File python-Pillow.spec of Package python-Pillow.35230
#
# spec file for package python-Pillow
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define oldpython python
%define skip_python2 1
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-Pillow
Version: 7.2.0
Release: 0
Summary: Python Imaging Library (Fork)
License: HPND
URL: https://python-pillow.org/
Source: https://files.pythonhosted.org/packages/source/P/Pillow/Pillow-%{version}.tar.gz
# Source needed for tests after CVE-2024-28219.patch is applied. It's
# a binary file and can't be part of the diff
# gh#python-pillow/Pillow@2a93aba5cfcf
Source1: sGrey-v2-nano.icc
# Test files from gh#python-pillow/Pillow#5377
# CVE-2021-25287, CVE-2021-25288, CVE-2021-28675, CVE-2021-28676, CVE-2021-28677, CVE-2021-28678
Source2: testfiles.tar.gz
# PATCH-FIX-UPSTREAM: CVE-2023-44271.patch gh#python-pillow/Pillow#7244
Patch0: CVE-2023-44271.patch
# PATCH-FIX-UPSTREAM gh#python-pillow/Pillow#7655
Patch1: CVE-2023-50447-environment-keys-filtering.patch
# PATCH-FIX-UPSTREAM gh#python-pillow/Pillow@2a93aba5cfcf
Patch2: CVE-2024-28219.patch
# PATCH-FIX-UPSTREAM security-fixes-820.patch gh#python-pillow/Pillow#5377
Patch3: security-fixes-820.patch
# CVE-2020-35654
Source3: https://github.com/python-pillow/Pillow/raw/eb8c1206d6b170d4e798a00db7432e023853da5c/Tests/images/crash-2020-10-test.tif
# PATCH-FIX-UPSTREAM CVE-2020-35654.patch gh#python-pillow/Pillow@eb8c1206d6b1
Patch4: CVE-2020-35654.patch
# CVE-2021-25289
Source4: https://github.com/python-pillow/Pillow/raw/cbfdde7b1f2295059a20a539ee9960f0bec7b299/Tests/images/crash-0e16d3bfb83be87356d026d66919deaefca44dac.tif
Source5: https://github.com/python-pillow/Pillow/raw/cbfdde7b1f2295059a20a539ee9960f0bec7b299/Tests/images/crash-1152ec2d1a1a71395b6f2ce6721c38924d025bf3.tif
# PATCH-FIX-UPSTREAM CVE-2021-25289.patch gh#python-pillow/Pillow@cbfdde7b1f22
Patch5: CVE-2021-25289.patch
# PATCH-FIX-UPSTREAM CVE-2021-23437.patch gh#python-pillow/Pillow@9e08eb8f78fd
Patch6: CVE-2021-23437.patch
# CVE-2021-25290
Source6: https://github.com/python-pillow/Pillow/raw/e25be1e33dc526bfd1094bc778a54d8e29bf66c9/Tests/images/crash-0c7e0e8e11ce787078f00b5b0ca409a167f070e0.tif
Source7: https://github.com/python-pillow/Pillow/raw/e25be1e33dc526bfd1094bc778a54d8e29bf66c9/Tests/images/crash-1185209cf7655b5aed8ae5e77784dfdd18ab59e9.tif
Source8: https://github.com/python-pillow/Pillow/raw/e25be1e33dc526bfd1094bc778a54d8e29bf66c9/Tests/images/crash-338516dbd2f0e83caddb8ce256c22db3bd6dc40f.tif
Source9: https://github.com/python-pillow/Pillow/raw/e25be1e33dc526bfd1094bc778a54d8e29bf66c9/Tests/images/crash-4f085cc12ece8cde18758d42608bed6a2a2cfb1c.tif
Source10: https://github.com/python-pillow/Pillow/raw/e25be1e33dc526bfd1094bc778a54d8e29bf66c9/Tests/images/crash-86214e58da443d2b80820cff9677a38a33dcbbca.tif
Source11: https://github.com/python-pillow/Pillow/raw/e25be1e33dc526bfd1094bc778a54d8e29bf66c9/Tests/images/crash-f46f5b2f43c370fe65706c11449f567ecc345e74.tif
# PATCH-FIX-UPSTREAM CVE-2021-25290.patch gh#python-pillow/Pillow@e25be1e33dc5
Patch7: CVE-2021-25290.patch
# PATCH-FIX-UPSTREAM CVE-2021-25292.patch gh#python-pillow/Pillow@521dab94c7ab
Patch8: CVE-2021-25292.patch
# CVE-2021-25293
Source12: https://github.com/python-pillow/Pillow/raw/f891baa604636cd2506a9360d170bc2cf4963cc5/Tests/images/crash-754d9c7ec485ffb76a90eeaab191ef69a2a3a3cd.sgi
Source13: https://github.com/python-pillow/Pillow/raw/f891baa604636cd2506a9360d170bc2cf4963cc5/Tests/images/crash-465703f71a0f0094873a3e0e82c9f798161171b8.sgi
Source14: https://github.com/python-pillow/Pillow/raw/f891baa604636cd2506a9360d170bc2cf4963cc5/Tests/images/crash-64834657ee604b8797bf99eac6a194c124a9a8ba.sgi
Source15: https://github.com/python-pillow/Pillow/raw/f891baa604636cd2506a9360d170bc2cf4963cc5/Tests/images/crash-abcf1c97b8fe42a6c68f1fb0b978530c98d57ced.sgi
Source16: https://github.com/python-pillow/Pillow/raw/f891baa604636cd2506a9360d170bc2cf4963cc5/Tests/images/crash-b82e64d4f3f76d7465b6af535283029eda211259.sgi
Source17: https://github.com/python-pillow/Pillow/raw/f891baa604636cd2506a9360d170bc2cf4963cc5/Tests/images/crash-c1b2595b8b0b92cc5f38b6635e98e3a119ade807.sgi
Source18: https://github.com/python-pillow/Pillow/raw/f891baa604636cd2506a9360d170bc2cf4963cc5/Tests/images/crash-db8bfa78b19721225425530c5946217720d7df4e.sgi
# PATCH-FIX-UPSTREAM CVE-2021-25293.patch gh#python-pillow/Pillow@f891baa60463
Patch9: CVE-2021-25293.patch
# CVE-2021-27921, CVE-2021-27922, CVE-2021-27923
Source19: https://github.com/python-pillow/Pillow/raw/756fff33128a0b643d10518a26ad04b726dd8973/Tests/images/oom-8ed3316a4109213ca96fb8a256a0bfefdece1461.icns
# PATCH-FIX-UPSTREAM CVE-2021-27921.patch gh#python-pillow/Pillow@756fff33128a
Patch10: CVE-2021-27921.patch
# PATCH-FIX-UPSTREAM CVE-2021-34552.patch gh#python-pillow/Pillow#5567
Patch11: CVE-2021-34552.patch
# CVE-2022-22815, CVE-2022-22816
# PATCH-FIX-UPSTREAM CVE-2022-22815.patch gh#python-pillow/Pillow#5920/commits/c48271ab354db49cdbd740bc45e13be4f0f7993c
Patch12: CVE-2022-22815.patch
# CVE-2022-45198
Source20: decompression_bomb_extents.gif
# PATCH-FIX-UPSTREAM CVE-2022-45198.patch gh#python-pillow/Pillow#6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588ea
Patch13: CVE-2022-45198.patch
BuildRequires: %{python_module devel}
BuildRequires: %{python_module olefile}
BuildRequires: %{python_module pytest >= 4.0}
BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module tk}
BuildRequires: fdupes
BuildRequires: libimagequant-devel
BuildRequires: pkgconfig
BuildRequires: python-rpm-macros
BuildRequires: tix
BuildRequires: unzip
BuildRequires: pkgconfig(freetype2)
BuildRequires: pkgconfig(lcms2)
BuildRequires: pkgconfig(libjpeg)
BuildRequires: pkgconfig(libtiff-4)
BuildRequires: pkgconfig(libturbojpeg)
BuildRequires: pkgconfig(libwebp)
BuildRequires: pkgconfig(tk)
BuildRequires: pkgconfig(zlib)
Requires: python-olefile
%if 0%{?suse_version} >= 1500
BuildRequires: pkgconfig(libopenjp2)
%endif
%ifpython2
# Pillow is a friendly PIL fork which we used to package as 'imaging'
# Without providing python-imaging, all packages requiring it will break
Obsoletes: %{oldpython}-imaging < %{version}
Provides: %{oldpython}-imaging = %{version}
Obsoletes: %{oldpython}-imaging-sane < %{version}
Provides: %{oldpython}-imaging-sane = %{version}
%endif
%ifpython3
Obsoletes: python3-imaging < %{version}
Provides: python3-imaging = %{version}
%endif
%python_subpackages
%description
Pillow is the "friendly" PIL fork by Alex Clark and Contributors. PIL is the
Python Imaging Library by Fredrik Lundh and Contributors.
%package tk
Summary: Python Imaging Library (Fork) - Tcl/Tk Module
Requires: %{name} = %{version}
Requires: python-tk
%ifpython2
# NOTE: We don't need to conflict with python-imaging here,
# because this package depends on python-Pillow, which already conflicts with python-imaging,
# so this cannot be installed alongside python-imaging
# And we cannot conflict with python-imaging directly, since python-Pillow provides python-imaging
# Just in case, conflict with python-imaging-tk in case it is ever implemented.
Obsoletes: %{oldpython}-imaging-tk < %{version}
Provides: %{oldpython}-imaging-tk = %{version}
%endif
%description tk
Pillow is the "friendly" PIL fork by Alex Clark and Contributors. PIL is the
Python Imaging Library by Fredrik Lundh and Contributors.
%prep
%autosetup -p1 -n Pillow-%{version}
%build
%python_build
%install
%python_install
%python_expand %fdupes %{buildroot}%{$python_sitearch}
# add missing path
%{python_expand echo "PIL" > %{buildroot}%{$python_sitearch}/PIL.pth}
%check
# Source needed for tests after CVE-2024-28219.patch is applied
cp %{SOURCE1} Tests/icc/sGrey-v2-nano.icc
# Test files from gh#python-pillow/Pillow#5377
# CVE-2021-25287, CVE-2021-25288, CVE-2021-28675, CVE-2021-28676, CVE-2021-28677, CVE-2021-28678
tar xzf %{SOURCE2}
cp testfiles/Tests/fonts/* Tests/fonts/
cp testfiles/Tests/images/* Tests/images/
# CVE-2020-35654
cp %{SOURCE3} Tests/images/
# CVE-2021-25289
cp %{SOURCE4} %{SOURCE5} Tests/images/
# CVE-2021-25290
cp %{SOURCE6} %{SOURCE7} %{SOURCE8} %{SOURCE9} %{SOURCE10} %{SOURCE11} Tests/images/
# CVE-2021-25293
cp %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE17} %{SOURCE18} Tests/images/
# CVE-2021-27921, CVE-2021-27922, CVE-2021-27923
cp %{SOURCE19} Tests/images/
# CVE-2022-45198
cp %{SOURCE20} Tests/images/
%{python_expand export PYTHONPATH=%{buildroot}%{$python_sitearch} PYTHONDONTWRITEBYTECODE=1
%if "%{_arch}" == "s390" || "%{_arch}" == "s390x"
echo "WARNING ignoring tests completely due to https://github.com/python-pillow/Pillow/issues/1204 and segfault"
%else
%if "%{_arch}" == "ppc" || "%{_arch}" == "ppc64"
$python selftest.py --installed || \
echo "WARNING ignore failure https://github.com/python-pillow/Pillow/issues/1204"
pytest-%{$python_bin_suffix} --ignore=_build.python2 --ignore=_build.python3 --ignore=_build.pypy3 -v || \
echo "WARNING ignore failure https://github.com/python-pillow/Pillow/issues/1204"
%else
$python selftest.py --installed
pytest-%{$python_bin_suffix} --ignore=_build.python2 --ignore=_build.python3 --ignore=_build.pypy3 -v -k 'not (test_stroke or test_stroke_multiline)'
%endif
%endif
}
%files %{python_files}
%license LICENSE
%doc CHANGES.rst README.rst
%{python_sitearch}/PIL
%{python_sitearch}/PIL.pth
%{python_sitearch}/Pillow-%{version}-py%{python_version}.egg-info
%exclude %{python_sitearch}/PIL/ImageTk*
%exclude %{python_sitearch}/PIL/_imagingtk*
%pycache_only %exclude %{python_sitearch}/PIL/__pycache__/ImageTk.*
%files %{python_files tk}
%{python_sitearch}/PIL/ImageTk*
%{python_sitearch}/PIL/_imagingtk*
%pycache_only %{python_sitearch}/PIL/__pycache__/ImageTk.*
%changelog
