diff --git a/CVE-2021-20244.patch b/CVE-2021-20244.patch new file mode 100644 index 0000000000000000000000000000000000000000..e10f7c7560fffb999d95628c0bf818fff6e05441 --- /dev/null +++ b/CVE-2021-20244.patch @@ -0,0 +1,48 @@ +From 329dd528ab79531d884c0ba131e97d43f872ab5d Mon Sep 17 00:00:00 2001 +From: ruc_zhangxiaohui <553441439@qq.com> +Date: Thu, 4 Feb 2021 04:19:08 +0800 +Subject: [PATCH] uses the PerceptibleReciprocal() to prevent the + divide-by-zero from occurring (#3194) + +Co-authored-by: Zhang Xiaohui +--- + magick/fx.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/magick/fx.c b/magick/fx.c +index 07a54eb..5041de6 100644 +--- a/magick/fx.c ++++ b/magick/fx.c +@@ -3403,11 +3403,11 @@ MagickExport Image *ImplodeImage(const Image *image,const double amount, + center.y=0.5*image->rows; + radius=center.x; + if (image->columns > image->rows) +- scale.y=(double) image->columns/(double) image->rows; ++ scale.y=(double) image->columns*PerceptibleReciprocal((double) image->rows); + else + if (image->columns < image->rows) + { +- scale.x=(double) image->rows/(double) image->columns; ++ scale.x=(double) image->rows*PerceptibleReciprocal((double) image->columns); + radius=center.y; + } + /* +@@ -3471,11 +3471,11 @@ MagickExport Image *ImplodeImage(const Image *image,const double amount, + */ + factor=1.0; + if (distance > 0.0) +- factor=pow(sin((double) (MagickPI*sqrt((double) distance)/ +- radius/2)),-amount); ++ factor=pow(sin((double) (MagickPI*sqrt((double) distance)*PerceptibleReciprocal( ++ radius)/2)),-amount); + status=InterpolateMagickPixelPacket(image,image_view, +- UndefinedInterpolatePixel,(double) (factor*delta.x/scale.x+ +- center.x),(double) (factor*delta.y/scale.y+center.y),&pixel, ++ UndefinedInterpolatePixel,(double) (factor*delta.x*PerceptibleReciprocal(scale.x)+ ++ center.x),(double) (factor*delta.y*PerceptibleReciprocal(scale.y)+center.y),&pixel, + exception); + if (status == MagickFalse) + break; +-- +2.23.0 + diff --git a/ImageMagick.spec b/ImageMagick.spec index fc812b4b68d9411114fcc1865af8eb78826432f2..366df08a0d9c6cb01c366bc11667baf424eac4f4 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -1,7 +1,7 @@ Name: ImageMagick Epoch: 1 Version: 6.9.10.67 -Release: 15 +Release: 17 Summary: Create, edit, compose, or convert bitmap images License: ImageMagick and MIT Url: http://www.imagemagick.org/ @@ -42,6 +42,7 @@ Patch0032: CVE-2020-27750.patch Patch0033: CVE-2020-25665.patch Patch0034: CVE-2020-25674.patch Patch0035: CVE-2021-20241-CVE-2021-20243.patch +Patch0036: CVE-2021-20244.patch BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel @@ -198,7 +199,10 @@ rm PerlMagick/demo/Generic.ttf %{_libdir}/pkgconfig/ImageMagick++* %changelog -* Tue Mar 16 2021 wangxiao - 6.9.10.67-15 +* Sat Mar 20 2021 wangxiao - 6.9.10.67-17 +- Fix CVE-2021-20244 + +* Tue Mar 16 2021 wangxiao - 6.9.10.67-16 - Fix CVE-2021-20241 CVE-2021-20243 * Mon Mar 8 2021 zhanghua - 6.9.10.67-14