imaging/patches/04-CVE-2014-9601.patch

	04-CVE-2014-9601.patch revision 4595
4595N/AFix to upstream bug
4595N/Ahttps://github.com/python-pillow/Pillow/pull/1060
4595N/A
4595N/APatch based on upstream commit to Pillow 2.7.0 (PIL fork)
4595N/Ahttps://github.com/wiredfool/Pillow/commit/44286ba3c9bfa6ed565d11bd61460d8ec215e1ea
4595N/A
4595N/ANote that this patch includes a test of the fix, which requires an
4595N/Aimage file which is copied in from files/png_decompress_dos.png,
4595N/Asince it cannot be patched in.
4595N/A
4595N/A--- Imaging-1.1.7-orig/PIL/PngImagePlugin.py    2015-01-21 17:45:12.000000000 -0800
4595N/A+++ Imaging-1.1.7/PIL/PngImagePlugin.py 2015-01-21 19:37:23.000000000 -0800
4595N/A@@ -68,6 +68,12 @@ _MODES = {
4595N/A     (16,6): ("RGBA", "RGBA;16B"),
4595N/A }
4595N/A
4595N/A+def _safe_zlib_decompress(s):
4595N/A+    dobj = zlib.decompressobj()
4595N/A+    plaintext = dobj.decompress(s, ImageFile.SAFEBLOCK)
4595N/A+    if dobj.unconsumed_tail:
4595N/A+        raise ValueError("Decompressed Data Too Large")
4595N/A+    return plaintext
4595N/A
4595N/A # --------------------------------------------------------------------
4595N/A # Support classes.  Suitable for PNG and related formats like MNG etc.
4595N/A@@ -197,7 +203,7 @@ class PngStream(ChunkStream):
4595N/A         if comp_method != 0:
4595N/A             raise SyntaxError("Unknown compression method %s in iCCP chunk" % comp_method)
4595N/A         try:
4595N/A-            icc_profile = zlib.decompress(s[i+2:])
4595N/A+            icc_profile = _safe_zlib_decompress(s[i+2:])
4595N/A         except zlib.error:
4595N/A             icc_profile = None # FIXME
4595N/A         self.im_info["icc_profile"] = icc_profile
4595N/A@@ -293,7 +299,7 @@ class PngStream(ChunkStream):
4595N/A         if comp_method != 0:
4595N/A             raise SyntaxError("Unknown compression method %s in zTXt chunk" % comp_method)
4595N/A         import zlib
4595N/A-        self.im_info[k] = self.im_text[k] = zlib.decompress(v[1:])
4595N/A+        self.im_info[k] = self.im_text[k] = _safe_zlib_decompress(v[1:])
4595N/A         return s
4595N/A
4595N/A # --------------------------------------------------------------------
4595N/A--- Imaging-1.1.7-orig/selftest.py  2015-01-21 17:44:51.000000000 -0800
4595N/A+++ Imaging-1.1.7/selftest.py   2015-07-02 17:06:23.636751412 -0700
4595N/A@@ -9,6 +9,7 @@ from PIL import Image
4595N/A from PIL import ImageDraw
4595N/A from PIL import ImageFilter
4595N/A from PIL import ImageMath
4595N/A+from PIL import PngImagePlugin
4595N/A
4595N/A try:
4595N/A     Image.core.ping
4595N/A@@ -146,6 +147,15 @@ def testimage():
4595N/A     >>> im.mode, im.size
4595N/A     ('F', (128, 128))
4595N/A
4595N/A+    Test fix to PNG decompression DOS #1060
4595N/A+
4595N/A+    >>> try:
4595N/A+    ...  im = Image.open("Images/png_decompression_dos.png")
4595N/A+    ...  im.load()
4595N/A+    ... except ValueError as msg:
4595N/A+    ...  print msg
4595N/A+    Decompressed Data Too Large
4595N/A+
4595N/A     PIL can do many other things, but I'll leave that for another
4595N/A     day.  If you're curious, check the handbook, available from:
4595N/A