# Contributor: Fabian Affolter <fabian@affolter-engineering.ch>
# Maintainer: Fabian Affolter <fabian@affolter-engineering.ch>
pkgname=py3-pillow
pkgver=8.4.0
pkgrel=3
pkgdesc="Python Imaging Library"
options="!check"
url="https://python-pillow.org/"
arch="all"
license="custom:PIL"
depends="py3-olefile"
makedepends="python3-dev py3-setuptools freetype-dev fribidi-dev openjpeg-dev libimagequant-dev libwebp-dev tiff-dev libpng-dev lcms2-dev libjpeg-turbo-dev libxcb-dev zlib-dev"
checkdepends="py3-pytest py3-numpy"
source="https://files.pythonhosted.org/packages/source/P/Pillow/Pillow-$pkgver.tar.gz
	CVE-2022-22815-22816.patch
	CVE-2022-22817.patch
	CVE-2022-22817-2.patch
	CVE-2022-24303.patch
	"
builddir="$srcdir/Pillow-$pkgver"

provides="py-pillow=$pkgver-r$pkgrel" # backwards compatibility
replaces="py-pillow" # backwards compatiblity

# secfixes:
#   8.4.0-r3:
#     - CVE-2022-22817
#     - CVE-2022-24303
#   8.4.0-r2:
#     - CVE-2022-22815
#     - CVE-2022-22816
#   8.4.0-r0:
#     - CVE-2021-23437
#   8.3.0-r0:
#     - CVE-2021-34552
#   8.2.0-r0:
#     - CVE-2021-25287
#     - CVE-2021-25288
#     - CVE-2021-28675
#     - CVE-2021-28676
#     - CVE-2021-28677
#     - CVE-2021-28678
#   8.1.2-r0:
#     - CVE-2021-25289
#     - CVE-2021-25290
#     - CVE-2021-25291
#     - CVE-2021-25292
#     - CVE-2021-25293
#     - CVE-2021-27921
#     - CVE-2021-27922
#     - CVE-2021-27923
#   8.1.0-r0:
#     - CVE-2020-35653
#     - CVE-2020-35654
#     - CVE-2020-35655
#   6.2.2-r0:
#     - CVE-2019-19911
#     - CVE-2020-5310
#     - CVE-2020-5311
#     - CVE-2020-5312
#     - CVE-2020-5313

build() {
	# zlib resides in lib
	export CFLAGS="$CFLAGS -L/lib"
	python3 setup.py build
}

check() {
	python3 setup.py test
	python3 selftest.py
}

package() {
	python3 setup.py install --prefix=/usr --root="$pkgdir"
}

sha512sums="
ca59f5fc7e4a6dc150d52dfec297ac01b0ecdf46aebb785eda53228d25c427ad98185332cac84a947fca85a71dac4731f33df4d18c3529431b02f159d819fd9f  Pillow-8.4.0.tar.gz
3891369d4c57b709fc0b758b03490eaec4731c62de0c941135182d3c902e6e748ba90fc5abc20b9c8909484c487b44e5dd019e39f35b4dba99d40e95fff2e18d  CVE-2022-22815-22816.patch
0dc4ff93ddc401405b641d497901a2e9421aac0b785d4a81889fd999f21ebd8815562dd39d81894af6601c75f0ea3abf27212e9837f56026cc1a35271c02837e  CVE-2022-22817.patch
b7a077440ea9c67c713fc989fdadb4af3e03b036be24a14512e90d8771c9f48ae6c63ab7077de227561b38b87335c9f23e3018c9e61add087243b07d96f5b11f  CVE-2022-22817-2.patch
56e3f9f845fb237479b41f8f0f9b0af3e297879d4ffb5c898d257a951e06d87b24f5847f0048e6d7f8ce2b6967fae6c88065550ea3113686640df28c4ee6aeab  CVE-2022-24303.patch
"