diff --git a/ImageMagick-6.9.10-67.tar.xz b/7.1.0-28.tar.gz similarity index 43% rename from ImageMagick-6.9.10-67.tar.xz rename to 7.1.0-28.tar.gz index be66bfbe1530bebb195d4c4d9aeb394b79380f03..2f4da9721b2c6a195eb594ae96c7316d52c211a9 100644 Binary files a/ImageMagick-6.9.10-67.tar.xz and b/7.1.0-28.tar.gz differ diff --git a/CVE-2018-16329.patch b/CVE-2018-16329.patch deleted file mode 100644 index 54f8dbf1dba874868c3c86ac402e76c0880c9ca4..0000000000000000000000000000000000000000 --- a/CVE-2018-16329.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 5bf7ff59c8ada957d6a681a0a2cc29f3813ad4bc Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Wed, 1 Apr 2020 19:14:12 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1225 - ---- - magick/property.c | 12 ++++++++++++ - 1 files changed, 12 insertions(+) - -diff --git a/magick/property.c b/magick/property.c -index 4fd7e9d..4c09e40 100644 ---- a/magick/property.c -+++ b/magick/property.c -@@ -2526,6 +2526,13 @@ MagickExport const char *GetImageProperty(const Image *image, - static const char *GetMagickPropertyLetter(const ImageInfo *image_info, - Image *image,const char letter) - { -+#define WarnNoImageInfoReturn(format,arg) \ -+ if (image_info == (ImageInfo *) NULL ) { \ -+ (void) ThrowMagickException(&image->exception,GetMagickModule(), \ -+ OptionWarning,"NoImageInfoForProperty",format,arg); \ -+ return((const char *) NULL); \ -+ } -+ - char - value[MaxTextExtent]; - -@@ -2658,6 +2665,7 @@ static const char *GetMagickPropertyLetter(const ImageInfo *image_info, - /* - Output Filename - for delegate use only - */ -+ WarnNoImageInfoReturn("\"%%%c\"",letter); - string=image_info->filename; - break; - } -@@ -2702,6 +2710,7 @@ static const char *GetMagickPropertyLetter(const ImageInfo *image_info, - /* - Image scene number. - */ -+ WarnNoImageInfoReturn("\"%%%c\"",letter); - if (image_info->number_scenes != 0) - (void) FormatLocaleString(value,MaxTextExtent,"%.20g",(double) - image_info->scene); -@@ -2723,6 +2732,7 @@ static const char *GetMagickPropertyLetter(const ImageInfo *image_info, - /* - Unique filename. - */ -+ WarnNoImageInfoReturn("\"%%%c\"",letter); - string=image_info->unique; - break; - } -@@ -2883,6 +2893,7 @@ static const char *GetMagickPropertyLetter(const ImageInfo *image_info, - /* - Image scenes. - */ -+ WarnNoImageInfoReturn("\"%%%c\"",letter); - if (image_info->number_scenes == 0) - string="2147483647"; - else -@@ -2941,6 +2952,7 @@ static const char *GetMagickPropertyLetter(const ImageInfo *image_info, - /* - Zero filename. - */ -+ WarnNoImageInfoReturn("\"%%%c\"",letter); - string=image_info->zero; - break; - } --- -1.8.3.1 - diff --git a/CVE-2019-18853.patch b/CVE-2019-18853.patch deleted file mode 100644 index 7be1454b6adfefd921d3fc5acfdc9c8070dcda4e..0000000000000000000000000000000000000000 --- a/CVE-2019-18853.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 0e28baf9bcb3e2e759f51cd0d74750e5e195b1aa Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Wed, 23 Oct 2019 06:01:08 -0400 -Subject: [PATCH] [FG-VD-19-136] ImageMagick Convert SVG MacOS Denial Of - Service - ---- - coders/svg.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/coders/svg.c b/coders/svg.c -index 1fee4b8..26ac308 100644 ---- a/coders/svg.c -+++ b/coders/svg.c -@@ -66,9 +66,10 @@ - #include "magick/monitor.h" - #include "magick/monitor-private.h" - #include "magick/pixel-accessor.h" --#include "magick/quantum-private.h" -+#include "magick/option.h" - #include "magick/pixel-private.h" - #include "magick/property.h" -+#include "magick/quantum-private.h" - #include "magick/resource_.h" - #include "magick/static.h" - #include "magick/string_.h" -@@ -3579,9 +3580,14 @@ static Image *ReadSVGImage(const ImageInfo *image_info,ExceptionInfo *exception) - message[n]='\0'; - if (n > 0) - { -+ const char -+ *value; -+ - svg_info->parser=xmlCreatePushParserCtxt(sax_handler,svg_info,(char *) - message,n,image->filename); -- (void) xmlCtxtUseOptions(svg_info->parser,XML_PARSE_HUGE); -+ value=GetImageOption(image_info,"svg:xml-parse-huge"); -+ if ((value != (char *) NULL) && (IsStringTrue(value) != MagickFalse)) -+ (void) xmlCtxtUseOptions(svg_info->parser,XML_PARSE_HUGE); - while ((n=ReadBlob(image,MaxTextExtent-1,message)) != 0) - { - message[n]='\0'; --- -2.30.0 - diff --git a/CVE-2019-7397.patch b/CVE-2019-7397.patch deleted file mode 100644 index 11398018838c4e1dfef0656dcadffc1d0bd1ecdd..0000000000000000000000000000000000000000 --- a/CVE-2019-7397.patch +++ /dev/null @@ -1,156 +0,0 @@ -diff -Nur ImageMagick-6.9.10-67_old/coders/pdf.c ImageMagick-6.9.10-67/coders/pdf.c ---- ImageMagick-6.9.10-67_old/coders/pdf.c 2019-12-25 16:48:50.196305907 +0800 -+++ ImageMagick-6.9.10-67/coders/pdf.c 2019-12-25 18:00:11.863959671 +0800 -@@ -1712,7 +1712,10 @@ - offset=TellBlob(image); - number_pixels=(MagickSizeType) image->columns*image->rows; - if ((4*number_pixels) != (MagickSizeType) ((size_t) (4*number_pixels))) -+ { -+ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); - ThrowPDFException(ResourceLimitError,"MemoryAllocationFailed"); -+ } - if ((compression == FaxCompression) || (compression == Group4Compression) || - ((image_info->type != TrueColorType) && - (SetImageGray(image,&image->exception) != MagickFalse))) -@@ -1735,7 +1738,10 @@ - status=InjectImageBlob(image_info,image,image,"jpeg", - &image->exception); - if (status == MagickFalse) -+ { -+ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); - ThrowPDFException(CoderError,image->exception.reason); -+ } - break; - } - case JPEG2000Compression: -@@ -1743,7 +1749,10 @@ - status=InjectImageBlob(image_info,image,image,"jp2", - &image->exception); - if (status == MagickFalse) -+ { -+ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); - ThrowPDFException(CoderError,image->exception.reason); -+ } - break; - } - case RLECompression: -@@ -1758,7 +1767,10 @@ - length=(size_t) number_pixels; - pixel_info=AcquireVirtualMemory(length,sizeof(*pixels)); - if (pixel_info == (MemoryInfo *) NULL) -+ { -+ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); - ThrowPDFException(ResourceLimitError,"MemoryAllocationFailed"); -+ } - pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); - /* - Dump Runlength encoded pixels. -@@ -1842,7 +1854,10 @@ - status=InjectImageBlob(image_info,image,image,"jpeg", - &image->exception); - if (status == MagickFalse) -+ { -+ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); - ThrowPDFException(CoderError,image->exception.reason); -+ } - break; - } - case JPEG2000Compression: -@@ -1850,7 +1865,10 @@ - status=InjectImageBlob(image_info,image,image,"jp2", - &image->exception); - if (status == MagickFalse) -+ { -+ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); - ThrowPDFException(CoderError,image->exception.reason); -+ } - break; - } - case RLECompression: -@@ -2151,7 +2169,10 @@ - tile_image=ThumbnailImage(image,geometry.width,geometry.height, - &image->exception); - if (tile_image == (Image *) NULL) -+ { -+ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); - ThrowPDFException(ResourceLimitError,image->exception.reason); -+ } - xref[object++]=TellBlob(image); - (void) FormatLocaleString(buffer,MaxTextExtent,"%.20g 0 obj\n",(double) - object); -@@ -2256,7 +2277,10 @@ - status=InjectImageBlob(image_info,image,tile_image,"jpeg", - &image->exception); - if (status == MagickFalse) -+ { -+ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); - ThrowPDFException(CoderError,tile_image->exception.reason); -+ } - break; - } - case JPEG2000Compression: -@@ -2264,7 +2288,10 @@ - status=InjectImageBlob(image_info,image,tile_image,"jp2", - &image->exception); - if (status == MagickFalse) -+ { -+ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); - ThrowPDFException(CoderError,tile_image->exception.reason); -+ } - break; - } - case RLECompression: -@@ -2281,6 +2308,7 @@ - if (pixel_info == (MemoryInfo *) NULL) - { - tile_image=DestroyImage(tile_image); -+ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); - ThrowPDFException(ResourceLimitError,"MemoryAllocationFailed"); - } - pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); -@@ -2354,7 +2382,10 @@ - status=InjectImageBlob(image_info,image,tile_image,"jpeg", - &image->exception); - if (status == MagickFalse) -+ { -+ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); - ThrowPDFException(CoderError,tile_image->exception.reason); -+ } - break; - } - case JPEG2000Compression: -@@ -2362,7 +2393,10 @@ - status=InjectImageBlob(image_info,image,tile_image,"jp2", - &image->exception); - if (status == MagickFalse) -+ { -+ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); - ThrowPDFException(CoderError,tile_image->exception.reason); -+ } - break; - } - case RLECompression: -@@ -2380,6 +2414,7 @@ - if (pixel_info == (MemoryInfo *) NULL) - { - tile_image=DestroyImage(tile_image); -+ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); - ThrowPDFException(ResourceLimitError,"MemoryAllocationFailed"); - } - pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); -@@ -2474,6 +2509,7 @@ - if (pixel_info == (MemoryInfo *) NULL) - { - tile_image=DestroyImage(tile_image); -+ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); - ThrowPDFException(ResourceLimitError, - "MemoryAllocationFailed"); - } -@@ -2679,6 +2715,7 @@ - if (pixel_info == (MemoryInfo *) NULL) - { - image=DestroyImage(image); -+ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); - ThrowPDFException(ResourceLimitError,"MemoryAllocationFailed"); - } - pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); diff --git a/CVE-2020-25664.patch b/CVE-2020-25664.patch deleted file mode 100644 index e01255d42662cd1858e3451809b99372057a65f6..0000000000000000000000000000000000000000 --- a/CVE-2020-25664.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 27d3ddedb73f63fa984ff5b4d66e07eef654070f Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Fri, 4 Oct 2019 19:08:29 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1716 - ---- - coders/png.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/coders/png.c b/coders/png.c -index 410741059..ee6fba297 100644 ---- a/coders/png.c -+++ b/coders/png.c -@@ -11177,11 +11177,11 @@ static MagickBooleanType WriteOnePNGImage(MngInfo *mng_info, - (void) LogMagickEvent(CoderEvent,GetMagickModule(), - " Allocating %.20g bytes of memory for pixels",(double) rowbytes); - } -- pixel_info=AcquireVirtualMemory(rowbytes,sizeof(*ping_pixels)); -+ pixel_info=AcquireVirtualMemory(rowbytes+256,sizeof(*ping_pixels)); - if (pixel_info == (MemoryInfo *) NULL) - png_error(ping,"Allocation of memory for pixels failed"); - ping_pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); -- (void) memset(ping_pixels,0,rowbytes*sizeof(*ping_pixels)); -+ (void) memset(ping_pixels,0,(rowbytes+256)*sizeof(*ping_pixels)); - /* - Initialize image scanlines. - */ diff --git a/CVE-2020-25665.patch b/CVE-2020-25665.patch deleted file mode 100644 index 90c7518e169492ba9df96b5e0488c0456a43697b..0000000000000000000000000000000000000000 --- a/CVE-2020-25665.patch +++ /dev/null @@ -1,40 +0,0 @@ -From ca80e93cc887fb8971ceba2eead2c74e2b927df4 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Fri, 4 Oct 2019 18:19:20 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1714 - ---- - coders/palm.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/coders/palm.c b/coders/palm.c -index 125bab8ff..4cd5522a4 100644 ---- a/coders/palm.c -+++ b/coders/palm.c -@@ -779,7 +779,7 @@ static MagickBooleanType WritePALMImage(const ImageInfo *image_info, - { - (void) TransformImageColorspace(image,sRGBColorspace); - count=GetNumberColors(image,NULL,exception); -- for (bits_per_pixel=1; (one << bits_per_pixel) < count; bits_per_pixel*=2) ; -+ for (bits_per_pixel=1; (one << bits_per_pixel) < count; bits_per_pixel*=2) ; - if (bits_per_pixel > 16) - bits_per_pixel=16; - else -@@ -879,7 +879,7 @@ static MagickBooleanType WritePALMImage(const ImageInfo *image_info, - last_row=(unsigned char *) NULL; - if (image_info->compression == FaxCompression) - { -- last_row=(unsigned char *) AcquireQuantumMemory(bytes_per_row, -+ last_row=(unsigned char *) AcquireQuantumMemory(bytes_per_row+256, - sizeof(*last_row)); - if (last_row == (unsigned char *) NULL) - { -@@ -887,7 +887,7 @@ static MagickBooleanType WritePALMImage(const ImageInfo *image_info, - ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed"); - } - } -- one_row=(unsigned char *) AcquireQuantumMemory(bytes_per_row, -+ one_row=(unsigned char *) AcquireQuantumMemory(bytes_per_row+256, - sizeof(*one_row)); - if (one_row == (unsigned char *) NULL) - { diff --git a/CVE-2020-25666-1.patch b/CVE-2020-25666-1.patch deleted file mode 100644 index 429c392c39980db2ec015b522e6a5b0335911a28..0000000000000000000000000000000000000000 --- a/CVE-2020-25666-1.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 91ae12c57f3b9b23f2072462c27a8378b59f395e Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sun, 13 Oct 2019 11:56:58 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1750 - ---- - magick/histogram.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/magick/histogram.c b/magick/histogram.c -index 36b803a77..68e25fc83 100644 ---- a/magick/histogram.c -+++ b/magick/histogram.c -@@ -1157,12 +1157,12 @@ static int HistogramCompare(const void *x,const void *y) - color_1=(const ColorPacket *) x; - color_2=(const ColorPacket *) y; - if (color_2->pixel.red != color_1->pixel.red) -- return((int) color_1->pixel.red-(int) color_2->pixel.red); -+ return((int) ((ssize_t) color_1->red-(ssize_t) color_2->red)); - if (color_2->pixel.green != color_1->pixel.green) -- return((int) color_1->pixel.green-(int) color_2->pixel.green); -+ return((int) ((ssize_t) color_1->green-(ssize_t) color_2->green)); - if (color_2->pixel.blue != color_1->pixel.blue) -- return((int) color_1->pixel.blue-(int) color_2->pixel.blue); -- return((int) color_2->count-(int) color_1->count); -+ return((int) ((ssize_t) color_1->blue-(ssize_t) color_2->blue)); -+ return((int) ((ssize_t) color_2->count-(ssize_t) color_1->count)); - } - - #if defined(__cplusplus) || defined(c_plusplus) diff --git a/CVE-2020-25666-2.patch b/CVE-2020-25666-2.patch deleted file mode 100644 index 8404ce0f223e40da2f63c390926b11d3b8910a28..0000000000000000000000000000000000000000 --- a/CVE-2020-25666-2.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 245d884e1868ff9b932adad5fcacf9e3e1eb4c7f Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sun, 13 Oct 2019 14:44:54 -0400 -Subject: [PATCH] ... - ---- - magick/histogram.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/magick/histogram.c b/magick/histogram.c -index 68e25fc83..ca210f71c 100644 ---- a/magick/histogram.c -+++ b/magick/histogram.c -@@ -1157,11 +1157,11 @@ static int HistogramCompare(const void *x,const void *y) - color_1=(const ColorPacket *) x; - color_2=(const ColorPacket *) y; - if (color_2->pixel.red != color_1->pixel.red) -- return((int) ((ssize_t) color_1->red-(ssize_t) color_2->red)); -+ return((int) ((ssize_t) color_1->pixel.red-(ssize_t) color_2->pixel.red)); - if (color_2->pixel.green != color_1->pixel.green) -- return((int) ((ssize_t) color_1->green-(ssize_t) color_2->green)); -+ return((int) ((ssize_t) color_1->pixel.green-(ssize_t) color_2->pixel.green)); - if (color_2->pixel.blue != color_1->pixel.blue) -- return((int) ((ssize_t) color_1->blue-(ssize_t) color_2->blue)); -+ return((int) ((ssize_t) color_1->pixel.blue-(ssize_t) color_2->pixel.blue)); - return((int) ((ssize_t) color_2->count-(ssize_t) color_1->count)); - } - diff --git a/CVE-2020-25667.patch b/CVE-2020-25667.patch deleted file mode 100644 index 0c72e62afa3cdafdbf9bb7ee3aafafa45fd49151..0000000000000000000000000000000000000000 --- a/CVE-2020-25667.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 14ba3e46a66c4799d643c7b959792e185c6599c7 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sun, 13 Oct 2019 11:20:29 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1748 - ---- - coders/tiff.c | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) - -diff --git a/coders/tiff.c b/coders/tiff.c -index c21f546bce..e7e6b67aa0 100644 ---- a/coders/tiff.c -+++ b/coders/tiff.c -@@ -648,9 +648,20 @@ static void TIFFGetProfiles(TIFF *tiff,Image *image) - if ((TIFFGetField(tiff,TIFFTAG_XMLPACKET,&length,&profile) == 1) && - (profile != (unsigned char *) NULL)) - { -+ StringInfo -+ *dng; -+ - (void) ReadProfile(image,"xmp",profile,(ssize_t) length); -- if (strstr((char *) profile,"dc:format=\"image/dng\"") != (char *) NULL) -- (void) CopyMagickString(image->magick,"DNG",MagickPathExtent); -+ dng=BlobToStringInfo(profile,length); -+ if (dng != (StringInfo *) NULL) -+ { -+ const char -+ *target = "dc:format=\"image/dng\""; -+ -+ if (strstr((char *) GetStringInfoDatum(dng),target) != (char *) NULL) -+ (void) CopyMagickString(image->magick,"DNG",MagickPathExtent); -+ dng=DestroyStringInfo(dng); -+ } - } - #endif - if ((TIFFGetField(tiff,34118,&length,&profile) == 1) && diff --git a/CVE-2020-25674.patch b/CVE-2020-25674.patch deleted file mode 100644 index f9325d40c477b1014d557160a5930c5083cd8196..0000000000000000000000000000000000000000 --- a/CVE-2020-25674.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 2fdff8e040cd4401498d89f3c3d1f89cffd118b0 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Fri, 4 Oct 2019 19:00:10 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1715 - ---- - coders/png.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/coders/png.c b/coders/png.c -index af50b863d..410741059 100644 ---- a/coders/png.c -+++ b/coders/png.c -@@ -8790,7 +8790,7 @@ static MagickBooleanType WriteOnePNGImage(MngInfo *mng_info, - (void) LogMagickEvent(CoderEvent,GetMagickModule(), - " i (red,green,blue,opacity)"); - -- for (i=0; i < 256; i++) -+ for (i=0; i < MagickMin(image->colors,256); i++) - { - (void) LogMagickEvent(CoderEvent,GetMagickModule(), - " %d (%d,%d,%d,%d)", diff --git a/CVE-2020-25675.patch b/CVE-2020-25675.patch deleted file mode 100644 index 8708db90d150b2cd15a3c04dfe39ab920d96007e..0000000000000000000000000000000000000000 --- a/CVE-2020-25675.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 6b169173585127299f4724f7880b575879c7f033 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Tue, 8 Oct 2019 19:06:11 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1731 - ---- - magick/transform.c | 31 ++++++++++++++++++++----------- - 1 file changed, 20 insertions(+), 11 deletions(-) - -diff --git a/magick/transform.c b/magick/transform.c -index 9edac6210..bbf351aa8 100644 ---- a/magick/transform.c -+++ b/magick/transform.c -@@ -829,14 +829,23 @@ MagickExport Image *CropImage(const Image *image,const RectangleInfo *geometry, - % - */ - --static inline double MagickRound(double x) -+static inline double ConstrainPixelOffset(double x) -+{ -+ if (x < (double) -(SSIZE_MAX-512)) -+ return((double) -(SSIZE_MAX-512)); -+ if (x > (double) (SSIZE_MAX-512)) -+ return((double) (SSIZE_MAX-512)); -+ return(x); -+} -+ -+static inline ssize_t PixelRoundOffset(double x) - { - /* - Round the fraction to nearest integer. - */ - if ((x-floor(x)) < (ceil(x)-x)) -- return(floor(x)); -- return(ceil(x)); -+ return((ssize_t) floor(ConstrainPixelOffset(x))); -+ return((ssize_t) ceil(ConstrainPixelOffset(x))); - } - - MagickExport Image *CropImageToTiles(const Image *image, -@@ -901,18 +910,18 @@ MagickExport Image *CropImageToTiles(const Image *image, - { - if ((flags & AspectValue) == 0) - { -- crop.y=(ssize_t) MagickRound((MagickRealType) (offset.y- -+ crop.y=PixelRoundOffset((MagickRealType) (offset.y- - (geometry.y > 0 ? 0 : geometry.y))); - offset.y+=delta.y; /* increment now to find width */ -- crop.height=(size_t) MagickRound((MagickRealType) (offset.y+ -+ crop.height=(size_t) PixelRoundOffset((MagickRealType) (offset.y+ - (geometry.y < 0 ? 0 : geometry.y))); - } - else - { -- crop.y=(ssize_t) MagickRound((MagickRealType) (offset.y- -+ crop.y=PixelRoundOffset((MagickRealType) (offset.y- - (geometry.y > 0 ? geometry.y : 0))); - offset.y+=delta.y; /* increment now to find width */ -- crop.height=(size_t) MagickRound((MagickRealType) (offset.y+ -+ crop.height=(size_t) PixelRoundOffset((MagickRealType) (offset.y+ - (geometry.y < 0 ? geometry.y : 0))); - } - crop.height-=crop.y; -@@ -921,18 +930,18 @@ MagickExport Image *CropImageToTiles(const Image *image, - { - if ((flags & AspectValue) == 0) - { -- crop.x=(ssize_t) MagickRound((MagickRealType) (offset.x- -+ crop.x=PixelRoundOffset((MagickRealType) (offset.x- - (geometry.x > 0 ? 0 : geometry.x))); - offset.x+=delta.x; /* increment now to find height */ -- crop.width=(size_t) MagickRound((MagickRealType) (offset.x+ -+ crop.width=(size_t) PixelRoundOffset((MagickRealType) (offset.x+ - (geometry.x < 0 ? 0 : geometry.x))); - } - else - { -- crop.x=(ssize_t) MagickRound((MagickRealType) (offset.x- -+ crop.x=PixelRoundOffset((MagickRealType) (offset.x- - (geometry.x > 0 ? geometry.x : 0))); - offset.x+=delta.x; /* increment now to find height */ -- crop.width=(size_t) MagickRound((MagickRealType) (offset.x+ -+ crop.width=(size_t) PixelRoundOffset((MagickRealType) (offset.x+ - (geometry.x < 0 ? geometry.x : 0))); - } - crop.width-=crop.x; diff --git a/CVE-2020-25676.patch b/CVE-2020-25676.patch deleted file mode 100644 index 374b8c7f6ea670e01a20ed60e7e4948076cb09af..0000000000000000000000000000000000000000 --- a/CVE-2020-25676.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 94aeb3c40d25aee1051ba8eb3a31601558ef2506 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Tue, 8 Oct 2019 18:35:50 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1732 - ---- - magick/pixel.c | 17 +++++++++++++---- - 1 file changed, 13 insertions(+), 4 deletions(-) - -diff --git a/magick/pixel.c b/magick/pixel.c -index 96eaf95db..1450a93e2 100644 ---- a/magick/pixel.c -+++ b/magick/pixel.c -@@ -4418,6 +4418,15 @@ static inline void CatromWeights(const MagickRealType x, - (*weights)[2]=x-(*weights)[3]-gamma; - } - -+static inline double ConstrainPixelOffset(double x) -+{ -+ if (x < (double) -(SSIZE_MAX-512)) -+ return((double) -(SSIZE_MAX-512)); -+ if (x > (double) (SSIZE_MAX-512)) -+ return((double) (SSIZE_MAX-512)); -+ return(x); -+} -+ - static inline void SplineWeights(const MagickRealType x, - MagickRealType (*weights)[4]) - { -@@ -4483,8 +4492,8 @@ MagickExport MagickBooleanType InterpolateMagickPixelPacket( - assert(image->signature == MagickCoreSignature); - assert(image_view != (CacheView *) NULL); - status=MagickTrue; -- x_offset=(ssize_t) floor(x); -- y_offset=(ssize_t) floor(y); -+ x_offset=(ssize_t) floor(ConstrainPixelOffset(x)); -+ y_offset=(ssize_t) floor(ConstrainPixelOffset(y)); - interpolate = method; - if (interpolate == UndefinedInterpolatePixel) - interpolate=image->interpolate; -@@ -4502,8 +4511,8 @@ MagickExport MagickBooleanType InterpolateMagickPixelPacket( - if (interpolate == Average9InterpolatePixel) - { - count=3; -- x_offset=(ssize_t) (floor(x+0.5)-1); -- y_offset=(ssize_t) (floor(y+0.5)-1); -+ x_offset=(ssize_t) (floor(ConstrainPixelOffset(x)+0.5)-1); -+ y_offset=(ssize_t) (floor(ConstrainPixelOffset(y)+0.5)-1); - } - else - if (interpolate == Average16InterpolatePixel) diff --git a/CVE-2020-27750.patch b/CVE-2020-27750.patch deleted file mode 100644 index f44d305db8255341da520a1abf39190eed2e7fc8..0000000000000000000000000000000000000000 --- a/CVE-2020-27750.patch +++ /dev/null @@ -1,26 +0,0 @@ -From c7038e710ad0204d6cb37a0229fc55f6f8a8662f Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Thu, 3 Oct 2019 17:39:55 -0400 -Subject: [PATCH] ://github.com/ImageMagick/ImageMagick/issues/1711 - ---- - magick/colorspace-private.h | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/magick/colorspace-private.h b/magick/colorspace-private.h -index 652e44547..090723756 100644 ---- a/magick/colorspace-private.h -+++ b/magick/colorspace-private.h -@@ -75,9 +75,9 @@ static inline void ConvertRGBToCMYK(MagickPixelPacket *pixel) - black=magenta; - if (yellow < black) - black=yellow; -- cyan=(MagickRealType) ((cyan-black)/(1.0-black)); -- magenta=(MagickRealType) ((magenta-black)/(1.0-black)); -- yellow=(MagickRealType) ((yellow-black)/(1.0-black)); -+ cyan=(MagickRealType) (PerceptibleReciprocal(1.0-black)*(cyan-black)); -+ magenta=(MagickRealType) (PerceptibleReciprocal(1.0-black)*(magenta-black)); -+ yellow=(MagickRealType) (PerceptibleReciprocal(1.0-black)*(yellow-black)); - pixel->colorspace=CMYKColorspace; - pixel->red=QuantumRange*cyan; - pixel->green=QuantumRange*magenta; diff --git a/CVE-2020-27751.patch b/CVE-2020-27751.patch deleted file mode 100644 index 2b15306992de635eb5bfee945f6d58d91155da2d..0000000000000000000000000000000000000000 --- a/CVE-2020-27751.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 89cd11f012ee5322746e307efd3089dcfc9fa129 Mon Sep 17 00:00:00 2001 -From: wang_yue111 <648774160@qq.com> -Date: Wed, 3 Mar 2021 10:38:53 +0800 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1727 - ---- - magick/quantum-private.h | 12 +++++++++--- - magick/quantum.c | 2 +- - 2 files changed, 10 insertions(+), 4 deletions(-) - -diff --git a/magick/quantum-private.h b/magick/quantum-private.h -index 6654c1d..7d51397 100644 ---- a/magick/quantum-private.h -+++ b/magick/quantum-private.h -@@ -324,9 +324,15 @@ static inline Quantum ScaleAnyToQuantum(const QuantumAny quantum, - static inline QuantumAny ScaleQuantumToAny(const Quantum quantum, - const QuantumAny range) - { -- if (quantum < 0) -- return((QuantumAny) 0); -- return((QuantumAny) (((MagickRealType) range*quantum)/QuantumRange+0.5)); -+#if !defined(MAGICKCORE_HDRI_SUPPORT) -+ return((QuantumAny) ((MagickRealType) range*quantum/QuantumRange)); -+#else -+ if (quantum <= 0.0) -+ return((QuantumAny) 0UL); -+ if (((MagickRealType) range*quantum/QuantumRange) >= 18446744073709551615.0) -+ return((QuantumAny) MagickULLConstant(18446744073709551615)); -+ return((QuantumAny) ((MagickRealType) range*quantum/QuantumRange+0.5)); -+#endif - } - - #if (MAGICKCORE_QUANTUM_DEPTH == 8) -diff --git a/magick/quantum.c b/magick/quantum.c -index 8edd7e3..37ae6db 100644 ---- a/magick/quantum.c -+++ b/magick/quantum.c -@@ -674,7 +674,7 @@ MagickExport MagickBooleanType SetQuantumDepth(const Image *image, - (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",image->filename); - assert(quantum_info != (QuantumInfo *) NULL); - assert(quantum_info->signature == MagickCoreSignature); -- quantum_info->depth=depth; -+ quantum_info->depth=MagickMin(depth,64); - if (quantum_info->format == FloatingPointQuantumFormat) - { - if (quantum_info->depth > 32) --- -2.23.0 - diff --git a/CVE-2020-27752.patch b/CVE-2020-27752.patch deleted file mode 100644 index 39b9ac4e4c2ae237bbad2dd597d5c893d505b3f0..0000000000000000000000000000000000000000 --- a/CVE-2020-27752.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 5d04522afcfec1feaddbec9ba0f796231aee2ebb Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Tue, 8 Dec 2020 17:09:09 +0000 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1752 - ---- - coders/png.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/coders/png.c b/coders/png.c -index ee6fba2..4107410 100644 ---- a/coders/png.c -+++ b/coders/png.c -@@ -11177,11 +11177,11 @@ static MagickBooleanType WriteOnePNGImage(MngInfo *mng_info, - (void) LogMagickEvent(CoderEvent,GetMagickModule(), - " Allocating %.20g bytes of memory for pixels",(double) rowbytes); - } -- pixel_info=AcquireVirtualMemory(rowbytes+256,sizeof(*ping_pixels)); -+ pixel_info=AcquireVirtualMemory(rowbytes,sizeof(*ping_pixels)); - if (pixel_info == (MemoryInfo *) NULL) - png_error(ping,"Allocation of memory for pixels failed"); - ping_pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); -- (void) memset(ping_pixels,0,(rowbytes+256)*sizeof(*ping_pixels)); -+ (void) memset(ping_pixels,0,rowbytes*sizeof(*ping_pixels)); - /* - Initialize image scanlines. - */ --- -2.23.0 - diff --git a/CVE-2020-27753.patch b/CVE-2020-27753.patch deleted file mode 100644 index 14befb17dd2598b1b58bcdcba16b98f4026f6573..0000000000000000000000000000000000000000 --- a/CVE-2020-27753.patch +++ /dev/null @@ -1,170 +0,0 @@ -From 6f5d3d2cd94eb8361e07546c4bf72cb60681b984 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Wed, 16 Oct 2019 19:36:11 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1757 - ---- - coders/miff.c | 40 ++++++++++------------------------------ - 1 file changed, 10 insertions(+), 30 deletions(-) - -diff --git a/coders/miff.c b/coders/miff.c -index d4a9b44bbe..3dfcbb73b2 100644 ---- a/coders/miff.c -+++ b/coders/miff.c -@@ -224,6 +224,7 @@ static void PushRunlengthPacket(Image *image,const unsigned char *pixels, - switch (image->depth) - { - case 32: -+ default: - { - *index=ConstrainColormapIndex(image,(ssize_t) (((size_t) *p << 24) | - ((size_t) *(p+1) << 16) | ((size_t) *(p+2) << 8) | -@@ -244,9 +245,6 @@ static void PushRunlengthPacket(Image *image,const unsigned char *pixels, - p++; - break; - } -- default: -- (void) ThrowMagickException(&image->exception,GetMagickModule(), -- CorruptImageError,"ImageDepthNotSupported","`%s'",image->filename); - } - *pixel=image->colormap[(ssize_t) *index]; - switch (image->depth) -@@ -277,6 +275,7 @@ static void PushRunlengthPacket(Image *image,const unsigned char *pixels, - break; - } - case 32: -+ default: - { - unsigned int - quantum; -@@ -289,9 +288,6 @@ static void PushRunlengthPacket(Image *image,const unsigned char *pixels, - } - break; - } -- default: -- (void) ThrowMagickException(&image->exception,GetMagickModule(), -- CorruptImageError,"ImageDepthNotSupported","`%s'",image->filename); - } - *length=((size_t) *p++)+1; - return; -@@ -359,6 +355,7 @@ static void PushRunlengthPacket(Image *image,const unsigned char *pixels, - break; - } - case 32: -+ default: - { - unsigned int - quantum; -@@ -390,9 +387,6 @@ static void PushRunlengthPacket(Image *image,const unsigned char *pixels, - } - break; - } -- default: -- (void) ThrowMagickException(&image->exception,GetMagickModule(), -- CorruptImageError,"ImageDepthNotSupported","`%s'",image->filename); - } - *length=(size_t) (*p++)+1; - } -@@ -1120,7 +1114,7 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, - (image->compression == UndefinedCompression) || - (image->colorspace == UndefinedColorspace) || - (image->columns == 0) || (image->rows == 0) || -- (image->depth == 0) || (image->depth > 64)) -+ (image->depth == 0) || (image->depth > 32)) - { - if (profiles != (LinkedListInfo *) NULL) - profiles=DestroyLinkedList(profiles,RelinquishMagickMemory); -@@ -1239,9 +1233,6 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, - p=colormap; - switch (image->depth) - { -- default: -- colormap=(unsigned char *) RelinquishMagickMemory(colormap); -- ThrowMIFFException(CorruptImageError,"ImageDepthNotSupported"); - case 8: - { - unsigned char -@@ -1275,6 +1266,7 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, - break; - } - case 32: -+ default: - { - unsigned int - pixel; -@@ -1855,6 +1847,7 @@ static unsigned char *PopRunlengthPacket(Image *image,unsigned char *pixels, - switch (image->depth) - { - case 32: -+ default: - { - *pixels++=(unsigned char) (value >> 24); - *pixels++=(unsigned char) (value >> 16); -@@ -1866,13 +1859,11 @@ static unsigned char *PopRunlengthPacket(Image *image,unsigned char *pixels, - *pixels++=(unsigned char) value; - break; - } -- default: -- (void) ThrowMagickException(&image->exception,GetMagickModule(), -- CorruptImageError,"ImageDepthNotSupported","`%s'",image->filename); - } - switch (image->depth) - { - case 32: -+ default: - { - unsigned int - value; -@@ -1908,9 +1899,6 @@ static unsigned char *PopRunlengthPacket(Image *image,unsigned char *pixels, - } - break; - } -- default: -- (void) ThrowMagickException(&image->exception,GetMagickModule(), -- CorruptImageError,"ImageDepthNotSupported","`%s'",image->filename); - } - *pixels++=(unsigned char) length; - return(pixels); -@@ -1918,6 +1906,7 @@ static unsigned char *PopRunlengthPacket(Image *image,unsigned char *pixels, - switch (image->depth) - { - case 32: -+ default: - { - unsigned int - value; -@@ -1995,9 +1984,6 @@ static unsigned char *PopRunlengthPacket(Image *image,unsigned char *pixels, - } - break; - } -- default: -- (void) ThrowMagickException(&image->exception,GetMagickModule(), -- CorruptImageError,"ImageDepthNotSupported","`%s'",image->filename); - } - *pixels++=(unsigned char) length; - return(pixels); -@@ -2091,8 +2077,7 @@ static MagickBooleanType WriteMIFFImage(const ImageInfo *image_info, - if ((image->storage_class == PseudoClass) && - (image->colors > (size_t) (GetQuantumRange(image->depth)+1))) - (void) SetImageStorageClass(image,DirectClass); -- image->depth=image->depth <= 8 ? 8UL : image->depth <= 16 ? 16UL : -- image->depth <= 32 ? 32UL : 64UL; -+ image->depth=image->depth <= 8 ? 8UL : image->depth <= 16 ? 16UL : 32UL; - quantum_info=AcquireQuantumInfo(image_info,image); - if (quantum_info == (QuantumInfo *) NULL) - ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed"); -@@ -2449,13 +2434,8 @@ static MagickBooleanType WriteMIFFImage(const ImageInfo *image_info, - { - switch (quantum_info->depth) - { -- default: -- { -- colormap=(unsigned char *) RelinquishMagickMemory(colormap); -- ThrowWriterException(CorruptImageError,"ImageDepthNotSupported"); -- break; -- } - case 32: -+ default: - { - register unsigned int - pixel; diff --git a/CVE-2020-27754-pre-1.patch b/CVE-2020-27754-pre-1.patch deleted file mode 100644 index c6dd6b966c9c141658c72faa5809c0d8d3b9a84f..0000000000000000000000000000000000000000 --- a/CVE-2020-27754-pre-1.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 2000dd1a7da8098483b8937b53ff3b6ff3048c97 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sun, 13 Oct 2019 12:16:40 -0400 -Subject: [PATCH] ... - ---- - magick/quantize.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/magick/quantize.c b/magick/quantize.c -index 9c081d3f9..355d69de7 100644 ---- a/magick/quantize.c -+++ b/magick/quantize.c -@@ -3218,8 +3218,8 @@ static int IntensityCompare(const void *x,const void *y) - - color_1=(PixelPacket *) x; - color_2=(PixelPacket *) y; -- intensity=(ssize_t) (PixelPacketIntensity(color_1)- -- PixelPacketIntensity(color_2)); -+ intensity=(ssize_t) PixelPacketIntensity(color_1)- -+ (ssize_t) PixelPacketIntensity(color_2)); - return((int) intensity); - } - diff --git a/CVE-2020-27754-pre-2.patch b/CVE-2020-27754-pre-2.patch deleted file mode 100644 index a0dde5fdfec222b856db4887bf90d7b2f7c3e961..0000000000000000000000000000000000000000 --- a/CVE-2020-27754-pre-2.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 8c5cbc85c397fff55b859b50c4bc2ab7a79571da Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sun, 13 Oct 2019 15:22:43 -0400 -Subject: [PATCH] ... - ---- - magick/quantize.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/magick/quantize.c b/magick/quantize.c -index 355d69de7..37f58914a 100644 ---- a/magick/quantize.c -+++ b/magick/quantize.c -@@ -3219,7 +3219,7 @@ static int IntensityCompare(const void *x,const void *y) - color_1=(PixelPacket *) x; - color_2=(PixelPacket *) y; - intensity=(ssize_t) PixelPacketIntensity(color_1)- -- (ssize_t) PixelPacketIntensity(color_2)); -+ (ssize_t) PixelPacketIntensity(color_2); - return((int) intensity); - } - diff --git a/CVE-2020-27754.patch b/CVE-2020-27754.patch deleted file mode 100644 index 4a2110d8261ae4df3703a7aa4f1dfb407bd376f2..0000000000000000000000000000000000000000 --- a/CVE-2020-27754.patch +++ /dev/null @@ -1,40 +0,0 @@ -From d5df600d43c8706df513a3273d09aee6f54a9233 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Mon, 14 Oct 2019 19:56:17 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1754 - ---- - magick/quantize.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/magick/quantize.c b/magick/quantize.c -index 37f58914a..1d8cc61ff 100644 ---- a/magick/quantize.c -+++ b/magick/quantize.c -@@ -3207,6 +3207,15 @@ MagickExport MagickBooleanType RemapImages(const QuantizeInfo *quantize_info, - extern "C" { - #endif - -+static inline double ConstrainPixelIntensity(double x) -+{ -+ if (x < (double) -(SSIZE_MAX-512)) -+ return((double) -(SSIZE_MAX-512)); -+ if (x > (double) (SSIZE_MAX-512)) -+ return((double) (SSIZE_MAX-512)); -+ return(x); -+} -+ - static int IntensityCompare(const void *x,const void *y) - { - PixelPacket -@@ -3218,8 +3227,8 @@ static int IntensityCompare(const void *x,const void *y) - - color_1=(PixelPacket *) x; - color_2=(PixelPacket *) y; -- intensity=(ssize_t) PixelPacketIntensity(color_1)- -- (ssize_t) PixelPacketIntensity(color_2); -+ intensity=(ssize_t) ConstrainPixelIntensity(PixelPacketIntensity(color_1))- -+ (ssize_t) ConstrainPixelIntensity(PixelPacketIntensity(color_2)); - return((int) intensity); - } - diff --git a/CVE-2020-27755.patch b/CVE-2020-27755.patch deleted file mode 100644 index b62a61a83445c3a9cfbd700b90498b413795c5d0..0000000000000000000000000000000000000000 --- a/CVE-2020-27755.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 5fa0c9d4376d879855fb154e166c90775530edf4 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Wed, 16 Oct 2019 15:02:11 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1756 - ---- - magick/image.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/magick/image.c b/magick/image.c -index 90cec87..d462c9e 100644 ---- a/magick/image.c -+++ b/magick/image.c -@@ -2703,9 +2703,18 @@ MagickExport MagickBooleanType SetImageExtent(Image *image,const size_t columns, - image->filename); - image->columns=columns; - image->rows=rows; -- if ((image->depth == 0) || (image->depth > (8*sizeof(MagickSizeType)))) -- ThrowBinaryImageException(ImageError,"ImageDepthNotSupported", -- image->filename); -+ if (image->depth == 0) -+ { -+ image->depth=8; -+ (void) ThrowMagickException(&image->exception,GetMagickModule(), -+ ImageError,"ImageDepthNotSupported","`%s'",image->filename); -+ } -+ if (image->depth > (8*sizeof(MagickSizeType))) -+ { -+ image->depth=8*sizeof(MagickSizeType); -+ (void) ThrowMagickException(&image->exception,GetMagickModule(), -+ ImageError,"ImageDepthNotSupported","`%s'",image->filename); -+ } - return(SyncImagePixelCache(image,&image->exception)); - } - --- -2.30.0 - diff --git a/CVE-2020-27756.patch b/CVE-2020-27756.patch deleted file mode 100644 index c3c6e5b7c1f4900483f8cfec994d05392ce08005..0000000000000000000000000000000000000000 --- a/CVE-2020-27756.patch +++ /dev/null @@ -1,31 +0,0 @@ -From d3d96f05950275b916207bf9df03640ef3e9fd6e Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sun, 6 Oct 2019 09:31:02 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1725 - ---- - magick/geometry.c | 8 ++++---- - 2 files changed, 11 insertions(+), 4 deletions(-) - -diff --git a/magick/geometry.c b/magick/geometry.c -index 27f99f8438..101810ca5e 100644 ---- a/magick/geometry.c -+++ b/magick/geometry.c -@@ -1423,13 +1423,13 @@ MagickExport MagickStatusType ParseMetaGeometry(const char *geometry,ssize_t *x, - if (geometry_ratio >= image_ratio) - { - *width=former_width; -- *height=(size_t) floor((double) (former_height*image_ratio/ -- geometry_ratio)+0.5); -+ *height=(size_t) floor((double) (PerceptibleReciprocal( -+ geometry_ratio)*former_height*image_ratio)+0.5); - } - else - { -- *width=(size_t) floor((double) (former_width*geometry_ratio/ -- image_ratio)+0.5); -+ *width=(size_t) floor((double) (PerceptibleReciprocal( -+ image_ratio)*former_width*geometry_ratio)+0.5); - *height=former_height; - } - former_width=(*width); diff --git a/CVE-2020-27757.patch b/CVE-2020-27757.patch deleted file mode 100644 index b0a2e14c84c985c8747b00e8bdecb2445e5da3d0..0000000000000000000000000000000000000000 --- a/CVE-2020-27757.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 3123c4298aab5ae2c0d5016d2b92bbb7896b3a29 Mon Sep 17 00:00:00 2001 -From: wang_yue111 <648774160@qq.com> -Date: Wed, 3 Mar 2021 10:31:02 +0800 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1712 - ---- - magick/quantum-private.h | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/magick/quantum-private.h b/magick/quantum-private.h -index 6ce4038..6654c1d 100644 ---- a/magick/quantum-private.h -+++ b/magick/quantum-private.h -@@ -324,6 +324,8 @@ static inline Quantum ScaleAnyToQuantum(const QuantumAny quantum, - static inline QuantumAny ScaleQuantumToAny(const Quantum quantum, - const QuantumAny range) - { -+ if (quantum < 0) -+ return((QuantumAny) 0); - return((QuantumAny) (((MagickRealType) range*quantum)/QuantumRange+0.5)); - } - --- -2.23.0 - diff --git a/CVE-2020-27758.patch b/CVE-2020-27758.patch deleted file mode 100644 index 5ba3aaa07a797d39f6b29da07073470edd53f591..0000000000000000000000000000000000000000 --- a/CVE-2020-27758.patch +++ /dev/null @@ -1,40 +0,0 @@ -From e5e15b4456c825f78554e2ef1cc6344fa1218448 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sat, 5 Oct 2019 09:44:24 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1719 - ---- - coders/txt.c | 20 ++++++++++---------- - 1 file changed, 10 insertions(+), 10 deletions(-) - -diff --git a/coders/txt.c b/coders/txt.c -index 3a57bcece..9f0354ffb 100644 ---- a/coders/txt.c -+++ b/coders/txt.c -@@ -572,16 +572,16 @@ static Image *ReadTXTImage(const ImageInfo *image_info,ExceptionInfo *exception) - green+=(range+1)/2.0; - blue+=(range+1)/2.0; - } -- pixel.red=(MagickRealType) ScaleAnyToQuantum((QuantumAny) (red+0.5), -- range); -- pixel.green=(MagickRealType) ScaleAnyToQuantum((QuantumAny) (green+0.5), -- range); -- pixel.blue=(MagickRealType) ScaleAnyToQuantum((QuantumAny) (blue+0.5), -- range); -- pixel.index=(MagickRealType) ScaleAnyToQuantum((QuantumAny) (index+0.5), -- range); -- pixel.opacity=(MagickRealType) ScaleAnyToQuantum((QuantumAny) (opacity+ -- 0.5),range); -+ pixel.red=(MagickRealType) ScaleAnyToQuantum((QuantumAny) -+ MagickMax(red+0.5,0.0),range); -+ pixel.green=(MagickRealType) ScaleAnyToQuantum((QuantumAny) -+ MagickMax(green+0.5,0.0),range); -+ pixel.blue=(MagickRealType) ScaleAnyToQuantum((QuantumAny) -+ MagickMax(blue+0.5,0.0),range); -+ pixel.index=(MagickRealType) ScaleAnyToQuantum((QuantumAny) -+ MagickMax(index+0.5,0.0),range); -+ pixel.opacity=(MagickRealType) ScaleAnyToQuantum((QuantumAny) -+ MagickMax(opacity+0.5,0.0),range); - q=GetAuthenticPixels(image,(ssize_t) x_offset,(ssize_t) y_offset,1,1, - exception); - if (q == (PixelPacket *) NULL) diff --git a/CVE-2020-27759.patch b/CVE-2020-27759.patch deleted file mode 100644 index 5526548448227bfb6251956e7b37c05718e29c9d..0000000000000000000000000000000000000000 --- a/CVE-2020-27759.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 460dea07066e2001bc4671fcd8d53233f0fc29b3 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sat, 5 Oct 2019 09:53:19 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1720 - ---- - magick/quantize.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/magick/quantize.c b/magick/quantize.c -index d4c841b68..fb0646661 100644 ---- a/magick/quantize.c -+++ b/magick/quantize.c -@@ -3212,16 +3212,17 @@ extern "C" { - - static int IntensityCompare(const void *x,const void *y) - { -- double -- intensity; -- - PixelPacket - *color_1, - *color_2; - -+ ssize_t -+ intensity; -+ - color_1=(PixelPacket *) x; - color_2=(PixelPacket *) y; -- intensity=PixelPacketIntensity(color_1)-PixelPacketIntensity(color_2); -+ intensity=(ssize_t) (PixelPacketIntensity(color_1)- -+ PixelPacketIntensity(color_2)); - return((int) intensity); - } - diff --git a/CVE-2020-27760.patch b/CVE-2020-27760.patch deleted file mode 100644 index 6d2bb7ac71f08f4b66275aab17ece203b680f4ec..0000000000000000000000000000000000000000 --- a/CVE-2020-27760.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 83cd04f580ccf4cc194813777c1fcfba78e602aa Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Fri, 4 Oct 2019 18:04:09 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1717 - ---- - magick/enhance.c | 27 ++++++++++++++------------- - 1 file changed, 14 insertions(+), 13 deletions(-) - -diff --git a/magick/enhance.c b/magick/enhance.c -index a100cf8b7..614269e3a 100644 ---- a/magick/enhance.c -+++ b/magick/enhance.c -@@ -2207,7 +2207,8 @@ MagickExport MagickBooleanType GammaImageChannel(Image *image, - if (gamma != 0.0) - for (i=0; i <= (ssize_t) MaxMap; i++) - gamma_map[i]=ClampToQuantum((MagickRealType) ScaleMapToQuantum(( -- MagickRealType) (MaxMap*pow((double) i/MaxMap,1.0/gamma)))); -+ MagickRealType) (MaxMap*pow((double) i/MaxMap, -+ PerceptibleReciprocal(gamma))))); - if (image->storage_class == PseudoClass) - { - /* -@@ -2238,18 +2239,18 @@ MagickExport MagickBooleanType GammaImageChannel(Image *image, - #else - if ((channel & RedChannel) != 0) - image->colormap[i].red=QuantumRange*gamma_pow(QuantumScale* -- image->colormap[i].red,1.0/gamma); -+ image->colormap[i].red,PerceptibleReciprocal(gamma)); - if ((channel & GreenChannel) != 0) - image->colormap[i].green=QuantumRange*gamma_pow(QuantumScale* -- image->colormap[i].green,1.0/gamma); -+ image->colormap[i].green,PerceptibleReciprocal(gamma)); - if ((channel & BlueChannel) != 0) - image->colormap[i].blue=QuantumRange*gamma_pow(QuantumScale* -- image->colormap[i].blue,1.0/gamma); -+ image->colormap[i].blue,PerceptibleReciprocal(gamma)); - if ((channel & OpacityChannel) != 0) - { - if (image->matte == MagickFalse) - image->colormap[i].opacity=QuantumRange*gamma_pow(QuantumScale* -- image->colormap[i].opacity,1.0/gamma); -+ image->colormap[i].opacity,PerceptibleReciprocal(gamma)); - else - image->colormap[i].opacity=QuantumRange-QuantumRange*gamma_pow( - QuantumScale*(QuantumRange-image->colormap[i].opacity),1.0/ -@@ -2319,31 +2320,31 @@ MagickExport MagickBooleanType GammaImageChannel(Image *image, - if ((channel & SyncChannels) != 0) - { - SetPixelRed(q,QuantumRange*gamma_pow(QuantumScale*GetPixelRed(q), -- 1.0/gamma)); -+ PerceptibleReciprocal(gamma))); - SetPixelGreen(q,QuantumRange*gamma_pow(QuantumScale*GetPixelGreen(q), -- 1.0/gamma)); -+ PerceptibleReciprocal(gamma))); - SetPixelBlue(q,QuantumRange*gamma_pow(QuantumScale*GetPixelBlue(q), -- 1.0/gamma)); -+ PerceptibleReciprocal(gamma))); - } - else - { - if ((channel & RedChannel) != 0) - SetPixelRed(q,QuantumRange*gamma_pow(QuantumScale*GetPixelRed(q), -- 1.0/gamma)); -+ PerceptibleReciprocal(gamma))); - if ((channel & GreenChannel) != 0) - SetPixelGreen(q,QuantumRange*gamma_pow(QuantumScale* -- GetPixelGreen(q),1.0/gamma)); -+ GetPixelGreen(q),PerceptibleReciprocal(gamma))); - if ((channel & BlueChannel) != 0) - SetPixelBlue(q,QuantumRange*gamma_pow(QuantumScale*GetPixelBlue(q), -- 1.0/gamma)); -+ PerceptibleReciprocal(gamma))); - if ((channel & OpacityChannel) != 0) - { - if (image->matte == MagickFalse) - SetPixelOpacity(q,QuantumRange*gamma_pow(QuantumScale* -- GetPixelOpacity(q),1.0/gamma)); -+ GetPixelOpacity(q),PerceptibleReciprocal(gamma))); - else - SetPixelAlpha(q,QuantumRange*gamma_pow(QuantumScale* -- GetPixelAlpha(q),1.0/gamma)); -+ GetPixelAlpha(q),PerceptibleReciprocal(gamma))); - } - } - #endif diff --git a/CVE-2020-27761.patch b/CVE-2020-27761.patch deleted file mode 100644 index 9ba4e7ac233911670c417b253f1da1420c6dd6fa..0000000000000000000000000000000000000000 --- a/CVE-2020-27761.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 14c90fb315eb3666a4cf6d784cbde74c69c934ec Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Mon, 7 Oct 2019 18:13:37 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1726 - ---- - coders/palm.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/coders/palm.c b/coders/palm.c -index 4cd5522a4..a3eae1d82 100644 ---- a/coders/palm.c -+++ b/coders/palm.c -@@ -908,10 +908,10 @@ static MagickBooleanType WritePALMImage(const ImageInfo *image_info, - { - for (x=0; x < (ssize_t) image->columns; x++) - { -- color16=(unsigned short) ((((31*(size_t) GetPixelRed(p))/ -- (size_t) QuantumRange) << 11) | -- (((63*(size_t) GetPixelGreen(p))/(size_t) QuantumRange) << 5) | -- ((31*(size_t) GetPixelBlue(p))/(size_t) QuantumRange)); -+ color16=(unsigned short) ((((31*(ssize_t) GetPixelRed(p))/ -+ (ssize_t) QuantumRange) << 11) | -+ (((63*(ssize_t) GetPixelGreen(p))/(ssize_t) QuantumRange) << 5) | -+ ((31*(ssize_t) GetPixelBlue(p))/(ssize_t) QuantumRange)); - if (GetPixelOpacity(p) == (Quantum) TransparentOpacity) - { - transpix.red=GetPixelRed(p); diff --git a/CVE-2020-27762.patch b/CVE-2020-27762.patch deleted file mode 100644 index 8508cab0a73e40bd0cb993a5b84d45f369589151..0000000000000000000000000000000000000000 --- a/CVE-2020-27762.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 3e10f7c3c9f0394dfd6ebd372bc34a172dabc8ff Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Thu, 3 Oct 2019 18:24:44 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1713 - ---- - coders/hdr.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/coders/hdr.c b/coders/hdr.c -index ab02f8e52..77e3c6336 100644 ---- a/coders/hdr.c -+++ b/coders/hdr.c -@@ -786,9 +786,12 @@ static MagickBooleanType WriteHDRImage(const ImageInfo *image_info,Image *image) - exponent; - - gamma=frexp(gamma,&exponent)*256.0/gamma; -- pixel[0]=(unsigned char) (gamma*QuantumScale*GetPixelRed(p)); -- pixel[1]=(unsigned char) (gamma*QuantumScale*GetPixelGreen(p)); -- pixel[2]=(unsigned char) (gamma*QuantumScale*GetPixelBlue(p)); -+ if (GetPixelRed(p) > 0) -+ pixel[0]=(unsigned char) (gamma*QuantumScale*GetPixelRed(p)); -+ if (GetPixelGreen(p) > 0) -+ pixel[1]=(unsigned char) (gamma*QuantumScale*GetPixelGreen(p)); -+ if (GetPixelBlue(p) > 0) -+ pixel[2]=(unsigned char) (gamma*QuantumScale*GetPixelBlue(p)); - pixel[3]=(unsigned char) (exponent+128); - } - if ((image->columns >= 8) && (image->columns <= 0x7ffff)) diff --git a/CVE-2020-27763.patch b/CVE-2020-27763.patch deleted file mode 100644 index fbf8d592fe7671ae169c822f81d371c1638655a3..0000000000000000000000000000000000000000 --- a/CVE-2020-27763.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 667c284a440d10ae3453ddc5915caa5333da892d Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Mon, 1 Mar 2021 20:51:17 +0800 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1718 - ---- - magick/resize.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/magick/resize.c b/magick/resize.c -index 4564125..b8d9055 100644 ---- a/magick/resize.c -+++ b/magick/resize.c -@@ -1084,10 +1084,10 @@ MagickExport ResizeFilter *AcquireResizeFilter(const Image *image, - Adjust window function scaling to match windowing support for - weighting function. This avoids a division on every filter call. - */ -- resize_filter->scale/=resize_filter->window_support; -+ resize_filter->scale*=PerceptibleReciprocal(resize_filter->window_support); - - /* -- * Set Cubic Spline B,C values, calculate Cubic coefficients. -+ Set Cubic Spline B,C values, calculate Cubic coefficients. - */ - B=0.0; - C=0.0; --- -2.23.0 - diff --git a/CVE-2020-27764.patch b/CVE-2020-27764.patch deleted file mode 100644 index 57e9805bfd20f5cce691f80b1a3ac9c90431e47d..0000000000000000000000000000000000000000 --- a/CVE-2020-27764.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 3e21bc8a58b4ae38d24c7e283837cc279f35b6a5 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Wed, 9 Oct 2019 18:44:16 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1735 - ---- - magick/statistic.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/magick/statistic.c b/magick/statistic.c -index 7bc816360..87a9a42f4 100644 ---- a/magick/statistic.c -+++ b/magick/statistic.c -@@ -259,7 +259,7 @@ static MagickRealType ApplyEvaluateOperator(RandomInfo *random_info, - } - case AndEvaluateOperator: - { -- result=(MagickRealType) ((size_t) pixel & (size_t) (value+0.5)); -+ result=(MagickRealType) ((ssize_t) pixel & (ssize_t) (value+0.5)); - break; - } - case CosineEvaluateOperator: -@@ -299,7 +299,7 @@ static MagickRealType ApplyEvaluateOperator(RandomInfo *random_info, - } - case LeftShiftEvaluateOperator: - { -- result=(MagickRealType) ((size_t) pixel << (size_t) (value+0.5)); -+ result=(MagickRealType) ((ssize_t) pixel << (ssize_t) (value+0.5)); - break; - } - case LogEvaluateOperator: -@@ -342,7 +342,7 @@ static MagickRealType ApplyEvaluateOperator(RandomInfo *random_info, - } - case OrEvaluateOperator: - { -- result=(MagickRealType) ((size_t) pixel | (size_t) (value+0.5)); -+ result=(MagickRealType) ((ssize_t) pixel | (ssize_t) (value+0.5)); - break; - } - case PoissonNoiseEvaluateOperator: -@@ -359,7 +359,7 @@ static MagickRealType ApplyEvaluateOperator(RandomInfo *random_info, - } - case RightShiftEvaluateOperator: - { -- result=(MagickRealType) ((size_t) pixel >> (size_t) (value+0.5)); -+ result=(MagickRealType) ((ssize_t) pixel >> (ssize_t) (value+0.5)); - break; - } - case RootMeanSquareEvaluateOperator: -@@ -413,7 +413,7 @@ static MagickRealType ApplyEvaluateOperator(RandomInfo *random_info, - } - case XorEvaluateOperator: - { -- result=(MagickRealType) ((size_t) pixel ^ (size_t) (value+0.5)); -+ result=(MagickRealType) ((ssize_t) pixel ^ (ssize_t) (value+0.5)); - break; - } - } diff --git a/CVE-2020-27765.patch b/CVE-2020-27765.patch deleted file mode 100644 index 25a7707a3a6c80c7ccebe22e8e3c15045c58d47c..0000000000000000000000000000000000000000 --- a/CVE-2020-27765.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 4321934be544bc2888c6799fd6b50d8188a3d832 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Tue, 8 Oct 2019 17:27:35 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1730 - ---- - magick/segment.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/magick/segment.c b/magick/segment.c -index 8f03c22ef..46fae277f 100644 ---- a/magick/segment.c -+++ b/magick/segment.c -@@ -1696,7 +1696,7 @@ static MagickRealType OptimalTau(const ssize_t *histogram,const double max_tau, - average_tau=0.0; - for (i=0; i < number_nodes; i++) - average_tau+=list[i]->tau; -- average_tau/=(MagickRealType) number_nodes; -+ average_tau*=PerceptibleReciprocal((MagickRealType) number_nodes); - /* - Relinquish resources. - */ diff --git a/CVE-2020-27766-CVE-2020-27774.patch b/CVE-2020-27766-CVE-2020-27774.patch deleted file mode 100644 index 1c3fbdf4c7fdce2d2294ecbadf8636dad262ade9..0000000000000000000000000000000000000000 --- a/CVE-2020-27766-CVE-2020-27774.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 052175e4b190598141fbcc64641cd5ee4db3602d Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Thu, 10 Oct 2019 20:40:18 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1743 - ---- - magick/statistic.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/magick/statistic.c b/magick/statistic.c -index 2db7c858f..827d87fa6 100644 ---- a/magick/statistic.c -+++ b/magick/statistic.c -@@ -230,6 +230,9 @@ static MagickRealType ApplyEvaluateOperator(RandomInfo *random_info, - MagickRealType - result; - -+ register ssize_t -+ i; -+ - result=0.0; - switch (op) - { -@@ -299,7 +302,9 @@ static MagickRealType ApplyEvaluateOperator(RandomInfo *random_info, - } - case LeftShiftEvaluateOperator: - { -- result=(MagickRealType) ((ssize_t) pixel << (ssize_t) (value+0.5)); -+ result=(double) pixel; -+ for (i=0; i < (ssize_t) value; i++) -+ result*=2.0; - break; - } - case LogEvaluateOperator: -@@ -359,7 +364,9 @@ static MagickRealType ApplyEvaluateOperator(RandomInfo *random_info, - } - case RightShiftEvaluateOperator: - { -- result=(MagickRealType) ((ssize_t) pixel >> (ssize_t) (value+0.5)); -+ result=(MagickRealType) pixel; -+ for (i=0; i < (ssize_t) value; i++) -+ result/=2.0; - break; - } - case RootMeanSquareEvaluateOperator: diff --git a/CVE-2020-27767.patch b/CVE-2020-27767.patch deleted file mode 100644 index cbd74b80a1581ea2761a81a5be498fd9601ff989..0000000000000000000000000000000000000000 --- a/CVE-2020-27767.patch +++ /dev/null @@ -1,68 +0,0 @@ -From c2f66e7fc9189a652f77a021bd047c4146d634d1 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Thu, 10 Oct 2019 21:03:00 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1741 - ---- - magick/quantum.h | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/magick/quantum.h b/magick/quantum.h -index 821680de0..6c05c212a 100644 ---- a/magick/quantum.h -+++ b/magick/quantum.h -@@ -18,6 +18,7 @@ - #ifndef MAGICKCORE_QUANTUM_H - #define MAGICKCORE_QUANTUM_H - -+#include - #include "magick/image.h" - #include "magick/semaphore.h" - -@@ -87,6 +88,10 @@ typedef struct _QuantumInfo - static inline Quantum ClampToQuantum(const MagickRealType value) - { - #if defined(MAGICKCORE_HDRI_SUPPORT) -+ if (value < FLT_MIN) -+ return((Quantum) FLT_MIN); -+ if (value > FLT_MAX) -+ return((Quantum) FLT_MAX); - return((Quantum) value); - #else - if (value <= 0.0f) -@@ -103,7 +108,7 @@ static inline unsigned char ScaleQuantumToChar(const Quantum quantum) - #if !defined(MAGICKCORE_HDRI_SUPPORT) - return((unsigned char) quantum); - #else -- if (quantum <= 0.0) -+ if ((IsNaN(quantum) != MagickFalse) || (quantum <= 0.0)) - return(0); - if (quantum >= 255.0) - return(255); -@@ -116,7 +121,7 @@ static inline unsigned char ScaleQuantumToChar(const Quantum quantum) - #if !defined(MAGICKCORE_HDRI_SUPPORT) - return((unsigned char) (((quantum+128UL)-((quantum+128UL) >> 8)) >> 8)); - #else -- if (quantum <= 0.0) -+ if ((IsNaN(quantum) != MagickFalse) || (quantum <= 0.0)) - return(0); - if ((quantum/257.0) >= 255.0) - return(255); -@@ -130,7 +135,7 @@ static inline unsigned char ScaleQuantumToChar(const Quantum quantum) - return((unsigned char) ((quantum+MagickULLConstant(8421504))/ - MagickULLConstant(16843009))); - #else -- if (quantum <= 0.0) -+ if ((IsNaN(quantum) != MagickFalse) || (quantum <= 0.0)) - return(0); - if ((quantum/16843009.0) >= 255.0) - return(255); -@@ -143,7 +148,7 @@ static inline unsigned char ScaleQuantumToChar(const Quantum quantum) - #if !defined(MAGICKCORE_HDRI_SUPPORT) - return((unsigned char) (quantum/72340172838076673.0+0.5)); - #else -- if (quantum <= 0.0) -+ if ((IsNaN(quantum) != MagickFalse) || (quantum <= 0.0)) - return(0); - if ((quantum/72340172838076673.0) >= 255.0) - return(255); diff --git a/CVE-2020-27768.patch b/CVE-2020-27768.patch deleted file mode 100644 index 2f572ed5d401af5100abab468740be73aa5ca1bc..0000000000000000000000000000000000000000 --- a/CVE-2020-27768.patch +++ /dev/null @@ -1,138 +0,0 @@ -From 6f4e6ab0e4dd78460e04aca3c8f38bbf8de837b5 Mon Sep 17 00:00:00 2001 -From: wang_yue111 <648774160@qq.com> -Date: Wed, 3 Mar 2021 11:01:31 +0800 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1751 - ---- - magick/quantum-private.h | 38 +++++++++++++++++++------------------- - 1 file changed, 19 insertions(+), 19 deletions(-) - -diff --git a/magick/quantum-private.h b/magick/quantum-private.h -index 7d51397..d4b0143 100644 ---- a/magick/quantum-private.h -+++ b/magick/quantum-private.h -@@ -327,7 +327,7 @@ static inline QuantumAny ScaleQuantumToAny(const Quantum quantum, - #if !defined(MAGICKCORE_HDRI_SUPPORT) - return((QuantumAny) ((MagickRealType) range*quantum/QuantumRange)); - #else -- if (quantum <= 0.0) -+ if ((IsNaN(quantum) != MagickFalse) || (quantum <= 0.0)) - return((QuantumAny) 0UL); - if (((MagickRealType) range*quantum/QuantumRange) >= 18446744073709551615.0) - return((QuantumAny) MagickULLConstant(18446744073709551615)); -@@ -368,8 +368,8 @@ static inline unsigned int ScaleQuantumToLong(const Quantum quantum) - #if !defined(MAGICKCORE_HDRI_SUPPORT) - return((unsigned int) (16843009UL*quantum)); - #else -- if (quantum <= 0.0) -- return(0UL); -+ if ((IsNaN(quantum) != MagickFalse) || (quantum <= 0.0)) -+ return(0U); - if ((16843009.0*quantum) >= 4294967295.0) - return(4294967295UL); - return((unsigned int) (16843009.0*quantum+0.5)); -@@ -383,8 +383,8 @@ static inline unsigned int ScaleQuantumToMap(const Quantum quantum) - #if !defined(MAGICKCORE_HDRI_SUPPORT) - return((unsigned int) quantum); - #else -- if (quantum < 0.0) -- return(0UL); -+ if ((IsNaN(quantum) != MagickFalse) || (quantum <= 0.0)) -+ return(0U); - return((unsigned int) (quantum+0.5)); - #endif - } -@@ -394,7 +394,7 @@ static inline unsigned short ScaleQuantumToShort(const Quantum quantum) - #if !defined(MAGICKCORE_HDRI_SUPPORT) - return((unsigned short) (257UL*quantum)); - #else -- if (quantum <= 0.0) -+ if ((IsNaN(quantum) != MagickFalse) || (quantum <= 0.0)) - return(0); - if ((257.0*quantum) >= 65535.0) - return(65535); -@@ -447,8 +447,8 @@ static inline unsigned int ScaleQuantumToLong(const Quantum quantum) - #if !defined(MAGICKCORE_HDRI_SUPPORT) - return((unsigned int) (65537UL*quantum)); - #else -- if (quantum <= 0.0) -- return(0UL); -+ if ((IsNaN(quantum) != MagickFalse) || (quantum <= 0.0)) -+ return(0U); - if ((65537.0*quantum) >= 4294967295.0) - return(4294967295U); - return((unsigned int) (65537.0*quantum+0.5)); -@@ -462,8 +462,8 @@ static inline unsigned int ScaleQuantumToMap(const Quantum quantum) - #if !defined(MAGICKCORE_HDRI_SUPPORT) - return((unsigned int) quantum); - #else -- if (quantum < 0.0) -- return(0UL); -+ if ((IsNaN(quantum) != MagickFalse) || (quantum <= 0.0)) -+ return(0U); - return((unsigned int) (quantum+0.5)); - #endif - } -@@ -473,7 +473,7 @@ static inline unsigned short ScaleQuantumToShort(const Quantum quantum) - #if !defined(MAGICKCORE_HDRI_SUPPORT) - return((unsigned short) quantum); - #else -- if (quantum <= 0.0) -+ if ((IsNaN(quantum) != MagickFalse) || (quantum <= 0.0)) - return(0); - if (quantum >= 65535.0) - return(65535); -@@ -518,8 +518,8 @@ static inline unsigned int ScaleQuantumToLong(const Quantum quantum) - #if !defined(MAGICKCORE_HDRI_SUPPORT) - return((unsigned int) quantum); - #else -- if (quantum <= 0.0) -- return(0); -+ if ((IsNaN(quantum) != MagickFalse) || (quantum <= 0.0)) -+ return(0U); - if ((quantum) >= 4294967295.0) - return(4294967295); - return((unsigned int) (quantum+0.5)); -@@ -528,8 +528,8 @@ static inline unsigned int ScaleQuantumToLong(const Quantum quantum) - - static inline unsigned int ScaleQuantumToMap(const Quantum quantum) - { -- if (quantum < 0.0) -- return(0UL); -+ if ((IsNaN(quantum) != MagickFalse) || (quantum <= 0.0)) -+ return(0U); - if ((quantum/65537) >= (Quantum) MaxMap) - return((unsigned int) MaxMap); - #if !defined(MAGICKCORE_HDRI_SUPPORT) -@@ -546,7 +546,7 @@ static inline unsigned short ScaleQuantumToShort(const Quantum quantum) - return((unsigned short) ((quantum+MagickULLConstant(32768))/ - MagickULLConstant(65537))); - #else -- if (quantum <= 0.0) -+ if ((IsNaN(quantum) != MagickFalse) || (quantum <= 0.0)) - return(0); - if ((quantum/65537.0) >= 65535.0) - return(65535); -@@ -589,8 +589,8 @@ static inline unsigned int ScaleQuantumToLong(const Quantum quantum) - - static inline unsigned int ScaleQuantumToMap(const Quantum quantum) - { -- if (quantum <= 0.0) -- return(0UL); -+ if ((IsNaN(quantum) != MagickFalse) || (quantum <= 0.0)) -+ return(0U); - if ((quantum/281479271743489.0) >= MaxMap) - return((unsigned int) MaxMap); - return((unsigned int) (quantum/281479271743489.0+0.5)); -@@ -598,7 +598,7 @@ static inline unsigned int ScaleQuantumToMap(const Quantum quantum) - - static inline unsigned short ScaleQuantumToShort(const Quantum quantum) - { -- if (quantum <= 0.0) -+ if ((IsNaN(quantum) != MagickFalse) || (quantum <= 0.0)) - return(0); - if ((quantum/281479271743489.0) >= 65535.0) - return(65535); --- -2.23.0 - diff --git a/CVE-2020-27769.patch b/CVE-2020-27769.patch deleted file mode 100644 index 0a847db29e860bc0dd9834b857dd435be0cceac4..0000000000000000000000000000000000000000 --- a/CVE-2020-27769.patch +++ /dev/null @@ -1,36 +0,0 @@ -From d6f3c03cf55c98da87e547882379a85ce2b3dc81 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Fri, 11 Oct 2019 20:21:42 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1740 - ---- - magick/quantize.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/magick/quantize.c b/magick/quantize.c -index 0f963b4..b6c1645 100644 ---- a/magick/quantize.c -+++ b/magick/quantize.c -@@ -2293,8 +2293,8 @@ MagickExport MagickBooleanType PosterizeImageChannel(Image *image, - const ChannelType channel,const size_t levels,const MagickBooleanType dither) - { - #define PosterizeImageTag "Posterize/Image" --#define PosterizePixel(pixel) (Quantum) (QuantumRange*(MagickRound( \ -- QuantumScale*pixel*(levels-1)))/MagickMax((ssize_t) levels-1,1)) -+#define PosterizePixel(pixel) ClampToQuantum((MagickRealType) QuantumRange*( \ -+ MagickRound(QuantumScale*pixel*(levels-1)))/MagickMax((ssize_t) levels-1,1)) - - CacheView - *image_view; -@@ -3342,7 +3342,7 @@ static MagickBooleanType SetGrayscaleImage(Image *image) - } - (void) memset(colormap_index,0,extent*sizeof(*colormap_index)); - for (i=0; i < (ssize_t) image->colors; i++) -- image->colormap[i].opacity=(unsigned short) i; -+ image->colormap[i].opacity=(Quantum) i; - qsort((void *) image->colormap,image->colors,sizeof(PixelPacket), - IntensityCompare); - colormap=(PixelPacket *) AcquireQuantumMemory(image->colors, --- -2.23.0 - diff --git a/CVE-2020-27770.patch b/CVE-2020-27770.patch deleted file mode 100644 index 752198831b6f911305a4df013d48ccfb5459ac77..0000000000000000000000000000000000000000 --- a/CVE-2020-27770.patch +++ /dev/null @@ -1,33 +0,0 @@ -From c01495f91ac71c5205f52713430b68e80d851149 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sat, 5 Oct 2019 08:56:29 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1721 - ---- - magick/string.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/magick/string.c b/magick/string.c -index f6f7b9318..1b47f562e 100644 ---- a/magick/string.c -+++ b/magick/string.c -@@ -2534,7 +2534,7 @@ MagickExport MagickBooleanType SubstituteString(char **string, - { - if (search_extent == 0) - search_extent=strlen(search); -- if (strncmp(p,search,search_extent) != 0) -+ if ((*p == *search) && (strncmp(p,search,search_extent) != 0)) - continue; - /* - We found a match. -@@ -2562,7 +2562,9 @@ MagickExport MagickBooleanType SubstituteString(char **string, - (void) memmove(p+replace_extent,p+search_extent, - strlen(p+search_extent)+1); - (void) memcpy(p,replace,replace_extent); -- p+=replace_extent-1; -+ p+=replace_extent; -+ if (replace_extent != 0) -+ p--; - } - return(status); - } diff --git a/CVE-2020-27771.patch b/CVE-2020-27771.patch deleted file mode 100644 index a0928c3094b0fa6fe5e79d7069830a4e95c6d7f8..0000000000000000000000000000000000000000 --- a/CVE-2020-27771.patch +++ /dev/null @@ -1,50 +0,0 @@ -From a07ecde4c1c3a3efaa628434adc903295f6bb2b3 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Mon, 14 Oct 2019 19:41:20 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1753 - ---- - coders/pdf.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/coders/pdf.c b/coders/pdf.c -index 4da13db33..dd1a504e5 100644 ---- a/coders/pdf.c -+++ b/coders/pdf.c -@@ -1991,7 +1991,7 @@ RestoreMSCWarning - break; - indexes=GetVirtualIndexQueue(image); - for (x=0; x < (ssize_t) image->columns; x++) -- *q++=(unsigned char) GetPixelIndex(indexes+x); -+ *q++=(unsigned char) ((ssize_t) GetPixelIndex(indexes+x)); - if (image->previous == (Image *) NULL) - { - status=SetImageProgress(image,SaveImageTag, -@@ -2033,7 +2033,7 @@ RestoreMSCWarning - indexes=GetVirtualIndexQueue(image); - for (x=0; x < (ssize_t) image->columns; x++) - Ascii85Encode(image,(unsigned char) -- GetPixelIndex(indexes+x)); -+ ((ssize_t) GetPixelIndex(indexes+x))); - if (image->previous == (Image *) NULL) - { - status=SetImageProgress(image,SaveImageTag, -@@ -2491,7 +2491,7 @@ RestoreMSCWarning - break; - indexes=GetVirtualIndexQueue(tile_image); - for (x=0; x < (ssize_t) tile_image->columns; x++) -- *q++=(unsigned char) GetPixelIndex(indexes+x); -+ *q++=(unsigned char) ((ssize_t) GetPixelIndex(indexes+x)); - } - #if defined(MAGICKCORE_ZLIB_DELEGATE) - if (compression == ZipCompression) -@@ -2525,7 +2525,8 @@ RestoreMSCWarning - break; - indexes=GetVirtualIndexQueue(tile_image); - for (x=0; x < (ssize_t) tile_image->columns; x++) -- Ascii85Encode(image,(unsigned char) GetPixelIndex(indexes+x)); -+ Ascii85Encode(image,(unsigned char) -+ ((ssize_t) GetPixelIndex(indexes+x))); - } - Ascii85Flush(image); - break; diff --git a/CVE-2020-27772.patch b/CVE-2020-27772.patch deleted file mode 100644 index d3b901495dbfa95cf3066b1f81dd25871b1f8c0b..0000000000000000000000000000000000000000 --- a/CVE-2020-27772.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 7f819ef8855608d9cb1ded5e4f30cdfff1da7c11 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sun, 13 Oct 2019 11:50:29 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1749 - ---- - PerlMagick/t/write.t | 2 +- - coders/bmp.c | 24 ++++++++++++------------ - 2 files changed, 13 insertions(+), 13 deletions(-) - -diff --git a/PerlMagick/t/write.t b/PerlMagick/t/write.t -index 3c530f154..d410fa48e 100644 ---- a/PerlMagick/t/write.t -+++ b/PerlMagick/t/write.t -@@ -107,7 +107,7 @@ print("Portable bitmap format (black and white), binary format ...\n"); - testReadWrite( 'PBM:input_p4.pbm', - 'PBM:output_p4.pbm', - q//, -- '83175f7bcc43fb71212dee254c85e355c18bcd25f35d3b9caba66fff7341fa64'); -+ '217921c0cce7fff17eea865d2ee2075afbc054ce7f4209b3cfeb22f58d8b3e3e'); - - print("ZSoft IBM PC Paintbrush file ...\n"); - ++$test; -diff --git a/coders/bmp.c b/coders/bmp.c -index 13ccefcfc..f7104a212 100644 ---- a/coders/bmp.c -+++ b/coders/bmp.c -@@ -2311,32 +2311,32 @@ static MagickBooleanType WriteBMPImage(const ImageInfo *image_info,Image *image) - (void) WriteBlobLSBLong(image,0x73524742U); /* sRGB */ - } - (void) WriteBlobLSBLong(image,(unsigned int) -- (image->chromaticity.red_primary.x*0x40000000)); -+ ((ssize_t) image->chromaticity.red_primary.x*0x40000000)); - (void) WriteBlobLSBLong(image,(unsigned int) -- (image->chromaticity.red_primary.y*0x40000000)); -+ ((ssize_t) image->chromaticity.red_primary.y*0x40000000)); - (void) WriteBlobLSBLong(image,(unsigned int) -- ((1.000f-(image->chromaticity.red_primary.x+ -+ ((ssize_t) (1.000f-(image->chromaticity.red_primary.x+ - image->chromaticity.red_primary.y))*0x40000000)); - (void) WriteBlobLSBLong(image,(unsigned int) -- (image->chromaticity.green_primary.x*0x40000000)); -+ ((ssize_t) image->chromaticity.green_primary.x*0x40000000)); - (void) WriteBlobLSBLong(image,(unsigned int) -- (image->chromaticity.green_primary.y*0x40000000)); -+ ((ssize_t) image->chromaticity.green_primary.y*0x40000000)); - (void) WriteBlobLSBLong(image,(unsigned int) -- ((1.000f-(image->chromaticity.green_primary.x+ -+ ((ssize_t) (1.000f-(image->chromaticity.green_primary.x+ - image->chromaticity.green_primary.y))*0x40000000)); - (void) WriteBlobLSBLong(image,(unsigned int) -- (image->chromaticity.blue_primary.x*0x40000000)); -+ ((ssize_t) image->chromaticity.blue_primary.x*0x40000000)); - (void) WriteBlobLSBLong(image,(unsigned int) -- (image->chromaticity.blue_primary.y*0x40000000)); -+ ((ssize_t) image->chromaticity.blue_primary.y*0x40000000)); - (void) WriteBlobLSBLong(image,(unsigned int) -- ((1.000f-(image->chromaticity.blue_primary.x+ -+ ((ssize_t) (1.000f-(image->chromaticity.blue_primary.x+ - image->chromaticity.blue_primary.y))*0x40000000)); - (void) WriteBlobLSBLong(image,(unsigned int) -- (bmp_info.gamma_scale.x*0x10000)); -+ ((ssize_t) bmp_info.gamma_scale.x*0x10000)); - (void) WriteBlobLSBLong(image,(unsigned int) -- (bmp_info.gamma_scale.y*0x10000)); -+ ((ssize_t) bmp_info.gamma_scale.y*0x10000)); - (void) WriteBlobLSBLong(image,(unsigned int) -- (bmp_info.gamma_scale.z*0x10000)); -+ ((ssize_t) bmp_info.gamma_scale.z*0x10000)); - if ((image->rendering_intent != UndefinedIntent) || - (profile != (StringInfo *) NULL)) - { diff --git a/CVE-2020-27773.patch b/CVE-2020-27773.patch deleted file mode 100644 index adb2fa803a2f1d293d7bcb282dc5365bc7f2eaa3..0000000000000000000000000000000000000000 --- a/CVE-2020-27773.patch +++ /dev/null @@ -1,40 +0,0 @@ -From b0732a0ed9c6b9988f6b2d5e7008c4c5732088c6 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Mon, 1 Mar 2021 21:05:36 +0800 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1739 - ---- - magick/gem-private.h | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/magick/gem-private.h b/magick/gem-private.h -index fa464f0..0cfaf3b 100644 ---- a/magick/gem-private.h -+++ b/magick/gem-private.h -@@ -132,6 +132,9 @@ static inline void ConvertXYZToLab(const double X,const double Y,const double Z, - static inline void ConvertLuvToXYZ(const double L,const double u,const double v, - double *X,double *Y,double *Z) - { -+ double -+ gamma; -+ - assert(X != (double *) NULL); - assert(Y != (double *) NULL); - assert(Z != (double *) NULL); -@@ -139,9 +142,10 @@ static inline void ConvertLuvToXYZ(const double L,const double u,const double v, - *Y=(double) pow((L+16.0)/116.0,3.0); - else - *Y=L/CIEK; -- *X=((*Y*((39.0*L/(v+13.0*L*(9.0*D65Y/(D65X+15.0*D65Y+3.0*D65Z))))-5.0))+ -- 5.0*(*Y))/((((52.0f*L/(u+13.0*L*(4.0*D65X/(D65X+15.0*D65Y+3.0*D65Z))))-1.0)/ -- 3.0)-(-1.0/3.0)); -+ gamma=PerceptibleReciprocal((((52.0*L/(u+13.0*L*(4.0*D65X/(D65X+15.0*D65Y+ -+ 3.0*D65Z))))-1.0)/3.0)-(-1.0/3.0)); -+ *X=gamma*((*Y*((39.0*L/(v+13.0*L*(9.0*D65Y/(D65X+15.0*D65Y+3.0*D65Z))))-5.0))+ -+ 5.0*(*Y)); - *Z=(*X*(((52.0f*L/(u+13.0*L*(4.0*D65X/(D65X+15.0*D65Y+3.0*D65Z))))-1.0)/3.0))- - 5.0*(*Y); - } --- -2.23.0 - diff --git a/CVE-2020-27775.patch b/CVE-2020-27775.patch deleted file mode 100644 index c06864e9c3f58e91b0a8396397279696883e5a91..0000000000000000000000000000000000000000 --- a/CVE-2020-27775.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 78d9987ae80a95865c9f139afde0dcf3fd832ddc Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Wed, 9 Oct 2019 19:34:55 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1737 - ---- - magick/statistic.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/magick/statistic.c b/magick/statistic.c -index 87a9a42f4..2db7c858f 100644 ---- a/magick/statistic.c -+++ b/magick/statistic.c -@@ -353,8 +353,12 @@ static MagickRealType ApplyEvaluateOperator(RandomInfo *random_info, - } - case PowEvaluateOperator: - { -- result=(MagickRealType) (QuantumRange*pow((double) (QuantumScale*pixel), -- (double) value)); -+ if (pixel < 0) -+ result=(MagickRealType) -(QuantumRange*pow((double) -(QuantumScale* -+ pixel),(double) value)); -+ else -+ result=(MagickRealType) (QuantumRange*pow((double) (QuantumScale*pixel), -+ (double) value)); - break; - } - case RightShiftEvaluateOperator: diff --git a/CVE-2020-29599-1.patch b/CVE-2020-29599-1.patch deleted file mode 100644 index 80c1e0a4c0f359a1c12dc545a734a5dabbe4f9fe..0000000000000000000000000000000000000000 --- a/CVE-2020-29599-1.patch +++ /dev/null @@ -1,71 +0,0 @@ -From a7b2d8328c539da6e79a118a0b8e97462c7daa77 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sun, 10 Nov 2019 14:53:23 -0500 -Subject: [PATCH] Santize ';' from SHOW and WIN delegates - ---- - magick/delegate.c | 26 +++++++++++++++++++++++++- - magick/string.c | 4 ++-- - 2 files changed, 27 insertions(+), 3 deletions(-) - -diff --git a/magick/delegate.c b/magick/delegate.c -index 37cd77b39..4fec87fc6 100644 ---- a/magick/delegate.c -+++ b/magick/delegate.c -@@ -507,6 +507,30 @@ MagickExport int ExternalDelegateCommand(const MagickBooleanType asynchronous, - % - */ - -+static char *SanitizeDelegateString(const char *source) -+{ -+ char -+ *sanitize_source; -+ -+ const char -+ *q; -+ -+ register char -+ *p; -+ -+ static char -+ whitelist[] = -+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 " -+ "$-_.+!*'(),{}|\\^~[]`\"><#%/?:@&="; -+ -+ sanitize_source=AcquireString(source); -+ p=sanitize_source; -+ q=sanitize_source+strlen(sanitize_source); -+ for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist)) -+ *p='_'; -+ return(sanitize_source); -+} -+ - static char *GetMagickPropertyLetter(const ImageInfo *image_info,Image *image, - const char letter) - { -@@ -918,7 +942,7 @@ static char *GetMagickPropertyLetter(const ImageInfo *image_info,Image *image, - break; - } - } -- return(SanitizeString(string)); -+ return(SanitizeDelegateString(string)); - } - - static char *InterpretDelegateProperties(const ImageInfo *image_info, -diff --git a/magick/string.c b/magick/string.c -index 828f12a0c..1e4ae55cb 100644 ---- a/magick/string.c -+++ b/magick/string.c -@@ -1588,10 +1588,10 @@ MagickExport void ResetStringInfo(StringInfo *string_info) - % % - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - % --% SanitizeString() returns an new string removes all characters except -+% SanitizeString() returns a new string removes all characters except - % letters, digits and !#$%&'*+-=?^_`{|}~@.[]. - % --% The returned string shoud be freed using DestoryString(). -+% Free the sanitized string with DestroyString(). - % - % The format of the SanitizeString method is: - % diff --git a/CVE-2020-29599-10.patch b/CVE-2020-29599-10.patch deleted file mode 100644 index 7f266e9ed048359e87d966522d64636a4361b29c..0000000000000000000000000000000000000000 --- a/CVE-2020-29599-10.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 83ec5b5b8ee7cae891fff59340be207b513a030d Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Sat, 21 Nov 2020 13:26:16 +0000 -Subject: [PATCH] restore passphrase support when rendering PDF's - ---- - coders/pdf.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/coders/pdf.c b/coders/pdf.c -index 31efd06e5..ce4f7a5f1 100644 ---- a/coders/pdf.c -+++ b/coders/pdf.c -@@ -611,14 +611,13 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception) - (void) ConcatenateMagickString(options,"-dUseTrimBox ",MaxTextExtent); - if (stop_on_error != MagickFalse) - (void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent); -- option=GetImageOption(image_info,"authenticate"); -- if (option != (char *) NULL) -+ if (image_info->authenticate != (char *) NULL) - { - char - passphrase[MagickPathExtent], - *sanitize_passphrase; - -- sanitize_passphrase=SanitizeDelegateString(option); -+ sanitize_passphrase=SanitizeDelegateString(image_info->authenticate); - (void) FormatLocaleString(passphrase,MagickPathExtent, - "'-sPDFPassword=%s' ",sanitize_passphrase); - sanitize_passphrase=DestroyString(sanitize_passphrase); diff --git a/CVE-2020-29599-2.patch b/CVE-2020-29599-2.patch deleted file mode 100644 index e211da1ca98d9694e0be09ddb0beeff9406864d7..0000000000000000000000000000000000000000 --- a/CVE-2020-29599-2.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 2eead004825d31e8f49022f0bc4ca0d3457b0bb1 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Wed, 20 Nov 2019 07:20:50 -0500 -Subject: [PATCH] Santize "'" from SHOW and WIN delegates - ---- - magick/delegate.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/magick/delegate.c b/magick/delegate.c -index 4fec87fc6..32beeb15e 100644 ---- a/magick/delegate.c -+++ b/magick/delegate.c -@@ -521,7 +521,7 @@ static char *SanitizeDelegateString(const char *source) - static char - whitelist[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 " -- "$-_.+!*'(),{}|\\^~[]`\"><#%/?:@&="; -+ "$-_.+!*;(),{}|\\^~[]`\"><#%/?:@&="; - - sanitize_source=AcquireString(source); - p=sanitize_source; diff --git a/CVE-2020-29599-3.patch b/CVE-2020-29599-3.patch deleted file mode 100644 index 60d1d1d29a004666375c4e613481c7be63bd529b..0000000000000000000000000000000000000000 --- a/CVE-2020-29599-3.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 20f520ed5c8541ae6646bc38d9d3b480785be6c3 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Mon, 25 Nov 2019 13:33:50 -0500 -Subject: [PATCH] Per Enzo Puig, santize "'" from SHOW and WIN delegates under - Linux, '"\' for Windows - ---- - magick/delegate.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/magick/delegate.c b/magick/delegate.c -index 32beeb15e..bc83401fd 100644 ---- a/magick/delegate.c -+++ b/magick/delegate.c -@@ -519,9 +519,15 @@ static char *SanitizeDelegateString(const char *source) - *p; - - static char -+#if defined(MAGICKCORE_WINDOWS_SUPPORT) - whitelist[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 " -- "$-_.+!*;(),{}|\\^~[]`\"><#%/?:@&="; -+ "$-_.+!;*(),{}|^~[]`\'><#%/?:@&="; -+#else -+ whitelist[] = -+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 " -+ "$-_.+!;*(),{}|\\^~[]`\"><#%/?:@&="; -+#endif - - sanitize_source=AcquireString(source); - p=sanitize_source; diff --git a/CVE-2020-29599-4.patch b/CVE-2020-29599-4.patch deleted file mode 100644 index c58a8ce05fdcf48a6f826cff1b6e7d369a1daa28..0000000000000000000000000000000000000000 --- a/CVE-2020-29599-4.patch +++ /dev/null @@ -1,33 +0,0 @@ -From a2b3dd8455da2f17849b55e6b6ddcce587e4a323 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Mon, 16 Nov 2020 17:01:57 +0000 -Subject: [PATCH] shell injection vulnerability via the -authenticate option - ---- - coders/pdf.c | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/coders/pdf.c b/coders/pdf.c -index 5e4edc760..63eda5d81 100644 ---- a/coders/pdf.c -+++ b/coders/pdf.c -@@ -588,11 +588,14 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception) - if (option != (char *) NULL) - { - char -- passphrase[MaxTextExtent]; -- -- (void) FormatLocaleString(passphrase,MaxTextExtent, -- "\"-sPDFPassword=%s\" ",option); -- (void) ConcatenateMagickString(options,passphrase,MaxTextExtent); -+ message[MagickPathExtent], -+ *passphrase; -+ -+ passphrase=SanitizeString(option); -+ (void) FormatLocaleString(message,MagickPathExtent, -+ "\"-sPDFPassword=%s\" ",passphrase); -+ passphrase=DestroyString(passphrase); -+ (void) ConcatenateMagickString(options,message,MagickPathExtent); - } - read_info=CloneImageInfo(image_info); - *read_info->magick='\0'; diff --git a/CVE-2020-29599-5.patch b/CVE-2020-29599-5.patch deleted file mode 100644 index e9f048a7a2b27fba656abfa4ca8ff028dcf0327e..0000000000000000000000000000000000000000 --- a/CVE-2020-29599-5.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 7b0cce080345e5b7ef26d122f18809c93a19a80e Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Mon, 16 Nov 2020 18:17:31 +0000 -Subject: [PATCH] fix shell injection vulnerability via the -authenticate - option - ---- - coders/pdf.c | 15 ++++++--------- - magick/string.c | 8 +++++++- - 2 files changed, 13 insertions(+), 10 deletions(-) - -diff --git a/coders/pdf.c b/coders/pdf.c -index 63eda5d81..074ba3f64 100644 ---- a/coders/pdf.c -+++ b/coders/pdf.c -@@ -585,17 +585,14 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception) - if (stop_on_error != MagickFalse) - (void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent); - option=GetImageOption(image_info,"authenticate"); -- if (option != (char *) NULL) -+ if ((option != (char *) NULL) && (strpbrk(option,"&;<>|") == (char *) NULL)) - { - char -- message[MagickPathExtent], -- *passphrase; -- -- passphrase=SanitizeString(option); -- (void) FormatLocaleString(message,MagickPathExtent, -- "\"-sPDFPassword=%s\" ",passphrase); -- passphrase=DestroyString(passphrase); -- (void) ConcatenateMagickString(options,message,MagickPathExtent); -+ passphrase[MagickPathExtent]; -+ -+ (void) FormatLocaleString(passphrase,MagickPathExtent, -+ "\"-sPDFPassword=%s\" ",option); -+ (void) ConcatenateMagickString(options,passphrase,MagickPathExtent); - } - read_info=CloneImageInfo(image_info); - *read_info->magick='\0'; -diff --git a/magick/string.c b/magick/string.c -index c8ffa086f..7f6eebc3b 100644 ---- a/magick/string.c -+++ b/magick/string.c -@@ -1604,9 +1604,15 @@ MagickExport char *SanitizeString(const char *source) - *p; - - static char -+#if defined(MAGICKCORE_WINDOWS_SUPPORT) - whitelist[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 " -- "$-_.+!*'(),{}|\\^~[]`\"><#%;/?:@&="; -+ "$-_.+!;*(),{}|^~[]`\'><#%/?:@&="; -+#else -+ whitelist[] = -+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 " -+ "$-_.+!;*(),{}|\\^~[]`\"><#%/?:@&="; -+#endif - - sanitize_source=AcquireString(source); - p=sanitize_source; diff --git a/CVE-2020-29599-6.patch b/CVE-2020-29599-6.patch deleted file mode 100644 index 5dbb0d45570a1171ed20b468650a344bec5cb64b..0000000000000000000000000000000000000000 --- a/CVE-2020-29599-6.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 875fdf773d6e822364f876bed14c1785a01b45a7 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Mon, 16 Nov 2020 23:18:42 +0000 -Subject: [PATCH] revert whitelist mod - ---- - magick/string.c | 8 +------- - 1 file changed, 1 insertion(+), 7 deletions(-) - -diff --git a/magick/string.c b/magick/string.c -index 7f6eebc3b..c8ffa086f 100644 ---- a/magick/string.c -+++ b/magick/string.c -@@ -1604,15 +1604,9 @@ MagickExport char *SanitizeString(const char *source) - *p; - - static char --#if defined(MAGICKCORE_WINDOWS_SUPPORT) - whitelist[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 " -- "$-_.+!;*(),{}|^~[]`\'><#%/?:@&="; --#else -- whitelist[] = -- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 " -- "$-_.+!;*(),{}|\\^~[]`\"><#%/?:@&="; --#endif -+ "$-_.+!*'(),{}|\\^~[]`\"><#%;/?:@&="; - - sanitize_source=AcquireString(source); - p=sanitize_source; diff --git a/CVE-2020-29599-7.patch b/CVE-2020-29599-7.patch deleted file mode 100644 index 2ff31e5d8d8a73fd2d7b3cbbf1bd645b26d28bcd..0000000000000000000000000000000000000000 --- a/CVE-2020-29599-7.patch +++ /dev/null @@ -1,23 +0,0 @@ -From ab2e97d2f7520d1d9ff36ef421caf2a899e14ce4 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Thu, 19 Nov 2020 18:36:05 +0000 -Subject: [PATCH] fix shell injection vulnerability via the -authenticate - option - ---- - coders/pdf.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/coders/pdf.c b/coders/pdf.c -index 074ba3f64..ef1567b29 100644 ---- a/coders/pdf.c -+++ b/coders/pdf.c -@@ -585,7 +585,7 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception) - if (stop_on_error != MagickFalse) - (void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent); - option=GetImageOption(image_info,"authenticate"); -- if ((option != (char *) NULL) && (strpbrk(option,"&;<>|") == (char *) NULL)) -+ if ((option != (char *) NULL) && (strpbrk(option,"&;<>|\"") == (char *) NULL)) - { - char - passphrase[MagickPathExtent]; diff --git a/CVE-2020-29599-8.patch b/CVE-2020-29599-8.patch deleted file mode 100644 index 1acdf1381b042754d376c7ffde0a07aa188fa699..0000000000000000000000000000000000000000 --- a/CVE-2020-29599-8.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 869e38717fa91325da87c2a4cedc148a770a07ec Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Thu, 19 Nov 2020 18:39:30 +0000 -Subject: [PATCH] fix shell injection vulnerability via the -authenticate - option - ---- - coders/pdf.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/coders/pdf.c b/coders/pdf.c -index ef1567b29..d5ed56596 100644 ---- a/coders/pdf.c -+++ b/coders/pdf.c -@@ -585,7 +585,8 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception) - if (stop_on_error != MagickFalse) - (void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent); - option=GetImageOption(image_info,"authenticate"); -- if ((option != (char *) NULL) && (strpbrk(option,"&;<>|\"") == (char *) NULL)) -+ if ((option != (char *) NULL) && -+ (strpbrk(option,"&;<>|\"'") == (char *) NULL)) - { - char - passphrase[MagickPathExtent]; diff --git a/CVE-2020-29599-9.patch b/CVE-2020-29599-9.patch deleted file mode 100644 index 31561cddfa789bc2b5e125e783c383f354ca4009..0000000000000000000000000000000000000000 --- a/CVE-2020-29599-9.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 226804980651bb4eb5f3ba3b9d7e992f2eda4710 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Thu, 19 Nov 2020 20:50:44 +0000 -Subject: [PATCH] fix shell injection vulnerability via the -authenticate - option - ---- - coders/pdf.c | 46 ++++++++++++++++++++++++++++++++++------- - config/delegates.xml.in | 4 ++-- - 2 files changed, 42 insertions(+), 9 deletions(-) - -diff --git a/coders/pdf.c b/coders/pdf.c -index d5ed56596..31efd06e5 100644 ---- a/coders/pdf.c -+++ b/coders/pdf.c -@@ -368,6 +368,36 @@ static inline void CleanupPDFInfo(PDFInfo *pdf_info) - pdf_info->profile=DestroyStringInfo(pdf_info->profile); - } - -+static char *SanitizeDelegateString(const char *source) -+{ -+ char -+ *sanitize_source; -+ -+ const char -+ *q; -+ -+ register char -+ *p; -+ -+ static char -+#if defined(MAGICKCORE_WINDOWS_SUPPORT) -+ whitelist[] = -+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 " -+ "$-_.+!;*(),{}|^~[]`\'><#%/?:@&="; -+#else -+ whitelist[] = -+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 " -+ "$-_.+!;*(),{}|\\^~[]`\"><#%/?:@&="; -+#endif -+ -+ sanitize_source=AcquireString(source); -+ p=sanitize_source; -+ q=sanitize_source+strlen(sanitize_source); -+ for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist)) -+ *p='_'; -+ return(sanitize_source); -+} -+ - static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception) - { - char -@@ -585,14 +615,16 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception) - if (stop_on_error != MagickFalse) - (void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent); - option=GetImageOption(image_info,"authenticate"); -- if ((option != (char *) NULL) && -- (strpbrk(option,"&;<>|\"'") == (char *) NULL)) -+ if (option != (char *) NULL) - { - char -- passphrase[MagickPathExtent]; -+ passphrase[MagickPathExtent], -+ *sanitize_passphrase; - -+ sanitize_passphrase=SanitizeDelegateString(option); - (void) FormatLocaleString(passphrase,MagickPathExtent, -- "\"-sPDFPassword=%s\" ",option); -+ "'-sPDFPassword=%s' ",sanitize_passphrase); -+ sanitize_passphrase=DestroyString(sanitize_passphrase); - (void) ConcatenateMagickString(options,passphrase,MagickPathExtent); - } - read_info=CloneImageInfo(image_info); -diff --git a/config/delegates.xml.in b/config/delegates.xml.in -index d93387ac1..4fc3acc3f 100644 ---- a/config/delegates.xml.in -+++ b/config/delegates.xml.in -@@ -89,8 +89,8 @@ - - - -- -- -+ -+ - - - diff --git a/CVE-2021-20176.patch b/CVE-2021-20176.patch deleted file mode 100644 index 201994f706cda63dbbc01f73035b34212a645101..0000000000000000000000000000000000000000 --- a/CVE-2021-20176.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 90255f0834eead08d59f46b0bda7b1580451cc0f Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Wed, 6 Jan 2021 18:12:06 -0500 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/3077 - ---- - magick/gem.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/magick/gem.c b/magick/gem.c -index b18b69ec4..cb694cfef 100644 ---- a/magick/gem.c -+++ b/magick/gem.c -@@ -1580,7 +1580,7 @@ MagickExport double GenerateDifferentialNoise(RandomInfo *random_info, - beta=GetPseudoRandomValue(random_info); - alpha*=beta; - } -- noise=(double) (QuantumRange*i/SigmaPoisson); -+ noise=(double) (QuantumRange*i*PerceptibleReciprocal(SigmaPoisson)); - break; - } - case RandomNoise: diff --git a/CVE-2021-20241-CVE-2021-20243.patch b/CVE-2021-20241-CVE-2021-20243.patch deleted file mode 100644 index 6d04ee0030c12338c861bed313f0eaedb7e76506..0000000000000000000000000000000000000000 --- a/CVE-2021-20241-CVE-2021-20243.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 53cb91b3e7bf95d0e372cbc745e0055ac6054745 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Wed, 3 Feb 2021 15:30:39 -0500 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/pull/3177 - ---- - coders/dcm.c | 12 ++++++------ - coders/jp2.c | 6 ++++-- - magick/resize.c | 2 +- - 3 files changed, 11 insertions(+), 9 deletions(-) - -diff --git a/coders/dcm.c b/coders/dcm.c -index d274ad54c..29eed9618 100644 ---- a/coders/dcm.c -+++ b/coders/dcm.c -@@ -2982,12 +2982,12 @@ static MagickBooleanType ReadDCMPixels(Image *image,DCMInfo *info, - } - else - { -- SetPixelRed(q,(((size_t) pixel.red) | -- (((size_t) GetPixelRed(q)) << 8))); -- SetPixelGreen(q,(((size_t) pixel.green) | -- (((size_t) GetPixelGreen(q)) << 8))); -- SetPixelBlue(q,(((size_t) pixel.blue) | -- (((size_t) GetPixelBlue(q)) << 8))); -+ SetPixelRed(q,(Quantum) (((ssize_t) pixel.red) | -+ (((ssize_t) GetPixelRed(q)) << 8))); -+ SetPixelGreen(q,(Quantum) (((ssize_t) pixel.green) | -+ (((ssize_t) GetPixelGreen(q)) << 8))); -+ SetPixelBlue(q,(Quantum) (((ssize_t) pixel.blue) | -+ (((ssize_t) GetPixelBlue(q)) << 8))); - } - q++; - } -diff --git a/coders/jp2.c b/coders/jp2.c -index 0354f8298..7dd0f1332 100644 ---- a/coders/jp2.c -+++ b/coders/jp2.c -@@ -1047,8 +1047,10 @@ static MagickBooleanType WriteJP2Image(const ImageInfo *image_info,Image *image) - - scale=(double) (((size_t) 1UL << jp2_image->comps[i].prec)-1)/ - QuantumRange; -- q=jp2_image->comps[i].data+(y/jp2_image->comps[i].dy* -- image->columns/jp2_image->comps[i].dx+x/jp2_image->comps[i].dx); -+ q=jp2_image->comps[i].data+(ssize_t) (y*PerceptibleReciprocal( -+ jp2_image->comps[i].dy)*image->columns*PerceptibleReciprocal( -+ jp2_image->comps[i].dx)+x*PerceptibleReciprocal( -+ jp2_image->comps[i].dx)); - switch (i) - { - case 0: -diff --git a/magick/resize.c b/magick/resize.c -index fe662c144..1f3e16928 100644 ---- a/magick/resize.c -+++ b/magick/resize.c -@@ -1612,7 +1612,7 @@ MagickExport MagickRealType GetResizeFilterWeight( - */ - assert(resize_filter != (ResizeFilter *) NULL); - assert(resize_filter->signature == MagickCoreSignature); -- x_blur=fabs((double) x)/resize_filter->blur; /* X offset with blur scaling */ -+ x_blur=fabs((double) x)*PerceptibleReciprocal(resize_filter->blur); /* X offset with blur scaling */ - if ((resize_filter->window_support < MagickEpsilon) || - (resize_filter->window == Box)) - scale=1.0; /* Point or Box Filter -- avoid division by zero */ diff --git a/CVE-2021-20244.patch b/CVE-2021-20244.patch deleted file mode 100644 index e10f7c7560fffb999d95628c0bf818fff6e05441..0000000000000000000000000000000000000000 --- a/CVE-2021-20244.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 329dd528ab79531d884c0ba131e97d43f872ab5d Mon Sep 17 00:00:00 2001 -From: ruc_zhangxiaohui <553441439@qq.com> -Date: Thu, 4 Feb 2021 04:19:08 +0800 -Subject: [PATCH] uses the PerceptibleReciprocal() to prevent the - divide-by-zero from occurring (#3194) - -Co-authored-by: Zhang Xiaohui ---- - magick/fx.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/magick/fx.c b/magick/fx.c -index 07a54eb..5041de6 100644 ---- a/magick/fx.c -+++ b/magick/fx.c -@@ -3403,11 +3403,11 @@ MagickExport Image *ImplodeImage(const Image *image,const double amount, - center.y=0.5*image->rows; - radius=center.x; - if (image->columns > image->rows) -- scale.y=(double) image->columns/(double) image->rows; -+ scale.y=(double) image->columns*PerceptibleReciprocal((double) image->rows); - else - if (image->columns < image->rows) - { -- scale.x=(double) image->rows/(double) image->columns; -+ scale.x=(double) image->rows*PerceptibleReciprocal((double) image->columns); - radius=center.y; - } - /* -@@ -3471,11 +3471,11 @@ MagickExport Image *ImplodeImage(const Image *image,const double amount, - */ - factor=1.0; - if (distance > 0.0) -- factor=pow(sin((double) (MagickPI*sqrt((double) distance)/ -- radius/2)),-amount); -+ factor=pow(sin((double) (MagickPI*sqrt((double) distance)*PerceptibleReciprocal( -+ radius)/2)),-amount); - status=InterpolateMagickPixelPacket(image,image_view, -- UndefinedInterpolatePixel,(double) (factor*delta.x/scale.x+ -- center.x),(double) (factor*delta.y/scale.y+center.y),&pixel, -+ UndefinedInterpolatePixel,(double) (factor*delta.x*PerceptibleReciprocal(scale.x)+ -+ center.x),(double) (factor*delta.y*PerceptibleReciprocal(scale.y)+center.y),&pixel, - exception); - if (status == MagickFalse) - break; --- -2.23.0 - diff --git a/CVE-2021-20246.patch b/CVE-2021-20246.patch deleted file mode 100644 index 0aecf73cfc943e8d17a334333c327a23866762ad..0000000000000000000000000000000000000000 --- a/CVE-2021-20246.patch +++ /dev/null @@ -1,29 +0,0 @@ -From f3190d4a6e6e8556575c84b5d976f77d111caa74 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Wed, 3 Feb 2021 15:50:29 -0500 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/3195 - ---- - magick/resample.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/magick/resample.c b/magick/resample.c -index 7b844e1..7728920 100644 ---- a/magick/resample.c -+++ b/magick/resample.c -@@ -1212,10 +1212,10 @@ MagickExport void ScaleResampleFilter(ResampleFilter *resample_filter, - { register double scale; - #if FILTER_LUT - /* scale so that F = WLUT_WIDTH; -- hardcoded */ -- scale = (double)WLUT_WIDTH/F; -+ scale=(double) WLUT_WIDTH*PerceptibleReciprocal(F); - #else - /* scale so that F = resample_filter->F (support^2) */ -- scale = resample_filter->F/F; -+ scale=resample_filter->F*PerceptibleReciprocal(F); - #endif - resample_filter->A = A*scale; - resample_filter->B = B*scale; --- -2.23.0 - diff --git a/CVE-2021-20309.patch b/CVE-2021-20309.patch deleted file mode 100644 index ee597c6cbf82c9836d2f35c8d0a6c364a8feaf20..0000000000000000000000000000000000000000 --- a/CVE-2021-20309.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 946d0afdcc34f461c68396b4b377832bcdccf095 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Thu, 25 Feb 2021 19:34:36 -0500 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/3296 - ---- - magick/fx.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/magick/fx.c b/magick/fx.c -index 5041de6..6fedf83 100644 ---- a/magick/fx.c -+++ b/magick/fx.c -@@ -5702,7 +5702,7 @@ MagickExport Image *WaveImage(const Image *image,const double amplitude, - } - for (i=0; i < (ssize_t) wave_image->columns; i++) - sine_map[i]=(float) fabs(amplitude)+amplitude*sin((double) -- ((2.0*MagickPI*i)/wave_length)); -+ ((2.0*MagickPI*i)*PerceptibleReciprocal(wave_length))); - /* - Wave image. - */ --- -2.23.0 - diff --git a/CVE-2021-20311-20312-20313.patch b/CVE-2021-20311-20312-20313.patch deleted file mode 100644 index a87888417ba230edff2ff1d3077151de7c49653b..0000000000000000000000000000000000000000 --- a/CVE-2021-20311-20312-20313.patch +++ /dev/null @@ -1,183 +0,0 @@ -From 1e48a746b0b1c34b2bdc2ae8cfa094d69ce50aa3 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Thu, 25 Feb 2021 17:03:18 -0500 -Subject: [PATCH] possible divide by zero + clear buffers - ---- - coders/thumbnail.c | 3 ++- - configure | 2 +- - magick/cipher.c | 12 ++++++------ - magick/colorspace.c | 16 ++++++++-------- - magick/memory.c | 21 ++++++++++++++++----- - magick/signature.c | 2 +- - 6 files changed, 34 insertions(+), 22 deletions(-) - -diff --git a/coders/thumbnail.c b/coders/thumbnail.c -index 21895a9..73917fc 100644 ---- a/coders/thumbnail.c -+++ b/coders/thumbnail.c -@@ -198,7 +198,8 @@ static MagickBooleanType WriteTHUMBNAILImage(const ImageInfo *image_info, - break; - q++; - } -- if ((q+length) > (GetStringInfoDatum(profile)+GetStringInfoLength(profile))) -+ if ((q > (GetStringInfoDatum(profile)+GetStringInfoLength(profile))) || -+ (length > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)-q))) - ThrowWriterException(CoderError,"ImageDoesNotHaveAThumbnail"); - thumbnail_image=BlobToImage(image_info,q,length,&image->exception); - if (thumbnail_image == (Image *) NULL) -diff --git a/configure b/configure -index 6f61a2f..65efc18 100755 ---- a/configure -+++ b/configure -@@ -4573,7 +4573,7 @@ MAGICK_PATCHLEVEL_VERSION=67 - - MAGICK_VERSION=6.9.10-67 - --MAGICK_GIT_REVISION=14843:618d759:20190929 -+MAGICK_GIT_REVISION=16484:c5e7a8bbe:20210225 - - - # Substitute library versioning -diff --git a/magick/cipher.c b/magick/cipher.c -index da97378..6c74c51 100644 ---- a/magick/cipher.c -+++ b/magick/cipher.c -@@ -483,8 +483,8 @@ static void EncipherAESBlock(AESInfo *aes_info,const unsigned char *plaintext, - Reset registers. - */ - alpha=0; -- (void) memset(key,0,sizeof(key)); -- (void) memset(text,0,sizeof(text)); -+ (void) ResetMagickMemory(key,0,sizeof(key)); -+ (void) ResetMagickMemory(text,0,sizeof(text)); - } - - /* -@@ -706,8 +706,8 @@ MagickExport MagickBooleanType PasskeyDecipherImage(Image *image, - */ - quantum_info=DestroyQuantumInfo(quantum_info); - aes_info=DestroyAESInfo(aes_info); -- (void) memset(input_block,0,sizeof(input_block)); -- (void) memset(output_block,0,sizeof(output_block)); -+ (void) ResetMagickMemory(input_block,0,sizeof(input_block)); -+ (void) ResetMagickMemory(output_block,0,sizeof(output_block)); - return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse); - } - -@@ -923,8 +923,8 @@ MagickExport MagickBooleanType PasskeyEncipherImage(Image *image, - */ - quantum_info=DestroyQuantumInfo(quantum_info); - aes_info=DestroyAESInfo(aes_info); -- (void) memset(input_block,0,sizeof(input_block)); -- (void) memset(output_block,0,sizeof(output_block)); -+ (void) ResetMagickMemory(input_block,0,sizeof(input_block)); -+ (void) ResetMagickMemory(output_block,0,sizeof(output_block)); - return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse); - } - -diff --git a/magick/colorspace.c b/magick/colorspace.c -index 4e68c21..0a3e368 100644 ---- a/magick/colorspace.c -+++ b/magick/colorspace.c -@@ -737,15 +737,15 @@ MagickExport MagickBooleanType RGBTransformImage(Image *image, - if (logmap == (Quantum *) NULL) - ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed", - image->filename); -- black=pow(10.0,(reference_black-reference_white)*(gamma/density)*0.002/ -- film_gamma); -+ black=pow(10.0,(reference_black-reference_white)*(gamma/density)*0.002* -+ PerceptibleReciprocal(film_gamma)); - #if defined(MAGICKCORE_OPENMP_SUPPORT) - #pragma omp parallel for schedule(static) - #endif - for (i=0; i <= (ssize_t) MaxMap; i++) - logmap[i]=ScaleMapToQuantum((MagickRealType) (MaxMap*(reference_white+ -- log10(black+(1.0*i/MaxMap)*(1.0-black))/((gamma/density)*0.002/ -- film_gamma))/1024.0)); -+ log10(black+(1.0*i/MaxMap)*(1.0-black))/((gamma/density)*0.002* -+ PerceptibleReciprocal(film_gamma)))/1024.0)); - image_view=AcquireAuthenticCacheView(image,exception); - #if defined(MAGICKCORE_OPENMP_SUPPORT) - #pragma omp parallel for schedule(static) shared(status) \ -@@ -2396,14 +2396,14 @@ MagickExport MagickBooleanType TransformRGBImage(Image *image, - if (logmap == (Quantum *) NULL) - ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed", - image->filename); -- black=pow(10.0,(reference_black-reference_white)*(gamma/density)*0.002/ -- film_gamma); -+ black=pow(10.0,(reference_black-reference_white)*(gamma/density)*0.002* -+ PerceptibleReciprocal(film_gamma)); - for (i=0; i <= (ssize_t) (reference_black*MaxMap/1024.0); i++) - logmap[i]=(Quantum) 0; - for ( ; i < (ssize_t) (reference_white*MaxMap/1024.0); i++) - logmap[i]=ClampToQuantum((MagickRealType) QuantumRange/(1.0-black)* -- (pow(10.0,(1024.0*i/MaxMap-reference_white)*(gamma/density)*0.002/ -- film_gamma)-black)); -+ (pow(10.0,(1024.0*i/MaxMap-reference_white)*(gamma/density)*0.002* -+ PerceptibleReciprocal(film_gamma))-black)); - for ( ; i <= (ssize_t) MaxMap; i++) - logmap[i]=QuantumRange; - if (image->storage_class == PseudoClass) -diff --git a/magick/memory.c b/magick/memory.c -index 487eaa7..791c1a4 100644 ---- a/magick/memory.c -+++ b/magick/memory.c -@@ -1190,25 +1190,36 @@ MagickExport MemoryInfo *RelinquishVirtualMemory(MemoryInfo *memory_info) - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - % - % ResetMagickMemory() fills the first size bytes of the memory area pointed to --% by memory with the constant byte c. -+% by memory with the constant byte c. We use a volatile pointer when -+% updating the byte string. Most compilers will avoid optimizing away access -+% to a volatile pointer, even if the pointer appears to be unused after the -+% call. - % - % The format of the ResetMagickMemory method is: - % --% void *ResetMagickMemory(void *memory,int byte,const size_t size) -+% void *ResetMagickMemory(void *memory,int c,const size_t size) - % - % A description of each parameter follows: - % - % o memory: a pointer to a memory allocation. - % --% o byte: set the memory to this value. -+% o c: set the memory to this value. - % - % o size: size of the memory to reset. - % - */ --MagickExport void *ResetMagickMemory(void *memory,int byte,const size_t size) -+MagickExport void *ResetMagickMemory(void *memory,int c,const size_t size) - { -+ volatile unsigned char -+ *p = memory; -+ -+ size_t -+ n = size; -+ - assert(memory != (void *) NULL); -- return(memset(memory,byte,size)); -+ while (n-- != 0) -+ *p++=(unsigned char) c; -+ return(memory); - } - - /* -diff --git a/magick/signature.c b/magick/signature.c -index d8b100b..7edc295 100644 ---- a/magick/signature.c -+++ b/magick/signature.c -@@ -720,7 +720,7 @@ RestoreMSCWarning - T=0; - T1=0; - T2=0; -- (void) memset(W,0,sizeof(W)); -+ (void) ResetMagickMemory(W,0,sizeof(W)); - } - - /* --- -2.23.0 - diff --git a/ImageMagick.spec b/ImageMagick.spec index 6644b3e12868159a057aa7944feef0f2843a7381..50d26cd8f99fd9b59cfa3fe7897f66d9d697f647 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -1,73 +1,23 @@ Name: ImageMagick Epoch: 1 -Version: 6.9.10.67 -Release: 25 +Version: 7.1.0.28 +Release: 3 Summary: Create, edit, compose, or convert bitmap images License: ImageMagick and MIT Url: http://www.imagemagick.org/ -Source0: https://mirrors.sohu.com/gentoo/distfiles/db/ImageMagick-6.9.10-67.tar.xz - -Patch0001: CVE-2019-7397.patch -Patch0002: CVE-2018-16329.patch -Patch0003: CVE-2020-27759.patch -Patch0004: CVE-2020-27760.patch -Patch0005: CVE-2020-27761.patch -Patch0006: CVE-2020-27762.patch -Patch0007: CVE-2020-27764.patch -Patch0008: CVE-2020-27765.patch -Patch0009: CVE-2020-27766-CVE-2020-27774.patch -Patch0010: CVE-2020-27767.patch -Patch0011: CVE-2020-27770.patch -Patch0012: CVE-2020-29599-1.patch -Patch0013: CVE-2020-29599-2.patch -Patch0014: CVE-2020-29599-3.patch -Patch0015: CVE-2020-29599-4.patch -Patch0016: CVE-2020-29599-5.patch -Patch0017: CVE-2020-29599-6.patch -Patch0018: CVE-2020-29599-7.patch -Patch0019: CVE-2020-29599-8.patch -Patch0020: CVE-2020-29599-9.patch -Patch0021: CVE-2020-29599-10.patch -Patch0022: CVE-2020-27754-pre-1.patch -Patch0023: CVE-2020-27754-pre-2.patch -Patch0024: CVE-2020-27754.patch -Patch0025: CVE-2020-25664.patch -Patch0026: CVE-2021-20176.patch -Patch0027: CVE-2020-27763.patch -Patch0028: CVE-2020-27773.patch -Patch0029: CVE-2020-27757.patch -Patch0030: CVE-2020-27751.patch -Patch0031: CVE-2020-27768.patch -Patch0032: CVE-2020-27750.patch -Patch0033: CVE-2020-25665.patch -Patch0034: CVE-2020-25674.patch -Patch0035: CVE-2021-20241-CVE-2021-20243.patch -Patch0036: CVE-2021-20244.patch -Patch0037: CVE-2021-20246.patch -Patch0038: CVE-2020-25676.patch -Patch0039: CVE-2020-27758.patch -Patch0040: CVE-2020-27771.patch -Patch0041: CVE-2020-27772.patch -Patch0042: CVE-2020-27775.patch -Patch0043: CVE-2020-25666-1.patch -Patch0044: CVE-2020-25666-2.patch -Patch0045: CVE-2020-25675.patch -Patch0046: CVE-2020-27755.patch -Patch0047: CVE-2019-18853.patch -Patch0048: CVE-2020-27752.patch -Patch0049: CVE-2021-20309.patch -Patch0050: CVE-2021-20311-20312-20313.patch -Patch0051: CVE-2020-27769.patch -Patch0052: CVE-2020-27756.patch -Patch0053: CVE-2020-25667.patch -Patch0054: CVE-2020-27753.patch +Source0: https://github.com/ImageMagick/ImageMagick/archive/refs/tags/7.1.0-28.tar.gz + +Patch0001: backport-fix-CVE-2022-2719.patch +Patch0002: backport-fix-CVE-2022-1115.patch BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel BuildRequires: libgs-devel ghostscript-x11 libwmf-devel BuildRequires: libtool-ltdl-devel libX11-devel libXext-devel libXt-devel lcms2-devel -BuildRequires: libxml2-devel librsvg2-devel fftw-devel ilmbase-devel OpenEXR-devel -BuildRequires: openjpeg2-devel >= 2.1.0 libwebp-devel autoconf automake gcc gcc-c++ +BuildRequires: libxml2-devel librsvg2-devel fftw-devel Imath-devel OpenEXR-devel +BuildRequires: openjpeg2-devel >= 2.1.0 libwebp-devel autoconf automake gcc gcc-c++ open-sans-fonts + +Requires: open-sans-fonts Provides: ImageMagick-libs = %{epoch}:%{version}-%{release} Provides: ImageMagick-djva = %{epoch}:%{version}-%{release} @@ -125,7 +75,7 @@ Requires: ImageMagick-devel = %{epoch}:%{version}-%{release} Development files for ImageMagick-c++. %prep -%autosetup -n ImageMagick-6.9.10-67 -p1 +%autosetup -n ImageMagick-7.1.0-28 -p1 install -d Magick++/examples cp -p Magick++/demo/*.cpp Magick++/demo/*.miff Magick++/examples @@ -142,7 +92,7 @@ export CFLAGS="%{optflags} -DIMPNG_SETJMP_IS_THREAD_SAFE" %install %make_install -cp -a www/source %{buildroot}%{_datadir}/doc/ImageMagick-6.9.10 +cp -a www/source %{buildroot}%{_datadir}/doc/ImageMagick-7.1.0 rm %{buildroot}%{_libdir}/*.la %{__perl} -MExtUtils::MakeMaker -e 'MY->fixin(@ARGV)' PerlMagick/demo/*.pl @@ -169,33 +119,29 @@ rm PerlMagick/demo/Generic.ttf %files %doc LICENSE NOTICE AUTHORS.txt %{_bindir}/[a-z]* -%{_libdir}/libMagickCore-6.Q16.so.6* -%{_libdir}/libMagickWand-6.Q16.so.6* -%{_libdir}/ImageMagick-6.9.10 -%{_datadir}/ImageMagick-6 -%dir %{_sysconfdir}/ImageMagick-6 -%config(noreplace) %{_sysconfdir}/ImageMagick-6/*.xml +%{_libdir}/libMagickCore-7.Q16HDRI.so.10* +%{_libdir}/libMagickWand-7.Q16HDRI.so.10* +%{_libdir}/ImageMagick-7.1.0 +%{_datadir}/ImageMagick-7 +%dir %{_sysconfdir}/ImageMagick-7 +%config(noreplace) %{_sysconfdir}/ImageMagick-7/*.xml %files devel %{_bindir}/MagickCore-config -%{_bindir}/Magick-config %{_bindir}/MagickWand-config -%{_bindir}/Wand-config -%{_libdir}/libMagickCore-6.Q16.so -%{_libdir}/libMagickWand-6.Q16.so +%{_libdir}/libMagickCore-7.Q16HDRI.so +%{_libdir}/libMagickWand-7.Q16HDRI.so %{_libdir}/pkgconfig/MagickCore* -%{_libdir}/pkgconfig/ImageMagick.pc -%{_libdir}/pkgconfig/ImageMagick-6.Q16.pc +%{_libdir}/pkgconfig/ImageMagick*.pc %{_libdir}/pkgconfig/MagickWand* -%{_libdir}/pkgconfig/Wand* -%dir %{_includedir}/ImageMagick-6 -%{_includedir}/%{name}-6/magick -%{_includedir}/%{name}-6/wand +%dir %{_includedir}/ImageMagick-7 +%{_includedir}/%{name}-7/MagickWand/* +%{_includedir}/%{name}-7/MagickCore/* %files help -%doc README.txt NEWS.txt ChangeLog Platforms.txt QuickStart.txt -%doc %{_datadir}/doc/ImageMagick-6 -%doc %{_datadir}/doc/ImageMagick-6.9.10 +%doc README.txt NEWS.txt ChangeLog.md QuickStart.txt +%doc %{_datadir}/doc/ImageMagick-7 +%doc %{_datadir}/doc/ImageMagick-7.1.0 %{_mandir}/man[145]/[a-z]* %{_mandir}/man1/* %{_mandir}/man3/* @@ -206,17 +152,38 @@ rm PerlMagick/demo/Generic.ttf %files c++ %doc Magick++/AUTHORS Magick++/ChangeLog Magick++/NEWS Magick++/README %doc www/Magick++/COPYING -%{_libdir}/libMagick++-6.Q16.so.8* +%{_libdir}/libMagick++-7.Q16HDRI.so.5* %files c++-devel %doc Magick++/examples %{_bindir}/Magick++-config -%{_includedir}/ImageMagick-6/Magick++* -%{_libdir}/libMagick++-6.Q16.so +%{_includedir}/ImageMagick-7/Magick++* +%{_libdir}/libMagick++-7.Q16HDRI.so %{_libdir}/pkgconfig/Magick++* -%{_libdir}/pkgconfig/ImageMagick++* +%{_libdir}/pkgconfig/ImageMagick* %changelog +* Fri Aug 19 2022 cenhuilin - 1:7.1.0.28-3 +- fix CVE-2022-1115 + +* Wed Aug 10 2022 cenhuilin - 1:7.1.0.28-2 +- fix CVE-2022-2719 + +* Fri May 13 2022 houyingchao - 7.1.0.28-1 +- Upgrade to 7.1.0.28 for fix CVE-2022-1114 + +* Thu Mar 10 2022 wangkai - 7.1.0.27-1 +- Update to 7.1.0.27 for fix CVE-2021-39212 CVE-2021-3596 + +* Wed Feb 23 2022 xu_ping - 7.1.0.0-3 +- OpenEXR upgrade abandoned ilmbase-devel,reference Imath-devel instead + +* Sat Feb 19 2022 xu_ping - 7.1.0.0-2 +- Add requires open-sans-fonts to fix unable to read font `helvetica` + +* Fri Dec 31 2021 wulei - 7.1.0.0-1 +- Package update + * Thu Jun 03 2021 wangyue - 6.9.10.67-25 - Fix CVE-2020-27756 CVE-2020-25667 CVE-2020-27753 diff --git a/backport-fix-CVE-2022-1115.patch b/backport-fix-CVE-2022-1115.patch new file mode 100644 index 0000000000000000000000000000000000000000..1c06d9d922f1aaf73b3ddf0403685e00fdcbb80b --- /dev/null +++ b/backport-fix-CVE-2022-1115.patch @@ -0,0 +1,25 @@ +From 7c8ab995a65a32b8283297226e108ce828a5679a Mon Sep 17 00:00:00 2001 +From: cenhuilin +Date: Fri, 19 Aug 2022 21:02:49 +0800 +Subject: [PATCH] heap-buffer-overflow in magick at quantum-private.h PushShortPixel + +--- + coders/tiff.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/coders/tiff.c b/coders/tiff.c +index 31839f6..32ae00a 100644 +--- a/coders/tiff.c ++++ b/coders/tiff.c +@@ -1987,7 +1987,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info, + number_pixels=(MagickSizeType) columns*rows; + if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse) + ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed"); +- extent=MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff)); ++ extent=4*MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff)); + #if defined(TIFF_VERSION_BIG) + extent+=image->columns*sizeof(uint64); + #else +-- +2.33.0 + diff --git a/backport-fix-CVE-2022-2719.patch b/backport-fix-CVE-2022-2719.patch new file mode 100644 index 0000000000000000000000000000000000000000..f3bf2e6b2f061c0e99530bb67ad33bb76c1f1eed --- /dev/null +++ b/backport-fix-CVE-2022-2719.patch @@ -0,0 +1,127 @@ +From 7a358f02b613cdb22ca2461ad50275b9e77cb9bd Mon Sep 17 00:00:00 2001 +From: cenhuilin +Date: Wed, 10 Aug 2022 03:55:57 +0000 +Subject: [PATCH] do not attempt to write a null image list + +--- + MagickWand/operation.c | 3 ++- + coders/tim2.c | 22 ++++++++++------------ + 2 files changed, 12 insertions(+), 13 deletions(-) + +diff --git a/MagickWand/operation.c b/MagickWand/operation.c +index 383dc7c..9559603 100644 +--- a/MagickWand/operation.c ++++ b/MagickWand/operation.c +@@ -4923,7 +4923,8 @@ WandPrivate void CLINoImageOperator(MagickCLI *cli_wand, + (void) DeleteImageRegistry(key); + write_images=CloneImageList(_images,_exception); + write_info=CloneImageInfo(_image_info); +- (void) WriteImages(write_info,write_images,arg1,_exception); ++ if (write_images != (Image *) NULL) ++ (void) WriteImages(write_info,write_images,arg1,_exception); + write_info=DestroyImageInfo(write_info); + write_images=DestroyImageList(write_images); + break; +diff --git a/coders/tim2.c b/coders/tim2.c +index e55170d..c333b86 100644 +--- a/coders/tim2.c ++++ b/coders/tim2.c +@@ -61,7 +61,6 @@ + #include "MagickCore/string_.h" + #include "MagickCore/module.h" + +- + /* + Typedef declarations + */ +@@ -124,7 +123,6 @@ typedef enum + RGBA16=2, + } TIM2ColorEncoding; + +- + /* + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + % % +@@ -142,7 +140,8 @@ typedef enum + % + % The format of the ReadTIM2Image method is: + % +-% Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception) ++% Image *ReadTIM2Image(const ImageInfo *image_info, ++% ExceptionInfo *exception) + % + % A description of each parameter follows: + % +@@ -600,13 +599,13 @@ static MagickBooleanType ReadTIM2ImageData(const ImageInfo *image_info, + image_info->filename); + break; + } +- if (csm==CSM1) ++ if (csm == CSM1) + { + PixelInfo + *oldColormap; + +- oldColormap=(PixelInfo *) AcquireQuantumMemory((size_t)(image->colors)+1, +- sizeof(*image->colormap)); ++ oldColormap=(PixelInfo *) AcquireQuantumMemory((size_t)(image->colors)+ ++ 1,sizeof(*image->colormap)); + if (oldColormap == (PixelInfo *) NULL) + ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed", + image_info->filename); +@@ -617,7 +616,8 @@ static MagickBooleanType ReadTIM2ImageData(const ImageInfo *image_info, + return(status); + } + +-static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception) ++static Image *ReadTIM2Image(const ImageInfo *image_info, ++ ExceptionInfo *exception) + { + Image + *image; +@@ -626,6 +626,7 @@ static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception + status; + + ssize_t ++ i, + str_read; + + TIM2FileHeader +@@ -685,7 +686,7 @@ static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception + */ + if (file_header.image_count != 1) + ThrowReaderException(CoderError,"NumberOfImagesIsNotSupported"); +- for (int i=0; i < file_header.image_count; ++i) ++ for (i=0; i < (ssize_t) file_header.image_count; i++) + { + char + clut_depth, +@@ -780,8 +781,7 @@ static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception + break; + } + image=SyncNextImageInList(image); +- status=SetImageProgress(image,LoadImagesTag,image->scene-1, +- image->scene); ++ status=SetImageProgress(image,LoadImagesTag,image->scene-1,image->scene); + if (status == MagickFalse) + break; + } +@@ -791,7 +791,6 @@ static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception + return(GetFirstImageInList(image)); + } + +- + /* + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + % % +@@ -826,7 +825,6 @@ ModuleExport size_t RegisterTIM2Image(void) + return(MagickImageCoderSignature); + } + +- + /* + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + % % +-- +2.33.0 +