From 5672778d4a460c05cdddda9f0b3a8d1cce965129 Mon Sep 17 00:00:00 2001
From: YangLuo <luoyang42@huawei.com>
Date: Mon, 27 Sep 2021 13:32:19 +0800
Subject: [PATCH] fix CVE-2021-23437

---
 backport-CVE-2021-23437.patch | 44 +++++++++++++++++++++++++++++++++++
 python-pillow.spec            |  6 ++++-
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2021-23437.patch

diff --git a/backport-CVE-2021-23437.patch b/backport-CVE-2021-23437.patch
new file mode 100644
index 0000000..c4c097b
--- /dev/null
+++ b/backport-CVE-2021-23437.patch
@@ -0,0 +1,44 @@
+From 1dc6564eb7ee8f28fb16eeffaf3572f3e1d5aa29 Mon Sep 17 00:00:00 2001
+From: Hugo van Kemenade <hugovk@users.noreply.github.com>
+Date: Mon, 23 Aug 2021 19:10:49 +0300
+Subject: [PATCH] Raise ValueError if color specifier is too long
+
+Conflict:NA
+Reference:https://github.com/python-pillow/Pillow/commit/1dc6564eb7ee8f28fb16eeffaf3572f3e1d5aa29
+----
+ Tests/test_imagecolor.py | 9 +++++++++
+ src/PIL/ImageColor.py    | 2 ++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/Tests/test_imagecolor.py b/Tests/test_imagecolor.py
+index 1ea3754..2842e55 100644
+--- a/Tests/test_imagecolor.py
++++ b/Tests/test_imagecolor.py
+@@ -193,6 +193,14 @@ class TestImageColor(PillowTestCase):
+             (162, 33), ImageColor.getcolor("rgba(0, 255, 115, 33)", "LA"))
+         Image.new("LA", (1, 1), "white")
+ 
++    def test_color_too_long(self):
++        # Arrange
++        color_too_long = "hsl(" + "1" * 100 + ")"
++
++        # Act / Assert
++        with pytest.raises(ValueError):
++            ImageColor.getrgb(color_too_long)
++
+ 
+ if __name__ == '__main__':
+     unittest.main()
+diff --git a/src/PIL/ImageColor.py b/src/PIL/ImageColor.py
+index 08c00fd..4d4d534 100644
+--- a/src/PIL/ImageColor.py
++++ b/src/PIL/ImageColor.py
+@@ -31,6 +31,8 @@ def getrgb(color):
+     :param color: A color string
+     :return: ``(red, green, blue[, alpha])``
+     """
++    if len(color) > 100:
++        raise ValueError("color specifier is too long")
+     color = color.lower()
+ 
+     rgb = colormap.get(color, None)
diff --git a/python-pillow.spec b/python-pillow.spec
index 6d10f0b..83ef160 100644
--- a/python-pillow.spec
+++ b/python-pillow.spec
@@ -5,7 +5,7 @@
 
 Name:               python-pillow
 Version:            5.3.0
-Release:            16
+Release:            17
 Summary:            Python image processing library
 License:            MIT
 URL:                http://python-pillow.github.io/
@@ -43,6 +43,7 @@ Patch6012:          backport-CVE-2021-28678.patch
 Patch6013:          backport-0001-CVE-2021-34552.patch
 Patch6014:          backport-0002-CVE-2021-34552.patch
 Patch6015:          backport-disable-freetype-test.patch
+Patch6016:          backport-CVE-2021-23437.patch
 
 BuildRequires:      freetype-devel ghostscript lcms2-devel libimagequant-devel libjpeg-devel
 BuildRequires:      libtiff-devel libwebp-devel openjpeg2-devel tk-devel zlib-devel
@@ -198,6 +199,9 @@ python3 setup.py test
 %doc docs/_build_py3/html
 
 %changelog
+* Mon Sep 27 2021 luoyang <luoyang42@huawei.com> - 5.3.0-17
+- fix CVE-2021-23437
+
 * Wed Tue Aug 18 2021 liuyumeng <liuyumeng5@huawei.com> -5.3.0-16
 - Type:cves
 - ID:CVE-2020-10379 CVE-2021-25287_CVE-25288 CVE-2021-28677 CVE-2021-28676 CVE-2021-28675 CVE-2021-28678 CVE-2021-34552
-- 
Gitee