Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package GraphicsMagick for openSUSE:Factory
checked in at 2026-06-11 17:25:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/GraphicsMagick (Old)
and /work/SRC/openSUSE:Factory/.GraphicsMagick.new.1981 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "GraphicsMagick"
Thu Jun 11 17:25:51 2026 rev:104 rq:1358544 version:1.3.47
Changes:
--------
--- /work/SRC/openSUSE:Factory/GraphicsMagick/GraphicsMagick.changes
2026-05-20 15:23:42.448130128 +0200
+++ /work/SRC/openSUSE:Factory/.GraphicsMagick.new.1981/GraphicsMagick.changes
2026-06-11 17:26:22.447847066 +0200
@@ -1,0 +2,56 @@
+Wed Jun 10 12:11:30 UTC 2026 - Petr Gajdos <[email protected]>
+
+- version update to 1.3.47
+ * DPX: Fix subsampling validation logic which was failing due to
+ incorrect logic. This avoids a divide by zero possibility.
+ * JNG writer: Properly handle and report the case where
+ ImageToBlob()returns NULL.
+ * MNG writer: Enforce that MNG only supports a color palette up to 256
+ colors (ImageMagick CVE-2026-28690).
+ * MagickXImageWindowCommand(): Assure that static buffer does not
+ overflow if the user keeps a numeric key depressed (ImageMagick
+ CVE-2026-33535).
+ * PCD: Prevent an out of bounds read (ImageMagick security advisory
+ GHSA-wrhr-rf8j-r842).
+ * PNG writer: Detect and report an excessively large profile, an other
+ unexpected conditions (ImageMagick CVE-2026-30883).
+ * RenderFreetype(): Use MagickConfirmAccess() to verify that font file
+ name is allowed to be read.
+ * TIFF EXIF IFD writer: Detect and prevent infinite looping (EXIF IFD
+ writer code may be excluded by the -DEXPERIMENTAL_EXIF_TAGS=0
+ define).
+ * TIFF EXIF IFD writer: Only transfer tags from EXIF and GPS IFDs. Do
+ not transfer tags from the main IFDs.
+ * YUV: Fix validation of 'sampling-factor' argument. (ImageMagick
+ CVE-2026-25799). Given that the argument normally comes from a user
+ (rather than an input file) this seems to be a minor security issue
+ at most.
+ * PS, PS2, PS3: Enforce that width and height dimensions, and total
+ pixels, to/from Ghostscript are within the same limits as specified
+ for GraphicsMagick. This helps avoid Ghostscript-based denial of
+ service opportunities.
+ * SVG: Add validations for element id syntax. Reject invalid
+ attribute values which contain single quotes.
+ * XCF: Report an error if there are no layers. Fix two unsigned
+ integer overflow cases.
+ * DescribeImage(): Avoid heap write overflow while parsing the image
+ directory.
+ * and so on, see NEWS.txt
+- modified patches
+ * GraphicsMagick-CVE-2026-42050.patch (refreshed)
+ * GraphicsMagick-disable-insecure-coders.patch (refreshed)
+ * GraphicsMagick-perl-linkage.patch (refreshed)
+- deleted patches
+ * GraphicsMagick-CVE-2026-25799.patch (upstreamed)
+ * GraphicsMagick-CVE-2026-26284.patch (upstreamed)
+ * GraphicsMagick-CVE-2026-28690.patch (upstreamed)
+ * GraphicsMagick-CVE-2026-30883.patch (upstreamed)
+ * GraphicsMagick-CVE-2026-33535.patch (upstreamed)
+
+-------------------------------------------------------------------
+Wed Jun 10 12:03:46 UTC 2026 - Petr Gajdos <[email protected]>
+
+- modified patches
+ * GraphicsMagick-perl-linkage.patch (refreshed)
+
+-------------------------------------------------------------------
Old:
----
GraphicsMagick-1.3.46.tar.xz
GraphicsMagick-CVE-2026-25799.patch
GraphicsMagick-CVE-2026-26284.patch
GraphicsMagick-CVE-2026-28690.patch
GraphicsMagick-CVE-2026-30883.patch
GraphicsMagick-CVE-2026-33535.patch
New:
----
GraphicsMagick-1.3.47.tar.xz
----------(Old B)----------
Old:- deleted patches
* GraphicsMagick-CVE-2026-25799.patch (upstreamed)
* GraphicsMagick-CVE-2026-26284.patch (upstreamed)
Old: * GraphicsMagick-CVE-2026-25799.patch (upstreamed)
* GraphicsMagick-CVE-2026-26284.patch (upstreamed)
* GraphicsMagick-CVE-2026-28690.patch (upstreamed)
Old: * GraphicsMagick-CVE-2026-26284.patch (upstreamed)
* GraphicsMagick-CVE-2026-28690.patch (upstreamed)
* GraphicsMagick-CVE-2026-30883.patch (upstreamed)
Old: * GraphicsMagick-CVE-2026-28690.patch (upstreamed)
* GraphicsMagick-CVE-2026-30883.patch (upstreamed)
* GraphicsMagick-CVE-2026-33535.patch (upstreamed)
Old: * GraphicsMagick-CVE-2026-30883.patch (upstreamed)
* GraphicsMagick-CVE-2026-33535.patch (upstreamed)
----------(Old E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ GraphicsMagick.spec ++++++
--- /var/tmp/diff_new_pack.IACAXn/_old 2026-06-11 17:26:23.351884977 +0200
+++ /var/tmp/diff_new_pack.IACAXn/_new 2026-06-11 17:26:23.355885145 +0200
@@ -24,7 +24,7 @@
%define pp_so_ver 12
%define wand_so_ver 2
Name: GraphicsMagick
-Version: 1.3.46
+Version: 1.3.47
Release: 0
Summary: Viewer and Converter for Images
License: MIT
@@ -33,16 +33,6 @@
Source:
https://downloads.sourceforge.net/project/graphicsmagick/graphicsmagick/%{version}/%{name}-%{version}.tar.xz
Patch0: GraphicsMagick-perl-linkage.patch
Patch1: GraphicsMagick-disable-insecure-coders.patch
-# CVE-2026-25799 [bsc#1258786], Division-by-Zero in YUV sampling factor
validation leads to crash
-Patch2: GraphicsMagick-CVE-2026-25799.patch
-# CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a
heap buffer over-write (bsc#1259467)
-Patch3: GraphicsMagick-CVE-2026-30883.patch
-# CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack
buffer overflow (bsc#1259456)
-Patch4: GraphicsMagick-CVE-2026-28690.patch
-# CVE-2026-26284: Heap overflow in pcd decoder leads to out of bounds read.
[bsc#1258765]
-Patch5: GraphicsMagick-CVE-2026-26284.patch
-# CVE-2026-33535: Out-of-Bounds write of a zero byte in X11 display
interaction [bsc#1260874]
-Patch6: GraphicsMagick-CVE-2026-33535.patch
# CVE-2026-42050: Stack buffer overflow in XTileImage [bsc#1265048]
Patch7: GraphicsMagick-CVE-2026-42050.patch
BuildRequires: cups-client
++++++ GraphicsMagick-1.3.46.tar.xz -> GraphicsMagick-1.3.47.tar.xz ++++++
++++ 110651 lines of diff (skipped)
++++++ GraphicsMagick-CVE-2026-42050.patch ++++++
--- /var/tmp/diff_new_pack.IACAXn/_old 2026-06-11 17:26:25.339968348 +0200
+++ /var/tmp/diff_new_pack.IACAXn/_new 2026-06-11 17:26:25.347968683 +0200
@@ -1,8 +1,8 @@
-Index: GraphicsMagick-1.3.46/magick/display.c
+Index: GraphicsMagick-1.3.47/magick/display.c
===================================================================
---- GraphicsMagick-1.3.46.orig/magick/display.c
-+++ GraphicsMagick-1.3.46/magick/display.c
-@@ -12492,7 +12492,8 @@ static Image *MagickXTileImage(Display *
+--- GraphicsMagick-1.3.47.orig/magick/display.c
++++ GraphicsMagick-1.3.47/magick/display.c
+@@ -12523,7 +12523,8 @@ static Image *MagickXTileImage(Display *
if (id < 0)
return((Image *) NULL);
q=p;
@@ -12,7 +12,7 @@
q++;
(void) strncpy(filename,p,q-p);
filename[q-p]='\0';
-@@ -12582,7 +12583,8 @@ static Image *MagickXTileImage(Display *
+@@ -12613,7 +12614,8 @@ static Image *MagickXTileImage(Display *
for (p=image->directory; *p != '\0'; p++)
{
q=p;
++++++ GraphicsMagick-disable-insecure-coders.patch ++++++
--- /var/tmp/diff_new_pack.IACAXn/_old 2026-06-11 17:26:25.379970025 +0200
+++ /var/tmp/diff_new_pack.IACAXn/_new 2026-06-11 17:26:25.383970192 +0200
@@ -1,8 +1,8 @@
-Index: GraphicsMagick-1.3.46/coders/pdf.c
+Index: GraphicsMagick-1.3.47/coders/pdf.c
===================================================================
---- GraphicsMagick-1.3.46.orig/coders/pdf.c
-+++ GraphicsMagick-1.3.46/coders/pdf.c
-@@ -499,7 +499,7 @@ ModuleExport void RegisterPDFImage(void)
+--- GraphicsMagick-1.3.47.orig/coders/pdf.c
++++ GraphicsMagick-1.3.47/coders/pdf.c
+@@ -500,7 +500,7 @@ ModuleExport void RegisterPDFImage(void)
entry->seekable_stream=True;
entry->description="Encapsulated Portable Document Format";
entry->module="PDF";
@@ -11,7 +11,7 @@
(void) RegisterMagickInfo(entry);
entry=SetMagickInfo("PDF");
-@@ -512,7 +512,7 @@ ModuleExport void RegisterPDFImage(void)
+@@ -513,7 +513,7 @@ ModuleExport void RegisterPDFImage(void)
entry->seekable_stream=True;
entry->description="Portable Document Format";
entry->module="PDF";
@@ -20,11 +20,11 @@
(void) RegisterMagickInfo(entry);
}
�
-Index: GraphicsMagick-1.3.46/coders/ps.c
+Index: GraphicsMagick-1.3.47/coders/ps.c
===================================================================
---- GraphicsMagick-1.3.46.orig/coders/ps.c
-+++ GraphicsMagick-1.3.46/coders/ps.c
-@@ -456,7 +456,7 @@ ModuleExport void RegisterPSImage(void)
+--- GraphicsMagick-1.3.47.orig/coders/ps.c
++++ GraphicsMagick-1.3.47/coders/ps.c
+@@ -501,7 +501,7 @@ ModuleExport void RegisterPSImage(void)
entry->adjoin=False;
entry->description="Adobe Encapsulated PostScript Interchange format";
entry->module="PS";
@@ -33,7 +33,7 @@
(void) RegisterMagickInfo(entry);
entry=SetMagickInfo("EPS");
-@@ -468,7 +468,7 @@ ModuleExport void RegisterPSImage(void)
+@@ -513,7 +513,7 @@ ModuleExport void RegisterPSImage(void)
entry->adjoin=False;
entry->description="Adobe Encapsulated PostScript";
entry->module="PS";
@@ -42,7 +42,7 @@
(void) RegisterMagickInfo(entry);
entry=SetMagickInfo("EPSF");
-@@ -480,7 +480,7 @@ ModuleExport void RegisterPSImage(void)
+@@ -525,7 +525,7 @@ ModuleExport void RegisterPSImage(void)
entry->adjoin=False;
entry->description="Adobe Encapsulated PostScript";
entry->module="PS";
@@ -51,7 +51,7 @@
(void) RegisterMagickInfo(entry);
entry=SetMagickInfo("EPSI");
-@@ -492,7 +492,7 @@ ModuleExport void RegisterPSImage(void)
+@@ -537,7 +537,7 @@ ModuleExport void RegisterPSImage(void)
entry->adjoin=False;
entry->description="Adobe Encapsulated PostScript Interchange format";
entry->module="PS";
@@ -60,7 +60,7 @@
(void) RegisterMagickInfo(entry);
entry=SetMagickInfo("PS");
-@@ -503,7 +503,7 @@ ModuleExport void RegisterPSImage(void)
+@@ -548,7 +548,7 @@ ModuleExport void RegisterPSImage(void)
entry->magick=(MagickHandler) IsPS;
entry->description="Adobe PostScript";
entry->module="PS";
@@ -69,11 +69,11 @@
(void) RegisterMagickInfo(entry);
}
�
-Index: GraphicsMagick-1.3.46/coders/ps2.c
+Index: GraphicsMagick-1.3.47/coders/ps2.c
===================================================================
---- GraphicsMagick-1.3.46.orig/coders/ps2.c
-+++ GraphicsMagick-1.3.46/coders/ps2.c
-@@ -252,7 +252,7 @@ ModuleExport void RegisterPS2Image(void)
+--- GraphicsMagick-1.3.47.orig/coders/ps2.c
++++ GraphicsMagick-1.3.47/coders/ps2.c
+@@ -258,7 +258,7 @@ ModuleExport void RegisterPS2Image(void)
entry->seekable_stream=True;
entry->description="Adobe Level II Encapsulated PostScript";
entry->module="PS2";
@@ -82,7 +82,7 @@
(void) RegisterMagickInfo(entry);
entry=SetMagickInfo("PS2");
-@@ -260,7 +260,7 @@ ModuleExport void RegisterPS2Image(void)
+@@ -266,7 +266,7 @@ ModuleExport void RegisterPS2Image(void)
entry->seekable_stream=True;
entry->description="Adobe Level II PostScript";
entry->module="PS2";
@@ -91,11 +91,11 @@
(void) RegisterMagickInfo(entry);
}
�
-Index: GraphicsMagick-1.3.46/coders/ps3.c
+Index: GraphicsMagick-1.3.47/coders/ps3.c
===================================================================
---- GraphicsMagick-1.3.46.orig/coders/ps3.c
-+++ GraphicsMagick-1.3.46/coders/ps3.c
-@@ -394,7 +394,7 @@ ModuleExport void RegisterPS3Image(void)
+--- GraphicsMagick-1.3.47.orig/coders/ps3.c
++++ GraphicsMagick-1.3.47/coders/ps3.c
+@@ -400,7 +400,7 @@ ModuleExport void RegisterPS3Image(void)
entry->description="Adobe Level III Encapsulated PostScript";
entry->seekable_stream=MagickTrue;
entry->module="PS3";
@@ -104,7 +104,7 @@
(void) RegisterMagickInfo(entry);
entry=SetMagickInfo("PS3");
-@@ -402,7 +402,7 @@ ModuleExport void RegisterPS3Image(void)
+@@ -408,7 +408,7 @@ ModuleExport void RegisterPS3Image(void)
entry->description="Adobe Level III PostScript";
entry->seekable_stream=MagickTrue;
entry->module="PS3";
@@ -113,10 +113,10 @@
(void) RegisterMagickInfo(entry);
}
�
-Index: GraphicsMagick-1.3.46/config/delegates.mgk.in
+Index: GraphicsMagick-1.3.47/config/delegates.mgk.in
===================================================================
---- GraphicsMagick-1.3.46.orig/config/delegates.mgk.in
-+++ GraphicsMagick-1.3.46/config/delegates.mgk.in
+--- GraphicsMagick-1.3.47.orig/config/delegates.mgk.in
++++ GraphicsMagick-1.3.47/config/delegates.mgk.in
@@ -88,27 +88,27 @@
<delegate decode="dot" command='"@DOTDecodeDelegate@" -Tps "%i" -o "%o"' />
<delegate decode="dvi" command='"@DVIDecodeDelegate@" -q -o "%o" "%i"' />
@@ -175,10 +175,10 @@
<!-- Read HTML file -->
<delegate decode="shtml" command='"@HTMLDecodeDelegate@" -U -o "%o" "%i"' />
<delegate encode="show" stealth="True" command='"@GMDelegate@" display
-immutable -delay 0 -window_group %g -title "%l of %f" "%o" &' />
-Index: GraphicsMagick-1.3.46/Makefile.in
+Index: GraphicsMagick-1.3.47/Makefile.in
===================================================================
---- GraphicsMagick-1.3.46.orig/Makefile.in
-+++ GraphicsMagick-1.3.46/Makefile.in
+--- GraphicsMagick-1.3.47.orig/Makefile.in
++++ GraphicsMagick-1.3.47/Makefile.in
@@ -4383,7 +4383,6 @@ TESTS_TESTS = \
tests/rwfile.tap \
tests/rwfile_sized.tap \
@@ -187,10 +187,10 @@
tests/rwfile_deep.tap
TESTS_EXTRA_DIST = \
-Index: GraphicsMagick-1.3.46/tests/rwblob.tap
+Index: GraphicsMagick-1.3.47/tests/rwblob.tap
===================================================================
---- GraphicsMagick-1.3.46.orig/tests/rwblob.tap
-+++ GraphicsMagick-1.3.46/tests/rwblob.tap
+--- GraphicsMagick-1.3.47.orig/tests/rwblob.tap
++++ GraphicsMagick-1.3.47/tests/rwblob.tap
@@ -10,7 +10,7 @@ rwblob=./rwblob
check_types='bilevel gray palette truecolor'
@@ -219,10 +219,10 @@
# FAX format
for type in ${check_types}
do
-Index: GraphicsMagick-1.3.46/tests/rwfile.tap
+Index: GraphicsMagick-1.3.47/tests/rwfile.tap
===================================================================
---- GraphicsMagick-1.3.46.orig/tests/rwfile.tap
-+++ GraphicsMagick-1.3.46/tests/rwfile.tap
+--- GraphicsMagick-1.3.47.orig/tests/rwfile.tap
++++ GraphicsMagick-1.3.47/tests/rwfile.tap
@@ -12,7 +12,7 @@ check_types='bilevel gray palette trueco
check_types_noone='bilevel gray palette truecolor'
++++++ GraphicsMagick-perl-linkage.patch ++++++
--- /var/tmp/diff_new_pack.IACAXn/_old 2026-06-11 17:26:25.403971031 +0200
+++ /var/tmp/diff_new_pack.IACAXn/_new 2026-06-11 17:26:25.415971535 +0200
@@ -1,7 +1,7 @@
-Index: GraphicsMagick-1.3.46/PerlMagick/Makefile.PL.in
+Index: GraphicsMagick-1.3.47/PerlMagick/Makefile.PL.in
===================================================================
---- GraphicsMagick-1.3.46.orig/PerlMagick/Makefile.PL.in
-+++ GraphicsMagick-1.3.46/PerlMagick/Makefile.PL.in
+--- GraphicsMagick-1.3.47.orig/PerlMagick/Makefile.PL.in
++++ GraphicsMagick-1.3.47/PerlMagick/Makefile.PL.in
@@ -78,7 +78,7 @@ WriteMakefile
'INSTALLBIN' => $magick_BIN_DIR,
