File gegl-CVE-2021-45463.patch of Package gegl.22279
From bfce470f0f2f37968862129d5038b35429f2909b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=98yvind=20Kol=C3=A5s?= <pippin@gimp.org>
Date: Thu, 16 Dec 2021 00:10:24 +0100
Subject: [PATCH] magick-load: use more robust g_spawn_async() instead of
system()
This fixes issue #298 by avoiding the shell parsing being invoked at
all, this less brittle than any forms of escaping characters, while
retaining the ability to address all existing files.
---
operations/common/magick-load.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/operations/common/magick-load.c b/operations/common/magick-load.c
index e2055b2e9..595169115 100644
--- a/operations/common/magick-load.c
+++ b/operations/common/magick-load.c
@@ -41,20 +41,23 @@ load_cache (GeglProperties *op_magick_load)
if (!op_magick_load->user_data)
{
gchar *filename;
- gchar *cmd;
GeglNode *graph, *sink, *loader;
GeglBuffer *newbuf = NULL;
/* ImageMagick backed fallback FIXME: make this robust.
* maybe use pipes in a manner similar to the raw loader,
* or at least use a properly unique filename */
+ char *argv[4] = {"convert", NULL, NULL, NULL};
filename = g_build_filename (g_get_tmp_dir (), "gegl-magick.png", NULL);
- cmd = g_strdup_printf ("convert \"%s\"'[0]' \"%s\"",
- op_magick_load->path, filename);
- if (system (cmd) == -1)
+
+ argv[1] = g_strdup_printf ("%s[0]", op_magick_load->path);
+ argv[2] = filename;
+ if (!g_spawn_sync (NULL, argv, NULL, G_SPAWN_DEFAULT,
+ NULL, NULL, NULL, NULL, NULL, NULL))
g_warning ("Error executing ImageMagick convert program");
+ g_free (argv[1]);
graph = gegl_node_new ();
sink = gegl_node_new_child (graph,
@@ -67,7 +70,6 @@ load_cache (GeglProperties *op_magick_load)
gegl_node_process (sink);
op_magick_load->user_data = (gpointer) newbuf;
g_object_unref (graph);
- g_free (cmd);
g_free (filename);
}
}
--
GitLab
From 2172cf7e8d7e8891ae2053d6eef213d5bef939cb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=98yvind=20Kol=C3=A5s?= <pippin@gimp.org>
Date: Thu, 16 Dec 2021 01:49:25 +0100
Subject: [PATCH] magick-load: pass redirect to /dev/null flags to
g_spawn_async
---
operations/common/magick-load.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/operations/common/magick-load.c b/operations/common/magick-load.c
index 595169115..3de376026 100644
--- a/operations/common/magick-load.c
+++ b/operations/common/magick-load.c
@@ -53,7 +53,8 @@ load_cache (GeglProperties *op_magick_load)
argv[1] = g_strdup_printf ("%s[0]", op_magick_load->path);
argv[2] = filename;
- if (!g_spawn_sync (NULL, argv, NULL, G_SPAWN_DEFAULT,
+ if (!g_spawn_sync (NULL, argv, NULL,
+ G_SPAWN_STDOUT_TO_DEV_NULL|G_SPAWN_STDERR_TO_DEV_NULL,
NULL, NULL, NULL, NULL, NULL, NULL))
g_warning ("Error executing ImageMagick convert program");
--
GitLab