Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ImageMagick for openSUSE:Factory checked in at 2026-05-29 18:04:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ImageMagick (Old) and /work/SRC/openSUSE:Factory/.ImageMagick.new.1937 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ImageMagick" Fri May 29 18:04:35 2026 rev:337 rq:1355847 version:7.1.2.24 Changes: -------- --- /work/SRC/openSUSE:Factory/ImageMagick/ImageMagick.changes 2026-05-20 15:24:14.085431288 +0200 +++ /work/SRC/openSUSE:Factory/.ImageMagick.new.1937/ImageMagick.changes 2026-05-29 18:05:11.893620548 +0200 @@ -1,0 +2,32 @@ +Fri May 29 09:25:04 UTC 2026 - Petr Gajdos <[email protected]> + +- in default security policy, allow reading from symbolic links + [bsc#1265373] +- modified patches + * ImageMagick-configuration-SUSE.patch + +------------------------------------------------------------------- +Thu May 28 14:05:32 UTC 2026 - Petr Gajdos <[email protected]> + +- version update to 7.1.2.24 + * reject mtv files with zero columns or rows #8758 + * reject tga files with zero columns or rows #8756 + * reject cineon files with zero columns or rows #8754 + * build(deps): bump ubuntu from 22.04 to 26.04 in /.devcontainer #8751 + * reject farbfeld files with zero columns or rows #8750 + * build(deps): bump caphyon/advinst-github-action from 2.0.2 to 2.0.3 #8742 + * build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 #8749 + * Add profile_fuzzer for raw EXIF/XMP/IPTC/ICC parsing #8736 +- fixes following GH security advisories: + * GHSA-4v89-6mgq-6rgc + * GHSA-8pj9-6897-74xc + * GHSA-xcjm-wqff-m669 + * GHSA-gm48-c7f2-v67p + * GHSA-h36c-3666-h489 + * GHSA-5v62-8fq6-cp9m + * GHSA-9hqg-xf93-ghfw + * GHSA-2hhq-c99x-492r + * GHSA-6mwj-rp89-6j5j + * GHSA-vgh5-r42g-4j44 + +------------------------------------------------------------------- @@ -5 +37,2 @@ - * no upstream changelog + * build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 #8733 + * ignore_sequence_editlist only in libheif 1.21 #8729 @@ -27 +60,5 @@ - * no upstream changelog + * Fix unsound free of uninitialized pointers in GetImageFeatures error path #8724 + * build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 #8719 + * build(deps): bump msys2/setup-msys2 from 2.31.0 to 2.31.1 #8697 + * build(deps): bump github/codeql-action from 4.35.1 to 4.35.2 #8684 + * build(deps): bump lxml from 6.0.2 to 6.1.0 in /.github/build/python #8683 Old: ---- ImageMagick-7.1.2-23.tar.xz ImageMagick-7.1.2-23.tar.xz.asc New: ---- ImageMagick-7.1.2-24.tar.xz ImageMagick-7.1.2-24.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ImageMagick.spec ++++++ --- /var/tmp/diff_new_pack.l3HMLo/_old 2026-05-29 18:05:13.321679638 +0200 +++ /var/tmp/diff_new_pack.l3HMLo/_new 2026-05-29 18:05:13.325679804 +0200 @@ -21,7 +21,7 @@ %define debug_build 0 %define asan_build 0 %define mfr_version 7.1.2 -%define mfr_revision 23 +%define mfr_revision 24 %define quantum_depth 16 %define source_version %{mfr_version}-%{mfr_revision} %define clibver 10 ++++++ ImageMagick-7.1.2-23.tar.xz -> ImageMagick-7.1.2-24.tar.xz ++++++ /work/SRC/openSUSE:Factory/ImageMagick/ImageMagick-7.1.2-23.tar.xz /work/SRC/openSUSE:Factory/.ImageMagick.new.1937/ImageMagick-7.1.2-24.tar.xz differ: char 15, line 1 ++++++ ImageMagick-configuration-SUSE.patch ++++++ --- /var/tmp/diff_new_pack.l3HMLo/_old 2026-05-29 18:05:13.389682452 +0200 +++ /var/tmp/diff_new_pack.l3HMLo/_new 2026-05-29 18:05:13.401682949 +0200 @@ -1,7 +1,7 @@ -Index: ImageMagick-7.1.2-23/config/policy-SUSE.xml +Index: ImageMagick-7.1.2-24/config/policy-SUSE.xml =================================================================== ---- ImageMagick-7.1.2-23.orig/config/policy-SUSE.xml -+++ ImageMagick-7.1.2-23/config/policy-SUSE.xml +--- ImageMagick-7.1.2-24.orig/config/policy-SUSE.xml ++++ ImageMagick-7.1.2-24/config/policy-SUSE.xml @@ -65,7 +65,7 @@ <policy domain="resource" name="disk" value="2GiB"/> <!-- Set the maximum length of an image sequence. When this limit is @@ -25,10 +25,12 @@ <policy domain="path" rights="none" pattern="fd:*"/> <!-- Sensitive paths are not permitted. --> <policy domain="path" rights="none" pattern="/etc/*"/> -@@ -115,4 +115,20 @@ +@@ -114,5 +114,21 @@ + allocation requests. --> <policy domain="system" name="max-memory-request" value="256MiB"/> <!-- If the basename of path is a symbolic link, the open fails --> - <policy domain="system" name="symlink" rights="none" pattern="follow"/> +- <policy domain="system" name="symlink" rights="none" pattern="follow"/> ++ <policy domain="system" name="symlink" rights="read" pattern="follow"/> + <!-- Disable insecure coders by default --> + <policy domain="coder" rights="none" pattern="EPHEMERAL" /> + <policy domain="coder" rights="none" pattern="URL" />
