Bump Version/Changelog

Found and reported by Andrew Drake of dropbox.com

CHANGES.rst

@@ -1,6 +1,28 @@
 Changelog (Pillow)
 ==================
 
+2.5.3 (2014-08-18)
+------------------
+
+- Fixed CVE-2014-3598, a DOS in the Jpeg2KImagePlugin
+  [Andrew Drake]
+
+
+2.5.2 (2014-08-13)
+------------------
+
+- Fixed CVE-2014-3589, a DOS in the IcnsImagePlugin
+  [Andrew Drake]
+
+2.5.1 (2014-07-10)
+------------------
+
+- Fixed install issue if Multiprocessing.Pool is not available
+  [wiredfool]
+
+- 32bit mult overflow fix #782
+  [wiredfool]
+
 2.5.0 (2014-07-01)
 ------------------
 

PIL/IcnsImagePlugin.py

@@ -179,6 +179,8 @@ class IcnsFile:
         i = HEADERSIZE
         while i < filesize:
             sig, blocksize = nextheader(fobj)
+            if blocksize <= 0:
+                raise SyntaxError('invalid block header')
             i += HEADERSIZE
             blocksize -= HEADERSIZE
             dct[sig] = (i, blocksize)

PIL/Jpeg2KImagePlugin.py

@@ -70,6 +70,9 @@ def _parse_jp2_header(fp):
         else:
             hlen = 8
 
+        if lbox < hlen:
+            raise SyntaxError('Invalid JP2 header length')
+        
         if tbox == b'jp2h':
             header = fp.read(lbox - hlen)
             break

PIL/__init__.py

@@ -12,7 +12,7 @@
 # ;-)
 
 VERSION = '1.1.7'  # PIL version
-PILLOW_VERSION = '2.5.0' # Pillow
+PILLOW_VERSION = '2.5.3' # Pillow
 
 _plugins = ['BmpImagePlugin',
             'BufrStubImagePlugin',

Tests/check_icns_dos.py

@@ -0,0 +1,10 @@
+# Tests potential DOS of IcnsImagePlugin with 0 length block.
+# Run from anywhere that PIL is importable. 
+
+from PIL import Image
+from io import BytesIO
+
+if bytes is str:
+    Image.open(BytesIO(bytes('icns\x00\x00\x00\x10hang\x00\x00\x00\x00')))
+else:
+    Image.open(BytesIO(bytes('icns\x00\x00\x00\x10hang\x00\x00\x00\x00', 'latin-1')))

Tests/check_j2k_dos.py

@@ -0,0 +1,11 @@
+# Tests potential DOS of Jpeg2kImagePlugin with 0 length block.
+# Run from anywhere that PIL is importable. 
+
+from PIL import Image
+from io import BytesIO
+
+if bytes is str:
+    Image.open(BytesIO(bytes('\x00\x00\x00\x0cjP\x20\x20\x0d\x0a\x87\x0a\x00\x00\x00\x00hang')))
+else:
+    Image.open(BytesIO(bytes('\x00\x00\x00\x0cjP\x20\x20\x0d\x0a\x87\x0a\x00\x00\x00\x00hang', 'latin-1')))
+

Tests/helper.py

@@ -123,6 +123,21 @@ class PillowTestCase(unittest.TestCase):
             self.assertTrue(found)
         return result
 
+    def skipKnownBadTest(self, msg=None, platform=None, travis=None):
+        # Skip if platform/travis matches, and
+        # PILLOW_RUN_KNOWN_BAD is not true in the environment.
+        if bool(os.environ.get('PILLOW_RUN_KNOWN_BAD', False)):
+            print (os.environ.get('PILLOW_RUN_KNOWN_BAD', False))
+            return
+
+        skip = True
+        if platform is not None:
+            skip = sys.platform.startswith(platform)
+        if travis is not None:
+            skip = skip and (travis == bool(os.environ.get('TRAVIS',False)))
+        if skip:
+            self.skipTest(msg or "Known Bad Test")
+
     def tempfile(self, template):
         assert template[:5] in ("temp.", "temp_")
         (fd, path) = tempfile.mkstemp(template[4:], template[:4])

Tests/test_file_icns.py

@@ -57,6 +57,10 @@ class TestFileIcns(PillowTestCase):
         if not enable_jpeg2k:
             return
 
+        self.skipKnownBadTest("Jpeg2000 hangs on Travis on OSX",
+                              platform='darwin',
+                              travis=True)
+
         im = Image.open('Tests/images/pillow3.icns')
         for w, h, r in im.info['sizes']:
             wr = w * r

Tests/test_file_jpeg2k.py

@@ -18,6 +18,9 @@ class TestFileJpeg2k(PillowTestCase):
     def setUp(self):
         if "jpeg2k_encoder" not in codecs or "jpeg2k_decoder" not in codecs:
             self.skipTest('JPEG 2000 support not available')
+        self.skipKnownBadTest("Jpeg2000 hangs on Travis on OSX",
+                              platform='darwin',
+                              travis=True)
 
     def roundtrip(self, im, **options):
         out = BytesIO()

_imaging.c

@@ -71,7 +71,7 @@
  * See the README file for information on usage and redistribution.
  */
 
-#define PILLOW_VERSION "2.5.0"
+#define PILLOW_VERSION "2.5.3"
 
 #include "Python.h"
 

libImaging/ImPlatform.h

@@ -69,4 +69,6 @@
 #define	FLOAT32 float
 #define	FLOAT64 double
 
-
+#ifdef _MSC_VER
+typedef signed __int64       int64_t;
+#endif

libImaging/Storage.c

@@ -379,7 +379,7 @@ ImagingNew(const char* mode, int xsize, int ysize)
     } else
         bytes = strlen(mode); /* close enough */
 
-    if ((Py_ssize_t) xsize * ysize * bytes <= THRESHOLD) {
+    if ((int64_t) xsize * (int64_t) ysize * bytes <= THRESHOLD) {
         im = ImagingNewBlock(mode, xsize, ysize);
         if (im)
             return im;

mp_compile.py

@@ -5,6 +5,11 @@ from multiprocessing import Pool, cpu_count
 from distutils.ccompiler import CCompiler
 import os
 
+try:
+    MAX_PROCS = int(os.environ.get('MAX_CONCURRENCY', cpu_count()))
+except:
+    MAX_PROCS = None
+        
 
 # hideous monkeypatching.  but. but. but.
 def _mp_compile_one(tp):
@@ -31,22 +36,27 @@ def _mp_compile(self, sources, output_dir=None, macros=None,
         output_dir, macros, include_dirs, sources, depends, extra_postargs)
     cc_args = self._get_cc_args(pp_opts, debug, extra_preargs)
 
-    try:
-        max_procs = int(os.environ.get('MAX_CONCURRENCY', cpu_count()))
-    except:
-        max_procs = None
-    pool = Pool(max_procs)
+    pool = Pool(MAX_PROCS)
     try:
         print ("Building using %d processes" % pool._processes)
     except:
         pass
-    arr = [
-        (self, obj, build, cc_args, extra_postargs, pp_opts) for obj in objects
-        ]
+    arr = [(self, obj, build, cc_args, extra_postargs, pp_opts)
+           for obj in objects]
     pool.map_async(_mp_compile_one, arr)
     pool.close()
     pool.join()
     # Return *all* object filenames, not just the ones we just built.
     return objects
 
-CCompiler.compile = _mp_compile
+# explicitly don't enable if environment says 1 processor
+if MAX_PROCS != 1:
+    try:
+        # bug, only enable if we can make a Pool. see issue #790 and
+        # http://stackoverflow.com/questions/6033599/oserror-38-errno-38-with-multiprocessing
+        pool = Pool(2)
+        CCompiler.compile = _mp_compile
+    except Exception as msg:
+        print("Exception installing mp_compile, proceeding without: %s" %msg)
+else:
+    print("Single threaded build, not installing mp_compile: %s processes" %MAX_PROCS)

setup.py

@@ -90,7 +90,7 @@ except (ImportError, OSError):
 
 
 NAME = 'Pillow'
-PILLOW_VERSION = '2.5.0'
+PILLOW_VERSION = '2.5.3'
 TCL_ROOT = None
 JPEG_ROOT = None
 JPEG2K_ROOT = None