python3-pillow: Fix CVE-2023-44271

Add patch to fix CVE-2023-44271 Reference: https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 Signed-off-by: Dnyandev Padalkar <padalkards17082001@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: dnyandev <padalkards17082001@gmail.com> 2023-12-22 12:56:35 +0530
committer: Armin Kuster <akuster808@gmail.com> 2024-01-12 07:14:16 -0500
commit: 20cc355db603c172e5a3e9a2aedeab85bdfdc393 (patch)
tree: cc4ecbeb129fe94a6fefca94c39961fdc377c4d3
parent: dd23a9930360f540c919ddfd35fd1f6088174ef3 (diff)
download: meta-openembedded-20cc355db603c172e5a3e9a2aedeab85bdfdc393.tar.gz
2 files changed, 157 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch b/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch
new file mode 100644
index 000000000..ad51f1728
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch
@@ -0,0 +1,156 @@
+From 1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 Mon Sep 17 00:00:00 2001
+From: Andrew Murray <radarhere@users.noreply.github.com>
+Date: Fri, 30 Jun 2023 23:32:26 +1000
+Subject: [PATCH] Added ImageFont.MAX_STRING_LENGTH
+Upstream-status: Backport [https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7]
+CVE: CVE-2023-44271
+Comment: Refresh hunk for test_imagefont.py, ImageFont.py and
+Remove hunk 10.0.0.rst because in our version it is 9.4.0
+Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
+Signed-off-by: Dnyandev Padalkar <padalkards17082001@gmail.com>
+---
+ Tests/test_imagefont.py      | 19 +++++++++++++++++++
+ docs/reference/ImageFont.rst | 18 ++++++++++++++++++
+ src/PIL/ImageFont.py         | 15 +++++++++++++++
+ 3 files changed, 52 insertions(+)
+diff --git a/Tests/test_imagefont.py b/Tests/test_imagefont.py
+index 7fa8ff8cbfd..c50447a153d 100644
+--- a/Tests/test_imagefont.py
+++ b/Tests/test_imagefont.py
+@@ -1107,6 +1107,25 @@
+     assert_image_equal_tofile(im, "Tests/images/text_mono.gif")
+ 
+ 
+def test_too_many_characters(font):
+    with pytest.raises(ValueError):
+        font.getlength("A" * 1000001)
+    with pytest.raises(ValueError):
+        font.getbbox("A" * 1000001)
+    with pytest.raises(ValueError):
+        font.getmask2("A" * 1000001)
+
+    transposed_font = ImageFont.TransposedFont(font)
+    with pytest.raises(ValueError):
+        transposed_font.getlength("A" * 1000001)
+
+    default_font = ImageFont.load_default()
+    with pytest.raises(ValueError):
+        default_font.getlength("A" * 1000001)
+    with pytest.raises(ValueError):
+        default_font.getbbox("A" * 1000001)
+
+
+ @pytest.mark.parametrize(
+     "test_file",
+     [
+diff --git a/docs/reference/ImageFont.rst b/docs/reference/ImageFont.rst
+index 946bd3c4bed..2abfa0cc997 100644
+--- a/docs/reference/ImageFont.rst
+++ b/docs/reference/ImageFont.rst
+@@ -18,6 +18,15 @@ OpenType fonts (as well as other font formats supported by the FreeType
+ library). For earlier versions, TrueType support is only available as part of
+ the imToolkit package.
+ 
+.. warning::
+    To protect against potential DOS attacks when using arbitrary strings as
+    text input, Pillow will raise a ``ValueError`` if the number of characters
+    is over a certain limit, :py:data:`MAX_STRING_LENGTH`.
+
+    This threshold can be changed by setting
+    :py:data:`MAX_STRING_LENGTH`. It can be disabled by setting
+    ``ImageFont.MAX_STRING_LENGTH = None``.
+
+ Example
+ -------
+ 
+@@ -73,3 +82,12 @@ Constants
+ 
+     Requires Raqm, you can check support using
+     :py:func:`PIL.features.check_feature` with ``feature="raqm"``.
+
+Constants
+---------
+
+.. data:: MAX_STRING_LENGTH
+
+    Set to 1,000,000, to protect against potential DOS attacks. Pillow will
+    raise a ``ValueError`` if the number of characters is over this limit. The
+    check can be disabled by setting ``ImageFont.MAX_STRING_LENGTH = None``. 
+diff --git a/src/PIL/ImageFont.py b/src/PIL/ImageFont.py
+index 3ddc1aaad64..1030985ebc4 100644
+--- a/src/PIL/ImageFont.py
+++ b/src/PIL/ImageFont.py
+@@ -43,6 +43,9 @@
+     RAQM = 1
+ 
+ 
+MAX_STRING_LENGTH = 1000000
+
+
+ def __getattr__(name):
+     for enum, prefix in {Layout: "LAYOUT_"}.items():
+         if name.startswith(prefix):
+@@ -67,6 +67,12 @@
+     core = _ImagingFtNotInstalled()
+ 
+ 
+def _string_length_check(text):
+    if MAX_STRING_LENGTH is not None and len(text) > MAX_STRING_LENGTH:
+        msg = "too many characters in string"
+        raise ValueError(msg)
+
+
+ _UNSPECIFIED = object()
+ 
+ 
+@@ -192,6 +192,7 @@
+ 
+         :return: ``(left, top, right, bottom)`` bounding box
+         """
+        _string_length_check(text)
+         width, height = self.font.getsize(text)
+         return 0, 0, width, height
+ 
+@@ -202,6 +202,7 @@
+ 
+         .. versionadded:: 9.2.0
+         """
+        _string_length_check(text)
+         width, height = self.font.getsize(text)
+         return width
+ 
+@@ -359,6 +359,7 @@
+ 
+         :return: Width for horizontal, height for vertical text.
+         """
+        _string_length_check(text)
+         return self.font.getlength(text, mode, direction, features, language) / 64
+ 
+     def getbbox(
+@@ -418,6 +418,7 @@
+ 
+         :return: ``(left, top, right, bottom)`` bounding box
+         """
+        _string_length_check(text)
+         size, offset = self.font.getsize(
+             text, mode, direction, features, language, anchor
+         )
+@@ -762,6 +762,7 @@
+                  :py:mod:`PIL.Image.core` interface module, and the text offset, the
+                  gap between the starting coordinate and the first marking
+         """
+        _string_length_check(text)
+         if fill is _UNSPECIFIED:
+             fill = Image.core.fill
+         else:
+@@ -924,6 +924,7 @@
+         if self.orientation in (Image.Transpose.ROTATE_90, Image.Transpose.ROTATE_270):
+             msg = "text length is undefined for text rotated by 90 or 270 degrees"
+             raise ValueError(msg)
+        _string_length_check(text)
+         return self.font.getlength(text, *args, **kwargs)
+ 
+ 
diff --git a/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb b/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb
index 86705d2d8..b9c09127c 100644
--- a/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb
+++ b/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb
@@ -9,6 +9,7 @@ SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=main;protocol=https
           file://0001-support-cross-compiling.patch \
           file://0001-explicitly-set-compile-options.patch \
           file://run-ptest \
+           file://CVE-2023-44271.patch \
           "
 SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8"
author	dnyandev <padalkards17082001@gmail.com>	2023-12-22 12:56:35 +0530
committer	Armin Kuster <akuster808@gmail.com>	2024-01-12 07:14:16 -0500
commit	20cc355db603c172e5a3e9a2aedeab85bdfdc393 (patch)
tree	cc4ecbeb129fe94a6fefca94c39961fdc377c4d3
parent	dd23a9930360f540c919ddfd35fd1f6088174ef3 (diff)
download	meta-openembedded-20cc355db603c172e5a3e9a2aedeab85bdfdc393.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch b/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch new file mode 100644 index 000000000..ad51f1728 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch
@@ -0,0 +1,156 @@
		1	From 1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 Mon Sep 17 00:00:00 2001
		2	From: Andrew Murray <radarhere@users.noreply.github.com>
		3	Date: Fri, 30 Jun 2023 23:32:26 +1000
		4	Subject: [PATCH] Added ImageFont.MAX_STRING_LENGTH
		5
		6	Upstream-status: Backport [https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7]
		7	CVE: CVE-2023-44271
		8	Comment: Refresh hunk for test_imagefont.py, ImageFont.py and
		9	Remove hunk 10.0.0.rst because in our version it is 9.4.0
		10
		11	Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
		12	Signed-off-by: Dnyandev Padalkar <padalkards17082001@gmail.com>
		13	---
		14	Tests/test_imagefont.py \| 19 +++++++++++++++++++
		15	docs/reference/ImageFont.rst \| 18 ++++++++++++++++++
		16	src/PIL/ImageFont.py \| 15 +++++++++++++++
		17	3 files changed, 52 insertions(+)
		18
		19	diff --git a/Tests/test_imagefont.py b/Tests/test_imagefont.py
		20	index 7fa8ff8cbfd..c50447a153d 100644
		21	--- a/Tests/test_imagefont.py
		22	+++ b/Tests/test_imagefont.py
		23	@@ -1107,6 +1107,25 @@
		24	assert_image_equal_tofile(im, "Tests/images/text_mono.gif")
		25
		26
		27	+def test_too_many_characters(font):
		28	+ with pytest.raises(ValueError):
		29	+ font.getlength("A" * 1000001)
		30	+ with pytest.raises(ValueError):
		31	+ font.getbbox("A" * 1000001)
		32	+ with pytest.raises(ValueError):
		33	+ font.getmask2("A" * 1000001)
		34	+
		35	+ transposed_font = ImageFont.TransposedFont(font)
		36	+ with pytest.raises(ValueError):
		37	+ transposed_font.getlength("A" * 1000001)
		38	+
		39	+ default_font = ImageFont.load_default()
		40	+ with pytest.raises(ValueError):
		41	+ default_font.getlength("A" * 1000001)
		42	+ with pytest.raises(ValueError):
		43	+ default_font.getbbox("A" * 1000001)
		44	+
		45	+
		46	@pytest.mark.parametrize(
		47	"test_file",
		48	[
		49	diff --git a/docs/reference/ImageFont.rst b/docs/reference/ImageFont.rst
		50	index 946bd3c4bed..2abfa0cc997 100644
		51	--- a/docs/reference/ImageFont.rst
		52	+++ b/docs/reference/ImageFont.rst
		53	@@ -18,6 +18,15 @@ OpenType fonts (as well as other font formats supported by the FreeType
		54	library). For earlier versions, TrueType support is only available as part of
		55	the imToolkit package.
		56
		57	+.. warning::
		58	+ To protect against potential DOS attacks when using arbitrary strings as
		59	+ text input, Pillow will raise a ``ValueError`` if the number of characters
		60	+ is over a certain limit, :py:data:`MAX_STRING_LENGTH`.
		61	+
		62	+ This threshold can be changed by setting
		63	+ :py:data:`MAX_STRING_LENGTH`. It can be disabled by setting
		64	+ ``ImageFont.MAX_STRING_LENGTH = None``.
		65	+
		66	Example
		67	-------
		68
		69	@@ -73,3 +82,12 @@ Constants
		70
		71	Requires Raqm, you can check support using
		72	:py:func:`PIL.features.check_feature` with ``feature="raqm"``.
		73	+
		74	+Constants
		75	+---------
		76	+
		77	+.. data:: MAX_STRING_LENGTH
		78	+
		79	+ Set to 1,000,000, to protect against potential DOS attacks. Pillow will
		80	+ raise a ``ValueError`` if the number of characters is over this limit. The
		81	+ check can be disabled by setting ``ImageFont.MAX_STRING_LENGTH = None``.
		82	diff --git a/src/PIL/ImageFont.py b/src/PIL/ImageFont.py
		83	index 3ddc1aaad64..1030985ebc4 100644
		84	--- a/src/PIL/ImageFont.py
		85	+++ b/src/PIL/ImageFont.py
		86	@@ -43,6 +43,9 @@
		87	RAQM = 1
		88
		89
		90	+MAX_STRING_LENGTH = 1000000
		91	+
		92	+
		93	def __getattr__(name):
		94	for enum, prefix in {Layout: "LAYOUT_"}.items():
		95	if name.startswith(prefix):
		96	@@ -67,6 +67,12 @@
		97	core = _ImagingFtNotInstalled()
		98
		99
		100	+def _string_length_check(text):
		101	+ if MAX_STRING_LENGTH is not None and len(text) > MAX_STRING_LENGTH:
		102	+ msg = "too many characters in string"
		103	+ raise ValueError(msg)
		104	+
		105	+
		106	_UNSPECIFIED = object()
		107
		108
		109	@@ -192,6 +192,7 @@
		110
		111	:return: ``(left, top, right, bottom)`` bounding box
		112	"""
		113	+ _string_length_check(text)
		114	width, height = self.font.getsize(text)
		115	return 0, 0, width, height
		116
		117	@@ -202,6 +202,7 @@
		118
		119	.. versionadded:: 9.2.0
		120	"""
		121	+ _string_length_check(text)
		122	width, height = self.font.getsize(text)
		123	return width
		124
		125	@@ -359,6 +359,7 @@
		126
		127	:return: Width for horizontal, height for vertical text.
		128	"""
		129	+ _string_length_check(text)
		130	return self.font.getlength(text, mode, direction, features, language) / 64
		131
		132	def getbbox(
		133	@@ -418,6 +418,7 @@
		134
		135	:return: ``(left, top, right, bottom)`` bounding box
		136	"""
		137	+ _string_length_check(text)
		138	size, offset = self.font.getsize(
		139	text, mode, direction, features, language, anchor
		140	)
		141	@@ -762,6 +762,7 @@
		142	:py:mod:`PIL.Image.core` interface module, and the text offset, the
		143	gap between the starting coordinate and the first marking
		144	"""
		145	+ _string_length_check(text)
		146	if fill is _UNSPECIFIED:
		147	fill = Image.core.fill
		148	else:
		149	@@ -924,6 +924,7 @@
		150	if self.orientation in (Image.Transpose.ROTATE_90, Image.Transpose.ROTATE_270):
		151	msg = "text length is undefined for text rotated by 90 or 270 degrees"
		152	raise ValueError(msg)
		153	+ _string_length_check(text)
		154	return self.font.getlength(text, args, *kwargs)
		155
		156


diff --git a/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb b/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb index 86705d2d8..b9c09127c 100644 --- a/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb +++ b/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb
@@ -9,6 +9,7 @@ SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=main;protocol=https
9	file://0001-support-cross-compiling.patch \	9	file://0001-support-cross-compiling.patch \
10	file://0001-explicitly-set-compile-options.patch \	10	file://0001-explicitly-set-compile-options.patch \
11	file://run-ptest \	11	file://run-ptest \
		12	file://CVE-2023-44271.patch \
12	"	13	"
13	SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8"	14	SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8"
14		15