2 files changed, 41 insertions, 1 deletions
diff --git a/meta-python/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch b/meta-python/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch
new file mode 100644
index 000000000..b01136f9a
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch
@@ -0,0 +1,38 @@
+python-imaging: CVE-2016-2533
+the patch comes from:
+https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2533
+https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b
+PCD decoder overruns the shuffle buffer, Fixes #568
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ libImaging/PcdDecode.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/libImaging/PcdDecode.c b/libImaging/PcdDecode.c
+index b6898e3..c02d005 100644
+--- a/libImaging/PcdDecode.c
+++ b/libImaging/PcdDecode.c
+@@ -47,7 +47,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
+            out[0] = ptr[x];
+            out[1] = ptr[(x+4*state->xsize)/2];
+            out[2] = ptr[(x+5*state->xsize)/2];
+-           out += 4;
+           out += 3;
+        }
+ 
+        state->shuffle((UINT8*) im->image[state->y],
+@@ -62,7 +62,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
+            out[0] = ptr[x+state->xsize];
+            out[1] = ptr[(x+4*state->xsize)/2];
+            out[2] = ptr[(x+5*state->xsize)/2];
+-           out += 4;
+           out += 3;
+        }
+ 
+        state->shuffle((UINT8*) im->image[state->y],
+-- 
+1.7.9.5
diff --git a/meta-python/recipes-devtools/python/python-imaging_1.1.7.bb b/meta-python/recipes-devtools/python/python-imaging_1.1.7.bb
index d2f1a8c0b..60dd7d0a3 100644
--- a/meta-python/recipes-devtools/python/python-imaging_1.1.7.bb
+++ b/meta-python/recipes-devtools/python/python-imaging_1.1.7.bb
@@ -10,7 +10,9 @@ SRC_URI = "http://effbot.org/downloads/Imaging-${PV}.tar.gz \
           file://0001-python-imaging-setup.py-force-paths-for-zlib-freetyp.patch \
           file://allow.to.disable.some.features.patch \
           file://fix-freetype-includes.patch \
-           file://remove-host-libdir.patch"
+           file://remove-host-libdir.patch \
+           file://python-imaging-CVE-2016-2533.patch \
+"
 SRC_URI[md5sum] = "fc14a54e1ce02a0225be8854bfba478e"
 SRC_URI[sha256sum] = "895bc7c2498c8e1f9b99938f1a40dc86b3f149741f105cf7c7bd2e0725405211"

diff --git a/meta-python/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch b/meta-python/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch new file mode 100644 index 000000000..b01136f9a --- /dev/null +++ b/meta-python/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch
@@ -0,0 +1,38 @@
		1	python-imaging: CVE-2016-2533
		2
		3	the patch comes from:
		4	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2533
		5	https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b
		6
		7	PCD decoder overruns the shuffle buffer, Fixes #568
		8
		9	Signed-off-by: Li Wang <li.wang@windriver.com>
		10	---
		11	libImaging/PcdDecode.c \| 4 ++--
		12	1 file changed, 2 insertions(+), 2 deletions(-)
		13
		14	diff --git a/libImaging/PcdDecode.c b/libImaging/PcdDecode.c
		15	index b6898e3..c02d005 100644
		16	--- a/libImaging/PcdDecode.c
		17	+++ b/libImaging/PcdDecode.c
		18	@@ -47,7 +47,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
		19	out[0] = ptr[x];
		20	out[1] = ptr[(x+4*state->xsize)/2];
		21	out[2] = ptr[(x+5*state->xsize)/2];
		22	- out += 4;
		23	+ out += 3;
		24	}
		25
		26	state->shuffle((UINT8*) im->image[state->y],
		27	@@ -62,7 +62,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
		28	out[0] = ptr[x+state->xsize];
		29	out[1] = ptr[(x+4*state->xsize)/2];
		30	out[2] = ptr[(x+5*state->xsize)/2];
		31	- out += 4;
		32	+ out += 3;
		33	}
		34
		35	state->shuffle((UINT8*) im->image[state->y],
		36	--
		37	1.7.9.5
		38


diff --git a/meta-python/recipes-devtools/python/python-imaging_1.1.7.bb b/meta-python/recipes-devtools/python/python-imaging_1.1.7.bb index d2f1a8c0b..60dd7d0a3 100644 --- a/meta-python/recipes-devtools/python/python-imaging_1.1.7.bb +++ b/meta-python/recipes-devtools/python/python-imaging_1.1.7.bb
@@ -10,7 +10,9 @@ SRC_URI = "http://effbot.org/downloads/Imaging-${PV}.tar.gz \
10	file://0001-python-imaging-setup.py-force-paths-for-zlib-freetyp.patch \	10	file://0001-python-imaging-setup.py-force-paths-for-zlib-freetyp.patch \
11	file://allow.to.disable.some.features.patch \	11	file://allow.to.disable.some.features.patch \
12	file://fix-freetype-includes.patch \	12	file://fix-freetype-includes.patch \
13	file://remove-host-libdir.patch"	13	file://remove-host-libdir.patch \
		14	file://python-imaging-CVE-2016-2533.patch \
		15	"
14		16
15	SRC_URI[md5sum] = "fc14a54e1ce02a0225be8854bfba478e"	17	SRC_URI[md5sum] = "fc14a54e1ce02a0225be8854bfba478e"
16	SRC_URI[sha256sum] = "895bc7c2498c8e1f9b99938f1a40dc86b3f149741f105cf7c7bd2e0725405211"	18	SRC_URI[sha256sum] = "895bc7c2498c8e1f9b99938f1a40dc86b3f149741f105cf7c7bd2e0725405211"