[Pkg-gmagick-im-team] Bug#977205: imagemagick: CVE-2020-29599

Salvatore Bonaccorso carnil at debian.org
Sun Jan 3 14:19:35 GMT 2021


Hi Bastien,

Hope you are ok.

On Tue, Dec 15, 2020 at 10:34:59AM +0100, Bastien ROUCARIES wrote:
> Hi,
> 
> As said on debian-provate go ahead please. I am late due to payjob issue.

Alright attached is a proposed debdiff for covering the CVEs, but
please double check them as well please (it includes as well disabling
the ghostscript handled formats).

There is though another RC bug, #971216 which needs handling for
bullseye and unstable.

Can you take it from here in case you got more free time?

Regards,
Salvatore
-------------- next part --------------
diff -Nru imagemagick-6.9.11.24+dfsg/debian/changelog imagemagick-6.9.11.24+dfsg/debian/changelog
--- imagemagick-6.9.11.24+dfsg/debian/changelog	2020-07-27 03:13:36.000000000 +0200
+++ imagemagick-6.9.11.24+dfsg/debian/changelog	2021-01-03 15:06:17.000000000 +0100
@@ -1,3 +1,15 @@
+imagemagick (8:6.9.11.24+dfsg-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Disable ghostscript handled formats based on -SAFER insecurity
+  * Division by Zero in function OptimizeLayerFrames (CVE-2020-27560)
+    (Closes: #972797)
+  * Fix shell injection vulnerability via the -authenticate option
+    (CVE-2020-29599) (Closes: #977205)
+  * Restore passphrase support when rendering PDF's
+
+ -- Salvatore Bonaccorso <carnil at debian.org>  Sun, 03 Jan 2021 15:06:17 +0100
+
 imagemagick (8:6.9.11.24+dfsg-1) unstable; urgency=medium
 
   * Acknowledge NMU
diff -Nru imagemagick-6.9.11.24+dfsg/debian/patches/0023-disable-ghostscript-formats.patch imagemagick-6.9.11.24+dfsg/debian/patches/0023-disable-ghostscript-formats.patch
--- imagemagick-6.9.11.24+dfsg/debian/patches/0023-disable-ghostscript-formats.patch	1970-01-01 01:00:00.000000000 +0100
+++ imagemagick-6.9.11.24+dfsg/debian/patches/0023-disable-ghostscript-formats.patch	2021-01-03 14:53:42.000000000 +0100
@@ -0,0 +1,24 @@
+Author: Steve Beattie <steve.beattie at canonical.com>
+Subject: disable ghostscript handled formats based on -SAFER insecurity
+
+Based on Tavis Ormandy's Recommendations
+updated: 2019-11-11
+
+---
+ config/policy.xml |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/config/policy.xml
++++ b/config/policy.xml
+@@ -86,4 +86,11 @@
+   <policy domain="delegate" rights="none" pattern="HTTP" />
+   <!-- in order to avoid to get image with password text -->
+   <policy domain="path" rights="none" pattern="@*"/>
++  <!-- disable ghostscript format types -->
++  <policy domain="coder" rights="none" pattern="PS" />
++  <policy domain="coder" rights="none" pattern="PS2" />
++  <policy domain="coder" rights="none" pattern="PS3" />
++  <policy domain="coder" rights="none" pattern="EPS" />
++  <policy domain="coder" rights="none" pattern="PDF" />
++  <policy domain="coder" rights="none" pattern="XPS" />
+ </policymap>
diff -Nru imagemagick-6.9.11.24+dfsg/debian/patches/0024-CVE-2020-27560.patch imagemagick-6.9.11.24+dfsg/debian/patches/0024-CVE-2020-27560.patch
--- imagemagick-6.9.11.24+dfsg/debian/patches/0024-CVE-2020-27560.patch	1970-01-01 01:00:00.000000000 +0100
+++ imagemagick-6.9.11.24+dfsg/debian/patches/0024-CVE-2020-27560.patch	2021-01-03 14:56:32.000000000 +0100
@@ -0,0 +1,34 @@
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Mon, 19 Oct 2020 01:20:20 +0000
+Subject: https://github.com/ImageMagick/ImageMagick/pull/2743
+Origin: https://github.com/ImageMagick/ImageMagick6/commit/6e3b13c7ef94d72b40fba91987897c4326717a46
+Bug-Debian: https://bugs.debian.org/972797
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-27560
+
+---
+ magick/layer.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/magick/layer.c b/magick/layer.c
+index ca7ab5da6947..e5c83ede6eda 100644
+--- a/magick/layer.c
++++ b/magick/layer.c
+@@ -1382,11 +1382,13 @@ static Image *OptimizeLayerFrames(const Image *image,
+     if ( disposals[i] == DelDispose ) {
+       size_t time = 0;
+       while ( disposals[i] == DelDispose ) {
+-        time += curr->delay*1000/curr->ticks_per_second;
++        time += (size_t) (curr->delay*1000*
++          PerceptibleReciprocal((double) curr->ticks_per_second));
+         curr=GetNextImageInList(curr);
+         i++;
+       }
+-      time += curr->delay*1000/curr->ticks_per_second;
++      time += (size_t) (curr->delay*1000*
++        PerceptibleReciprocal((double) curr->ticks_per_second));
+       prev_image->ticks_per_second = 100L;
+       prev_image->delay = time*prev_image->ticks_per_second/1000;
+     }
+-- 
+2.30.0
+
diff -Nru imagemagick-6.9.11.24+dfsg/debian/patches/0025-shell-injection-vulnerability-via-the-authenticate-o.patch imagemagick-6.9.11.24+dfsg/debian/patches/0025-shell-injection-vulnerability-via-the-authenticate-o.patch
--- imagemagick-6.9.11.24+dfsg/debian/patches/0025-shell-injection-vulnerability-via-the-authenticate-o.patch	1970-01-01 01:00:00.000000000 +0100
+++ imagemagick-6.9.11.24+dfsg/debian/patches/0025-shell-injection-vulnerability-via-the-authenticate-o.patch	2021-01-03 14:58:59.000000000 +0100
@@ -0,0 +1,36 @@
+From a2b3dd8455da2f17849b55e6b6ddcce587e4a323 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Mon, 16 Nov 2020 17:01:57 +0000
+Subject: [PATCH] shell injection vulnerability via the -authenticate option
+
+---
+ coders/pdf.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/coders/pdf.c b/coders/pdf.c
+index 5e4edc76099c..63eda5d81d64 100644
+--- a/coders/pdf.c
++++ b/coders/pdf.c
+@@ -588,11 +588,14 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)
+   if (option != (char *) NULL)
+     {
+       char
+-        passphrase[MaxTextExtent];
+-
+-      (void) FormatLocaleString(passphrase,MaxTextExtent,
+-        "\"-sPDFPassword=%s\" ",option);
+-      (void) ConcatenateMagickString(options,passphrase,MaxTextExtent);
++        message[MagickPathExtent],
++        *passphrase;
++
++      passphrase=SanitizeString(option);
++      (void) FormatLocaleString(message,MagickPathExtent, 
++        "\"-sPDFPassword=%s\" ",passphrase);
++      passphrase=DestroyString(passphrase);
++      (void) ConcatenateMagickString(options,message,MagickPathExtent);
+     }
+   read_info=CloneImageInfo(image_info);
+   *read_info->magick='\0';
+-- 
+2.30.0
+
diff -Nru imagemagick-6.9.11.24+dfsg/debian/patches/0026-fix-shell-injection-vulnerability-via-the-authentica.patch imagemagick-6.9.11.24+dfsg/debian/patches/0026-fix-shell-injection-vulnerability-via-the-authentica.patch
--- imagemagick-6.9.11.24+dfsg/debian/patches/0026-fix-shell-injection-vulnerability-via-the-authentica.patch	1970-01-01 01:00:00.000000000 +0100
+++ imagemagick-6.9.11.24+dfsg/debian/patches/0026-fix-shell-injection-vulnerability-via-the-authentica.patch	2021-01-03 14:59:45.000000000 +0100
@@ -0,0 +1,63 @@
+From 7b0cce080345e5b7ef26d122f18809c93a19a80e Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Mon, 16 Nov 2020 18:17:31 +0000
+Subject: [PATCH] fix shell injection vulnerability via the -authenticate
+ option
+
+---
+ coders/pdf.c    | 15 ++++++---------
+ magick/string.c |  8 +++++++-
+ 2 files changed, 13 insertions(+), 10 deletions(-)
+
+diff --git a/coders/pdf.c b/coders/pdf.c
+index 63eda5d81d64..074ba3f648d2 100644
+--- a/coders/pdf.c
++++ b/coders/pdf.c
+@@ -585,17 +585,14 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)
+   if (stop_on_error != MagickFalse)
+     (void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent);
+   option=GetImageOption(image_info,"authenticate");
+-  if (option != (char *) NULL)
++  if ((option != (char *) NULL) && (strpbrk(option,"&;<>|") == (char *) NULL))
+     {
+       char
+-        message[MagickPathExtent],
+-        *passphrase;
+-
+-      passphrase=SanitizeString(option);
+-      (void) FormatLocaleString(message,MagickPathExtent, 
+-        "\"-sPDFPassword=%s\" ",passphrase);
+-      passphrase=DestroyString(passphrase);
+-      (void) ConcatenateMagickString(options,message,MagickPathExtent);
++        passphrase[MagickPathExtent];
++
++      (void) FormatLocaleString(passphrase,MagickPathExtent,
++        "\"-sPDFPassword=%s\" ",option);
++      (void) ConcatenateMagickString(options,passphrase,MagickPathExtent);
+     }
+   read_info=CloneImageInfo(image_info);
+   *read_info->magick='\0';
+diff --git a/magick/string.c b/magick/string.c
+index c8ffa086ffd7..7f6eebc3b842 100644
+--- a/magick/string.c
++++ b/magick/string.c
+@@ -1604,9 +1604,15 @@ MagickExport char *SanitizeString(const char *source)
+     *p;
+ 
+   static char
++#if defined(MAGICKCORE_WINDOWS_SUPPORT)
+     whitelist[] =
+       "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
+-      "$-_.+!*'(),{}|\\^~[]`\"><#%;/?:@&=";
++      "$-_.+!;*(),{}|^~[]`\'><#%/?:@&=";
++#else
++    whitelist[] =
++      "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
++      "$-_.+!;*(),{}|\\^~[]`\"><#%/?:@&=";
++#endif
+ 
+   sanitize_source=AcquireString(source);
+   p=sanitize_source;
+-- 
+2.30.0
+
diff -Nru imagemagick-6.9.11.24+dfsg/debian/patches/0027-fix-shell-injection-vulnerability-via-the-authentica.patch imagemagick-6.9.11.24+dfsg/debian/patches/0027-fix-shell-injection-vulnerability-via-the-authentica.patch
--- imagemagick-6.9.11.24+dfsg/debian/patches/0027-fix-shell-injection-vulnerability-via-the-authentica.patch	1970-01-01 01:00:00.000000000 +0100
+++ imagemagick-6.9.11.24+dfsg/debian/patches/0027-fix-shell-injection-vulnerability-via-the-authentica.patch	2021-01-03 15:00:08.000000000 +0100
@@ -0,0 +1,26 @@
+From ab2e97d2f7520d1d9ff36ef421caf2a899e14ce4 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Thu, 19 Nov 2020 18:36:05 +0000
+Subject: [PATCH] fix shell injection vulnerability via the -authenticate
+ option
+
+---
+ coders/pdf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/pdf.c b/coders/pdf.c
+index 074ba3f648d2..ef1567b29cd3 100644
+--- a/coders/pdf.c
++++ b/coders/pdf.c
+@@ -585,7 +585,7 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)
+   if (stop_on_error != MagickFalse)
+     (void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent);
+   option=GetImageOption(image_info,"authenticate");
+-  if ((option != (char *) NULL) && (strpbrk(option,"&;<>|") == (char *) NULL))
++  if ((option != (char *) NULL) && (strpbrk(option,"&;<>|\"") == (char *) NULL))
+     {
+       char
+         passphrase[MagickPathExtent];
+-- 
+2.30.0
+
diff -Nru imagemagick-6.9.11.24+dfsg/debian/patches/0028-fix-shell-injection-vulnerability-via-the-authentica.patch imagemagick-6.9.11.24+dfsg/debian/patches/0028-fix-shell-injection-vulnerability-via-the-authentica.patch
--- imagemagick-6.9.11.24+dfsg/debian/patches/0028-fix-shell-injection-vulnerability-via-the-authentica.patch	1970-01-01 01:00:00.000000000 +0100
+++ imagemagick-6.9.11.24+dfsg/debian/patches/0028-fix-shell-injection-vulnerability-via-the-authentica.patch	2021-01-03 15:00:36.000000000 +0100
@@ -0,0 +1,27 @@
+From 869e38717fa91325da87c2a4cedc148a770a07ec Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Thu, 19 Nov 2020 18:39:30 +0000
+Subject: [PATCH] fix shell injection vulnerability via the -authenticate
+ option
+
+---
+ coders/pdf.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/coders/pdf.c b/coders/pdf.c
+index ef1567b29cd3..d5ed5659648b 100644
+--- a/coders/pdf.c
++++ b/coders/pdf.c
+@@ -585,7 +585,8 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)
+   if (stop_on_error != MagickFalse)
+     (void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent);
+   option=GetImageOption(image_info,"authenticate");
+-  if ((option != (char *) NULL) && (strpbrk(option,"&;<>|\"") == (char *) NULL))
++  if ((option != (char *) NULL) &&
++      (strpbrk(option,"&;<>|\"'") == (char *) NULL))
+     {
+       char
+         passphrase[MagickPathExtent];
+-- 
+2.30.0
+
diff -Nru imagemagick-6.9.11.24+dfsg/debian/patches/0029-fix-shell-injection-vulnerability-via-the-authentica.patch imagemagick-6.9.11.24+dfsg/debian/patches/0029-fix-shell-injection-vulnerability-via-the-authentica.patch
--- imagemagick-6.9.11.24+dfsg/debian/patches/0029-fix-shell-injection-vulnerability-via-the-authentica.patch	1970-01-01 01:00:00.000000000 +0100
+++ imagemagick-6.9.11.24+dfsg/debian/patches/0029-fix-shell-injection-vulnerability-via-the-authentica.patch	2021-01-03 15:04:23.000000000 +0100
@@ -0,0 +1,111 @@
+From 226804980651bb4eb5f3ba3b9d7e992f2eda4710 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Thu, 19 Nov 2020 20:50:44 +0000
+Subject: [PATCH] fix shell injection vulnerability via the -authenticate
+ option
+
+---
+ coders/pdf.c            | 46 ++++++++++++++++++++++++++++++++++-------
+ config/delegates.xml.in |  4 ++--
+ 3 files changed, 43 insertions(+), 11 deletions(-)
+
+diff --git a/coders/pdf.c b/coders/pdf.c
+index d5ed5659648b..31efd06e53fd 100644
+--- a/coders/pdf.c
++++ b/coders/pdf.c
+@@ -368,6 +368,36 @@ static inline void CleanupPDFInfo(PDFInfo *pdf_info)
+     pdf_info->profile=DestroyStringInfo(pdf_info->profile);
+ }
+ 
++static char *SanitizeDelegateString(const char *source)
++{
++  char
++    *sanitize_source;
++
++  const char
++    *q;
++
++  register char
++    *p;
++
++  static char
++#if defined(MAGICKCORE_WINDOWS_SUPPORT)
++    whitelist[] =
++      "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
++      "$-_.+!;*(),{}|^~[]`\'><#%/?:@&=";
++#else
++    whitelist[] =
++      "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
++      "$-_.+!;*(),{}|\\^~[]`\"><#%/?:@&=";
++#endif
++
++  sanitize_source=AcquireString(source);
++  p=sanitize_source;
++  q=sanitize_source+strlen(sanitize_source);
++  for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist))
++    *p='_';
++  return(sanitize_source);
++}
++
+ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ {
+   char
+@@ -585,14 +615,16 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)
+   if (stop_on_error != MagickFalse)
+     (void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent);
+   option=GetImageOption(image_info,"authenticate");
+-  if ((option != (char *) NULL) &&
+-      (strpbrk(option,"&;<>|\"'") == (char *) NULL))
++  if (option != (char *) NULL)
+     {
+       char
+-        passphrase[MagickPathExtent];
++        passphrase[MagickPathExtent],
++        *sanitize_passphrase;
+ 
++      sanitize_passphrase=SanitizeDelegateString(option);
+       (void) FormatLocaleString(passphrase,MagickPathExtent,
+-        "\"-sPDFPassword=%s\" ",option);
++        "'-sPDFPassword=%s' ",sanitize_passphrase);
++      sanitize_passphrase=DestroyString(sanitize_passphrase);
+       (void) ConcatenateMagickString(options,passphrase,MagickPathExtent);
+     }
+   read_info=CloneImageInfo(image_info);
+@@ -1091,7 +1123,7 @@ static MagickBooleanType WritePOCKETMODImage(const ImageInfo *image_info,
+     if (page == (Image *) NULL)
+       break;
+     (void) SetImageAlphaChannel(page,RemoveAlphaChannel);
+-    page->scene=i++;
++    page->scene=(size_t) i++;
+     AppendImageToList(&pages,page);
+     if ((i == 8) || (GetNextImageInList(next) == (Image *) NULL))
+       {
+@@ -1110,8 +1142,8 @@ static MagickBooleanType WritePOCKETMODImage(const ImageInfo *image_info,
+           page=CloneImage(pages,0,0,MagickTrue,&image->exception);
+           (void) QueryColorCompliance("#FFF",AllCompliance,
+             &page->background_color,&image->exception);
+-          SetImageBackgroundColor(page);
+-          page->scene=i;
++          (void) SetImageBackgroundColor(page);
++          page->scene=(size_t) i;
+           AppendImageToList(&pages,page);
+         }
+         images=CloneImages(pages,PocketPageOrder,&image->exception);
+diff --git a/config/delegates.xml.in b/config/delegates.xml.in
+index d93387ac1248..4fc3acc3f31f 100644
+--- a/config/delegates.xml.in
++++ b/config/delegates.xml.in
+@@ -89,8 +89,8 @@
+   <delegate decode="pcl:cmyk" stealth="True" command=""@PCLDelegate@" -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=@PCLCMYKDevice@" -dTextAlphaBits=%u -dGraphicsAlphaBits=%u "-r%s" %s "-sOutputFile=%s" "%s""/>
+   <delegate decode="pcl:color" stealth="True" command=""@PCLDelegate@" -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=@PCLColorDevice@" -dTextAlphaBits=%u -dGraphicsAlphaBits=%u "-r%s" %s "-sOutputFile=%s" "%s""/>
+   <delegate decode="pcl:mono" stealth="True" command=""@PCLDelegate@" -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=@PCLMonoDevice@" -dTextAlphaBits=%u -dGraphicsAlphaBits=%u "-r%s" %s "-sOutputFile=%s" "%s""/>
+-  <delegate decode="pdf" encode="eps" mode="bi" command=""@PSDelegate@" -sstdout=%%stderr -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 -sPDFPassword="%a" "-sDEVICE=@GSEPSDevice@" "-sOutputFile=%o" "-f%i""/>
+-  <delegate decode="pdf" encode="ps" mode="bi" command=""@PSDelegate@" -sstdout=%%stderr -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=@GSPSDevice@" -sPDFPassword="%a" "-sOutputFile=%o" "-f%i""/>
++  <delegate decode="pdf" encode="eps" mode="bi" command=""@PSDelegate@" -sstdout=%%stderr -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=@GSEPSDevice@" "-sPDFPassword=%a" "-sOutputFile=%o" "-f%i""/>
++  <delegate decode="pdf" encode="ps" mode="bi" command=""@PSDelegate@" -sstdout=%%stderr -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=@GSPSDevice@" "-sPDFPassword=%a" "-sOutputFile=%o" "-f%i""/>
+   <delegate decode="pnm" encode="trace" command=""@TraceEncodeDelegate@" --svg --output "%o" "%i""/>
+   <delegate decode="png" encode="webp" command=""@WebPEncodeDelegate@" -quiet %Q "%i" -o "%o""/>
+   <delegate decode="pnm" encode="ilbm" mode="encode" command=""@ILBMEncodeDelegate@" -24if "%i" > "%o""/>
+-- 
+2.30.0
+
diff -Nru imagemagick-6.9.11.24+dfsg/debian/patches/0030-restore-passphrase-support-when-rendering-PDF-s.patch imagemagick-6.9.11.24+dfsg/debian/patches/0030-restore-passphrase-support-when-rendering-PDF-s.patch
--- imagemagick-6.9.11.24+dfsg/debian/patches/0030-restore-passphrase-support-when-rendering-PDF-s.patch	1970-01-01 01:00:00.000000000 +0100
+++ imagemagick-6.9.11.24+dfsg/debian/patches/0030-restore-passphrase-support-when-rendering-PDF-s.patch	2021-01-03 15:05:18.000000000 +0100
@@ -0,0 +1,33 @@
+From 83ec5b5b8ee7cae891fff59340be207b513a030d Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Sat, 21 Nov 2020 13:26:16 +0000
+Subject: [PATCH] restore passphrase support when rendering PDF's
+
+---
+ coders/pdf.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/coders/pdf.c b/coders/pdf.c
+index 31efd06e53fd..ce4f7a5f1b63 100644
+--- a/coders/pdf.c
++++ b/coders/pdf.c
+@@ -614,14 +614,13 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)
+     (void) ConcatenateMagickString(options,"-dUseTrimBox ",MaxTextExtent);
+   if (stop_on_error != MagickFalse)
+     (void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent);
+-  option=GetImageOption(image_info,"authenticate");
+-  if (option != (char *) NULL)
++  if (image_info->authenticate != (char *) NULL)
+     {
+       char
+         passphrase[MagickPathExtent],
+         *sanitize_passphrase;
+ 
+-      sanitize_passphrase=SanitizeDelegateString(option);
++      sanitize_passphrase=SanitizeDelegateString(image_info->authenticate);
+       (void) FormatLocaleString(passphrase,MagickPathExtent,
+         "'-sPDFPassword=%s' ",sanitize_passphrase);
+       sanitize_passphrase=DestroyString(sanitize_passphrase);
+-- 
+2.30.0
+
diff -Nru imagemagick-6.9.11.24+dfsg/debian/patches/series imagemagick-6.9.11.24+dfsg/debian/patches/series
--- imagemagick-6.9.11.24+dfsg/debian/patches/series	2020-07-27 03:13:36.000000000 +0200
+++ imagemagick-6.9.11.24+dfsg/debian/patches/series	2021-01-03 15:05:46.000000000 +0100
@@ -20,3 +20,11 @@
 0020-Fix-privacy-breach.patch
 0021-Fix-a-few-html-error.patch
 0022-Fix-a-typo-in-manpage.patch
+0023-disable-ghostscript-formats.patch
+0024-CVE-2020-27560.patch
+0025-shell-injection-vulnerability-via-the-authenticate-o.patch
+0026-fix-shell-injection-vulnerability-via-the-authentica.patch
+0027-fix-shell-injection-vulnerability-via-the-authentica.patch
+0028-fix-shell-injection-vulnerability-via-the-authentica.patch
+0029-fix-shell-injection-vulnerability-via-the-authentica.patch
+0030-restore-passphrase-support-when-rendering-PDF-s.patch


More information about the Pkg-gmagick-im-team mailing list