meta-openembedded/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-50447-2.patch

From 0ca3c33c59927e1c7e0c14dbc1eea1dfb2431a80 Mon Sep 17 00:00:00 2001
From: Andrew Murray <radarhere@users.noreply.github.com>
Date: Sat, 28 Oct 2023 15:58:52 +1100
Subject: [PATCH] Allow ops

Upstream-Status: Backport [https://github.com/python-pillow/Pillow/commit/0ca3c33c59927e1c7e0c14dbc1eea1dfb2431a80]
CVE: CVE-2023-50447
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 Tests/test_imagemath.py | 4 ++++
 src/PIL/ImageMath.py    | 9 +++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/Tests/test_imagemath.py b/Tests/test_imagemath.py
index da41b3a12..14a58a532 100644
--- a/Tests/test_imagemath.py
+++ b/Tests/test_imagemath.py
@@ -56,6 +56,10 @@ class TestImageMath(PillowTestCase):
             pixel(ImageMath.eval("float(B)**33", images)), "F 8589934592.0"
         )
 
+    def test_prevent_double_underscores():
+        with pytest.raises(ValueError):
+            ImageMath.eval("1", {"__": None})
+
     def test_logical(self):
         self.assertEqual(pixel(ImageMath.eval("not A", images)), 0)
         self.assertEqual(pixel(ImageMath.eval("A and B", images)), "L 2")
diff --git a/src/PIL/ImageMath.py b/src/PIL/ImageMath.py
index 4cea3855e..776604e3f 100644
--- a/src/PIL/ImageMath.py
+++ b/src/PIL/ImageMath.py
@@ -258,13 +258,14 @@ def eval(expression, _dict={}, **kw):
 
     # build execution namespace
     args = ops.copy()
-    args.update(_dict)
-    args.update(kw)
-    for k, v in list(args.items()):
-        if '__' in k or hasattr(__builtins__, k):
+    for k in list(_dict.keys()) + list(kw.keys()):
+        if "__" in k or hasattr(__builtins__, k):
             msg = f"'{k}' not allowed"
             raise ValueError(msg)
 
+    args.update(_dict)
+    args.update(kw)
+    for k, v in list(args.items()):
         if hasattr(v, "im"):
             args[k] = _Operand(v)
 
-- 
2.25.1