CVSROOT: /cvs
Module name: ports
Changes by: st...@cvs.openbsd.org 2016/02/02 16:08:40
Modified files:
graphics/py-Pillow: Makefile
Added files:
graphics/py-Pillow/patches: patch-libImaging_PcdDecode_c
Log message:
Add upstream patch to py-Pillow, fixing a buffer overflow in PcdDecode.c,
where the decoder writes assuming 4 bytes per pixel into a 3 byte per pixel
wide buffer, allowing writing 768 bytes off the end of the buffer. This
overwrites objects in Python's stack, leading to a crash.
https://github.com/python-pillow/Pillow/pull/1706
(There's also a newer upstream release but that will need additional
checking before it can go in).
