diff --git a/Pillow-8.1.0.tar.gz b/Pillow-8.1.0.tar.gz deleted file mode 100644 index d458f3f..0000000 --- a/Pillow-8.1.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:887668e792b7edbfb1d3c9d8b5d8c859269a0f0eba4dda562adb95500f60dbba -size 44934336 diff --git a/Pillow-8.1.1.tar.gz b/Pillow-8.1.1.tar.gz new file mode 100644 index 0000000..148850c --- /dev/null +++ b/Pillow-8.1.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f6fc18f9c9c7959bf58e6faf801d14fafb6d4717faaf6f79a68c8bb2a13dcf20 +size 44978772 diff --git a/python-Pillow.changes b/python-Pillow.changes index 99d0572..b6fdf74 100644 --- a/python-Pillow.changes +++ b/python-Pillow.changes @@ -1,8 +1,21 @@ ------------------------------------------------------------------- -Thu Jan 28 15:07:09 UTC 2021 - Oliver Kurz +Wed Mar 3 07:41:14 UTC 2021 - Adrian Schröter -- Fix rpmlint warning about duplicate file definition -- Fix package build by relying on %python_subpackages for Obsoletes/Conflicts (bsc#1181281) +- Update to 8.1.1 + Security + * CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c. + * CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size + * CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile + * CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack. + * CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0. + + There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow + did not properly check the reported size of the contained image. These images could cause + arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie, + and Akshay Ajayan of ASU.edu. + + Other Changes + A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed ------------------------------------------------------------------- Sun Jan 24 11:00:39 UTC 2021 - Dirk Müller diff --git a/python-Pillow.spec b/python-Pillow.spec index 3c59ec2..a04ddd2 100644 --- a/python-Pillow.spec +++ b/python-Pillow.spec @@ -20,7 +20,7 @@ %define skip_python2 1 %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-Pillow -Version: 8.1.0 +Version: 8.1.1 Release: 0 Summary: Python Imaging Library (Fork) License: HPND @@ -57,8 +57,10 @@ Provides: %{oldpython}-imaging = %{version} Obsoletes: %{oldpython}-imaging-sane < %{version} Provides: %{oldpython}-imaging-sane = %{version} %endif -Obsoletes: python-imaging < %{version} -Provides: python-imaging = %{version} +%ifpython3 +Obsoletes: python3-imaging < %{version} +Provides: python3-imaging = %{version} +%endif %python_subpackages %description @@ -91,9 +93,9 @@ Python Imaging Library by Fredrik Lundh and Contributors. %install %python_install +%python_expand %fdupes %{buildroot}%{$python_sitearch} # add missing path %{python_expand echo "PIL" > %{buildroot}%{$python_sitearch}/PIL.pth} -%python_expand %fdupes %{buildroot}%{$python_sitearch} %check %{python_expand export PYTHONPATH=%{buildroot}%{$python_sitearch} PYTHONDONTWRITEBYTECODE=1