From 4b9bceea4cbb39a3b0564f394b357d6b36887ae1 Mon Sep 17 00:00:00 2001 From: Trevor Gamblin Date: Wed, 8 Sep 2021 12:53:43 -0400 Subject: python3-pillow: upgrade 8.3.1 -> 8.3.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From the release notes: - CVE-2021-23437: Avoid a potential ReDoS (regular expression denial of service) in ImageColor’s getrgb() by raising ValueError if the color specifier is too long. Present since Pillow 5.2.0. - Fix 6-byte out-of-bounds (OOB) read. The previous bounds check in FliDecode.c incorrectly calculated the required read buffer size when copying a chunk, potentially reading six extra bytes off the end of the allocated buffer from the heap. Present since Pillow 7.1.0. This bug was found by Google’s OSS-Fuzz CIFuzz runs. - Pillow now includes binary wheels for Python 3.10. - Ensure TIFF RowsPerStrip is multiple of 8 for JPEG compression (#5588). - Updates for ImagePalette channel order (#5599). - Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library (#5651). Signed-off-by: Trevor Gamblin Signed-off-by: Khem Raj Signed-off-by: Trevor Gamblin --- .../python/python3-pillow_8.3.1.bb | 37 ---------------------- .../python/python3-pillow_8.3.2.bb | 37 ++++++++++++++++++++++ 2 files changed, 37 insertions(+), 37 deletions(-) delete mode 100644 meta-python/recipes-devtools/python/python3-pillow_8.3.1.bb create mode 100644 meta-python/recipes-devtools/python/python3-pillow_8.3.2.bb (limited to 'meta-python') diff --git a/meta-python/recipes-devtools/python/python3-pillow_8.3.1.bb b/meta-python/recipes-devtools/python/python3-pillow_8.3.1.bb deleted file mode 100644 index d0a17cb1ac..0000000000 --- a/meta-python/recipes-devtools/python/python3-pillow_8.3.1.bb +++ /dev/null @@ -1,37 +0,0 @@ -SUMMARY = "Python Imaging Library (Fork). Pillow is the friendly PIL fork by Alex \ -Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and \ -Contributors." -HOMEPAGE = "https://pillow.readthedocs.io" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=0337b116233da4616ae9fdb130bf6f1a" - -SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=8.3.x \ - file://0001-support-cross-compiling.patch \ - file://0001-explicitly-set-compile-options.patch \ -" -SRCREV ?= "92933b86574b9c80764bf52c357ed29e1ef53382" - -inherit setuptools3 - -DEPENDS += " \ - zlib \ - jpeg \ - tiff \ - freetype \ - lcms \ - openjpeg \ -" - -RDEPENDS:${PN} += " \ - ${PYTHON_PN}-misc \ - ${PYTHON_PN}-logging \ - ${PYTHON_PN}-numbers \ -" - -CVE_PRODUCT = "pillow" - -S = "${WORKDIR}/git" - -RPROVIDES:${PN} += "python3-imaging" - -BBCLASSEXTEND = "native" diff --git a/meta-python/recipes-devtools/python/python3-pillow_8.3.2.bb b/meta-python/recipes-devtools/python/python3-pillow_8.3.2.bb new file mode 100644 index 0000000000..68b80a7392 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-pillow_8.3.2.bb @@ -0,0 +1,37 @@ +SUMMARY = "Python Imaging Library (Fork). Pillow is the friendly PIL fork by Alex \ +Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and \ +Contributors." +HOMEPAGE = "https://pillow.readthedocs.io" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=0337b116233da4616ae9fdb130bf6f1a" + +SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=8.3.x \ + file://0001-support-cross-compiling.patch \ + file://0001-explicitly-set-compile-options.patch \ +" +SRCREV ?= "8013f130a5077b238a4346b73e149432b180a8ea" + +inherit setuptools3 + +DEPENDS += " \ + zlib \ + jpeg \ + tiff \ + freetype \ + lcms \ + openjpeg \ +" + +RDEPENDS:${PN} += " \ + ${PYTHON_PN}-misc \ + ${PYTHON_PN}-logging \ + ${PYTHON_PN}-numbers \ +" + +CVE_PRODUCT = "pillow" + +S = "${WORKDIR}/git" + +RPROVIDES:${PN} += "python3-imaging" + +BBCLASSEXTEND = "native" -- cgit 1.2.3-korg