aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKevin Daudt <kdaudt@alpinelinux.org>2021-11-21 18:01:48 +0000
committerKevin Daudt <kdaudt@alpinelinux.org>2021-11-21 18:18:14 +0000
commit9bc71a8b04772cd6c51db055f218f9f6624d30f9 (patch)
tree4f065a58fb9ffd43096a4c00dd3ca0315480fc8f
parenta72c6d348161b1ac8a1a6edabf0546c3f1abe673 (diff)
main/py3-pillow: mitigate CVE-2021-23437
See: #13051
-rw-r--r--main/py3-pillow/APKBUILD12
-rw-r--r--main/py3-pillow/cve-2021-23437.patch40
2 files changed, 49 insertions, 3 deletions
diff --git a/main/py3-pillow/APKBUILD b/main/py3-pillow/APKBUILD
index e5874205bcc..a9b988728e6 100644
--- a/main/py3-pillow/APKBUILD
+++ b/main/py3-pillow/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Fabian Affolter <fabian@affolter-engineering.ch>
pkgname=py3-pillow
pkgver=7.1.2
-pkgrel=1
+pkgrel=2
pkgdesc="Python Imaging Library"
options="!check"
url="https://python-pillow.org/"
@@ -15,6 +15,7 @@ makedepends="python3-dev py3-setuptools freetype-dev
checkdepends="py3-pytest py3-numpy"
source="https://files.pythonhosted.org/packages/source/P/Pillow/Pillow-$pkgver.tar.gz
CVE-2020-35655.patch
+ cve-2021-23437.patch
"
builddir="$srcdir/Pillow-$pkgver"
@@ -22,6 +23,8 @@ provides="py-pillow=$pkgver-r$pkgrel" # backwards compatibility
replaces="py-pillow" # backwards compatiblity
# secfixes:
+# 7.1.2-r2:
+# - CVE-2021-23437
# 7.1.2-r1:
# - CVE-2020-35655
# 6.2.2-r0:
@@ -46,5 +49,8 @@ package() {
python3 setup.py install --prefix=/usr --root="$pkgdir"
}
-sha512sums="75d88c5c967d600b84caf9af62eeda6f235fb1357ba7ca47656be6d48018f2df6f2442df2d2ea50d4cc0955f55dce05c2e2676f9b4bca5aa72bfda61e407dd97 Pillow-7.1.2.tar.gz
-89984ca666bafc356ba8af50a3f96dc84965b882577f488c10550558a316982c52378bf52ec24b5ed53a4f8b1019e9e5e03bbff6e32c4009ea8ef71093f33f18 CVE-2020-35655.patch"
+sha512sums="
+75d88c5c967d600b84caf9af62eeda6f235fb1357ba7ca47656be6d48018f2df6f2442df2d2ea50d4cc0955f55dce05c2e2676f9b4bca5aa72bfda61e407dd97 Pillow-7.1.2.tar.gz
+89984ca666bafc356ba8af50a3f96dc84965b882577f488c10550558a316982c52378bf52ec24b5ed53a4f8b1019e9e5e03bbff6e32c4009ea8ef71093f33f18 CVE-2020-35655.patch
+0c991bf55bd2b73e1f5539f8c2110c47ef48029ff1a91710384d1612903850b1bbedeacef90359e738a02faacffd2e3a1d48d14a800681cd04f0f98c453b609b cve-2021-23437.patch
+"
diff --git a/main/py3-pillow/cve-2021-23437.patch b/main/py3-pillow/cve-2021-23437.patch
new file mode 100644
index 00000000000..9933ed8ceda
--- /dev/null
+++ b/main/py3-pillow/cve-2021-23437.patch
@@ -0,0 +1,40 @@
+From 1dc6564eb7ee8f28fb16eeffaf3572f3e1d5aa29 Mon Sep 17 00:00:00 2001
+From: Hugo van Kemenade <hugovk@users.noreply.github.com>
+Date: Mon, 23 Aug 2021 19:10:49 +0300
+Subject: [PATCH] Raise ValueError if color specifier is too long
+
+---
+ Tests/test_imagecolor.py | 9 +++++++++
+ src/PIL/ImageColor.py | 2 ++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/Tests/test_imagecolor.py b/Tests/test_imagecolor.py
+index b5d69379655..dbe8b9e957b 100644
+--- a/Tests/test_imagecolor.py
++++ b/Tests/test_imagecolor.py
+@@ -191,3 +191,12 @@ def test_rounding_errors():
+ assert (255, 255) == ImageColor.getcolor("white", "LA")
+ assert (163, 33) == ImageColor.getcolor("rgba(0, 255, 115, 33)", "LA")
+ Image.new("LA", (1, 1), "white")
++
++
++def test_color_too_long():
++ # Arrange
++ color_too_long = "hsl(" + "1" * 100 + ")"
++
++ # Act / Assert
++ with pytest.raises(ValueError):
++ ImageColor.getrgb(color_too_long)
+diff --git a/src/PIL/ImageColor.py b/src/PIL/ImageColor.py
+index 51df4404039..25f92f2c732 100644
+--- a/src/PIL/ImageColor.py
++++ b/src/PIL/ImageColor.py
+@@ -32,6 +32,8 @@ def getrgb(color):
+ :param color: A color string
+ :return: ``(red, green, blue[, alpha])``
+ """
++ if len(color) > 100:
++ raise ValueError("color specifier is too long")
+ color = color.lower()
+
+ rgb = colormap.get(color, None)