Hi Bastien,
Hope you are ok.
On Tue, Dec 15, 2020 at 10:34:59AM +0100, Bastien ROUCARIES wrote:
> Hi,
>
> As said on debian-provate go ahead please. I am late due to payjob issue.
Alright attached is a proposed debdiff for covering the CVEs, but
please double check them as well please (it includes as well disabling
the ghostscript handled formats).
There is though another RC bug, #971216 which needs handling for
bullseye and unstable.
Can you take it from here in case you got more free time?
Regards,
Salvatore
diff -Nru imagemagick-6.9.11.24+dfsg/debian/changelog
imagemagick-6.9.11.24+dfsg/debian/changelog
--- imagemagick-6.9.11.24+dfsg/debian/changelog 2020-07-27 03:13:36.000000000
+0200
+++ imagemagick-6.9.11.24+dfsg/debian/changelog 2021-01-03 15:06:17.000000000
+0100
@@ -1,3 +1,15 @@
+imagemagick (8:6.9.11.24+dfsg-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Disable ghostscript handled formats based on -SAFER insecurity
+ * Division by Zero in function OptimizeLayerFrames (CVE-2020-27560)
+ (Closes: #972797)
+ * Fix shell injection vulnerability via the -authenticate option
+ (CVE-2020-29599) (Closes: #977205)
+ * Restore passphrase support when rendering PDF's
+
+ -- Salvatore Bonaccorso <car...@debian.org> Sun, 03 Jan 2021 15:06:17 +0100
+
imagemagick (8:6.9.11.24+dfsg-1) unstable; urgency=medium
* Acknowledge NMU
diff -Nru
imagemagick-6.9.11.24+dfsg/debian/patches/0023-disable-ghostscript-formats.patch
imagemagick-6.9.11.24+dfsg/debian/patches/0023-disable-ghostscript-formats.patch
---
imagemagick-6.9.11.24+dfsg/debian/patches/0023-disable-ghostscript-formats.patch
1970-01-01 01:00:00.000000000 +0100
+++
imagemagick-6.9.11.24+dfsg/debian/patches/0023-disable-ghostscript-formats.patch
2021-01-03 14:53:42.000000000 +0100
@@ -0,0 +1,24 @@
+Author: Steve Beattie <steve.beat...@canonical.com>
+Subject: disable ghostscript handled formats based on -SAFER insecurity
+
+Based on Tavis Ormandy's Recommendations
+updated: 2019-11-11
+
+---
+ config/policy.xml | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/config/policy.xml
++++ b/config/policy.xml
+@@ -86,4 +86,11 @@
+ <policy domain="delegate" rights="none" pattern="HTTP" />
+ <!-- in order to avoid to get image with password text -->
+ <policy domain="path" rights="none" pattern="@*"/>
++ <!-- disable ghostscript format types -->
++ <policy domain="coder" rights="none" pattern="PS" />
++ <policy domain="coder" rights="none" pattern="PS2" />
++ <policy domain="coder" rights="none" pattern="PS3" />
++ <policy domain="coder" rights="none" pattern="EPS" />
++ <policy domain="coder" rights="none" pattern="PDF" />
++ <policy domain="coder" rights="none" pattern="XPS" />
+ </policymap>
diff -Nru imagemagick-6.9.11.24+dfsg/debian/patches/0024-CVE-2020-27560.patch
imagemagick-6.9.11.24+dfsg/debian/patches/0024-CVE-2020-27560.patch
--- imagemagick-6.9.11.24+dfsg/debian/patches/0024-CVE-2020-27560.patch
1970-01-01 01:00:00.000000000 +0100
+++ imagemagick-6.9.11.24+dfsg/debian/patches/0024-CVE-2020-27560.patch
2021-01-03 14:56:32.000000000 +0100
@@ -0,0 +1,34 @@
+From: Cristy <urban-warr...@imagemagick.org>
+Date: Mon, 19 Oct 2020 01:20:20 +0000
+Subject: https://github.com/ImageMagick/ImageMagick/pull/2743
+Origin:
https://github.com/ImageMagick/ImageMagick6/commit/6e3b13c7ef94d72b40fba91987897c4326717a46
+Bug-Debian: https://bugs.debian.org/972797
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-27560
+
+---
+ magick/layer.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/magick/layer.c b/magick/layer.c
+index ca7ab5da6947..e5c83ede6eda 100644
+--- a/magick/layer.c
++++ b/magick/layer.c
+@@ -1382,11 +1382,13 @@ static Image *OptimizeLayerFrames(const Image *image,
+ if ( disposals[i] == DelDispose ) {
+ size_t time = 0;
+ while ( disposals[i] == DelDispose ) {
+- time += curr->delay*1000/curr->ticks_per_second;
++ time += (size_t) (curr->delay*1000*
++ PerceptibleReciprocal((double) curr->ticks_per_second));
+ curr=GetNextImageInList(curr);
+ i++;
+ }
+- time += curr->delay*1000/curr->ticks_per_second;
++ time += (size_t) (curr->delay*1000*
++ PerceptibleReciprocal((double) curr->ticks_per_second));
+ prev_image->ticks_per_second = 100L;
+ prev_image->delay = time*prev_image->ticks_per_second/1000;
+ }
+--
+2.30.0
+
diff -Nru
imagemagick-6.9.11.24+dfsg/debian/patches/0025-shell-injection-vulnerability-via-the-authenticate-o.patch
imagemagick-6.9.11.24+dfsg/debian/patches/0025-shell-injection-vulnerability-via-the-authenticate-o.patch
---
imagemagick-6.9.11.24+dfsg/debian/patches/0025-shell-injection-vulnerability-via-the-authenticate-o.patch
1970-01-01 01:00:00.000000000 +0100
+++
imagemagick-6.9.11.24+dfsg/debian/patches/0025-shell-injection-vulnerability-via-the-authenticate-o.patch
2021-01-03 14:58:59.000000000 +0100
@@ -0,0 +1,36 @@
+From a2b3dd8455da2f17849b55e6b6ddcce587e4a323 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warr...@imagemagick.org>
+Date: Mon, 16 Nov 2020 17:01:57 +0000
+Subject: [PATCH] shell injection vulnerability via the -authenticate option
+
+---
+ coders/pdf.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/coders/pdf.c b/coders/pdf.c
+index 5e4edc76099c..63eda5d81d64 100644
+--- a/coders/pdf.c
++++ b/coders/pdf.c
+@@ -588,11 +588,14 @@ static Image *ReadPDFImage(const ImageInfo
*image_info,ExceptionInfo *exception)
+ if (option != (char *) NULL)
+ {
+ char
+- passphrase[MaxTextExtent];
+-
+- (void) FormatLocaleString(passphrase,MaxTextExtent,
+- "\"-sPDFPassword=%s\" ",option);
+- (void) ConcatenateMagickString(options,passphrase,MaxTextExtent);
++ message[MagickPathExtent],
++ *passphrase;
++
++ passphrase=SanitizeString(option);
++ (void) FormatLocaleString(message,MagickPathExtent,
++ "\"-sPDFPassword=%s\" ",passphrase);
++ passphrase=DestroyString(passphrase);
++ (void) ConcatenateMagickString(options,message,MagickPathExtent);
+ }
+ read_info=CloneImageInfo(image_info);
+ *read_info->magick='\0';
+--
+2.30.0
+
diff -Nru
imagemagick-6.9.11.24+dfsg/debian/patches/0026-fix-shell-injection-vulnerability-via-the-authentica.patch
imagemagick-6.9.11.24+dfsg/debian/patches/0026-fix-shell-injection-vulnerability-via-the-authentica.patch
---
imagemagick-6.9.11.24+dfsg/debian/patches/0026-fix-shell-injection-vulnerability-via-the-authentica.patch
1970-01-01 01:00:00.000000000 +0100
+++
imagemagick-6.9.11.24+dfsg/debian/patches/0026-fix-shell-injection-vulnerability-via-the-authentica.patch
2021-01-03 14:59:45.000000000 +0100
@@ -0,0 +1,63 @@
+From 7b0cce080345e5b7ef26d122f18809c93a19a80e Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warr...@imagemagick.org>
+Date: Mon, 16 Nov 2020 18:17:31 +0000
+Subject: [PATCH] fix shell injection vulnerability via the -authenticate
+ option
+
+---
+ coders/pdf.c | 15 ++++++---------
+ magick/string.c | 8 +++++++-
+ 2 files changed, 13 insertions(+), 10 deletions(-)
+
+diff --git a/coders/pdf.c b/coders/pdf.c
+index 63eda5d81d64..074ba3f648d2 100644
+--- a/coders/pdf.c
++++ b/coders/pdf.c
+@@ -585,17 +585,14 @@ static Image *ReadPDFImage(const ImageInfo
*image_info,ExceptionInfo *exception)
+ if (stop_on_error != MagickFalse)
+ (void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent);
+ option=GetImageOption(image_info,"authenticate");
+- if (option != (char *) NULL)
++ if ((option != (char *) NULL) && (strpbrk(option,"&;<>|") == (char *) NULL))
+ {
+ char
+- message[MagickPathExtent],
+- *passphrase;
+-
+- passphrase=SanitizeString(option);
+- (void) FormatLocaleString(message,MagickPathExtent,
+- "\"-sPDFPassword=%s\" ",passphrase);
+- passphrase=DestroyString(passphrase);
+- (void) ConcatenateMagickString(options,message,MagickPathExtent);
++ passphrase[MagickPathExtent];
++
++ (void) FormatLocaleString(passphrase,MagickPathExtent,
++ "\"-sPDFPassword=%s\" ",option);
++ (void) ConcatenateMagickString(options,passphrase,MagickPathExtent);
+ }
+ read_info=CloneImageInfo(image_info);
+ *read_info->magick='\0';
+diff --git a/magick/string.c b/magick/string.c
+index c8ffa086ffd7..7f6eebc3b842 100644
+--- a/magick/string.c
++++ b/magick/string.c
+@@ -1604,9 +1604,15 @@ MagickExport char *SanitizeString(const char *source)
+ *p;
+
+ static char
++#if defined(MAGICKCORE_WINDOWS_SUPPORT)
+ whitelist[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
+- "$-_.+!*'(),{}|\\^~[]`\"><#%;/?:@&=";
++ "$-_.+!;*(),{}|^~[]`\'><#%/?:@&=";
++#else
++ whitelist[] =
++ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
++ "$-_.+!;*(),{}|\\^~[]`\"><#%/?:@&=";
++#endif
+
+ sanitize_source=AcquireString(source);
+ p=sanitize_source;
+--
+2.30.0
+
diff -Nru
imagemagick-6.9.11.24+dfsg/debian/patches/0027-fix-shell-injection-vulnerability-via-the-authentica.patch
imagemagick-6.9.11.24+dfsg/debian/patches/0027-fix-shell-injection-vulnerability-via-the-authentica.patch
---
imagemagick-6.9.11.24+dfsg/debian/patches/0027-fix-shell-injection-vulnerability-via-the-authentica.patch
1970-01-01 01:00:00.000000000 +0100
+++
imagemagick-6.9.11.24+dfsg/debian/patches/0027-fix-shell-injection-vulnerability-via-the-authentica.patch
2021-01-03 15:00:08.000000000 +0100
@@ -0,0 +1,26 @@
+From ab2e97d2f7520d1d9ff36ef421caf2a899e14ce4 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warr...@imagemagick.org>
+Date: Thu, 19 Nov 2020 18:36:05 +0000
+Subject: [PATCH] fix shell injection vulnerability via the -authenticate
+ option
+
+---
+ coders/pdf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/pdf.c b/coders/pdf.c
+index 074ba3f648d2..ef1567b29cd3 100644
+--- a/coders/pdf.c
++++ b/coders/pdf.c
+@@ -585,7 +585,7 @@ static Image *ReadPDFImage(const ImageInfo
*image_info,ExceptionInfo *exception)
+ if (stop_on_error != MagickFalse)
+ (void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent);
+ option=GetImageOption(image_info,"authenticate");
+- if ((option != (char *) NULL) && (strpbrk(option,"&;<>|") == (char *) NULL))
++ if ((option != (char *) NULL) && (strpbrk(option,"&;<>|\"") == (char *)
NULL))
+ {
+ char
+ passphrase[MagickPathExtent];
+--
+2.30.0
+
diff -Nru
imagemagick-6.9.11.24+dfsg/debian/patches/0028-fix-shell-injection-vulnerability-via-the-authentica.patch
imagemagick-6.9.11.24+dfsg/debian/patches/0028-fix-shell-injection-vulnerability-via-the-authentica.patch
---
imagemagick-6.9.11.24+dfsg/debian/patches/0028-fix-shell-injection-vulnerability-via-the-authentica.patch
1970-01-01 01:00:00.000000000 +0100
+++
imagemagick-6.9.11.24+dfsg/debian/patches/0028-fix-shell-injection-vulnerability-via-the-authentica.patch
2021-01-03 15:00:36.000000000 +0100
@@ -0,0 +1,27 @@
+From 869e38717fa91325da87c2a4cedc148a770a07ec Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warr...@imagemagick.org>
+Date: Thu, 19 Nov 2020 18:39:30 +0000
+Subject: [PATCH] fix shell injection vulnerability via the -authenticate
+ option
+
+---
+ coders/pdf.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/coders/pdf.c b/coders/pdf.c
+index ef1567b29cd3..d5ed5659648b 100644
+--- a/coders/pdf.c
++++ b/coders/pdf.c
+@@ -585,7 +585,8 @@ static Image *ReadPDFImage(const ImageInfo
*image_info,ExceptionInfo *exception)
+ if (stop_on_error != MagickFalse)
+ (void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent);
+ option=GetImageOption(image_info,"authenticate");
+- if ((option != (char *) NULL) && (strpbrk(option,"&;<>|\"") == (char *)
NULL))
++ if ((option != (char *) NULL) &&
++ (strpbrk(option,"&;<>|\"'") == (char *) NULL))
+ {
+ char
+ passphrase[MagickPathExtent];
+--
+2.30.0
+
diff -Nru
imagemagick-6.9.11.24+dfsg/debian/patches/0029-fix-shell-injection-vulnerability-via-the-authentica.patch
imagemagick-6.9.11.24+dfsg/debian/patches/0029-fix-shell-injection-vulnerability-via-the-authentica.patch
---
imagemagick-6.9.11.24+dfsg/debian/patches/0029-fix-shell-injection-vulnerability-via-the-authentica.patch
1970-01-01 01:00:00.000000000 +0100
+++
imagemagick-6.9.11.24+dfsg/debian/patches/0029-fix-shell-injection-vulnerability-via-the-authentica.patch
2021-01-03 15:04:23.000000000 +0100
@@ -0,0 +1,111 @@
+From 226804980651bb4eb5f3ba3b9d7e992f2eda4710 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warr...@imagemagick.org>
+Date: Thu, 19 Nov 2020 20:50:44 +0000
+Subject: [PATCH] fix shell injection vulnerability via the -authenticate
+ option
+
+---
+ coders/pdf.c | 46 ++++++++++++++++++++++++++++++++++-------
+ config/delegates.xml.in | 4 ++--
+ 3 files changed, 43 insertions(+), 11 deletions(-)
+
+diff --git a/coders/pdf.c b/coders/pdf.c
+index d5ed5659648b..31efd06e53fd 100644
+--- a/coders/pdf.c
++++ b/coders/pdf.c
+@@ -368,6 +368,36 @@ static inline void CleanupPDFInfo(PDFInfo *pdf_info)
+ pdf_info->profile=DestroyStringInfo(pdf_info->profile);
+ }
+
++static char *SanitizeDelegateString(const char *source)
++{
++ char
++ *sanitize_source;
++
++ const char
++ *q;
++
++ register char
++ *p;
++
++ static char
++#if defined(MAGICKCORE_WINDOWS_SUPPORT)
++ whitelist[] =
++ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
++ "$-_.+!;*(),{}|^~[]`\'><#%/?:@&=";
++#else
++ whitelist[] =
++ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
++ "$-_.+!;*(),{}|\\^~[]`\"><#%/?:@&=";
++#endif
++
++ sanitize_source=AcquireString(source);
++ p=sanitize_source;
++ q=sanitize_source+strlen(sanitize_source);
++ for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist))
++ *p='_';
++ return(sanitize_source);
++}
++
+ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo
*exception)
+ {
+ char
+@@ -585,14 +615,16 @@ static Image *ReadPDFImage(const ImageInfo
*image_info,ExceptionInfo *exception)
+ if (stop_on_error != MagickFalse)
+ (void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent);
+ option=GetImageOption(image_info,"authenticate");
+- if ((option != (char *) NULL) &&
+- (strpbrk(option,"&;<>|\"'") == (char *) NULL))
++ if (option != (char *) NULL)
+ {
+ char
+- passphrase[MagickPathExtent];
++ passphrase[MagickPathExtent],
++ *sanitize_passphrase;
+
++ sanitize_passphrase=SanitizeDelegateString(option);
+ (void) FormatLocaleString(passphrase,MagickPathExtent,
+- "\"-sPDFPassword=%s\" ",option);
++ "'-sPDFPassword=%s' ",sanitize_passphrase);
++ sanitize_passphrase=DestroyString(sanitize_passphrase);
+ (void) ConcatenateMagickString(options,passphrase,MagickPathExtent);
+ }
+ read_info=CloneImageInfo(image_info);
+@@ -1091,7 +1123,7 @@ static MagickBooleanType WritePOCKETMODImage(const
ImageInfo *image_info,
+ if (page == (Image *) NULL)
+ break;
+ (void) SetImageAlphaChannel(page,RemoveAlphaChannel);
+- page->scene=i++;
++ page->scene=(size_t) i++;
+ AppendImageToList(&pages,page);
+ if ((i == 8) || (GetNextImageInList(next) == (Image *) NULL))
+ {
+@@ -1110,8 +1142,8 @@ static MagickBooleanType WritePOCKETMODImage(const
ImageInfo *image_info,
+ page=CloneImage(pages,0,0,MagickTrue,&image->exception);
+ (void) QueryColorCompliance("#FFF",AllCompliance,
+ &page->background_color,&image->exception);
+- SetImageBackgroundColor(page);
+- page->scene=i;
++ (void) SetImageBackgroundColor(page);
++ page->scene=(size_t) i;
+ AppendImageToList(&pages,page);
+ }
+ images=CloneImages(pages,PocketPageOrder,&image->exception);
+diff --git a/config/delegates.xml.in b/config/delegates.xml.in
+index d93387ac1248..4fc3acc3f31f 100644
+--- a/config/delegates.xml.in
++++ b/config/delegates.xml.in
+@@ -89,8 +89,8 @@
+ <delegate decode="pcl:cmyk" stealth="True"
command=""@PCLDelegate@" -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT
-dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2
"-sDEVICE=@PCLCMYKDevice@" -dTextAlphaBits=%u -dGraphicsAlphaBits=%u
"-r%s" %s "-sOutputFile=%s" "%s""/>
+ <delegate decode="pcl:color" stealth="True"
command=""@PCLDelegate@" -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT
-dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2
"-sDEVICE=@PCLColorDevice@" -dTextAlphaBits=%u -dGraphicsAlphaBits=%u
"-r%s" %s "-sOutputFile=%s" "%s""/>
+ <delegate decode="pcl:mono" stealth="True"
command=""@PCLDelegate@" -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT
-dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2
"-sDEVICE=@PCLMonoDevice@" -dTextAlphaBits=%u -dGraphicsAlphaBits=%u
"-r%s" %s "-sOutputFile=%s" "%s""/>
+- <delegate decode="pdf" encode="eps" mode="bi"
command=""@PSDelegate@" -sstdout=%%stderr -dQUIET -dSAFER -dBATCH
-dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2
-sPDFPassword="%a" "-sDEVICE=@GSEPSDevice@"
"-sOutputFile=%o" "-f%i""/>
+- <delegate decode="pdf" encode="ps" mode="bi"
command=""@PSDelegate@" -sstdout=%%stderr -dQUIET -dSAFER -dBATCH
-dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2
"-sDEVICE=@GSPSDevice@" -sPDFPassword="%a"
"-sOutputFile=%o" "-f%i""/>
++ <delegate decode="pdf" encode="eps" mode="bi"
command=""@PSDelegate@" -sstdout=%%stderr -dQUIET -dSAFER -dBATCH
-dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2
"-sDEVICE=@GSEPSDevice@" "-sPDFPassword=%a"
"-sOutputFile=%o" "-f%i""/>
++ <delegate decode="pdf" encode="ps" mode="bi"
command=""@PSDelegate@" -sstdout=%%stderr -dQUIET -dSAFER -dBATCH
-dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2
"-sDEVICE=@GSPSDevice@" "-sPDFPassword=%a"
"-sOutputFile=%o" "-f%i""/>
+ <delegate decode="pnm" encode="trace"
command=""@TraceEncodeDelegate@" --svg --output "%o"
"%i""/>
+ <delegate decode="png" encode="webp"
command=""@WebPEncodeDelegate@" -quiet %Q "%i" -o
"%o""/>
+ <delegate decode="pnm" encode="ilbm" mode="encode"
command=""@ILBMEncodeDelegate@" -24if "%i" >
"%o""/>
+--
+2.30.0
+
diff -Nru
imagemagick-6.9.11.24+dfsg/debian/patches/0030-restore-passphrase-support-when-rendering-PDF-s.patch
imagemagick-6.9.11.24+dfsg/debian/patches/0030-restore-passphrase-support-when-rendering-PDF-s.patch
---
imagemagick-6.9.11.24+dfsg/debian/patches/0030-restore-passphrase-support-when-rendering-PDF-s.patch
1970-01-01 01:00:00.000000000 +0100
+++
imagemagick-6.9.11.24+dfsg/debian/patches/0030-restore-passphrase-support-when-rendering-PDF-s.patch
2021-01-03 15:05:18.000000000 +0100
@@ -0,0 +1,33 @@
+From 83ec5b5b8ee7cae891fff59340be207b513a030d Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warr...@imagemagick.org>
+Date: Sat, 21 Nov 2020 13:26:16 +0000
+Subject: [PATCH] restore passphrase support when rendering PDF's
+
+---
+ coders/pdf.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/coders/pdf.c b/coders/pdf.c
+index 31efd06e53fd..ce4f7a5f1b63 100644
+--- a/coders/pdf.c
++++ b/coders/pdf.c
+@@ -614,14 +614,13 @@ static Image *ReadPDFImage(const ImageInfo
*image_info,ExceptionInfo *exception)
+ (void) ConcatenateMagickString(options,"-dUseTrimBox ",MaxTextExtent);
+ if (stop_on_error != MagickFalse)
+ (void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent);
+- option=GetImageOption(image_info,"authenticate");
+- if (option != (char *) NULL)
++ if (image_info->authenticate != (char *) NULL)
+ {
+ char
+ passphrase[MagickPathExtent],
+ *sanitize_passphrase;
+
+- sanitize_passphrase=SanitizeDelegateString(option);
++ sanitize_passphrase=SanitizeDelegateString(image_info->authenticate);
+ (void) FormatLocaleString(passphrase,MagickPathExtent,
+ "'-sPDFPassword=%s' ",sanitize_passphrase);
+ sanitize_passphrase=DestroyString(sanitize_passphrase);
+--
+2.30.0
+
diff -Nru imagemagick-6.9.11.24+dfsg/debian/patches/series
imagemagick-6.9.11.24+dfsg/debian/patches/series
--- imagemagick-6.9.11.24+dfsg/debian/patches/series 2020-07-27
03:13:36.000000000 +0200
+++ imagemagick-6.9.11.24+dfsg/debian/patches/series 2021-01-03
15:05:46.000000000 +0100
@@ -20,3 +20,11 @@
0020-Fix-privacy-breach.patch
0021-Fix-a-few-html-error.patch
0022-Fix-a-typo-in-manpage.patch
+0023-disable-ghostscript-formats.patch
+0024-CVE-2020-27560.patch
+0025-shell-injection-vulnerability-via-the-authenticate-o.patch
+0026-fix-shell-injection-vulnerability-via-the-authentica.patch
+0027-fix-shell-injection-vulnerability-via-the-authentica.patch
+0028-fix-shell-injection-vulnerability-via-the-authentica.patch
+0029-fix-shell-injection-vulnerability-via-the-authentica.patch
+0030-restore-passphrase-support-when-rendering-PDF-s.patch
