Attachment 166795 Details for Bug 207054 – Proposed patch

[patch] Proposed patch

py-imaging-pillow-3.1.1-security-backports.diff (text/plain), 3.50 KB, created by Raphael Kubo da Costa on 2016-02-09 10:47:18 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Raphael Kubo da Costa

Created: 2016-02-09 10:47:18 UTC

Size: 3.50 KB

patch

obsolete

>Index: Makefile
>===================================================================
>--- Makefile	(revision 408499)
>+++ Makefile	(working copy)
>@@ -3,7 +3,7 @@
> 
> PORTNAME=	imaging
> PORTVERSION=	1.1.7
>-PORTREVISION=	5
>+PORTREVISION=	6
> CATEGORIES=	graphics python
> MASTER_SITES=	http://effbot.org/media/downloads/ \
> 		http://www.pythonware.net/storage/
>Index: files/patch-CVE-2016-0775
>===================================================================
>--- files/patch-CVE-2016-0775	(nonexistent)
>+++ files/patch-CVE-2016-0775	(working copy)
>@@ -0,0 +1,24 @@
>+From bcaaf97f4ff25b3b5b9e8efeda364e17e80858ec Mon Sep 17 00:00:00 2001
>+From: wiredfool <eric-github@soroos.net>
>+Date: Wed, 20 Jan 2016 22:37:28 +0000
>+Subject: [PATCH] FLI overflow error fix and testcase CVE-2016-0775
>+
>+---
>+ Tests/check_fli_overflow.py   |  16 ++++++++++++++++
>+ Tests/images/fli_overflow.fli | Bin 0 -> 4645 bytes
>+ libImaging/FliDecode.c        |   2 +-
>+ 3 files changed, 17 insertions(+), 1 deletion(-)
>+ create mode 100644 Tests/check_fli_overflow.py
>+ create mode 100644 Tests/images/fli_overflow.fli
>+
>+--- libImaging/FliDecode.c
>++++ libImaging/FliDecode.c
>+@@ -185,7 +185,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
>+ 	    /* COPY chunk */
>+ 	    for (y = 0; y < state->ysize; y++) {
>+ 		UINT8* buf = (UINT8*) im->image[y];
>+-		memcpy(buf+x, data, state->xsize);
>++		memcpy(buf, data, state->xsize);
>+ 		data += state->xsize;
>+ 	    }
>+ 	    break;
>
>Property changes on: files/patch-CVE-2016-0775
>___________________________________________________________________
>Added: fbsd:nokeywords
>## -0,0 +1 ##
>+yes
>\ No newline at end of property
>Added: svn:eol-style
>## -0,0 +1 ##
>+native
>\ No newline at end of property
>Added: svn:mime-type
>## -0,0 +1 ##
>+text/plain
>\ No newline at end of property
>Index: files/patch-libImaging-PcdDecode.c
>===================================================================
>--- files/patch-libImaging-PcdDecode.c	(nonexistent)
>+++ files/patch-libImaging-PcdDecode.c	(working copy)
>@@ -0,0 +1,33 @@
>+From ae453aa18b66af54e7ff716f4ccb33adca60afd4 Mon Sep 17 00:00:00 2001
>+From: wiredfool <eric-github@soroos.net>
>+Date: Tue, 2 Feb 2016 05:46:26 -0800
>+Subject: [PATCH] PCD decoder overruns the shuffle buffer, Fixes #568
>+
>+---
>+ Tests/images/hopper.pcd | Bin 0 -> 788480 bytes
>+ Tests/test_file_pcd.py  |  18 ++++++++++++++++++
>+ libImaging/PcdDecode.c  |   4 ++--
>+ 3 files changed, 20 insertions(+), 2 deletions(-)
>+ create mode 100644 Tests/images/hopper.pcd
>+ create mode 100644 Tests/test_file_pcd.py
>+
>+--- libImaging/PcdDecode.c
>++++ libImaging/PcdDecode.c
>+@@ -47,7 +47,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
>+ 	    out[0] = ptr[x];
>+ 	    out[1] = ptr[(x+4*state->xsize)/2];
>+ 	    out[2] = ptr[(x+5*state->xsize)/2];
>+-	    out += 4;
>++	    out += 3;
>+ 	}
>+ 
>+ 	state->shuffle((UINT8*) im->image[state->y],
>+@@ -62,7 +62,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
>+ 	    out[0] = ptr[x+state->xsize];
>+ 	    out[1] = ptr[(x+4*state->xsize)/2];
>+ 	    out[2] = ptr[(x+5*state->xsize)/2];
>+-	    out += 4;
>++	    out += 3;
>+ 	}
>+ 
>+ 	state->shuffle((UINT8*) im->image[state->y],
>
>Property changes on: files/patch-libImaging-PcdDecode.c
>___________________________________________________________________
>Added: fbsd:nokeywords
>## -0,0 +1 ##
>+yes
>\ No newline at end of property
>Added: svn:eol-style
>## -0,0 +1 ##
>+native
>\ No newline at end of property
>Added: svn:mime-type
>## -0,0 +1 ##
>+text/plain
>\ No newline at end of property

Actions: View | Diff

Attachments on bug 207054: 166795