!19 fix CVE-2019-19911 and change patch name for CVE-2020-5311

From: @tong_1001 Reviewed-by: @small_leek Signed-off-by: @small_leek
2020-11-26 09:30:32 +08:00 · 2020-11-26 09:30:32 +08:00 · 34388e210b
commit 34388e210b
parent 6d32e8de24 8d3b948172
3 changed files with 40 additions and 3 deletions
--- a/CVE-2019-19911.patch
+++ b/CVE-2019-19911.patch
@ -0,0 +1,30 @@
+From 774e53bb132461d8d5ebefec1162e29ec0ebc63d Mon Sep 17 00:00:00 2001
+From: Andrew Murray <radarhere@users.noreply.github.com>
+Date: Wed, 1 Jan 2020 16:07:03 +1100
+Subject: [PATCH] Raise an error for an invalid number of bands in FPX image
+
+https://github.com/python-pillow/Pillow/commit/774e53bb132461d8d5ebefec1162e29ec0ebc63d
+
+---
+ src/PIL/FpxImagePlugin.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/PIL/FpxImagePlugin.py b/src/PIL/FpxImagePlugin.py
+index 9f284fd..5f409c8 100644
+--- a/src/PIL/FpxImagePlugin.py
+++ b/src/PIL/FpxImagePlugin.py
+@@ -101,7 +101,10 @@ class FpxImageFile(ImageFile.ImageFile):
+         s = prop[0x2000002 | id]
+ 
+         colors = []
+-        for i in range(i32(s, 4)):
+        bands = i32(s, 4)
+        if bands > 4:
+            raise IOError("Invalid number of bands")
+        for i in range(bands):
+             # note: for now, we ignore the "uncalibrated" flag
+             colors.append(i32(s, 8+i*4) & 0x7fffffff)
+ 
+-- 
+2.27.0
+
--- a/pre-CVE-2020-11538-2.patch
+++ b/pre-CVE-2020-11538-2.patch
--- a/python-pillow.spec
+++ b/python-pillow.spec
@ -5,7 +5,7 @@

 Name:               python-pillow
 Version:            5.3.0
-Release:            6
+Release:            7
 Summary:            Python image processing library
 License:            MIT
 URL:                http://python-pillow.github.io/
@ -20,8 +20,9 @@ Patch0005:          CVE-2020-10177.patch
 Patch0006:          CVE-2020-10994.patch
 Patch0007:          replace_copy_operations_with_memcpy.patch
 Patch0008:          pre-CVE-2020-11538-1.patch
-Patch0009:          pre-CVE-2020-11538-2.patch
-Patch0010:          CVE-2020-11538.patch
+Patch0011:          CVE-2020-5311.patch
+Patch0012:          CVE-2020-11538.patch
+Patch0013:          CVE-2019-19911.patch

 BuildRequires:      freetype-devel ghostscript lcms2-devel libimagequant-devel libjpeg-devel
 BuildRequires:      libtiff-devel libwebp-devel openjpeg2-devel tk-devel zlib-devel
@ -175,6 +176,12 @@ popd
 %doc docs/_build_py3/html

 %changelog
+* Wed Nov 25 2020 shixuantong<shixuantong@huawei.com> - 5.3.0-7
+- Type:cves
+- ID:CVE-2019-19911 CVE-2020-5311
+- SUG:NA
+- DESC:fix CVE-2019-19911 and change patch name for CVE-2020-5311
+
 * Wed Nov 25 2020 shixuantong<shixuantong@huawei.com> - 5.3.0-6
 - Type:cves
 - ID:CVE-2020-11538 CVE-2020-10378 CVE-2020-10177 CVE-2020-10994