <!-- Relative paths are not permitted. --> + <policy domain="path" rights="none" pattern="*../*"/> + <!-- Indirect reading is not permitted. --> +diff -ur ImageMagick-7.1.2-15.orig/config/policy-websafe.xml ImageMagick-7.1.2-15/config/policy-websafe.xml +--- ImageMagick-7.1.2-15.orig/config/policy-websafe.xml 2026-02-22 22:26:44.000000000 +0100 ++++ ImageMagick-7.1.2-15/config/policy-websafe.xml 2026-02-23 22:25:26.342788070 +0100 +@@ -89,6 +89,8 @@ + <policy domain="path" rights="none" pattern="fd:*"/> + <!-- Sensitive paths are not permitted. --> <policy domain="path" rights="none" pattern="/etc/*"/> + <!-- but allow to read own data. --> + <policy domain="path" rights="read" pattern="/etc/IM*"/> - <!-- Indirect reads are not permitted. --> - <policy domain="path" rights="none" pattern="@*"/> - <!-- Deny all image modules and specifically exempt reading or writing + <!-- Relative paths are not permitted. --> + <policy domain="path" rights="none" pattern="*../*"/> + <!-- Indirect reading is not permitted. -->
