%global py3_incdir %(python3 -c 'import distutils.sysconfig; print(distutils.sysconfig.get_python_inc())') %global py3_libbuilddir %(python3 -c 'import sys; import sysconfig; print("lib.{p}-{v[0]}.{v[1]}".format(p=sysconfig.get_platform(), v=sys.version_info))') %global srcname pillow # bootstrap building docs (pillow is required by docutils, docutils are # required by sphinx; pillow build-requires sphinx) # doc build fails on EPEL7 %global with_docs 0 Name: python-%{srcname} Version: 6.2.2 Release: SIMC3%{?dist} Summary: Python image processing library # License: see http://www.pythonware.com/products/pil/license.htm License: MIT URL: http://python-pillow.github.io/ Source0: https://github.com/python-pillow/Pillow/archive/%{version}/Pillow-%{version}.tar.gz # Fix for SGI Decode buffer overrun CVE-2020-35655 - minus test Patch0: Pillow-7e95c63fa7f503f185d3d9eb16b9cee1e54d1e46.patch # Fix CVE-2020-35654 - OOB Write in TiffDecode.c # CVE-2021-25289 # CVE-2021-25290 - Fix negative size read in TiffDecode.c # CVE-2021-25291 - Invalid tile boundaries lead to OOB Read in TiffDecode.c, in TiffReadRGBATile # copy TiffDecode.c from 8.1.1 Patch1: Pillow-CVE-2020-35654.patch # Fix for CVE CVE-2020-35655 - Read Overflow in PCX Decoding. # Backported commit 2f409261eb1228e166868f8f0b5da5cda52e55bf Patch2: Pillow-CVE-2020-35655.patch # Fix OOB read in SgiRleDecode.c - CVE-2021-25293 # copy SgiRleDecode.c from 8.1.1 Patch3: Pillow-CVE-2021-25293.patch # CVE-2021-25292 - Use more specific regex chars to prevent ReDoS # Rebased 3bce145966374dd39ce58a6fc0083f8d1890719c Patch4: Pillow-CVE-2021-25292.patch # CVE-2021-27921, CVE-2021-27922, CVE-2021-27923 # 480f6819b592d7f07b9a9a52a7656c10bbe07442 - Fix Memory DOS in Icns, Ico and Blp Image Plugins Patch5: Pillow-CVE-2021-27921.patch # CVE-2021-23437 possible ReDoS via the getrgb function # https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b Patch6: Pillow-CVE-2021-23437.patch # CVE-2021-28675 DoS in PsdImagePlugin # Partial backport of https://github.com/python-pillow/Pillow/commit/22e9bee4ef225c0edbb9323f94c26cee0c623497 Patch7: Pillow-CVE-2021-28675.patch # CVE-2021-28676 infinite loop in FliDecode.c can lead to DoS # https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856 Patch8: Pillow-CVE-2021-28676.patch # CVE-2021-28677 DoS in the open phase via a malicious EPS file # https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92 Patch9: Pillow-CVE-2021-28677.patch # CVE-2021-28678 improper check in BlpImagePlugin can lead to DoS # https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1 Patch10: Pillow-CVE-2021-28678.patch # CVE-2021-34552 buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function # https://github.com/python-pillow/Pillow/commit/518ee3722a99d7f7d890db82a20bd81c1c0327fb Patch11: Pillow-CVE-2021-34552.patch BuildRequires: freetype-devel BuildRequires: gcc BuildRequires: ghostscript BuildRequires: lcms2-devel BuildRequires: libimagequant-devel BuildRequires: libjpeg-devel BuildRequires: libraqm-devel BuildRequires: libtiff-devel BuildRequires: libwebp-devel BuildRequires: openjpeg2-devel BuildRequires: tk-devel BuildRequires: zlib-devel BuildRequires: python%{python3_pkgversion}-cffi BuildRequires: python%{python3_pkgversion}-devel BuildRequires: python%{python3_pkgversion}-numpy BuildRequires: python%{python3_pkgversion}-olefile BuildRequires: python%{python3_pkgversion}-qt5 BuildRequires: python%{python3_pkgversion}-setuptools %if 0%{?with_docs} BuildRequires: python%{python3_pkgversion}-sphinx BuildRequires: python%{python3_pkgversion}-sphinx_rtd_theme %endif # with_docs BuildRequires: python%{python3_pkgversion}-tkinter # For EpsImagePlugin.py Requires: ghostscript %description Python image processing library, fork of the Python Imaging Library (PIL) This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt), devel (development) and doc (documentation). %package -n python%{python3_pkgversion}-%{srcname} Summary: Python 3 image processing library %{?python_provide:%python_provide python%{python3_pkgversion}-%{srcname}} Provides: python%{python3_pkgversion}-imaging = %{version}-%{release} # For MicImagePlugin.py, FpxImagePlugin.py Requires: python%{python3_pkgversion}-olefile %description -n python%{python3_pkgversion}-%{srcname} Python image processing library, fork of the Python Imaging Library (PIL) This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt), devel (development) and doc (documentation). %package -n python%{python3_pkgversion}-%{srcname}-devel Summary: Development files for %{srcname} Requires: python%{python3_pkgversion}-devel, libjpeg-devel, zlib-devel Requires: python%{python3_pkgversion}-%{srcname}%{?_isa} = %{version}-%{release} %{?python_provide:%python_provide python%{python3_pkgversion}-%{srcname}-devel} Provides: python%{python3_pkgversion}-imaging-devel = %{version}-%{release} %description -n python%{python3_pkgversion}-%{srcname}-devel Development files for %{srcname}. %package -n python%{python3_pkgversion}-%{srcname}-doc Summary: Documentation for %{srcname} BuildArch: noarch Requires: python%{python3_pkgversion}-%{srcname} = %{version}-%{release} %{?python_provide:%python_provide python%{python3_pkgversion}-%{srcname}-doc} Provides: python%{python3_pkgversion}-imaging-doc = %{version}-%{release} Obsoletes: python2-%{srcname}-doc %description -n python%{python3_pkgversion}-%{srcname}-doc Documentation for %{srcname}. %package -n python%{python3_pkgversion}-%{srcname}-tk Summary: Tk interface for %{srcname} Requires: python%{python3_pkgversion}-tkinter Requires: python%{python3_pkgversion}-%{srcname}%{?_isa} = %{version}-%{release} %{?python_provide:%python_provide python%{python3_pkgversion}-%{srcname}-tk} Provides: python%{python3_pkgversion}-imaging-tk = %{version}-%{release} %description -n python%{python3_pkgversion}-%{srcname}-tk Tk interface for %{name}. %package -n python%{python3_pkgversion}-%{srcname}-qt Summary: Qt %{srcname} image wrapper Requires: python%{python3_pkgversion}-qt5 Requires: python%{python3_pkgversion}-%{srcname}%{?_isa} = %{version}-%{release} %{?python_provide:%python_provide python%{python3_pkgversion}-%{srcname}-qt} Provides: python%{python3_pkgversion}-imaging-qt = %{version}-%{release} %description -n python%{python3_pkgversion}-%{srcname}-qt Qt %{srcname} image wrapper. %prep %setup -q -n Pillow-%{version} %patch0 -p1 %patch1 -p1 -b .CVE-2020-35654 %patch2 -p1 -b .CVE-2020-35655 %patch3 -p1 -b .CVE-2021-25293 %patch4 -p1 -b .CVE-2021-25292 %patch5 -p1 -b .CVE-2021-27921 %patch6 -p1 -b .CVE-2021-23437 %patch7 -p1 -b .CVE-2021-28675 %patch8 -p1 -b .CVE-2021-28676 %patch9 -p1 -b .CVE-2021-28677 %patch10 -p1 -b .CVE-2021-28678 %patch11 -p1 -b .CVE-2021-34552 %build %py3_build %if 0%{?with_docs} PYTHONPATH=$PWD/build/%py3_libbuilddir make -C docs html BUILDDIR=_build_py3 SPHINXBUILD=sphinx-build-%python3_version rm -f docs/_build_py3/html/.buildinfo %endif # with_docs %install # Install Python 3 modules install -d %{buildroot}/%{py3_incdir}/Imaging install -m 644 src/libImaging/*.h %{buildroot}/%{py3_incdir}/Imaging %py3_install %check # Check Python 3 modules ln -s $PWD/Images $PWD/build/%py3_libbuilddir/Images cp -R $PWD/Tests $PWD/build/%py3_libbuilddir/Tests cp -R $PWD/selftest.py $PWD/build/%py3_libbuilddir/selftest.py pushd build/%py3_libbuilddir %ifarch ppc64 s390x PYTHONPATH=$PWD %{__python3} selftest.py || : %else PYTHONPATH=$PWD %{__python3} selftest.py %endif popd %files -n python%{python3_pkgversion}-%{srcname} %doc README.rst CHANGES.rst %license docs/COPYING %{python3_sitearch}/* # These are in subpackages %exclude %{python3_sitearch}/PIL/_imagingtk* %exclude %{python3_sitearch}/PIL/ImageTk* %exclude %{python3_sitearch}/PIL/SpiderImagePlugin* %exclude %{python3_sitearch}/PIL/ImageQt* %exclude %{python3_sitearch}/PIL/__pycache__/ImageTk* %exclude %{python3_sitearch}/PIL/__pycache__/SpiderImagePlugin* %exclude %{python3_sitearch}/PIL/__pycache__/ImageQt* %files -n python%{python3_pkgversion}-%{srcname}-devel %{py3_incdir}/Imaging/ %files -n python%{python3_pkgversion}-%{srcname}-doc %if 0%{?with_docs} %doc docs/_build_py3/html %endif # with_docs %files -n python%{python3_pkgversion}-%{srcname}-tk %{python3_sitearch}/PIL/_imagingtk* %{python3_sitearch}/PIL/ImageTk* %{python3_sitearch}/PIL/SpiderImagePlugin* %{python3_sitearch}/PIL/__pycache__/ImageTk* %{python3_sitearch}/PIL/__pycache__/SpiderImagePlugin* %files -n python%{python3_pkgversion}-%{srcname}-qt %{python3_sitearch}/PIL/ImageQt* %{python3_sitearch}/PIL/__pycache__/ImageQt* %changelog * Sat Oct 9 2021 Orion Poplawski - 6.2.2-3 - Backport CVE fixes for CVE-2021-23437 (bz#2001911), CVE-2021-28675 (bz#1958243), CVE-2021-28676 (bz#1958255), CVE-2021-28677 (bz#1958260), CVE-2021-28678 (bz#1958266), CVE-2021-34552 (bz#1982382) * Thu Mar 4 2021 Orion Poplawski - 6.2.2-2 - Backport CVE fixes for CVE-2020-35655, CVE-2020-35654, CVE-2021-25289 (bz#1934684), CVE-2021-25290 (bz#1934689), CVE-2021-25291 (bz#1934696), CVE-2020-35655, CVE-2021-25293 (bz#1934709), CVE-2021-25292 (bz#1934703), CVE-2021-27921 (bz#1935387), CVE-2021-27922 (bz#1935400), CVE-2021-27923 (bz#1935404) * Sat Jan 11 2020 Orion Poplawski - 6.2.2-1 - Update to 6.2.2 (Resolves CVE-2020-5313, CVE-2020-5312, CVE-2020-5311, CVE-2020-5310, bz#1789542) * Tue May 14 2019 Orion Poplawski - 6.0.0-2 - Require python3-qt5 instead of python3-Qt4 * Wed May 08 2019 Orion Poplawski - 6.0.0-1 - Adapt for python3 for EPEL7 * Tue Apr 02 2019 Sandro Mani - 6.0.0-1 - Update to 6.0.0