packages/ImageMagick
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!40 Fix CVE-2020-27773 CVE-2020-27763

Browse Source 
From: @wang_yue111
Reviewed-by: @wangxiao65,@small_leek
Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot 2021-03-02 14:40:59 +08:00 committed by Gitee
commit b399c305e1
3 changed files with 75 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CVE-2020-27763.patch Normal file
View File

@ -0,0 +1,29 @@
From 667c284a440d10ae3453ddc5915caa5333da892d Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 1 Mar 2021 20:51:17 +0800
Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1718
---
magick/resize.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/magick/resize.c b/magick/resize.c
index 4564125..b8d9055 100644
--- a/magick/resize.c
+++ b/magick/resize.c
@@ -1084,10 +1084,10 @@ MagickExport ResizeFilter *AcquireResizeFilter(const Image *image,
Adjust window function scaling to match windowing support for
weighting function. This avoids a division on every filter call.
*/
- resize_filter->scale/=resize_filter->window_support;
+ resize_filter->scale*=PerceptibleReciprocal(resize_filter->window_support);
/*
- * Set Cubic Spline B,C values, calculate Cubic coefficients.
+ Set Cubic Spline B,C values, calculate Cubic coefficients.
*/
B=0.0;
C=0.0;
--
2.23.0

40
CVE-2020-27773.patch Normal file
View File

@ -0,0 +1,40 @@
From b0732a0ed9c6b9988f6b2d5e7008c4c5732088c6 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 1 Mar 2021 21:05:36 +0800
Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1739
---
magick/gem-private.h | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/magick/gem-private.h b/magick/gem-private.h
index fa464f0..0cfaf3b 100644
--- a/magick/gem-private.h
+++ b/magick/gem-private.h
@@ -132,6 +132,9 @@ static inline void ConvertXYZToLab(const double X,const double Y,const double Z,
static inline void ConvertLuvToXYZ(const double L,const double u,const double v,
double *X,double *Y,double *Z)
{
+ double
+ gamma;
+
assert(X != (double *) NULL);
assert(Y != (double *) NULL);
assert(Z != (double *) NULL);
@@ -139,9 +142,10 @@ static inline void ConvertLuvToXYZ(const double L,const double u,const double v,
*Y=(double) pow((L+16.0)/116.0,3.0);
else
*Y=L/CIEK;
- *X=((*Y*((39.0*L/(v+13.0*L*(9.0*D65Y/(D65X+15.0*D65Y+3.0*D65Z))))-5.0))+
- 5.0*(*Y))/((((52.0f*L/(u+13.0*L*(4.0*D65X/(D65X+15.0*D65Y+3.0*D65Z))))-1.0)/
- 3.0)-(-1.0/3.0));
+ gamma=PerceptibleReciprocal((((52.0*L/(u+13.0*L*(4.0*D65X/(D65X+15.0*D65Y+
+ 3.0*D65Z))))-1.0)/3.0)-(-1.0/3.0));
+ *X=gamma*((*Y*((39.0*L/(v+13.0*L*(9.0*D65Y/(D65X+15.0*D65Y+3.0*D65Z))))-5.0))+
+ 5.0*(*Y));
*Z=(*X*(((52.0f*L/(u+13.0*L*(4.0*D65X/(D65X+15.0*D65Y+3.0*D65Z))))-1.0)/3.0))-
5.0*(*Y);
}
--
2.23.0

7
ImageMagick.spec
View File

@ -1,7 +1,7 @@
Name: ImageMagick
Epoch: 1
Version: 6.9.10.67
Release: 12
Release: 13
Summary: Create, edit, compose, or convert bitmap images
License: ImageMagick and MIT
Url: http://www.imagemagick.org/
@ -33,6 +33,8 @@ Patch0023: CVE-2020-27754-pre-2.patch
Patch0024: CVE-2020-27754.patch
Patch0025: CVE-2020-25664.patch
Patch0026: CVE-2021-20176.patch
Patch0027: CVE-2020-27763.patch
Patch0028: CVE-2020-27773.patch
BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@ -189,6 +191,9 @@ rm PerlMagick/demo/Generic.ttf
%{_libdir}/pkgconfig/ImageMagick++*
%changelog
* Mon Mar 01 2021 wangyue <wangyue92@huawei.com> - 6.9.10.67-13
- Fix CVE-2020-27773 CVE-2020-27763
* Thu Feb 25 2021 wangxiao <wangxiao65@huawei.com> - 6.9.10.67-12
- Fix CVE-2021-20176