Bug#977205: Bug#971216: Bug#977205: imagemagick: CVE-2020-29599

2021-01-09 Thread Salvatore Bonaccorso 
Hi,

[dropping the 971216 but from recipients for those]

On Sat, Jan 09, 2021 at 09:54:36AM +, Bastien ROUCARIES wrote:
> hi,
> 
> I am ok with this but could you mention, the whole list of format
> instead of ghostscript format in changelog aka (pdf, eps, ps)

Yes right would be ok.

Note for the CVE-2020-29599, it might be not complete whwat is applied
in the proposed changes, best to double-check with upstream on those.

Regards,
Salvatore

Bug#971216: Bug#977205: imagemagick: CVE-2020-29599

2021-01-09 Thread Bastien ROUCARIES 
hi,

I am ok with this but could you mention, the whole list of format
instead of ghostscript format in changelog aka (pdf, eps, ps)

Bastien

Le dim. 3 janv. 2021 à 14:21, Salvatore Bonaccorso  a écrit :
>
> Hi Bastien,
>
> Hope you are ok.
>
> On Tue, Dec 15, 2020 at 10:34:59AM +0100, Bastien ROUCARIES wrote:
> > Hi,
> >
> > As said on debian-provate go ahead please. I am late due to payjob issue.
>
> Alright attached is a proposed debdiff for covering the CVEs, but
> please double check them as well please (it includes as well disabling
> the ghostscript handled formats).
>
> There is though another RC bug, #971216 which needs handling for
> bullseye and unstable.
>
> Can you take it from here in case you got more free time?
>
> Regards,
> Salvatore

Bug#971216: Bug#977205: imagemagick: CVE-2020-29599

2021-01-03 Thread Salvatore Bonaccorso 
Hi Bastien,

Hope you are ok.

On Tue, Dec 15, 2020 at 10:34:59AM +0100, Bastien ROUCARIES wrote:
> Hi,
> 
> As said on debian-provate go ahead please. I am late due to payjob issue.

Alright attached is a proposed debdiff for covering the CVEs, but
please double check them as well please (it includes as well disabling
the ghostscript handled formats).

There is though another RC bug, #971216 which needs handling for
bullseye and unstable.

Can you take it from here in case you got more free time?

Regards,
Salvatore
diff -Nru imagemagick-6.9.11.24+dfsg/debian/changelog 
imagemagick-6.9.11.24+dfsg/debian/changelog
--- imagemagick-6.9.11.24+dfsg/debian/changelog 2020-07-27 03:13:36.0 
+0200
+++ imagemagick-6.9.11.24+dfsg/debian/changelog 2021-01-03 15:06:17.0 
+0100
@@ -1,3 +1,15 @@
+imagemagick (8:6.9.11.24+dfsg-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Disable ghostscript handled formats based on -SAFER insecurity
+  * Division by Zero in function OptimizeLayerFrames (CVE-2020-27560)
+(Closes: #972797)
+  * Fix shell injection vulnerability via the -authenticate option
+(CVE-2020-29599) (Closes: #977205)
+  * Restore passphrase support when rendering PDF's
+
+ -- Salvatore Bonaccorso   Sun, 03 Jan 2021 15:06:17 +0100
+
 imagemagick (8:6.9.11.24+dfsg-1) unstable; urgency=medium
 
   * Acknowledge NMU
diff -Nru 
imagemagick-6.9.11.24+dfsg/debian/patches/0023-disable-ghostscript-formats.patch
 
imagemagick-6.9.11.24+dfsg/debian/patches/0023-disable-ghostscript-formats.patch
--- 
imagemagick-6.9.11.24+dfsg/debian/patches/0023-disable-ghostscript-formats.patch
1970-01-01 01:00:00.0 +0100
+++ 
imagemagick-6.9.11.24+dfsg/debian/patches/0023-disable-ghostscript-formats.patch
2021-01-03 14:53:42.0 +0100
@@ -0,0 +1,24 @@
+Author: Steve Beattie 
+Subject: disable ghostscript handled formats based on -SAFER insecurity
+
+Based on Tavis Ormandy's Recommendations
+updated: 2019-11-11
+
+---
+ config/policy.xml |5 +
+ 1 file changed, 5 insertions(+)
+
+--- a/config/policy.xml
 b/config/policy.xml
+@@ -86,4 +86,11 @@
+   
+   
+   
++  
++  
++  
++  
++  
++  
++  
+ 
diff -Nru imagemagick-6.9.11.24+dfsg/debian/patches/0024-CVE-2020-27560.patch 
imagemagick-6.9.11.24+dfsg/debian/patches/0024-CVE-2020-27560.patch
--- imagemagick-6.9.11.24+dfsg/debian/patches/0024-CVE-2020-27560.patch 
1970-01-01 01:00:00.0 +0100
+++ imagemagick-6.9.11.24+dfsg/debian/patches/0024-CVE-2020-27560.patch 
2021-01-03 14:56:32.0 +0100
@@ -0,0 +1,34 @@
+From: Cristy 
+Date: Mon, 19 Oct 2020 01:20:20 +
+Subject: https://github.com/ImageMagick/ImageMagick/pull/2743
+Origin: 
https://github.com/ImageMagick/ImageMagick6/commit/6e3b13c7ef94d72b40fba91987897c4326717a46
+Bug-Debian: https://bugs.debian.org/972797
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-27560
+
+---
+ magick/layer.c | 6 --
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/magick/layer.c b/magick/layer.c
+index ca7ab5da6947..e5c83ede6eda 100644
+--- a/magick/layer.c
 b/magick/layer.c
+@@ -1382,11 +1382,13 @@ static Image *OptimizeLayerFrames(const Image *image,
+ if ( disposals[i] == DelDispose ) {
+   size_t time = 0;
+   while ( disposals[i] == DelDispose ) {
+-time += curr->delay*1000/curr->ticks_per_second;
++time += (size_t) (curr->delay*1000*
++  PerceptibleReciprocal((double) curr->ticks_per_second));
+ curr=GetNextImageInList(curr);
+ i++;
+   }
+-  time += curr->delay*1000/curr->ticks_per_second;
++  time += (size_t) (curr->delay*1000*
++PerceptibleReciprocal((double) curr->ticks_per_second));
+   prev_image->ticks_per_second = 100L;
+   prev_image->delay = time*prev_image->ticks_per_second/1000;
+ }
+-- 
+2.30.0
+
diff -Nru 
imagemagick-6.9.11.24+dfsg/debian/patches/0025-shell-injection-vulnerability-via-the-authenticate-o.patch
 
imagemagick-6.9.11.24+dfsg/debian/patches/0025-shell-injection-vulnerability-via-the-authenticate-o.patch
--- 
imagemagick-6.9.11.24+dfsg/debian/patches/0025-shell-injection-vulnerability-via-the-authenticate-o.patch
   1970-01-01 01:00:00.0 +0100
+++ 
imagemagick-6.9.11.24+dfsg/debian/patches/0025-shell-injection-vulnerability-via-the-authenticate-o.patch
   2021-01-03 14:58:59.0 +0100
@@ -0,0 +1,36 @@
+From a2b3dd8455da2f17849b55e6b6ddcce587e4a323 Mon Sep 17 00:00:00 2001
+From: Cristy 
+Date: Mon, 16 Nov 2020 17:01:57 +
+Subject: [PATCH] shell injection vulnerability via the -authenticate option
+
+---
+ coders/pdf.c | 13 -
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/coders/pdf.c b/coders/pdf.c
+index 5e4edc76099c..63eda5d81d64 100644
+--- a/coders/pdf.c
 b/coders/pdf.c
+@@ -588,11 +588,14 @@ static Image *ReadPDFImage(const ImageInfo 
*image_info,ExceptionInfo *exception)
+   if (option != (char *) NULL)
+ {
+   char
+-passphrase[Max