packages/python-pillow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!28 [sync] PR-25: fix CVE-2020-35653

Browse Source 
From: @openeuler-sync-bot
Reviewed-by: @small_leek
Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot 2021-02-01 17:43:33 +08:00 committed by Gitee
commit b710ca1ca4
2 changed files with 58 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
backport-CVE-2020-35653.patch Normal file
View File

@ -0,0 +1,41 @@
From 1eff62205ebe9d42a9417955d2955591be69c9bb Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Thu, 17 Dec 2020 00:17:53 +0100
Subject: [PATCH] Fix for CVE CVE-2020-35655 - Read Overflow in PCX Decoding.
commit 2f409261eb1228e166868f8f0b5da5cda52e55bf upstream
* Don't trust the image to specify a buffer size
Conflict:NA
Reference:https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf
---
src/PIL/PcxImagePlugin.py | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/PIL/PcxImagePlugin.py b/src/PIL/PcxImagePlugin.py
index daa58b3..82aa3bb 100644
--- a/src/PIL/PcxImagePlugin.py
+++ b/src/PIL/PcxImagePlugin.py
@@ -63,9 +63,9 @@ class PcxImageFile(ImageFile.ImageFile):
version = i8(s[1])
bits = i8(s[3])
planes = i8(s[65])
- stride = i16(s, 66)
+ ignored_stride = i16(s, 66)
logger.debug("PCX version %s, bits %s, planes %s, stride %s",
- version, bits, planes, stride)
+ version, bits, planes, ignored_stride)
self.info["dpi"] = i16(s, 12), i16(s, 14)
@@ -102,6 +102,11 @@ class PcxImageFile(ImageFile.ImageFile):
self.mode = mode
self._size = bbox[2]-bbox[0], bbox[3]-bbox[1]
+ # don't trust the passed in stride. Calculate for ourselves.
+ # CVE-2020-35655
+ stride = (self._size[0] * bits + 7) // 8
+ stride += stride % 2
+
bbox = (0, 0) + self.size
logger.debug("size: %sx%s", *self.size)
--
2.23.0

27
python-pillow.spec
View File

@ -5,7 +5,7 @@
Name: python-pillow Name: python-pillow
Version: 5.3.0 Version: 5.3.0
Release: 8 Release: 11
Summary: Python image processing library Summary: Python image processing library
License: MIT License: MIT
URL: http://python-pillow.github.io/ URL: http://python-pillow.github.io/
@ -18,14 +18,15 @@ Patch0003: 0003-CVE-2019-16865-4.patch
Patch0004: CVE-2020-10378.patch Patch0004: CVE-2020-10378.patch
Patch0005: CVE-2020-10177.patch Patch0005: CVE-2020-10177.patch
Patch0006: CVE-2020-10994.patch Patch0006: CVE-2020-10994.patch
Patch0007: replace_copy_operations_with_memcpy.patch Patch0010: replace_copy_operations_with_memcpy.patch
Patch0008: pre-CVE-2020-11538-1.patch Patch0011: pre-CVE-2020-11538-1.patch
Patch0011: CVE-2020-5311.patch Patch0014: CVE-2020-5311.patch
Patch0012: CVE-2020-11538.patch Patch0015: CVE-2020-11538.patch
Patch0013: CVE-2019-19911.patch Patch0016: CVE-2019-19911.patch
Patch0014: CVE-2020-5310.patch Patch0017: CVE-2020-5310.patch
Patch0015: CVE-2020-5312.patch Patch0018: CVE-2020-5312.patch
Patch0016: CVE-2020-5313.patch Patch0019: CVE-2020-5313.patch
Patch0020: backport-CVE-2020-35653.patch
BuildRequires: freetype-devel ghostscript lcms2-devel libimagequant-devel libjpeg-devel BuildRequires: freetype-devel ghostscript lcms2-devel libimagequant-devel libjpeg-devel
BuildRequires: libtiff-devel libwebp-devel openjpeg2-devel tk-devel zlib-devel BuildRequires: libtiff-devel libwebp-devel openjpeg2-devel tk-devel zlib-devel
@ -179,7 +180,13 @@ popd
%doc docs/_build_py3/html %doc docs/_build_py3/html
%changelog %changelog
* Thu Nov 26 2020 shixuantong<shixuantong@huawei.com> - 5.3.0-8 * Thu Jan 28 2021 renmingshuai<renmingshuai@huawei.com> - 5.3.0-11
- Type:cves
- ID:CVE-2020-35653
- SUG:NA
- DESC:fix CVE-2020-35653
* Thu Nov 26 2020 shixuantong<shixuantong@huawei.com> - 5.3.0-10
- Type:cves - Type:cves
- ID:CVE-2020-5310 CVE-2020-5312 CVE-2020-5313 - ID:CVE-2020-5310 CVE-2020-5312 CVE-2020-5313
- SUG:NA - SUG:NA