From 7661fcef7b6662553a8e3354f430e75e1fe82125 Mon Sep 17 00:00:00 2001 From: zhanghua1831 Date: Wed, 24 Mar 2021 11:10:20 +0800 Subject: [PATCH] Fix CVE-2021-20246 (cherry picked from commit 8d1a712835e45f3b292ac2c68a884c1bc903847b) --- CVE-2021-20246.patch | 29 +++++++++++++++++++++++++++++ ImageMagick.spec | 6 +++++- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 CVE-2021-20246.patch diff --git a/CVE-2021-20246.patch b/CVE-2021-20246.patch new file mode 100644 index 0000000..0aecf73 --- /dev/null +++ b/CVE-2021-20246.patch @@ -0,0 +1,29 @@ +From f3190d4a6e6e8556575c84b5d976f77d111caa74 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Wed, 3 Feb 2021 15:50:29 -0500 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/3195 + +--- + magick/resample.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/magick/resample.c b/magick/resample.c +index 7b844e1..7728920 100644 +--- a/magick/resample.c ++++ b/magick/resample.c +@@ -1212,10 +1212,10 @@ MagickExport void ScaleResampleFilter(ResampleFilter *resample_filter, + { register double scale; + #if FILTER_LUT + /* scale so that F = WLUT_WIDTH; -- hardcoded */ +- scale = (double)WLUT_WIDTH/F; ++ scale=(double) WLUT_WIDTH*PerceptibleReciprocal(F); + #else + /* scale so that F = resample_filter->F (support^2) */ +- scale = resample_filter->F/F; ++ scale=resample_filter->F*PerceptibleReciprocal(F); + #endif + resample_filter->A = A*scale; + resample_filter->B = B*scale; +-- +2.23.0 + diff --git a/ImageMagick.spec b/ImageMagick.spec index 2a7ee1e..efc3467 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -1,7 +1,7 @@ Name: ImageMagick Epoch: 1 Version: 6.9.10.67 -Release: 17 +Release: 18 Summary: Create, edit, compose, or convert bitmap images License: ImageMagick and MIT Url: http://www.imagemagick.org/ @@ -43,6 +43,7 @@ Patch0033: CVE-2020-25665.patch Patch0034: CVE-2020-25674.patch Patch0035: CVE-2021-20241-CVE-2021-20243.patch Patch0036: CVE-2021-20244.patch +Patch0037: CVE-2021-20246.patch BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel @@ -199,6 +200,9 @@ rm PerlMagick/demo/Generic.ttf %{_libdir}/pkgconfig/ImageMagick++* %changelog +* Tue Mar 23 2021 zhanghua - 6.9.10.67-18 +- Fix CVE-2021-20246 + * Sat Mar 20 2021 wangxiao - 6.9.10.67-17 - Fix CVE-2021-20244 -- Gitee