fix CVE-2021-20176

CVE-2021-20176.patch

@@ -0,0 +1,22 @@
+From 90255f0834eead08d59f46b0bda7b1580451cc0f Mon Sep 17 00:00:00 2001
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Wed, 6 Jan 2021 18:12:06 -0500
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/3077
+
+---
+ magick/gem.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/magick/gem.c b/magick/gem.c
+index b18b69ec4..cb694cfef 100644
+--- a/magick/gem.c
++++ b/magick/gem.c
+@@ -1580,7 +1580,7 @@ MagickExport double GenerateDifferentialNoise(RandomInfo *random_info,
+         beta=GetPseudoRandomValue(random_info);
+         alpha*=beta;
+       }
+-      noise=(double) (QuantumRange*i/SigmaPoisson);
++      noise=(double) (QuantumRange*i*PerceptibleReciprocal(SigmaPoisson));
+       break;
+     }
+     case RandomNoise:

ImageMagick.spec

@@ -1,7 +1,7 @@
 Name:           ImageMagick
 Epoch:          1
 Version:        6.9.10.67
-Release:        11
+Release:        12
 Summary:        Create, edit, compose, or convert bitmap images
 License:        ImageMagick and MIT
 Url:            http://www.imagemagick.org/
@@ -32,6 +32,7 @@ Patch0022:      CVE-2020-27754-pre-1.patch
 Patch0023:      CVE-2020-27754-pre-2.patch
 Patch0024:      CVE-2020-27754.patch
 Patch0025:      CVE-2020-25664.patch
+Patch0026:      CVE-2021-20176.patch
 
 BuildRequires:  bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
 BuildRequires:  libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@@ -188,6 +189,9 @@ rm PerlMagick/demo/Generic.ttf
 %{_libdir}/pkgconfig/ImageMagick++*
 
 %changelog
+* Thu Feb 25 2021 wangxiao <wangxiao65@huawei.com> - 6.9.10.67-12
+- Fix CVE-2021-20176
+
 * Wed Feb 10 2021 zhanghua <zhanghua40@huawei.com> - 6.9.10.67-11
 - fix CVE-2020-25664 CVE-2020-27754