python3-pillow: Fix CVE-2023-44271

Add patch to fix CVE-2023-44271 Reference: https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 Signed-off-by: Dnyandev Padalkar <padalkards17082001@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: dnyandev <padalkards17082001@gmail.com> 2023-12-22 12:56:35 +0530
committer: Armin Kuster <akuster808@gmail.com> 2024-01-12 07:14:16 -0500
commit: 20cc355db603c172e5a3e9a2aedeab85bdfdc393 (patch)
tree: cc4ecbeb129fe94a6fefca94c39961fdc377c4d3 /meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch
parent: dd23a9930360f540c919ddfd35fd1f6088174ef3 (diff)
download: meta-openembedded-20cc355db603c172e5a3e9a2aedeab85bdfdc393.tar.gz
1 files changed, 156 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch b/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch
new file mode 100644
index 0000000000..ad51f17288
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch
@@ -0,0 +1,156 @@
+From 1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 Mon Sep 17 00:00:00 2001
+From: Andrew Murray <radarhere@users.noreply.github.com>
+Date: Fri, 30 Jun 2023 23:32:26 +1000
+Subject: [PATCH] Added ImageFont.MAX_STRING_LENGTH
+Upstream-status: Backport [https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7]
+CVE: CVE-2023-44271
+Comment: Refresh hunk for test_imagefont.py, ImageFont.py and
+Remove hunk 10.0.0.rst because in our version it is 9.4.0
+Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
+Signed-off-by: Dnyandev Padalkar <padalkards17082001@gmail.com>
+---
+ Tests/test_imagefont.py      | 19 +++++++++++++++++++
+ docs/reference/ImageFont.rst | 18 ++++++++++++++++++
+ src/PIL/ImageFont.py         | 15 +++++++++++++++
+ 3 files changed, 52 insertions(+)
+diff --git a/Tests/test_imagefont.py b/Tests/test_imagefont.py
+index 7fa8ff8cbfd..c50447a153d 100644
+--- a/Tests/test_imagefont.py
+++ b/Tests/test_imagefont.py
+@@ -1107,6 +1107,25 @@
+     assert_image_equal_tofile(im, "Tests/images/text_mono.gif")
+ 
+ 
+def test_too_many_characters(font):
+    with pytest.raises(ValueError):
+        font.getlength("A" * 1000001)
+    with pytest.raises(ValueError):
+        font.getbbox("A" * 1000001)
+    with pytest.raises(ValueError):
+        font.getmask2("A" * 1000001)
+
+    transposed_font = ImageFont.TransposedFont(font)
+    with pytest.raises(ValueError):
+        transposed_font.getlength("A" * 1000001)
+
+    default_font = ImageFont.load_default()
+    with pytest.raises(ValueError):
+        default_font.getlength("A" * 1000001)
+    with pytest.raises(ValueError):
+        default_font.getbbox("A" * 1000001)
+
+
+ @pytest.mark.parametrize(
+     "test_file",
+     [
+diff --git a/docs/reference/ImageFont.rst b/docs/reference/ImageFont.rst
+index 946bd3c4bed..2abfa0cc997 100644
+--- a/docs/reference/ImageFont.rst
+++ b/docs/reference/ImageFont.rst
+@@ -18,6 +18,15 @@ OpenType fonts (as well as other font formats supported by the FreeType
+ library). For earlier versions, TrueType support is only available as part of
+ the imToolkit package.
+ 
+.. warning::
+    To protect against potential DOS attacks when using arbitrary strings as
+    text input, Pillow will raise a ``ValueError`` if the number of characters
+    is over a certain limit, :py:data:`MAX_STRING_LENGTH`.
+
+    This threshold can be changed by setting
+    :py:data:`MAX_STRING_LENGTH`. It can be disabled by setting
+    ``ImageFont.MAX_STRING_LENGTH = None``.
+
+ Example
+ -------
+ 
+@@ -73,3 +82,12 @@ Constants
+ 
+     Requires Raqm, you can check support using
+     :py:func:`PIL.features.check_feature` with ``feature="raqm"``.
+
+Constants
+---------
+
+.. data:: MAX_STRING_LENGTH
+
+    Set to 1,000,000, to protect against potential DOS attacks. Pillow will
+    raise a ``ValueError`` if the number of characters is over this limit. The
+    check can be disabled by setting ``ImageFont.MAX_STRING_LENGTH = None``. 
+diff --git a/src/PIL/ImageFont.py b/src/PIL/ImageFont.py
+index 3ddc1aaad64..1030985ebc4 100644
+--- a/src/PIL/ImageFont.py
+++ b/src/PIL/ImageFont.py
+@@ -43,6 +43,9 @@
+     RAQM = 1
+ 
+ 
+MAX_STRING_LENGTH = 1000000
+
+
+ def __getattr__(name):
+     for enum, prefix in {Layout: "LAYOUT_"}.items():
+         if name.startswith(prefix):
+@@ -67,6 +67,12 @@
+     core = _ImagingFtNotInstalled()
+ 
+ 
+def _string_length_check(text):
+    if MAX_STRING_LENGTH is not None and len(text) > MAX_STRING_LENGTH:
+        msg = "too many characters in string"
+        raise ValueError(msg)
+
+
+ _UNSPECIFIED = object()
+ 
+ 
+@@ -192,6 +192,7 @@
+ 
+         :return: ``(left, top, right, bottom)`` bounding box
+         """
+        _string_length_check(text)
+         width, height = self.font.getsize(text)
+         return 0, 0, width, height
+ 
+@@ -202,6 +202,7 @@
+ 
+         .. versionadded:: 9.2.0
+         """
+        _string_length_check(text)
+         width, height = self.font.getsize(text)
+         return width
+ 
+@@ -359,6 +359,7 @@
+ 
+         :return: Width for horizontal, height for vertical text.
+         """
+        _string_length_check(text)
+         return self.font.getlength(text, mode, direction, features, language) / 64
+ 
+     def getbbox(
+@@ -418,6 +418,7 @@
+ 
+         :return: ``(left, top, right, bottom)`` bounding box
+         """
+        _string_length_check(text)
+         size, offset = self.font.getsize(
+             text, mode, direction, features, language, anchor
+         )
+@@ -762,6 +762,7 @@
+                  :py:mod:`PIL.Image.core` interface module, and the text offset, the
+                  gap between the starting coordinate and the first marking
+         """
+        _string_length_check(text)
+         if fill is _UNSPECIFIED:
+             fill = Image.core.fill
+         else:
+@@ -924,6 +924,7 @@
+         if self.orientation in (Image.Transpose.ROTATE_90, Image.Transpose.ROTATE_270):
+             msg = "text length is undefined for text rotated by 90 or 270 degrees"
+             raise ValueError(msg)
+        _string_length_check(text)
+         return self.font.getlength(text, *args, **kwargs)
+ 
+
author	dnyandev <padalkards17082001@gmail.com>	2023-12-22 12:56:35 +0530
committer	Armin Kuster <akuster808@gmail.com>	2024-01-12 07:14:16 -0500
commit	20cc355db603c172e5a3e9a2aedeab85bdfdc393 (patch)
tree	cc4ecbeb129fe94a6fefca94c39961fdc377c4d3 /meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch
parent	dd23a9930360f540c919ddfd35fd1f6088174ef3 (diff)
download	meta-openembedded-20cc355db603c172e5a3e9a2aedeab85bdfdc393.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch b/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch new file mode 100644 index 0000000000..ad51f17288 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch
@@ -0,0 +1,156 @@
	1	From 1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 Mon Sep 17 00:00:00 2001
	2	From: Andrew Murray <radarhere@users.noreply.github.com>
	3	Date: Fri, 30 Jun 2023 23:32:26 +1000
	4	Subject: [PATCH] Added ImageFont.MAX_STRING_LENGTH
	5
	6	Upstream-status: Backport [https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7]
	7	CVE: CVE-2023-44271
	8	Comment: Refresh hunk for test_imagefont.py, ImageFont.py and
	9	Remove hunk 10.0.0.rst because in our version it is 9.4.0
	10
	11	Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
	12	Signed-off-by: Dnyandev Padalkar <padalkards17082001@gmail.com>
	13	---
	14	Tests/test_imagefont.py \| 19 +++++++++++++++++++
	15	docs/reference/ImageFont.rst \| 18 ++++++++++++++++++
	16	src/PIL/ImageFont.py \| 15 +++++++++++++++
	17	3 files changed, 52 insertions(+)
	18
	19	diff --git a/Tests/test_imagefont.py b/Tests/test_imagefont.py
	20	index 7fa8ff8cbfd..c50447a153d 100644
	21	--- a/Tests/test_imagefont.py
	22	+++ b/Tests/test_imagefont.py
	23	@@ -1107,6 +1107,25 @@
	24	assert_image_equal_tofile(im, "Tests/images/text_mono.gif")
	25
	26
	27	+def test_too_many_characters(font):
	28	+ with pytest.raises(ValueError):
	29	+ font.getlength("A" * 1000001)
	30	+ with pytest.raises(ValueError):
	31	+ font.getbbox("A" * 1000001)
	32	+ with pytest.raises(ValueError):
	33	+ font.getmask2("A" * 1000001)
	34	+
	35	+ transposed_font = ImageFont.TransposedFont(font)
	36	+ with pytest.raises(ValueError):
	37	+ transposed_font.getlength("A" * 1000001)
	38	+
	39	+ default_font = ImageFont.load_default()
	40	+ with pytest.raises(ValueError):
	41	+ default_font.getlength("A" * 1000001)
	42	+ with pytest.raises(ValueError):
	43	+ default_font.getbbox("A" * 1000001)
	44	+
	45	+
	46	@pytest.mark.parametrize(
	47	"test_file",
	48	[
	49	diff --git a/docs/reference/ImageFont.rst b/docs/reference/ImageFont.rst
	50	index 946bd3c4bed..2abfa0cc997 100644
	51	--- a/docs/reference/ImageFont.rst
	52	+++ b/docs/reference/ImageFont.rst
	53	@@ -18,6 +18,15 @@ OpenType fonts (as well as other font formats supported by the FreeType
	54	library). For earlier versions, TrueType support is only available as part of
	55	the imToolkit package.
	56
	57	+.. warning::
	58	+ To protect against potential DOS attacks when using arbitrary strings as
	59	+ text input, Pillow will raise a ``ValueError`` if the number of characters
	60	+ is over a certain limit, :py:data:`MAX_STRING_LENGTH`.
	61	+
	62	+ This threshold can be changed by setting
	63	+ :py:data:`MAX_STRING_LENGTH`. It can be disabled by setting
	64	+ ``ImageFont.MAX_STRING_LENGTH = None``.
	65	+
	66	Example
	67	-------
	68
	69	@@ -73,3 +82,12 @@ Constants
	70
	71	Requires Raqm, you can check support using
	72	:py:func:`PIL.features.check_feature` with ``feature="raqm"``.
	73	+
	74	+Constants
	75	+---------
	76	+
	77	+.. data:: MAX_STRING_LENGTH
	78	+
	79	+ Set to 1,000,000, to protect against potential DOS attacks. Pillow will
	80	+ raise a ``ValueError`` if the number of characters is over this limit. The
	81	+ check can be disabled by setting ``ImageFont.MAX_STRING_LENGTH = None``.
	82	diff --git a/src/PIL/ImageFont.py b/src/PIL/ImageFont.py
	83	index 3ddc1aaad64..1030985ebc4 100644
	84	--- a/src/PIL/ImageFont.py
	85	+++ b/src/PIL/ImageFont.py
	86	@@ -43,6 +43,9 @@
	87	RAQM = 1
	88
	89
	90	+MAX_STRING_LENGTH = 1000000
	91	+
	92	+
	93	def __getattr__(name):
	94	for enum, prefix in {Layout: "LAYOUT_"}.items():
	95	if name.startswith(prefix):
	96	@@ -67,6 +67,12 @@
	97	core = _ImagingFtNotInstalled()
	98
	99
	100	+def _string_length_check(text):
	101	+ if MAX_STRING_LENGTH is not None and len(text) > MAX_STRING_LENGTH:
	102	+ msg = "too many characters in string"
	103	+ raise ValueError(msg)
	104	+
	105	+
	106	_UNSPECIFIED = object()
	107
	108
	109	@@ -192,6 +192,7 @@
	110
	111	:return: ``(left, top, right, bottom)`` bounding box
	112	"""
	113	+ _string_length_check(text)
	114	width, height = self.font.getsize(text)
	115	return 0, 0, width, height
	116
	117	@@ -202,6 +202,7 @@
	118
	119	.. versionadded:: 9.2.0
	120	"""
	121	+ _string_length_check(text)
	122	width, height = self.font.getsize(text)
	123	return width
	124
	125	@@ -359,6 +359,7 @@
	126
	127	:return: Width for horizontal, height for vertical text.
	128	"""
	129	+ _string_length_check(text)
	130	return self.font.getlength(text, mode, direction, features, language) / 64
	131
	132	def getbbox(
	133	@@ -418,6 +418,7 @@
	134
	135	:return: ``(left, top, right, bottom)`` bounding box
	136	"""
	137	+ _string_length_check(text)
	138	size, offset = self.font.getsize(
	139	text, mode, direction, features, language, anchor
	140	)
	141	@@ -762,6 +762,7 @@
	142	:py:mod:`PIL.Image.core` interface module, and the text offset, the
	143	gap between the starting coordinate and the first marking
	144	"""
	145	+ _string_length_check(text)
	146	if fill is _UNSPECIFIED:
	147	fill = Image.core.fill
	148	else:
	149	@@ -924,6 +924,7 @@
	150	if self.orientation in (Image.Transpose.ROTATE_90, Image.Transpose.ROTATE_270):
	151	msg = "text length is undefined for text rotated by 90 or 270 degrees"
	152	raise ValueError(msg)
	153	+ _string_length_check(text)
	154	return self.font.getlength(text, args, *kwargs)
	155
	156