python3-Pillow-8.4.0-bp156.2.1

- Add upstream patch CVE-2022-45198.patch, added GIF decompression
  bomb check.
  Also  add new test files as new source:
  - decompression_bomb_extents.gif
  (bsc#1205416, CVE-2022-45198,
  gh#python-pillow/Pillow#6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588ea)

- Add upstream patch CVE-2022-22815.patch, Fixed ImagePath.Path array
  handling
  (bsc#1194551, bsc#1194552, CVE-2022-22815, CVE-2022-22816,
  gh#python-pillow/Pillow#5920/commits/c48271ab354db49cdbd740bc45e13be4f0f7993c)

- Add CVE-2023-50447-environment-keys-filtering.patch:
  * Filter out builtins from the environment. (CVE-2023-50447, bsc#1219048)

- update to 8.4.0:
  - Prefer global transparency in GIF when replacing with background color #5756
  - Added "exif" keyword argument to TIFF saving #5575
  - Copy Python palette to new image in quantize() #5696
  - Read ICO AND mask from end #5667
  - Actually check the framesize in FliDecode.c #5659
  - Determine JPEG2000 mode purely from ihdr header box #5654
  - Fixed using info dictionary when writing multiple APNG frames #5611
  - Allow saving 1 and L mode TIFF with PhotometricInterpretation 0 #5655
  - For GIF save_all with palette, do not include palette with each frame #5603
  - Keep transparency when converting from P to LA or PA #5606
  - Copy palette to new image in transform() #5647
  - Added "transparency" argument to EpsImagePlugin load() #5620
  - Corrected pathlib.Path detection when saving #5633
  - Added WalImageFile class #5618
  - Consider I;16 pixel size when drawing text #5598
  - If default conversion from P is RGB with transparency, convert to RGBA #5594
  - Speed up rotating square images by 90 or 270 degrees #5646
  - Add support for reading DPI information from JPEG2000 images
  - Catch TypeError from corrupted DPI value in EXIF #5639
  - Do not close file pointer when saving SGI images #5645
  - Deprecate ImagePalette size parameter #5641
  - Prefer command line tools SDK on macOS #5624

- update to version 8.3.2:
  * CVE-2021-23437 Raise ValueError if color specifier is too long
    [hugovk, radarhere]
  * Fix 6-byte OOB read in FliDecode [wiredfool]
  * Add support for Python 3.10 #5569, #5570 [hugovk, radarhere]
  * Ensure TIFF RowsPerStrip is multiple of 8 for JPEG compression
    [#5588] [kmilos, radarhere]
  * Updates for ImagePalette channel order #5599 [radarhere]
  * Hide FriBiDi shim symbols to avoid conflict with real FriBiDi
    library #5651 [nulano]

- update to version 8.3.1:
  * Catch OSError when checking if fp is sys.stdout #5585 [radarhere]
  * Handle removing orientation from alternate types of EXIF data #5584 [radarhere]
  * Make Image.__array__ take optional dtype argument #5572 [t-vi, radarhere]

- update to version 8.3.0:
  * Use snprintf instead of sprintf. CVE-2021-34552 #5567 [radarhere]
  * Limit TIFF strip size when saving with LibTIFF #5514 [kmilos]
  * Allow ICNS save on all operating systems #4526 [baletu, radarhere,
    newpanjing, hugovk]
  * De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables
    [#4989] [gofr, radarhere]
  * Replaced xml.etree.ElementTree #5565 [radarhere]
  * Moved CVE image to pillow-depends #5561 [radarhere]
  * Added tag data for IFD groups #5554 [radarhere]
  * Improved ImagePalette #5552 [radarhere]
  * Add DDS saving #5402 [radarhere]
  * Improved getxmp() #5455 [radarhere]
  * Convert to float for comparison with float in IFDRational __eq__
    [#5412] [radarhere]
  * Allow getexif() to access TIFF tag_v2 data #5416 [radarhere]
  * Read FITS image mode and size #5405 [radarhere]
  * Merge parallel horizontal edges in ImagingDrawPolygon #5347
    [radarhere, hrdrq]
  * Use transparency behind first GIF frame and when disposing to
    background #5557 [radarhere, zewt]
  * Avoid unstable nature of qsort in Quant.c #5367 [radarhere]
  * Copy palette to new images in ImageOps expand #5551 [radarhere]
  * Ensure palette string matches RGB mode #5549 [radarhere]
  * Do not modify EXIF of original image instance in exif_transpose()
    [#5547] [radarhere]
  * Fixed default numresolution for small JPEG2000 images #5540
    [radarhere]
  * Added DDS BC5 reading #5501 [radarhere]
  * Raise an error if ImageDraw.textbbox is used without a TrueType
    font #5510 [radarhere]
  * Added ICO saving in BMP format #5513 [radarhere]
  * Ensure PNG seeks to end of previous chunk at start of load_end
    [#5493] [radarhere]
  * Do not allow TIFF to seek to a past frame #5473 [radarhere]
  * Avoid race condition when displaying images with eog #5507
    [mconst]
  * Added specific error messages when ink has incorrect number of
    bands #5504 [radarhere]
  * Allow converting an image to a numpy array to raise errors #5379
    [radarhere]
  * Removed DPI rounding from BMP, JPEG, PNG and WMF loading #5476,
    [#5470] [radarhere]
  * Remove spikes when drawing thin pieslices #5460 [xtsm]
  * Updated default value for SAMPLESPERPIXEL TIFF tag #5452
    [radarhere]
  * Removed TIFF DPI rounding #5446 [radarhere, hugovk]
  * Include code in WebP error #5471 [radarhere]
  * Do not alter pixels outside mask when drawing text on an image
    with transparency #5434 [radarhere]
  * Reset handle when seeking backwards in TIFF #5443 [radarhere]
  * Replace sys.stdout with sys.stdout.buffer when saving #5437
    [radarhere]
  * Fixed UNDEFINED TIFF tag of length 0 being changed in roundtrip
    [#5426] [radarhere]
  * Fixed bug when checking FreeType2 version if it is not installed
    [#5445] [radarhere]
  * Do not round dimensions when saving PDF #5459 [radarhere]
  * Added ImageOps contain() #5417 [radarhere, hugovk]
  * Changed WebP default "method" value to 4 #5450 [radarhere]
  * Switched to saving 1-bit PDFs with DCTDecode #5430 [radarhere]
  * Use bpp from ICO header #5429 [radarhere]
  * Corrected JPEG APP14 transform value #5408 [radarhere]
  * Changed TIFF tag 33723 length to 1 #5425 [radarhere]
  * Changed ImageMorph incorrect mode errors to ValueError #5414
    [radarhere]
  * Add EXIF tags specified in EXIF 2.32 #5419 [gladiusglad]
  * Treat previous contents of first GIF frame as transparent #5391
    [radarhere]
  * For special image modes, revert default resize resampling to
    NEAREST #5411 [radarhere]
  * JPEG2000: Support decoding subsampled RGB and YCbCr images #4996
    [nulano, radarhere]
  * Stop decoding BC1 punchthrough alpha in BC2&3 #4144 [jansol]
  * Use zero if GIF background color index is missing #5390
    [radarhere]
  * Fixed ensuring that GIF previous frame was loaded #5386
    [radarhere]
  * Valgrind fixes #5397 [wiredfool]
  * Round down the radius in rounded_rectangle #5382 [radarhere]
  * Fixed reading uncompressed RGB data from DDS #5383 [radarhere]

- update to version 8.2.0:
  * Added getxmp() method #5144 [UrielMaD, radarhere]
  * Add ImageShow support for GraphicsMagick #5349 [latosha-maltba,
    radarhere]
  * Do not load transparent pixels from subsequent GIF frames #5333
    [zewt, radarhere]
  * Use LZW encoding when saving GIF images #5291 [raygard]
  * Set all transparent colors to be equal in quantize() #5282
    [radarhere]
  * Allow PixelAccess to use Python __int__ when parsing x and y #5206
    [radarhere]
  * Removed Image._MODEINFO #5316 [radarhere]
  * Add preserve_tone option to autocontrast #5350 [elejke, radarhere]
  * Fixed linear_gradient and radial_gradient I and F modes #5274
    [radarhere]
  * Add support for reading TIFFs with PlanarConfiguration=2 #5364
    [kkopachev, wiredfool, nulano]
  * Deprecated categories #5351 [radarhere]
  * Do not premultiply alpha when resizing with Image.NEAREST
    resampling #5304 [nulano]
  * Dynamically link FriBiDi instead of Raqm #5062 [nulano]
  * Allow fewer PNG palette entries than the bit depth maximum when
    saving #5330 [radarhere]
  * Use duration from info dictionary when saving WebP #5338
    [radarhere]
  * Stop flattening EXIF IFD into getexif() #4947 [radarhere,
    kkopachev]
  * Replaced tiff_deflate with tiff_adobe_deflate compression when
    saving TIFF images #5343 [radarhere]
  * Save ICC profile from TIFF encoderinfo #5321 [radarhere]
  * Moved RGB fix inside ImageQt class #5268 [radarhere]
  * Allow alpha_composite destination to be negative #5313 [radarhere]
  * Ensure file is closed if it is opened by ImageQt.ImageQt #5260
    [radarhere]
  * Added ImageDraw rounded_rectangle method #5208 [radarhere]
  * Added IPythonViewer #5289 [radarhere, Kipkurui-mutai]
  * Only draw each rectangle outline pixel once #5183 [radarhere]
  * Use mmap instead of built-in Win32 mapper #5224 [radarhere,
    cgohlke]
  * Handle PCX images with an odd stride #5214 [radarhere]
  * Only read different sizes for "Large Thumbnail" MPO frames #5168
    [radarhere]
  * Added PyQt6 support #5258 [radarhere]
  * Changed Image.open formats parameter to be case-insensitive #5250
    [Piolie, radarhere]
  * Deprecate Tk/Tcl 8.4, to be removed in Pillow 10 (2023-01-02)
    [#5216] [radarhere]
  * Added tk version to pilinfo #5226 [radarhere, nulano]
  * Support for ignoring tests when running valgrind #5150 [wiredfool,
    radarhere, hugovk]
  * OSS-Fuzz support #5189 [wiredfool, radarhere]

- update to 8.1.2:
  - Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922) and ICO (CVE-2021-27923) Image Plugins

- Update to 8.1.1
  Security
  * CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c.
  * CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size
  * CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
  * CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
  * CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
  There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow
  did not properly check the reported size of the contained image. These images could cause
  arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie,
  and Akshay Ajayan of ASU.edu.
  Other Changes
  A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed

- Fix rpmlint warning about duplicate file definition
- Fix package build by relying on %python_subpackages for Obsoletes/Conflicts (bsc#1181281)

- update to 8.1.0 (bsc#1180833, bsc#1180834, bsc#1180832):
  * Fix TIFF OOB Write error. CVE-2020-35654
  * Fix for Read Overflow in PCX Decoding. CVE-2020-35653
  * Fix for SGI Decode buffer overrun. CVE-2020-35655
  * Fix OOB Read when saving GIF of xsize=1
  * Makefile updates
  * Add support for PySide6
  * Use disposal settings from previous frame in APNG
  * Added exception explaining that _repr_png_ saves to PNG
  * Use previous disposal method in GIF load_end
  * Allow putpalette to accept 1024 integers to include alpha values
  * Fix OOB Read when writing TIFF with custom Metadata
  * Added append_images support for ICO
  * Block TIFFTAG_SUBIFD
  * Fixed dereferencing potential null pointers
  * Deprecate FreeType 2.7
  * Moved warning to end of execution
  * Removed unused fromstring and tostring C methods
  * init() if one of the formats is unrecognised
  * Moved string_dimension CVE image to pillow-depends
  * Support raw rgba8888 for DDS
- drop patches python-Pillow-tiff-4.2.0.patch
  python-Pillow-tiff-fix-oob-read.patch (upstream)

- fix build with libtiff 4.2.0
- added patches
  fix https://github.com/python-pillow/Pillow/pull/5153
  + python-Pillow-tiff-4.2.0.patch
  fix https://github.com/python-pillow/Pillow/commit/416f12e772d2b3cb920b18b3625e8b1419d7519e
  + python-Pillow-tiff-fix-oob-read.patch

- specfile:
  * README.rst -> README.md
- update to version 8.0.1:
  * Update FreeType used in binary wheels to 2.10.4 to fix
    CVE-2020-15999. [radarhere]
  * Moved string_dimension image to pillow-depends #4993 [radarhere]
- changes from version 8.0.0:
  * Drop support for EOL Python 3.5 #4746, #4794 [hugovk, radarhere,
    nulano]
  * Drop support for PyPy3 < 7.2.0 #4964 [nulano]
  * Remove ImageCms.CmsProfile attributes deprecated since 3.2.0 #4768
    [hugovk, radarhere]
  * Remove long-deprecated Image.py functions #4798 [hugovk, nulano,
    radarhere]
  * Add support for 16-bit precision JPEG quantization values #4918
    [gofr]
  * Added reading of IFD tag type #4979 [radarhere]
  * Initialize offset memory for PyImagingPhotoPut #4806 [nqbit]
  * Fix TiffDecode comparison warnings #4756 [nulano]
  * Docs: Add dark mode #4968 [hugovk, nulano]
  * Added macOS SDK install path to library and include directories
    [#4974] [radarhere, fxcoudert]
  * Imaging.h: prevent confusion with system #4923 [ax3l, ,radarhere]
  * Avoid using pkg_resources in PIL.features.pilinfo #4975 [nulano]
  * Add getlength and getbbox functions for TrueType fonts #4959
    [nulano, radarhere, hugovk]
  * Allow tuples with one item to give single color value in getink
    [#4927] [radarhere, nulano]
  * Add support for CBDT and COLR fonts #4955 [nulano, hugovk]
  * Removed OSError in favour of DecompressionBombError for BMP #4966
    [radarhere]
  * Implemented another ellipse drawing algorithm #4523 [xtsm,
    radarhere]
  * Removed unused JpegImagePlugin._fixup_dict function #4957
    [radarhere]
  * Added reading and writing of private PNG chunks #4292 [radarhere]
  * Implement anchor for TrueType fonts #4930 [nulano, hugovk]
  * Fixed bug in Exif __delitem__ #4942 [radarhere]
  * Fix crash in ImageTk.PhotoImage on MinGW 64-bit #4946 [nulano]
  * Moved CVE images to pillow-depends #4929 [radarhere]
  * Refactor font_getsize and font_render #4910 [nulano]
  * Fixed loading profile with non-ASCII path on Windows #4914
    [radarhere]
  * Fixed effect_spread bug for zero distance #4908 [radarhere,
    hugovk]
  * Added formats parameter to Image.open #4837 [nulano, radarhere]
  * Added regular_polygon draw method #4846 [comhar]
  * Raise proper TypeError in putpixel #4882 [nulano, hugovk]
  * Added writing of subIFDs #4862 [radarhere]
  * Fix IFDRational __eq__ bug #4888 [luphord, radarhere]
  * Fixed duplicate variable name #4885 [liZe, radarhere]
  * Added homebrew zlib include directory #4842 [radarhere]
  * Corrected inverted PDF CMYK colors #4866 [radarhere]
  * Do not try to close file pointer if file pointer is empty #4823
    [radarhere]
  * ImageOps.autocontrast: add mask parameter #4843 [navneeth, hugovk]
  * Read EXIF data tEXt chunk into info as bytes instead of string
    [#4828] [radarhere]
  * Replaced distutils with setuptools #4797, #4809, #4814, #4817,
    [#4829], #4890 [hugovk, radarhere]
  * Add MIME type to PsdImagePlugin #4788 [samamorgan]
  * Allow ImageOps.autocontrast to specify low and high cutoffs
    separately #4749 [millionhz, radarhere]

- Fix build with RPM 4.16: error: bare words are no longer
  supported, please use "...":  no == yes.

- Fix build on Leap

- Remove dependency on pytest-runner as it is unnecessary

- update to version 7.2.0:
  * Do not convert I;16 images when showing PNGs #4744 [radarhere]
  * Fixed ICNS file pointer saving #4741 [radarhere]
  * Fixed loading non-RGBA mode APNGs with dispose background #4742
    [radarhere]
  * Deprecated _showxv #4714 [radarhere]
  * Deprecate Image.show(command="...") #4646 [nulano, hugovk,
    radarhere]
  * Updated JPEG magic number #4707 [Cykooz, radarhere]
  * Change STRIPBYTECOUNTS to LONG if necessary when saving #4626
    [radarhere, hugovk]
  * Write JFIF header when saving JPEG #4639 [radarhere]
  * Replaced tiff_jpeg with jpeg compression when saving TIFF images
    [#4627] [radarhere]
  * Writing TIFF tags: improved BYTE, added UNDEFINED #4605
    [radarhere]
  * Consider transparency when pasting text on an RGBA image #4566
    [radarhere]
  * Added method argument to single frame WebP saving #4547
    [radarhere]
  * Use ImageFileDirectory_v2 in Image.Exif #4637 [radarhere]
  * Corrected reading EXIF metadata without prefix #4677 [radarhere]
  * Fixed drawing a jointed line with a sequence of numeric values
    [#4580] [radarhere]
  * Added support for 1-D NumPy arrays #4608 [radarhere]
  * Parse orientation from XMP tags #4560 [radarhere]
  * Speed up text layout by not rendering glyphs #4652 [nulano]
  * Fixed ZeroDivisionError in Image.thumbnail #4625 [radarhere]
  * Replaced TiffImagePlugin DEBUG with logging #4550 [radarhere]
  * Fix repeatedly loading .gbr #4620 [ElinksFr, radarhere]
  * JPEG: Truncate icclist instead of setting to None #4613 [homm]
  * Fixes default offset for Exif #4594 [rodrigob, radarhere]
  * Fixed bug when unpickling TIFF images #4565 [radarhere]
  * Fix pickling WebP #4561 [hugovk, radarhere]
  * Replace IOError and WindowsError aliases with OSError #4536
    [hugovk, radarhere]

- Update to 7.1.2:
  * This fixes a regression introduced in 7.1.0 when adding support
    for APNG files.
  * When calling seek(n) on a regular PNG where n > 0, it failed to
    raise an EOFError as it should have done

- update to version 7.1.1:
  * Fix regression seeking and telling PNGs #4512 #4514 [hugovk,
    radarhere]
- changes from version 7.1.0:
  * Fix multiple OOB reads in FLI decoding #4503 [wiredfool]
  * Fix buffer overflow in SGI-RLE decoding #4504 [wiredfool, hugovk]
  * Fix bounds overflow in JPEG 2000 decoding #4505 [wiredfool]
  * Fix bounds overflow in PCX decoding #4506 [wiredfool]
  * Fix 2 buffer overflows in TIFF decoding #4507 [wiredfool]
  * Add APNG support #4243 [pmrowla, radarhere, hugovk]
  * ImageGrab.grab() for Linux with XCB #4260 [nulano, radarhere]
  * Added three new channel operations #4230 [dwastberg, radarhere]
  * Prevent masking of Image reduce method in Jpeg2KImagePlugin #4474
    [radarhere, homm]
  * Added reading of earlier ImageMagick PNG EXIF data #4471
    [radarhere]
  * Fixed endian handling for I;16 getextrema #4457 [radarhere]
  * Release buffer if function returns prematurely #4381 [radarhere]
  * Add JPEG comment to info dictionary #4455 [radarhere]
  * Fix size calculation of Image.thumbnail() #4404 [orlnub123]
  * Fixed stroke on FreeType < 2.9 #4401 [radarhere]
  * If present, only use alpha channel for bounding box #4454
    [radarhere]
  * Warn if an unknown feature is passed to features.check() #4438
    [jdufresne]
  * Fix Name field length when saving IM images #4424 [hugovk,
    radarhere]
  * Allow saving of zero quality JPEG images #4440 [radarhere]
  * Allow explicit zero width to hide outline #4334 [radarhere]
  * Change ContainerIO return type to match file object mode #4297
    [jdufresne, radarhere]
  * Only draw each polygon pixel once #4333 [radarhere]
  * Add support for shooting situation Exif IFD tags #4398 [alexagv]
  * Handle multiple and malformed JPEG APP13 markers #4370 [homm]
  * Depends: Update libwebp to 1.1.0 #4342, libjpeg to 9d #4352
    [radarhere]