From 7c1bf175b7a7b86f3e0475a2d989eac47b78bb30 Mon Sep 17 00:00:00 2001
From: Yudong Cui <cuiyudong@kylinos.cn>
Date: Tue, 30 Jul 2024 09:57:11 +0800
Subject: [PATCH] fix CVE-2024-41817

---
 ImageMagick.spec                              |  6 +-
 ...re-no-empty-paths-in-the-environment.patch | 63 +++++++++++++++++++
 2 files changed, 68 insertions(+), 1 deletion(-)
 create mode 100644 backport-ensure-no-empty-paths-in-the-environment.patch

diff --git a/ImageMagick.spec b/ImageMagick.spec
index af6e65e..1b3a42e 100644
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@@ -4,13 +4,14 @@
 Name:           ImageMagick
 Epoch:          1
 Version:        7.1.1.35
-Release:        1
+Release:        2
 Summary:        Create, edit, compose, or convert bitmap images
 License:        ImageMagick and MIT
 Url:            https://www.imagemagick.org/
 %global VER %(foo=%{version}; echo ${foo:0:5})
 %global Patchlevel %(foo=%{version}; echo ${foo:6})
 Source0:        https://imagemagick.org/archive/releases/%{name}-%{VER}-%{Patchlevel}.tar.xz
+Patch001:       backport-ensure-no-empty-paths-in-the-environment.patch
 
 BuildRequires:  bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
 BuildRequires:  libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@@ -174,6 +175,9 @@ rm PerlMagick/demo/Generic.ttf
 %{_libdir}/pkgconfig/ImageMagick*
 
 %changelog
+* Tue Jul 30 2024 cuiyudong <cuiyudong@kylinos.cn> - 1:7.1.1.35-2
+- Update to 7.1.1-35
+
 * Thu Jul 25 2024 Funda Wang <fundawang@yeah.net> - 1:7.1.1.35-1
 - Update to 7.1.1-35
 
diff --git a/backport-ensure-no-empty-paths-in-the-environment.patch b/backport-ensure-no-empty-paths-in-the-environment.patch
new file mode 100644
index 0000000..2ff78d1
--- /dev/null
+++ b/backport-ensure-no-empty-paths-in-the-environment.patch
@@ -0,0 +1,63 @@
+From 6526a2b28510ead6a3e14de711bb991ad9abff38 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Fri, 19 Jul 2024 20:41:35 -0400
+Subject: [PATCH] ensure no empty paths in the environment
+
+---
+ app-image/AppRun    | 8 ++++----
+ app-image/AppRun.in | 8 ++++----
+ 2 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/app-image/AppRun b/app-image/AppRun
+index ea8f37efa..f5433c57d 100644
+--- a/app-image/AppRun
++++ b/app-image/AppRun
+@@ -7,16 +7,16 @@
+ 
+ HERE="$(dirname "$(readlink -f "${0}")")"
+ 
+-export MAGICK_HOME="$HERE/usr:${MAGICK_HOME:+:$MAGICK_HOME}" # https://imagemagick.org/QuickStart.txt
+-export MAGICK_CONFIGURE_PATH=$(readlink -f "$HERE/usr/lib/ImageMagick-7.1.1/config-Q16"):$(readlink -f "$HERE/usr/lib/ImageMagick-7.1.1/config-Q16HDRI"):$(readlink -f "$HERE/usr/share/ImageMagick-7"):$(readlink -f "$HERE/usr/etc/ImageMagick-7"):${MAGICK_CONFIGURE_PATH:+:$MAGICK_CONFIGURE_PATH} # Wildcards don't work
++export MAGICK_HOME="$HERE/usr${MAGICK_HOME:+:$MAGICK_HOME}" # https://imagemagick.org/QuickStart.txt
++export MAGICK_CONFIGURE_PATH=$(readlink -f "$HERE/usr/lib/ImageMagick-7.1.1/config-Q16"):$(readlink -f "$HERE/usr/lib/ImageMagick-7.1.1/config-Q16HDRI"):$(readlink -f "$HERE/usr/share/ImageMagick-7"):$(readlink -f "$HERE/usr/etc/ImageMagick-7")${MAGICK_CONFIGURE_PATH:+:$MAGICK_CONFIGURE_PATH} # Wildcards don't work
+ 
+ export LD_LIBRARY_PATH=$(readlink -f "$HERE/usr/lib")${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
+ export LD_LIBRARY_PATH=${HERE}/usr/lib/ImageMagick-7.1.1/modules-Q16HDRI/coders${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
+ 
+ if [ "$1" == "man" ] ; then
+-  export MANPATH="$HERE/usr/share/man:${MANPATH:+:$MANPATH}" ; exec "$@" ; exit $?
++  export MANPATH="$HERE/usr/share/man${MANPATH:+:$MANPATH}" ; exec "$@" ; exit $?
+ elif [ "$1" == "info" ] ; then
+-  export INFOPATH="$HERE/usr/share/info:${INFOPATH:+:$INFOPATH}" ; exec "$@" ; exit $?
++  export INFOPATH="$HERE/usr/share/info${INFOPATH:+:$INFOPATH}" ; exec "$@" ; exit $?
+ fi
+ 
+ if [ -n "$APPIMAGE" ] ; then
+diff --git a/app-image/AppRun.in b/app-image/AppRun.in
+index 965010be0..f09ed21e0 100644
+--- a/app-image/AppRun.in
++++ b/app-image/AppRun.in
+@@ -7,16 +7,16 @@
+ 
+ HERE="$(dirname "$(readlink -f "${0}")")"
+ 
+-export MAGICK_HOME="$HERE/usr:${MAGICK_HOME:+:$MAGICK_HOME}" # https://imagemagick.org/QuickStart.txt
+-export MAGICK_CONFIGURE_PATH=$(readlink -f "$HERE/usr/lib/ImageMagick-@PACKAGE_BASE_VERSION@/config-Q16"):$(readlink -f "$HERE/usr/lib/ImageMagick-@PACKAGE_BASE_VERSION@/config-Q16HDRI"):$(readlink -f "$HERE/usr/share/ImageMagick-7"):$(readlink -f "$HERE/usr/etc/ImageMagick-7"):${MAGICK_CONFIGURE_PATH:+:$MAGICK_CONFIGURE_PATH} # Wildcards don't work
++export MAGICK_HOME="$HERE/usr${MAGICK_HOME:+:$MAGICK_HOME}" # https://imagemagick.org/QuickStart.txt
++export MAGICK_CONFIGURE_PATH=$(readlink -f "$HERE/usr/lib/ImageMagick-@PACKAGE_BASE_VERSION@/config-Q16"):$(readlink -f "$HERE/usr/lib/ImageMagick-@PACKAGE_BASE_VERSION@/config-Q16HDRI"):$(readlink -f "$HERE/usr/share/ImageMagick-7"):$(readlink -f "$HERE/usr/etc/ImageMagick-7")${MAGICK_CONFIGURE_PATH:+:$MAGICK_CONFIGURE_PATH} # Wildcards don't work
+ 
+ export LD_LIBRARY_PATH=$(readlink -f "$HERE/usr/lib")${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
+ export LD_LIBRARY_PATH=${HERE}/usr/lib/ImageMagick-@PACKAGE_BASE_VERSION@/modules-Q16HDRI/coders${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
+ 
+ if [ "$1" == "man" ] ; then
+-  export MANPATH="$HERE/usr/share/man:${MANPATH:+:$MANPATH}" ; exec "$@" ; exit $?
++  export MANPATH="$HERE/usr/share/man${MANPATH:+:$MANPATH}" ; exec "$@" ; exit $?
+ elif [ "$1" == "info" ] ; then
+-  export INFOPATH="$HERE/usr/share/info:${INFOPATH:+:$INFOPATH}" ; exec "$@" ; exit $?
++  export INFOPATH="$HERE/usr/share/info${INFOPATH:+:$INFOPATH}" ; exec "$@" ; exit $?
+ fi
+ 
+ if [ -n "$APPIMAGE" ] ; then
+-- 
+2.43.0.windows.1
+
-- 
Gitee