packages/python-pillow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!70 update python-pillow version

Browse Source 
From: @ffrog
Reviewed-by: @myeuler
Signed-off-by: @myeuler
This commit is contained in:
openeuler-ci-bot 2021-08-11 09:00:24 +00:00 committed by Gitee
commit 3542f3e703
3 changed files with 20 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Pillow-8.1.1.tar.gz → Pillow-8.1.2.tar.gz
View File

Binary file not shown.

60
backport-CVE-2021-27921_CVE-2021-27922_CVE-2021-27923.patch
View File

@ -1,60 +0,0 @@
From 480f6819b592d7f07b9a9a52a7656c10bbe07442 Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Wed, 24 Feb 2021 23:27:07 +0100
Subject: [PATCH] Fix Memory DOS in Icns, Ico and Blp Image Plugins
Some container plugins that could contain images of other formats,
such as the ICNS format, did not properly check the reported size of
the contained image. These images could cause arbitrariliy large
memory allocations.
This is fixed for all locations where individual *ImageFile classes
are created without going through the usual Image.open method.
---
src/PIL/BlpImagePlugin.py | 1 +
src/PIL/IcnsImagePlugin.py | 2 ++
src/PIL/IcoImagePlugin.py | 1 +
3 files changed, 4 insertions(+)
diff -Nuar Pillow-8.1.1-old/src/PIL/BlpImagePlugin.py Pillow-8.1.1/src/PIL/BlpImagePlugin.py
--- Pillow-8.1.1-old/src/PIL/BlpImagePlugin.py 2021-03-13 16:44:33.159000000 +0800
+++ Pillow-8.1.1/src/PIL/BlpImagePlugin.py 2021-03-13 16:51:52.803000000 +0800
@@ -353,6 +353,7 @@
data = jpeg_header + data
data = BytesIO(data)
image = JpegImageFile(data)
+ Image._decompression_bomb_check(image.size)
self.tile = image.tile # :/
self.fd = image.fp
self.mode = image.mode
diff -Nuar Pillow-8.1.1-old/src/PIL/IcnsImagePlugin.py Pillow-8.1.1/src/PIL/IcnsImagePlugin.py
--- Pillow-8.1.1-old/src/PIL/IcnsImagePlugin.py 2021-03-13 16:44:33.160000000 +0800
+++ Pillow-8.1.1/src/PIL/IcnsImagePlugin.py 2021-03-13 16:54:10.925000000 +0800
@@ -105,6 +105,7 @@
if sig[:8] == b"\x89PNG\x0d\x0a\x1a\x0a":
fobj.seek(start)
im = PngImagePlugin.PngImageFile(fobj)
+ Image._decompression_bomb_check(im.size)
return {"RGBA": im}
elif (
sig[:4] == b"\xff\x4f\xff\x51"
@@ -120,6 +121,7 @@
fobj.seek(start)
jp2kstream = fobj.read(length)
f = io.BytesIO(jp2kstream)
+ Image._decompression_bomb_check(im.size)
im = Jpeg2KImagePlugin.Jpeg2KImageFile(f)
if im.mode != "RGBA":
im = im.convert("RGBA")
diff -Nuar Pillow-8.1.1-old/src/PIL/IcoImagePlugin.py Pillow-8.1.1/src/PIL/IcoImagePlugin.py
--- Pillow-8.1.1-old/src/PIL/IcoImagePlugin.py 2021-03-13 16:44:33.160000000 +0800
+++ Pillow-8.1.1/src/PIL/IcoImagePlugin.py 2021-03-13 16:55:31.306000000 +0800
@@ -178,6 +178,7 @@
if data[:8] == PngImagePlugin._MAGIC:
# png frame
im = PngImagePlugin.PngImageFile(self.buf)
+ Image._decompression_bomb_check(im.size)
else:
# XOR + AND mask bmp frame
im = BmpImagePlugin.DibImageFile(self.buf)

36
python-pillow.spec
View File

@ -4,8 +4,8 @@
%global with_docs 0 %global with_docs 0
Name: python-pillow Name: python-pillow
Version: 8.1.1 Version: 8.1.2
Release: 6 Release: 1
Summary: Python image processing library Summary: Python image processing library
License: MIT License: MIT
URL: http://python-pillow.github.io/ URL: http://python-pillow.github.io/
@ -14,21 +14,20 @@ Source0: https://github.com/python-pillow/Pillow/archive/%{version}/Pillo
Patch0: python-pillow_spinxwarn.patch Patch0: python-pillow_spinxwarn.patch
Patch1: python-pillow_sphinx-issues.patch Patch1: python-pillow_sphinx-issues.patch
Patch6000: backport-CVE-2021-27921_CVE-2021-27922_CVE-2021-27923.patch Patch6000: backport-Fix-Wformat-error-in-TiffDecode.patch
Patch6001: backport-Fix-Wformat-error-in-TiffDecode.patch Patch6001: backport-Updated-format-specifiers.patch
Patch6002: backport-Updated-format-specifiers.patch Patch6002: backport-CVE-2021-25287-CVE-2021-25288.patch
Patch6003: backport-CVE-2021-25287-CVE-2021-25288.patch Patch6003: backport-CVE-2021-28675.patch
Patch6004: backport-CVE-2021-28675.patch Patch6004: backport-CVE-2021-28676.patch
Patch6005: backport-CVE-2021-28676.patch Patch6005: backport-CVE-2021-28677.patch
Patch6006: backport-CVE-2021-28677.patch Patch6006: backport-CVE-2021-28678.patch
Patch6007: backport-CVE-2021-28678.patch Patch6007: backport-Fixed-linear_gradient-and-radial_gradient-32-bit-mod.patch
Patch6008: backport-Fixed-linear_gradient-and-radial_gradient-32-bit-mod.patch Patch6008: backport-fixes-crash-74d2.patch
Patch6009: backport-fixes-crash-74d2.patch Patch6009: backport-fix-for-crash-8115.patch
Patch6010: backport-fix-for-crash-8115.patch Patch6010: backport-Fix-Memory-DOS-in-ImageFont.patch
Patch6011: backport-Fix-Memory-DOS-in-ImageFont.patch Patch6011: backport-0001-CVE-2021-34552.patch
Patch6012: backport-0001-CVE-2021-34552.patch Patch6012: backport-0002-CVE-2021-34552.patch
Patch6013: backport-0002-CVE-2021-34552.patch Patch6013: backport-Updated-default-value-for-SAMPLESPERPIXEL-tag.patch
Patch6014: backport-Updated-default-value-for-SAMPLESPERPIXEL-tag.patch
BuildRequires: freetype-devel ghostscript lcms2-devel libimagequant-devel libjpeg-devel libraqm-devel libtiff-devel BuildRequires: freetype-devel ghostscript lcms2-devel libimagequant-devel libjpeg-devel libraqm-devel libtiff-devel
BuildRequires: libwebp-devel openjpeg2-devel tk-devel zlib-devel python3-cffi python3-devel python3-numpy python3-olefile BuildRequires: libwebp-devel openjpeg2-devel tk-devel zlib-devel python3-cffi python3-devel python3-numpy python3-olefile
@ -160,6 +159,9 @@ popd
%{python3_sitearch}/PIL/__pycache__/ImageQt* %{python3_sitearch}/PIL/__pycache__/ImageQt*
%changelog %changelog
* Wed Jul 14 2021 OpenStack_SIG <openstack@openeuler.org> - 8.1.2-1
- Update to 8.1.2
* Thu Jul 15 2021 liuyumeng <liuyumeng5@huawei.com> - 8.1.1-6 * Thu Jul 15 2021 liuyumeng <liuyumeng5@huawei.com> - 8.1.1-6
- Type:bugfix - Type:bugfix
- CVE:CVE-2021-34552 - CVE:CVE-2021-34552