svn commit: r408690 - in head/graphics/py-imaging: . files
Raphael Kubo da Costa
rakuco at FreeBSD.org
Thu Feb 11 17:11:10 UTC 2016
Author: rakuco
Date: Thu Feb 11 17:11:08 2016
New Revision: 408690
URL: https://svnweb.freebsd.org/changeset/ports/408690
Log:
Backport two Pillow security fixes.
Pillow 3.1.1 was released a few days ago [1], and some of the security fixes
in that release also apply to PIL:
* https://github.com/python-pillow/Pillow/commit/bcaaf97f4ff25b3b5b9e8efeda364e17e80858ec
* https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4
[1] https://pillow.readthedocs.org/en/3.1.x/releasenotes/3.1.1.html
PR: 207054
Approved by: mainland at apeiron.net (maintainer)
Security: a8de962a-cf15-11e5-805c-5453ed2e2b49
Security: 6ea60e00-cf13-11e5-805c-5453ed2e2b49
Security: CVE-2016-0775
Added:
head/graphics/py-imaging/files/patch-CVE-2016-0775 (contents, props changed)
head/graphics/py-imaging/files/patch-libImaging-PcdDecode.c (contents, props changed)
Modified:
head/graphics/py-imaging/Makefile
Modified: head/graphics/py-imaging/Makefile
==============================================================================
--- head/graphics/py-imaging/Makefile Thu Feb 11 16:22:41 2016 (r408689)
+++ head/graphics/py-imaging/Makefile Thu Feb 11 17:11:08 2016 (r408690)
@@ -3,7 +3,7 @@
PORTNAME= imaging
PORTVERSION= 1.1.7
-PORTREVISION= 5
+PORTREVISION= 6
CATEGORIES= graphics python
MASTER_SITES= http://effbot.org/media/downloads/ \
http://www.pythonware.net/storage/
Added: head/graphics/py-imaging/files/patch-CVE-2016-0775
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/graphics/py-imaging/files/patch-CVE-2016-0775 Thu Feb 11 17:11:08 2016 (r408690)
@@ -0,0 +1,24 @@
+From bcaaf97f4ff25b3b5b9e8efeda364e17e80858ec Mon Sep 17 00:00:00 2001
+From: wiredfool <eric-github at soroos.net>
+Date: Wed, 20 Jan 2016 22:37:28 +0000
+Subject: [PATCH] FLI overflow error fix and testcase CVE-2016-0775
+
+---
+ Tests/check_fli_overflow.py | 16 ++++++++++++++++
+ Tests/images/fli_overflow.fli | Bin 0 -> 4645 bytes
+ libImaging/FliDecode.c | 2 +-
+ 3 files changed, 17 insertions(+), 1 deletion(-)
+ create mode 100644 Tests/check_fli_overflow.py
+ create mode 100644 Tests/images/fli_overflow.fli
+
+--- libImaging/FliDecode.c
++++ libImaging/FliDecode.c
+@@ -185,7 +185,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
+ /* COPY chunk */
+ for (y = 0; y < state->ysize; y++) {
+ UINT8* buf = (UINT8*) im->image[y];
+- memcpy(buf+x, data, state->xsize);
++ memcpy(buf, data, state->xsize);
+ data += state->xsize;
+ }
+ break;
Added: head/graphics/py-imaging/files/patch-libImaging-PcdDecode.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/graphics/py-imaging/files/patch-libImaging-PcdDecode.c Thu Feb 11 17:11:08 2016 (r408690)
@@ -0,0 +1,33 @@
+From ae453aa18b66af54e7ff716f4ccb33adca60afd4 Mon Sep 17 00:00:00 2001
+From: wiredfool <eric-github at soroos.net>
+Date: Tue, 2 Feb 2016 05:46:26 -0800
+Subject: [PATCH] PCD decoder overruns the shuffle buffer, Fixes #568
+
+---
+ Tests/images/hopper.pcd | Bin 0 -> 788480 bytes
+ Tests/test_file_pcd.py | 18 ++++++++++++++++++
+ libImaging/PcdDecode.c | 4 ++--
+ 3 files changed, 20 insertions(+), 2 deletions(-)
+ create mode 100644 Tests/images/hopper.pcd
+ create mode 100644 Tests/test_file_pcd.py
+
+--- libImaging/PcdDecode.c
++++ libImaging/PcdDecode.c
+@@ -47,7 +47,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
+ out[0] = ptr[x];
+ out[1] = ptr[(x+4*state->xsize)/2];
+ out[2] = ptr[(x+5*state->xsize)/2];
+- out += 4;
++ out += 3;
+ }
+
+ state->shuffle((UINT8*) im->image[state->y],
+@@ -62,7 +62,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
+ out[0] = ptr[x+state->xsize];
+ out[1] = ptr[(x+4*state->xsize)/2];
+ out[2] = ptr[(x+5*state->xsize)/2];
+- out += 4;
++ out += 3;
+ }
+
+ state->shuffle((UINT8*) im->image[state->y],
More information about the svn-ports-all
mailing list