- update to 8.1.0 (bsc#1180833, bsc#1180834, bsc#1180832):

* Fix TIFF OOB Write error. CVE-2020-35654 
  * Fix for Read Overflow in PCX Decoding. CVE-2020-35653 
  * Fix for SGI Decode buffer overrun. CVE-2020-35655 
  * Fix OOB Read when saving GIF of xsize=1 
  * Makefile updates 
  * Add support for PySide6 
  * Use disposal settings from previous frame in APNG 
  * Added exception explaining that _repr_png_ saves to PNG 
  * Use previous disposal method in GIF load_end 
  * Allow putpalette to accept 1024 integers to include alpha values 
  * Fix OOB Read when writing TIFF with custom Metadata 
  * Added append_images support for ICO 
  * Block TIFFTAG_SUBIFD 
  * Fixed dereferencing potential null pointers 
  * Deprecate FreeType 2.7 
  * Moved warning to end of execution 
  * Removed unused fromstring and tostring C methods 
  * init() if one of the formats is unrecognised 
  * Moved string_dimension CVE image to pillow-depends 
  * Support raw rgba8888 for DDS 
- drop patches python-Pillow-tiff-4.2.0.patch
  python-Pillow-tiff-fix-oob-read.patch (upstream)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=108

Pillow-8.0.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:11c5c6e9b02c9dac08af04f093eb5a2f84857df70a7d4a6a6ad461aca803fb9e
-size 44620531

Pillow-8.1.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:887668e792b7edbfb1d3c9d8b5d8c859269a0f0eba4dda562adb95500f60dbba
+size 44934336

python-Pillow-tiff-4.2.0.patch

@@ -1,14 +0,0 @@
-diff --git a/src/libImaging/TiffDecode.c b/src/libImaging/TiffDecode.c
-index f33cbc6bd6..d86a42915b 100644
---- a/src/libImaging/TiffDecode.c
-+++ b/src/libImaging/TiffDecode.c
-@@ -578,7 +578,7 @@ int ImagingLibTiffMergeFieldInfo(ImagingCodecState state, TIFFDataType field_typ
- 
-     // custom fields added with ImagingLibTiffMergeFieldInfo are only used for
-     // decoding, ignore readcount;
--    int readcount = 0;
-+    int readcount = 1;
-     // we support writing a single value, or a variable number of values
-     int writecount = 1;
-     // whether the first value should encode the number of values.
-

python-Pillow-tiff-fix-oob-read.patch

@@ -1,22 +0,0 @@
-diff --git a/src/libImaging/TiffDecode.c b/src/libImaging/TiffDecode.c
-index bdb524bec2..f33cbc6bd6 100644
---- a/src/libImaging/TiffDecode.c
-+++ b/src/libImaging/TiffDecode.c
-@@ -573,7 +573,6 @@ int ImagingLibTiffEncodeInit(ImagingCodecState state, char *filename, int fp) {
- int ImagingLibTiffMergeFieldInfo(ImagingCodecState state, TIFFDataType field_type, int key, int is_var_length){
-     // Refer to libtiff docs (http://www.simplesystems.org/libtiff/addingtags.html)
-     TIFFSTATE *clientstate = (TIFFSTATE *)state->context;
--    char field_name[10];
-     uint32 n;
-     int status = 0;
- 
-@@ -586,7 +585,7 @@ int ImagingLibTiffMergeFieldInfo(ImagingCodecState state, TIFFDataType field_typ
-     int passcount = 0;
- 
-     TIFFFieldInfo info[] = {
--        { key, readcount, writecount, field_type, FIELD_CUSTOM, 1, passcount, field_name }
-+        { key, readcount, writecount, field_type, FIELD_CUSTOM, 1, passcount, "CustomField" }
-     };
- 
-     if (is_var_length) {
-

python-Pillow.changes

@@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Sun Jan 24 11:00:39 UTC 2021 - Dirk Müller <dmueller@suse.com>
+
+- update to 8.1.0 (bsc#1180833, bsc#1180834, bsc#1180832):
+  * Fix TIFF OOB Write error. CVE-2020-35654 
+  * Fix for Read Overflow in PCX Decoding. CVE-2020-35653 
+  * Fix for SGI Decode buffer overrun. CVE-2020-35655 
+  * Fix OOB Read when saving GIF of xsize=1 
+  * Makefile updates 
+  * Add support for PySide6 
+  * Use disposal settings from previous frame in APNG 
+  * Added exception explaining that _repr_png_ saves to PNG 
+  * Use previous disposal method in GIF load_end 
+  * Allow putpalette to accept 1024 integers to include alpha values 
+  * Fix OOB Read when writing TIFF with custom Metadata 
+  * Added append_images support for ICO 
+  * Block TIFFTAG_SUBIFD 
+  * Fixed dereferencing potential null pointers 
+  * Deprecate FreeType 2.7 
+  * Moved warning to end of execution 
+  * Removed unused fromstring and tostring C methods 
+  * init() if one of the formats is unrecognised 
+  * Moved string_dimension CVE image to pillow-depends 
+  * Support raw rgba8888 for DDS 
+- drop patches python-Pillow-tiff-4.2.0.patch
+  python-Pillow-tiff-fix-oob-read.patch (upstream)
+
 -------------------------------------------------------------------
 Wed Dec 30 11:04:46 UTC 2020 - pgajdos@suse.com
 

python-Pillow.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-Pillow
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,16 +20,12 @@
 %define skip_python2 1
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 Name:           python-Pillow
-Version:        8.0.1
+Version:        8.1.0
 Release:        0
 Summary:        Python Imaging Library (Fork)
 License:        HPND
 URL:            https://python-pillow.org/
 Source:         https://files.pythonhosted.org/packages/source/P/Pillow/Pillow-%{version}.tar.gz
-# https://github.com/python-pillow/Pillow/commit/416f12e772d2b3cb920b18b3625e8b1419d7519e
-Patch0:         python-Pillow-tiff-fix-oob-read.patch
-# https://github.com/python-pillow/Pillow/pull/5153
-Patch1:         python-Pillow-tiff-4.2.0.patch
 BuildRequires:  %{python_module devel}
 BuildRequires:  %{python_module olefile}
 BuildRequires:  %{python_module pytest >= 4.0}
@@ -91,8 +87,6 @@ Python Imaging Library by Fredrik Lundh and Contributors.
 
 %prep
 %setup -q -n Pillow-%{version}
-%patch0 -p1
-%patch1 -p1
 
 %build
 %python_build