From 0871f3d0c07001f3b6a53e2c864f06b1597be4e8 Mon Sep 17 00:00:00 2001 From: yangxianzhao Date: Thu, 7 Mar 2024 13:24:26 +0800 Subject: [PATCH] Update to python-pillow-2.0.0-24.gitd1c6db8.el7_9 --- CVE-2023-50447.patch | 47 -------------------------------------------- python-pillow.spec | 11 +---------- 2 files changed, 1 insertion(+), 57 deletions(-) delete mode 100644 CVE-2023-50447.patch diff --git a/CVE-2023-50447.patch b/CVE-2023-50447.patch deleted file mode 100644 index 81660fc..0000000 --- a/CVE-2023-50447.patch +++ /dev/null @@ -1,47 +0,0 @@ -From cf8d70b86f0d5ee9e72a1e69ad76cf5831f977fa Mon Sep 17 00:00:00 2001 -From: Eric Soroos -Date: Thu, 8 Feb 2024 21:32:44 +0100 -Subject: [PATCH] Don't allow __ or builtins in env dictionarys for - ImageMath.eval - ---- - PIL/ImageMath.py | 5 +++++ - Tests/test_imagemath.py | 6 ++++++ - 2 files changed, 11 insertions(+) - -diff --git a/PIL/ImageMath.py b/PIL/ImageMath.py -index 5312207..13550a9 100644 ---- a/PIL/ImageMath.py -+++ b/PIL/ImageMath.py -@@ -213,6 +213,11 @@ def eval(expression, _dict={}, **kw): - - # build execution namespace - args = ops.copy() -+ for k in list(_dict.keys()) + list(kw.keys()): -+ if "__" in k or hasattr(builtins, k): -+ msg = "'{0}' not allowed".format(k) -+ raise ValueError(msg) -+ - args.update(_dict) - args.update(kw) - for k, v in list(args.items()): -diff --git a/Tests/test_imagemath.py b/Tests/test_imagemath.py -index da9d1d7..aaf32cf 100644 ---- a/Tests/test_imagemath.py -+++ b/Tests/test_imagemath.py -@@ -45,6 +45,12 @@ def test_ops(): - assert_equal(pixel(ImageMath.eval("float(B)**2", images)), "F 4.0") - assert_equal(pixel(ImageMath.eval("float(B)**33", images)), "F 8589934592.0") - -+def test_prevent_double_underscores(): -+ assert_exception(ValueError, lambda: ImageMath.eval("1", {"__": None})) -+ -+def test_prevent_builtins(): -+ assert_exception(ValueError, lambda: ImageMath.eval("(lambda: isinstance('a', str))()", {"isinstance": None})) -+ - def test_logical(): - assert_exception(ValueError, ImageMath.eval("exit()")) - assert_exception(ValueError, ImageMath.eval("(lambda:(exit()))()")) --- -2.43.0 - diff --git a/python-pillow.spec b/python-pillow.spec index 88ac2e0..ab25e95 100644 --- a/python-pillow.spec +++ b/python-pillow.spec @@ -23,7 +23,7 @@ Name: python-pillow Version: 2.0.0 -Release: 25%{?snap}%{?dist} +Release: 24%{?snap}%{?dist} Summary: Python image processing library # License: see http://www.pythonware.com/products/pil/license.htm @@ -71,10 +71,6 @@ Patch20: CVE-2022-22815_CVE-2022-22816.patch # in an ImageDraw instance operates on a long text argument # Upstream fix: https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 Patch21: CVE-2023-44271.patch -# CVE-2023-50447 python-pillow: pillow:Arbitrary Code Execution via the environment parameter -# Upstream fix: https://github.com/python-pillow/Pillow/commit/02c6183d41c68a8dd080f5739f566bd82485822d -# Patch rebased and tests converted from pytest to unittests. -Patch22: CVE-2023-50447.patch BuildRequires: python2-devel @@ -248,7 +244,6 @@ PIL image wrapper for Qt. %patch19 -p1 -b .CVE-2022-22817 %patch20 -p1 -b .CVE-2022-22815_CVE-2022-22816 %patch21 -p1 -b .CVE-2023-44271 -%patch22 -p1 -b .CVE-2023-50447 %if %{with_python3} # Create Python 3 source tree @@ -406,10 +401,6 @@ popd %endif %changelog -* Thu Feb 08 2024 Lumír Balhar - 2.0.0-25gitd1c6db8 -- Security fix for CVE-2023-50447 -Resolves: RHEL-22239 - * Mon Nov 13 2023 Lumír Balhar - 2.0.0-24gitd1c6db8 - Security fix for CVE-2023-44271 Resolves: RHEL-15459 -- Gitee