diff --git a/SOURCES/ImageMagick-cve-2020-29599.patch b/SOURCES/ImageMagick-cve-2020-29599.patch new file mode 100644 index 0000000..6870f34 --- /dev/null +++ b/SOURCES/ImageMagick-cve-2020-29599.patch @@ -0,0 +1,78 @@ +diff -up ImageMagick-6.9.10-68/coders/pdf.c.authenticate ImageMagick-6.9.10-68/coders/pdf.c +--- ImageMagick-6.9.10-68/coders/pdf.c.authenticate 2019-10-06 00:26:16.000000000 +0200 ++++ ImageMagick-6.9.10-68/coders/pdf.c 2020-12-18 09:59:52.319382761 +0100 +@@ -364,6 +364,36 @@ static inline void CleanupPDFInfo(PDFInf + pdf_info->profile=DestroyStringInfo(pdf_info->profile); + } + ++static char *SanitizeDelegateString(const char *source) ++{ ++ char ++ *sanitize_source; ++ ++ const char ++ *q; ++ ++ register char ++ *p; ++ ++ static char ++#if defined(MAGICKCORE_WINDOWS_SUPPORT) ++ whitelist[] = ++ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 " ++ "$-_.+!;*(),{}|^~[]`\'><#%/?:@&="; ++#else ++ whitelist[] = ++ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 " ++ "$-_.+!;*(),{}|\\^~[]`\"><#%/?:@&="; ++#endif ++ ++ sanitize_source=AcquireString(source); ++ p=sanitize_source; ++ q=sanitize_source+strlen(sanitize_source); ++ for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist)) ++ *p='_'; ++ return(sanitize_source); ++} ++ + static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception) + { + char +@@ -585,11 +615,19 @@ static Image *ReadPDFImage(const ImageIn + if (option != (char *) NULL) + { + char +- passphrase[MaxTextExtent]; ++ passphrase[MagickPathExtent], ++ *sanitize_passphrase; + +- (void) FormatLocaleString(passphrase,MaxTextExtent, +- "\"-sPDFPassword=%s\" ",option); +- (void) ConcatenateMagickString(options,passphrase,MaxTextExtent); ++ sanitize_passphrase=SanitizeDelegateString(image_info->authenticate); ++#if defined(MAGICKCORE_WINDOWS_SUPPORT) ++ (void) FormatLocaleString(passphrase,MagickPathExtent, ++ "\"-sPDFPassword=%s\" ",sanitize_passphrase); ++#else ++ (void) FormatLocaleString(passphrase,MagickPathExtent, ++ "'-sPDFPassword=%s' ",sanitize_passphrase); ++#endif ++ sanitize_passphrase=DestroyString(sanitize_passphrase); ++ (void) ConcatenateMagickString(options,passphrase,MagickPathExtent); + } + read_info=CloneImageInfo(image_info); + *read_info->magick='\0'; +diff -up ImageMagick-6.9.10-68/config/delegates.xml.in.authenticate ImageMagick-6.9.10-68/config/delegates.xml.in +--- ImageMagick-6.9.10-68/config/delegates.xml.in.authenticate 2019-10-06 00:26:16.000000000 +0200 ++++ ImageMagick-6.9.10-68/config/delegates.xml.in 2020-12-18 10:02:24.491442232 +0100 +@@ -90,8 +90,8 @@ + + + +- +- ++ ++ + + + diff --git a/SPECS/ImageMagick.spec b/SPECS/ImageMagick.spec index 13d9ec3..b3f8028 100644 --- a/SPECS/ImageMagick.spec +++ b/SPECS/ImageMagick.spec @@ -3,7 +3,7 @@ Name: ImageMagick Version: %{VER}.%{Patchlevel} -Release: 4%{?dist} +Release: 5%{?dist} Summary: An X application for displaying and manipulating images Group: Applications/Multimedia License: ImageMagick @@ -12,6 +12,7 @@ Source0: ftp://ftp.ImageMagick.org/pub/%{name}/%{name}-%{VER}-%{Patchlevel}.tar Patch4: ImageMagick-cve-2016-5118.patch Patch5: ImageMagick-freeze-svg-empty-class.patch +Patch6: ImageMagick-cve-2020-29599.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: bzip2-devel, freetype-devel, libjpeg-devel, libpng-devel @@ -130,6 +131,7 @@ mkdir Magick++/examples cp -p Magick++/demo/*.cpp Magick++/demo/*.miff Magick++/examples %patch4 -p1 -b .cve-2016-5118 %patch5 -p1 -b .cve-2016-5240 +%patch6 -p1 -b .cve-2020-29599 %build %configure --enable-shared \ @@ -299,6 +301,9 @@ rm -rf %{buildroot} %doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt %changelog +* Fri Dec 18 2020 Jan Horak - 6.9.10.68-5 +- Adding CTV-2020-29599 fix + * Fri Jul 10 2020 Jan Horak - 6.9.10.68-4 - Build with openjpeg2 to support JPEG2000 again