diff --git a/CVE-2022-45198.patch b/CVE-2022-45198.patch new file mode 100644 index 0000000000000000000000000000000000000000..971d42a4f7a22c5371a4571884884906416f230e --- /dev/null +++ b/CVE-2022-45198.patch @@ -0,0 +1,41 @@ +From 20c10c81927790c700480a67dc48aebe2228d6e2 Mon Sep 17 00:00:00 2001 +From: zhangshaoning +Date: Sat, 6 May 2023 15:06:22 +0800 +Subject: [PATCH] CVE-2022-45198 + +--- + Tests/test_decompression_bomb.py | 5 +++++ + src/PIL/GifImagePlugin.py | 1 + + 2 files changed, 6 insertions(+) + +diff --git a/Tests/test_decompression_bomb.py b/Tests/test_decompression_bomb.py +index d918ef9..18fed06 100644 +--- a/Tests/test_decompression_bomb.py ++++ b/Tests/test_decompression_bomb.py +@@ -62,6 +62,11 @@ class TestDecompressionBomb: + with Image.open("Tests/images/decompression_bomb.gif"): + pass + ++ def test_exception_gif_extents(self): ++ with Image.open("Tests/images/decompression_bomb_extents.gif") as im: ++ with pytest.raises(Image.DecompressionBombError): ++ im.seek(1) ++ + def test_exception_bmp(self): + with pytest.raises(Image.DecompressionBombError): + with Image.open("Tests/images/bmp/b/reallybig.bmp"): +diff --git a/src/PIL/GifImagePlugin.py b/src/PIL/GifImagePlugin.py +index 8c2180b..04b567a 100644 +--- a/src/PIL/GifImagePlugin.py ++++ b/src/PIL/GifImagePlugin.py +@@ -247,6 +247,7 @@ class GifImageFile(ImageFile.ImageFile): + x1, y1 = x0 + i16(s, 4), y0 + i16(s, 6) + if x1 > self.size[0] or y1 > self.size[1]: + self._size = max(x1, self.size[0]), max(y1, self.size[1]) ++ Image._decompression_bomb_check(self._size) + self.dispose_extent = x0, y0, x1, y1 + flags = s[8] + +-- +2.20.1 + diff --git a/decompression_bomb_extents.gif b/decompression_bomb_extents.gif new file mode 100644 index 0000000000000000000000000000000000000000..0d5ff03f525904d4bc29e3b22f70b45eb1c2cba7 Binary files /dev/null and b/decompression_bomb_extents.gif differ diff --git a/python-pillow.spec b/python-pillow.spec index 5898d8e318b43c21a1fe3f2be3478dffcaf48cb4..3e7dac3e97b2db93241a8c831a549b903b0c7c30 100644 --- a/python-pillow.spec +++ b/python-pillow.spec @@ -5,16 +5,18 @@ Name: python-pillow Version: 9.0.1 -Release: 2 +Release: 3 Summary: Python image processing library License: MIT URL: http://python-pillow.github.io/ Source0: https://github.com/python-pillow/Pillow/archive/%{version}/Pillow-%{version}.tar.gz Source1: oom-225817ca0f8c663be7ab4b9e717b02c661e66834.tif +Source2: decompression_bomb_extents.gif Patch0000: python-pillow_spinxwarn.patch Patch0001: python-pillow_sphinx-issues.patch Patch0002: CVE-2022-45199.patch +Patch0003: CVE-2022-45198.patch BuildRequires: freetype-devel ghostscript lcms2-devel libimagequant-devel libjpeg-devel libraqm-devel libtiff-devel BuildRequires: libwebp-devel openjpeg2-devel tk-devel zlib-devel python3-cffi python3-devel python3-numpy python3-olefile @@ -93,6 +95,7 @@ Qt pillow image wrapper. %build cp %{SOURCE1} Tests/images/ +cp %{SOURCE2} Tests/images/ %py3_build @@ -147,6 +150,9 @@ popd %{python3_sitearch}/PIL/__pycache__/ImageQt* %changelog +* Sat May 06 2023 zhangshaoning - 9.0.1-3 +- Fix CVE-2022-45198 + * Wed Nov 23 2022 jiangpeng - 9.0.1-2 - Fix CVE-2022-45199