[oe-commits] [meta-openembedded] 32/32: python-imaging: Fix CVE-2016-2533
git at git.openembedded.org
git at git.openembedded.org
Fri Jul 22 20:38:52 UTC 2016
martin_jansa pushed a commit to branch master-next
in repository meta-openembedded.
commit e9973e86474ec101ecb1cf87473f357a9dec3720
Author: mingli.yu at windriver.com <mingli.yu at windriver.com>
AuthorDate: Wed Jul 20 14:00:07 2016 +0800
python-imaging: Fix CVE-2016-2533
* PCD decoder overruns the shuffle buffer, Fixes #568
the patch comes from:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2533
https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b
Signed-off-by: Li Wang <li.wang at windriver.com>
Signed-off-by: Mingli Yu <mingli.yu at windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
---
.../python-imaging-CVE-2016-2533.patch | 38 ++++++++++++++++++++++
.../python/python-imaging_1.1.7.bb | 4 ++-
2 files changed, 41 insertions(+), 1 deletion(-)
diff --git a/meta-python/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch b/meta-python/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch
new file mode 100644
index 0000000..b01136f
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch
@@ -0,0 +1,38 @@
+python-imaging: CVE-2016-2533
+
+the patch comes from:
+https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2533
+https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b
+
+PCD decoder overruns the shuffle buffer, Fixes #568
+
+Signed-off-by: Li Wang <li.wang at windriver.com>
+---
+ libImaging/PcdDecode.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libImaging/PcdDecode.c b/libImaging/PcdDecode.c
+index b6898e3..c02d005 100644
+--- a/libImaging/PcdDecode.c
++++ b/libImaging/PcdDecode.c
+@@ -47,7 +47,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
+ out[0] = ptr[x];
+ out[1] = ptr[(x+4*state->xsize)/2];
+ out[2] = ptr[(x+5*state->xsize)/2];
+- out += 4;
++ out += 3;
+ }
+
+ state->shuffle((UINT8*) im->image[state->y],
+@@ -62,7 +62,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
+ out[0] = ptr[x+state->xsize];
+ out[1] = ptr[(x+4*state->xsize)/2];
+ out[2] = ptr[(x+5*state->xsize)/2];
+- out += 4;
++ out += 3;
+ }
+
+ state->shuffle((UINT8*) im->image[state->y],
+--
+1.7.9.5
+
diff --git a/meta-python/recipes-devtools/python/python-imaging_1.1.7.bb b/meta-python/recipes-devtools/python/python-imaging_1.1.7.bb
index d2f1a8c..60dd7d0 100644
--- a/meta-python/recipes-devtools/python/python-imaging_1.1.7.bb
+++ b/meta-python/recipes-devtools/python/python-imaging_1.1.7.bb
@@ -10,7 +10,9 @@ SRC_URI = "http://effbot.org/downloads/Imaging-${PV}.tar.gz \
file://0001-python-imaging-setup.py-force-paths-for-zlib-freetyp.patch \
file://allow.to.disable.some.features.patch \
file://fix-freetype-includes.patch \
- file://remove-host-libdir.patch"
+ file://remove-host-libdir.patch \
+ file://python-imaging-CVE-2016-2533.patch \
+"
SRC_URI[md5sum] = "fc14a54e1ce02a0225be8854bfba478e"
SRC_URI[sha256sum] = "895bc7c2498c8e1f9b99938f1a40dc86b3f149741f105cf7c7bd2e0725405211"
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list