From f8e8b2c3ae09f9d9a9eb5ef33e6c5419f427722c10f07f7e598cb08896680e1a Mon Sep 17 00:00:00 2001
From: Oliver Kurz <okurz@suse.com>
Date: Wed, 3 Mar 2021 15:40:24 +0000
Subject: [PATCH] Accepting request 876407 from
 system:homeautomation:home-assistant:unstable

- Update to 8.1.1
  Security
  * CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c.
  * CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size
  * CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
  * CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
  * CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.

  There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow
  did not properly check the reported size of the contained image. These images could cause
  arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie,
  and Akshay Ajayan of ASU.edu.

  Other Changes
  A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed

OBS-URL: https://build.opensuse.org/request/show/876407
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=111
---
 Pillow-8.1.0.tar.gz   |  3 ---
 Pillow-8.1.1.tar.gz   |  3 +++
 python-Pillow.changes | 19 ++++++++++++++++---
 python-Pillow.spec    | 10 ++++++----
 4 files changed, 25 insertions(+), 10 deletions(-)
 delete mode 100644 Pillow-8.1.0.tar.gz
 create mode 100644 Pillow-8.1.1.tar.gz

diff --git a/Pillow-8.1.0.tar.gz b/Pillow-8.1.0.tar.gz
deleted file mode 100644
index d458f3f..0000000
--- a/Pillow-8.1.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:887668e792b7edbfb1d3c9d8b5d8c859269a0f0eba4dda562adb95500f60dbba
-size 44934336
diff --git a/Pillow-8.1.1.tar.gz b/Pillow-8.1.1.tar.gz
new file mode 100644
index 0000000..148850c
--- /dev/null
+++ b/Pillow-8.1.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f6fc18f9c9c7959bf58e6faf801d14fafb6d4717faaf6f79a68c8bb2a13dcf20
+size 44978772
diff --git a/python-Pillow.changes b/python-Pillow.changes
index 99d0572..b6fdf74 100644
--- a/python-Pillow.changes
+++ b/python-Pillow.changes
@@ -1,8 +1,21 @@
 -------------------------------------------------------------------
-Thu Jan 28 15:07:09 UTC 2021 - Oliver Kurz <okurz@suse.com>
+Wed Mar  3 07:41:14 UTC 2021 - Adrian Schröter <adrian@suse.de>
 
-- Fix rpmlint warning about duplicate file definition
-- Fix package build by relying on %python_subpackages for Obsoletes/Conflicts (bsc#1181281)
+- Update to 8.1.1
+  Security
+  * CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c.
+  * CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size
+  * CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
+  * CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
+  * CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
+  
+  There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow
+  did not properly check the reported size of the contained image. These images could cause
+  arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie,
+  and Akshay Ajayan of ASU.edu.
+  
+  Other Changes
+  A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed
 
 -------------------------------------------------------------------
 Sun Jan 24 11:00:39 UTC 2021 - Dirk Müller <dmueller@suse.com>
diff --git a/python-Pillow.spec b/python-Pillow.spec
index 3c59ec2..a04ddd2 100644
--- a/python-Pillow.spec
+++ b/python-Pillow.spec
@@ -20,7 +20,7 @@
 %define skip_python2 1
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 Name:           python-Pillow
-Version:        8.1.0
+Version:        8.1.1
 Release:        0
 Summary:        Python Imaging Library (Fork)
 License:        HPND
@@ -57,8 +57,10 @@ Provides:       %{oldpython}-imaging = %{version}
 Obsoletes:      %{oldpython}-imaging-sane < %{version}
 Provides:       %{oldpython}-imaging-sane = %{version}
 %endif
-Obsoletes:      python-imaging < %{version}
-Provides:       python-imaging = %{version}
+%ifpython3
+Obsoletes:      python3-imaging < %{version}
+Provides:       python3-imaging = %{version}
+%endif
 %python_subpackages
 
 %description
@@ -91,9 +93,9 @@ Python Imaging Library by Fredrik Lundh and Contributors.
 
 %install
 %python_install
+%python_expand %fdupes %{buildroot}%{$python_sitearch}
 # add missing path
 %{python_expand echo "PIL" > %{buildroot}%{$python_sitearch}/PIL.pth}
-%python_expand %fdupes %{buildroot}%{$python_sitearch}
 
 %check
 %{python_expand export PYTHONPATH=%{buildroot}%{$python_sitearch} PYTHONDONTWRITEBYTECODE=1