diff --git a/CVE-2020-27763.patch b/CVE-2020-27763.patch new file mode 100644 index 0000000000000000000000000000000000000000..fbf8d592fe7671ae169c822f81d371c1638655a3 --- /dev/null +++ b/CVE-2020-27763.patch @@ -0,0 +1,29 @@ +From 667c284a440d10ae3453ddc5915caa5333da892d Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Mon, 1 Mar 2021 20:51:17 +0800 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1718 + +--- + magick/resize.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/magick/resize.c b/magick/resize.c +index 4564125..b8d9055 100644 +--- a/magick/resize.c ++++ b/magick/resize.c +@@ -1084,10 +1084,10 @@ MagickExport ResizeFilter *AcquireResizeFilter(const Image *image, + Adjust window function scaling to match windowing support for + weighting function. This avoids a division on every filter call. + */ +- resize_filter->scale/=resize_filter->window_support; ++ resize_filter->scale*=PerceptibleReciprocal(resize_filter->window_support); + + /* +- * Set Cubic Spline B,C values, calculate Cubic coefficients. ++ Set Cubic Spline B,C values, calculate Cubic coefficients. + */ + B=0.0; + C=0.0; +-- +2.23.0 + diff --git a/CVE-2020-27773.patch b/CVE-2020-27773.patch new file mode 100644 index 0000000000000000000000000000000000000000..adb2fa803a2f1d293d7bcb282dc5365bc7f2eaa3 --- /dev/null +++ b/CVE-2020-27773.patch @@ -0,0 +1,40 @@ +From b0732a0ed9c6b9988f6b2d5e7008c4c5732088c6 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Mon, 1 Mar 2021 21:05:36 +0800 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1739 + +--- + magick/gem-private.h | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/magick/gem-private.h b/magick/gem-private.h +index fa464f0..0cfaf3b 100644 +--- a/magick/gem-private.h ++++ b/magick/gem-private.h +@@ -132,6 +132,9 @@ static inline void ConvertXYZToLab(const double X,const double Y,const double Z, + static inline void ConvertLuvToXYZ(const double L,const double u,const double v, + double *X,double *Y,double *Z) + { ++ double ++ gamma; ++ + assert(X != (double *) NULL); + assert(Y != (double *) NULL); + assert(Z != (double *) NULL); +@@ -139,9 +142,10 @@ static inline void ConvertLuvToXYZ(const double L,const double u,const double v, + *Y=(double) pow((L+16.0)/116.0,3.0); + else + *Y=L/CIEK; +- *X=((*Y*((39.0*L/(v+13.0*L*(9.0*D65Y/(D65X+15.0*D65Y+3.0*D65Z))))-5.0))+ +- 5.0*(*Y))/((((52.0f*L/(u+13.0*L*(4.0*D65X/(D65X+15.0*D65Y+3.0*D65Z))))-1.0)/ +- 3.0)-(-1.0/3.0)); ++ gamma=PerceptibleReciprocal((((52.0*L/(u+13.0*L*(4.0*D65X/(D65X+15.0*D65Y+ ++ 3.0*D65Z))))-1.0)/3.0)-(-1.0/3.0)); ++ *X=gamma*((*Y*((39.0*L/(v+13.0*L*(9.0*D65Y/(D65X+15.0*D65Y+3.0*D65Z))))-5.0))+ ++ 5.0*(*Y)); + *Z=(*X*(((52.0f*L/(u+13.0*L*(4.0*D65X/(D65X+15.0*D65Y+3.0*D65Z))))-1.0)/3.0))- + 5.0*(*Y); + } +-- +2.23.0 + diff --git a/ImageMagick.spec b/ImageMagick.spec index 464ed909b1e7580ff94e5fe10cc0e6450dbb057d..edae09ec6e194c5614d27af45cb4c5304fedd8a9 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -1,7 +1,7 @@ Name: ImageMagick Epoch: 1 Version: 6.9.10.67 -Release: 12 +Release: 13 Summary: Create, edit, compose, or convert bitmap images License: ImageMagick and MIT Url: http://www.imagemagick.org/ @@ -33,6 +33,8 @@ Patch0023: CVE-2020-27754-pre-2.patch Patch0024: CVE-2020-27754.patch Patch0025: CVE-2020-25664.patch Patch0026: CVE-2021-20176.patch +Patch0027: CVE-2020-27763.patch +Patch0028: CVE-2020-27773.patch BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel @@ -190,6 +192,9 @@ rm PerlMagick/demo/Generic.ttf %{_libdir}/pkgconfig/ImageMagick++* %changelog +* Mon Mar 01 2021 wangyue - 6.9.10.67-13 +- Fix CVE-2020-27773 CVE-2020-27763 + * Thu Feb 25 2021 wangxiao - 6.9.10.67-12 - Fix CVE-2021-20176