rpms
/
python-pillow
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import python-pillow-5.1.1-12.el8_2

This commit is contained in:
CentOS Sources 2021-03-30 09:09:22 -04:00 committed by Stepan Oksanichenko
parent da935849a8
commit 9bcc43900d
2 changed files with 67 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
SOURCES/CVE-2020-11538.patch Normal file
View File

@ -0,0 +1,56 @@
From f91c78960495efa04c7f12eeb916158d4bfbabc4 Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Mon, 13 Jul 2020 15:40:11 +0200
Subject: [PATCH] CVE-2020-11538
---
src/libImaging/SgiRleDecode.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/libImaging/SgiRleDecode.c b/src/libImaging/SgiRleDecode.c
index 6367ae7..eb8fc84 100644
--- a/src/libImaging/SgiRleDecode.c
+++ b/src/libImaging/SgiRleDecode.c
@@ -28,6 +28,7 @@ static void read4B(UINT32* dest, UINT8* buf)
static int expandrow(UINT8* dest, UINT8* src, int n, int z, int xsize)
{
UINT8 pixel, count;
+ int x = 0;
for (;n > 0; n--)
{
@@ -37,9 +38,10 @@ static int expandrow(UINT8* dest, UINT8* src, int n, int z, int xsize)
count = pixel & RLE_MAX_RUN;
if (!count)
return count;
- if (count > xsize) {
+ if (x + count > xsize) {
return -1;
}
+ x += count;
if (pixel & RLE_COPY_FLAG) {
while(count--) {
*dest = *src++;
@@ -63,6 +65,7 @@ static int expandrow2(UINT16* dest, UINT16* src, int n, int z, int xsize)
{
UINT8 pixel, count;
+ int x = 0;
for (;n > 0; n--)
{
@@ -73,9 +76,10 @@ static int expandrow2(UINT16* dest, UINT16* src, int n, int z, int xsize)
count = pixel & RLE_MAX_RUN;
if (!count)
return count;
- if (count > xsize) {
+ if (x + count > xsize) {
return -1;
}
+ x += count;
if (pixel & RLE_COPY_FLAG) {
while(count--) {
*dest = *src++;
--
2.26.2

14
SPECS/python-pillow.spec
View File

@ -8,7 +8,7 @@
Name: python-%{srcname}
Version: 5.1.1
Release: 11%{?dist}
Release: 12%{?dist}
Summary: Python image processing library
# License: see http://www.pythonware.com/products/pil/license.htm
@ -32,10 +32,14 @@ Patch3: CVE-2020-5312_CVE-2019-16865.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1789535
# https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3
Patch4: CVE-2020-5311.patch
# CVE-2020-11538 out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2
# Upstream fix: https://github.com/python-pillow/Pillow/pull/4504/
# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=1852814
Patch5: CVE-2020-11538.patch
# CVE-2020-5313 out-of-bounds read in ImagingFliDecode when loading FLI images
# Upstream fix: https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b?patch
# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=1789532
Patch5: CVE-2020-5313.patch
Patch6: CVE-2020-5313.patch
BuildRequires: freetype-devel
BuildRequires: gcc
@ -180,10 +184,14 @@ popd
%changelog
* Wed Mar 04 2020 Lumír Balhar <lbalhar@redhat.com> - 5.1.1-11
* Mon Jul 13 2020 Lumír Balhar <lbalhar@redhat.com> - 5.1.1-12
- Fix for CVE-2020-5313
Resolves: rhbz#1789532
* Mon Jul 13 2020 Lumír Balhar <lbalhar@redhat.com> - 5.1.1-11
- Fix for CVE-2020-11538
Resolves: rhbz#1852814
* Mon Feb 17 2020 Lumír Balhar <lbalhar@redhat.com> - 5.1.1-10
- Bump and rebuild for gating to deliver CVE fixes
Resolves: rhbz#1789535