From 8d3b948172a5d34073f9bdd8be66bf7b75b5240c Mon Sep 17 00:00:00 2001
From: sxt1001 <shixuantong@huawei.com>
Date: Wed, 25 Nov 2020 20:15:35 +0800
Subject: [PATCH] fix CVE-2019-19911 and change patch name for CVE-2020-5311

---
 CVE-2019-19911.patch                          | 30 +++++++++++++++++++
 ...-2020-11538-2.patch => CVE-2020-5311.patch |  0
 python-pillow.spec                            | 13 ++++++--
 3 files changed, 40 insertions(+), 3 deletions(-)
 create mode 100644 CVE-2019-19911.patch
 rename pre-CVE-2020-11538-2.patch => CVE-2020-5311.patch (100%)

diff --git a/CVE-2019-19911.patch b/CVE-2019-19911.patch
new file mode 100644
index 0000000..2e4f950
--- /dev/null
+++ b/CVE-2019-19911.patch
@@ -0,0 +1,30 @@
+From 774e53bb132461d8d5ebefec1162e29ec0ebc63d Mon Sep 17 00:00:00 2001
+From: Andrew Murray <radarhere@users.noreply.github.com>
+Date: Wed, 1 Jan 2020 16:07:03 +1100
+Subject: [PATCH] Raise an error for an invalid number of bands in FPX image
+
+https://github.com/python-pillow/Pillow/commit/774e53bb132461d8d5ebefec1162e29ec0ebc63d
+
+---
+ src/PIL/FpxImagePlugin.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/PIL/FpxImagePlugin.py b/src/PIL/FpxImagePlugin.py
+index 9f284fd..5f409c8 100644
+--- a/src/PIL/FpxImagePlugin.py
++++ b/src/PIL/FpxImagePlugin.py
+@@ -101,7 +101,10 @@ class FpxImageFile(ImageFile.ImageFile):
+         s = prop[0x2000002 | id]
+ 
+         colors = []
+-        for i in range(i32(s, 4)):
++        bands = i32(s, 4)
++        if bands > 4:
++            raise IOError("Invalid number of bands")
++        for i in range(bands):
+             # note: for now, we ignore the "uncalibrated" flag
+             colors.append(i32(s, 8+i*4) & 0x7fffffff)
+ 
+-- 
+2.27.0
+
diff --git a/pre-CVE-2020-11538-2.patch b/CVE-2020-5311.patch
similarity index 100%
rename from pre-CVE-2020-11538-2.patch
rename to CVE-2020-5311.patch
diff --git a/python-pillow.spec b/python-pillow.spec
index 99c7a1d..a8620ca 100644
--- a/python-pillow.spec
+++ b/python-pillow.spec
@@ -5,7 +5,7 @@
 
 Name:               python-pillow
 Version:            5.3.0
-Release:            6
+Release:            7
 Summary:            Python image processing library
 License:            MIT
 URL:                http://python-pillow.github.io/
@@ -20,8 +20,9 @@ Patch0005:          CVE-2020-10177.patch
 Patch0006:          CVE-2020-10994.patch
 Patch0007:          replace_copy_operations_with_memcpy.patch
 Patch0008:          pre-CVE-2020-11538-1.patch
-Patch0009:          pre-CVE-2020-11538-2.patch
-Patch0010:          CVE-2020-11538.patch
+Patch0011:          CVE-2020-5311.patch
+Patch0012:          CVE-2020-11538.patch
+Patch0013:          CVE-2019-19911.patch
 
 BuildRequires:      freetype-devel ghostscript lcms2-devel libimagequant-devel libjpeg-devel
 BuildRequires:      libtiff-devel libwebp-devel openjpeg2-devel tk-devel zlib-devel
@@ -175,6 +176,12 @@ popd
 %doc docs/_build_py3/html
 
 %changelog
+* Wed Nov 25 2020 shixuantong<shixuantong@huawei.com> - 5.3.0-7
+- Type:cves
+- ID:CVE-2019-19911 CVE-2020-5311
+- SUG:NA
+- DESC:fix CVE-2019-19911 and change patch name for CVE-2020-5311
+
 * Wed Nov 25 2020 shixuantong<shixuantong@huawei.com> - 5.3.0-6
 - Type:cves
 - ID:CVE-2020-11538 CVE-2020-10378 CVE-2020-10177 CVE-2020-10994
-- 
Gitee