rpm/python-Pillow
SHA256
1
0
Fork 0
forked from pool/python-Pillow
Code Pull Requests Activity

Accepting request 876407 from system:homeautomation:home-assistant:unstable

Browse Source 
- Update to 8.1.1
  Security
  * CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c.
  * CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size
  * CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
  * CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
  * CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
  
  There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow
  did not properly check the reported size of the contained image. These images could cause
  arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie,
  and Akshay Ajayan of ASU.edu.
  
  Other Changes
  A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed

OBS-URL: https://build.opensuse.org/request/show/876407
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=111
This commit is contained in:
Oliver Kurz 2021-03-03 15:40:24 +00:00 committed by Git OBS Bridge
parent 05eff3008a
commit f8e8b2c3ae
4 changed files with 25 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Pillow-8.1.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:887668e792b7edbfb1d3c9d8b5d8c859269a0f0eba4dda562adb95500f60dbba
size 44934336

3
Pillow-8.1.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f6fc18f9c9c7959bf58e6faf801d14fafb6d4717faaf6f79a68c8bb2a13dcf20
size 44978772

19
python-Pillow.changes
View File

@ -1,8 +1,21 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 28 15:07:09 UTC 2021 - Oliver Kurz <okurz@suse.com> Wed Mar 3 07:41:14 UTC 2021 - Adrian Schröter <adrian@suse.de>
- Fix rpmlint warning about duplicate file definition - Update to 8.1.1
- Fix package build by relying on %python_subpackages for Obsoletes/Conflicts (bsc#1181281) Security
* CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c.
* CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size
* CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
* CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
* CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow
did not properly check the reported size of the contained image. These images could cause
arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie,
and Akshay Ajayan of ASU.edu.
Other Changes
A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Jan 24 11:00:39 UTC 2021 - Dirk Müller <dmueller@suse.com> Sun Jan 24 11:00:39 UTC 2021 - Dirk Müller <dmueller@suse.com>

10
python-Pillow.spec
View File

@ -20,7 +20,7 @@
%define skip_python2 1 %define skip_python2 1
%{?!python_module:%define python_module() python-%{**} python3-%{**}} %{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-Pillow Name: python-Pillow
Version: 8.1.0 Version: 8.1.1
Release: 0 Release: 0
Summary: Python Imaging Library (Fork) Summary: Python Imaging Library (Fork)
License: HPND License: HPND
@ -57,8 +57,10 @@ Provides: %{oldpython}-imaging = %{version}
Obsoletes: %{oldpython}-imaging-sane < %{version} Obsoletes: %{oldpython}-imaging-sane < %{version}
Provides: %{oldpython}-imaging-sane = %{version} Provides: %{oldpython}-imaging-sane = %{version}
%endif %endif
Obsoletes: python-imaging < %{version} %ifpython3
Provides: python-imaging = %{version} Obsoletes: python3-imaging < %{version}
Provides: python3-imaging = %{version}
%endif
%python_subpackages %python_subpackages
%description %description
@ -91,9 +93,9 @@ Python Imaging Library by Fredrik Lundh and Contributors.
%install %install
%python_install %python_install
%python_expand %fdupes %{buildroot}%{$python_sitearch}
# add missing path # add missing path
%{python_expand echo "PIL" > %{buildroot}%{$python_sitearch}/PIL.pth} %{python_expand echo "PIL" > %{buildroot}%{$python_sitearch}/PIL.pth}
%python_expand %fdupes %{buildroot}%{$python_sitearch}
%check %check
%{python_expand export PYTHONPATH=%{buildroot}%{$python_sitearch} PYTHONDONTWRITEBYTECODE=1 %{python_expand export PYTHONPATH=%{buildroot}%{$python_sitearch} PYTHONDONTWRITEBYTECODE=1