Skip to content
Snippets Groups Projects
Commit 342d0719 authored by Kevin Daudt's avatar Kevin Daudt :computer:
Browse files

main/py3-pillow: mitigate CVE-2021-23437

See: #13051
parent 23994036
No related branches found
No related tags found
1 merge request!27659main/py3-pillow: mitigate CVE-2021-23437
Pipeline #100434 passed
......@@ -2,7 +2,7 @@
# Maintainer: Fabian Affolter <fabian@affolter-engineering.ch>
pkgname=py3-pillow
pkgver=7.2.0
pkgrel=1
pkgrel=2
pkgdesc="Python Imaging Library"
options="!check"
url="https://python-pillow.org/"
......@@ -13,6 +13,7 @@ makedepends="python3-dev py3-setuptools freetype-dev openjpeg-dev libimagequant-
checkdepends="py3-pytest py3-numpy"
source="https://files.pythonhosted.org/packages/source/P/Pillow/Pillow-$pkgver.tar.gz
CVE-2020-35655.patch
cve-2021-23437.patch
"
builddir="$srcdir/Pillow-$pkgver"
......@@ -20,6 +21,8 @@ provides="py-pillow=$pkgver-r$pkgrel" # backwards compatibility
replaces="py-pillow" # backwards compatiblity
# secfixes:
# 7.2.0-r2:
# - CVE-2021-23437
# 7.2.0-r1:
# - CVE-2020-35655
# 6.2.2-r0:
......@@ -44,5 +47,8 @@ package() {
python3 setup.py install --prefix=/usr --root="$pkgdir"
}
sha512sums="493d6cbaa625b62dc2c4ca2424f1cd1b41103060e34a4759fe89961e20e7d9cd1e99bfd2c9be6fc95c14a2a6f90f983233cb33950ec972cb67ee874ac9a769e2 Pillow-7.2.0.tar.gz
89984ca666bafc356ba8af50a3f96dc84965b882577f488c10550558a316982c52378bf52ec24b5ed53a4f8b1019e9e5e03bbff6e32c4009ea8ef71093f33f18 CVE-2020-35655.patch"
sha512sums="
493d6cbaa625b62dc2c4ca2424f1cd1b41103060e34a4759fe89961e20e7d9cd1e99bfd2c9be6fc95c14a2a6f90f983233cb33950ec972cb67ee874ac9a769e2 Pillow-7.2.0.tar.gz
89984ca666bafc356ba8af50a3f96dc84965b882577f488c10550558a316982c52378bf52ec24b5ed53a4f8b1019e9e5e03bbff6e32c4009ea8ef71093f33f18 CVE-2020-35655.patch
0c991bf55bd2b73e1f5539f8c2110c47ef48029ff1a91710384d1612903850b1bbedeacef90359e738a02faacffd2e3a1d48d14a800681cd04f0f98c453b609b cve-2021-23437.patch
"
From 1dc6564eb7ee8f28fb16eeffaf3572f3e1d5aa29 Mon Sep 17 00:00:00 2001
From: Hugo van Kemenade <hugovk@users.noreply.github.com>
Date: Mon, 23 Aug 2021 19:10:49 +0300
Subject: [PATCH] Raise ValueError if color specifier is too long
---
Tests/test_imagecolor.py | 9 +++++++++
src/PIL/ImageColor.py | 2 ++
2 files changed, 11 insertions(+)
diff --git a/Tests/test_imagecolor.py b/Tests/test_imagecolor.py
index b5d69379655..dbe8b9e957b 100644
--- a/Tests/test_imagecolor.py
+++ b/Tests/test_imagecolor.py
@@ -191,3 +191,12 @@ def test_rounding_errors():
assert (255, 255) == ImageColor.getcolor("white", "LA")
assert (163, 33) == ImageColor.getcolor("rgba(0, 255, 115, 33)", "LA")
Image.new("LA", (1, 1), "white")
+
+
+def test_color_too_long():
+ # Arrange
+ color_too_long = "hsl(" + "1" * 100 + ")"
+
+ # Act / Assert
+ with pytest.raises(ValueError):
+ ImageColor.getrgb(color_too_long)
diff --git a/src/PIL/ImageColor.py b/src/PIL/ImageColor.py
index 51df4404039..25f92f2c732 100644
--- a/src/PIL/ImageColor.py
+++ b/src/PIL/ImageColor.py
@@ -32,6 +32,8 @@ def getrgb(color):
:param color: A color string
:return: ``(red, green, blue[, alpha])``
"""
+ if len(color) > 100:
+ raise ValueError("color specifier is too long")
color = color.lower()
rgb = colormap.get(color, None)
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment