python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-11-04 09:57:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

Autolink CVEs with sphinx-issues

Browse Source
This commit is contained in:
Hugo van Kemenade 2020-12-17 06:46:51 +02:00
parent d093b7141f
commit f0c0a0a1f4
10 changed files with 38 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/test.yml vendored
View File

@ -103,7 +103,7 @@ jobs:
- name: Docs - name: Docs
if: startsWith(matrix.os, 'ubuntu') && matrix.python-version == 3.9 if: startsWith(matrix.os, 'ubuntu') && matrix.python-version == 3.9
run: | run: |
python3 -m pip install sphinx-removed-in sphinx-rtd-theme python3 -m pip install sphinx-issues sphinx-removed-in sphinx-rtd-theme
make doccheck make doccheck
- name: After success - name: After success

1
docs/conf.py
View File

@ -32,6 +32,7 @@ extensions = [
"sphinx.ext.autodoc", "sphinx.ext.autodoc",
"sphinx.ext.intersphinx", "sphinx.ext.intersphinx",
"sphinx.ext.viewcode", "sphinx.ext.viewcode",
"sphinx_issues",
"sphinx_removed_in", "sphinx_removed_in",
] ]

3
docs/deprecations.rst
View File

@ -21,10 +21,9 @@ Support for FreeType 2.7 is deprecated and will be removed in Pillow 9.0.0 (2022
when FreeType 2.8 will be the minimum supported. when FreeType 2.8 will be the minimum supported.
We recommend upgrading to at least FreeType `2.10.4`_, which fixed a severe We recommend upgrading to at least FreeType `2.10.4`_, which fixed a severe
vulnerability introduced in FreeType 2.6 (CVE-2020-15999_). vulnerability introduced in FreeType 2.6 (:cve:`CVE-2020-15999`).
.. _2.10.4: https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/ .. _2.10.4: https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/
.. _CVE-2020-15999: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999
Image.show command parameter Image.show command parameter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~

24
docs/releasenotes/3.1.1.rst
View File

@ -6,7 +6,7 @@ CVE-2016-0740 -- Buffer overflow in TiffDecode.c
------------------------------------------------ ------------------------------------------------
Pillow 3.1.0 and earlier when linked against libtiff >= 4.0.0 on x64 Pillow 3.1.0 and earlier when linked against libtiff >= 4.0.0 on x64
may overflow a buffer when reading a specially crafted tiff file. may overflow a buffer when reading a specially crafted tiff file (:cve:`CVE-2016-0740`).
Specifically, libtiff >= 4.0.0 changed the return type of Specifically, libtiff >= 4.0.0 changed the return type of
``TIFFScanlineSize`` from ``int32`` to machine dependent ``TIFFScanlineSize`` from ``int32`` to machine dependent
@ -24,9 +24,11 @@ CVE-2016-0775 -- Buffer overflow in FliDecode.c
----------------------------------------------- -----------------------------------------------
In all versions of Pillow, dating back at least to the last PIL 1.1.7 In all versions of Pillow, dating back at least to the last PIL 1.1.7
release, FliDecode.c has a buffer overflow error. release, FliDecode.c has a buffer overflow error (:cve:`CVE-2016-0775`).
Around line 192:: Around line 192:
.. code-block:: c
case 16: case 16:
/* COPY chunk */ /* COPY chunk */
@ -45,13 +47,13 @@ is a set of row pointers to segments of memory that are the size of
the row. At the max ``y``, this will write the contents of the line the row. At the max ``y``, this will write the contents of the line
off the end of the memory buffer, causing a segfault. off the end of the memory buffer, causing a segfault.
This issue was found by Alyssa Besseling at Atlassian This issue was found by Alyssa Besseling at Atlassian.
CVE-2016-2533 -- Buffer overflow in PcdDecode.c CVE-2016-2533 -- Buffer overflow in PcdDecode.c
----------------------------------------------- -----------------------------------------------
In all versions of Pillow, dating back at least to the last PIL 1.1.7 In all versions of Pillow, dating back at least to the last PIL 1.1.7
release, ``PcdDecode.c`` has a buffer overflow error. release, ``PcdDecode.c`` has a buffer overflow error (:cve:`CVE-2016-2533`).
The ``state.buffer`` for ``PcdDecode.c`` is allocated based on a 3 The ``state.buffer`` for ``PcdDecode.c`` is allocated based on a 3
bytes per pixel sizing, where ``PcdDecode.c`` wrote into the buffer bytes per pixel sizing, where ``PcdDecode.c`` wrote into the buffer
@ -63,14 +65,16 @@ Integer overflow in Resample.c
------------------------------ ------------------------------
If a large value was passed into the new size for an image, it is If a large value was passed into the new size for an image, it is
possible to overflow an int32 value passed into malloc. possible to overflow an ``int32`` value passed into malloc.
kk = malloc(xsize * kmax * sizeof(float)); .. code-block:: c
...
xbounds = malloc(xsize * 2 * sizeof(int)); kk = malloc(xsize * kmax * sizeof(float));
...
xbounds = malloc(xsize * 2 * sizeof(int));
``xsize`` is trusted user input. These multiplications can overflow, ``xsize`` is trusted user input. These multiplications can overflow,
leading the malloc'd buffer to be undersized. These allocations are leading the ``malloc``'d buffer to be undersized. These allocations are
followed by a loop that writes out of bounds. This can lead to followed by a loop that writes out of bounds. This can lead to
corruption on the heap of the Python process with attacker controlled corruption on the heap of the Python process with attacker controlled
float data. float data.

6
docs/releasenotes/3.1.2.rst
View File

@ -7,9 +7,11 @@ CVE-2016-3076 -- Buffer overflow in Jpeg2KEncode.c
Pillow between 2.5.0 and 3.1.1 may overflow a buffer when writing Pillow between 2.5.0 and 3.1.1 may overflow a buffer when writing
large Jpeg2000 files, allowing for code execution or other memory large Jpeg2000 files, allowing for code execution or other memory
corruption. corruption (:cve:`CVE-2016-3076`).
This occurs specifically in the function ``j2k_encode_entry``, at the line:: This occurs specifically in the function ``j2k_encode_entry``, at the line:
.. code-block:: c
state->buffer = malloc (tile_width * tile_height * components * prec / 8); state->buffer = malloc (tile_width * tile_height * components * prec / 8);

6
docs/releasenotes/6.2.0.rst
View File

@ -73,7 +73,7 @@ Security
======== ========
This release catches several buffer overruns, as well as addressing This release catches several buffer overruns, as well as addressing
CVE-2019-16865. The CVE is regarding DOS problems, such as consuming large :cve:`CVE-2019-16865`. The CVE is regarding DOS problems, such as consuming large
amounts of memory, or taking a large amount of time to process an image. amounts of memory, or taking a large amount of time to process an image.
In RawDecode.c, an error is now thrown if skip is calculated to be less than In RawDecode.c, an error is now thrown if skip is calculated to be less than
@ -103,7 +103,7 @@ instead.
Flags for libwebp in wheels Flags for libwebp in wheels
^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^
When building libwebp for inclusion in wheels, Pillow now adds the -O3 and When building libwebp for inclusion in wheels, Pillow now adds the ``-O3`` and
-DNDEBUG CFLAGS. These flags would be used by default if building libwebp ``-DNDEBUG`` CFLAGS. These flags would be used by default if building libwebp
without debugging, and using them fixes a significant decrease in speed when without debugging, and using them fixes a significant decrease in speed when
a wheel-installed copy of Pillow performs libwebp operations. a wheel-installed copy of Pillow performs libwebp operations.

13
docs/releasenotes/6.2.2.rst
View File

@ -6,12 +6,13 @@ Security
This release addresses several security problems. This release addresses several security problems.
CVE-2019-19911 is regarding FPX images. If an image reports that it has a large number :cve:`CVE-2019-19911` is regarding FPX images. If an image reports that it has a large
of bands, a large amount of resources will be used when trying to process the number of bands, a large amount of resources will be used when trying to process the
image. This is fixed by limiting the number of bands to those usable by Pillow. image. This is fixed by limiting the number of bands to those usable by Pillow.
Buffer overruns were found when processing an SGI (CVE-2020-5311), PCX (CVE-2020-5312) Buffer overruns were found when processing an SGI (:cve:`CVE-2020-5311`),
or FLI image (CVE-2020-5313). Checks have been added to prevent this. PCX (:cve:`CVE-2020-5312`) or FLI image (:cve:`CVE-2020-5313`). Checks have been added
to prevent this.
CVE-2020-5310: Overflow checks have been added when calculating the size of a memory :cve:`CVE-2020-5310`: Overflow checks have been added when calculating the size of a
block to be reallocated in the processing of a TIFF image. memory block to be reallocated in the processing of a TIFF image.

10
docs/releasenotes/7.1.0.rst
View File

@ -74,11 +74,11 @@ Security
This release includes security fixes. This release includes security fixes.
* CVE-2020-10177 Fix multiple OOB reads in FLI decoding * :cve:`CVE-2020-10177` Fix multiple OOB reads in FLI decoding
* CVE-2020-10378 Fix bounds overflow in PCX decoding * :cve:`CVE-2020-10378` Fix bounds overflow in PCX decoding
* CVE-2020-10379 Fix two buffer overflows in TIFF decoding * :cve:`CVE-2020-10379` Fix two buffer overflows in TIFF decoding
* CVE-2020-10994 Fix bounds overflow in JPEG 2000 decoding * :cve:`CVE-2020-10994` Fix bounds overflow in JPEG 2000 decoding
* CVE-2020-11538 Fix buffer overflow in SGI-RLE decoding * :cve:`CVE-2020-11538` Fix buffer overflow in SGI-RLE decoding
Other Changes Other Changes
============= =============

5
docs/releasenotes/8.0.1.rst
View File

@ -4,13 +4,11 @@
Security Security
======== ========
Update FreeType used in binary wheels to `2.10.4`_ to fix CVE-2020-15999_: Update FreeType used in binary wheels to `2.10.4`_ to fix :cve:`CVE-2020-15999`:
- A heap buffer overflow has been found in the handling of embedded PNG bitmaps, - A heap buffer overflow has been found in the handling of embedded PNG bitmaps,
introduced in FreeType version 2.6. introduced in FreeType version 2.6.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999
If you use option ``FT_CONFIG_OPTION_USE_PNG`` you should upgrade immediately. If you use option ``FT_CONFIG_OPTION_USE_PNG`` you should upgrade immediately.
We strongly recommend updating to Pillow 8.0.1 if you are using Pillow 8.0.0, which improved support for bitmap fonts. We strongly recommend updating to Pillow 8.0.1 if you are using Pillow 8.0.0, which improved support for bitmap fonts.
@ -22,4 +20,3 @@ Pillow 8.0.0 and earlier are potentially vulnerable releases, including the last
to support Python 2.7, namely Pillow 6.2.2. to support Python 2.7, namely Pillow 6.2.2.
.. _2.10.4: https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/ .. _2.10.4: https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/
.. _CVE-2020-15999: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999

1
requirements.txt
View File

@ -10,5 +10,6 @@ pyroma
pytest pytest
pytest-cov pytest-cov
sphinx>=2.4 sphinx>=2.4
sphinx-issues
sphinx-removed-in sphinx-removed-in
sphinx-rtd-theme sphinx-rtd-theme