!71 incorporate community patch

From: @liuyumeng1 Reviewed-by: @shirely16,@shinwell_hu Signed-off-by: @shinwell_hu
2021-07-19 02:31:22 +00:00 · 2021-07-19 02:31:22 +00:00 · b4e81160a4
commit b4e81160a4
parent 650fdeb0c7 eccb6b2b76
4 changed files with 123 additions and 3 deletions
--- a/backport-0001-CVE-2021-34552.patch
+++ b/backport-0001-CVE-2021-34552.patch
@ -0,0 +1,43 @@
+From 5f4504bb03f4edeeef8c2633dc5ba03a4c2a8a97 Mon Sep 17 00:00:00 2001
+From: Andrew Murray <radarhere@users.noreply.github.com>
+Date: Tue, 15 Jun 2021 15:14:26 +1000
+Subject: [PATCH] Limit sprintf modes to 10 characters
+
+Conflict:NA
+Reference:https://github.com/python-pillow/Pillow/commit/5f4504bb03f4edeeef8c2633dc5ba03a4c2a8a97
+
+---
+ src/libImaging/Convert.c | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/src/libImaging/Convert.c b/src/libImaging/Convert.c
+index b0b794d..64bbeee 100644
+--- a/src/libImaging/Convert.c
+++ b/src/libImaging/Convert.c
+@@ -1664,9 +1664,8 @@ convert(Imaging imOut, Imaging imIn, const char *mode,
+ #ifdef notdef
+         return (Imaging) ImagingError_ValueError("conversion not supported");
+ #else
+-        static char buf[256];
+-        /* FIXME: may overflow if mode is too large */
+-        sprintf(buf, "conversion from %s to %s not supported", imIn->mode, mode);
+        static char buf[100];
+        sprintf(buf, "conversion from %.10s to %.10s not supported", imIn->mode, mode);
+         return (Imaging) ImagingError_ValueError(buf);
+ #endif
+     }
+@@ -1724,9 +1723,8 @@ ImagingConvertTransparent(Imaging imIn, const char *mode,
+     }
+ #else
+     {
+-      static char buf[256];
+-      /* FIXME: may overflow if mode is too large */
+-      sprintf(buf, "conversion from %s to %s not supported in convert_transparent", imIn->mode, mode);
+      static char buf[100];
+      sprintf(buf, "conversion from %.10s to %.10s not supported in convert_transparent", imIn->mode, mode);
+       return (Imaging) ImagingError_ValueError(buf);
+     }
+ #endif
+-- 
+2.27.0
+
--- a/backport-0002-CVE-2021-34552.patch
+++ b/backport-0002-CVE-2021-34552.patch
@ -0,0 +1,37 @@
+From 518ee3722a99d7f7d890db82a20bd81c1c0327fb Mon Sep 17 00:00:00 2001
+From: Andrew Murray <radarhere@users.noreply.github.com>
+Date: Wed, 30 Jun 2021 23:47:10 +1000
+Subject: [PATCH] Use snprintf instead of sprintf
+
+Conflict:NA
+Reference:https://github.com/python-pillow/Pillow/commit/518ee3722a99d7f7d890db82a20bd81c1c0327fb
+
+---
+ src/libImaging/Convert.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libImaging/Convert.c b/src/libImaging/Convert.c
+index 64bbeee..28b952e 100644
+--- a/src/libImaging/Convert.c
+++ b/src/libImaging/Convert.c
+@@ -1665,7 +1665,7 @@ convert(Imaging imOut, Imaging imIn, const char *mode,
+         return (Imaging) ImagingError_ValueError("conversion not supported");
+ #else
+         static char buf[100];
+-        sprintf(buf, "conversion from %.10s to %.10s not supported", imIn->mode, mode);
+        snprintf(buf, 100, "conversion from %.10s to %.10s not supported", imIn->mode, mode);
+         return (Imaging) ImagingError_ValueError(buf);
+ #endif
+     }
+@@ -1724,7 +1724,7 @@ ImagingConvertTransparent(Imaging imIn, const char *mode,
+ #else
+     {
+       static char buf[100];
+-      sprintf(buf, "conversion from %.10s to %.10s not supported in convert_transparent", imIn->mode, mode);
+      snprintf(buf, 100, "conversion from %.10s to %.10s not supported in convert_transparent", imIn->mode, mode);
+       return (Imaging) ImagingError_ValueError(buf);
+     }
+ #endif
+-- 
+2.27.0
+
--- a/backport-Updated-default-value-for-SAMPLESPERPIXEL-tag.patch
+++ b/backport-Updated-default-value-for-SAMPLESPERPIXEL-tag.patch
@ -0,0 +1,31 @@
+From 6fc039a21c683b13c311e1759c3570bc4dc5f459 Mon Sep 17 00:00:00 2001
+From: Andrew Murray <radarhere@users.noreply.github.com>
+Date: Tue, 4 May 2021 16:50:12 +1000
+Subject: [PATCH] Updated default value for SAMPLESPERPIXEL tag
+
+Conflict:NA
+Reference:https://github.com/python-pillow/Pillow/commit/6fc039a21c683b13c311e1759c3570bc4dc5f459
+
+---
+ src/PIL/TiffImagePlugin.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/PIL/TiffImagePlugin.py b/src/PIL/TiffImagePlugin.py
+index ced414f..860d870 100644
+--- a/src/PIL/TiffImagePlugin.py
+++ b/src/PIL/TiffImagePlugin.py
+@@ -1250,7 +1250,10 @@ class TiffImageFile(ImageFile.ImageFile):
+         if bps_count > len(bps_tuple) and len(bps_tuple) == 1:
+             bps_tuple = bps_tuple * bps_count
+ 
+-        samplesPerPixel = self.tag_v2.get(SAMPLESPERPIXEL, 1)
+        samplesPerPixel = self.tag_v2.get(
+            SAMPLESPERPIXEL,
+            3 if self._compression == "tiff_jpeg" and photo in (2, 6) else 1,
+        )
+         if len(bps_tuple) != samplesPerPixel:
+             raise SyntaxError("unknown data organization")
+ 
+-- 
+2.27.0
+
--- a/python-pillow.spec
+++ b/python-pillow.spec
@ -5,7 +5,7 @@
 
 Name:           python-pillow
 Version:        8.1.1
-Release:        5
+Release:        6
 Summary:        Python image processing library 
 License:        MIT
 URL:            http://python-pillow.github.io/
@ -26,7 +26,10 @@ Patch6008:      backport-Fixed-linear_gradient-and-radial_gradient-32-bit-mod.pa
 Patch6009:      backport-fixes-crash-74d2.patch
 Patch6010:      backport-fix-for-crash-8115.patch
 Patch6011:      backport-Fix-Memory-DOS-in-ImageFont.patch
- 
+Patch6012:      backport-0001-CVE-2021-34552.patch
+Patch6013:      backport-0002-CVE-2021-34552.patch
+Patch6014:      backport-Updated-default-value-for-SAMPLESPERPIXEL-tag.patch
+
 BuildRequires:  freetype-devel ghostscript lcms2-devel libimagequant-devel libjpeg-devel libraqm-devel libtiff-devel
 BuildRequires:  libwebp-devel openjpeg2-devel tk-devel zlib-devel python3-cffi python3-devel python3-numpy python3-olefile
 BuildRequires:  python3-qt5 python3-setuptools python3-tkinter gcc
@ -157,6 +160,12 @@ popd
 %{python3_sitearch}/PIL/__pycache__/ImageQt*

 %changelog
+* Thu Jul 15 2021 liuyumeng <liuyumeng5@huawei.com> - 8.1.1-6
+- Type:bugfix
+- CVE:CVE-2021-34552
+- SUG:NA
+- DESC: incorporate community patch
+
 * Tue Jul 6 2021 hanhui <hanhui15@huawei.com> - 8.1.1-5
 - Type:bugfix
 - CVE:CVE-2021-28675 CVE-2021-28676 CVE-2021-28677 CVE-2021-28678 CVE-2021-25287 CVE-2021-25288
@ -166,7 +175,7 @@ popd
 * Mon Jun 21 2021 hanhui <hanhui15@huawei.com> - 8.1.1-4
 - DESC: in the check section,using the cp -a instead of install

-* Mon Jun 15 2021 hanhui <hanhui15@huawei.com> - 8.1.1-3
+* Tue Jun 15 2021 hanhui <hanhui15@huawei.com> - 8.1.1-3
 - DESC: add buildrequire gcc

 * Sat Mar 13 2021 wangye <wangye70@huawei.com> - 8.1.1-2