Bug#911386: libgraphicsmagick-q16-3: graphicsmagick 1.3.30 has made formats case-se nsitive at the API level

[Beauregard, Christophe (EC)]

Package: libgraphicsmagick-q16-3
Version: 1.3.30+hg15796-1~deb9u1
Severity: important

Somewhere in between GraphicsMagick 1.3.28 and 1.3.30, there was an
internal API change which introduced case sensitivity into magick formats.
Command-line tools seem to work, as do perl API's, but low-level
WriteImage() calls that assume on case-insensitivity are now broken.

Test case program (which is just the first GraphicsMagick API demo
program with a single line added to set image->magick to "gif"):

bob@stretch64-build:~$ cat casetest.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <sys/types.h>
#include <magick/api.h>

int main ( int argc, char **argv )
{
  Image
    *image = (Image *) NULL;

  char
    infile[MaxTextExtent],
    outfile[MaxTextExtent];

  int
    arg = 1,
    exit_status = 0;

  ImageInfo
    *imageInfo;

  ExceptionInfo
    exception;

  InitializeMagick(NULL);
  imageInfo=CloneImageInfo(0);
  GetExceptionInfo(&exception);

  if (argc != 3)
    {
      (void) fprintf ( stderr, "Usage: %s infile outfile\n", argv[0] );
      (void) fflush(stderr);
      exit_status = 1;
      goto program_exit;
    }

  (void) strncpy(infile, argv[arg], MaxTextExtent-1 );
  arg++;
  (void) strncpy(outfile, argv[arg], MaxTextExtent-1 );

  (void) strcpy(imageInfo->filename, infile);
  image = ReadImage(imageInfo, &exception);
  if (image == (Image *) NULL)
    {
      CatchException(&exception);
      exit_status = 1;
      goto program_exit;
    }

  (void) strcpy(image->magick, "gif");
  (void) strcpy(image->filename, outfile);
  if (!WriteImage (imageInfo,image))
    {
      CatchException(&image->exception);
      exit_status = 1;
      goto program_exit;
    }

 program_exit:

  if (image != (Image *) NULL)
    DestroyImage(image);

  if (imageInfo != (ImageInfo *) NULL)
    DestroyImageInfo(imageInfo);
  DestroyMagick();

  return exit_status;
}

bob@stretch64-build:~$ dpkg-query -W libgraphicsmagick-q16-3
libgraphicsmagick-q16-3    1.3.25-8
bob@stretch64-build:~$ gcc -o casetest casetest.c -O
`GraphicsMagick-config --cppflags --ldflags --libs`
bob@stretch64-build:~$ identify x.png
x.png PPM 800x600 800x600+0+0 8-bit sRGB 1.44MB 0.000u 0:00.000
bob@stretch64-build:~$ rm xxx              
bob@stretch64-build:~$ ls -l xxx
ls: cannot access 'xxx': No such file or directory
bob@stretch64-build:~$ ./casetest x.png xxx
bob@stretch64-build:~$ ls -l xxx
-rw-r--r-- 1 bob bob 7620 Oct 19 12:55 xxx
bob@stretch64-build:~$ identify xxx
xxx GIF 800x600 800x600+0+0 8-bit sRGB 128c 7.62KB 0.000u 0:00.000

bob@stretch64-build:~$ sudo apt-get install 
libgraphicsmagick-q16-3=1.3.30+hg15796-1~deb9u1 
libgraphicsmagick1-dev=1.3.30+hg15796-1~deb9u1
Reading package lists... Done
...
Setting up libgraphicsmagick-q16-3 (1.3.30+hg15796-1~deb9u1) ...
Processing triggers for libc-bin (2.24-11+deb9u3) ...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up libgraphicsmagick1-dev (1.3.30+hg15796-1~deb9u1) ...
bob@stretch64-build:~$ dpkg-query -W libgraphicsmagick-q16-3
libgraphicsmagick-q16-3    1.3.30+hg15796-1~deb9u1
bob@stretch64-build:~$ gcc -o casetest casetest.c -O
`GraphicsMagick-config --cppflags --ldflags --libs`
bob@stretch64-build:~$ rm xxx
bob@stretch64-build:~$ ls -l xxx
ls: cannot access 'xxx': No such file or directory
bob@stretch64-build:~$ ./casetest x.png xxx
Magick: No encode delegate for this image format (gif) [No such file
or directory].
bob@stretch64-build:~$ ls -l xxx
ls: cannot access 'xxx': No such file or directory

If the:
  (void) strcpy(image->magick, "gif");
in the test case is changed to:
  (void) strcpy(image->magick, "GIF");

it works correctly against both GraphicsMagick versions.

TL;DR with 1.3.25 it generates a GIF image, and with 1.3.30 it reports that the 
'gif' delegate is missing.

I've also tested with 1.3.28 on bionic and it still works, so this is a >1.3.28 
change.

Needless to say, if someone has GraphicsMagick-based code which doesn't
case convert formats to upper case to set the magick of an output file,
upgrading to the 1.3.30 package will suddenly cause things to not work.

This sort of incompatibility seems like a highly unfortunate thing to
happen in what should be a stable security-based package update
since it puts admins in the position of have to choose between security
or applications continuing to work.

-- System Information:
Debian Release: 9.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_CA.ISO-8859-1, LC_CTYPE=en_CA.ISO-8859-1 (charmap=ISO-8859-1), 
LANGUAGE=en_CA:en (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libgraphicsmagick-q16-3 depends on:
ii  libbz2-1.0       1.0.6-8.1
ii  libc6            2.24-11+deb9u3
ii  libfreetype6     2.6.3-3.2
ii  libgomp1         6.3.0-18+deb9u1
ii  libice6          2:1.0.9-2
ii  libjbig0         2.1-3.1+b2
ii  libjpeg62-turbo  1:1.5.1-2
ii  liblcms2-2       2.8-4+deb9u1
ii  liblzma5         5.2.2-1.2+b1
ii  libpng16-16      1.6.28-1
ii  libsm6           2:1.2.2-1+b3
ii  libtiff5         4.0.8-2+deb9u2
ii  libwebp6         0.5.2-1
ii  libwmf0.2-7      0.2.8.4-10.6
ii  libx11-6         2:1.6.4-3
ii  libxext6         2:1.3.3-1+b2
ii  libxml2          2.9.4+dfsg1-2.2+deb9u2
ii  zlib1g           1:1.2.8.dfsg-5

Versions of packages libgraphicsmagick-q16-3 recommends:
ii  ghostscript  9.20~dfsg-3.2+deb9u5
ii  gsfonts      1:8.11+urwcyr1.0.7~pre44-4.3

Versions of packages libgraphicsmagick-q16-3 suggests:
pn  graphicsmagick-dbg  <none>

-- no debconf information