Index: branches/2016Q1/graphics/py-pillow/Makefile =================================================================== --- branches/2016Q1/graphics/py-pillow/Makefile (revision 408782) +++ branches/2016Q1/graphics/py-pillow/Makefile (revision 408783) @@ -1,104 +1,105 @@ # Created by: Kubilay Kocak # $FreeBSD$ PORTNAME= pillow PORTVERSION= 2.9.0 +PORTREVISION= 1 CATEGORIES= graphics python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} MAINTAINER= koobs@FreeBSD.org COMMENT= Fork of the Python Imaging Library (PIL) LICENSE= PIL LICENSE_NAME= Standard PIL License LICENSE_FILE= ${WRKSRC}/LICENSE LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept OPTIONS_DEFINE= FREETYPE JPEG LCMS PNG TIFF TKINTER WEBP OPTIONS_DEFAULT= FREETYPE JPEG PNG TKINTER LCMS_DESC= Little Color Management System TKINTER_DESC= Tkinter (Tcl/Tk) BitmapImage & PhotoImage support FREETYPE_LIB_DEPENDS= libfreetype.so:${PORTSDIR}/print/freetype2 JPEG_USES= jpeg LCMS_LIB_DEPENDS= liblcms2.so:${PORTSDIR}/graphics/lcms2 TIFF_LIB_DEPENDS= libtiff.so:${PORTSDIR}/graphics/tiff TKINTER_USES= tk:build TKINTER_BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}tkinter>0:${PORTSDIR}/x11-toolkits/py-tkinter TKINTER_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}tkinter>0:${PORTSDIR}/x11-toolkits/py-tkinter WEBP_LIB_DEPENDS= libwebp.so:${PORTSDIR}/graphics/webp USES= cpe python USE_GITHUB= yes USES= python USE_PYTHON= autoplist concurrent distutils PYDISTUTILS_SETUP= ${PYSETUP} PYDISTUTILS_BUILD_TARGET= build build_py build_ext # we have to build and install everything in a single run, # otherwise pillow's build_ext extension tries to be clever # and messes up standard distutils behaviour... NO_BUILD= yes GH_ACCOUNT= python-${PORTNAME} GH_PROJECT= ${PORTNAME:C/p/P/} CONFLICTS_INSTALL= py*-imaging-* .include .if ${PORT_OPTIONS:MFREETYPE} PYDISTUTILS_BUILDARGS+= --enable-freetype .else PYDISTUTILS_BUILDARGS+= --disable-freetype .endif .if ${PORT_OPTIONS:MJPEG} PYDISTUTILS_BUILDARGS+= --enable-jpeg .else PYDISTUTILS_BUILDARGS+= --disable-jpeg .endif .if ${PORT_OPTIONS:MLCMS} PYDISTUTILS_BUILDARGS+= --enable-lcms .else PYDISTUTILS_BUILDARGS+= --disable-lcms .endif .if ${PORT_OPTIONS:MPNG} PYDISTUTILS_BUILDARGS+= --enable-zlib .else PYDISTUTILS_BUILDARGS+= --disable-zlib .endif .if ${PORT_OPTIONS:MTIFF} PYDISTUTILS_BUILDARGS+= --enable-tiff .else PYDISTUTILS_BUILDARGS+= --disable-tiff .endif .if ${PORT_OPTIONS:MTKINTER} PYDISTUTILS_BUILDARGS+= --enable-tcl --enable-tk \ --include-dirs=${TCL_INCLUDEDIR}:${TK_INCLUDEDIR} .else PYDISTUTILS_BUILDARGS+= --disable-tcl --disable-tk .endif .if ${PORT_OPTIONS:MWEBP} PYDISTUTILS_BUILDARGS+= --enable-webp .else PYDISTUTILS_BUILDARGS+= --disable-webp .endif do-install: @(cd ${INSTALL_WRKSRC}; ${SETENV} ${MAKE_ENV} ${PYTHON_CMD} \ ${PYDISTUTILS_SETUP} ${PYDISTUTILS_BUILD_TARGET} ${PYDISTUTILS_BUILDARGS} \ ${PYDISTUTILS_INSTALL_TARGET} ${PYDISTUTILS_INSTALLARGS}) -regression-test: extract +do-test: extract @cd ${WRKSRC} && \ ${PYTHON_CMD} ${PYSETUP} build_ext -i && \ ${PYTHON_CMD} selftest.py .include Index: branches/2016Q1/graphics/py-pillow/files/patch-CVE-2016-0740 =================================================================== --- branches/2016Q1/graphics/py-pillow/files/patch-CVE-2016-0740 (nonexistent) +++ branches/2016Q1/graphics/py-pillow/files/patch-CVE-2016-0740 (revision 408783) @@ -0,0 +1,24 @@ +From 6dcbf5bd96b717c58d7b642949da8d323099928e Mon Sep 17 00:00:00 2001 +From: Eric Soroos +Date: Thu, 14 Jan 2016 04:59:19 -0800 +Subject: [PATCH] Fix for buffer overflow in TiffDecode.c CVE-2016-0740 + +--- + Tests/check_libtiff_segfault.py | 23 +++++++++++++++++++++++ + Tests/images/libtiff_segfault.tif | Bin 0 -> 262 bytes + libImaging/TiffDecode.c | 2 +- + 3 files changed, 24 insertions(+), 1 deletion(-) + create mode 100644 Tests/check_libtiff_segfault.py + create mode 100644 Tests/images/libtiff_segfault.tif + +--- libImaging/TiffDecode.c ++++ libImaging/TiffDecode.c +@@ -169,7 +169,7 @@ int ImagingLibTiffDecode(Imaging im, ImagingCodecState state, UINT8* buffer, int + char *filename = "tempfile.tif"; + char *mode = "r"; + TIFF *tiff; +- int size; ++ tsize_t size; + + + /* buffer is the encoded file, bytes is the length of the encoded file */ Property changes on: branches/2016Q1/graphics/py-pillow/files/patch-CVE-2016-0740 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2016Q1/graphics/py-pillow/files/patch-CVE-2016-0775 =================================================================== --- branches/2016Q1/graphics/py-pillow/files/patch-CVE-2016-0775 (nonexistent) +++ branches/2016Q1/graphics/py-pillow/files/patch-CVE-2016-0775 (revision 408783) @@ -0,0 +1,24 @@ +From bcaaf97f4ff25b3b5b9e8efeda364e17e80858ec Mon Sep 17 00:00:00 2001 +From: wiredfool +Date: Wed, 20 Jan 2016 22:37:28 +0000 +Subject: [PATCH] FLI overflow error fix and testcase CVE-2016-0775 + +--- + Tests/check_fli_overflow.py | 16 ++++++++++++++++ + Tests/images/fli_overflow.fli | Bin 0 -> 4645 bytes + libImaging/FliDecode.c | 2 +- + 3 files changed, 17 insertions(+), 1 deletion(-) + create mode 100644 Tests/check_fli_overflow.py + create mode 100644 Tests/images/fli_overflow.fli + +--- libImaging/FliDecode.c ++++ libImaging/FliDecode.c +@@ -185,7 +185,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes) + /* COPY chunk */ + for (y = 0; y < state->ysize; y++) { + UINT8* buf = (UINT8*) im->image[y]; +- memcpy(buf+x, data, state->xsize); ++ memcpy(buf, data, state->xsize); + data += state->xsize; + } + break; Property changes on: branches/2016Q1/graphics/py-pillow/files/patch-CVE-2016-0775 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2016Q1/graphics/py-pillow/files/patch-libImaging-PcdDecode.c =================================================================== --- branches/2016Q1/graphics/py-pillow/files/patch-libImaging-PcdDecode.c (nonexistent) +++ branches/2016Q1/graphics/py-pillow/files/patch-libImaging-PcdDecode.c (revision 408783) @@ -0,0 +1,33 @@ +From ae453aa18b66af54e7ff716f4ccb33adca60afd4 Mon Sep 17 00:00:00 2001 +From: wiredfool +Date: Tue, 2 Feb 2016 05:46:26 -0800 +Subject: [PATCH] PCD decoder overruns the shuffle buffer, Fixes #568 + +--- + Tests/images/hopper.pcd | Bin 0 -> 788480 bytes + Tests/test_file_pcd.py | 18 ++++++++++++++++++ + libImaging/PcdDecode.c | 4 ++-- + 3 files changed, 20 insertions(+), 2 deletions(-) + create mode 100644 Tests/images/hopper.pcd + create mode 100644 Tests/test_file_pcd.py + +--- libImaging/PcdDecode.c ++++ libImaging/PcdDecode.c +@@ -47,7 +47,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes) + out[0] = ptr[x]; + out[1] = ptr[(x+4*state->xsize)/2]; + out[2] = ptr[(x+5*state->xsize)/2]; +- out += 4; ++ out += 3; + } + + state->shuffle((UINT8*) im->image[state->y], +@@ -62,7 +62,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes) + out[0] = ptr[x+state->xsize]; + out[1] = ptr[(x+4*state->xsize)/2]; + out[2] = ptr[(x+5*state->xsize)/2]; +- out += 4; ++ out += 3; + } + + state->shuffle((UINT8*) im->image[state->y], Property changes on: branches/2016Q1/graphics/py-pillow/files/patch-libImaging-PcdDecode.c ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2016Q1/graphics/py-pillow/files/patch-libImaging-Resample.c =================================================================== --- branches/2016Q1/graphics/py-pillow/files/patch-libImaging-Resample.c (nonexistent) +++ branches/2016Q1/graphics/py-pillow/files/patch-libImaging-Resample.c (revision 408783) @@ -0,0 +1,35 @@ +From 41fae6d9e2da741d2c5464775c7f1a609ea03798 Mon Sep 17 00:00:00 2001 +From: Ned Williamson +Date: Thu, 4 Feb 2016 01:54:12 -0500 +Subject: [PATCH] fix integer overflow in Resample.c + +--- + libImaging/Resample.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +--- libImaging/Resample.c ++++ libImaging/Resample.c +@@ -138,11 +138,23 @@ ImagingResampleHorizontal(Imaging imIn, int xsize, int filter) + /* maximum number of coofs */ + kmax = (int) ceil(support) * 2 + 1; + ++ // check for overflow ++ if (kmax > 0 && xsize > SIZE_MAX / kmax) ++ return (Imaging) ImagingError_MemoryError(); ++ ++ // sizeof(float) should be greater than 0 ++ if (xsize * kmax > SIZE_MAX / sizeof(float)) ++ return (Imaging) ImagingError_MemoryError(); ++ + /* coefficient buffer */ + kk = malloc(xsize * kmax * sizeof(float)); + if ( ! kk) + return (Imaging) ImagingError_MemoryError(); + ++ // sizeof(int) should be greater than 0 as well ++ if (xsize > SIZE_MAX / (2 * sizeof(int))) ++ return (Imaging) ImagingError_MemoryError(); ++ + xbounds = malloc(xsize * 2 * sizeof(int)); + if ( ! xbounds) { + free(kk); Property changes on: branches/2016Q1/graphics/py-pillow/files/patch-libImaging-Resample.c ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2016Q1 =================================================================== --- branches/2016Q1 (revision 408782) +++ branches/2016Q1 (revision 408783) Property changes on: branches/2016Q1 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r408782