python-imaging: Fix CVE-2016-2533

* PCD decoder overruns the shuffle buffer, Fixes #568
the patch comes from:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2533
https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>

1 files changed, 3 insertions, 1 deletions

diff --git a/meta-python/recipes-devtools/python/python-imaging_1.1.7.bb b/meta-python/recipes-devtools/python/python-imaging_1.1.7.bb
index d2f1a8c0b..60dd7d0a3 100644
--- a/meta-python/recipes-devtools/python/python-imaging_1.1.7.bb
+++ b/meta-python/recipes-devtools/python/python-imaging_1.1.7.bb
@@ -10,7 +10,9 @@ SRC_URI = "http://effbot.org/downloads/Imaging-${PV}.tar.gz \
            file://0001-python-imaging-setup.py-force-paths-for-zlib-freetyp.patch \
            file://allow.to.disable.some.features.patch \
            file://fix-freetype-includes.patch \
-           file://remove-host-libdir.patch"
+           file://remove-host-libdir.patch \
+           file://python-imaging-CVE-2016-2533.patch \
+"
 
 SRC_URI[md5sum] = "fc14a54e1ce02a0225be8854bfba478e"
 SRC_URI[sha256sum] = "895bc7c2498c8e1f9b99938f1a40dc86b3f149741f105cf7c7bd2e0725405211"