Fix CVE-2020-27769

2021-05-25 14:55:05 +08:00 · 2021-05-25 14:55:05 +08:00 · d62d86759b
commit d62d86759b
parent ed4584b893
2 changed files with 41 additions and 1 deletions
--- a/CVE-2020-27769.patch
+++ b/CVE-2020-27769.patch
@ -0,0 +1,36 @@
+From d6f3c03cf55c98da87e547882379a85ce2b3dc81 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Fri, 11 Oct 2019 20:21:42 -0400
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1740
+
+---
+ magick/quantize.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/magick/quantize.c b/magick/quantize.c
+index 0f963b4..b6c1645 100644
+--- a/magick/quantize.c
+++ b/magick/quantize.c
+@@ -2293,8 +2293,8 @@ MagickExport MagickBooleanType PosterizeImageChannel(Image *image,
+   const ChannelType channel,const size_t levels,const MagickBooleanType dither)
+ {
+ #define PosterizeImageTag  "Posterize/Image"
+-#define PosterizePixel(pixel) (Quantum) (QuantumRange*(MagickRound( \
+-  QuantumScale*pixel*(levels-1)))/MagickMax((ssize_t) levels-1,1))
+#define PosterizePixel(pixel) ClampToQuantum((MagickRealType) QuantumRange*( \
+  MagickRound(QuantumScale*pixel*(levels-1)))/MagickMax((ssize_t) levels-1,1))
+ 
+   CacheView
+     *image_view;
+@@ -3342,7 +3342,7 @@ static MagickBooleanType SetGrayscaleImage(Image *image)
+     }
+   (void) memset(colormap_index,0,extent*sizeof(*colormap_index));
+   for (i=0; i < (ssize_t) image->colors; i++)
+-    image->colormap[i].opacity=(unsigned short) i;
+    image->colormap[i].opacity=(Quantum) i;
+   qsort((void *) image->colormap,image->colors,sizeof(PixelPacket),
+     IntensityCompare);
+   colormap=(PixelPacket *) AcquireQuantumMemory(image->colors,
+-- 
+2.23.0
+
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@ -1,7 +1,7 @@
 Name:           ImageMagick
 Epoch:          1
 Version:        6.9.10.67
-Release:        23
+Release:        24
 Summary:        Create, edit, compose, or convert bitmap images
 License:        ImageMagick and MIT
 Url:            http://www.imagemagick.org/
@ -57,6 +57,7 @@ Patch0047:      CVE-2019-18853.patch
 Patch0048:      CVE-2020-27752.patch
 Patch0049:      CVE-2021-20309.patch
 Patch0050:      CVE-2021-20311-20312-20313.patch
+Patch0051:      CVE-2020-27769.patch

 BuildRequires:  bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
 BuildRequires:  libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@ -213,6 +214,9 @@ rm PerlMagick/demo/Generic.ttf
 %{_libdir}/pkgconfig/ImageMagick++*

 %changelog
+* Tue May 25 2021 wangyue <wangyue92@huawei.com> - 6.9.10.67-24
+- Fix CVE-2020-27769
+
 * Thu May 20 2021 wangyue <wangyue92@huawei.com> - 6.9.10.67-23
 - Fix CVE-2021-20309 CVE-2021-20311 CVE-2021-20312 CVE-2021-20313