Message ID | 20220222113336.2608916-1-angelo@amarulasolutions.com |
---|---|
State | Accepted |
Headers | show |
Series | package/python-pillow: bump to version 9.0.1 | expand |
On 22/02/2022 12:33, Angelo Compagnucci wrote: > Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com> Applied to master, thanks. Regards, Arnout > --- > package/python-pillow/python-pillow.hash | 4 ++-- > package/python-pillow/python-pillow.mk | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/package/python-pillow/python-pillow.hash b/package/python-pillow/python-pillow.hash > index f3ca8e6014..88a5d7cada 100644 > --- a/package/python-pillow/python-pillow.hash > +++ b/package/python-pillow/python-pillow.hash > @@ -1,6 +1,6 @@ > # md5, sha256 from https://pypi.org/pypi/pillow/json > -md5 c5af6e413d2fe9247cf16ce25c816b14 Pillow-9.0.0.tar.gz > -sha256 ee6e2963e92762923956fe5d3479b1fdc3b76c83f290aad131a2f98c3df0593e Pillow-9.0.0.tar.gz > +md5 8deffccb4f402df154fd2fd504d8487c Pillow-9.0.1.tar.gz > +sha256 6c8bc8238a7dfdaf7a75f5ec5a663f4173f8c367e5a39f87e720495e1eed75fa Pillow-9.0.1.tar.gz > > # Locally computed sha256 checksums > sha256 a6554cb737ba6c9b47d3301f78de03b4ed0d3f08d6cf9400714f3d4c894f6943 LICENSE > diff --git a/package/python-pillow/python-pillow.mk b/package/python-pillow/python-pillow.mk > index 2f2e817882..901876e0ee 100644 > --- a/package/python-pillow/python-pillow.mk > +++ b/package/python-pillow/python-pillow.mk > @@ -4,8 +4,8 @@ > # > ################################################################################ > > -PYTHON_PILLOW_VERSION = 9.0.0 > -PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/b0/43/3e286c93b9fa20e233d53532cc419b5aad8a468d91065dbef4c846058834 > +PYTHON_PILLOW_VERSION = 9.0.1 > +PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/03/a3/f61a9a7ff7969cdef2a6e0383a346eb327495d20d25a2de5a088dbb543a6 > PYTHON_PILLOW_SOURCE = Pillow-$(PYTHON_PILLOW_VERSION).tar.gz > PYTHON_PILLOW_LICENSE = HPND > PYTHON_PILLOW_LICENSE_FILES = LICENSE
>>>>> "Angelo" == Angelo Compagnucci <angelo@amarulasolutions.com> writes: > Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com> Looking at the changelog, 9.0.1 seems to be a security fix release fixing two CVEs: https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst Please mark such version bumps as security related so I don't miss them. Committed with that fixed to 2022.02.x, thanks.
On Sat, Mar 19, 2022 at 1:11 PM Peter Korsgaard <peter@korsgaard.com> wrote: > > >>>>> "Angelo" == Angelo Compagnucci <angelo@amarulasolutions.com> writes: > > > Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com> > > Looking at the changelog, 9.0.1 seems to be a security fix release > fixing two CVEs: > > https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst > > Please mark such version bumps as security related so I don't miss them. > > Committed with that fixed to 2022.02.x, thanks. FYI there might be a regression, 9.0.1 is broken on master at least, this should fix it: https://patchwork.ozlabs.org/project/buildroot/patch/20220316060219.3448648-1-james.hilliard1@gmail.com/ > > -- > Bye, Peter Korsgaard > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
diff --git a/package/python-pillow/python-pillow.hash b/package/python-pillow/python-pillow.hash index f3ca8e6014..88a5d7cada 100644 --- a/package/python-pillow/python-pillow.hash +++ b/package/python-pillow/python-pillow.hash @@ -1,6 +1,6 @@ # md5, sha256 from https://pypi.org/pypi/pillow/json -md5 c5af6e413d2fe9247cf16ce25c816b14 Pillow-9.0.0.tar.gz -sha256 ee6e2963e92762923956fe5d3479b1fdc3b76c83f290aad131a2f98c3df0593e Pillow-9.0.0.tar.gz +md5 8deffccb4f402df154fd2fd504d8487c Pillow-9.0.1.tar.gz +sha256 6c8bc8238a7dfdaf7a75f5ec5a663f4173f8c367e5a39f87e720495e1eed75fa Pillow-9.0.1.tar.gz # Locally computed sha256 checksums sha256 a6554cb737ba6c9b47d3301f78de03b4ed0d3f08d6cf9400714f3d4c894f6943 LICENSE diff --git a/package/python-pillow/python-pillow.mk b/package/python-pillow/python-pillow.mk index 2f2e817882..901876e0ee 100644 --- a/package/python-pillow/python-pillow.mk +++ b/package/python-pillow/python-pillow.mk @@ -4,8 +4,8 @@ # ################################################################################ -PYTHON_PILLOW_VERSION = 9.0.0 -PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/b0/43/3e286c93b9fa20e233d53532cc419b5aad8a468d91065dbef4c846058834 +PYTHON_PILLOW_VERSION = 9.0.1 +PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/03/a3/f61a9a7ff7969cdef2a6e0383a346eb327495d20d25a2de5a088dbb543a6 PYTHON_PILLOW_SOURCE = Pillow-$(PYTHON_PILLOW_VERSION).tar.gz PYTHON_PILLOW_LICENSE = HPND PYTHON_PILLOW_LICENSE_FILES = LICENSE
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com> --- package/python-pillow/python-pillow.hash | 4 ++-- package/python-pillow/python-pillow.mk | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-)