CVE-2023-5341.patch

@@ -1,27 +0,0 @@
-From 97b99a741321c9a89491ebb6dab66d1215413595 Mon Sep 17 00:00:00 2001
-From: Cristy <urban-warrior@imagemagick.org>
-Date: Sat, 7 Oct 2023 10:22:57 +0800
-Subject: [PATCH] check for BMP file size, poc provided by Hardik Shah of
- Vehere (Dawn Treaders team)
-
----
- coders/bmp.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/coders/bmp.c b/coders/bmp.c
-index 8ff76bb..bb9ce2f 100644
---- a/coders/bmp.c
-+++ b/coders/bmp.c
-@@ -629,6 +629,9 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
-         "  BMP header size: %u",bmp_info.size);
-     if (bmp_info.size > 124)
-       ThrowReaderException(CorruptImageError,"ImproperImageHeader");
-+    if ((bmp_info.file_size != 0) &&
-+        ((MagickSizeType) bmp_info.file_size > GetBlobSize(image)))
-+      ThrowReaderException(CorruptImageError,"ImproperImageHeader");
-     if (bmp_info.offset_bits < bmp_info.size)
-       ThrowReaderException(CorruptImageError,"ImproperImageHeader");
-     bmp_info.offset_bits=MagickMax(14+bmp_info.size,bmp_info.offset_bits);
--- 
-2.27.0
-

CVE-2025-43965.patch

@@ -1,22 +0,0 @@
-From bac413a26073923d3ffb258adaab07fb3fe8fdc9 Mon Sep 17 00:00:00 2001
-From: Dirk Lemstra <dirk@lemstra.org>
-Date: Sat, 8 Feb 2025 23:31:39 +0100
-Subject: [PATCH] Update the image depth after this has been changed by
- SetQuantumFormat.
-
----
- coders/miff.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/coders/miff.c b/coders/miff.c
-index 66f8d3850bf..77e92500679 100644
---- a/coders/miff.c
-+++ b/coders/miff.c
-@@ -1335,6 +1335,7 @@ static Image *ReadMIFFImage(const ImageInfo *image_info,
-     if (quantum_format != UndefinedQuantumFormat)
-       {
-         status=SetQuantumFormat(image,quantum_info,quantum_format);
-+        image->depth=quantum_info->depth;
-         if (status == MagickFalse)
-           ThrowMIFFException(ResourceLimitError,"MemoryAllocationFailed");
-       }

CVE-2025-46393.patch

@@ -1,36 +0,0 @@
-From 81ac8a0d2eb21739842ed18c48c7646b7eef65b8 Mon Sep 17 00:00:00 2001
-From: Cristy <urban-warrior@imagemagick.org>
-Date: Fri, 7 Feb 2025 20:57:15 -0500
-Subject: [PATCH] multispectral MIFF images renders all channels in arbitrary
- order
-
----
- coders/miff.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/coders/miff.c b/coders/miff.c
-index 355455bc50e..398f66d0b66 100644
---- a/coders/miff.c
-+++ b/coders/miff.c
-@@ -1347,10 +1347,10 @@ static Image *ReadMIFFImage(const ImageInfo *image_info,
-       packet_size+=image->depth/8;
-     if (image->colorspace == CMYKColorspace)
-       packet_size+=image->depth/8;
-+    if (image->number_meta_channels != 0)
-+      packet_size=GetImageChannels(image)*image->depth/8;
-     if (image->compression == RLECompression)
-       packet_size++;
--    if (image->number_meta_channels != 0)
--      packet_size+=image->number_meta_channels*image->depth/8;
-     compress_extent=MagickMax(MagickMax(BZipMaxExtent(packet_size*
-       image->columns),LZMAMaxExtent(packet_size*image->columns)),
-       ZipMaxExtent(packet_size*image->columns));
-@@ -2171,7 +2171,7 @@ static MagickBooleanType WriteMIFFImage(const ImageInfo *image_info,
-     if (compression == RLECompression)
-       packet_size++;
-     if (image->number_meta_channels != 0)
--      packet_size+=image->number_meta_channels*image->depth/8;
-+      packet_size=GetImageChannels(image)*image->depth/8;
-     length=MagickMax(BZipMaxExtent(packet_size*image->columns),ZipMaxExtent(
-       packet_size*image->columns));
-     if ((compression == BZipCompression) || (compression == ZipCompression))

ImageMagick.spec

@@ -1,14 +1,11 @@
 Name:           ImageMagick
 Epoch:          1
-Version:        7.1.1.15
+Version:        7.1.1.8
-Release:        2
+Release:        1
 Summary:        Create, edit, compose, or convert bitmap images
 License:        ImageMagick and MIT
 Url:            http://www.imagemagick.org/
-Source0:        https://github.com/ImageMagick/ImageMagick/archive/refs/tags/7.1.1-15.tar.gz
+Source0:        https://github.com/ImageMagick/ImageMagick/archive/refs/tags/7.1.1-8.tar.gz
-Patch1:         CVE-2023-5341.patch
-Patch2:         CVE-2025-43965.patch
-Patch3:         CVE-2025-46393.patch
 
 BuildRequires:  bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
 BuildRequires:  libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@@ -75,7 +72,7 @@ Requires:       ImageMagick-devel = %{epoch}:%{version}-%{release}
 Development files for ImageMagick-c++.
 
 %prep
-%autosetup -n ImageMagick-7.1.1-15 -p1
+%autosetup -n ImageMagick-7.1.1-8 -p1
 
 install -d Magick++/examples
 cp -p Magick++/demo/*.cpp Magick++/demo/*.miff Magick++/examples
@@ -163,21 +160,6 @@ rm PerlMagick/demo/Generic.ttf
 %{_libdir}/pkgconfig/ImageMagick*
 
 %changelog
-* Tue Apr 29 2025 yaoxin <1024769339@qq.com> - 1:7.1.1.15-2
-- Fix CVE-2025-43965 and CVE-2025-46393
-
-* Mon Oct 23 2023 wulei <wu_lei@hoperun.com> - 1:7.1.1.15-1
-- Update to 7.1.1.15
-
-* Sat Oct 7 2023 liningjie <liningjie@xfusion.com> - 1:7.1.1.11-3
-- Fix CVE-2023-5341
-
-* Mon Jul 24 2023 wangkai <13474090681@163.com> - 1:7.1.1.11-2
-- Fix CVE-2023-3428
-
-* Thu Jun 08 2023 wangkai <13474090681@163.com> - 1:7.1.1.11-1
-- Update to 7.1.1.11 for Fix CVE-2023-34151,CVE-2023-34153
-
 * Mon Apr 24 2023 wangkai <13474090681@163.com> - 1:7.1.1.8-1
 - Update to 7.1.1.8 for Fix CVE-2023-1289,CVE-2023-1906