diff --git a/.python-pillow.metadata b/.python-pillow.metadata index 34d63e5..afc1f38 100644 --- a/.python-pillow.metadata +++ b/.python-pillow.metadata @@ -1 +1 @@ -2120f1bbf8d39cb0f1a5a50fb79b993e8b75851c SOURCES/Pillow-5.1.1.tar.gz +ae52b3e58c3d2615aecc3b28a71b763cf7bc2193 SOURCES/Pillow-8.2.0.tar.gz diff --git a/SOURCES/python-pillow_sphinx-issues.patch b/SOURCES/python-pillow_sphinx-issues.patch new file mode 100644 index 0000000..c19b8b9 --- /dev/null +++ b/SOURCES/python-pillow_sphinx-issues.patch @@ -0,0 +1,11 @@ +diff -rupN --no-dereference Pillow-8.2.0/docs/conf.py Pillow-8.2.0-new/docs/conf.py +--- Pillow-8.2.0/docs/conf.py 2021-04-01 19:58:27.000000000 +0200 ++++ Pillow-8.2.0-new/docs/conf.py 2021-04-02 07:41:32.879022927 +0200 +@@ -32,7 +32,6 @@ extensions = [ + "sphinx.ext.autodoc", + "sphinx.ext.intersphinx", + "sphinx.ext.viewcode", +- "sphinx_issues", + "sphinx_removed_in", + ] + diff --git a/SOURCES/python-pillow_spinxwarn.patch b/SOURCES/python-pillow_spinxwarn.patch new file mode 100644 index 0000000..8f3d6a2 --- /dev/null +++ b/SOURCES/python-pillow_spinxwarn.patch @@ -0,0 +1,12 @@ +diff -rupN --no-dereference Pillow-8.2.0/docs/Makefile Pillow-8.2.0-new/docs/Makefile +--- Pillow-8.2.0/docs/Makefile 2021-04-01 19:58:27.000000000 +0200 ++++ Pillow-8.2.0-new/docs/Makefile 2021-04-02 07:41:32.797022925 +0200 +@@ -42,7 +42,7 @@ clean: + -rm -rf $(BUILDDIR)/* + + html: +- $(SPHINXBUILD) -b html -W --keep-going $(ALLSPHINXOPTS) $(BUILDDIR)/html ++ $(SPHINXBUILD) -b html --keep-going $(ALLSPHINXOPTS) $(BUILDDIR)/html + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." + diff --git a/SPECS/python-pillow.spec b/SPECS/python-pillow.spec index fb5a4f5..c789697 100644 --- a/SPECS/python-pillow.spec +++ b/SPECS/python-pillow.spec @@ -7,104 +7,27 @@ %global with_docs 1 Name: python-%{srcname} -Version: 5.1.1 -Release: 16%{?dist} +Version: 8.2.0 +Release: 1%{?dist} Summary: Python image processing library # License: see http://www.pythonware.com/products/pil/license.htm License: MIT URL: http://python-pillow.github.io/ Source0: https://github.com/python-pillow/Pillow/archive/%{version}/Pillow-%{version}.tar.gz -Patch0: 0001-Fix-potential-un-terminated-buffer-problem-CWE-120.patch -Patch1: 0002-Fix-potential-leaked-storage-issues-CWE-772.patch -Patch2: 0003-Fix-dereferencing-type-punned-pointer.patch -# Combined fixes for CVE-2020-5312 improperly restricted operations on memory buffer in libImaging/PcxDecode.c -# https://bugzilla.redhat.com/show_bug.cgi?id=1789533 -# https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd -# and for CVE-2019-16865 reading specially crafted image files leads to allocation of large amounts of memory and denial of service -# https://bugzilla.redhat.com/show_bug.cgi?id=1774066 -# https://github.com/python-pillow/Pillow/commit/cc16025e234b7a7a4dd3a86d2fdc0980698db9cc -# https://github.com/python-pillow/Pillow/commit/b36c1bc943d554ba223086c7efb502d080f73905 -# https://github.com/python-pillow/Pillow/commit/f228d0ccbf6bf9392d7fcd51356ef2cfda80c75a -# https://github.com/python-pillow/Pillow/commit/b9693a51c99c260bd66d1affeeab4a226cf7e5a5 -Patch3: CVE-2020-5312_CVE-2019-16865.patch -# Fix for CVE-2020-5311 - out-of-bounds write in expandrow in libImaging/SgiRleDecode.c -# https://bugzilla.redhat.com/show_bug.cgi?id=1789535 -# https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3 -Patch4: CVE-2020-5311.patch -# CVE-2020-5313 out-of-bounds read in ImagingFliDecode when loading FLI images -# Upstream fix: https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b?patch -# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=1789532 -Patch5: CVE-2020-5313.patch -# CVE-2020-11538 out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2 -# Upstream fix: https://github.com/python-pillow/Pillow/pull/4504/ -# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=1852814 -Patch6: CVE-2020-11538.patch -# CVE-2020-35653 decoding a crafted PCX file could result in buffer over-read -# Note that there is a wrong CVE number in the commit msg -# Upstream fix: https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf -# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=1915432 -Patch7: CVE-2020-35653.patch -# CVE-2020-35655 decoding crafted SGI RLE image files could result in buffer over-read -# Upstream fix: https://github.com/python-pillow/Pillow/commit/120eea2e4547a7d1826afdf01563035844f0b7d5 -# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-35653 -Patch8: CVE-2020-35655.patch -# CVE-2021-25290 negative-offset memcpy with an invalid size in TiffDecode.c -# Upstream fix: https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa -# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=1934685 -Patch9: CVE-2021-25290.patch -# CVE-2021-25292 backtracking regex in PDF parser could be used as a DOS attack -# Upstream fix: https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c -# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-25292 -Patch10: CVE-2021-25292.patch -# CVE-2021-25293 out-of-bounds read in SGIRleDecode.c -# Upstream fix: https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9 -# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-25293 -Patch11: CVE-2021-25293.patch -# CVE-2021-27921 reported size of a contained image is not properly checked for a BLP container -# CVE-2021-27922 reported size of a contained image is not properly checked for an ICNS container -# CVE-2021-27923 reported size of a contained image is not properly checked for an ICO container -# Upstream fix: https://github.com/python-pillow/Pillow/commit/480f6819b592d7f07b9a9a52a7656c10bbe07442 -# Tracking bugs: -# - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-27921 -# - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-27922 -# - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-27923 -Patch12: CVE-2021-27921_27922_27923.patch -# CVE-2021-25288 and 25287 out-of-bounds read in J2kDecode in j2ku_gray_i and j2ku_graya_la -# Upstream fixes this patch combines: -# - Original fix for the CVEs: https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87 -# - Older commit the fix is based on: https://github.com/python-pillow/Pillow/commit/cf6da6b79080a8c16984102fdc85f7ce28dca613 -# Tracking bugs: -# - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-25287 -# - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-25288 -Patch13: CVE-2021-25287_25288.patch -# CVE-2021-28675 DoS in PsdImagePlugin -# Upstream fix: https://github.com/python-pillow/Pillow/commit/22e9bee4ef225c0edbb9323f94c26cee0c623497 -# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-28675 -Patch14: CVE-2021-28675.patch -# CVE-2021-28676 infinite loop in FliDecode.c can lead to DoS -# Upstream fix: https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856 -# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-28676 -Patch15: CVE-2021-28676.patch -# CVE-2021-28677 DoS in the open phase via a malicious EPS file -# Upstream fix: https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92 -# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-28677 -Patch16: CVE-2021-28677.patch -# CVE-2021-28678 improper check in BlpImagePlugin can lead to DoS -# Upstream fix: https://github.com/python-pillow/Pillow/commit/496245aa4365d0827390bd0b6fbd11287453b3a1 -# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-28678 -Patch17: CVE-2021-28678.patch -# CVE-2021-34552: buffer overflow in Convert.c because it allow an attacker to pass -# controlled parameters directly into a convert function -# Upstream fix: https://github.com/python-pillow/Pillow/pull/5567 -# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=1982378 -Patch18: CVE-2021-34552.patch + +# Don't error out if sphinx warnings occur +Patch0: python-pillow_spinxwarn.patch +# Drop sphinx-issues requirement, it's not packaged for Fedora +Patch1: python-pillow_sphinx-issues.patch BuildRequires: freetype-devel BuildRequires: gcc BuildRequires: ghostscript BuildRequires: lcms2-devel +BuildRequires: libimagequant-devel BuildRequires: libjpeg-devel +BuildRequires: libraqm-devel BuildRequires: libtiff-devel BuildRequires: libwebp-devel BuildRequires: openjpeg2-devel @@ -114,11 +37,15 @@ BuildRequires: zlib-devel BuildRequires: python3-cffi BuildRequires: python3-devel BuildRequires: python3-numpy +BuildRequires: python3-olefile +BuildRequires: python3-qt5 BuildRequires: python3-setuptools %if 0%{?with_docs} +BuildRequires: make BuildRequires: python3-sphinx BuildRequires: python3-sphinx_rtd_theme -%endif # with_docs +BuildRequires: python3-sphinx-removed-in +%endif BuildRequires: python3-tkinter # For EpsImagePlugin.py @@ -132,7 +59,7 @@ Python image processing library, fork of the Python Imaging Library (PIL) This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. -There are these subpackages: tk (tk interface), +There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt), devel (development) and doc (documentation). @@ -141,6 +68,7 @@ Summary: Python 3 image processing library %{?python_provide:%python_provide python3-%{srcname}} Provides: python3-imaging = %{version}-%{release} # For MicImagePlugin.py, FpxImagePlugin.py +Requires: python3-olefile %description -n python3-%{srcname} Python image processing library, fork of the Python Imaging Library (PIL) @@ -148,7 +76,7 @@ Python image processing library, fork of the Python Imaging Library (PIL) This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. -There are these subpackages: tk (tk interface), +There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt), devel (development) and doc (documentation). @@ -185,26 +113,40 @@ Provides: python3-imaging-tk = %{version}-%{release} Tk interface for %{name}. +%package -n python3-%{srcname}-qt +Summary: Qt %{srcname} image wrapper +Requires: python3-qt5 +Requires: python3-%{srcname}%{?_isa} = %{version}-%{release} +%{?python_provide:%python_provide python3-%{srcname}-qt} +Provides: python3-imaging-qt = %{version}-%{release} + +%description -n python3-%{srcname}-qt +Qt %{srcname} image wrapper. + + %prep %autosetup -p1 -n Pillow-%{version} %build +# Build Python 3 modules %py3_build %if 0%{?with_docs} PYTHONPATH=$PWD/build/%py3_libbuilddir make -C docs html BUILDDIR=_build_py3 SPHINXBUILD=sphinx-build-%python3_version rm -f docs/_build_py3/html/.buildinfo -%endif # with_docs +%endif %install +# Install Python 3 modules install -d %{buildroot}/%{py3_incdir}/Imaging install -m 644 src/libImaging/*.h %{buildroot}/%{py3_incdir}/Imaging %py3_install %check +# Check Python 3 modules ln -s $PWD/Images $PWD/build/%py3_libbuilddir/Images cp -R $PWD/Tests $PWD/build/%py3_libbuilddir/Tests cp -R $PWD/selftest.py $PWD/build/%py3_libbuilddir/selftest.py @@ -212,11 +154,11 @@ pushd build/%py3_libbuilddir PYTHONPATH=$PWD %{__python3} selftest.py popd - %files -n python3-%{srcname} -%doc README.rst CHANGES.rst +%doc README.md CHANGES.rst %license docs/COPYING -%{python3_sitearch}/* +%{python3_sitearch}/PIL/ +%{python3_sitearch}/Pillow-%{version}-py%{python3_version}.egg-info # These are in subpackages %exclude %{python3_sitearch}/PIL/_imagingtk* %exclude %{python3_sitearch}/PIL/ImageTk* @@ -232,7 +174,7 @@ popd %files -n python3-%{srcname}-doc %if 0%{?with_docs} %doc docs/_build_py3/html -%endif # with_docs +%endif %files -n python3-%{srcname}-tk %{python3_sitearch}/PIL/_imagingtk* @@ -241,72 +183,118 @@ popd %{python3_sitearch}/PIL/__pycache__/ImageTk* %{python3_sitearch}/PIL/__pycache__/SpiderImagePlugin* +%files -n python3-%{srcname}-qt +%{python3_sitearch}/PIL/ImageQt* +%{python3_sitearch}/PIL/__pycache__/ImageQt* + %changelog -* Mon Aug 02 2021 Charalampos Stratakis - 5.1.1-16 -- Fix for CVE-2021-34552 -Resolves: rhbz#1982378 - -* Mon Jun 14 2021 Lumír Balhar - 5.1.1-15 -- Fixes for CVE-2021-25288, CVE-2021-25287, CVE-2021-28675, CVE-2021-28676, -CVE-2021-28677 and CVE-2021-28678 -Resolves: rhbz#1958231, rhbz#1958226, rhbz#1958240, rhbz#1958252, rhbz#1958257, rhbz#1958263 - -* Fri Apr 09 2021 Lumír Balhar - 5.1.1-14 -- Fixes for CVE-2021-25290, CVE-2021-25292, CVE-2021-25293, CVE-2021-27921 -CVE-2021-27922, and CVE-2021-27923 -Resolves: rhbz#1934685 rhbz#1934699 rhbz#1934705 rhbz#1935384 rhbz#1935396 rhbz#1935401 - -* Thu Feb 18 2021 Lumír Balhar - 5.1.1-13 -- Fixes for CVE-2020-35653 and CVE-2020-35655 -Resolves: rhbz#1915420 rhbz#1915432 - -* Mon Jul 13 2020 Lumír Balhar - 5.1.1-12 -- Fix for CVE-2020-11538 -Resolves: rhbz#1852814 - -* Wed Mar 04 2020 Lumír Balhar - 5.1.1-11 -- Fix for CVE-2020-5313 -Resolves: rhbz#1789532 - -* Mon Feb 17 2020 Lumír Balhar - 5.1.1-10 -- Bump and rebuild for gating to deliver CVE fixes -Resolves: rhbz#1789535 - -* Mon Feb 17 2020 Lumír Balhar - 5.1.1-9 -- Fix for CVE-2020-5311 - out-of-bounds write in expandrow -Resolves: rhbz#1789535 - -* Fri Feb 14 2020 Lumír Balhar - 5.1.1-8 -- Combined fixes for CVE-2020-5312 and CVE-2019-16865 -Resolves: rhbz#1789533 -Resolves: rhbz#1774066 - -* Tue Nov 27 2018 Lumír Balhar - 5.1.1-7 -- Add upstream patch to solve build-time warning -- Move patches to dist-git -- Resolves: rhbz#1639348 - -* Mon Oct 15 2018 Lumír Balhar - 5.1.1-6 -- Add patches to fix issues found by static code analysis -- Resolves: rhbz#1602669 - -* Wed Jun 27 2018 Petr Viktorin - 5.1.1-5 -- Correct dependency on python3-tkinter - -* Tue Jun 19 2018 Petr Viktorin - 5.1.1-4 -- Drop dependency on python3-olefile (breaking MicImagePlugin.py, FpxImagePlugin) - -* Thu Jun 14 2018 Petr Viktorin - 5.1.1-3 -- Remove the Python 2 subpackage -- Remove the libimagequant dependency - The imagequant library was only used to support a non-default image - quantization mode. - -* Thu May 31 2018 Petr Viktorin - 5.1.1-2 -- Remove the python2 version of docs -- Remove Qt subpackages -- Drop dependency on python2-olefile (breaking MicImagePlugin.py, FpxImagePlugin) +* Fri Apr 02 2021 Sandro Mani - 8.2.0-1 +- Update to 8.2.0 + +* Sat Mar 06 2021 Sandro Mani - 8.1.2-1 +- Update to 8.1.2 + +* Tue Mar 02 2021 Sandro Mani - 8.1.1-1 +- Update to 8.1.1 + +* Wed Jan 27 2021 Fedora Release Engineering - 8.1.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sat Jan 09 2021 Robert-André Mauchin - 8.1.0-2 +- Add patch to fix the import error occurring with Python 3.10 +- Fix: rhbz#1904379 + +* Sun Jan 03 2021 Sandro Mani - 8.1.0-1 +- Update to 8.1.0 + +* Fri Oct 23 2020 Sandro Mani - 8.0.1-1 +- Update to 8.0.1 + +* Thu Oct 15 2020 Sandro Mani - 8.0.0-1 +- Update to 8.0.0 + +* Wed Jul 29 2020 Fedora Release Engineering - 7.2.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jun 30 2020 Sandro Mani - 7.2.0-1 +- Update to 7.2.0 + +* Sat May 23 2020 Miro Hrončok - 7.1.2-2 +- Rebuilt for Python 3.9 + +* Sat Apr 25 2020 Sandro Mani - 7.1.2-1 +- Update to 7.1.2 + +* Tue Apr 21 2020 Charalampos Stratakis - 7.1.1-2 +- Fix html docs build failure with Sphinx3 (rhbz#1823884) + +* Thu Apr 02 2020 Sandro Mani - 7.1.1-1 +- Update to 7.1.1 + +* Thu Jan 30 2020 Fedora Release Engineering - 7.0.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Tue Jan 07 2020 Sandro Mani - 7.0.0-1 +- Update to 7.0.0 +- Drop python2 packages + +* Mon Oct 21 2019 Sandro Mani - 6.2.1-1 +- Update to 6.2.1 + +* Mon Oct 07 2019 Petr Viktorin - 6.2.0-2 +- Remove optional build dependency on python2-cffi + +* Tue Oct 01 2019 Sandro Mani - 6.2.0-1 +- Update to 6.2.0 + +* Fri Aug 16 2019 Miro Hrončok - 6.1.0-4 +- Rebuilt for Python 3.8 + +* Mon Aug 12 2019 Sandro Mani - 6.1.0-3 +- Drop python2-pillow-qt, python2-pillow-tk + +* Fri Jul 26 2019 Fedora Release Engineering - 6.1.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Jul 01 2019 Sandro Mani - 6.1.0-1 +- Update to 6.1.0 + +* Fri May 31 2019 Elliott Sales de Andrade - 6.0.0-2 +- Fix broken Python/C interop on s390x + +* Tue Apr 02 2019 Sandro Mani - 6.0.0-1 +- Update to 6.0.0 + +* Sun Mar 10 2019 Sandro Mani - 5.4.1-4 +- Drop python2-pillow-doc + +* Mon Mar 04 2019 Yatin Karel - 5.4.1-3 +- Fix python3 conditional + +* Sat Feb 02 2019 Fedora Release Engineering - 5.4.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jan 07 2019 Sandro Mani - 5.4.1-1 +- Update to 5.4.1 + +* Mon Oct 01 2018 Sandro Mani - 5.3.0-1 +- Update to 5.3.0 + +* Sat Jul 14 2018 Fedora Release Engineering - 5.2.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Mon Jul 02 2018 Miro Hrončok - 5.2.0-2 +- Rebuilt for Python 3.7 + +* Mon Jul 02 2018 Sandro Mani - 5.2.0-1 +- Update to 5.2.0 + +* Wed Jun 27 2018 Miro Hrončok - 5.1.1-3 +- Fix the tkinter dependency + +* Sat Jun 16 2018 Miro Hrončok - 5.1.1-2 +- Rebuilt for Python 3.7 * Wed Apr 25 2018 Sandro Mani - 5.1.1-1 - Update to 5.1.1