Fun fact: 7.0.11-13 has major 9 (like 7.0.10-14 packaged in Mageia 7), but they bumped major to 10 to 7.0.11-14. Amazing versioning...

I'll package 7.0.11-13 for Mageia 7 and Mageia 8 then to keep the same major.

There's more security fixes in 7.0.11-14 though, and I see new bug reports upstream: https://github.com/ImageMagick/ImageMagick/issues/3767

So we might want to wait a bit to figure out which patches to backport on top of 7.0.11-13, or if we want to do the major version bump in Mageia 7/8.

Fun fact 2: Fedora still ships ImageMagick 6 and they don't seem to care about any of these CVEs...

Fun fact 3: Upstream only provides tarballs for the very latest release they made, oblivious to the fact that if they're breaking SOVERSION maybe some might need to stick to -13...? https://download.imagemagick.org/ImageMagick/download/

CC: (none) => smelror

I filed an issue upstream about this major bump in a "hotfix" release (at least that's what the versioning scheme and the lack of tarballs for previous releases suggests): https://github.com/ImageMagick/ImageMagick/issues/3768

I suggest waiting for an answer before we decide what to do.

Status comment: Fixed upstream in 7.0.11 => Fixed upstream in 7.0.11 (note: 7.0.11-14 breaks SOVERSION)
Keywords: (none) => feedback

We've updated it and rebuilt everything in the past, but it's really stupid and irresponsible that they keep changing the soversion like that, so thanks for complaining upstream about it.

Keywords: feedback => (none)

Removing Mageia 7 from whiteboard due to EOL:
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/

Whiteboard: MGA7TOO => (none)

Ubuntu has issued an advisory for some of these issues on November 29:
https://ubuntu.com/security/notices/USN-5158-1

update in progress.

Rebuild will be done when available on the mirors.

CC: (none) => mageia

openSUSE has issued an advisory today (February 21):
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZUE6OO6UE5NEQ2LYEJSEB2AXREVWZVMB/

It fixes a new security issue.

The issue is fixed upstream in 7.1.0-26.

Mageia 8 is also affected.

Whiteboard: (none) => MGA8TOO
Summary: imagemagick new security issues CVE-2021-20309 and CVE-2021-2031[1-3] => imagemagick new security issues CVE-2021-20309, CVE-2021-2031[1-3], CVE-2022-0284
Status comment: Fixed upstream in 7.0.11 (note: 7.0.11-14 breaks SOVERSION) => Fixed upstream in 7.1.0-26 (note: 7.0.11-14 breaks SOVERSION)
Version: 8 => Cauldron

Debian-LTS has issued an advisory on May 14:
https://www.debian.org/lts/security/2022/dla-3007

It fixes a new security issue.

The issue is fixed upstream in 7.1.0-29.

Cauldron has already been updated to a newer version.

Summary: imagemagick new security issues CVE-2021-20309, CVE-2021-2031[1-3], CVE-2022-0284 => imagemagick new security issues CVE-2021-20309, CVE-2021-2031[1-3], CVE-2022-0284, CVE-2022-28463
Version: Cauldron => 8
Status comment: Fixed upstream in 7.1.0-26 (note: 7.0.11-14 breaks SOVERSION) => Fixed upstream in 7.1.0-29 (note: 7.0.11-14 breaks SOVERSION)
Whiteboard: MGA8TOO => (none)

openSUSE has issued an advisory for the latest issue on May 20:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U4SLHXE2O3IXMI4KAK7QSBITGXIK6OW2/

SUSE has issued an advisory today (May 31):
https://lists.suse.com/pipermail/sle-security-updates/2022-May/011200.html

CVE-2022-1270 from graphicsmagick also affects imagemagick.

Summary: imagemagick new security issues CVE-2021-20309, CVE-2021-2031[1-3], CVE-2022-0284, CVE-2022-28463 => imagemagick new security issues CVE-2021-20309, CVE-2021-2031[1-3], CVE-2022-0284, CVE-2022-1270, CVE-2022-28463

(In reply to David Walser from comment #8)
> Debian-LTS has issued an advisory on May 14:
> https://www.debian.org/lts/security/2022/dla-3007
> 
> It fixes a new security issue.
> 
> The issue is fixed upstream in 7.1.0-29.
> 
> Cauldron has already been updated to a newer version.

Ubuntu has issued an advisory for this today (June 1):
https://ubuntu.com/security/notices/USN-5456-1

openSUSE has issued an advisory today (July 4):
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FYRR2QY5S3HG4B4EAPF6BVV54BZQPUX5/

It fixes three new issues that are fixed upstream in 7.1.0-30.

Severity: normal => major
Summary: imagemagick new security issues CVE-2021-20309, CVE-2021-2031[1-3], CVE-2022-0284, CVE-2022-1270, CVE-2022-28463 => imagemagick new security issues CVE-2021-20309, CVE-2021-2031[1-3], CVE-2022-0284, CVE-2022-1270, CVE-2022-28463, CVE-2022-3254[5-7]
Status comment: Fixed upstream in 7.1.0-29 (note: 7.0.11-14 breaks SOVERSION) => Fixed upstream in 7.1.0-30 (note: 7.0.11-14 breaks SOVERSION)

(In reply to David Walser from comment #12)
> openSUSE has issued an advisory today (July 4):
> https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.
> org/thread/FYRR2QY5S3HG4B4EAPF6BVV54BZQPUX5/
> 
> It fixes three new issues that are fixed upstream in 7.1.0-30.

Ubuntu has issued an advisory for this on July 26:
https://ubuntu.com/security/notices/USN-5534-1

SUSE and openSUSE have issue advisories today (September 2):
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012065.html
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DQYFWVB5WL5D7BG6DWWI7RKZDHYKRQR6/

It mentions one other CVE that I've apparently seen the upstream commit for before but not mentioned here (fixed upstream in 7.1.0-29).

Summary: imagemagick new security issues CVE-2021-20309, CVE-2021-2031[1-3], CVE-2022-0284, CVE-2022-1270, CVE-2022-28463, CVE-2022-3254[5-7] => imagemagick new security issues CVE-2021-20309, CVE-2021-2031[1-3], CVE-2022-0284, CVE-2022-1270, CVE-2022-2719, CVE-2022-28463, CVE-2022-3254[5-7]

This update will also fix CVE-2021-3574.

Fedora has issued an advisory for it today (September 13):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LNVDNM4ZEIYPT3SLZHPYN7OG4CZLEXZJ/

Fedora has issued an advisory today (September 19):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T6VPXZJUL64MXAMQ4JA6V6TYNOXDC6SQ/

It fixes a new issue that is fixed upstream in 7.1.0-47.

Status comment: Fixed upstream in 7.1.0-30 (note: 7.0.11-14 breaks SOVERSION) => Fixed upstream in 7.1.0-47 (note: 7.0.11-14 breaks SOVERSION)
Summary: imagemagick new security issues CVE-2021-20309, CVE-2021-2031[1-3], CVE-2022-0284, CVE-2022-1270, CVE-2022-2719, CVE-2022-28463, CVE-2022-3254[5-7] => imagemagick new security issues CVE-2021-20309, CVE-2021-2031[1-3], CVE-2022-0284, CVE-2022-1270, CVE-2022-2719, CVE-2022-3213, CVE-2022-28463, CVE-2022-3254[5-7]

(In reply to David Walser from comment #16)
> Fedora has issued an advisory today (September 19):
> https://lists.fedoraproject.org/archives/list/package-announce@lists.
> fedoraproject.org/thread/T6VPXZJUL64MXAMQ4JA6V6TYNOXDC6SQ/
> 
> It fixes a new issue that is fixed upstream in 7.1.0-47.

openSUSE has issued an advisory for this on October 1:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/65CCSW6TK2CGQU6OYUEHQBBH6OSPKUJP/

Ubuntu has issued an advisory for this today (November 24):
https://ubuntu.com/security/notices/USN-5736-1

It includes some additional CVEs.

Summary: imagemagick new security issues CVE-2021-20309, CVE-2021-2031[1-3], CVE-2022-0284, CVE-2022-1270, CVE-2022-2719, CVE-2022-3213, CVE-2022-28463, CVE-2022-3254[5-7] => imagemagick new security issues CVE-2021-3574, CVE-2021-4219, CVE-2021-20224, CVE-2021-20309, CVE-2021-2031[1-3], CVE-2022-0284, CVE-2022-1114, CVE-2022-1270, CVE-2022-2719, CVE-2022-3213, CVE-2022-28463, CVE-2022-3254[5-7]

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. (CVE-2021-3574)

A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. (CVE-2021-4219)

An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash. (CVE-2021-20224)

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20309)

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20311)

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20312)

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality. (CVE-2021-20313)

A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure. (CVE-2022-0284)

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. (CVE-2022-1114)

In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. (CVE-2022-1270)

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30. (CVE-2022-2719)

A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service. (CVE-2022-3213)

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. (CVE-2022-32545)

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. (CVE-2022-32546)

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior. (CVE-2022-32547)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20309
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20311
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20312
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20313
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2719
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32547
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QPPJFFJWUIW3K6NB472QVFG522DWQZET/
https://ubuntu.com/security/notices/USN-5158-1
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZUE6OO6UE5NEQ2LYEJSEB2AXREVWZVMB/
https://www.debian.org/lts/security/2022/dla-3007
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U4SLHXE2O3IXMI4KAK7QSBITGXIK6OW2/
https://lists.suse.com/pipermail/sle-security-updates/2022-May/011200.html
https://ubuntu.com/security/notices/USN-5456-1
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FYRR2QY5S3HG4B4EAPF6BVV54BZQPUX5/
https://ubuntu.com/security/notices/USN-5534-1
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012065.html
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DQYFWVB5WL5D7BG6DWWI7RKZDHYKRQR6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LNVDNM4ZEIYPT3SLZHPYN7OG4CZLEXZJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T6VPXZJUL64MXAMQ4JA6V6TYNOXDC6SQ/
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/65CCSW6TK2CGQU6OYUEHQBBH6OSPKUJP/
https://ubuntu.com/security/notices/USN-5736-1
========================

Updated packages in core/updates_testing:
========================
imagemagick-7.1.0.52-1.mga8
imagemagick-desktop-7.1.0.52-1.mga8
imagemagick-doc-7.1.0.52-1.mga8
lib64magick++-7Q16HDRI_5-7.1.0.52-1.mga8
lib64magick-7Q16HDRI_10-7.1.0.52-1.mga8
lib64magick-devel-7.1.0.52-1.mga8
perl-Image-Magick-7.1.0.52-1.mga8

abydos-config-0.2.3-4.2.mga8
lib64abydos0.2_0-0.2.3-4.2.mga8
lib64abydos0.2-devel-0.2.3-4.2.mga8

converseen-0.9.8.1-4.2.mga8

digikam-7.1.0-4.2.mga8
lib64digikamcore7.1.0-7.1.0-4.2.mga8
lib64digikamdatabase7.1.0-7.1.0-4.2.mga8
lib64digikamgui7.1.0-7.1.0-4.2.mga8
lib64digikam-devel-7.1.0-4.2.mga8
showfoto-7.1.0-4.2.mga8

lib64openshot19-0.2.5-5.2.mga8
lib64openshot-devel-0.2.5-5.2.mga8
python3-libopenshot-0.2.5-5.2.mga8

php-imagick-3.4.5-0.git20201230.2.2.mga8

lib64synfig0-1.2.2-11.2.mga8
lib64synfig-devel-1.2.2-11.2.mga8
synfig-1.2.2-11.2.mga8

default-windowmaker-desktop-0.95.9-3.2.mga8
lib64wings3-0.95.9-3.2.mga8
lib64wings-devel-0.95.9-3.2.mga8
lib64wmaker1-0.95.9-3.2.mga8
lib64wmaker-devel-0.95.9-3.2.mga8
lib64wraster6-0.95.9-3.2.mga8
lib64wraster-devel-0.95.9-3.2.mga8
lib64wutil5-0.95.9-3.2.mga8
lib64wutil-devel-0.95.9-3.2.mga8
mageia-windowmaker-desktop-0.95.9-3.2.mga8
windowmaker-0.95.9-3.2.mga8

lib64xine2-1.2.11-1.2.mga8
lib64xine1.2-devel-1.2.11-1.2.mga8
xine1.2-common-1.2.11-1.2.mga8

lib64zbar0-0.23.1-5.2.mga8
lib64zbargtk0-0.23.1-5.2.mga8
lib64zbarqt0-0.23.1-5.2.mga8
lib64zbar-devel-0.23.1-5.2.mga8
lib64zbar-gir1.0-0.23.1-5.2.mga8
python3-zbar-0.23.1-5.2.mga8
zbar-0.23.1-5.2.mga8

from SRPMS:
imagemagick-7.1.0.52-1.mga8.src.rpm
abydos-0.2.3-4.2.mga8.src.rpm
converseen-0.9.8.1-4.2.mga8.src.rpm
digikam-7.1.0-4.2.mga8.src.rpm
libopenshot-0.2.5-5.2.mga8.src.rpm
php-imagick-3.4.5-0.git20201230.2.2.mga8.src.rpm
synfig-1.2.2-11.2.mga8.src.rpm
windowmaker-0.95.9-3.2.mga8.src.rpm
xine-lib1.2-1.2.11-1.2.mga8.src.rpm
zbar-0.23.1-5.2.mga8.src.rpm

Updated package in core/backports_testing:
========================
php-imagick-3.6.0-0.4.mga8

from SRPM:
php-imagick-3.6.0-0.4.mga8.src.rpm

Updated packages in tainted/updates_testing:
========================
imagemagick-7.1.0.52-1.mga8.tainted
imagemagick-desktop-7.1.0.52-1.mga8.tainted
imagemagick-doc-7.1.0.52-1.mga8.tainted
lib64magick++-7Q16HDRI_5-7.1.0.52-1.mga8.tainted
lib64magick-7Q16HDRI_10-7.1.0.52-1.mga8.tainted
lib64magick-devel-7.1.0.52-1.mga8.tainted
perl-Image-Magick-7.1.0.52-1.mga8.tainted

abydos-config-0.2.3-4.2.mga8.tainted
lib64abydos0.2_0-0.2.3-4.2.mga8.tainted
lib64abydos0.2-devel-0.2.3-4.2.mga8.tainted

transcode-1.1.7-29.2.mga8.tainted

lib64xine2-1.2.11-1.2.mga8.tainted
lib64xine1.2-devel-1.2.11-1.2.mga8.tainted
xine1.2-common-1.2.11-1.2.mga8.tainted

from SRPMS:
imagemagick-7.1.0.52-1.mga8.tainted.src.rpm
abydos-0.2.3-4.2.mga8.tainted.src.rpm
transcode-1.1.7-29.2.mga8.tainted.src.rpm
xine-lib1.2-1.2.11-1.2.mga8.tainted.src.rpm

Status comment: Fixed upstream in 7.1.0-47 (note: 7.0.11-14 breaks SOVERSION) => (none)
CC: (none) => nicolas.salguero
Assignee: rverschelde => qa-bugs

Thanks Nicolas!  You'll have to open a separate bug for the backports package.

Done in bug 31186.

mga8, x64
Updated something like 49 packages including the tainted versions.  That ran smoothly.  A quick look using display showed that the basic function works.  No time just now to pursue this further.  Maybe in a couple of days.

CC: (none) => tarazed25

Updated just the core packages, using qarepo:

The following 16 packages are going to be installed:

- digikam-7.1.0-4.2.mga8.x86_64
- imagemagick-7.1.0.52-1.mga8.x86_64
- imagemagick-desktop-7.1.0.52-1.mga8.x86_64
- imagemagick-doc-7.1.0.52-1.mga8.noarch
- lib64digikamcore7.1.0-7.1.0-4.2.mga8.x86_64
- lib64digikamdatabase7.1.0-7.1.0-4.2.mga8.x86_64
- lib64digikamgui7.1.0-7.1.0-4.2.mga8.x86_64
- lib64magick++-7Q16HDRI_5-7.1.0.52-1.mga8.x86_64
- lib64magick-7Q16HDRI_10-7.1.0.52-1.mga8.x86_64
- lib64potrace0-1.16-2.mga8.x86_64
- lib64raw_r20-0.20.2-1.mga8.x86_64
- lib64xine2-1.2.11-1.2.mga8.x86_64
- lib64zbar0-0.23.1-5.2.mga8.x86_64
- perl-Image-Magick-7.1.0.52-1.mga8.x86_64
- potrace-1.16-2.mga8.x86_64
- xine1.2-common-1.2.11-1.2.mga8.x86_64

No installation issues.

I ran the Imagemagick GUI, opened an image from my home directory, and played around with the different effects, enhancements, and other manipulations for a while. Everything seemed to work as it should.

I am not a digikam user, but I ran it anyway. As a complete novice I found the interface to be rather daunting, and all I did was take a look at several of the various tab screens. All of them looked OK, as far as I could tell. It really needs someone with some experience at using it to give it a better test.

The core version looks OK, as far as I was able to take it. I'll leave it to Len to do some more.

CC: (none) => andrewsfarm

Installed tainted versions and tested without issues.

System: Mageia 8, x86_64, AMD CPU.

Updated packages:
- imagemagick-7.1.0.52-1.mga8.tainted.x86_64
- lib64magick-7Q16HDRI_10-7.1.0.52-1.mga8.tainted.x86_64
- lib64potrace0-1.16-2.mga8.x86_64
- lib64raw_r20-0.20.2-1.mga8.x86_64
- potrace-1.16-2.mga8.x86_64


Tested the various command line tools of imagemagick and potrace.
Also tested using a PHP script that uses php-imagick.
All seems to be working correctly. No issues noticed.



$ uname -a
Linux jupiter 6.0.9-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Wed Nov 16 18:06:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q php-imagick
php-imagick-3.6.0-0.4.mga8

CC: (none) => mageia

Updated packages in core/updates_testing:
========================
imagemagick-7.1.0.52-1.1.mga8
imagemagick-desktop-7.1.0.52-1.1.mga8
imagemagick-doc-7.1.0.52-1.1.mga8
lib64magick++-7Q16HDRI_5-7.1.0.52-1.1.mga8
lib64magick-7Q16HDRI_10-7.1.0.52-1.1.mga8
lib64magick-devel-7.1.0.52-1.1.mga8
perl-Image-Magick-7.1.0.52-1.1.mga8

abydos-config-0.2.3-4.2.mga8
lib64abydos0.2_0-0.2.3-4.2.mga8
lib64abydos0.2-devel-0.2.3-4.2.mga8

converseen-0.9.8.1-4.2.mga8

digikam-7.1.0-4.2.mga8
lib64digikamcore7.1.0-7.1.0-4.2.mga8
lib64digikamdatabase7.1.0-7.1.0-4.2.mga8
lib64digikamgui7.1.0-7.1.0-4.2.mga8
lib64digikam-devel-7.1.0-4.2.mga8
showfoto-7.1.0-4.2.mga8

lib64openshot19-0.2.5-5.2.mga8
lib64openshot-devel-0.2.5-5.2.mga8
python3-libopenshot-0.2.5-5.2.mga8

php-imagick-3.4.5-0.git20201230.2.2.mga8

lib64synfig0-1.2.2-11.2.mga8
lib64synfig-devel-1.2.2-11.2.mga8
synfig-1.2.2-11.2.mga8

default-windowmaker-desktop-0.95.9-3.2.mga8
lib64wings3-0.95.9-3.2.mga8
lib64wings-devel-0.95.9-3.2.mga8
lib64wmaker1-0.95.9-3.2.mga8
lib64wmaker-devel-0.95.9-3.2.mga8
lib64wraster6-0.95.9-3.2.mga8
lib64wraster-devel-0.95.9-3.2.mga8
lib64wutil5-0.95.9-3.2.mga8
lib64wutil-devel-0.95.9-3.2.mga8
mageia-windowmaker-desktop-0.95.9-3.2.mga8
windowmaker-0.95.9-3.2.mga8

lib64xine2-1.2.11-1.2.mga8
lib64xine1.2-devel-1.2.11-1.2.mga8
xine1.2-common-1.2.11-1.2.mga8

lib64zbar0-0.23.1-5.2.mga8
lib64zbargtk0-0.23.1-5.2.mga8
lib64zbarqt0-0.23.1-5.2.mga8
lib64zbar-devel-0.23.1-5.2.mga8
lib64zbar-gir1.0-0.23.1-5.2.mga8
python3-zbar-0.23.1-5.2.mga8
zbar-0.23.1-5.2.mga8

from SRPMS:
imagemagick-7.1.0.52-1.1.mga8.src.rpm
abydos-0.2.3-4.2.mga8.src.rpm
converseen-0.9.8.1-4.2.mga8.src.rpm
digikam-7.1.0-4.2.mga8.src.rpm
libopenshot-0.2.5-5.2.mga8.src.rpm
php-imagick-3.4.5-0.git20201230.2.2.mga8.src.rpm
synfig-1.2.2-11.2.mga8.src.rpm
windowmaker-0.95.9-3.2.mga8.src.rpm
xine-lib1.2-1.2.11-1.2.mga8.src.rpm
zbar-0.23.1-5.2.mga8.src.rpm

Updated package in core/backports_testing:
========================
php-imagick-3.6.0-0.4.mga8

from SRPM:
php-imagick-3.6.0-0.4.mga8.src.rpm

Updated packages in tainted/updates_testing:
========================
imagemagick-7.1.0.52-1.1.mga8.tainted
imagemagick-desktop-7.1.0.52-1.1.mga8.tainted
imagemagick-doc-7.1.0.52-1.1.mga8.tainted
lib64magick++-7Q16HDRI_5-7.1.0.52-1.1.mga8.tainted
lib64magick-7Q16HDRI_10-7.1.0.52-1.1.mga8.tainted
lib64magick-devel-7.1.0.52-1.1.mga8.tainted
perl-Image-Magick-7.1.0.52-1.1.mga8.tainted

abydos-config-0.2.3-4.2.mga8.tainted
lib64abydos0.2_0-0.2.3-4.2.mga8.tainted
lib64abydos0.2-devel-0.2.3-4.2.mga8.tainted

transcode-1.1.7-29.2.mga8.tainted

lib64xine2-1.2.11-1.2.mga8.tainted
lib64xine1.2-devel-1.2.11-1.2.mga8.tainted
xine1.2-common-1.2.11-1.2.mga8.tainted

from SRPMS:
imagemagick-7.1.0.52-1.1.mga8.tainted.src.rpm
abydos-0.2.3-4.2.mga8.tainted.src.rpm
transcode-1.1.7-29.2.mga8.tainted.src.rpm
xine-lib1.2-1.2.11-1.2.mga8.tainted.src.rpm

The following 6 packages are going to be installed:

- imagemagick-7.1.0.52-1.1.mga8.x86_64
- imagemagick-desktop-7.1.0.52-1.1.mga8.x86_64
- imagemagick-doc-7.1.0.52-1.1.mga8.noarch
- lib64magick++-7Q16HDRI_5-7.1.0.52-1.1.mga8.x86_64
- lib64magick-7Q16HDRI_10-7.1.0.52-1.1.mga8.x86_64
- perl-Image-Magick-7.1.0.52-1.1.mga8.x86_64

(rebuilt with new jbigkit) No installation issues. Ran a few commands for jbg conversions, did not crash this time as it did before. Conversion quality using imagemagick is MUCH better than when using graphicsmagick.

Going back now to bug 31189 for additional testing.

OK so far.

The following 9 packages are going to be installed:

- imagemagick-7.1.0.52-1.1.mga8.tainted.x86_64
- imagemagick-desktop-7.1.0.52-1.1.mga8.tainted.x86_64
- imagemagick-doc-7.1.0.52-1.1.mga8.tainted.noarch
- lib64magick++-7Q16HDRI_5-7.1.0.52-1.1.mga8.tainted.x86_64
- lib64magick-7Q16HDRI_10-7.1.0.52-1.1.mga8.tainted.x86_64
- lib64xine2-1.2.11-1.2.mga8.tainted.x86_64
- perl-Image-Magick-7.1.0.52-1.1.mga8.tainted.x86_64
- transcode-1.1.7-29.2.mga8.tainted.x86_64
- xine1.2-common-1.2.11-1.2.mga8.tainted.x86_64

No installation issues. Ran some commands, no issues. Printed monochrome and color images with my Laserjet CP1215 (driver requires imagemagick), both OK. 

Tried to run a .mkv video with xine, and that failed, but an mp4 was OK. Played a commercial DVD that had a menu with no problem.

I have not tried any of the other packages, as yet.

Installed task-windowmaker, then attempted to update it from packages from comment 25, and I get this:

Sorry, the following package cannot be selected:

- lib64wraster6-0.95.9-3.2.mga8.x86_64 (due to unsatisfied libMagickWand-7.Q16HDRI.so.10(VERS_10.0)(64bit))

Note that it says it is looking for "libMagickWand", not "lib64MagickWand".

lib64MagickWand was, for some reason, not installed, so I added the graphicsmagick packages from bug 31189, which included it, to the qarepo list. If the version was the problem, that should have made it available to draw in.

Same message resulted.

A similar situation happens with converseen. Attempting to update it results in this:

Sorry, the following package cannot be selected:

- converseen-0.9.8.1-4.2.mga8.x86_64 (due to unsatisfied libMagickCore-7.Q16HDRI.so.10()(64bit))

Two more, and I'm by no means sure I have caught them all:

Sorry, the following package cannot be selected:

- lib64openshot19-0.2.5-5.2.mga8.x86_64 (due to unsatisfied libMagickCore-7.Q16HDRI.so.10()(64bit))


- Sorry, the following package cannot be selected:

- zbar-0.23.1-5.2.mga8.x86_64 (due to unsatisfied libMagickWand-7.Q16HDRI.so.10(VERS_10.0)(64bit))ar-0.23.1-5.2.mga8.x86_64 (due to unsatisfied libMagickWand-7.Q16HDRI.so.10(VERS_10.0)(64bit))

You're missing the ImageMagick library packages in your qarepo.

Comment 30 and Comment 29, at least, appear to be invalid. I suspect something, somewhere along the way caused the vbox guest I was using to test to become corrupted in some fashion. 

Using qarepo on another install on different hardware to download the entire list from this bug and from bug 31189, then updating installed packages, then attempting to install the packages from those two comments did not show the error messages.

Sorry for the noise.

(In reply to David Walser from comment #31)
> You're missing the ImageMagick library packages in your qarepo.

But the libmagickwand package it was complaining about was listed in the bugs as a GraphicsMagick library.

Guess I got lost. Too many interconnected bugs, and I must be too old to keep all this straight. Regrouping...

(In reply to Thomas Andrews from comment #33)
> (In reply to David Walser from comment #31)
> > You're missing the ImageMagick library packages in your qarepo.
> 
> But the libmagickwand package it was complaining about was listed in the
> bugs as a GraphicsMagick library.

No, it wasn't :o)

> Guess I got lost. Too many interconnected bugs, and I must be too old to
> keep all this straight. Regrouping...

Yes, this imagemagick/jbigkit update has turned into a big confusing mess.

OK, tried again. Installed zbar with no issues. I do not have the hardware to test it, so a clean install will have to do.

I installed the openshot-qt video editor with no issues. I ran it, managed to import a video file I shot several years ago. Played a little bit, but didn't get far - too complicated to learn quickly. Going to call it OK, too.

With a bit of trepidation, I installed task-windowmaker. No installation issues there, either. Looking for a way to give it a basic test, I found wmbutton, which is described as "a very efficient graphical launcher dockapp for WindowMaker," I ran that, and used it, launching in turn several of the apps that I had seen drawn in as dependencies when the task had been installed. I'm going to call that one OK, too.

Transcode installed OK. Testing it is beyond me, and I see that it has been removed from Mageia 9, so OK on the clean install.

xine Tainted seems to work OK.

That's as far as I can go with it. I'm going to give these related bugs OKs, and validate. I hope somebody can sort out this mess enough to craft advisories.

Whiteboard: (none) => MGA8-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0446.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

This update also fixed CVE-2022-44267 and CVE-2022-44268:
https://ubuntu.com/security/notices/USN-5855-1

This update also fixed CVE-2021-39212:
https://www.debian.org/lts/security/2023/dla-3429