/[packages]/updates/3/python-imaging/current/SOURCES/python-pillow-CVE-2014-1932-CVE-2014-1933.patch
ViewVC logotype

Contents of /updates/3/python-imaging/current/SOURCES/python-pillow-CVE-2014-1932-CVE-2014-1933.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 797642 - (show annotations) (download)
Mon Nov 17 04:06:35 2014 UTC (9 years, 4 months ago) by luigiwalser
File size: 2786 byte(s)
- minor update to CVE-2014-193[23] fix from fedora
- add patch from fedora to fix CVE-2014-3007

1 commit 1e331e3e6a40141ca8eee4f5da9f74e895423b66
2 Author: wiredfool <eric-github@soroos.net>
3 Date: Fri Mar 14 15:56:41 2014 -0700
4
5 Removed tempfile.mktemp, fixes CVE-2014-1932 CVE-2014-1933, debian bug #737059
6
7 diff --git a/PIL/EpsImagePlugin.py b/PIL/EpsImagePlugin.py
8 index 94f3e27..8868634 100644
9 --- a/PIL/EpsImagePlugin.py
10 +++ b/PIL/EpsImagePlugin.py
11 @@ -67,7 +67,8 @@ def Ghostscript(tile, size, fp):
12
13 import tempfile, os
14
15 - file = tempfile.mktemp()
16 + out_fd, file = tempfile.mkstemp()
17 + os.close(out_fd)
18
19 # Build ghostscript command
20 command = ["gs",
21 diff --git a/PIL/Image.py b/PIL/Image.py
22 index b93ce24..0d8a235 100644
23 --- a/PIL/Image.py
24 +++ b/PIL/Image.py
25 @@ -504,14 +504,17 @@ class Image:
26 self.readonly = 0
27
28 def _dump(self, file=None, format=None):
29 - import tempfile
30 + import tempfile, os
31 if not file:
32 - file = tempfile.mktemp()
33 + f, file = tempfile.mkstemp(format or '')
34 + os.close(f)
35 +
36 self.load()
37 if not format or format == "PPM":
38 self.im.save_ppm(file)
39 else:
40 - file = file + "." + format
41 + if not file.endswith(format):
42 + file = file + "." + format
43 self.save(file, format)
44 return file
45
46 diff --git a/PIL/IptcImagePlugin.py b/PIL/IptcImagePlugin.py
47 index 157b735..1041530 100644
48 --- a/PIL/IptcImagePlugin.py
49 +++ b/PIL/IptcImagePlugin.py
50 @@ -172,8 +172,8 @@ class IptcImageFile(ImageFile.ImageFile):
51 self.fp.seek(offset)
52
53 # Copy image data to temporary file
54 - outfile = tempfile.mktemp()
55 - o = open(outfile, "wb")
56 + o_fd, outfile = tempfile.mkstemp(text=False)
57 + o = os.fdopen(o_fd)
58 if encoding == "raw":
59 # To simplify access to the extracted file,
60 # prepend a PPM header
61 diff --git a/PIL/JpegImagePlugin.py b/PIL/JpegImagePlugin.py
62 index 9563f97..07a0923 100644
63 --- a/PIL/JpegImagePlugin.py
64 +++ b/PIL/JpegImagePlugin.py
65 @@ -344,13 +344,17 @@ class JpegImageFile(ImageFile.ImageFile):
66 # ALTERNATIVE: handle JPEGs via the IJG command line utilities
67
68 import tempfile, os
69 - file = tempfile.mktemp()
70 - os.system("djpeg %s >%s" % (self.filename, file))
71 + f, path = tempfile.mkstemp()
72 + os.close(f)
73 + if os.path.exists(self.filename):
74 + os.system("djpeg '%s' >'%s'" % (self.filename, path))
75 + else:
76 + raise ValueError("Invalid Filename")
77
78 try:
79 - self.im = Image.core.open_ppm(file)
80 + self.im = Image.core.open_ppm(path)
81 finally:
82 - try: os.unlink(file)
83 + try: os.unlink(path)
84 except: pass
85
86 self.mode = self.im.mode

  ViewVC Help
Powered by ViewVC 1.1.30