diff options
Diffstat (limited to 'graphics/py-imaging/patches/patch-PIL_IptcImagePlugin.py')
-rw-r--r-- | graphics/py-imaging/patches/patch-PIL_IptcImagePlugin.py | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/graphics/py-imaging/patches/patch-PIL_IptcImagePlugin.py b/graphics/py-imaging/patches/patch-PIL_IptcImagePlugin.py new file mode 100644 index 00000000000..d7de6765c6a --- /dev/null +++ b/graphics/py-imaging/patches/patch-PIL_IptcImagePlugin.py @@ -0,0 +1,18 @@ +$NetBSD: patch-PIL_IptcImagePlugin.py,v 1.1 2014/05/15 06:23:06 spz Exp $ + +patch for CVE-2014-1932 and CVE-2014-1933 taken from +https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7 + +--- PIL/IptcImagePlugin.py.orig 2009-11-01 00:44:12.000000000 +0000 ++++ PIL/IptcImagePlugin.py +@@ -173,8 +173,8 @@ class IptcImageFile(ImageFile.ImageFile) + self.fp.seek(offset) + + # Copy image data to temporary file +- outfile = tempfile.mktemp() +- o = open(outfile, "wb") ++ o_fd, outfile = tempfile.mkstemp(text=False) ++ o = os.fdopen(o_fd) + if encoding == "raw": + # To simplify access to the extracted file, + # prepend a PPM header |