diff --git a/Pillow-8.1.2.tar.gz b/Pillow-9.0.1.tar.gz similarity index 76% rename from Pillow-8.1.2.tar.gz rename to Pillow-9.0.1.tar.gz index 31bde5e546ad935ebf9d6f1ed2cc56b4043312fd..b6733d7e4241100c688d4fc324ab5d83147d7a02 100644 Binary files a/Pillow-8.1.2.tar.gz and b/Pillow-9.0.1.tar.gz differ diff --git a/backport-0001-CVE-2021-34552.patch b/backport-0001-CVE-2021-34552.patch deleted file mode 100644 index f7f4d833eb2a0f4c13c71a960b6f40103f8b1b8f..0000000000000000000000000000000000000000 --- a/backport-0001-CVE-2021-34552.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 5f4504bb03f4edeeef8c2633dc5ba03a4c2a8a97 Mon Sep 17 00:00:00 2001 -From: Andrew Murray -Date: Tue, 15 Jun 2021 15:14:26 +1000 -Subject: [PATCH] Limit sprintf modes to 10 characters - -Conflict:NA -Reference:https://github.com/python-pillow/Pillow/commit/5f4504bb03f4edeeef8c2633dc5ba03a4c2a8a97 - ---- - src/libImaging/Convert.c | 10 ++++------ - 1 file changed, 4 insertions(+), 6 deletions(-) - -diff --git a/src/libImaging/Convert.c b/src/libImaging/Convert.c -index b0b794d..64bbeee 100644 ---- a/src/libImaging/Convert.c -+++ b/src/libImaging/Convert.c -@@ -1664,9 +1664,8 @@ convert(Imaging imOut, Imaging imIn, const char *mode, - #ifdef notdef - return (Imaging) ImagingError_ValueError("conversion not supported"); - #else -- static char buf[256]; -- /* FIXME: may overflow if mode is too large */ -- sprintf(buf, "conversion from %s to %s not supported", imIn->mode, mode); -+ static char buf[100]; -+ sprintf(buf, "conversion from %.10s to %.10s not supported", imIn->mode, mode); - return (Imaging) ImagingError_ValueError(buf); - #endif - } -@@ -1724,9 +1723,8 @@ ImagingConvertTransparent(Imaging imIn, const char *mode, - } - #else - { -- static char buf[256]; -- /* FIXME: may overflow if mode is too large */ -- sprintf(buf, "conversion from %s to %s not supported in convert_transparent", imIn->mode, mode); -+ static char buf[100]; -+ sprintf(buf, "conversion from %.10s to %.10s not supported in convert_transparent", imIn->mode, mode); - return (Imaging) ImagingError_ValueError(buf); - } - #endif --- -2.27.0 - diff --git a/backport-0002-CVE-2021-34552.patch b/backport-0002-CVE-2021-34552.patch deleted file mode 100644 index 0c3ddd82f55f7f98945c5abb6a9c85831e912b6c..0000000000000000000000000000000000000000 --- a/backport-0002-CVE-2021-34552.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 518ee3722a99d7f7d890db82a20bd81c1c0327fb Mon Sep 17 00:00:00 2001 -From: Andrew Murray -Date: Wed, 30 Jun 2021 23:47:10 +1000 -Subject: [PATCH] Use snprintf instead of sprintf - -Conflict:NA -Reference:https://github.com/python-pillow/Pillow/commit/518ee3722a99d7f7d890db82a20bd81c1c0327fb - ---- - src/libImaging/Convert.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/libImaging/Convert.c b/src/libImaging/Convert.c -index 64bbeee..28b952e 100644 ---- a/src/libImaging/Convert.c -+++ b/src/libImaging/Convert.c -@@ -1665,7 +1665,7 @@ convert(Imaging imOut, Imaging imIn, const char *mode, - return (Imaging) ImagingError_ValueError("conversion not supported"); - #else - static char buf[100]; -- sprintf(buf, "conversion from %.10s to %.10s not supported", imIn->mode, mode); -+ snprintf(buf, 100, "conversion from %.10s to %.10s not supported", imIn->mode, mode); - return (Imaging) ImagingError_ValueError(buf); - #endif - } -@@ -1724,7 +1724,7 @@ ImagingConvertTransparent(Imaging imIn, const char *mode, - #else - { - static char buf[100]; -- sprintf(buf, "conversion from %.10s to %.10s not supported in convert_transparent", imIn->mode, mode); -+ snprintf(buf, 100, "conversion from %.10s to %.10s not supported in convert_transparent", imIn->mode, mode); - return (Imaging) ImagingError_ValueError(buf); - } - #endif --- -2.27.0 - diff --git a/backport-CVE-2021-23437.patch b/backport-CVE-2021-23437.patch deleted file mode 100644 index 535dee308fdf964868508a3962eca6fb37196606..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-23437.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 1dc6564eb7ee8f28fb16eeffaf3572f3e1d5aa29 Mon Sep 17 00:00:00 2001 -From: Hugo van Kemenade -Date: Mon, 23 Aug 2021 19:10:49 +0300 -Subject: [PATCH] Raise ValueError if color specifier is too long - -Conflict:NA -Reference:https://github.com/python-pillow/Pillow/commit/1dc6564eb7ee8f28fb16eeffaf3572f3e1d5aa29 ----- - Tests/test_imagecolor.py | 9 +++++++++ - src/PIL/ImageColor.py | 2 ++ - 2 files changed, 11 insertions(+) - -diff --git a/Tests/test_imagecolor.py b/Tests/test_imagecolor.py -index b5d6937965..dbe8b9e957 100644 ---- a/Tests/test_imagecolor.py -+++ b/Tests/test_imagecolor.py -@@ -191,3 +191,12 @@ def test_rounding_errors(): - assert (255, 255) == ImageColor.getcolor("white", "LA") - assert (163, 33) == ImageColor.getcolor("rgba(0, 255, 115, 33)", "LA") - Image.new("LA", (1, 1), "white") -+ -+ -+def test_color_too_long(): -+ # Arrange -+ color_too_long = "hsl(" + "1" * 100 + ")" -+ -+ # Act / Assert -+ with pytest.raises(ValueError): -+ ImageColor.getrgb(color_too_long) -diff --git a/src/PIL/ImageColor.py b/src/PIL/ImageColor.py -index 51df440403..25f92f2c73 100644 ---- a/src/PIL/ImageColor.py -+++ b/src/PIL/ImageColor.py -@@ -32,6 +32,8 @@ def getrgb(color): - :param color: A color string - :return: ``(red, green, blue[, alpha])`` - """ -+ if len(color) > 100: -+ raise ValueError("color specifier is too long") - color = color.lower() - - rgb = colormap.get(color, None) diff --git a/backport-CVE-2021-25287-CVE-2021-25288.patch b/backport-CVE-2021-25287-CVE-2021-25288.patch deleted file mode 100644 index 5e5b2b341bbdd35286507fb5ac748013a26c4a7d..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-25287-CVE-2021-25288.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87 Mon Sep 17 00:00:00 2001 -From: Eric Soroos -Date: Sun, 7 Mar 2021 12:32:12 +0100 -Subject: [PATCH] Fix OOB Read in Jpeg2KDecode CVE-2021-25287,CVE-2021-25288 - -Conflict:NA -Reference:https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87 ---- - src/libImaging/Jpeg2KDecode.c | 33 +++++++++++++++++++++++++-------- - 1 file changed, 25 insertions(+), 8 deletions(-) - -diff --git a/src/libImaging/Jpeg2KDecode.c b/src/libImaging/Jpeg2KDecode.c -index 8cce545..60d4d77 100644 ---- a/src/libImaging/Jpeg2KDecode.c -+++ b/src/libImaging/Jpeg2KDecode.c -@@ -589,7 +589,7 @@ j2k_decode_entry(Imaging im, ImagingCodecState state) - j2k_unpacker_t unpack = NULL; - size_t buffer_size = 0, tile_bytes = 0; - unsigned n, tile_height, tile_width; -- int components; -+ int total_component_width = 0; - - - stream = opj_stream_create(BUFFER_SIZE, OPJ_TRUE); -@@ -753,23 +753,40 @@ j2k_decode_entry(Imaging im, ImagingCodecState state) - goto quick_exit; - } - -+ if (tile_info.nb_comps != image->numcomps) { -+ state->errcode = IMAGING_CODEC_BROKEN; -+ state->state = J2K_STATE_FAILED; -+ goto quick_exit; -+ } -+ - /* Sometimes the tile_info.datasize we get back from openjpeg -- is less than numcomps*w*h, and we overflow in the -+ is less than sum(comp_bytes)*w*h, and we overflow in the - shuffle stage */ - - tile_width = tile_info.x1 - tile_info.x0; - tile_height = tile_info.y1 - tile_info.y0; -- components = tile_info.nb_comps == 3 ? 4 : tile_info.nb_comps; -- if (( tile_width > UINT_MAX / components ) || -- ( tile_height > UINT_MAX / components ) || -- ( tile_width > UINT_MAX / (tile_height * components )) || -- ( tile_height > UINT_MAX / (tile_width * components ))) { -+ -+ /* Total component width = sum (component_width) e.g, it's -+ legal for an la file to have a 1 byte width for l, and 4 for -+ a. and then a malicious file could have a smaller tile_bytes -+ */ -+ -+ for (n=0; n < tile_info.nb_comps; n++) { -+ // see csize /acsize calcs -+ int csize = (image->comps[n].prec + 7) >> 3; -+ csize = (csize == 3) ? 4 : csize; -+ total_component_width += csize; -+ } -+ if ((tile_width > UINT_MAX / total_component_width) || -+ (tile_height > UINT_MAX / total_component_width) || -+ (tile_width > UINT_MAX / (tile_height * total_component_width)) || -+ (tile_height > UINT_MAX / (tile_width * total_component_width))) { - state->errcode = IMAGING_CODEC_BROKEN; - state->state = J2K_STATE_FAILED; - goto quick_exit; - } - -- tile_bytes = tile_width * tile_height * components; -+ tile_bytes = tile_width * tile_height * total_component_width; - - if (tile_bytes > tile_info.data_size) { - tile_info.data_size = tile_bytes; --- -2.23.0 - diff --git a/backport-CVE-2021-28675.patch b/backport-CVE-2021-28675.patch deleted file mode 100644 index f8a5aac84883fdc655419f814e5fa8e9561538ad..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-28675.patch +++ /dev/null @@ -1,197 +0,0 @@ -From 22e9bee4ef225c0edbb9323f94c26cee0c623497 Mon Sep 17 00:00:00 2001 -From: Eric Soroos -Date: Sun, 7 Mar 2021 19:04:25 +0100 -Subject: [PATCH] Fix DOS in PSDImagePlugin -- CVE-2021-28675 - -Conflict:NA -Reference:https://github.com/python-pillow/Pillow/commit/22e9bee4ef225c0edbb9323f94c26cee0c623497 ---- - Tests/test_decompression_bomb.py | 1 + - Tests/test_file_apng.py | 2 +- - Tests/test_file_blp.py | 1 + - Tests/test_file_tiff.py | 6 ++++-- - src/PIL/ImageFile.py | 14 ++++++++++++-- - src/PIL/PsdImagePlugin.py | 32 +++++++++++++++++++++----------- - 6 files changed, 40 insertions(+), 16 deletions(-) - -diff --git a/Tests/test_decompression_bomb.py b/Tests/test_decompression_bomb.py -index 7671cdc..f96a15a 100644 ---- a/Tests/test_decompression_bomb.py -+++ b/Tests/test_decompression_bomb.py -@@ -52,6 +52,7 @@ class TestDecompressionBomb: - with Image.open(TEST_FILE): - pass - -+ @pytest.mark.xfail(reason="different exception") - def test_exception_ico(self): - with pytest.raises(Image.DecompressionBombError): - Image.open("Tests/images/decompression_bomb.ico") -diff --git a/Tests/test_file_apng.py b/Tests/test_file_apng.py -index 97e2a15..8348da4 100644 ---- a/Tests/test_file_apng.py -+++ b/Tests/test_file_apng.py -@@ -312,7 +312,7 @@ def test_apng_syntax_errors(): - exception = e - assert exception is None - -- with pytest.raises(SyntaxError): -+ with pytest.raises(OSError): - with Image.open("Tests/images/apng/syntax_num_frames_high.png") as im: - im.seek(im.n_frames - 1) - im.load() -diff --git a/Tests/test_file_blp.py b/Tests/test_file_blp.py -index 94c469c..1510614 100644 ---- a/Tests/test_file_blp.py -+++ b/Tests/test_file_blp.py -@@ -1,4 +1,5 @@ - from PIL import Image -+import pytest - - from .helper import assert_image_equal - -diff --git a/Tests/test_file_tiff.py b/Tests/test_file_tiff.py -index bb1bbda..1500ac8 100644 ---- a/Tests/test_file_tiff.py -+++ b/Tests/test_file_tiff.py -@@ -612,8 +612,10 @@ class TestFileTiff: - ) - def test_string_dimension(self): - # Assert that an error is raised if one of the dimensions is a string -- with pytest.raises(ValueError): -- Image.open("Tests/images/string_dimension.tiff") -+ with pytest.raises(OSError): -+ with Image.open("Tests/images/string_dimension.tiff") as im: -+ im.load() -+ - - - @pytest.mark.skipif(not is_win32(), reason="Windows only") -diff --git a/src/PIL/ImageFile.py b/src/PIL/ImageFile.py -index f2a55cb..468314b 100644 ---- a/src/PIL/ImageFile.py -+++ b/src/PIL/ImageFile.py -@@ -555,12 +555,18 @@ def _safe_read(fp, size): - - :param fp: File handle. Must implement a read method. - :param size: Number of bytes to read. -- :returns: A string containing up to size bytes of data. -+ :returns: A string containing size bytes of data. -+ -+ Raises an OSError if the file is truncated and the read can not be completed -+ - """ - if size <= 0: - return b"" - if size <= SAFEBLOCK: -- return fp.read(size) -+ data = fp.read(size) -+ if len(data) < size: -+ raise OSError("Truncated File Read") -+ return data - data = [] - while size > 0: - block = fp.read(min(size, SAFEBLOCK)) -@@ -568,9 +574,13 @@ def _safe_read(fp, size): - break - data.append(block) - size -= len(block) -+ if sum(len(d) for d in data) < size: -+ raise OSError("Truncated File Read") - return b"".join(data) - - -+ -+ - class PyCodecState: - def __init__(self): - self.xsize = 0 -diff --git a/src/PIL/PsdImagePlugin.py b/src/PIL/PsdImagePlugin.py -index d3799ed..96de58f 100644 ---- a/src/PIL/PsdImagePlugin.py -+++ b/src/PIL/PsdImagePlugin.py -@@ -119,7 +119,8 @@ class PsdImageFile(ImageFile.ImageFile): - end = self.fp.tell() + size - size = i32(read(4)) - if size: -- self.layers = _layerinfo(self.fp) -+ _layer_data = io.BytesIO(ImageFile._safe_read(self.fp, size)) -+ self.layers = _layerinfo(_layer_data, size) - self.fp.seek(end) - self.n_frames = len(self.layers) - self.is_animated = self.n_frames > 1 -@@ -170,12 +171,20 @@ class PsdImageFile(ImageFile.ImageFile): - finally: - self.__fp = None - -- --def _layerinfo(file): -+def _layerinfo(fp, ct_bytes): - # read layerinfo block - layers = [] -- read = file.read -- for i in range(abs(i16(read(2)))): -+ -+ def read(size): -+ return ImageFile._safe_read(fp, size) -+ -+ ct = i16(read(2)) -+ -+ # sanity check -+ if ct_bytes < (abs(ct) * 20): -+ raise SyntaxError("Layer block too short for number of layers requested") -+ -+ for i in range(abs(ct)): - - # bounding box - y0 = i32(read(4)) -@@ -186,7 +195,8 @@ def _layerinfo(file): - # image info - info = [] - mode = [] -- types = list(range(i16(read(2)))) -+ ct_types = i16(read(2)) -+ types = list(range(ct_types)) - if len(types) > 4: - continue - -@@ -219,16 +229,16 @@ def _layerinfo(file): - size = i32(read(4)) # length of the extra data field - combined = 0 - if size: -- data_end = file.tell() + size -+ data_end = fp.tell() + size - - length = i32(read(4)) - if length: -- file.seek(length - 16, io.SEEK_CUR) -+ fp.seek(length - 16, io.SEEK_CUR) - combined += length + 4 - - length = i32(read(4)) - if length: -- file.seek(length, io.SEEK_CUR) -+ fp.seek(length, io.SEEK_CUR) - combined += length + 4 - - length = i8(read(1)) -@@ -238,7 +248,7 @@ def _layerinfo(file): - name = read(length).decode("latin-1", "replace") - combined += length + 1 - -- file.seek(data_end) -+ fp.seek(data_end) - layers.append((name, mode, (x0, y0, x1, y1))) - - # get tiles -@@ -246,7 +256,7 @@ def _layerinfo(file): - for name, mode, bbox in layers: - tile = [] - for m in mode: -- t = _maketile(file, m, bbox, 1) -+ t = _maketile(fp, m, bbox, 1) - if t: - tile.extend(t) - layers[i] = name, mode, bbox, tile --- -2.23.0 - diff --git a/backport-CVE-2021-28676.patch b/backport-CVE-2021-28676.patch deleted file mode 100644 index f80a1075aa08cfdceedbb5ba75a49ed0957d463c..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-28676.patch +++ /dev/null @@ -1,30 +0,0 @@ -From bb6c11fb889e6c11b0ee122b828132ee763b5856 Mon Sep 17 00:00:00 2001 -From: Eric Soroos -Date: Thu, 11 Mar 2021 22:12:35 +0100 -Subject: [PATCH] Fix FLI DOS -- CVE-2021-28676 - -Conflict:NA -Reference:https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856 ---- - src/libImaging/FliDecode.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/libImaging/FliDecode.c b/src/libImaging/FliDecode.c -index 8450801..b8bc5ce 100644 ---- a/src/libImaging/FliDecode.c -+++ b/src/libImaging/FliDecode.c -@@ -242,6 +242,11 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt - return -1; - } - advance = I32(ptr); -+ if (advance == 0 ) { -+ // If there's no advance, we're in in infinite loop -+ state->errcode = IMAGING_CODEC_BROKEN; -+ return -1; -+ } - if (advance < 0 || advance > bytes) { - state->errcode = IMAGING_CODEC_OVERRUN; - return -1; --- -2.23.0 - diff --git a/backport-CVE-2021-28677.patch b/backport-CVE-2021-28677.patch deleted file mode 100644 index 419adb9d15dbbf0d27f287be0953e71eff68fb87..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-28677.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 5a5e6db0abf4e7a638fb1b3408c4e495a096cb92 Mon Sep 17 00:00:00 2001 -From: Eric Soroos -Date: Mon, 8 Mar 2021 20:31:41 +0100 -Subject: [PATCH] Fix EPS DOS on _open -- CVE-2021-28677 - -Conflict:NA -Reference:https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92 ---- - src/PIL/EpsImagePlugin.py | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/PIL/EpsImagePlugin.py b/src/PIL/EpsImagePlugin.py -index dc61f48..3bf8ee0 100644 ---- a/src/PIL/EpsImagePlugin.py -+++ b/src/PIL/EpsImagePlugin.py -@@ -170,12 +170,12 @@ class PSFile: - self.fp.seek(offset, whence) - - def readline(self): -- s = self.char or b"" -+ s = [self.char or b""] - self.char = None - - c = self.fp.read(1) -- while c not in b"\r\n": -- s = s + c -+ while (c not in b"\r\n") and len(c): -+ s.append(c) - c = self.fp.read(1) - - self.char = self.fp.read(1) -@@ -183,7 +183,7 @@ class PSFile: - if self.char in b"\r\n": - self.char = None - -- return s.decode("latin-1") -+ return b"".join(s).decode("latin-1") - - - def _accept(prefix): --- -2.23.0 - diff --git a/backport-CVE-2021-28678.patch b/backport-CVE-2021-28678.patch deleted file mode 100644 index 1bed97871a9e629122addf7483c3dc526c12ccc1..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-28678.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 496245aa4365d0827390bd0b6fbd11287453b3a1 Mon Sep 17 00:00:00 2001 -From: Eric Soroos -Date: Sun, 7 Mar 2021 19:00:17 +0100 -Subject: [PATCH] Fix BLP DOS -- CVE-2021-28678 - -Conflict:NA -Reference:https://github.com/python-pillow/Pillow/commit/496245aa4365d0827390bd0b6fbd11287453b3a1 ---- - src/PIL/BlpImagePlugin.py | 43 +++++++++++++++++++++------------------ - 1 file changed, 23 insertions(+), 20 deletions(-) - -diff --git a/src/PIL/BlpImagePlugin.py b/src/PIL/BlpImagePlugin.py -index 88aae80..e074746 100644 ---- a/src/PIL/BlpImagePlugin.py -+++ b/src/PIL/BlpImagePlugin.py -@@ -286,33 +286,36 @@ class _BLPBaseDecoder(ImageFile.PyDecoder): - raise OSError("Truncated Blp file") from e - return 0, 0 - -+ def _safe_read(self, length): -+ return ImageFile._safe_read(self.fd, length) -+ - def _read_palette(self): - ret = [] - for i in range(256): - try: -- b, g, r, a = struct.unpack("<4B", self.fd.read(4)) -+ b, g, r, a = struct.unpack("<4B", self._safe_read(4)) - except struct.error: - break - ret.append((b, g, r, a)) - return ret - - def _read_blp_header(self): -- (self._blp_compression,) = struct.unpack(" -Date: Sun, 14 Mar 2021 23:26:28 +0100 -Subject: [PATCH] Fix Memory DOS in ImageFont - -Conflict:NA -Reference:https://github.com/python-pillow/Pillow/commit/ba65f0b08ee8b93195c3f3277820771f5b62aa52 ---- - src/PIL/ImageFont.py | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/PIL/ImageFont.py b/src/PIL/ImageFont.py -index c48d898..2f63dda 100644 ---- a/src/PIL/ImageFont.py -+++ b/src/PIL/ImageFont.py -@@ -669,6 +669,7 @@ class FreeTypeFont: - ) - size = size[0] + stroke_width * 2, size[1] + stroke_width * 2 - offset = offset[0] - stroke_width, offset[1] - stroke_width -+ Image._decompression_bomb_check(size) - im = fill("RGBA" if mode == "RGBA" else "L", size, 0) - self.font.render( - text, im.id, mode, direction, features, language, stroke_width, ink --- -2.23.0 - diff --git a/backport-Fix-Wformat-error-in-TiffDecode.patch b/backport-Fix-Wformat-error-in-TiffDecode.patch deleted file mode 100644 index 277e2c508e94231d37e4aba42c596d4f6cb93183..0000000000000000000000000000000000000000 --- a/backport-Fix-Wformat-error-in-TiffDecode.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 852fd170f8f3bb45cb0a7709d62bbc52b568d8bc Mon Sep 17 00:00:00 2001 -From: Luke Granger-Brown -Date: Wed, 3 Mar 2021 13:30:28 +0000 -Subject: [PATCH] Fix -Wformat error in TiffDecode -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Conflict:NA -Reference:https://github.com/python-pillow/Pillow/commit/852fd170f8f3bb45cb0a7709d62bbc52b568d8bc ---- - src/libImaging/TiffDecode.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libImaging/TiffDecode.c b/src/libImaging/TiffDecode.c -index accadfd..40a86ca 100644 ---- a/src/libImaging/TiffDecode.c -+++ b/src/libImaging/TiffDecode.c -@@ -48,7 +48,7 @@ tsize_t _tiffReadProc(thandle_t hdata, tdata_t buf, tsize_t size) { - dump_state(state); - - if (state->loc > state->eof) { -- TIFFError("_tiffReadProc", "Invalid Read at loc %d, eof: %d", state->loc, state->eof); -+ TIFFError("_tiffReadProc", "Invalid Read at loc %lu, eof: %lu", state->loc, state->eof); - return 0; - } - to_read = min(size, min(state->size, (tsize_t)state->eof) - (tsize_t)state->loc); --- -2.23.0 - diff --git a/backport-Fixed-linear_gradient-and-radial_gradient-32-bit-mod.patch b/backport-Fixed-linear_gradient-and-radial_gradient-32-bit-mod.patch deleted file mode 100644 index 7a20eaa38092bd923ec83cd15694fa6df60736f9..0000000000000000000000000000000000000000 --- a/backport-Fixed-linear_gradient-and-radial_gradient-32-bit-mod.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 297789284b8680a1d15549dc2d192f3abc552160 Mon Sep 17 00:00:00 2001 -From: Andrew Murray -Date: Mon, 22 Feb 2021 19:32:52 +1100 -Subject: [PATCH] Fixed linear_gradient and radial_gradient 32-bit modes - -Conflict:NA -Reference:https://github.com/python-pillow/Pillow/commit/297789284b8680a1d15549dc2d192f3abc552160 ---- - Tests/test_image.py | 4 ++-- - src/libImaging/Fill.c | 28 ++++++++++++++++++++++++---- - 2 files changed, 26 insertions(+), 6 deletions(-) - -diff --git a/Tests/test_image.py b/Tests/test_image.py -index f2a1917..54448f3 100644 ---- a/Tests/test_image.py -+++ b/Tests/test_image.py -@@ -516,7 +516,7 @@ class TestImage: - - # Arrange - target_file = "Tests/images/linear_gradient.png" -- for mode in ["L", "P"]: -+ for mode in ["L", "P", "I", "F"]: - - # Act - im = Image.linear_gradient(mode) -@@ -542,7 +542,7 @@ class TestImage: - - # Arrange - target_file = "Tests/images/radial_gradient.png" -- for mode in ["L", "P"]: -+ for mode in ["L", "P", "I", "F"]: - - # Act - im = Image.radial_gradient(mode) -diff --git a/src/libImaging/Fill.c b/src/libImaging/Fill.c -index da143b4..6c6e107 100644 ---- a/src/libImaging/Fill.c -+++ b/src/libImaging/Fill.c -@@ -79,8 +79,21 @@ ImagingFillLinearGradient(const char *mode) - return NULL; - } - -- for (y = 0; y < 256; y++) { -- memset(im->image8[y], (unsigned char) y, 256); -+ if (im->image8) { -+ for (y = 0; y < 256; y++) { -+ memset(im->image8[y], (unsigned char)y, 256); -+ } -+ } else { -+ int x; -+ for (y = 0; y < 256; y++) { -+ for (x = 0; x < 256; x++) { -+ if (im->type == IMAGING_TYPE_FLOAT32) { -+ IMAGING_PIXEL_FLOAT32(im, x, y) = y; -+ } else { -+ IMAGING_PIXEL_INT32(im, x, y) = y; -+ } -+ } -+ } - } - - return im; -@@ -106,9 +119,16 @@ ImagingFillRadialGradient(const char *mode) - for (x = 0; x < 256; x++) { - d = (int) sqrt((double) ((x-128)*(x-128) + (y-128)*(y-128)) * 2.0); - if (d >= 255) { -- im->image8[y][x] = 255; -- } else { -+ d = 255; -+ } -+ if (im->image8) { - im->image8[y][x] = d; -+ } else { -+ if (im->type == IMAGING_TYPE_FLOAT32) { -+ IMAGING_PIXEL_FLOAT32(im, x, y) = d; -+ } else { -+ IMAGING_PIXEL_INT32(im, x, y) = d; -+ } - } - } - } --- -2.23.0 - diff --git a/backport-Updated-default-value-for-SAMPLESPERPIXEL-tag.patch b/backport-Updated-default-value-for-SAMPLESPERPIXEL-tag.patch deleted file mode 100644 index d137b9b9b061f0de006d2810f799f08b3e1fbd73..0000000000000000000000000000000000000000 --- a/backport-Updated-default-value-for-SAMPLESPERPIXEL-tag.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 6fc039a21c683b13c311e1759c3570bc4dc5f459 Mon Sep 17 00:00:00 2001 -From: Andrew Murray -Date: Tue, 4 May 2021 16:50:12 +1000 -Subject: [PATCH] Updated default value for SAMPLESPERPIXEL tag - -Conflict:NA -Reference:https://github.com/python-pillow/Pillow/commit/6fc039a21c683b13c311e1759c3570bc4dc5f459 - ---- - src/PIL/TiffImagePlugin.py | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/PIL/TiffImagePlugin.py b/src/PIL/TiffImagePlugin.py -index ced414f..860d870 100644 ---- a/src/PIL/TiffImagePlugin.py -+++ b/src/PIL/TiffImagePlugin.py -@@ -1250,7 +1250,10 @@ class TiffImageFile(ImageFile.ImageFile): - if bps_count > len(bps_tuple) and len(bps_tuple) == 1: - bps_tuple = bps_tuple * bps_count - -- samplesPerPixel = self.tag_v2.get(SAMPLESPERPIXEL, 1) -+ samplesPerPixel = self.tag_v2.get( -+ SAMPLESPERPIXEL, -+ 3 if self._compression == "tiff_jpeg" and photo in (2, 6) else 1, -+ ) - if len(bps_tuple) != samplesPerPixel: - raise SyntaxError("unknown data organization") - --- -2.27.0 - diff --git a/backport-Updated-format-specifiers.patch b/backport-Updated-format-specifiers.patch deleted file mode 100644 index 8f293f1f6066b8b7bdd52536a9329a95180a1189..0000000000000000000000000000000000000000 --- a/backport-Updated-format-specifiers.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 68b655f3f014c6beb13f4c9a6fa53f1ebff527c2 Mon Sep 17 00:00:00 2001 -From: Andrew Murray <3112309+radarhere@users.noreply.github.com> -Date: Wed, 10 Mar 2021 20:43:16 +1100 -Subject: [PATCH] Updated format specifiers - -Conflict:NA -Reference:https://github.com/python-pillow/Pillow/commit/68b655f3f014c6beb13f4c9a6fa53f1ebff527c2 ---- - src/libImaging/TiffDecode.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libImaging/TiffDecode.c b/src/libImaging/TiffDecode.c -index 40a86ca..0c6e758 100644 ---- a/src/libImaging/TiffDecode.c -+++ b/src/libImaging/TiffDecode.c -@@ -48,7 +48,7 @@ tsize_t _tiffReadProc(thandle_t hdata, tdata_t buf, tsize_t size) { - dump_state(state); - - if (state->loc > state->eof) { -- TIFFError("_tiffReadProc", "Invalid Read at loc %lu, eof: %lu", state->loc, state->eof); -+ TIFFError("_tiffReadProc", "Invalid Read at loc %llu, eof: %llu", state->loc, state->eof); - return 0; - } - to_read = min(size, min(state->size, (tsize_t)state->eof) - (tsize_t)state->loc); --- -2.23.0 - diff --git a/backport-disable-test-sanity.patch b/backport-disable-test-sanity.patch deleted file mode 100644 index 2d6ff722795122141892f3a055b2d003f5de075b..0000000000000000000000000000000000000000 --- a/backport-disable-test-sanity.patch +++ /dev/null @@ -1,45 +0,0 @@ -From dd3eb37c615243a0c71d61639578d1bf4618f806 Mon Sep 17 00:00:00 2001 -Date: Thu, 5 Aug 2021 14:51:41 +0800 -Subject: [PATCH] disable test_sanity - ---- - Tests/test_qt_image_qapplication.py | 26 -------------------------- - 1 file changed, 26 deletions(-) - -diff --git a/Tests/test_qt_image_qapplication.py b/Tests/test_qt_image_qapplication.py -index 06bd27c..8d4bb58 100644 ---- a/Tests/test_qt_image_qapplication.py -+++ b/Tests/test_qt_image_qapplication.py -@@ -35,29 +35,3 @@ def roundtrip(expected): - result = ImageQt.fromqpixmap(ImageQt.toqpixmap(expected)) - # Qt saves all pixmaps as rgb - assert_image_equal(result, expected.convert("RGB")) -- -- --@pytest.mark.skipif(not ImageQt.qt_is_installed, reason="Qt bindings are not installed") --def test_sanity(tmp_path): -- # Segfault test -- app = QApplication([]) -- ex = Example() -- assert app # Silence warning -- assert ex # Silence warning -- -- for mode in ("1", "RGB", "RGBA", "L", "P"): -- # to QPixmap -- data = ImageQt.toqpixmap(hopper(mode)) -- -- assert isinstance(data, QPixmap) -- assert not data.isNull() -- -- # Test saving the file -- tempfile = str(tmp_path / f"temp_{mode}.png") -- data.save(tempfile) -- -- # from QPixmap -- roundtrip(hopper(mode)) -- -- app.quit() -- app = None --- -2.27.0 - diff --git a/backport-fix-for-crash-8115.patch b/backport-fix-for-crash-8115.patch deleted file mode 100644 index c088979f59a86688da76b2da5f28a7c0eb375075..0000000000000000000000000000000000000000 --- a/backport-fix-for-crash-8115.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 53c80281d7f745cc1804901ec6f5b61d236688e0 Mon Sep 17 00:00:00 2001 -From: Eric Soroos -Date: Wed, 31 Mar 2021 21:16:43 +0200 -Subject: [PATCH] fix for crash-8115 - -Conflict:NA -Reference:https://github.com/python-pillow/Pillow/commit/53c80281d7f745cc1804901ec6f5b61d236688e0 ---- - src/PIL/TiffImagePlugin.py | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/PIL/TiffImagePlugin.py b/src/PIL/TiffImagePlugin.py -index 0b70ce3..ced414f 100644 ---- a/src/PIL/TiffImagePlugin.py -+++ b/src/PIL/TiffImagePlugin.py -@@ -1250,6 +1250,10 @@ class TiffImageFile(ImageFile.ImageFile): - if bps_count > len(bps_tuple) and len(bps_tuple) == 1: - bps_tuple = bps_tuple * bps_count - -+ samplesPerPixel = self.tag_v2.get(SAMPLESPERPIXEL, 1) -+ if len(bps_tuple) != samplesPerPixel: -+ raise SyntaxError("unknown data organization") -+ - # mode: check photometric interpretation and bits per pixel - key = ( - self.tag_v2.prefix, --- -2.23.0 - diff --git a/backport-fixes-crash-74d2.patch b/backport-fixes-crash-74d2.patch deleted file mode 100644 index 3dcdc48c11e7e5e4eceb3374c0fe38ebd461e22c..0000000000000000000000000000000000000000 --- a/backport-fixes-crash-74d2.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 45530d5ce1bcc9357907b7e5eeb6e54c6198358e Mon Sep 17 00:00:00 2001 -From: Eric Soroos -Date: Wed, 31 Mar 2021 21:04:59 +0200 -Subject: [PATCH] fixes crash-74d2 - -Conflict:NA -Reference:https://github.com/python-pillow/Pillow/commit/45530d5ce1bcc9357907b7e5eeb6e54c6198358e ---- - src/libImaging/TiffDecode.c | 25 ++++++++++++++++--------- - 1 file changed, 16 insertions(+), 9 deletions(-) - -diff --git a/src/libImaging/TiffDecode.c b/src/libImaging/TiffDecode.c -index cd47158..accadfd 100644 ---- a/src/libImaging/TiffDecode.c -+++ b/src/libImaging/TiffDecode.c -@@ -199,7 +199,7 @@ int _decodeStripYCbCr(Imaging im, ImagingCodecState state, TIFF *tiff) { - char emsg[1024] = ""; - - ret = TIFFGetFieldDefaulted(tiff, TIFFTAG_ROWSPERSTRIP, &rows_per_strip); -- if (ret != 1) { -+ if (ret != 1 || rows_per_strip==(UINT32)(-1)) { - rows_per_strip = state->ysize; - } - TRACE(("RowsPerStrip: %u \n", rows_per_strip)); -@@ -214,13 +214,6 @@ int _decodeStripYCbCr(Imaging im, ImagingCodecState state, TIFF *tiff) { - img.req_orientation = ORIENTATION_TOPLEFT; - img.col_offset = 0; - -- if (state->xsize != img.width || state->ysize != img.height) { -- TRACE(("Inconsistent Image Error: %d =? %d, %d =? %d", -- state->xsize, img.width, state->ysize, img.height)); -- state->errcode = IMAGING_CODEC_BROKEN; -- goto decodeycbcr_err; -- } -- - /* overflow check for row byte size */ - if (INT_MAX / 4 < img.width) { - state->errcode = IMAGING_CODEC_MEMORY; -@@ -360,6 +353,7 @@ int ImagingLibTiffDecode(Imaging im, ImagingCodecState state, UINT8* buffer, Py_ - TIFF *tiff; - uint16 photometric = 0; // init to not PHOTOMETRIC_YCBCR - int isYCbCr = 0; -+ UINT32 img_width, img_height; - - /* buffer is the encoded file, bytes is the length of the encoded file */ - /* it all ends up in state->buffer, which is a uint8* from Imaging.h */ -@@ -420,7 +414,20 @@ int ImagingLibTiffDecode(Imaging im, ImagingCodecState state, UINT8* buffer, Py_ - } - } - -- -+ TIFFGetField(tiff, TIFFTAG_IMAGEWIDTH, &img_width); -+ TIFFGetField(tiff, TIFFTAG_IMAGELENGTH, &img_height); -+ -+ if (state->xsize != img_width || state->ysize != img_height) { -+ TRACE( -+ ("Inconsistent Image Error: %d =? %d, %d =? %d", -+ state->xsize, -+ img_width, -+ state->ysize, -+ img_height)); -+ state->errcode = IMAGING_CODEC_BROKEN; -+ goto decode_err; -+ } -+ - TIFFGetField(tiff, TIFFTAG_PHOTOMETRIC, &photometric); - isYCbCr = photometric == PHOTOMETRIC_YCBCR; - --- -2.23.0 - diff --git a/python-pillow.spec b/python-pillow.spec index d86e049c5d6ac8e08c2fa82c1aab5b4173d7561e..ba5526333923bfd91adc74e23ea39bdcecdd20be 100644 --- a/python-pillow.spec +++ b/python-pillow.spec @@ -4,8 +4,8 @@ %global with_docs 0 Name: python-pillow -Version: 8.1.2 -Release: 3 +Version: 9.0.1 +Release: 1 Summary: Python image processing library License: MIT URL: http://python-pillow.github.io/ @@ -14,24 +14,6 @@ Source0: https://github.com/python-pillow/Pillow/archive/%{version}/Pillo Patch0: python-pillow_spinxwarn.patch Patch1: python-pillow_sphinx-issues.patch -Patch6000: backport-Fix-Wformat-error-in-TiffDecode.patch -Patch6001: backport-Updated-format-specifiers.patch -Patch6002: backport-CVE-2021-25287-CVE-2021-25288.patch -Patch6003: backport-CVE-2021-28675.patch -Patch6004: backport-CVE-2021-28676.patch -Patch6005: backport-CVE-2021-28677.patch -Patch6006: backport-CVE-2021-28678.patch -Patch6007: backport-Fixed-linear_gradient-and-radial_gradient-32-bit-mod.patch -Patch6008: backport-fixes-crash-74d2.patch -Patch6009: backport-fix-for-crash-8115.patch -Patch6010: backport-Fix-Memory-DOS-in-ImageFont.patch -Patch6011: backport-0001-CVE-2021-34552.patch -Patch6012: backport-0002-CVE-2021-34552.patch -Patch6013: backport-Updated-default-value-for-SAMPLESPERPIXEL-tag.patch -Patch6014: backport-CVE-2021-23437.patch - -Patch9000: backport-disable-test-sanity.patch - BuildRequires: freetype-devel ghostscript lcms2-devel libimagequant-devel libjpeg-devel libraqm-devel libtiff-devel BuildRequires: libwebp-devel openjpeg2-devel tk-devel zlib-devel python3-cffi python3-devel python3-numpy python3-olefile BuildRequires: python3-qt5 python3-setuptools python3-tkinter gcc @@ -130,7 +112,7 @@ pushd build/%py3_libbuilddir PYTHONPATH=$PWD %{__python3} selftest.py popd export PYTHONPATH=%{buildroot}%{python3_sitearch} -pytest --ignore=_build.python2 --ignore=_build.python3 --ignore=_build.pypy3 -v -k 'not (test_stroke or test_stroke_multiline)' +pytest --ignore=_build.python2 --ignore=_build.python3 --ignore=_build.pypy3 -v -k 'not (test_qt_image_qapplication)' %files -n python3-pillow %doc README.md CHANGES.rst @@ -165,6 +147,9 @@ pytest --ignore=_build.python2 --ignore=_build.python3 --ignore=_build.pypy3 -v %{python3_sitearch}/PIL/__pycache__/ImageQt* %changelog +* Thu Mar 3 2022 hanhui - 9.0.1-1 +- DESC:update to Pillow-9.0.1 + * Mon Sep 27 2021 luoyang - 8.1.2-3 - fix CVE-2021-23437 diff --git a/python-pillow_sphinx-issues.patch b/python-pillow_sphinx-issues.patch index 1d563c12745c3fc220897c9ad8cab8993b4a7071..1db7a6cd799c4c2e4318457766c653d2a6c35537 100644 --- a/python-pillow_sphinx-issues.patch +++ b/python-pillow_sphinx-issues.patch @@ -1,11 +1,17 @@ -diff -rupN --no-dereference Pillow-8.1.1/docs/conf.py Pillow-8.1.1-new/docs/conf.py ---- Pillow-8.1.1/docs/conf.py 2021-03-01 09:24:03.000000000 +0100 -+++ Pillow-8.1.1-new/docs/conf.py 2021-03-02 15:10:49.599033773 +0100 -@@ -32,7 +32,6 @@ extensions = [ - "sphinx.ext.autodoc", - "sphinx.ext.intersphinx", - "sphinx.ext.viewcode", +diff -rupN --no-dereference Pillow-9.0.1/docs/conf.py Pillow-9.0.1-new/docs/conf.py +--- Pillow-9.0.1/docs/conf.py 2022-02-03 00:45:27.000000000 +0100 ++++ Pillow-9.0.1-new/docs/conf.py 2022-02-23 09:06:33.169472252 +0100 +@@ -30,12 +30,10 @@ needs_sphinx = "2.4" + # ones. + extensions = [ + "sphinx_copybutton", - "sphinx_issues", "sphinx_removed_in", + "sphinx.ext.autodoc", + "sphinx.ext.intersphinx", +- "sphinx.ext.viewcode", +- "sphinxext.opengraph", ++ "sphinx.ext.viewcode" ] + intersphinx_mapping = {"python": ("https://docs.python.org/3", None)} diff --git a/python-pillow_spinxwarn.patch b/python-pillow_spinxwarn.patch index 5ae65a44caddb64af1946da8e133d197f9ebef3b..a9698f7c8e1480e91f69dac67719d79a9e0cbe9c 100644 --- a/python-pillow_spinxwarn.patch +++ b/python-pillow_spinxwarn.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference Pillow-8.1.1/docs/Makefile Pillow-8.1.1-new/docs/Makefile ---- Pillow-8.1.1/docs/Makefile 2021-03-01 09:24:03.000000000 +0100 -+++ Pillow-8.1.1-new/docs/Makefile 2021-03-02 15:10:49.514033779 +0100 +diff -rupN --no-dereference Pillow-9.0.1/docs/Makefile Pillow-9.0.1-new/docs/Makefile +--- Pillow-9.0.1/docs/Makefile 2022-02-03 00:45:27.000000000 +0100 ++++ Pillow-9.0.1-new/docs/Makefile 2022-02-23 09:06:33.060472214 +0100 @@ -42,7 +42,7 @@ clean: -rm -rf $(BUILDDIR)/*