Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ImageMagick for openSUSE:Factory checked in at 2026-03-28 20:12:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ImageMagick (Old) and /work/SRC/openSUSE:Factory/.ImageMagick.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ImageMagick" Sat Mar 28 20:12:21 2026 rev:329 rq:1343155 version:7.1.2.18 Changes: -------- --- /work/SRC/openSUSE:Factory/ImageMagick/ImageMagick.changes 2026-03-18 16:49:33.578652299 +0100 +++ /work/SRC/openSUSE:Factory/.ImageMagick.new.8177/ImageMagick.changes 2026-03-28 20:12:32.175405172 +0100 @@ -1,0 +2,14 @@ +Mon Mar 23 10:25:17 UTC 2026 - Petr Gajdos <[email protected]> + +- version update to 7.1.2.18 + * Fix animated JXL frame delay handling #8622 + * Fix off-by-one in MNG FRAM chunk delay/timeout parsing #8623 + * Fix MNG frame disposal for transparent animations #8625 + * Fix composite -dissolve adding random noise #8621 + * Bump actions/download-artifact from 8.0.0 to 8.0.1 #8629 +- use %autopatch, disable ImageMagick-s390x-disable-tests.patch + for now +- modified patches + * ImageMagick_policy_etc.patch + +------------------------------------------------------------------- @@ -4 +18 @@ -- version lupdate to 7.1.2.17 +- version update to 7.1.2.17 @@ -18 +32 @@ -- fixes CVE-2026-32259 [bsc#1259612] +- fixes CVE-2026-32636 [bsc#1259872] @@ -49,0 +64 @@ + CVE-2026-32259 [bsc#1259612] Old: ---- ImageMagick-7.1.2-17.tar.xz ImageMagick-7.1.2-17.tar.xz.asc ImageMagick-s390x-disable-tests.patch New: ---- ImageMagick-7.1.2-18.tar.xz ImageMagick-7.1.2-18.tar.xz.asc ----------(Old B)---------- Old: * Bump actions/download-artifact from 8.0.0 to 8.0.1 #8629 - use %autopatch, disable ImageMagick-s390x-disable-tests.patch for now ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ImageMagick.spec ++++++ --- /var/tmp/diff_new_pack.oeTcOC/_old 2026-03-28 20:12:32.979438355 +0100 +++ /var/tmp/diff_new_pack.oeTcOC/_new 2026-03-28 20:12:32.983438521 +0100 @@ -1,7 +1,6 @@ # # spec file for package ImageMagick # -# Copyright (c) 2026 SUSE LLC # Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties @@ -22,7 +21,7 @@ %define debug_build 0 %define asan_build 0 %define mfr_version 7.1.2 -%define mfr_revision 17 +%define mfr_revision 18 %define quantum_depth 16 %define source_version %{mfr_version}-%{mfr_revision} %define clibver 10 @@ -53,8 +52,6 @@ Patch1: ImageMagick-configuration-SUSE.patch # library installation Patch2: ImageMagick-library-installable-in-parallel.patch -# disable failing tests -Patch5: ImageMagick-s390x-disable-tests.patch BuildRequires: chrpath BuildRequires: dejavu-fonts @@ -263,14 +260,8 @@ %prep %setup -q -n ImageMagick-%{source_version} -%patch -P 0 -p1 -# default policy (SUSE) cp config/policy-secure.xml config/policy-SUSE.xml -%patch -P 1 -p1 -%patch -P 2 -p1 -%ifarch s390x -%patch -P 5 -p1 -%endif +%autopatch -p1 %build # bsc#1088463 @@ -505,7 +496,8 @@ %prep %setup -q -n ImageMagick-%{source_version} -%patch -P 0 -p1 +cp config/policy-secure.xml config/policy-SUSE.xml +%autopatch -p1 %build @@ -539,7 +531,8 @@ %prep %setup -q -n ImageMagick-%{source_version} -%patch -P 0 -p1 +cp config/policy-secure.xml config/policy-SUSE.xml +%autopatch -p1 %build @@ -577,7 +570,8 @@ %prep %setup -q -n ImageMagick-%{source_version} -%patch -P 0 -p1 +cp config/policy-secure.xml config/policy-SUSE.xml +%autopatch -p1 %build @@ -611,7 +605,8 @@ %prep %setup -q -n ImageMagick-%{source_version} -%patch -P 0 -p1 +cp config/policy-secure.xml config/policy-SUSE.xml +%autopatch -p1 %build ++++++ ImageMagick-7.1.2-17.tar.xz -> ImageMagick-7.1.2-18.tar.xz ++++++ /work/SRC/openSUSE:Factory/ImageMagick/ImageMagick-7.1.2-17.tar.xz /work/SRC/openSUSE:Factory/.ImageMagick.new.8177/ImageMagick-7.1.2-18.tar.xz differ: char 15, line 1 ++++++ ImageMagick-library-installable-in-parallel.patch ++++++ --- /var/tmp/diff_new_pack.oeTcOC/_old 2026-03-28 20:12:33.087442813 +0100 +++ /var/tmp/diff_new_pack.oeTcOC/_new 2026-03-28 20:12:33.095443143 +0100 @@ -1,8 +1,8 @@ -Index: ImageMagick-7.1.2-17/configure +Index: ImageMagick-7.1.2-18/configure =================================================================== ---- ImageMagick-7.1.2-17.orig/configure -+++ ImageMagick-7.1.2-17/configure -@@ -37295,7 +37295,9 @@ fi +--- ImageMagick-7.1.2-18.orig/configure ++++ ImageMagick-7.1.2-18/configure +@@ -37296,7 +37296,9 @@ fi # Subdirectory to place architecture-dependent configuration files ++++++ ImageMagick_policy_etc.patch ++++++ --- /var/tmp/diff_new_pack.oeTcOC/_old 2026-03-28 20:12:33.123444299 +0100 +++ /var/tmp/diff_new_pack.oeTcOC/_new 2026-03-28 20:12:33.127444464 +0100 @@ -46,4 +46,16 @@ <!-- Relative paths are not permitted. --> <policy domain="path" rights="none" pattern="*../*"/> <!-- Indirect reading is not permitted. --> +diff -ur ImageMagick-7.1.2-15.orig/config/policy-SUSE.xml ImageMagick-7.1.2-15/config/policy-secure.xml +--- ImageMagick-7.1.2-15.orig/config/policy-SUSE.xml 2026-02-22 22:26:44.000000000 +0100 ++++ ImageMagick-7.1.2-15/config/policy-SUSE.xml 2026-02-23 22:24:51.662615465 +0100 +@@ -93,6 +93,8 @@ + <policy domain="path" rights="none" pattern="fd:*"/> + <!-- Sensitive paths are not permitted. --> + <policy domain="path" rights="none" pattern="/etc/*"/> ++ <!-- but allow to read own data. --> ++ <policy domain="path" rights="read" pattern="/etc/IM*"/> + <!-- Relative paths are not permitted. --> + <policy domain="path" rights="none" pattern="*../*"/> + <!-- Indirect reading is not permitted. -->
