File python-Pillow.spec of Package python-Pillow
#
# spec file for package python-Pillow
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define oldpython python
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%if 0%{?is_opensuse} || 0%{?suse_version} > 1330
%bcond_without tk
%else
%bcond_with tk
%endif
Name: python-Pillow
Version: 5.2.0
Release: 0
Summary: Python Imaging Library (Fork)
License: HPND
Group: Development/Languages/Python
URL: http://python-imaging.github.io/
Source: https://files.pythonhosted.org/packages/source/P/Pillow/Pillow-%{version}.tar.gz
Source2: test_images_01.tar.gz
Source3: test_images_02.tar.gz
Source4: test_images_03.tar.gz
Source5: test_images_04.tar.gz
# PATCH-FIX-UPSTREAM: 001-Corrected-negative-seeks.patch
# CVE-2019-16865: backport of upstream fix from v6.2.0
# https://github.com/python-pillow/Pillow/pull/4101.patch
Patch1: 001-Corrected-negative-seeks.patch
# PATCH-FIX-UPSTREAM: 002-Added-decompression-bomb-checks.patch
# CVE-2019-16865: backport of upstream fix from v6.2.0
# https://github.com/python-pillow/Pillow/pull/4102.patch
Patch2: 002-Added-decompression-bomb-checks.patch
# PATCH-FIX-UPSTREAM: 003-Raise-error-if-dimension-is-a-string.patch
# CVE-2019-16865: backport of upstream fix from v6.2.0
# https://github.com/python-pillow/Pillow/pull/4103.patch
Patch3: 003-Raise-error-if-dimension-is-a-string.patch
# PATCH-FIX-UPSTREAM: 004-Catch-buffer-overruns.patch
# CVE-2019-16865: backport of upstream fix from v6.2.0
# https://github.com/python-pillow/Pillow/pull/4104.patch
Patch4: 004-Catch-buffer-overruns.patch
# PATCH-FIX-UPSTREAM: 005-Catch-PCX-P-mode-buffer-overrun.patch
# CVE-2020-5312: backport of upstream fix from v6.2.2
# https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd.patch
Patch5: 005-Catch-PCX-P-mode-buffer-overrun.patch
# PATCH-FIX-UPSTREAM: 006-Catch-SGI-buffer-overruns.patch
# CVE-2020-5311: backport of upstream fix from v6.2.2
# https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3.patch
Patch6: 006-Catch-SGI-buffer-overruns.patch
# PATCH-FIX-UPSTREAM: 007-Ensure-previous-FLI-frame-is-loaded.patch
# Fix for https://github.com/python-pillow/Pillow/issues/2649 which uncovers CVE-2020-5313
# backport from v5.4.0
# https://github.com/python-pillow/Pillow/pull/3478.patch
Patch7: 007-Ensure-previous-FLI-frame-is-loaded.patch
# PATCH-FIX-UPSTREAM: 008-Catch-FLI-buffer-overrun.patch
# CVE-2020-5313: backport of upstream fix from v6.2.2
# https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b.patch
Patch8: 008-Catch-FLI-buffer-overrun.patch
# PATCH-FIX-UPSTREAM: 009-Invalid-number-of-bands-in-FPX-image.patch
# CVE-2019-19911: backport of upstream fix from v6.2.2
# https://github.com/python-pillow/Pillow/commit/774e53bb132461d8d5ebefec1162e29ec0ebc63d.patch
Patch9: 009-Invalid-number-of-bands-in-FPX-image.patch
# PATCH-FIX-UPSTREAM: 010-Fix-OOB-reads-in-FLI-decoding.patch
# CVE-2020-10177: backport of upstream fix from v7.1.0
# https://github.com/python-pillow/Pillow/pull/4503.patch
Patch10: 010-Fix-OOB-reads-in-FLI-decoding.patch
# PATCH-FIX-UPSTREAM: 011-Fix-buffer-overflow-in-SGI-RLE-decoding.patch
# CVE-2020-11538: backport of upstream fix from v7.1.0
# https://github.com/python-pillow/Pillow/pull/4504.patch
Patch11: 011-Fix-buffer-overflow-in-SGI-RLE-decoding.patch
# PATCH-FIX-UPSTREAM: 012-Fix-bounds-overflow-in-JPEG-2000-decoding.patch
# CVE-2020-10994: backport of upstream fix from v7.1.0
# https://github.com/python-pillow/Pillow/pull/4505.patch
Patch12: 012-Fix-bounds-overflow-in-JPEG-2000-decoding.patch
# PATCH-FIX-UPSTREAM: 013-Fix-bounds-overflow-in-PCX-decoding.patch
# CVE-2020-10378: backport of upstream fix from v7.1.0
# https://github.com/python-pillow/Pillow/pull/4506.patch
Patch13: 013-Fix-bounds-overflow-in-PCX-decoding.patch
# PATCH-FIX-UPSTREAM: 014-Tests-for-tiff-crashes.patch
# Base change for later CVE test cases + on_ci() helper
# https://github.com/python-pillow/Pillow/pull/4929.patch
Patch14: 014-Tests-for-tiff-crashes.patch
# PATCH-FIX-UPSTREAM: 015-Fix-for-SGI-Decode-buffer-overrun.patch
# CVE-2020-35655: backport of upstream fix from v8.1.0
# https://github.com/python-pillow/Pillow/pull/5173.patch
Patch15: 015-Fix-for-SGI-Decode-buffer-overrun.patch
# PATCH-FIX-UPSTREAM: 016-Fix-OOB-read-in-SgiRleDecode.patch
# CVE-2021-25293: backport of upstream fix from v8.1.1
# https://github.com/python-pillow/Pillow/commit/f891baa604636cd2506a9360d170bc2cf4963cc5.patch
Patch16: 016-Fix-OOB-read-in-SgiRleDecode.patch
# PATCH-FIX-UPSTREAM: 017-Fix-negative-size-read-in-TiffDecode.patch
# CVE-2021-25290: backport of upstream fix from v8.1.1
# https://github.com/python-pillow/Pillow/commit/e25be1e33dc526bfd1094bc778a54d8e29bf66c9.patch
Patch17: 017-Fix-negative-size-read-in-TiffDecode.patch
# PATCH-FIX-UPSTREAM: 018-Use-more-specific-regex-chars-to-prevent-ReDoS.patch
# CVE-2021-25292: backport of upstream fix from v8.1.1
# https://github.com/python-pillow/Pillow/commit/521dab94c7ab72b037bd9a83e9663401e0fd2cee.patch
Patch18: 018-Use-more-specific-regex-chars-to-prevent-ReDoS.patch
# PATCH-FIX-UPSTREAM: 019-Fix-Memory-DOS-in-BLP-ICNS-and-ICO-Image-Plugins.patch
# CVE-2021-27921,CVE-2021-27922,CVE-2021-27923: backport of upstream fix from v8.1.2
# https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973.patch
Patch19: 019-Fix-Memory-DOS-in-BLP-ICNS-and-ICO-Image-Plugins.patch
# PATCH-FIX-UPSTREAM: 020-CVE-2020-35653.patch
# CVE-2020-35653: backport of upstream fix from v8.1.0
# https://github.com/python-pillow/Pillow/pull/5174.patch
Patch20: 020-CVE-2020-35653.patch
# PATCH-FIX-UPSTREAM: 021-CVE-2021-25287+8.patch
# CVE-2021-25287,CVE-2021-25288: backport of upstream fix from v8.2.0
# https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87.patch
Patch21: 021-CVE-2021-25287+8.patch
# PATCH-FIX-UPSTREAM: 022-CVE-2021-28675.patch
# CVE-2021-28675: backport of upstream fix from v8.2.0
# https://github.com/python-pillow/Pillow/commit/22e9bee4ef225c0edbb9323f94c26cee0c623497.patch
Patch22: 022-CVE-2021-28675.patch
# PATCH-FIX-UPSTREAM: 023-CVE-2021-28678.patch
# CVE-2021-28678: backport of upstream fix from v8.2.0
# https://github.com/python-pillow/Pillow/commit/496245aa4365d0827390bd0b6fbd11287453b3a1.patch
Patch23: 023-CVE-2021-28678.patch
# PATCH-FIX-UPSTREAM: 024-CVE-2021-28677.patch
# CVE-2021-28677: backport of upstream fix from v8.2.0
# https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92.patch
Patch24: 024-CVE-2021-28677.patch
# PATCH-FIX-UPSTREAM: 025-CVE-2021-28676.patch
# CVE-2021-28676: backport of upstream fix from v8.2.0
# https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856.patch
Patch25: 025-CVE-2021-28676.patch
# PATCH-FIX-UPSTREAM: 026-CVE-2021-34552.patch
# CVE-2021-34552: backport of upstream fix from v8.3.0
# https://github.com/python-pillow/Pillow/pull/5567.patch
Patch26: 026-CVE-2021-34552.patch
# PATCH-FIX-UPSTREAM: 027-CVE-2021-23437.patch
# CVE-2021-23437: backport of upstream fix from v8.3.2
# https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
Patch27: 027-CVE-2021-23437.patch
# PATCH-FIX-UPSTREAM: 028-CVE-2022-22815.patch
# https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c.patch
Patch28: 028-CVE-2022-22815.patch
# PATCH-FIX-UPSTREAM: 029-CVE-2022-22816.patch
# https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c.patch
Patch29: 029-CVE-2022-22816.patch
# PATCH-FIX-UPSTREAM: 030-CVE-2022-22817.patch
# https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11.patch
Patch30: 030-CVE-2022-22817.patch
# PATCH-FIX-UPSTREAM: CVE-2023-44271.patch gh#python-pillow/Pillow#7244
Patch31: CVE-2023-44271.patch
# PATCH-FIX-UPSTREAM: 032-CVE-2023-50447.patch
# https://github.com/python-pillow/Pillow/commit/02c6183d41c68a8dd080f5739f566bd82485822d.patch
Patch32: 032-CVE-2023-50447.patch
BuildRequires: %{python_module devel}
BuildRequires: %{python_module olefile}
BuildRequires: %{python_module pytest-runner}
BuildRequires: %{python_module pytest}
BuildRequires: %{python_module setuptools}
BuildRequires: fdupes
BuildRequires: freetype2-devel
BuildRequires: libjpeg8-devel
BuildRequires: liblcms2-devel
BuildRequires: libtiff-devel
BuildRequires: libwebp-devel
BuildRequires: python-rpm-macros
BuildRequires: tix
BuildRequires: tk-devel
BuildRequires: unzip
BuildRequires: zlib-devel
Requires: python-olefile
%if %{with tk}
BuildRequires: %{python_module tk}
%endif
%if 0%{?suse_version} > 1315
BuildRequires: openjpeg2-devel
%endif
%ifpython2
# Pillow is a friendly PIL fork which we used to package as 'imaging'
# Without providing python-imaging, all packages requiring it will break
Obsoletes: %{oldpython}-imaging < %{version}
Provides: %{oldpython}-imaging = %{version}
Obsoletes: %{oldpython}-imaging-sane < %{version}
Provides: %{oldpython}-imaging-sane = %{version}
%endif
%ifpython3
Obsoletes: python3-imaging < %{version}
Provides: python3-imaging = %{version}
%endif
%python_subpackages
%description
Pillow is the "friendly" PIL fork by Alex Clark and Contributors. PIL is the
Python Imaging Library by Fredrik Lundh and Contributors.
%package tk
Summary: Python Imaging Library (Fork) - Tcl/Tk Module
Group: Development/Languages/Python
Requires: %{name} = %{version}
Requires: python-tk
%ifpython2
# NOTE: We don't need to conflict with python-imaging here,
# because this package depends on python-Pillow, which already conflicts with python-imaging,
# so this cannot be installed alongside python-imaging
# And we cannot conflict with python-imaging directly, since python-Pillow provides python-imaging
# Just in case, conflict with python-imaging-tk in case it is ever implemented.
Obsoletes: %{oldpython}-imaging-tk < %{version}
Provides: %{oldpython}-imaging-tk = %{version}
%endif
%description tk
Pillow is the "friendly" PIL fork by Alex Clark and Contributors. PIL is the
Python Imaging Library by Fredrik Lundh and Contributors.
%prep
%setup -q -n Pillow-%{version} -a 2
%setup -T -D -n Pillow-%{version} -a 3
%setup -T -D -n Pillow-%{version} -a 4
%setup -T -D -n Pillow-%{version} -a 5
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%build
%python_build
%install
%python_install
%fdupes %{buildroot}%{_prefix}
# add missing path
%{python_expand echo "PIL" > %{buildroot}%{$python_sitearch}/PIL.pth}
%check
%{python_expand export PYTHONPATH=%{buildroot}%{$python_sitearch}
%ifarch ppc ppc64 s390 s390x
$python selftest.py --installed || \
echo "WARNING ignore failure https://github.com/python-pillow/Pillow/issues/1204"
$python setup.py test || \
echo "WARNING ignore failure https://github.com/python-pillow/Pillow/issues/1204"
%else
$python selftest.py --installed
$python setup.py test
%endif
}
%files %{python_files}
%license LICENSE
%doc CHANGES.rst README.rst
%{python_sitearch}/PIL
%{python_sitearch}/PIL.pth
%{python_sitearch}/Pillow-%{version}-py%{python_version}.egg-info
%if %{with tk}
%exclude %{python_sitearch}/PIL/ImageTk*
%exclude %{python_sitearch}/PIL/_imagingtk*
%pycache_only %exclude %{python_sitearch}/PIL/__pycache__/ImageTk.*
%endif
%if %{with tk}
%files %{python_files tk}
%{python_sitearch}/PIL/ImageTk*
%{python_sitearch}/PIL/_imagingtk*
%pycache_only %{python_sitearch}/PIL/__pycache__/ImageTk.*
%endif
%changelog
