[reportlab-users] pillow patch

12 views
Skip to first unread message

Claude Paroz

unread,
Feb 18, 2022, 8:37:21 AMFeb 18
to For users of Reportlab open source software
Hi,

As far as I can see, pillow is a required dependency of ReportLab, so
the attached patch simplifies some parts of the code to account for that.
I also upped the pillow minimal version as versions before 9.0.0 have
known security vulnerabilities.

Claude
--
www.2xlibre.net
0001-PIL-pillow-is-a-required-dependency.patch

Claude Paroz

unread,
Feb 28, 2022, 7:55:37 AMFeb 28
to reportl...@lists2.reportlab.com
Le 18.02.22 à 14:37, Claude Paroz a écrit :
Attached is the same patch rebased after another conflicting patch was
applied to main source tree.

Claude
--
www.2xlibre.net
0001-PIL-pillow-is-a-required-dependency.patch

Claude Paroz

unread,
May 8, 2022, 4:47:38 AMMay 8
to reportl...@lists2.reportlab.com
Le 28.02.22 à 13:55, Claude Paroz a écrit :

Is that patch still considered, or is it a bad idea?

Claude
--
www.2xlibre.net
_______________________________________________
reportlab-users mailing list
reportl...@lists2.reportlab.com
https://pairlist2.pair.net/mailman/listinfo/reportlab-users

Robin Becker

unread,
May 11, 2022, 4:18:26 AMMay 11
to reportlab-users, Claude Paroz
On 08/05/2022 09:47, Claude Paroz wrote:
> Le 28.02.22 à 13:55, Claude Paroz a écrit :
>> Le 18.02.22 à 14:37, Claude Paroz a écrit :
>>> Hi,
>>>
>>> As far as I can see, pillow is a required dependency of ReportLab, so the attached patch simplifies some parts of the
>>> code to account for that.
>>> I also upped the pillow minimal version as versions before 9.0.0 have known security vulnerabilities.
>>
>> Attached is the same patch rebased after another conflicting patch was applied to main source tree.
>
> Is that patch still considered, or is it a bad idea?
>
> Claude

I tried the latst version of the patch and it applies cleanly to reportlab. However, when I run our full tests I see this


File "/home/robin/devel/reportlab/.py310/lib/python3.10/site-packages/svglib/svglib.py", line 38, in <module>
from reportlab.lib.utils import haveImages
ImportError: cannot import name 'haveImages' from 'reportlab.lib.utils' (/home/robin/devel/reportlab/reportlab/lib/utils.py)
!!!!! terminating early because of errors

so it seems that svglib has a reference directly to haveImages; I see this in svglib 1.2.1.

If we are just assuming haveImages is true I can just add that to utils.py
--
Robin Becker

Claude Paroz

unread,
May 11, 2022, 5:18:07 AMMay 11
to reportlab-users
Le 11.05.22 à 10:18, Robin Becker a écrit :

Yes, I think we can keep haveImages and simply return True. Good catch!

For svglib, I created:
https://github.com/deeplook/svglib/pull/337

Claude
--
www.2xlibre.net

Reply all
Reply to author
Forward
0 new messages