diff options
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-pillow/CVE-2023-50447-3.patch')
-rw-r--r-- | meta-python/recipes-devtools/python/python3-pillow/CVE-2023-50447-3.patch | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-50447-3.patch b/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-50447-3.patch new file mode 100644 index 0000000000..bbfc32a6c7 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-50447-3.patch @@ -0,0 +1,56 @@ +From 0ca3c33c59927e1c7e0c14dbc1eea1dfb2431a80 +From: Andrew Murray <radarhere@users.noreply.github.com> +Date: Sat, 28 Oct 2023 15:58:52 +1100 +Subject: [PATCH] python3-pillow: Allow ops + +CVE: CVE-2023-50447 + +Upstream-Status: Backport [https://github.com/python-pillow/Pillow/commit/0ca3c33c59927e1c7e0c14dbc1eea1dfb2431a80] + +Signed-off-by: Rahul Janani Pandi <RahulJanani.Pandi@windriver.com> +--- + Tests/test_imagemath.py | 5 +++++ + src/PIL/ImageMath.py | 9 +++++---- + 2 files changed, 10 insertions(+), 4 deletions(-) + +diff --git a/Tests/test_imagemath.py b/Tests/test_imagemath.py +index fe7ac9a7a..ded8c0011 100644 +--- a/Tests/test_imagemath.py ++++ b/Tests/test_imagemath.py +@@ -63,6 +63,11 @@ def test_prevent_exec(expression): + ImageMath.eval(expression) + + ++def test_prevent_double_underscores(): ++ with pytest.raises(ValueError): ++ ImageMath.eval("1", {"__": None}) ++ ++ + def test_logical(): + assert pixel(ImageMath.eval("not A", images)) == 0 + assert pixel(ImageMath.eval("A and B", images)) == "L 2" +diff --git a/src/PIL/ImageMath.py b/src/PIL/ImageMath.py +index 923a8eeae..c14598a4c 100644 +--- a/src/PIL/ImageMath.py ++++ b/src/PIL/ImageMath.py +@@ -237,13 +237,14 @@ def eval(expression, _dict={}, **kw): + + # build execution namespace + args = ops.copy() +- args.update(_dict) +- args.update(kw) +- for k, v in args.items(): +- if '__' in k or hasattr(__builtins__, k): ++ for k in list(_dict.keys()) + list(kw.keys()): ++ if "__" in k or hasattr(__builtins__, k): + msg = f"'{k}' not allowed" + raise ValueError(msg) + ++ args.update(_dict) ++ args.update(kw) ++ for k, v in args.items(): + if hasattr(v, "im"): + args[k] = _Operand(v) + +-- +2.40.0 |