rpms
/
python-pillow
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import python-pillow-5.1.1-11.el8

This commit is contained in:
CentOS Sources 2020-04-24 03:33:54 +00:00 committed by Andrew Lukoshko
commit 8863b0f70c
9 changed files with 1191 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/Pillow-5.1.1.tar.gz

1
.python-pillow.metadata Normal file
View File

@ -0,0 +1 @@
2120f1bbf8d39cb0f1a5a50fb79b993e8b75851c SOURCES/Pillow-5.1.1.tar.gz

42
SOURCES/0001-Fix-potential-un-terminated-buffer-problem-CWE-120.patch Normal file
View File

@ -0,0 +1,42 @@
From b78ede45a294b567d27d7198ff3354df86a5b7f1 Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Tue, 11 Sep 2018 15:58:31 +0200
Subject: [PATCH 1/2] Fix potential un-terminated buffer problem (CWE-120)
---
src/libImaging/Histo.c | 4 +++-
src/libImaging/Palette.c | 3 ++-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/libImaging/Histo.c b/src/libImaging/Histo.c
index 0bfc8dfe..2b35873e 100644
--- a/src/libImaging/Histo.c
+++ b/src/libImaging/Histo.c
@@ -41,7 +41,9 @@ ImagingHistogramNew(Imaging im)
/* Create histogram descriptor */
h = calloc(1, sizeof(struct ImagingHistogramInstance));
- strncpy(h->mode, im->mode, IMAGING_MODE_LENGTH);
+ strncpy(h->mode, im->mode, IMAGING_MODE_LENGTH-1);
+ h->mode[IMAGING_MODE_LENGTH-1] = 0;
+
h->bands = im->bands;
h->histogram = calloc(im->pixelsize, 256 * sizeof(long));
diff --git a/src/libImaging/Palette.c b/src/libImaging/Palette.c
index 31c2c024..7aee6e8e 100644
--- a/src/libImaging/Palette.c
+++ b/src/libImaging/Palette.c
@@ -37,7 +37,8 @@ ImagingPaletteNew(const char* mode)
if (!palette)
return (ImagingPalette) ImagingError_MemoryError();
- strncpy(palette->mode, mode, IMAGING_MODE_LENGTH);
+ strncpy(palette->mode, mode, IMAGING_MODE_LENGTH-1);
+ palette->mode[IMAGING_MODE_LENGTH-1] = 0;
/* Initialize to ramp */
for (i = 0; i < 256; i++) {
--
2.17.1

258
SOURCES/0002-Fix-potential-leaked-storage-issues-CWE-772.patch Normal file
View File

@ -0,0 +1,258 @@
From 6adac809e96c8bfeb50a3bd14570a8118bcd5d65 Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Thu, 13 Sep 2018 12:22:11 +0200
Subject: [PATCH 2/2] Fix potential leaked storage issues (CWE-772)
---
src/Tk/tkImaging.c | 2 ++
src/_imaging.c | 15 +++++++++++++--
src/encode.c | 12 +++++++++---
src/libImaging/Histo.c | 12 +++++++++---
src/libImaging/Quant.c | 2 ++
src/libImaging/QuantOctree.c | 1 +
src/libImaging/Resample.c | 2 ++
src/path.c | 8 ++++++--
8 files changed, 44 insertions(+), 10 deletions(-)
diff --git a/src/Tk/tkImaging.c b/src/Tk/tkImaging.c
index f448be16..10090b0e 100644
--- a/src/Tk/tkImaging.c
+++ b/src/Tk/tkImaging.c
@@ -442,6 +442,7 @@ int load_tkinter_funcs(void)
/* Try loading from the main program namespace first */
main_program = dlopen(NULL, RTLD_LAZY);
if (_func_loader(main_program) == 0) {
+ dlclose(main_program);
return 0;
}
/* Clear exception triggered when we didn't find symbols above */
@@ -470,6 +471,7 @@ int load_tkinter_funcs(void)
/* dlclose probably safe because tkinter has been imported. */
dlclose(tkinter_lib);
exit:
+ dlclose(main_program);
Py_XDECREF(pModule);
Py_XDECREF(pString);
return ret;
diff --git a/src/_imaging.c b/src/_imaging.c
index 11f5f6ea..445470bf 100644
--- a/src/_imaging.c
+++ b/src/_imaging.c
@@ -856,8 +856,10 @@ _gaussian_blur(ImagingObject* self, PyObject* args)
if (!imOut)
return NULL;
- if (!ImagingGaussianBlur(imOut, imIn, radius, passes))
+ if (!ImagingGaussianBlur(imOut, imIn, radius, passes)) {
+ ImagingDelete(imOut);
return NULL;
+ }
return PyImagingNew(imOut);
}
@@ -1745,8 +1747,10 @@ _box_blur(ImagingObject* self, PyObject* args)
if (!imOut)
return NULL;
- if (!ImagingBoxBlur(imOut, imIn, radius, n))
+ if (!ImagingBoxBlur(imOut, imIn, radius, n)) {
+ ImagingDelete(imOut);
return NULL;
+ }
return PyImagingNew(imOut);
}
@@ -2386,6 +2390,7 @@ _draw_arc(ImagingDrawObject* self, PyObject* args)
return NULL;
if (n != 2) {
PyErr_SetString(PyExc_TypeError, must_be_two_coordinates);
+ free(xy);
return NULL;
}
@@ -2423,6 +2428,7 @@ _draw_bitmap(ImagingDrawObject* self, PyObject* args)
PyErr_SetString(PyExc_TypeError,
"coordinate list must contain exactly 1 coordinate"
);
+ free(xy);
return NULL;
}
@@ -2458,6 +2464,7 @@ _draw_chord(ImagingDrawObject* self, PyObject* args)
return NULL;
if (n != 2) {
PyErr_SetString(PyExc_TypeError, must_be_two_coordinates);
+ free(xy);
return NULL;
}
@@ -2493,6 +2500,7 @@ _draw_ellipse(ImagingDrawObject* self, PyObject* args)
return NULL;
if (n != 2) {
PyErr_SetString(PyExc_TypeError, must_be_two_coordinates);
+ free(xy);
return NULL;
}
@@ -2674,6 +2682,7 @@ _draw_pieslice(ImagingDrawObject* self, PyObject* args)
return NULL;
if (n != 2) {
PyErr_SetString(PyExc_TypeError, must_be_two_coordinates);
+ free(xy);
return NULL;
}
@@ -2712,6 +2721,7 @@ _draw_polygon(ImagingDrawObject* self, PyObject* args)
PyErr_SetString(PyExc_TypeError,
"coordinate list must contain at least 2 coordinates"
);
+ free(xy);
return NULL;
}
@@ -2754,6 +2764,7 @@ _draw_rectangle(ImagingDrawObject* self, PyObject* args)
return NULL;
if (n != 2) {
PyErr_SetString(PyExc_TypeError, must_be_two_coordinates);
+ free(xy);
return NULL;
}
diff --git a/src/encode.c b/src/encode.c
index ae4277c0..9f7c6592 100644
--- a/src/encode.c
+++ b/src/encode.c
@@ -552,11 +552,15 @@ PyImaging_ZipEncoderNew(PyObject* self, PyObject* args)
dictionary = NULL;
encoder = PyImaging_EncoderNew(sizeof(ZIPSTATE));
- if (encoder == NULL)
+ if (encoder == NULL) {
+ free(dictionary);
return NULL;
+ }
- if (get_packer(encoder, mode, rawmode) < 0)
+ if (get_packer(encoder, mode, rawmode) < 0) {
+ free(dictionary);
return NULL;
+ }
encoder->encode = ImagingZipEncode;
encoder->cleanup = ImagingZipEncodeCleanup;
@@ -717,8 +721,10 @@ PyImaging_JpegEncoderNew(PyObject* self, PyObject* args)
if (rawExif && rawExifLen > 0) {
/* malloc check ok, length is from python parsearg */
char* pp = malloc(rawExifLen); // Freed in JpegEncode, Case 5
- if (!pp)
+ if (!pp) {
+ if (extra) free(extra);
return PyErr_NoMemory();
+ }
memcpy(pp, rawExif, rawExifLen);
rawExif = pp;
} else
diff --git a/src/libImaging/Histo.c b/src/libImaging/Histo.c
index 2b35873e..b7c1a983 100644
--- a/src/libImaging/Histo.c
+++ b/src/libImaging/Histo.c
@@ -82,8 +82,10 @@ ImagingGetHistogram(Imaging im, Imaging imMask, void* minmax)
h->histogram[im->image8[y][x]]++;
ImagingSectionLeave(&cookie);
} else { /* yes, we need the braces. C isn't Python! */
- if (im->type != IMAGING_TYPE_UINT8)
+ if (im->type != IMAGING_TYPE_UINT8) {
+ ImagingHistogramDelete(h);
return ImagingError_ModeError();
+ }
ImagingSectionEnter(&cookie);
for (y = 0; y < im->ysize; y++) {
UINT8* in = (UINT8*) im->image32[y];
@@ -122,8 +124,10 @@ ImagingGetHistogram(Imaging im, Imaging imMask, void* minmax)
ImagingSectionLeave(&cookie);
break;
case IMAGING_TYPE_INT32:
- if (!minmax)
+ if (!minmax) {
+ ImagingHistogramDelete(h);
return ImagingError_ValueError("min/max not given");
+ }
if (!im->xsize || !im->ysize)
break;
imin = ((INT32*) minmax)[0];
@@ -143,8 +147,10 @@ ImagingGetHistogram(Imaging im, Imaging imMask, void* minmax)
ImagingSectionLeave(&cookie);
break;
case IMAGING_TYPE_FLOAT32:
- if (!minmax)
+ if (!minmax) {
+ ImagingHistogramDelete(h);
return ImagingError_ValueError("min/max not given");
+ }
if (!im->xsize || !im->ysize)
break;
fmin = ((FLOAT32*) minmax)[0];
diff --git a/src/libImaging/Quant.c b/src/libImaging/Quant.c
index df313816..b94dc6e1 100644
--- a/src/libImaging/Quant.c
+++ b/src/libImaging/Quant.c
@@ -568,6 +568,8 @@ split(BoxNode *node)
left=malloc(sizeof(BoxNode));
right=malloc(sizeof(BoxNode));
if (!left||!right) {
+ free(left);
+ free(right);
return 0;
}
for(i=0;i<3;i++) {
diff --git a/src/libImaging/QuantOctree.c b/src/libImaging/QuantOctree.c
index e18ab3c6..d778c942 100644
--- a/src/libImaging/QuantOctree.c
+++ b/src/libImaging/QuantOctree.c
@@ -470,6 +470,7 @@ error:
free(qp);
free_color_cube(lookupCube);
free_color_cube(coarseLookupCube);
+ free(paletteBuckets);
free(paletteBucketsCoarse);
free(paletteBucketsFine);
free_color_cube(coarseCube);
diff --git a/src/libImaging/Resample.c b/src/libImaging/Resample.c
index cda005d9..b90395e8 100644
--- a/src/libImaging/Resample.c
+++ b/src/libImaging/Resample.c
@@ -538,6 +538,8 @@ ImagingResampleInner(Imaging imIn, int xsize, int ysize,
if ( ! ksize_vert) {
free(bounds_horiz);
free(kk_horiz);
+ free(bounds_vert);
+ free(kk_vert);
return NULL;
}
diff --git a/src/path.c b/src/path.c
index b56ea838..5984a3d1 100644
--- a/src/path.c
+++ b/src/path.c
@@ -82,12 +82,16 @@ path_new(Py_ssize_t count, double* xy, int duplicate)
xy = p;
}
- if (PyType_Ready(&PyPathType) < 0)
+ if (PyType_Ready(&PyPathType) < 0) {
+ free(xy);
return NULL;
+ }
path = PyObject_New(PyPathObject, &PyPathType);
- if (path == NULL)
+ if (path == NULL) {
+ free(xy);
return NULL;
+ }
path->count = count;
path->xy = xy;
--
2.17.1

50
SOURCES/0003-Fix-dereferencing-type-punned-pointer.patch Normal file
View File

@ -0,0 +1,50 @@
From e705cd1476f04a918aae34f638b502116cb12eba Mon Sep 17 00:00:00 2001
From: Jon Dufresne <jon.dufresne@gmail.com>
Date: Tue, 3 Apr 2018 20:36:09 -0700
Subject: [PATCH] Fix dereferencing type-punned pointer will break
strict-aliasing
Compiler warning appeared as:
src/path.c:574:22: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
Py_TYPE(&item)->tp_name);
^~~~~~~
As item is already of type PyObject*, and the Py_TYPE macro is
equivalent to (((PyObject*)(o))->ob_type), no need for the dereference.
https://docs.python.org/3/c-api/structures.html#c.Py_TYPE
---
Tests/test_imagepath.py | 5 +++++
src/path.c | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/Tests/test_imagepath.py b/Tests/test_imagepath.py
index 14cc4d14b..98a6d3416 100644
--- a/Tests/test_imagepath.py
+++ b/Tests/test_imagepath.py
@@ -17,6 +17,11 @@ def test_path(self):
self.assertEqual(p[0], (0.0, 1.0))
self.assertEqual(p[-1], (8.0, 9.0))
self.assertEqual(list(p[:1]), [(0.0, 1.0)])
+ with self.assertRaises(TypeError) as cm:
+ p['foo']
+ self.assertEqual(
+ str(cm.exception),
+ "Path indices must be integers, not str")
self.assertEqual(
list(p),
[(0.0, 1.0), (2.0, 3.0), (4.0, 5.0), (6.0, 7.0), (8.0, 9.0)])
diff --git a/src/path.c b/src/path.c
index b56ea838e..d1c18c8ed 100644
--- a/src/path.c
+++ b/src/path.c
@@ -571,7 +571,7 @@ path_subscript(PyPathObject* self, PyObject* item) {
else {
PyErr_Format(PyExc_TypeError,
"Path indices must be integers, not %.200s",
- Py_TYPE(&item)->tp_name);
+ Py_TYPE(item)->tp_name);
return NULL;
}
}

83
SOURCES/CVE-2020-5311.patch Normal file
View File

@ -0,0 +1,83 @@
From 1dd0fb64bd3cc221b5877ece4ce2f300245b638f Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Mon, 17 Feb 2020 14:19:32 +0100
Subject: [PATCH] CVE-2020-5311
---
src/libImaging/SgiRleDecode.c | 23 +++++++++++++++++------
1 file changed, 17 insertions(+), 6 deletions(-)
diff --git a/src/libImaging/SgiRleDecode.c b/src/libImaging/SgiRleDecode.c
index 39e7b3a..6367ae7 100644
--- a/src/libImaging/SgiRleDecode.c
+++ b/src/libImaging/SgiRleDecode.c
@@ -25,7 +25,7 @@ static void read4B(UINT32* dest, UINT8* buf)
*dest = (UINT32)((buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]);
}
-static int expandrow(UINT8* dest, UINT8* src, int n, int z)
+static int expandrow(UINT8* dest, UINT8* src, int n, int z, int xsize)
{
UINT8 pixel, count;
@@ -37,6 +37,9 @@ static int expandrow(UINT8* dest, UINT8* src, int n, int z)
count = pixel & RLE_MAX_RUN;
if (!count)
return count;
+ if (count > xsize) {
+ return -1;
+ }
if (pixel & RLE_COPY_FLAG) {
while(count--) {
*dest = *src++;
@@ -56,7 +59,7 @@ static int expandrow(UINT8* dest, UINT8* src, int n, int z)
return 0;
}
-static int expandrow2(UINT16* dest, UINT16* src, int n, int z)
+static int expandrow2(UINT16* dest, UINT16* src, int n, int z, int xsize)
{
UINT8 pixel, count;
@@ -70,6 +73,9 @@ static int expandrow2(UINT16* dest, UINT16* src, int n, int z)
count = pixel & RLE_MAX_RUN;
if (!count)
return count;
+ if (count > xsize) {
+ return -1;
+ }
if (pixel & RLE_COPY_FLAG) {
while(count--) {
*dest = *src++;
@@ -95,6 +101,7 @@ ImagingSgiRleDecode(Imaging im, ImagingCodecState state,
UINT8 *ptr;
SGISTATE *c;
int err = 0;
+ int status;
/* Get all data from File descriptor */
c = (SGISTATE*)state->context;
@@ -163,12 +170,16 @@ ImagingSgiRleDecode(Imaging im, ImagingCodecState state,
/* row decompression */
if (c->bpc ==1) {
- if(expandrow(&state->buffer[c->channo], &ptr[c->rleoffset], c->rlelength, im->bands))
- goto sgi_finish_decode;
+ status = expandrow(&state->buffer[c->channo], &ptr[c->rleoffset], c->rlelength, im->bands, im->xsize);
}
else {
- if(expandrow2((UINT16*)&state->buffer[c->channo * 2], (UINT16*)&ptr[c->rleoffset], c->rlelength, im->bands))
- goto sgi_finish_decode;
+ status = expandrow2(&state->buffer[c->channo * 2], &ptr[c->rleoffset], c->rlelength, im->bands, im->xsize);
+ }
+ if (status == -1) {
+ state->errcode = IMAGING_CODEC_OVERRUN;
+ return -1;
+ } else if (status == 1) {
+ goto sgi_finish_decode;
}
state->count += c->rlelength;
--
2.24.1

183
SOURCES/CVE-2020-5312_CVE-2019-16865.patch Normal file
View File

@ -0,0 +1,183 @@
From cc9658731ba1ea291f83ea959acc27ac28384a2c Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Fri, 14 Feb 2020 11:14:53 +0100
Subject: [PATCH] Combined fix for CVE-2020-5312 and CVE-2019-16865
---
src/PIL/GifImagePlugin.py | 1 +
src/PIL/IcoImagePlugin.py | 1 +
src/PIL/PsdImagePlugin.py | 6 ++++--
src/PIL/TiffImagePlugin.py | 4 ++--
src/libImaging/FliDecode.c | 14 +++++++++++---
src/libImaging/PcxDecode.c | 8 ++++++++
src/libImaging/RawDecode.c | 11 +++++++++--
src/libImaging/SgiRleDecode.c | 5 +++++
8 files changed, 41 insertions(+), 9 deletions(-)
diff --git a/src/PIL/GifImagePlugin.py b/src/PIL/GifImagePlugin.py
index c01adff..99af4a5 100644
--- a/src/PIL/GifImagePlugin.py
+++ b/src/PIL/GifImagePlugin.py
@@ -251,6 +251,7 @@ class GifImageFile(ImageFile.ImageFile):
self.dispose = None
elif self.disposal_method == 2:
# replace with background colour
+ Image._decompression_bomb_check(self.size)
self.dispose = Image.core.fill("P", self.size,
self.info["background"])
else:
diff --git a/src/PIL/IcoImagePlugin.py b/src/PIL/IcoImagePlugin.py
index 428fdd4..2b6d1e0 100644
--- a/src/PIL/IcoImagePlugin.py
+++ b/src/PIL/IcoImagePlugin.py
@@ -167,6 +167,7 @@ class IcoFile(object):
else:
# XOR + AND mask bmp frame
im = BmpImagePlugin.DibImageFile(self.buf)
+ Image._decompression_bomb_check(im.size)
# change tile dimension to only encompass XOR image
im.size = (im.size[0], int(im.size[1] / 2))
diff --git a/src/PIL/PsdImagePlugin.py b/src/PIL/PsdImagePlugin.py
index f6e04f7..fe2a2ff 100644
--- a/src/PIL/PsdImagePlugin.py
+++ b/src/PIL/PsdImagePlugin.py
@@ -209,9 +209,11 @@ def _layerinfo(file):
# skip over blend flags and extra information
filler = read(12)
name = ""
- size = i32(read(4))
+ size = i32(read(4)) # length of the extra data field
combined = 0
if size:
+ data_end = file.tell() + size
+
length = i32(read(4))
if length:
mask_y = i32(read(4))
@@ -233,7 +235,7 @@ def _layerinfo(file):
name = read(length).decode('latin-1', 'replace')
combined += length + 1
- file.seek(size - combined, 1)
+ file.seek(data_end)
layers.append((name, mode, (x0, y0, x1, y1)))
# get tiles
diff --git a/src/PIL/TiffImagePlugin.py b/src/PIL/TiffImagePlugin.py
index f903918..b9a1ef7 100644
--- a/src/PIL/TiffImagePlugin.py
+++ b/src/PIL/TiffImagePlugin.py
@@ -1170,8 +1170,8 @@ class TiffImageFile(ImageFile.ImageFile):
print("- fill_order:", fillorder)
# size
- xsize = self.tag_v2.get(IMAGEWIDTH)
- ysize = self.tag_v2.get(IMAGELENGTH)
+ xsize = int(self.tag_v2.get(IMAGEWIDTH))
+ ysize = int(self.tag_v2.get(IMAGELENGTH))
self.size = xsize, ysize
if DEBUG:
diff --git a/src/libImaging/FliDecode.c b/src/libImaging/FliDecode.c
index 6d22c6c..a99aca8 100644
--- a/src/libImaging/FliDecode.c
+++ b/src/libImaging/FliDecode.c
@@ -30,7 +30,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
{
UINT8* ptr;
int framesize;
- int c, chunks;
+ int c, chunks, advance;
int l, lines;
int i, j, x = 0, y, ymax;
@@ -59,10 +59,16 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
chunks = I16(ptr+6);
ptr += 16;
+ bytes -= 16;
/* Process subchunks */
for (c = 0; c < chunks; c++) {
- UINT8 *data = ptr + 6;
+ UINT8* data;
+ if (bytes < 10) {
+ state->errcode = IMAGING_CODEC_OVERRUN;
+ return -1;
+ }
+ data = ptr + 6;
switch (I16(ptr+4)) {
case 4: case 11:
/* FLI COLOR chunk */
@@ -198,7 +204,9 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
state->errcode = IMAGING_CODEC_UNKNOWN;
return -1;
}
- ptr += I32(ptr);
+ advance = I32(ptr);
+ ptr += advance;
+ bytes -= advance;
}
return -1; /* end of frame */
diff --git a/src/libImaging/PcxDecode.c b/src/libImaging/PcxDecode.c
index e5417f1..aaf5867 100644
--- a/src/libImaging/PcxDecode.c
+++ b/src/libImaging/PcxDecode.c
@@ -22,6 +22,14 @@ ImagingPcxDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
UINT8 n;
UINT8* ptr;
+ if (strcmp(im->mode, "1") == 0 && state->xsize > state->bytes * 8) {
+ state->errcode = IMAGING_CODEC_OVERRUN;
+ return -1;
+ } else if (strcmp(im->mode, "P") == 0 && state->xsize > state->bytes) {
+ state->errcode = IMAGING_CODEC_OVERRUN;
+ return -1;
+ }
+
ptr = buf;
for (;;) {
diff --git a/src/libImaging/RawDecode.c b/src/libImaging/RawDecode.c
index 40c0cb7..d4b7994 100644
--- a/src/libImaging/RawDecode.c
+++ b/src/libImaging/RawDecode.c
@@ -33,8 +33,15 @@ ImagingRawDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
/* get size of image data and padding */
state->bytes = (state->xsize * state->bits + 7) / 8;
- rawstate->skip = (rawstate->stride) ?
- rawstate->stride - state->bytes : 0;
+ if (rawstate->stride) {
+ rawstate->skip = rawstate->stride - state->bytes;
+ if (rawstate->skip < 0) {
+ state->errcode = IMAGING_CODEC_CONFIG;
+ return -1;
+ }
+ } else {
+ rawstate->skip = 0;
+ }
/* check image orientation */
if (state->ystep < 0) {
diff --git a/src/libImaging/SgiRleDecode.c b/src/libImaging/SgiRleDecode.c
index 9d8e563..39e7b3a 100644
--- a/src/libImaging/SgiRleDecode.c
+++ b/src/libImaging/SgiRleDecode.c
@@ -156,6 +156,11 @@ ImagingSgiRleDecode(Imaging im, ImagingCodecState state,
c->rlelength = c->lengthtab[c->rowno + c->channo * im->ysize];
c->rleoffset -= SGI_HEADER_SIZE;
+ if (c->rleoffset + c->rlelength > c->bufsize) {
+ state->errcode = IMAGING_CODEC_OVERRUN;
+ return -1;
+ }
+
/* row decompression */
if (c->bpc ==1) {
if(expandrow(&state->buffer[c->channo], &ptr[c->rleoffset], c->rlelength, im->bands))
--
2.24.1

38
SOURCES/CVE-2020-5313.patch Normal file
View File

@ -0,0 +1,38 @@
From 697957b79a9473f0f643051265885fb048395127 Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Wed, 4 Mar 2020 10:54:54 +0100
Subject: [PATCH] CVE-2020-5313
---
src/libImaging/FliDecode.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/libImaging/FliDecode.c b/src/libImaging/FliDecode.c
index a99aca8..72ba138 100644
--- a/src/libImaging/FliDecode.c
+++ b/src/libImaging/FliDecode.c
@@ -40,8 +40,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
return 0;
/* We don't decode anything unless we have a full chunk in the
- input buffer (on the other hand, the Python part of the driver
- makes sure this is always the case) */
+ input buffer */
ptr = buf;
@@ -52,6 +51,11 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
/* Make sure this is a frame chunk. The Python driver takes
case of other chunk types. */
+ if (bytes < 8) {
+ state->errcode = IMAGING_CODEC_OVERRUN;
+ return -1;
+ }
+
if (I16(ptr+4) != 0xF1FA) {
state->errcode = IMAGING_CODEC_UNKNOWN;
return -1;
--
2.24.1

535
SPECS/python-pillow.spec Normal file
View File

@ -0,0 +1,535 @@
%global py3_incdir %(python3 -c 'import distutils.sysconfig; print(distutils.sysconfig.get_python_inc())')
%global py3_libbuilddir %(python3 -c 'import sys; import sysconfig; print("lib.{p}-{v[0]}.{v[1]}".format(p=sysconfig.get_platform(), v=sys.version_info))')
%global srcname pillow
# bootstrap building docs (pillow is required by docutils, docutils are
# required by sphinx; pillow build-requires sphinx)
%global with_docs 1
Name: python-%{srcname}
Version: 5.1.1
Release: 11%{?dist}
Summary: Python image processing library
# License: see http://www.pythonware.com/products/pil/license.htm
License: MIT
URL: http://python-pillow.github.io/
Source0: https://github.com/python-pillow/Pillow/archive/%{version}/Pillow-%{version}.tar.gz
Patch0: 0001-Fix-potential-un-terminated-buffer-problem-CWE-120.patch
Patch1: 0002-Fix-potential-leaked-storage-issues-CWE-772.patch
Patch2: 0003-Fix-dereferencing-type-punned-pointer.patch
# Combined fixes for CVE-2020-5312 improperly restricted operations on memory buffer in libImaging/PcxDecode.c
# https://bugzilla.redhat.com/show_bug.cgi?id=1789533
# https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd
# and for CVE-2019-16865 reading specially crafted image files leads to allocation of large amounts of memory and denial of service
# https://bugzilla.redhat.com/show_bug.cgi?id=1774066
# https://github.com/python-pillow/Pillow/commit/cc16025e234b7a7a4dd3a86d2fdc0980698db9cc
# https://github.com/python-pillow/Pillow/commit/b36c1bc943d554ba223086c7efb502d080f73905
# https://github.com/python-pillow/Pillow/commit/f228d0ccbf6bf9392d7fcd51356ef2cfda80c75a
# https://github.com/python-pillow/Pillow/commit/b9693a51c99c260bd66d1affeeab4a226cf7e5a5
Patch3: CVE-2020-5312_CVE-2019-16865.patch
# Fix for CVE-2020-5311 - out-of-bounds write in expandrow in libImaging/SgiRleDecode.c
# https://bugzilla.redhat.com/show_bug.cgi?id=1789535
# https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3
Patch4: CVE-2020-5311.patch
# CVE-2020-5313 out-of-bounds read in ImagingFliDecode when loading FLI images
# Upstream fix: https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b?patch
# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=1789532
Patch5: CVE-2020-5313.patch
BuildRequires: freetype-devel
BuildRequires: gcc
BuildRequires: ghostscript
BuildRequires: lcms2-devel
BuildRequires: libjpeg-devel
BuildRequires: libtiff-devel
BuildRequires: libwebp-devel
BuildRequires: openjpeg2-devel
BuildRequires: tk-devel
BuildRequires: zlib-devel
BuildRequires: python3-cffi
BuildRequires: python3-devel
BuildRequires: python3-numpy
BuildRequires: python3-setuptools
%if 0%{?with_docs}
BuildRequires: python3-sphinx
BuildRequires: python3-sphinx_rtd_theme
%endif # with_docs
BuildRequires: python3-tkinter
# For EpsImagePlugin.py
Requires: ghostscript
%global __provides_exclude_from ^%{python3_sitearch}/PIL/.*\\.so$
%description
Python image processing library, fork of the Python Imaging Library (PIL)
This library provides extensive file format support, an efficient
internal representation, and powerful image processing capabilities.
There are these subpackages: tk (tk interface),
devel (development) and doc (documentation).
%package -n python3-%{srcname}
Summary: Python 3 image processing library
%{?python_provide:%python_provide python3-%{srcname}}
Provides: python3-imaging = %{version}-%{release}
# For MicImagePlugin.py, FpxImagePlugin.py
%description -n python3-%{srcname}
Python image processing library, fork of the Python Imaging Library (PIL)
This library provides extensive file format support, an efficient
internal representation, and powerful image processing capabilities.
There are these subpackages: tk (tk interface),
devel (development) and doc (documentation).
%package -n python3-%{srcname}-devel
Summary: Development files for %{srcname}
Requires: python3-devel, libjpeg-devel, zlib-devel
Requires: python3-%{srcname}%{?_isa} = %{version}-%{release}
%{?python_provide:%python_provide python3-%{srcname}-devel}
Provides: python3-imaging-devel = %{version}-%{release}
%description -n python3-%{srcname}-devel
Development files for %{srcname}.
%package -n python3-%{srcname}-doc
Summary: Documentation for %{srcname}
BuildArch: noarch
Requires: python3-%{srcname} = %{version}-%{release}
%{?python_provide:%python_provide python3-%{srcname}-doc}
Provides: python3-imaging-doc = %{version}-%{release}
%description -n python3-%{srcname}-doc
Documentation for %{srcname}.
%package -n python3-%{srcname}-tk
Summary: Tk interface for %{srcname}
Requires: python3-tkinter
Requires: python3-%{srcname}%{?_isa} = %{version}-%{release}
%{?python_provide:%python_provide python3-%{srcname}-tk}
Provides: python3-imaging-tk = %{version}-%{release}
%description -n python3-%{srcname}-tk
Tk interface for %{name}.
%prep
%autosetup -p1 -n Pillow-%{version}
%build
%py3_build
%if 0%{?with_docs}
PYTHONPATH=$PWD/build/%py3_libbuilddir make -C docs html BUILDDIR=_build_py3 SPHINXBUILD=sphinx-build-%python3_version
rm -f docs/_build_py3/html/.buildinfo
%endif # with_docs
%install
install -d %{buildroot}/%{py3_incdir}/Imaging
install -m 644 src/libImaging/*.h %{buildroot}/%{py3_incdir}/Imaging
%py3_install
%check
ln -s $PWD/Images $PWD/build/%py3_libbuilddir/Images
cp -R $PWD/Tests $PWD/build/%py3_libbuilddir/Tests
cp -R $PWD/selftest.py $PWD/build/%py3_libbuilddir/selftest.py
pushd build/%py3_libbuilddir
PYTHONPATH=$PWD %{__python3} selftest.py
popd
%files -n python3-%{srcname}
%doc README.rst CHANGES.rst
%license docs/COPYING
%{python3_sitearch}/*
# These are in subpackages
%exclude %{python3_sitearch}/PIL/_imagingtk*
%exclude %{python3_sitearch}/PIL/ImageTk*
%exclude %{python3_sitearch}/PIL/SpiderImagePlugin*
%exclude %{python3_sitearch}/PIL/ImageQt*
%exclude %{python3_sitearch}/PIL/__pycache__/ImageTk*
%exclude %{python3_sitearch}/PIL/__pycache__/SpiderImagePlugin*
%exclude %{python3_sitearch}/PIL/__pycache__/ImageQt*
%files -n python3-%{srcname}-devel
%{py3_incdir}/Imaging/
%files -n python3-%{srcname}-doc
%if 0%{?with_docs}
%doc docs/_build_py3/html
%endif # with_docs
%files -n python3-%{srcname}-tk
%{python3_sitearch}/PIL/_imagingtk*
%{python3_sitearch}/PIL/ImageTk*
%{python3_sitearch}/PIL/SpiderImagePlugin*
%{python3_sitearch}/PIL/__pycache__/ImageTk*
%{python3_sitearch}/PIL/__pycache__/SpiderImagePlugin*
%changelog
* Wed Mar 04 2020 Lumír Balhar <lbalhar@redhat.com> - 5.1.1-11
- Fix for CVE-2020-5313
Resolves: rhbz#1789532
* Mon Feb 17 2020 Lumír Balhar <lbalhar@redhat.com> - 5.1.1-10
- Bump and rebuild for gating to deliver CVE fixes
Resolves: rhbz#1789535
* Mon Feb 17 2020 Lumír Balhar <lbalhar@redhat.com> - 5.1.1-9
- Fix for CVE-2020-5311 - out-of-bounds write in expandrow
Resolves: rhbz#1789535
* Fri Feb 14 2020 Lumír Balhar <lbalhar@redhat.com> - 5.1.1-8
- Combined fixes for CVE-2020-5312 and CVE-2019-16865
Resolves: rhbz#1789533
Resolves: rhbz#1774066
* Tue Nov 27 2018 Lumír Balhar <lbalhar@redhat.com> - 5.1.1-7
- Add upstream patch to solve build-time warning
- Move patches to dist-git
- Resolves: rhbz#1639348
* Mon Oct 15 2018 Lumír Balhar <lbalhar@redhat.com> - 5.1.1-6
- Add patches to fix issues found by static code analysis
- Resolves: rhbz#1602669
* Wed Jun 27 2018 Petr Viktorin <pviktori@redhat.com> - 5.1.1-5
- Correct dependency on python3-tkinter
* Tue Jun 19 2018 Petr Viktorin <pviktori@redhat.com> - 5.1.1-4
- Drop dependency on python3-olefile (breaking MicImagePlugin.py, FpxImagePlugin)
* Thu Jun 14 2018 Petr Viktorin <pviktori@redhat.com> - 5.1.1-3
- Remove the Python 2 subpackage
- Remove the libimagequant dependency
The imagequant library was only used to support a non-default image
quantization mode.
* Thu May 31 2018 Petr Viktorin <pviktori@redhat.com> - 5.1.1-2
- Remove the python2 version of docs
- Remove Qt subpackages
- Drop dependency on python2-olefile (breaking MicImagePlugin.py, FpxImagePlugin)
* Wed Apr 25 2018 Sandro Mani <manisandro@gmail.com> - 5.1.1-1
- Update to 5.1.1
* Thu Apr 05 2018 Sandro Mani <manisandro@gmail.com> - 5.1.0-1
- Update to 5.1.0
* Wed Mar 07 2018 Sandro Mani <manisandro@gmail.com> - 5.0.0-3
- Add missing BR: gcc
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Jan 03 2018 Sandro Mani <manisandro@gmail.com> - 5.0.0-1
- Update to 5.0.0
* Tue Oct 03 2017 Sandro Mani <manisandro@gmail.com> - 4.3.0-1
- Update to 4.3.0
* Tue Sep 05 2017 Troy Dawson <tdawson@redhat.com> - 4.2.1-5
- Cleanup spec file conditionals
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.2.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.2.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Jul 07 2017 Igor Gnatenko <ignatenko@redhat.com> - 4.2.1-2
- Rebuild due to bug in RPM (RHBZ #1468476)
* Thu Jul 06 2017 Sandro Mani <manisandro@gmail.com> - 4.2.1-1
- Update to 4.2.1
* Sat Jul 01 2017 Sandro Mani <manisandro@gmail.com> - 4.2.0-1
- Update to 4.2.0
* Fri Apr 28 2017 Sandro Mani <manisandro@gmail.com> - 4.1.1-1
- Update to 4.1.1
* Wed Apr 05 2017 Sandro Mani <manisandro@gmail.com> - 4.1.0-1
- Update to 4.1.0
* Wed Feb 15 2017 Sandro Mani <manisandro@gmail.com> - 4.0.0-3
- Fix some __pycache__ files in wrong subpackage (#1422606)
* Wed Feb 01 2017 Sandro Mani <manisandro@gmail.com> - 4.0.0-2
- Rebuild (libwebp)
* Tue Jan 03 2017 Sandro Mani <manisandro@gmail.com> - 4.0.0-1
- Update to 4.0.0
* Mon Dec 12 2016 Miro Hrončok <mhroncok@redhat.com> - 3.4.2-3
- Enable docs build
* Mon Dec 12 2016 Miro Hrončok <mhroncok@redhat.com> - 3.4.2-2
- Rebuild for Python 3.6
* Wed Oct 19 2016 Sandro Mani <manisandro@gmail.com> - 3.4.2-1
- Update to 3.4.2
* Tue Oct 04 2016 Sandro Mani <manisandro@gmail.com> - 3.4.1-1
- Update to 3.4.1
* Mon Oct 03 2016 Sandro Mani <manisandro@gmail.com> - 3.4.0-1
- Update to 3.4.0
* Thu Aug 18 2016 Sandro Mani <manisandro@gmail.com> - 3.3.1-1
- Update to 3.3.1
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.0-2
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
* Sat Jul 02 2016 Sandro Mani <manisandro@gmail.com> - 3.3.0-1
- Update to 3.3.0
- Modernize spec
* Fri Apr 01 2016 Sandro Mani <manisandro@gmail.com> - 3.2.0-1
- Update to 3.2.0
* Wed Feb 10 2016 Sandro Mani <manisandro@gmail.com> - 3.1.1-3
- Fix broken python3-pillow package description
* Sun Feb 07 2016 Igor Gnatenko <i.gnatenko.brain@gmail.com> - 3.1.1-2
- Fix provides
* Thu Feb 04 2016 Sandro Mani <manisandro@gmail.com> - 3.1.1-1
- Update to 3.1.1
- Fixes CVE-2016-0740, CVE-2016-0775
* Mon Jan 11 2016 Toshio Kuratomi <toshio@fedoraproject.org> - 3.1.0-2
- Fix executable files in doc package bringing in python 2 for the python3 doc
packages
* Mon Jan 04 2016 Sandro Mani <manisandro@gmail.com> - 3.1.0-1
- Update to 3.1.0
* Tue Dec 29 2015 Igor Gnatenko <i.gnatenko.brain@gmail.com> - 3.0.0-5
- Build with docs
* Mon Dec 28 2015 Igor Gnatenko <i.gnatenko.brain@gmail.com> - 3.0.0-4
- Rebuilt for libwebp soname bump
* Wed Oct 14 2015 Robert Kuska <rkuska@redhat.com> - 3.0.0-3
- Rebuilt for Python3.5 rebuild with docs
* Tue Oct 13 2015 Robert Kuska <rkuska@redhat.com> - 3.0.0-2
- Rebuilt for Python3.5 rebuild without docs
* Fri Oct 02 2015 Sandro Mani <manisandro@gmail.com> - 3.0.0-1
- Update to 3.0.0
* Wed Jul 29 2015 Sandro Mani <manisandro@gmail.com> - 2.9.0-2
- Fix python3-pillow-tk Requires: tkinter -> python3-tkinter (#1248085)
* Thu Jul 02 2015 Sandro Mani <manisandro@gmail.com> - 2.9.0-1
- Update to 2.9.0
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.8.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Jun 08 2015 Sandro Mani <manisandro@gmail.com> - 2.8.2-1
- Update to 2.8.2
* Thu Apr 02 2015 Sandro Mani <manisandro@gmail.com> - 2.8.1-1
- Update to 2.8.1
* Wed Apr 01 2015 Sandro Mani <manisandro@gmail.com> - 2.8.0-1
- Update to 2.8.0
* Mon Jan 12 2015 Sandro Mani <manisandro@gmail.com> - 2.7.0-1
- Update to 2.7.0
- Drop sane subpackage, is in python-sane now
- Fix python3 headers directory
- Drop Obsoletes: python3-pillow on python3-pillow-qt
* Mon Oct 13 2014 Sandro Mani <manisandro@gmail.com> - 2.6.1-1
- Update to 2.6.1
* Thu Oct 02 2014 Sandro Mani <manisandro@gmail.com> - 2.6.0-1
- Update to 2.6.0
* Wed Aug 20 2014 Sandro Mani <manisandro@gmail.com> - 2.5.3-3
- Rebuilding again to resolve transient build error that caused BZ#1131723
* Tue Aug 19 2014 Stephen Gallagher <sgallagh@redhat.com> - 2.5.3-2
- Rebuilding to resolve transient build error that caused BZ#1131723
* Tue Aug 19 2014 Sandro Mani <manisandro@gmail.com> - 2.5.3-1
- Update to 2.5.3 (Fix CVE-2014-3598, a DOS in the Jpeg2KImagePlugin)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Wed Aug 13 2014 Sandro Mani <manisandro@gmail.com> - 2.5.2-1
- Update to 2.5.2 (Fix CVE-2014-3589, a DOS in the IcnsImagePlugin)
* Sat Jul 26 2014 Sandro Mani <manisandro@gmail.com> - 2.5.1-2
- Reenable jpeg2k tests on big endian arches
* Tue Jul 15 2014 Sandro Mani <manisandro@gmail.com> - 2.5.1-1
- Update to 2.5.1
* Wed Jul 02 2014 Sandro Mani <manisandro@gmail.com> - 2.5.0-1
- Update to 2.5.0
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.0-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 28 2014 Sandro Mani <manisandro@gmail.com> - 2.4.0-10
- Rebuild with docs enabled
- Update python-pillow_openjpeg-2.1.0.patch
* Tue May 27 2014 Sandro Mani <manisandro@gmail.com> - 2.4.0-9
- Rebuild against openjpeg-2.1.0
* Fri May 23 2014 Dan Horák <dan[at]danny.cz> - 2.4.0-8
- skip jpeg2k tests on big endian arches (#1100762)
* Wed May 21 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.0-7
- Rebuilt for https://fedoraproject.org/wiki/Changes/f21tcl86
* Tue May 13 2014 Bohuslav Kabrda <bkabrda@redhat.com> - 2.4.0-6
- Set with_docs to 1 to build docs.
* Tue May 13 2014 Bohuslav Kabrda <bkabrda@redhat.com> - 2.4.0-5
- Bootstrap building sphinx docs because of circular dependency with sphinx.
* Fri May 9 2014 Orion Poplawski <orion@cora.nwra.com> - 2.4.0-4
- Rebuild for Python 3.4
* Tue Apr 22 2014 Sandro Mani <manisandro@gmail.com> - 2.4.0-3
- Add patch: Have the tempfile use a suffix with a dot
* Thu Apr 17 2014 Sandro Mani <manisandro@gmail.com> - 2.4.0-2
- Enable Jpeg2000 support
- Enable webp support also on s390* archs, bug #962091 is now fixed
- Add upstream patch for ghostscript detection
* Wed Apr 02 2014 Sandro Mani <manisandro@gmail.com> - 2.4.0-1
- Update to 2.4.0
* Wed Mar 19 2014 Sandro Mani <manisandro@gmail.com> - 2.3.1-1
- Update to 2.3.1 (Fix insecure use of tempfile.mktemp (CVE-2014-1932 CVE-2014-1933))
* Thu Mar 13 2014 Jakub Dorňák <jdornak@redhat.com> - 2.3.0-5
- python-pillow does not provide python3-imaging
(python3-pillow does)
* Tue Jan 07 2014 Sandro Mani <manisandro@gmail.com> - 2.3.0-4
- Add missing ghostscript Requires and BuildRequires
* Mon Jan 06 2014 Sandro Mani <manisandro@gmail.com> - 2.3.0-3
- Remove python-pillow_help-theme.patch, add python-sphinx-theme-better BR
* Sun Jan 05 2014 Sandro Mani <manisandro@gmail.com> - 2.3.0-2
- Rebuild with docs enabled
- Change lcms BR to lcms2
* Thu Jan 02 2014 Sandro Mani <manisandro@gmail.com> - 2.3.0-1
- Update to 2.3.0
- Build with doc disabled to break circular python-pillow -> python-sphinx -> python pillow dependency
* Wed Oct 23 2013 Sandro Mani <manisandro@gmail.com> - 2.2.1-2
- Backport fix for decoding tiffs with correct byteorder, fixes rhbz#1019656
* Wed Oct 02 2013 Sandro Mani <manisandro@gmail.com> - 2.2.1-1
- Update to 2.2.1
- Really enable webp on ppc, but leave disabled on s390
* Thu Aug 29 2013 Sandro Mani <manisandro@gmail.com> - 2.1.0-4
- Add patch to fix incorrect PyArg_ParseTuple tuple signature, fixes rhbz#962091 and rhbz#988767.
- Renable webp support on bigendian arches
* Wed Aug 28 2013 Sandro Mani <manisandro@gmail.com> - 2.1.0-3
- Add patch to fix memory corruption caused by invalid palette size, see rhbz#1001122
* Tue Jul 30 2013 Karsten Hopp <karsten@redhat.com> 2.1.0-2
- Build without webp support on ppc* archs (#988767)
* Wed Jul 03 2013 Sandro Mani <manisandro@gmail.com> - 2.1.0-1
- Update to 2.1.0
- Run tests in builddir, not installroot
- Build python3-pillow docs with python3
- python-pillow_endian.patch upstreamed
* Mon May 13 2013 Roman Rakus <rrakus@redhat.com> - 2.0.0-10
- Build without webp support on s390* archs
Resolves: rhbz#962059
* Sat May 11 2013 Roman Rakus <rrakus@redhat.com> - 2.0.0-9.gitd1c6db8
- Conditionaly disable build of python3 parts on RHEL system
* Wed May 08 2013 Sandro Mani <manisandro@gmail.com> - 2.0.0-8.gitd1c6db8
- Add patch to fix test failure on big-endian
* Thu Apr 25 2013 Toshio Kuratomi <toshio@fedoraproject.org> - 2.0.0-7.gitd1c6db8
- Remove Obsoletes in the python-pillow-qt subpackage. Obsoletes isn't
appropriate since qt support didn't exist in the previous python-pillow
package so there's no reason to drag in python-pillow-qt when updating
python-pillow.
* Fri Apr 19 2013 Sandro Mani <manisandro@gmail.com> - 2.0.0-6.gitd1c6db8
- Update to latest git
- python-pillow_quantization.patch now upstream
- python-pillow_endianness.patch now upstream
- Add subpackage for ImageQt module, with correct dependencies
- Add PyQt4 and numpy BR (for generating docs / running tests)
* Mon Apr 08 2013 Sandro Mani <manisandro@gmail.com> - 2.0.0-5.git93a488e
- Reenable tests on bigendian, add patches for #928927
* Sun Apr 07 2013 Sandro Mani <manisandro@gmail.com> - 2.0.0-4.git93a488e
- Update to latest git
- disable tests on bigendian (PPC*, S390*) until rhbz#928927 is fixed
* Fri Mar 22 2013 Sandro Mani <manisandro@gmail.com> - 2.0.0-3.gitde210a2
- python-pillow_tempfile.patch now upstream
- Add python3-imaging provides (bug #924867)
* Fri Mar 22 2013 Sandro Mani <manisandro@gmail.com> - 2.0.0-2.git2e88848
- Update to latest git
- Remove python-pillow-disable-test.patch, gcc is now fixed
- Add python-pillow_tempfile.patch to prevent a temporary file from getting packaged
* Tue Mar 19 2013 Sandro Mani <manisandro@gmail.com> - 2.0.0-1.git2f4207c
- Update to 2.0.0 git snapshot
- Enable python3 packages
- Add libwebp-devel BR for Pillow 2.0.0
* Wed Mar 13 2013 Peter Robinson <pbrobinson@fedoraproject.org> 1.7.8-6.20130305git
- Add ARM support
* Tue Mar 12 2013 Karsten Hopp <karsten@redhat.com> 1.7.8-5.20130305git
- add s390* and ppc* to arch detection
* Tue Mar 05 2013 Sandro Mani <manisandro@gmail.com> - 1.7.8-4.20130305git7866759
- Update to latest git snapshot
- 0001-Cast-hash-table-values-to-unsigned-long.patch now upstream
- Pillow-1.7.8-selftest.patch now upstream
* Mon Feb 25 2013 Sandro Mani <manisandro@gmail.com> - 1.7.8-3.20130210gite09ff61
- Really remove -fno-strict-aliasing
- Place comment on how to retreive source just above the Source0 line
* Mon Feb 18 2013 Sandro Mani <manisandro@gmail.com> - 1.7.8-2.20130210gite09ff61
- Rebuild without -fno-strict-aliasing
- Add patch for upstream issue #52
* Sun Feb 10 2013 Sandro Mani <manisandro@gmail.com> - 1.7.8-1.20130210gite09ff61
- Initial RPM package