diff --git a/backport-CVE-2021-27921_CVE-2021-27922_CVE-2021-27923.patch b/backport-CVE-2021-27921_CVE-2021-27922_CVE-2021-27923.patch index dc39e2a8a45125c5954ca502b4fb36f73973ee52..c44c3f91ca883f72f5061db9a9aa5983b34eabee 100644 --- a/backport-CVE-2021-27921_CVE-2021-27922_CVE-2021-27923.patch +++ b/backport-CVE-2021-27921_CVE-2021-27922_CVE-2021-27923.patch @@ -10,17 +10,20 @@ memory allocations. This is fixed for all locations where individual *ImageFile classes are created without going through the usual Image.open method. + +Conflict:NA +Reference:https://github.com/python-pillow/Pillow/commit/480f6819b592d7f07b9a9a52a7656c10bbe07442 --- - - src/PIL/BlpImagePlugin.py | 1 + - src/PIL/IcnsImagePlugin.py | 2 ++ - src/PIL/IcoImagePlugin.py | 1 + + src/PIL/BlpImagePlugin.py | 1 + + src/PIL/IcnsImagePlugin.py | 2 ++ + src/PIL/IcoImagePlugin.py | 1 + 3 files changed, 4 insertions(+) - -diff -Nuar Pillow-8.1.1-old/src/PIL/BlpImagePlugin.py Pillow-8.1.1/src/PIL/BlpImagePlugin.py ---- Pillow-8.1.1-old/src/PIL/BlpImagePlugin.py 2021-03-13 16:44:33.159000000 +0800 -+++ Pillow-8.1.1/src/PIL/BlpImagePlugin.py 2021-03-13 16:51:52.803000000 +0800 -@@ -353,6 +353,7 @@ + +diff --git a/src/PIL/BlpImagePlugin.py b/src/PIL/BlpImagePlugin.py +index d5d7c0e..88aae80 100644 +--- a/src/PIL/BlpImagePlugin.py ++++ b/src/PIL/BlpImagePlugin.py +@@ -353,6 +353,7 @@ class BLP1Decoder(_BLPBaseDecoder): data = jpeg_header + data data = BytesIO(data) image = JpegImageFile(data) @@ -28,10 +31,11 @@ diff -Nuar Pillow-8.1.1-old/src/PIL/BlpImagePlugin.py Pillow-8.1.1/src/PIL/BlpIm self.tile = image.tile # :/ self.fd = image.fp self.mode = image.mode -diff -Nuar Pillow-8.1.1-old/src/PIL/IcnsImagePlugin.py Pillow-8.1.1/src/PIL/IcnsImagePlugin.py ---- Pillow-8.1.1-old/src/PIL/IcnsImagePlugin.py 2021-03-13 16:44:33.160000000 +0800 -+++ Pillow-8.1.1/src/PIL/IcnsImagePlugin.py 2021-03-13 16:54:10.925000000 +0800 -@@ -105,6 +105,7 @@ +diff --git a/src/PIL/IcnsImagePlugin.py b/src/PIL/IcnsImagePlugin.py +index 2a63d75..ca6a0ad 100644 +--- a/src/PIL/IcnsImagePlugin.py ++++ b/src/PIL/IcnsImagePlugin.py +@@ -105,6 +105,7 @@ def read_png_or_jpeg2000(fobj, start_length, size): if sig[:8] == b"\x89PNG\x0d\x0a\x1a\x0a": fobj.seek(start) im = PngImagePlugin.PngImageFile(fobj) @@ -39,18 +43,19 @@ diff -Nuar Pillow-8.1.1-old/src/PIL/IcnsImagePlugin.py Pillow-8.1.1/src/PIL/Icns return {"RGBA": im} elif ( sig[:4] == b"\xff\x4f\xff\x51" -@@ -120,6 +121,7 @@ - fobj.seek(start) +@@ -121,6 +122,7 @@ def read_png_or_jpeg2000(fobj, start_length, size): jp2kstream = fobj.read(length) f = io.BytesIO(jp2kstream) -+ Image._decompression_bomb_check(im.size) im = Jpeg2KImagePlugin.Jpeg2KImageFile(f) ++ Image._decompression_bomb_check(im.size) if im.mode != "RGBA": im = im.convert("RGBA") -diff -Nuar Pillow-8.1.1-old/src/PIL/IcoImagePlugin.py Pillow-8.1.1/src/PIL/IcoImagePlugin.py ---- Pillow-8.1.1-old/src/PIL/IcoImagePlugin.py 2021-03-13 16:44:33.160000000 +0800 -+++ Pillow-8.1.1/src/PIL/IcoImagePlugin.py 2021-03-13 16:55:31.306000000 +0800 -@@ -178,6 +178,7 @@ + return {"RGBA": im} +diff --git a/src/PIL/IcoImagePlugin.py b/src/PIL/IcoImagePlugin.py +index e1bfa7a..5634bf8 100644 +--- a/src/PIL/IcoImagePlugin.py ++++ b/src/PIL/IcoImagePlugin.py +@@ -178,6 +178,7 @@ class IcoFile: if data[:8] == PngImagePlugin._MAGIC: # png frame im = PngImagePlugin.PngImageFile(self.buf) @@ -58,3 +63,6 @@ diff -Nuar Pillow-8.1.1-old/src/PIL/IcoImagePlugin.py Pillow-8.1.1/src/PIL/IcoIm else: # XOR + AND mask bmp frame im = BmpImagePlugin.DibImageFile(self.buf) +-- +2.27.0 + diff --git a/python-pillow.spec b/python-pillow.spec index 7b04f0d8c34614685e53ca3a516842a8cd5eeddb..89283f42c91b84ce4ebb42293c2f286af0f1d853 100644 --- a/python-pillow.spec +++ b/python-pillow.spec @@ -5,7 +5,7 @@ Name: python-pillow Version: 8.1.1 -Release: 6 +Release: 7 Summary: Python image processing library License: MIT URL: http://python-pillow.github.io/ @@ -160,6 +160,9 @@ popd %{python3_sitearch}/PIL/__pycache__/ImageQt* %changelog +* Tue Aug 10 2021 hanhui - 8.1.1-7 +- Type:modify CVE-2021-27921CVE-2021-27922CVE-2021-27923 + * Thu Jul 15 2021 liuyumeng - 8.1.1-6 - Type:bugfix - CVE:CVE-2021-34552