- update to 10.3.0 (bsc#1222262, CVE-2024-28219):

* CVE-2024-28219: Use strncpy to avoid buffer overflow #7928
    [radarhere, hugovk]
  * Deprecate eval(), replacing it with lambda_eval() and
    unsafe_eval() #7927 [radarhere, hugovk]
  * Raise ValueError if seeking to greater than offset-sized
    integer in TIFF #7883 [radarhere]
  * Add --report argument to __main__.py to omit supported
    formats #7818 [nulano, radarhere, hugovk]
  * Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918,
    #7920 [radarhere]
  * Fix editable installation with custom build backend and
    configuration options #7658 [nulano, radarhere]
  * Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk,
    radarhere]
  * Determine MPO size from markers, not EXIF data #7884
    [radarhere]
  * Improved conversion from RGB to RGBa, LA and La #7888
    [radarhere]
  * Support FITS images with GZIP_1 compression #7894 [radarhere]
  * Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion,
    radarhere]
  * Raise ValueError if kmeans is negative #7891 [radarhere]
  * Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893
    [radarhere]
  * Raise ValueError for negative values when loading P1-P3 PPM
    images #7882 [radarhere]
  * Added reading of JPEG2000 palettes #7870 [radarhere]
  * Added alpha_quality argument when saving WebP images #7872
    [radarhere]

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=152

pillow-10.2.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e87f0b2c78157e12d7686b27d63c070fd65d994e8ddae6f328e0dcf4a0cd007e
-size 46212712

pillow-10.3.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9d2455fbf44c914840c793e89aa82d0e1763a14253a000743719ae5946814b2d
+size 46572854

python-Pillow.changes

@@ -1,3 +1,81 @@
+-------------------------------------------------------------------
+Wed Apr  3 07:29:31 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 10.3.0 (bsc#1222262, CVE-2024-28219):
+  * CVE-2024-28219: Use strncpy to avoid buffer overflow #7928
+    [radarhere, hugovk]
+  * Deprecate eval(), replacing it with lambda_eval() and
+    unsafe_eval() #7927 [radarhere, hugovk]
+  * Raise ValueError if seeking to greater than offset-sized
+    integer in TIFF #7883 [radarhere]
+  * Add --report argument to __main__.py to omit supported
+    formats #7818 [nulano, radarhere, hugovk]
+  * Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918,
+    #7920 [radarhere]
+  * Fix editable installation with custom build backend and
+    configuration options #7658 [nulano, radarhere]
+  * Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk,
+    radarhere]
+  * Determine MPO size from markers, not EXIF data #7884
+    [radarhere]
+  * Improved conversion from RGB to RGBa, LA and La #7888
+    [radarhere]
+  * Support FITS images with GZIP_1 compression #7894 [radarhere]
+  * Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion,
+    radarhere]
+  * Raise ValueError if kmeans is negative #7891 [radarhere]
+  * Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893
+    [radarhere]
+  * Raise ValueError for negative values when loading P1-P3 PPM
+    images #7882 [radarhere]
+  * Added reading of JPEG2000 palettes #7870 [radarhere]
+  * Added alpha_quality argument when saving WebP images #7872
+    [radarhere]
+  * Fixed joined corners for ImageDraw rounded_rectangle() non-
+    integer dimensions #7881 [radarhere]
+  * Stop reading EPS image at EOF marker #7753 [radarhere]
+  * PSD layer co-ordinates may be negative #7706 [radarhere]
+  * Use subprocess with CREATE_NO_WINDOW flag in ImageShow
+    WindowsViewer #7791 [radarhere]
+  * When saving GIF frame that restores to background color, do
+    not fill identical pixels #7788 [radarhere]
+  * Fixed reading PNG iCCP compression method #7823 [radarhere]
+  * Allow writing IFDRational to UNDEFINED tag #7840 [radarhere]
+  * Fix logged tag name when loading Exif data #7842 [radarhere]
+  * Use maximum frame size in IHDR chunk when saving APNG images
+    #7821 [radarhere]
+  * Prevent opening P TGA images without a palette #7797
+    [radarhere]
+  * Use palette when loading ICO images #7798 [radarhere]
+  * Use consistent arguments for load_read and load_seek #7713
+    [radarhere]
+  * Turn off nullability warnings for macOS SDK #7827 [radarhere]
+  * Fix shift-sign issue in Convert.c #7838 [r-barnes, radarhere]
+  * Open 16-bit grayscale PNGs as I;16 #7849 [radarhere]
+  * Handle truncated chunks at the end of PNG images #7709
+    [lajiyuan, radarhere]
+  * Match mask size to pasted image size in GifImagePlugin #7779
+    [radarhere]
+  * Release GIL while calling WebPAnimDecoderGetNext #7782
+    [evanmiller, radarhere]
+  * Fixed reading FLI/FLC images with a prefix chunk #7804
+    [twolife]
+  * Update wl-paste handling and return None for some errors in
+    grabclipboard() on Linux #7745 [nik012003, radarhere]
+  * Remove execute bit from setup.py #7760 [hugovk]
+  * Do not support using test-image-results to upload images
+    after test failures #7739 [radarhere]
+  * Changed ImageMath.ops to be static #7721 [radarhere]
+  * Fix APNG info after seeking backwards more than twice #7701
+    [esoma, radarhere]
+  * Deprecate ImageCms constants and versions() function #7702
+    [nulano, radarhere]
+  * Added PerspectiveTransform #7699 [radarhere]
+  * Add support for reading and writing grayscale PFM images
+    #7696 [nulano, hugovk]
+  * Add LCMS2 flags to ImageCms #7676 [nulano, radarhere, hugovk]
+  * Rename x64 to AMD64 in winbuild #7693 [nulano]
+
 -------------------------------------------------------------------
 Mon Jan 22 06:00:50 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
 

python-Pillow.spec

@@ -18,7 +18,7 @@
 
 %{?sle15_python_module_pythons}
 Name:           python-Pillow
-Version:        10.2.0
+Version:        10.3.0
 Release:        0
 Summary:        Python Imaging Library (Fork)
 License:        HPND