Accepting request 876407 from system:homeautomation:home-assistant:unstable

- Update to 8.1.1 Security * CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c. * CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size * CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile * CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack. * CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0. There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow did not properly check the reported size of the contained image. These images could cause arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan of ASU.edu. Other Changes A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed OBS-URL: https://build.opensuse.org/request/show/876407 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=111
2021-03-03 15:40:24 +00:00 · 2021-03-03 15:40:24 +00:00 · f8e8b2c3ae
commit f8e8b2c3ae
parent 05eff3008a
4 changed files with 25 additions and 10 deletions
--- a/Pillow-8.1.0.tar.gz
+++ b/Pillow-8.1.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:887668e792b7edbfb1d3c9d8b5d8c859269a0f0eba4dda562adb95500f60dbba
-size 44934336
--- a/Pillow-8.1.1.tar.gz
+++ b/Pillow-8.1.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f6fc18f9c9c7959bf58e6faf801d14fafb6d4717faaf6f79a68c8bb2a13dcf20
+size 44978772
--- a/python-Pillow.changes
+++ b/python-Pillow.changes
@ -1,8 +1,21 @@
 -------------------------------------------------------------------
-Thu Jan 28 15:07:09 UTC 2021 - Oliver Kurz <okurz@suse.com>
+Wed Mar  3 07:41:14 UTC 2021 - Adrian Schröter <adrian@suse.de>

- Fix rpmlint warning about duplicate file definition
- Fix package build by relying on %python_subpackages for Obsoletes/Conflicts (bsc#1181281)
+- Update to 8.1.1
+  Security
+  * CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c.
+  * CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size
+  * CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
+  * CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
+  * CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
+  
+  There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow
+  did not properly check the reported size of the contained image. These images could cause
+  arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie,
+  and Akshay Ajayan of ASU.edu.
+  
+  Other Changes
+  A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed

 -------------------------------------------------------------------
 Sun Jan 24 11:00:39 UTC 2021 - Dirk Müller <dmueller@suse.com>
--- a/python-Pillow.spec
+++ b/python-Pillow.spec
@ -20,7 +20,7 @@
 %define skip_python2 1
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 Name:           python-Pillow
-Version:        8.1.0
+Version:        8.1.1
 Release:        0
 Summary:        Python Imaging Library (Fork)
 License:        HPND
@ -57,8 +57,10 @@ Provides:       %{oldpython}-imaging = %{version}
 Obsoletes:      %{oldpython}-imaging-sane < %{version}
 Provides:       %{oldpython}-imaging-sane = %{version}
 %endif
-Obsoletes:      python-imaging < %{version}
-Provides:       python-imaging = %{version}
+%ifpython3
+Obsoletes:      python3-imaging < %{version}
+Provides:       python3-imaging = %{version}
+%endif
 %python_subpackages

 %description
@ -91,9 +93,9 @@ Python Imaging Library by Fredrik Lundh and Contributors.

 %install
 %python_install
+%python_expand %fdupes %{buildroot}%{$python_sitearch}
 # add missing path
 %{python_expand echo "PIL" > %{buildroot}%{$python_sitearch}/PIL.pth}
-%python_expand %fdupes %{buildroot}%{$python_sitearch}

 %check
 %{python_expand export PYTHONPATH=%{buildroot}%{$python_sitearch} PYTHONDONTWRITEBYTECODE=1