svn commit: r408690 - in head/graphics/py-imaging: . files

Raphael Kubo da Costa rakuco at FreeBSD.org
Thu Feb 11 17:11:10 UTC 2016 

Author: rakuco
Date: Thu Feb 11 17:11:08 2016
New Revision: 408690
URL: https://svnweb.freebsd.org/changeset/ports/408690

Log:
  Backport two Pillow security fixes.
  
  Pillow 3.1.1 was released a few days ago [1], and some of the security fixes
  in that release also apply to PIL:
  
  * https://github.com/python-pillow/Pillow/commit/bcaaf97f4ff25b3b5b9e8efeda364e17e80858ec
  * https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4
  
  [1] https://pillow.readthedocs.org/en/3.1.x/releasenotes/3.1.1.html
  
  PR:		207054
  Approved by:	mainland at apeiron.net (maintainer)
  Security:	a8de962a-cf15-11e5-805c-5453ed2e2b49
  Security:	6ea60e00-cf13-11e5-805c-5453ed2e2b49
  Security:	CVE-2016-0775

Added:
  head/graphics/py-imaging/files/patch-CVE-2016-0775   (contents, props changed)
  head/graphics/py-imaging/files/patch-libImaging-PcdDecode.c   (contents, props changed)
Modified:
  head/graphics/py-imaging/Makefile

Modified: head/graphics/py-imaging/Makefile
==============================================================================
--- head/graphics/py-imaging/Makefile	Thu Feb 11 16:22:41 2016	(r408689)
+++ head/graphics/py-imaging/Makefile	Thu Feb 11 17:11:08 2016	(r408690)
@@ -3,7 +3,7 @@
 
 PORTNAME=	imaging
 PORTVERSION=	1.1.7
-PORTREVISION=	5
+PORTREVISION=	6
 CATEGORIES=	graphics python
 MASTER_SITES=	http://effbot.org/media/downloads/ \
 		http://www.pythonware.net/storage/

Added: head/graphics/py-imaging/files/patch-CVE-2016-0775
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/graphics/py-imaging/files/patch-CVE-2016-0775	Thu Feb 11 17:11:08 2016	(r408690)
@@ -0,0 +1,24 @@
+From bcaaf97f4ff25b3b5b9e8efeda364e17e80858ec Mon Sep 17 00:00:00 2001
+From: wiredfool <eric-github at soroos.net>
+Date: Wed, 20 Jan 2016 22:37:28 +0000
+Subject: [PATCH] FLI overflow error fix and testcase CVE-2016-0775
+
+---
+ Tests/check_fli_overflow.py   |  16 ++++++++++++++++
+ Tests/images/fli_overflow.fli | Bin 0 -> 4645 bytes
+ libImaging/FliDecode.c        |   2 +-
+ 3 files changed, 17 insertions(+), 1 deletion(-)
+ create mode 100644 Tests/check_fli_overflow.py
+ create mode 100644 Tests/images/fli_overflow.fli
+
+--- libImaging/FliDecode.c
++++ libImaging/FliDecode.c
+@@ -185,7 +185,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
+ 	    /* COPY chunk */
+ 	    for (y = 0; y < state->ysize; y++) {
+ 		UINT8* buf = (UINT8*) im->image[y];
+-		memcpy(buf+x, data, state->xsize);
++		memcpy(buf, data, state->xsize);
+ 		data += state->xsize;
+ 	    }
+ 	    break;

Added: head/graphics/py-imaging/files/patch-libImaging-PcdDecode.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/graphics/py-imaging/files/patch-libImaging-PcdDecode.c	Thu Feb 11 17:11:08 2016	(r408690)
@@ -0,0 +1,33 @@
+From ae453aa18b66af54e7ff716f4ccb33adca60afd4 Mon Sep 17 00:00:00 2001
+From: wiredfool <eric-github at soroos.net>
+Date: Tue, 2 Feb 2016 05:46:26 -0800
+Subject: [PATCH] PCD decoder overruns the shuffle buffer, Fixes #568
+
+---
+ Tests/images/hopper.pcd | Bin 0 -> 788480 bytes
+ Tests/test_file_pcd.py  |  18 ++++++++++++++++++
+ libImaging/PcdDecode.c  |   4 ++--
+ 3 files changed, 20 insertions(+), 2 deletions(-)
+ create mode 100644 Tests/images/hopper.pcd
+ create mode 100644 Tests/test_file_pcd.py
+
+--- libImaging/PcdDecode.c
++++ libImaging/PcdDecode.c
+@@ -47,7 +47,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
+ 	    out[0] = ptr[x];
+ 	    out[1] = ptr[(x+4*state->xsize)/2];
+ 	    out[2] = ptr[(x+5*state->xsize)/2];
+-	    out += 4;
++	    out += 3;
+ 	}
+ 
+ 	state->shuffle((UINT8*) im->image[state->y],
+@@ -62,7 +62,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
+ 	    out[0] = ptr[x+state->xsize];
+ 	    out[1] = ptr[(x+4*state->xsize)/2];
+ 	    out[2] = ptr[(x+5*state->xsize)/2];
+-	    out += 4;
++	    out += 3;
+ 	}
+ 
+ 	state->shuffle((UINT8*) im->image[state->y],

More information about the svn-ports-all mailing list