Blob Blame History Raw
%global py2_incdir %{_includedir}/python%{python2_version}
%global py3_incdir %{_includedir}/python%{python3_version}

%global name3 python3-pillow

# RHEL-7 doesn't have python 3
%if 0%{?rhel} == 7
  %global with_python3 0
%else
  %global with_python3 1
%endif

# Refer to the comment for Source0 below on how to obtain the source tarball
# The saved file has format python-imaging-Pillow-$version-$ahead-g$shortcommit.tar.gz
%global commit d1c6db88d4dee462c6bbf4e22555e3ddd410d06a
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%global ahead 105

# If ahead is 0, the tarball corresponds to a release version, otherwise to a git snapshot
%if %{ahead} > 0
%global snap .git%{shortcommit}
%endif

Name:           python-pillow
Version:        2.0.0
Release:        24%{?snap}%{?dist}
Summary:        Python image processing library

# License: see http://www.pythonware.com/products/pil/license.htm
License:        MIT
URL:            http://python-pillow.github.io/

# Obtain the tarball for a certain commit via:
#  wget --content-disposition https://github.com/python-imaging/Pillow/tarball/$commit
Source0:        https://github.com/python-imaging/Pillow/tarball/%{commit}/python-imaging-Pillow-%{version}-%{ahead}-g%{shortcommit}.tar.gz

# Add s390* and ppc* archs
Patch0:         python-pillow-archs.patch
# Fix test hardcoded for little-endian
Patch1:         python-pillow_endian.patch
Patch2:         python-pillow-2.0.0_bytearray.patch
Patch3:         python-pillow-2.0.0_memleaks.patch
# Combined fixes for CVE-2020-5312 improperly restricted operations on memory buffer in libImaging/PcxDecode.c
# https://bugzilla.redhat.com/show_bug.cgi?id=1789533
# https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd
# and for CVE-2019-16865 reading specially crafted image files leads to allocation of large amounts of memory and denial of service
# this one is implemented only partially because this old version of Pillow does not support all vulnerable file types
# https://bugzilla.redhat.com/show_bug.cgi?id=1774066
# https://github.com/python-pillow/Pillow/commit/cc16025e234b7a7a4dd3a86d2fdc0980698db9cc
# https://github.com/python-pillow/Pillow/commit/b36c1bc943d554ba223086c7efb502d080f73905
Patch4:         CVE-2020-5312_CVE-2019-16865.patch
# CVE-2020-5313 out-of-bounds read in ImagingFliDecode when loading FLI images
# Upstream fix: https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b?patch
# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=1789532
Patch5:         CVE-2020-5313.patch
# CVE-2022-22817: PIL.ImageMath.eval allows evaluation of arbitrary expressions
# Upstream fixes:
# https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
# https://github.com/python-pillow/Pillow/commit/f84ab3bb8a0a196a52e8a76bebed2853362629de
# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=2042527
Patch19:        CVE-2022-22817.patch
# CVE-2022-22815 python-pillow: improperly initializes ImagePath.Path in path_getbbox() in path.c
# CVE-2022-22816 python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c
# Upstream fix: https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f
# Memory issue fix: https://github.com/python-pillow/Pillow/pull/5958
# Tracking bugs:
# https://bugzilla.redhat.com/show_bug.cgi?id=2042511
# https://bugzilla.redhat.com/show_bug.cgi?id=2042522
Patch20:        CVE-2022-22815_CVE-2022-22816.patch
# CVE-2023-44271 python-pillow: uncontrolled resource consumption when textlength
# in an ImageDraw instance operates on a long text argument
# Upstream fix: https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
Patch21:        CVE-2023-44271.patch


BuildRequires:  python2-devel
BuildRequires:  python-setuptools
BuildRequires:  tkinter
BuildRequires:  tk-devel
BuildRequires:  python-sphinx
BuildRequires:  libjpeg-devel
BuildRequires:  zlib-devel
BuildRequires:  freetype-devel
BuildRequires:  sane-backends-devel
# Don't build with webp support on s390* and ppc* archs
# see bug #962091 and #1127230
%ifnarch s390 s390x ppc ppc64
BuildRequires:  libwebp-devel
%endif
BuildRequires:  PyQt4
BuildRequires:  numpy

%if %{with_python3}
BuildRequires:  python3-devel
BuildRequires:  python3-setuptools
BuildRequires:  python3-tkinter
BuildRequires:  python3-PyQt4
BuildRequires:  python3-numpy
%endif

Provides:       python-imaging = %{version}-%{release}
Obsoletes:      python-imaging <= 1.1.7-12

%if %{with_python3}
Provides:       python3-imaging = %{version}-%{release}
%endif

%filter_provides_in %{python2_sitearch}
%filter_provides_in %{python3_sitearch}
%filter_setup

%description
Python image processing library, fork of the Python Imaging Library (PIL)

This library provides extensive file format support, an efficient
internal representation, and powerful image processing capabilities.

There are five subpackages: tk (tk interface), qt (PIL image wrapper for Qt),
sane (scanning devices interface), devel (development) and doc (documentation).


%package devel
Summary:        Development files for %{name}
Group:          Development/Libraries
Requires:       %{name}%{?_isa} = %{version}-%{release}
Requires:       python-devel, libjpeg-devel, zlib-devel
Provides:       python-imaging-devel = %{version}-%{release}
Obsoletes:      python-imaging-devel <= 1.1.7-12

%description devel
Development files for %{name}.


%package doc
Summary:        Documentation for %{name}
Group:          Documentation
Requires:       %{name} = %{version}-%{release}

%description doc
Documentation for %{name}.


%package sane
Summary:        Python module for using scanners
Group:          System Environment/Libraries
Requires:       %{name}%{?_isa} = %{version}-%{release}
Provides:       python-imaging-sane = %{version}-%{release}
Obsoletes:      python-imaging-sane <= 1.1.7-12

%description sane
This package contains the sane module for Python which provides access to
various raster scanning devices such as flatbed scanners and digital cameras.


%package tk
Summary:        Tk interface for %{name}
Group:          System Environment/Libraries
Requires:       %{name}%{?_isa} = %{version}-%{release}
Requires:       tkinter
Provides:       python-imaging-tk = %{version}-%{release}
Obsoletes:      python-imaging-tk <= 1.1.7-12

%description tk
Tk interface for %{name}.

%package qt
Summary:        PIL image wrapper for Qt
Group:          System Environment/Libraries
Requires:       %{name}%{?_isa} = %{version}-%{release}
Requires:       PyQt4
Provides:       python-imaging-qt = %{version}-%{release}

%description qt
PIL image wrapper for Qt.


%if %{with_python3}
%package -n %{name3}
Summary:        Python 3 image processing library

%description -n %{name3}
%{_description}


%package -n %{name3}-devel
Summary:        Development files for %{name3}
Group:          Development/Libraries
Requires:       %{name3}%{?_isa} = %{version}-%{release}
Requires:       python3-devel, libjpeg-devel, zlib-devel

%description -n %{name3}-devel
Development files for %{name3}.


%package -n %{name3}-doc
Summary:        Documentation for %{name3}
Group:          Documentation
Requires:       %{name3} = %{version}-%{release}

%description -n %{name3}-doc
Documentation for %{name3}.


%package -n %{name3}-sane
Summary:        Python module for using scanners
Group:          System Environment/Libraries
Requires:       %{name3}%{?_isa} = %{version}-%{release}

%description -n %{name3}-sane
This package contains the sane module for Python which provides access to
various raster scanning devices such as flatbed scanners and digital cameras.


%package -n %{name3}-tk
Summary:        Tk interface for %{name3}
Group:          System Environment/Libraries
Requires:       %{name3}%{?_isa} = %{version}-%{release}
Requires:       tkinter

%description -n %{name3}-tk
Tk interface for %{name3}.

%package -n %{name3}-qt
Summary:        PIL image wrapper for Qt
Group:          System Environment/Libraries
Obsoletes:      %{name3} <= 2.0.0-5.git93a488e8
Requires:       %{name3}%{?_isa} = %{version}-%{release}
Requires:       python3-PyQt4

%description -n %{name3}-qt
PIL image wrapper for Qt.

%endif


%prep
%setup -q -n python-imaging-Pillow-%{shortcommit}
%patch0 -p1 -b .archs
%patch1 -p1 -b .endian
%patch2 -p1 -b .byte_array
%patch3 -p1 -b .memleaks
%patch4 -p2 -b .cves
%patch5 -p2 -b .cve_2020_5313
%patch19 -p1 -b .CVE-2022-22817
%patch20 -p1 -b .CVE-2022-22815_CVE-2022-22816
%patch21 -p1 -b .CVE-2023-44271

%if %{with_python3}
# Create Python 3 source tree
rm -rf %{py3dir}
cp -a . %{py3dir}
%endif


%build
# Build Python 2 modules
find -name '*.py' | xargs sed -i '1s|^#!.*python|#!%{__python2}|'
CFLAGS="$RPM_OPT_FLAGS" %{__python2} setup.py build

pushd Sane
CFLAGS="$RPM_OPT_FLAGS" %{__python2} setup.py build
popd

pushd docs
PYTHONPATH=$PWD/.. make html
rm -f _build/html/.buildinfo
popd

%if %{with_python3}
# Build Python 3 modules
pushd %{py3dir}
find -name '*.py' | xargs sed -i '1s|^#!.*python|#!%{__python3}|'
CFLAGS="$RPM_OPT_FLAGS" %{__python3} setup.py build

pushd Sane
CFLAGS="$RPM_OPT_FLAGS" %{__python3} setup.py build
popd

pushd docs
PYTHONPATH=$PWD/.. make html
rm -f _build/html/.buildinfo
popd
popd
%endif


%install
rm -rf $RPM_BUILD_ROOT

# Install Python 2 modules
install -d $RPM_BUILD_ROOT/%{py2_incdir}/Imaging
install -m 644 libImaging/*.h $RPM_BUILD_ROOT/%{py2_incdir}/Imaging
%{__python2} setup.py install --skip-build --root $RPM_BUILD_ROOT
pushd Sane
%{__python2} setup.py install --skip-build --root $RPM_BUILD_ROOT
popd

%if %{with_python3}
# Install Python 3 modules
pushd %{py3dir}
install -d $RPM_BUILD_ROOT/%{py3_incdir}/Imaging
install -m 644 libImaging/*.h $RPM_BUILD_ROOT/%{py3_incdir}/Imaging
%{__python3} setup.py install --skip-build --root $RPM_BUILD_ROOT
pushd Sane
%{__python3} setup.py install --skip-build --root $RPM_BUILD_ROOT
popd
popd
%endif

# The scripts are packaged in %%doc
rm -rf $RPM_BUILD_ROOT%{_bindir}


%check
# Check Python 2 modules
ln -s $PWD/Images $RPM_BUILD_ROOT%{python2_sitearch}/Images
ln -s $PWD/Tests $RPM_BUILD_ROOT%{python2_sitearch}/Tests
ln -s $PWD/selftest.py $RPM_BUILD_ROOT%{python2_sitearch}/selftest.py
pushd $RPM_BUILD_ROOT%{python2_sitearch}
%{__python2} selftest.py
%{__python2} Tests/run.py
popd
rm $RPM_BUILD_ROOT%{python2_sitearch}/Images
rm $RPM_BUILD_ROOT%{python2_sitearch}/Tests
rm $RPM_BUILD_ROOT%{python2_sitearch}/selftest.py*

%if %{with_python3}
# Check Python 3 modules
pushd %{py3dir}
ln -s $PWD/Images $RPM_BUILD_ROOT%{python3_sitearch}/Images
ln -s $PWD/Tests $RPM_BUILD_ROOT%{python3_sitearch}/Tests
ln -s $PWD/selftest.py $RPM_BUILD_ROOT%{python3_sitearch}/selftest.py
pushd $RPM_BUILD_ROOT%{python3_sitearch}
%{__python3} selftest.py
%{__python3} Tests/run.py
popd
rm $RPM_BUILD_ROOT%{python3_sitearch}/Images
rm $RPM_BUILD_ROOT%{python3_sitearch}/Tests
rm $RPM_BUILD_ROOT%{python3_sitearch}/selftest.py*
popd
%endif


%files
%doc README.rst docs/HISTORY.txt COPYING
%{python2_sitearch}/*
# These are in subpackages
%exclude %{python2_sitearch}/*sane*
%exclude %{python2_sitearch}/_imagingtk*
%exclude %{python2_sitearch}/PIL/ImageTk*
%exclude %{python2_sitearch}/PIL/SpiderImagePlugin*
%exclude %{python2_sitearch}/PIL/ImageQt*

%files devel
%{py2_incdir}/Imaging/

%files doc
%doc Scripts Images docs/_build/html

%files sane
%doc Sane/CHANGES Sane/demo*.py Sane/sanedoc.txt
%{python2_sitearch}/*sane*

%files tk
%{python2_sitearch}/_imagingtk*
%{python2_sitearch}/PIL/ImageTk*
%{python2_sitearch}/PIL/SpiderImagePlugin*

%files qt
%{python2_sitearch}/PIL/ImageQt*

%if %{with_python3}
%files -n %{name3}
%doc README.rst docs/HISTORY.txt COPYING
%{python3_sitearch}/*
# These are in subpackages
%exclude %{python3_sitearch}/*sane*
%exclude %{python3_sitearch}/_imagingtk*
%exclude %{python3_sitearch}/PIL/ImageTk*
%exclude %{python3_sitearch}/PIL/SpiderImagePlugin*
%exclude %{python3_sitearch}/PIL/ImageQt*

%files -n %{name3}-devel
%{py3_incdir}/Imaging/

%files -n %{name3}-doc
%doc Scripts Images docs/_build/html

%files -n %{name3}-sane
%doc Sane/CHANGES Sane/demo*.py Sane/sanedoc.txt
%{python3_sitearch}/*sane*

%files -n %{name3}-tk
%{python3_sitearch}/_imagingtk*
%{python3_sitearch}/PIL/ImageTk*
%{python3_sitearch}/PIL/SpiderImagePlugin*

%files -n %{name3}-qt
%{python3_sitearch}/PIL/ImageQt*

%endif

%changelog
* Mon Nov 13 2023 Lumír Balhar <lbalhar@redhat.com> - 2.0.0-24gitd1c6db8
- Security fix for CVE-2023-44271
Resolves: RHEL-15459

* Fri Feb 11 2022 Charalampos Stratakis <cstratak@redhat.com> - 2.0.0-23gitd1c6db8
- Fixup for CVE-2022-22817
- Security fixes for CVE-2022-22815, CVE-2022-22816
Resolves: rhbz#2042522

* Fri Feb 04 2022 Charalampos Stratakis <cstratak@redhat.com> - 2.0.0-22gitd1c6db8
- Fix for CVE-2022-22817
Resolves: rhbz#2042527

* Wed Mar 04 2020 Lumír Balhar <lbalhar@redhat.com> - 2.0.0-21gitd1c6db8
- Fix for CVE-2020-5313
Resolves: rhbz#1789532

* Wed Feb 12 2020 Lumír Balhar <lbalhar@redhat.com> - 2.0.0-20gitd1c6db8
- Combined fixes for CVE-2020-5312 and CVE-2019-16865
Resolves: rhbz#1789533
Resolves: rhbz#1774066

* Mon Oct 06 2014 Michal Minar <miminar@redhat.com> 2.0.0-19gitd1c6db8
- Reenabled webp support on little endian archs.

* Mon Aug 18 2014 Michal Minar <miminar@redhat.com> 2.0.0-18gitd1c6db8
- Disabled webp support on ppc64le due to #962091 and #1127230.
- Updated URL.

* Fri Feb 21 2014 Michal Minar <miminar@redhat.com> 2.0.0-17gitd1c6db8
- Wiped out some memory leaks.

* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.0.0-15.gitd1c6db8
- Mass rebuild 2014-01-24

* Tue Jan 14 2014 Michal Minar <miminar@redhat.com> 2.0.0-14gitd1c6db8
- Fixed memory corruption.
- Resolves: rhbz#1001122

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.0.0-13.gitd1c6db8
- Mass rebuild 2013-12-27

* Mon Jul 29 2013 Roman Rakus <rrakus@redhat.com> - 2.0.0-12
- Mark doc subpackage arch dependent. Docs are built depending on supported
  features, which are different across archs.
  Resolves: rhbz#987839

* Wed Jul 24 2013 Roman Rakus <rrakus@redhat.com> - 2.0.0-11
- Drop lcms support
  Resolves: rhbz#987839

* Mon May 13 2013 Roman Rakus <rrakus@redhat.com> - 2.0.0-10
- Build without webp support on s390* archs
  Resolves: rhbz#962059

* Sat May 11 2013 Roman Rakus <rrakus@redhat.com> - 2.0.0-9.gitd1c6db8
- Conditionaly disable build of python3 parts on RHEL system

* Wed May 08 2013 Sandro Mani <manisandro@gmail.com> - 2.0.0-8.gitd1c6db8
- Add patch to fix test failure on big-endian

* Thu Apr 25 2013 Toshio Kuratomi <toshio@fedoraproject.org> - 2.0.0-7.gitd1c6db8
- Remove Obsoletes in the python-pillow-qt subpackage. Obsoletes isn't
  appropriate since qt support didn't exist in the previous python-pillow
  package so there's no reason to drag in python-pillow-qt when updating
  python-pillow.

* Fri Apr 19 2013 Sandro Mani <manisandro@gmail.com> - 2.0.0-6.gitd1c6db8
- Update to latest git
- python-pillow_quantization.patch now upstream
- python-pillow_endianness.patch now upstream
- Add subpackage for ImageQt module, with correct dependencies
- Add PyQt4 and numpy BR (for generating docs / running tests)

* Mon Apr 08 2013 Sandro Mani <manisandro@gmail.com> - 2.0.0-5.git93a488e
- Reenable tests on bigendian, add patches for #928927

* Sun Apr 07 2013 Sandro Mani <manisandro@gmail.com> - 2.0.0-4.git93a488e
- Update to latest git
- disable tests on bigendian (PPC*, S390*) until rhbz#928927 is fixed

* Fri Mar 22 2013 Sandro Mani <manisandro@gmail.com> - 2.0.0-3.gitde210a2
- python-pillow_tempfile.patch now upstream
- Add python3-imaging provides (bug #924867)

* Fri Mar 22 2013 Sandro Mani <manisandro@gmail.com> - 2.0.0-2.git2e88848
- Update to latest git
- Remove python-pillow-disable-test.patch, gcc is now fixed
- Add python-pillow_tempfile.patch to prevent a temporary file from getting packaged

* Tue Mar 19 2013 Sandro Mani <manisandro@gmail.com> - 2.0.0-1.git2f4207c
- Update to 2.0.0 git snapshot
- Enable python3 packages
- Add libwebp-devel BR for Pillow 2.0.0

* Wed Mar 13 2013 Peter Robinson <pbrobinson@fedoraproject.org> 1.7.8-6.20130305git
- Add ARM support

* Tue Mar 12 2013 Karsten Hopp <karsten@redhat.com> 1.7.8-5.20130305git
- add s390* and ppc* to arch detection

* Tue Mar 05 2013 Sandro Mani <manisandro@gmail.com> - 1.7.8-4.20130305git7866759
- Update to latest git snapshot
- 0001-Cast-hash-table-values-to-unsigned-long.patch now upstream
- Pillow-1.7.8-selftest.patch now upstream

* Mon Feb 25 2013 Sandro Mani <manisandro@gmail.com> - 1.7.8-3.20130210gite09ff61
- Really remove -fno-strict-aliasing
- Place comment on how to retreive source just above the Source0 line

* Mon Feb 18 2013 Sandro Mani <manisandro@gmail.com> - 1.7.8-2.20130210gite09ff61
- Rebuild without -fno-strict-aliasing
- Add patch for upstream issue #52

* Sun Feb 10 2013 Sandro Mani <manisandro@gmail.com> - 1.7.8-1.20130210gite09ff61
- Initial RPM package