2 files changed, 50 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-pillow/0001-Raise-ValueError-if-color-specifier-is-too-long.patch b/meta-python/recipes-devtools/python/python3-pillow/0001-Raise-ValueError-if-color-specifier-is-too-long.patch
new file mode 100644
index 0000000000..91e16f5415
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-pillow/0001-Raise-ValueError-if-color-specifier-is-too-long.patch
@@ -0,0 +1,49 @@
+From 9e08eb8f78fdfd2f476e1b20b7cf38683754866b Mon Sep 17 00:00:00 2001
+From: Hugo van Kemenade <hugovk@users.noreply.github.com>
+Date: Mon, 23 Aug 2021 19:10:49 +0300
+Subject: [PATCH] Raise ValueError if color specifier is too long
+CVE: CVE-2021-23437
+Upstream-Status: Backport
+(https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b)
+Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
+---
+ Tests/test_imagecolor.py | 9 +++++++++
+ src/PIL/ImageColor.py    | 2 ++
+ 2 files changed, 11 insertions(+)
+diff --git a/Tests/test_imagecolor.py b/Tests/test_imagecolor.py
+index b5d69379..dbe8b9e9 100644
+--- a/Tests/test_imagecolor.py
+++ b/Tests/test_imagecolor.py
+@@ -191,3 +191,12 @@ def test_rounding_errors():
+     assert (255, 255) == ImageColor.getcolor("white", "LA")
+     assert (163, 33) == ImageColor.getcolor("rgba(0, 255, 115, 33)", "LA")
+     Image.new("LA", (1, 1), "white")
+
+
+def test_color_too_long():
+    # Arrange
+    color_too_long = "hsl(" + "1" * 100 + ")"
+
+    # Act / Assert
+    with pytest.raises(ValueError):
+        ImageColor.getrgb(color_too_long)
+diff --git a/src/PIL/ImageColor.py b/src/PIL/ImageColor.py
+index 51df4404..25f92f2c 100644
+--- a/src/PIL/ImageColor.py
+++ b/src/PIL/ImageColor.py
+@@ -32,6 +32,8 @@ def getrgb(color):
+     :param color: A color string
+     :return: ``(red, green, blue[, alpha])``
+     """
+    if len(color) > 100:
+        raise ValueError("color specifier is too long")
+     color = color.lower()
+ 
+     rgb = colormap.get(color, None)
+-- 
+2.33.0
diff --git a/meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb b/meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb
index 40745bb763..8b3a2996f4 100644
--- a/meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb
+++ b/meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb
@@ -10,6 +10,7 @@ SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=8.2.x \
           file://0001-explicitly-set-compile-options.patch \
           file://0001-Limit-sprintf-modes-to-10-characters.patch \
           file://0001-Use-snprintf-instead-of-sprintf.patch \
+           file://0001-Raise-ValueError-if-color-specifier-is-too-long.patch \
 "
 SRCREV ?= "e0e353c0ef7516979a9aedce3792596649ce4433"

diff --git a/meta-python/recipes-devtools/python/python3-pillow/0001-Raise-ValueError-if-color-specifier-is-too-long.patch b/meta-python/recipes-devtools/python/python3-pillow/0001-Raise-ValueError-if-color-specifier-is-too-long.patch new file mode 100644 index 0000000000..91e16f5415 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-pillow/0001-Raise-ValueError-if-color-specifier-is-too-long.patch
@@ -0,0 +1,49 @@
		1	From 9e08eb8f78fdfd2f476e1b20b7cf38683754866b Mon Sep 17 00:00:00 2001
		2	From: Hugo van Kemenade <hugovk@users.noreply.github.com>
		3	Date: Mon, 23 Aug 2021 19:10:49 +0300
		4	Subject: [PATCH] Raise ValueError if color specifier is too long
		5
		6	CVE: CVE-2021-23437
		7
		8	Upstream-Status: Backport
		9	(https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b)
		10
		11	Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
		12	---
		13	Tests/test_imagecolor.py \| 9 +++++++++
		14	src/PIL/ImageColor.py \| 2 ++
		15	2 files changed, 11 insertions(+)
		16
		17	diff --git a/Tests/test_imagecolor.py b/Tests/test_imagecolor.py
		18	index b5d69379..dbe8b9e9 100644
		19	--- a/Tests/test_imagecolor.py
		20	+++ b/Tests/test_imagecolor.py
		21	@@ -191,3 +191,12 @@ def test_rounding_errors():
		22	assert (255, 255) == ImageColor.getcolor("white", "LA")
		23	assert (163, 33) == ImageColor.getcolor("rgba(0, 255, 115, 33)", "LA")
		24	Image.new("LA", (1, 1), "white")
		25	+
		26	+
		27	+def test_color_too_long():
		28	+ # Arrange
		29	+ color_too_long = "hsl(" + "1" * 100 + ")"
		30	+
		31	+ # Act / Assert
		32	+ with pytest.raises(ValueError):
		33	+ ImageColor.getrgb(color_too_long)
		34	diff --git a/src/PIL/ImageColor.py b/src/PIL/ImageColor.py
		35	index 51df4404..25f92f2c 100644
		36	--- a/src/PIL/ImageColor.py
		37	+++ b/src/PIL/ImageColor.py
		38	@@ -32,6 +32,8 @@ def getrgb(color):
		39	:param color: A color string
		40	:return: ``(red, green, blue[, alpha])``
		41	"""
		42	+ if len(color) > 100:
		43	+ raise ValueError("color specifier is too long")
		44	color = color.lower()
		45
		46	rgb = colormap.get(color, None)
		47	--
		48	2.33.0
		49


diff --git a/meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb b/meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb index 40745bb763..8b3a2996f4 100644 --- a/meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb +++ b/meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb
@@ -10,6 +10,7 @@ SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=8.2.x \
10	file://0001-explicitly-set-compile-options.patch \	10	file://0001-explicitly-set-compile-options.patch \
11	file://0001-Limit-sprintf-modes-to-10-characters.patch \	11	file://0001-Limit-sprintf-modes-to-10-characters.patch \
12	file://0001-Use-snprintf-instead-of-sprintf.patch \	12	file://0001-Use-snprintf-instead-of-sprintf.patch \
		13	file://0001-Raise-ValueError-if-color-specifier-is-too-long.patch \
13	"	14	"
14	SRCREV ?= "e0e353c0ef7516979a9aedce3792596649ce4433"	15	SRCREV ?= "e0e353c0ef7516979a9aedce3792596649ce4433"
15		16