blob: f643594aba68965ec8b50d0d6a28f420434ac171 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
# Contributor: Fabian Affolter <fabian@affolter-engineering.ch>
# Maintainer: Fabian Affolter <fabian@affolter-engineering.ch>
pkgname=py3-pillow
pkgver=8.4.0
pkgrel=3
pkgdesc="Python Imaging Library"
options="!check"
url="https://python-pillow.org/"
arch="all"
license="custom:PIL"
depends="py3-olefile"
makedepends="python3-dev py3-setuptools freetype-dev fribidi-dev openjpeg-dev libimagequant-dev libwebp-dev tiff-dev libpng-dev lcms2-dev libjpeg-turbo-dev libxcb-dev zlib-dev"
checkdepends="py3-pytest py3-numpy"
source="https://files.pythonhosted.org/packages/source/P/Pillow/Pillow-$pkgver.tar.gz
CVE-2022-22815-22816.patch
CVE-2022-22817.patch
CVE-2022-22817-2.patch
CVE-2022-24303.patch
"
builddir="$srcdir/Pillow-$pkgver"
provides="py-pillow=$pkgver-r$pkgrel" # backwards compatibility
replaces="py-pillow" # backwards compatiblity
# secfixes:
# 8.4.0-r3:
# - CVE-2022-22817
# - CVE-2022-24303
# 8.4.0-r2:
# - CVE-2022-22815
# - CVE-2022-22816
# 8.4.0-r0:
# - CVE-2021-23437
# 8.3.0-r0:
# - CVE-2021-34552
# 8.2.0-r0:
# - CVE-2021-25287
# - CVE-2021-25288
# - CVE-2021-28675
# - CVE-2021-28676
# - CVE-2021-28677
# - CVE-2021-28678
# 8.1.2-r0:
# - CVE-2021-25289
# - CVE-2021-25290
# - CVE-2021-25291
# - CVE-2021-25292
# - CVE-2021-25293
# - CVE-2021-27921
# - CVE-2021-27922
# - CVE-2021-27923
# 8.1.0-r0:
# - CVE-2020-35653
# - CVE-2020-35654
# - CVE-2020-35655
# 6.2.2-r0:
# - CVE-2019-19911
# - CVE-2020-5310
# - CVE-2020-5311
# - CVE-2020-5312
# - CVE-2020-5313
build() {
# zlib resides in lib
export CFLAGS="$CFLAGS -L/lib"
python3 setup.py build
}
check() {
python3 setup.py test
python3 selftest.py
}
package() {
python3 setup.py install --prefix=/usr --root="$pkgdir"
}
sha512sums="
ca59f5fc7e4a6dc150d52dfec297ac01b0ecdf46aebb785eda53228d25c427ad98185332cac84a947fca85a71dac4731f33df4d18c3529431b02f159d819fd9f Pillow-8.4.0.tar.gz
3891369d4c57b709fc0b758b03490eaec4731c62de0c941135182d3c902e6e748ba90fc5abc20b9c8909484c487b44e5dd019e39f35b4dba99d40e95fff2e18d CVE-2022-22815-22816.patch
0dc4ff93ddc401405b641d497901a2e9421aac0b785d4a81889fd999f21ebd8815562dd39d81894af6601c75f0ea3abf27212e9837f56026cc1a35271c02837e CVE-2022-22817.patch
b7a077440ea9c67c713fc989fdadb4af3e03b036be24a14512e90d8771c9f48ae6c63ab7077de227561b38b87335c9f23e3018c9e61add087243b07d96f5b11f CVE-2022-22817-2.patch
56e3f9f845fb237479b41f8f0f9b0af3e297879d4ffb5c898d257a951e06d87b24f5847f0048e6d7f8ce2b6967fae6c88065550ea3113686640df28c4ee6aeab CVE-2022-24303.patch
"
|