diff options
| author | spz <spz> | 2014-09-07 09:37:46 +0000 |
|---|---|---|
| committer | spz <spz> | 2014-09-07 09:37:46 +0000 |
| commit | d8324a23615fceb92b0c8fac031e185aa1781b9b (patch) | |
| tree | a8f93312136012b56de0dda91b7c3ea050a23339 /graphics | |
| parent | 99b0b9c39f62b2ae4669df2e7526c909125b5d19 (diff) | |
| download | pkgsrc-d8324a23615fceb92b0c8fac031e185aa1781b9b.tar.gz | |
Icns DOS fix -- CVE-2014-3589
from https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
Diffstat (limited to 'graphics')
| -rw-r--r-- | graphics/py-imaging/Makefile | 4 | ||||
| -rw-r--r-- | graphics/py-imaging/distinfo | 3 | ||||
| -rw-r--r-- | graphics/py-imaging/patches/patch-PIL_IcnsImagePlugin.py | 16 |
3 files changed, 20 insertions, 3 deletions
diff --git a/graphics/py-imaging/Makefile b/graphics/py-imaging/Makefile index fca2e6e1331..4fc4d27d22d 100644 --- a/graphics/py-imaging/Makefile +++ b/graphics/py-imaging/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.49 2014/05/15 06:23:05 spz Exp $ +# $NetBSD: Makefile,v 1.50 2014/09/07 09:37:46 spz Exp $ DISTNAME= Imaging-1.1.7 PKGNAME= ${PYPKGPREFIX}-imaging-1.1.7 -PKGREVISION= 8 +PKGREVISION= 9 CATEGORIES= graphics python MASTER_SITES= http://effbot.org/media/downloads/ diff --git a/graphics/py-imaging/distinfo b/graphics/py-imaging/distinfo index 3b1e7179033..85f099c29bf 100644 --- a/graphics/py-imaging/distinfo +++ b/graphics/py-imaging/distinfo @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.16 2014/05/15 06:23:05 spz Exp $ +$NetBSD: distinfo,v 1.17 2014/09/07 09:37:46 spz Exp $ SHA1 (python/Imaging-1.1.7.tar.gz) = 76c37504251171fda8da8e63ecb8bc42a69a5c81 RMD160 (python/Imaging-1.1.7.tar.gz) = 9af570fe100e250a4860314341fe3e6d695d7fde Size (python/Imaging-1.1.7.tar.gz) = 498749 bytes SHA1 (patch-PIL_EpsImagePlugin.py) = fbeb7b6091a3011363197c68be999280ba7282aa +SHA1 (patch-PIL_IcnsImagePlugin.py) = 04d5ff3c666413178071eea2512162d6954bfc01 SHA1 (patch-PIL_Image.py) = 871994b3c8823c90ae23e6248762e403192e33fc SHA1 (patch-PIL_IptcImagePlugin.py) = bb809394b8c6f6e5b79aa1c90f429c3362e812e3 SHA1 (patch-PIL_JpegImagePlugin.py) = d4fd6d5d60ea011def2e42460d7faa2e0f47b65e diff --git a/graphics/py-imaging/patches/patch-PIL_IcnsImagePlugin.py b/graphics/py-imaging/patches/patch-PIL_IcnsImagePlugin.py new file mode 100644 index 00000000000..b725262ffa5 --- /dev/null +++ b/graphics/py-imaging/patches/patch-PIL_IcnsImagePlugin.py @@ -0,0 +1,16 @@ +$NetBSD: patch-PIL_IcnsImagePlugin.py,v 1.1 2014/09/07 09:37:46 spz Exp $ + +Icns DOS fix -- CVE-2014-3589 +from https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d + +--- PIL/IcnsImagePlugin.py.orig 2009-11-01 00:44:11.000000000 +0000 ++++ PIL/IcnsImagePlugin.py +@@ -115,6 +115,8 @@ class IcnsFile: + i = HEADERSIZE + while i < filesize: + sig, blocksize = nextheader(fobj) ++ if blocksize <= 0: ++ raise SyntaxError('invalid block header') + i = i + HEADERSIZE + blocksize = blocksize - HEADERSIZE + dct[sig] = (i, blocksize) |