!45 [sync] PR-41: Fix CVE-2025-27795 and CVE-2025-32460

From: @openeuler-sync-bot 
Reviewed-by: @starlet-dx 
Signed-off-by: @starlet-dx

CVE-2025-27795.patch

@@ -0,0 +1,38 @@
+From: Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+Date: Mon, 9 Sep 2024 08:01:43 -0500
+Subject: ReadJXLImage(): Apply image dimension resource limits. Addresses
+ oss-fuzz Issue 69728
+
+Backported to Debian by Carlos Henrique Lima Melara <charles@debian.org>
+
+Changes:
+ - Drop changes to changelog and version files.
+Origin: upstream, https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42
+Bug-Debian: https://bugs.debian.org/1099955
+Last-Update: 2025-03-31
+---
+ coders/jxl.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/coders/jxl.c b/coders/jxl.c
+index b8a85fd..8a370fe 100644
+--- a/coders/jxl.c
++++ b/coders/jxl.c
+@@ -531,6 +531,7 @@ static Image *ReadJXLImage(const ImageInfo *image_info,
+                                       basic_info.alpha_bits, basic_info.num_color_channels,
+                                       basic_info.have_animation == JXL_FALSE ? "False" : "True");
+               }
++
+             if (basic_info.num_extra_channels)
+               {
+                 size_t index;
+@@ -579,6 +580,9 @@ static Image *ReadJXLImage(const ImageInfo *image_info,
+ 
+             image->orientation=convert_orientation(basic_info.orientation);
+ 
++            if (CheckImagePixelLimits(image, exception) != MagickPass)
++              ThrowJXLReaderException(ResourceLimitError,ImagePixelLimitExceeded,image);
++
+             pixel_format.endianness=JXL_NATIVE_ENDIAN;
+             pixel_format.align=0;
+             if (basic_info.num_color_channels == 1)

CVE-2025-32460.patch

@@ -0,0 +1,50 @@
+Description: ReadJXLImage(): pixel_format.num_channels needs to be 2 for grayscale matte
+Origin: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-32460
+Forwarded: not-needed
+Author: Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+
+--- a/coders/jxl.c
++++ b/coders/jxl.c
+@@ -600,7 +600,7 @@ static Image *ReadJXLImage(const ImageIn
+                       ThrowJXLReaderException(ResourceLimitError,MemoryAllocationFailed,image);
+                   }
+                 grayscale=MagickTrue;
+-                pixel_format.num_channels=1;
++                pixel_format.num_channels=image->matte ? 2 : 1;
+                 pixel_format.data_type=(basic_info.bits_per_sample <= 8 ? JXL_TYPE_UINT8 :
+                                   (basic_info.bits_per_sample <= 16 ? JXL_TYPE_UINT16 :
+                                    JXL_TYPE_FLOAT));
+@@ -765,10 +765,32 @@ static Image *ReadJXLImage(const ImageIn
+             size_t
+               out_len;
+ 
++            if (image->logging)
++              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                                    "JxlPixelFormat:\n"
++                                    "    num_channels: %u\n"
++                                    "    data_type: %s\n"
++                                    "    endianness: %s\n"
++                                    "    align: %" MAGICK_SIZE_T_F "u",
++                                    pixel_format.num_channels,
++                                    pixel_format.data_type == JXL_TYPE_FLOAT ? "float" :
++                                    (pixel_format.data_type == JXL_TYPE_UINT8 ? "uint8" :
++                                     (pixel_format.data_type == JXL_TYPE_UINT16 ? "uint16" :
++                                      (pixel_format.data_type == JXL_TYPE_FLOAT16 ? "float16" :
++                                       "unknown"))) ,
++                                    pixel_format.endianness == JXL_NATIVE_ENDIAN ? "native" :
++                                    (pixel_format.endianness == JXL_LITTLE_ENDIAN ? "little" :
++                                     (pixel_format.endianness == JXL_BIG_ENDIAN ? "big" : "unknown")),
++                                    pixel_format.align);
++
+             status=JxlDecoderImageOutBufferSize(jxl_decoder,&pixel_format,&out_len);
+             if (status != JXL_DEC_SUCCESS)
+               break;
+ 
++            if (image->logging)
++              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                                    "JxlDecoderImageOutBufferSize() returns %" MAGICK_SIZE_T_F "u",
++                                    (MAGICK_SIZE_T) out_len);
+             out_buf=MagickAllocateResourceLimitedArray(unsigned char *,out_len,sizeof(*out_buf));
+             if (out_buf == (unsigned char *) NULL)
+               ThrowJXLReaderException(ResourceLimitError,MemoryAllocationFailed,image);

GraphicsMagick-1.3.16-multilib.patch

@@ -1,43 +0,0 @@
-diff -up GraphicsMagick-1.3.16/Magick++/bin/GraphicsMagick++-config.in.multilib GraphicsMagick-1.3.16/Magick++/bin/GraphicsMagick++-config.in
---- GraphicsMagick-1.3.16/Magick++/bin/GraphicsMagick++-config.in.multilib	2011-11-12 14:39:22.000000000 -0600
-+++ GraphicsMagick-1.3.16/Magick++/bin/GraphicsMagick++-config.in	2012-06-24 11:25:12.603862643 -0500
-@@ -33,13 +33,13 @@ while test $# -gt 0; do
-       echo '@MAGICK_API_CPPFLAGS@'
-       ;;
-     --cxxflags)
--      echo '@CXXFLAGS@'
-+      echo ''
-       ;;
-     --ldflags)
--      echo '@MAGICK_API_LDFLAGS@'
-+      echo ''
-       ;;
-     --libs)
--      echo '-lGraphicsMagick++ @MAGICK_API_LIBS@'
-+      echo '-lGraphicsMagick++'
-       ;;
-     *)
-       echo "${usage}" 1>&2
-diff -up GraphicsMagick-1.3.16/magick/GraphicsMagick-config.in.multilib GraphicsMagick-1.3.16/magick/GraphicsMagick-config.in
---- GraphicsMagick-1.3.16/magick/GraphicsMagick-config.in.multilib	2011-11-12 14:39:26.000000000 -0600
-+++ GraphicsMagick-1.3.16/magick/GraphicsMagick-config.in	2012-06-24 11:14:55.947571850 -0500
-@@ -30,16 +30,16 @@ while test $# -gt 0; do
-       echo @PACKAGE_VERSION@
-       ;;
-     --cflags)
--      echo '@CFLAGS@'
-+      echo ''
-       ;;
-     --cppflags)
-       echo '@MAGICK_API_CPPFLAGS@'
-       ;;
-     --ldflags)
--      echo '@MAGICK_API_LDFLAGS@'
-+      echo ''
-       ;;
-     --libs)
--      echo '@MAGICK_API_LIBS@'
-+      echo '-lGraphicsMagick'
-       ;;
-     *)
-       echo "${usage}" 1>&2

GraphicsMagick.spec

@@ -25,8 +25,8 @@
 
 Summary: An ImageMagick fork, offering faster image generation and better quality
 Name:    GraphicsMagick
-Version: 1.3.38
+Version: 1.3.41
-Release: 1
+Release: 2
 
 License: MIT
 Source0: http://downloads.sourceforge.net/sourceforge/graphicsmagick/GraphicsMagick-%{version}.tar.xz
@@ -35,8 +35,9 @@ Source1: urw-fonts-1.0.7pre44.tar.bz2
 #S1 https://gitee.com/src-openeuler/urw-base35-fonts.git 
 Url: http://www.graphicsmagick.org/
 
-Patch001:  GraphicsMagick-1.3.16-multilib.patch
+Patch0:  GraphicsMagick-1.3.31-perl_linkage.patch
-Patch002:  GraphicsMagick-1.3.31-perl_linkage.patch
+Patch1:  CVE-2025-27795.patch
+Patch2:  CVE-2025-32460.patch
 
 BuildRequires: bzip2-devel
 BuildRequires: freetype-devel
@@ -152,6 +153,8 @@ GraphicsMagick documentation and usage introduction.
 
 %prep
 %setup -q
+%patch -P 1 -p1
+%patch -P 2 -p1
 
 %if 0%{?urw_font_bundle}
 mkdir -p urw-fonts
@@ -159,8 +162,7 @@ tar --directory=urw-fonts/ -xf %{SOURCE1}
 rm -f urw-fonts/ChangeLog urw-fonts/README* urw-fonts/fonts*
 %endif
 
-%patch002 -p1 -b .perl_linkage
+%patch -P 0 -p1 -b .perl_linkage
-%patch001 -p1 -b .multilib
 
 for f in ChangeLog.{2006,2008,2009,2012} NEWS.txt ; do
     iconv -f iso-8859-2 -t utf8 < $f > $f.utf8
@@ -248,7 +250,20 @@ mv %{buildroot}%{_includedir}/GraphicsMagick/magick/magick_types.h \
    %{buildroot}%{_includedir}/GraphicsMagick/magick/magick_types-%{__isa_bits}.h
 
 cat >%{buildroot}%{_includedir}/GraphicsMagick/magick/magick_types.h <<EOF
-
+#ifndef MAGICK_TYPES_MULTILIB
+#define MAGICK_TYPES_MULTILIB
+ 
+#include <bits/wordsize.h>
+ 
+#if __WORDSIZE == 32
+# include "magick/magick_types-32.h"
+#elif __WORDSIZE == 64
+# include "magick/magick_types-64.h"
+#else
+# error "unexpected value for __WORDSIZE macro"
+#endif
+ 
+#endif
 EOF
 %endif
 
@@ -327,6 +342,21 @@ exit 1
 %{_mandir}/man3/*
 
 %changelog
+* Tue Apr 29 2025 yaoxin <1024769339@qq.com> - 1.3.41-2
+- Fix CVE-2025-27795 and CVE-2025-32460
+
+* Tue Aug 29 2023 xu_ping <707078654@qq.com> - 1.3.41-1
+- Upgrade 1.3.41 to fix gm convert command failed.
+
+* Fri Aug 04 2023 xu_ping <707078654@qq.com> - 1.3.40-2
+- fix build error due to LOSSLESS_SUPPORTED is broken
+
+* Fri Apr 14 2023 liyanan <thistleslyn@163.com> - 1.3.40-1
+- Update to 1.3.40
+
+* Tue Jan 3 2023 caodongxia <caodongxia@h-partners.com> - 1.3.38-2
+- Fix the x86 compilation failure of zbar caused by missing magic_types
+
 * Tue Nov 1 2022 huyab<1229981468@qq.com> - 1.3.38-1
 - update version to 1.3.38-1