diff --git a/backport-CVE-2021-23437.patch b/backport-CVE-2021-23437.patch new file mode 100644 index 0000000000000000000000000000000000000000..535dee308fdf964868508a3962eca6fb37196606 --- /dev/null +++ b/backport-CVE-2021-23437.patch @@ -0,0 +1,42 @@ +From 1dc6564eb7ee8f28fb16eeffaf3572f3e1d5aa29 Mon Sep 17 00:00:00 2001 +From: Hugo van Kemenade +Date: Mon, 23 Aug 2021 19:10:49 +0300 +Subject: [PATCH] Raise ValueError if color specifier is too long + +Conflict:NA +Reference:https://github.com/python-pillow/Pillow/commit/1dc6564eb7ee8f28fb16eeffaf3572f3e1d5aa29 +---- + Tests/test_imagecolor.py | 9 +++++++++ + src/PIL/ImageColor.py | 2 ++ + 2 files changed, 11 insertions(+) + +diff --git a/Tests/test_imagecolor.py b/Tests/test_imagecolor.py +index b5d6937965..dbe8b9e957 100644 +--- a/Tests/test_imagecolor.py ++++ b/Tests/test_imagecolor.py +@@ -191,3 +191,12 @@ def test_rounding_errors(): + assert (255, 255) == ImageColor.getcolor("white", "LA") + assert (163, 33) == ImageColor.getcolor("rgba(0, 255, 115, 33)", "LA") + Image.new("LA", (1, 1), "white") ++ ++ ++def test_color_too_long(): ++ # Arrange ++ color_too_long = "hsl(" + "1" * 100 + ")" ++ ++ # Act / Assert ++ with pytest.raises(ValueError): ++ ImageColor.getrgb(color_too_long) +diff --git a/src/PIL/ImageColor.py b/src/PIL/ImageColor.py +index 51df440403..25f92f2c73 100644 +--- a/src/PIL/ImageColor.py ++++ b/src/PIL/ImageColor.py +@@ -32,6 +32,8 @@ def getrgb(color): + :param color: A color string + :return: ``(red, green, blue[, alpha])`` + """ ++ if len(color) > 100: ++ raise ValueError("color specifier is too long") + color = color.lower() + + rgb = colormap.get(color, None) diff --git a/python-pillow.spec b/python-pillow.spec index f6a33acab7bdf34a10c15ea335142baf3c7dd87a..59a2427df50fb91536e27080efc23977206c1331 100644 --- a/python-pillow.spec +++ b/python-pillow.spec @@ -5,7 +5,7 @@ Name: python-pillow Version: 8.1.1 -Release: 6 +Release: 7 Summary: Python image processing library License: MIT URL: http://python-pillow.github.io/ @@ -28,6 +28,7 @@ Patch6011: backport-Fix-Memory-DOS-in-ImageFont.patch Patch6012: backport-0001-CVE-2021-34552.patch Patch6013: backport-0002-CVE-2021-34552.patch Patch6014: backport-Updated-default-value-for-SAMPLESPERPIXEL-tag.patch +Patch6015: backport-CVE-2021-23437.patch BuildRequires: freetype-devel ghostscript lcms2-devel libimagequant-devel libjpeg-devel libraqm-devel libtiff-devel BuildRequires: libwebp-devel openjpeg2-devel tk-devel zlib-devel python3-cffi python3-devel python3-numpy python3-olefile @@ -159,6 +160,9 @@ popd %{python3_sitearch}/PIL/__pycache__/ImageQt* %changelog +* Mon Sep 27 2021 luoyang - 8.1.1-7 +- fix CVE-2021-23437 + * Mon Aug 16 2021 hanhui - 8.1.1-6 - Type:modify CVE-2021-27921CVE-2021-27922CVE-2021-27923