# HG changeset patch # User April Chin # Date 1436203437 25200 # Node ID 967ce4c39e36df023a199a3ffbebeffd5bec8c34 # Parent d39971eb17ab1191233a8950453b4f38d0806369 20396665 problem in PYTHON-MOD/PIL diff -r d39971eb17ab -r 967ce4c39e36 components/python/imaging/Makefile --- a/components/python/imaging/Makefile Fri Jul 03 01:17:45 2015 +0100 +++ b/components/python/imaging/Makefile Mon Jul 06 10:23:57 2015 -0700 @@ -47,6 +47,14 @@ TEST_PYTHONPATH.32 = $(PROTO_DIR)/usr/lib/python$(PYTHON_VERSION)/vendor-packages/PIL TEST_PYTHONPATH.64 = $(PROTO_DIR)/usr/lib/python$(PYTHON_VERSION)/vendor-packages/PIL:$(PROTO_DIR)/usr/lib/python$(PYTHON_VERSION)/vendor-packages/PIL/64 +# This binary image file accompanies the test which is created along with a fix +# in patches/04-CVE-2014-9601.patch +COMPONENT_PRE_TEST_ACTION= \ + if [ ! -e $(SOURCE_DIR)/Images/png_decompression_dos.png ]; then \ + $(CP) files/png_decompression_dos.png \ + $(SOURCE_DIR)/Images/png_decompression_dos.png ; \ + fi + COMPONENT_TEST_DIR= $(COMPONENT_SRC) COMPONENT_TEST_ARGS= ./selftest.py COMPONENT_TEST_ENV= PYTHONPATH=$(TEST_PYTHONPATH.$(BITS)) diff -r d39971eb17ab -r 967ce4c39e36 components/python/imaging/files/png_decompression_dos.png Binary file components/python/imaging/files/png_decompression_dos.png has changed diff -r d39971eb17ab -r 967ce4c39e36 components/python/imaging/patches/04-CVE-2014-9601.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/python/imaging/patches/04-CVE-2014-9601.patch Mon Jul 06 10:23:57 2015 -0700 @@ -0,0 +1,69 @@ +Fix to upstream bug +https://github.com/python-pillow/Pillow/pull/1060 + +Patch based on upstream commit to Pillow 2.7.0 (PIL fork) +https://github.com/wiredfool/Pillow/commit/44286ba3c9bfa6ed565d11bd61460d8ec215e1ea + +Note that this patch includes a test of the fix, which requires an +image file which is copied in from files/png_decompress_dos.png, +since it cannot be patched in. + +--- Imaging-1.1.7-orig/PIL/PngImagePlugin.py 2015-01-21 17:45:12.000000000 -0800 ++++ Imaging-1.1.7/PIL/PngImagePlugin.py 2015-01-21 19:37:23.000000000 -0800 +@@ -68,6 +68,12 @@ _MODES = { + (16,6): ("RGBA", "RGBA;16B"), + } + ++def _safe_zlib_decompress(s): ++ dobj = zlib.decompressobj() ++ plaintext = dobj.decompress(s, ImageFile.SAFEBLOCK) ++ if dobj.unconsumed_tail: ++ raise ValueError("Decompressed Data Too Large") ++ return plaintext + + # -------------------------------------------------------------------- + # Support classes. Suitable for PNG and related formats like MNG etc. +@@ -197,7 +203,7 @@ class PngStream(ChunkStream): + if comp_method != 0: + raise SyntaxError("Unknown compression method %s in iCCP chunk" % comp_method) + try: +- icc_profile = zlib.decompress(s[i+2:]) ++ icc_profile = _safe_zlib_decompress(s[i+2:]) + except zlib.error: + icc_profile = None # FIXME + self.im_info["icc_profile"] = icc_profile +@@ -293,7 +299,7 @@ class PngStream(ChunkStream): + if comp_method != 0: + raise SyntaxError("Unknown compression method %s in zTXt chunk" % comp_method) + import zlib +- self.im_info[k] = self.im_text[k] = zlib.decompress(v[1:]) ++ self.im_info[k] = self.im_text[k] = _safe_zlib_decompress(v[1:]) + return s + + # -------------------------------------------------------------------- +--- Imaging-1.1.7-orig/selftest.py 2015-01-21 17:44:51.000000000 -0800 ++++ Imaging-1.1.7/selftest.py 2015-07-02 17:06:23.636751412 -0700 +@@ -9,6 +9,7 @@ from PIL import Image + from PIL import ImageDraw + from PIL import ImageFilter + from PIL import ImageMath ++from PIL import PngImagePlugin + + try: + Image.core.ping +@@ -146,6 +147,15 @@ def testimage(): + >>> im.mode, im.size + ('F', (128, 128)) + ++ Test fix to PNG decompression DOS #1060 ++ ++ >>> try: ++ ... im = Image.open("Images/png_decompression_dos.png") ++ ... im.load() ++ ... except ValueError as msg: ++ ... print msg ++ Decompressed Data Too Large ++ + PIL can do many other things, but I'll leave that for another + day. If you're curious, check the handbook, available from: + diff -r d39971eb17ab -r 967ce4c39e36 components/python/imaging/test/results-all.master --- a/components/python/imaging/test/results-all.master Fri Jul 03 01:17:45 2015 +0100 +++ b/components/python/imaging/test/results-all.master Mon Jul 06 10:23:57 2015 -0700 @@ -12,4 +12,4 @@ *** LITTLECMS support not installed -------------------------------------------------------------------- Running selftest: ---- 57 tests passed. +--- 58 tests passed.