From 8c602fcfd2422705fec134281d99f3db8c9dc84e Mon Sep 17 00:00:00 2001 From: Angelo Compagnucci Date: Tue, 22 Feb 2022 12:33:36 +0100 Subject: [PATCH] package/python-pillow: security bump to version 9.0.1 Fixes the following security issues: - CVE-2022-24303: In show_file, use os.remove to remove temporary images - CVE-2022-22817: Restrict builtins within lambdas for ImageMath.eval Signed-off-by: Angelo Compagnucci Signed-off-by: Arnout Vandecappelle (Essensium/Mind) (cherry picked from commit 07b070be39f9c51592c85fb76cd7af00539abc19) [Peter: mention security fixes] Signed-off-by: Peter Korsgaard --- package/python-pillow/python-pillow.hash | 4 ++-- package/python-pillow/python-pillow.mk | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package/python-pillow/python-pillow.hash b/package/python-pillow/python-pillow.hash index f3ca8e6014..88a5d7cada 100644 --- a/package/python-pillow/python-pillow.hash +++ b/package/python-pillow/python-pillow.hash @@ -1,6 +1,6 @@ # md5, sha256 from https://pypi.org/pypi/pillow/json -md5 c5af6e413d2fe9247cf16ce25c816b14 Pillow-9.0.0.tar.gz -sha256 ee6e2963e92762923956fe5d3479b1fdc3b76c83f290aad131a2f98c3df0593e Pillow-9.0.0.tar.gz +md5 8deffccb4f402df154fd2fd504d8487c Pillow-9.0.1.tar.gz +sha256 6c8bc8238a7dfdaf7a75f5ec5a663f4173f8c367e5a39f87e720495e1eed75fa Pillow-9.0.1.tar.gz # Locally computed sha256 checksums sha256 a6554cb737ba6c9b47d3301f78de03b4ed0d3f08d6cf9400714f3d4c894f6943 LICENSE diff --git a/package/python-pillow/python-pillow.mk b/package/python-pillow/python-pillow.mk index 2f2e817882..901876e0ee 100644 --- a/package/python-pillow/python-pillow.mk +++ b/package/python-pillow/python-pillow.mk @@ -4,8 +4,8 @@ # ################################################################################ -PYTHON_PILLOW_VERSION = 9.0.0 -PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/b0/43/3e286c93b9fa20e233d53532cc419b5aad8a468d91065dbef4c846058834 +PYTHON_PILLOW_VERSION = 9.0.1 +PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/03/a3/f61a9a7ff7969cdef2a6e0383a346eb327495d20d25a2de5a088dbb543a6 PYTHON_PILLOW_SOURCE = Pillow-$(PYTHON_PILLOW_VERSION).tar.gz PYTHON_PILLOW_LICENSE = HPND PYTHON_PILLOW_LICENSE_FILES = LICENSE