packages/python-pillow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!70 update python-pillow version

Browse Source 
From: @ffrog
Reviewed-by: @myeuler
Signed-off-by: @myeuler
This commit is contained in:
openeuler-ci-bot 2021-08-11 09:00:24 +00:00 committed by Gitee
commit 3542f3e703
3 changed files with 20 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Pillow-8.1.1.tar.gz → Pillow-8.1.2.tar.gz
View File

Binary file not shown.

60
backport-CVE-2021-27921_CVE-2021-27922_CVE-2021-27923.patch
View File

@ -1,60 +0,0 @@
From 480f6819b592d7f07b9a9a52a7656c10bbe07442 Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Wed, 24 Feb 2021 23:27:07 +0100
Subject: [PATCH] Fix Memory DOS in Icns, Ico and Blp Image Plugins
Some container plugins that could contain images of other formats,
such as the ICNS format, did not properly check the reported size of
the contained image. These images could cause arbitrariliy large
memory allocations.
This is fixed for all locations where individual *ImageFile classes
are created without going through the usual Image.open method.
---
src/PIL/BlpImagePlugin.py | 1 +
src/PIL/IcnsImagePlugin.py | 2 ++
src/PIL/IcoImagePlugin.py | 1 +
3 files changed, 4 insertions(+)
diff -Nuar Pillow-8.1.1-old/src/PIL/BlpImagePlugin.py Pillow-8.1.1/src/PIL/BlpImagePlugin.py
--- Pillow-8.1.1-old/src/PIL/BlpImagePlugin.py 2021-03-13 16:44:33.159000000 +0800
+++ Pillow-8.1.1/src/PIL/BlpImagePlugin.py 2021-03-13 16:51:52.803000000 +0800
@@ -353,6 +353,7 @@
data = jpeg_header + data
data = BytesIO(data)
image = JpegImageFile(data)
+ Image._decompression_bomb_check(image.size)
self.tile = image.tile # :/
self.fd = image.fp
self.mode = image.mode
diff -Nuar Pillow-8.1.1-old/src/PIL/IcnsImagePlugin.py Pillow-8.1.1/src/PIL/IcnsImagePlugin.py
--- Pillow-8.1.1-old/src/PIL/IcnsImagePlugin.py 2021-03-13 16:44:33.160000000 +0800
+++ Pillow-8.1.1/src/PIL/IcnsImagePlugin.py 2021-03-13 16:54:10.925000000 +0800
@@ -105,6 +105,7 @@
if sig[:8] == b"\x89PNG\x0d\x0a\x1a\x0a":
fobj.seek(start)
im = PngImagePlugin.PngImageFile(fobj)
+ Image._decompression_bomb_check(im.size)
return {"RGBA": im}
elif (
sig[:4] == b"\xff\x4f\xff\x51"
@@ -120,6 +121,7 @@
fobj.seek(start)
jp2kstream = fobj.read(length)
f = io.BytesIO(jp2kstream)
+ Image._decompression_bomb_check(im.size)
im = Jpeg2KImagePlugin.Jpeg2KImageFile(f)
if im.mode != "RGBA":
im = im.convert("RGBA")
diff -Nuar Pillow-8.1.1-old/src/PIL/IcoImagePlugin.py Pillow-8.1.1/src/PIL/IcoImagePlugin.py
--- Pillow-8.1.1-old/src/PIL/IcoImagePlugin.py 2021-03-13 16:44:33.160000000 +0800
+++ Pillow-8.1.1/src/PIL/IcoImagePlugin.py 2021-03-13 16:55:31.306000000 +0800
@@ -178,6 +178,7 @@
if data[:8] == PngImagePlugin._MAGIC:
# png frame
im = PngImagePlugin.PngImageFile(self.buf)
+ Image._decompression_bomb_check(im.size)
else:
# XOR + AND mask bmp frame
im = BmpImagePlugin.DibImageFile(self.buf)

38
python-pillow.spec
View File

@ -4,8 +4,8 @@
%global with_docs 0
Name: python-pillow
Version: 8.1.1
Release: 6
Version: 8.1.2
Release: 1
Summary: Python image processing library
License: MIT
URL: http://python-pillow.github.io/
@ -14,21 +14,20 @@ Source0: https://github.com/python-pillow/Pillow/archive/%{version}/Pillo
Patch0: python-pillow_spinxwarn.patch
Patch1: python-pillow_sphinx-issues.patch
Patch6000: backport-CVE-2021-27921_CVE-2021-27922_CVE-2021-27923.patch
Patch6001: backport-Fix-Wformat-error-in-TiffDecode.patch
Patch6002: backport-Updated-format-specifiers.patch
Patch6003: backport-CVE-2021-25287-CVE-2021-25288.patch
Patch6004: backport-CVE-2021-28675.patch
Patch6005: backport-CVE-2021-28676.patch
Patch6006: backport-CVE-2021-28677.patch
Patch6007: backport-CVE-2021-28678.patch
Patch6008: backport-Fixed-linear_gradient-and-radial_gradient-32-bit-mod.patch
Patch6009: backport-fixes-crash-74d2.patch
Patch6010: backport-fix-for-crash-8115.patch
Patch6011: backport-Fix-Memory-DOS-in-ImageFont.patch
Patch6012: backport-0001-CVE-2021-34552.patch
Patch6013: backport-0002-CVE-2021-34552.patch
Patch6014: backport-Updated-default-value-for-SAMPLESPERPIXEL-tag.patch
Patch6000: backport-Fix-Wformat-error-in-TiffDecode.patch
Patch6001: backport-Updated-format-specifiers.patch
Patch6002: backport-CVE-2021-25287-CVE-2021-25288.patch
Patch6003: backport-CVE-2021-28675.patch
Patch6004: backport-CVE-2021-28676.patch
Patch6005: backport-CVE-2021-28677.patch
Patch6006: backport-CVE-2021-28678.patch
Patch6007: backport-Fixed-linear_gradient-and-radial_gradient-32-bit-mod.patch
Patch6008: backport-fixes-crash-74d2.patch
Patch6009: backport-fix-for-crash-8115.patch
Patch6010: backport-Fix-Memory-DOS-in-ImageFont.patch
Patch6011: backport-0001-CVE-2021-34552.patch
Patch6012: backport-0002-CVE-2021-34552.patch
Patch6013: backport-Updated-default-value-for-SAMPLESPERPIXEL-tag.patch
BuildRequires: freetype-devel ghostscript lcms2-devel libimagequant-devel libjpeg-devel libraqm-devel libtiff-devel
BuildRequires: libwebp-devel openjpeg2-devel tk-devel zlib-devel python3-cffi python3-devel python3-numpy python3-olefile
@ -42,7 +41,7 @@ BuildRequires: python3-sphinx-removed-in
Requires: ghostscript
%global __provides_exclude_from ^%{python3_sitearch}/PIL/.*\\.so$
%description
Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging \
Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift.
@ -160,6 +159,9 @@ popd
%{python3_sitearch}/PIL/__pycache__/ImageQt*
%changelog
* Wed Jul 14 2021 OpenStack_SIG <openstack@openeuler.org> - 8.1.2-1
- Update to 8.1.2
* Thu Jul 15 2021 liuyumeng <liuyumeng5@huawei.com> - 8.1.1-6
- Type:bugfix
- CVE:CVE-2021-34552