!77 modify CVE-2021-27921/CVE-2021-27922/CVE-2021-27923

From: @shirely16 Reviewed-by: @yangzhao_kl Signed-off-by: @yangzhao_kl
2021-08-16 08:18:27 +00:00 · 2021-08-16 08:18:27 +00:00 · 9dc87ec144
commit 9dc87ec144
parent 82717c6408 cedf635e7c
2 changed files with 32 additions and 21 deletions
--- a/backport-CVE-2021-27921_CVE-2021-27922_CVE-2021-27923.patch
+++ b/backport-CVE-2021-27921_CVE-2021-27922_CVE-2021-27923.patch
@ -10,17 +10,20 @@ memory allocations.

 This is fixed for all locations where individual *ImageFile classes
 are created without going through the usual Image.open method.
+
+Conflict:NA
+Reference:https://github.com/python-pillow/Pillow/commit/480f6819b592d7f07b9a9a52a7656c10bbe07442
 ---
- 
- src/PIL/BlpImagePlugin.py                      |   1 +
- src/PIL/IcnsImagePlugin.py                     |   2 ++
- src/PIL/IcoImagePlugin.py                      |   1 +
+ src/PIL/BlpImagePlugin.py  | 1 +
+ src/PIL/IcnsImagePlugin.py | 2 ++
+ src/PIL/IcoImagePlugin.py  | 1 +
 3 files changed, 4 insertions(+)
- 
-diff -Nuar Pillow-8.1.1-old/src/PIL/BlpImagePlugin.py Pillow-8.1.1/src/PIL/BlpImagePlugin.py
--- Pillow-8.1.1-old/src/PIL/BlpImagePlugin.py  2021-03-13 16:44:33.159000000 +0800
-+++ Pillow-8.1.1/src/PIL/BlpImagePlugin.py      2021-03-13 16:51:52.803000000 +0800
-@@ -353,6 +353,7 @@
+
+diff --git a/src/PIL/BlpImagePlugin.py b/src/PIL/BlpImagePlugin.py
+index d5d7c0e..88aae80 100644
+--- a/src/PIL/BlpImagePlugin.py
+++ b/src/PIL/BlpImagePlugin.py
+@@ -353,6 +353,7 @@ class BLP1Decoder(_BLPBaseDecoder):
         data = jpeg_header + data
         data = BytesIO(data)
         image = JpegImageFile(data)
@ -28,10 +31,11 @@ diff -Nuar Pillow-8.1.1-old/src/PIL/BlpImagePlugin.py Pillow-8.1.1/src/PIL/BlpIm
         self.tile = image.tile  # :/
         self.fd = image.fp
         self.mode = image.mode
-diff -Nuar Pillow-8.1.1-old/src/PIL/IcnsImagePlugin.py Pillow-8.1.1/src/PIL/IcnsImagePlugin.py
--- Pillow-8.1.1-old/src/PIL/IcnsImagePlugin.py 2021-03-13 16:44:33.160000000 +0800
-+++ Pillow-8.1.1/src/PIL/IcnsImagePlugin.py     2021-03-13 16:54:10.925000000 +0800
-@@ -105,6 +105,7 @@
+diff --git a/src/PIL/IcnsImagePlugin.py b/src/PIL/IcnsImagePlugin.py
+index 2a63d75..ca6a0ad 100644
+--- a/src/PIL/IcnsImagePlugin.py
+++ b/src/PIL/IcnsImagePlugin.py
+@@ -105,6 +105,7 @@ def read_png_or_jpeg2000(fobj, start_length, size):
     if sig[:8] == b"\x89PNG\x0d\x0a\x1a\x0a":
         fobj.seek(start)
         im = PngImagePlugin.PngImageFile(fobj)
@ -39,18 +43,19 @@ diff -Nuar Pillow-8.1.1-old/src/PIL/IcnsImagePlugin.py Pillow-8.1.1/src/PIL/Icns
         return {"RGBA": im}
     elif (
         sig[:4] == b"\xff\x4f\xff\x51"
-@@ -120,6 +121,7 @@
-         fobj.seek(start)
+@@ -121,6 +122,7 @@ def read_png_or_jpeg2000(fobj, start_length, size):
         jp2kstream = fobj.read(length)
         f = io.BytesIO(jp2kstream)
-+        Image._decompression_bomb_check(im.size)
         im = Jpeg2KImagePlugin.Jpeg2KImageFile(f)
+        Image._decompression_bomb_check(im.size)
         if im.mode != "RGBA":
             im = im.convert("RGBA")
-diff -Nuar Pillow-8.1.1-old/src/PIL/IcoImagePlugin.py Pillow-8.1.1/src/PIL/IcoImagePlugin.py
--- Pillow-8.1.1-old/src/PIL/IcoImagePlugin.py  2021-03-13 16:44:33.160000000 +0800
-+++ Pillow-8.1.1/src/PIL/IcoImagePlugin.py      2021-03-13 16:55:31.306000000 +0800
-@@ -178,6 +178,7 @@
+         return {"RGBA": im}
+diff --git a/src/PIL/IcoImagePlugin.py b/src/PIL/IcoImagePlugin.py
+index e1bfa7a..5634bf8 100644
+--- a/src/PIL/IcoImagePlugin.py
+++ b/src/PIL/IcoImagePlugin.py
+@@ -178,6 +178,7 @@ class IcoFile:
         if data[:8] == PngImagePlugin._MAGIC:
             # png frame
             im = PngImagePlugin.PngImageFile(self.buf)
@ -58,3 +63,6 @@ diff -Nuar Pillow-8.1.1-old/src/PIL/IcoImagePlugin.py Pillow-8.1.1/src/PIL/IcoIm
         else:
             # XOR + AND mask bmp frame
             im = BmpImagePlugin.DibImageFile(self.buf)
+-- 
+2.27.0
+
--- a/python-pillow.spec
+++ b/python-pillow.spec
@ -5,7 +5,7 @@
 
 Name:           python-pillow
 Version:        8.1.1
-Release:        5
+Release:        6
 Summary:        Python image processing library 
 License:        MIT
 URL:            http://python-pillow.github.io/
@ -159,6 +159,9 @@ popd
 %{python3_sitearch}/PIL/__pycache__/ImageQt*

 %changelog
+* Tue Aug 10 2021 hanhui <hanhui15@huawei.com> - 8.1.1-6
+- Type:modify CVE-2021-27921CVE-2021-27922CVE-2021-27923
+
 * Thu Jul 15 2021 liuyumeng <liuyumeng5@huawei.com> -8.1.1-5
 - Type:bugfix
 - CVE:CVE-2021-34552