ImageMagick/CVE-2020-29599-3.patch

From 20f520ed5c8541ae6646bc38d9d3b480785be6c3 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 25 Nov 2019 13:33:50 -0500
Subject: [PATCH] Per Enzo Puig, santize "'" from SHOW and WIN delegates under
 Linux, '"\' for Windows

---
 magick/delegate.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/magick/delegate.c b/magick/delegate.c
index 32beeb15e..bc83401fd 100644
--- a/magick/delegate.c
+++ b/magick/delegate.c
@@ -519,9 +519,15 @@ static char *SanitizeDelegateString(const char *source)
     *p;
 
   static char
+#if defined(MAGICKCORE_WINDOWS_SUPPORT)
     whitelist[] =
       "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
-      "$-_.+!*;(),{}|\\^~[]`\"><#%/?:@&=";
+      "$-_.+!;*(),{}|^~[]`\'><#%/?:@&=";
+#else
+    whitelist[] =
+      "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
+      "$-_.+!;*(),{}|\\^~[]`\"><#%/?:@&=";
+#endif
 
   sanitize_source=AcquireString(source);
   p=sanitize_source;