Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP3:Update
ImageMagick.29153
ImageMagick-CVE-2020-29599.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2020-29599.patch of Package ImageMagick.29153
Index: ImageMagick-7.0.7-34/coders/pdf.c =================================================================== --- ImageMagick-7.0.7-34.orig/coders/pdf.c 2020-12-10 11:25:57.896703842 +0100 +++ ImageMagick-7.0.7-34/coders/pdf.c 2020-12-10 11:31:18.194757454 +0100 @@ -370,6 +370,36 @@ static MagickBooleanType IsPDFRendered(c return(MagickFalse); } +static char *SanitizeDelegateString(const char *source) +{ + char + *sanitize_source; + + const char + *q; + + register char + *p; + + static char +#if defined(MAGICKCORE_WINDOWS_SUPPORT) + whitelist[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 " + "$-_.+!;*(),{}|^~[]`\'><#%/?:@&="; +#else + whitelist[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 " + "$-_.+!;*(),{}|\\^~[]`\"><#%/?:@&="; +#endif + + sanitize_source=AcquireString(source); + p=sanitize_source; + q=sanitize_source+strlen(sanitize_source); + for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist)) + *p='_'; + return(sanitize_source); +} + static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception) { #define BeginXMPPacket "<?xpacket begin=" @@ -728,10 +758,13 @@ static Image *ReadPDFImage(const ImageIn if (option != (char *) NULL) { char - passphrase[MagickPathExtent]; + passphrase[MagickPathExtent], + *sanitize_passphrase; + sanitize_passphrase=SanitizeDelegateString(option); (void) FormatLocaleString(passphrase,MagickPathExtent, - "\"-sPDFPassword=%s\" ",option); + "'-sPDFPassword=%s' ",sanitize_passphrase); + sanitize_passphrase=DestroyString(sanitize_passphrase); (void) ConcatenateMagickString(options,passphrase,MagickPathExtent); } read_info=CloneImageInfo(image_info); Index: ImageMagick-7.0.7-34/config/delegates.xml.in =================================================================== --- ImageMagick-7.0.7-34.orig/config/delegates.xml.in 2020-12-10 11:25:58.084705053 +0100 +++ ImageMagick-7.0.7-34/config/delegates.xml.in 2020-12-10 11:26:23.376867835 +0100 @@ -90,8 +90,8 @@ <delegate decode="pcl:cmyk" stealth="True" command=""@PCLDelegate@" -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=@PCLCMYKDevice@" -dTextAlphaBits=%u -dGraphicsAlphaBits=%u "-r%s" %s "-sOutputFile=%s" "%s""/> <delegate decode="pcl:color" stealth="True" command=""@PCLDelegate@" -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=@PCLColorDevice@" -dTextAlphaBits=%u -dGraphicsAlphaBits=%u "-r%s" %s "-sOutputFile=%s" "%s""/> <delegate decode="pcl:mono" stealth="True" command=""@PCLDelegate@" -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=@PCLMonoDevice@" -dTextAlphaBits=%u -dGraphicsAlphaBits=%u "-r%s" %s "-sOutputFile=%s" "%s""/> - <delegate decode="pdf" encode="eps" mode="bi" command=""@PSDelegate@" -sstdout=%%stderr -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 -sPDFPassword="%a" "-sDEVICE=@GSEPSDevice@" "-sOutputFile=%o" "-f%i""/> - <delegate decode="pdf" encode="ps" mode="bi" command=""@PSDelegate@" -sstdout=%%stderr -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=@GSPSDevice@" -sPDFPassword="%a" "-sOutputFile=%o" "-f%i""/> + <delegate decode="pdf" encode="eps" mode="bi" command=""@PSDelegate@" -sstdout=%%stderr -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=@GSEPSDevice@" "-sPDFPassword=%a" "-sOutputFile=%o" "-f%i""/> + <delegate decode="pdf" encode="ps" mode="bi" command=""@PSDelegate@" -sstdout=%%stderr -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=@GSPSDevice@" "-sPDFPassword=%a" "-sOutputFile=%o" "-f%i""/> <delegate decode="png" encode="webp" command=""@WebPEncodeDelegate@" -quiet %Q "%i" -o "%o""/> <delegate decode="pnm" encode="ilbm" mode="encode" command=""@ILBMEncodeDelegate@" -24if "%i" > "%o""/> <delegate decode="bmp" encode="jxr" command="@MVDelegate@ "%i" "%i.bmp"; "@JXREncodeDelegate@" -i "%i.bmp" -o "%o.jxr"; @MVDelegate@ "%i.bmp" "%i"; @MVDelegate@ "%o.jxr" "%o""/>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
