Date
1 - 6 of 6
[meta-python][dunfell][PATCH 1/9] python3-pillow: Upgrade 6.2.1 -> 7.2.0
|
Ranjitsinh Rathod
Hi Khem,
I have sent the below patches for the upgrade python3-pillow to 9.0.1 https://lists.openembedded.org/g/openembedded-devel/message/97359
https://lists.openembedded.org/g/openembedded-devel/message/97360
https://lists.openembedded.org/g/openembedded-devel/message/97361
https://lists.openembedded.org/g/openembedded-devel/message/97362
https://lists.openembedded.org/g/openembedded-devel/message/97363
https://lists.openembedded.org/g/openembedded-devel/message/97364
https://lists.openembedded.org/g/openembedded-devel/message/97365
https://lists.openembedded.org/g/openembedded-devel/message/97366
https://lists.openembedded.org/g/openembedded-devel/message/97367
I have cherry-picked those from the master to fix all the CVEs mentioned in earlier thread. Also, each commit message has changelog included $ git log origin/dunfell..upstream/master --oneline meta-python/recipes-devtools/python | grep "python3-pillow: " 91e1461a28 python3-pillow: upgrade 9.0.0 -> 9.0.1 b56940049d python3-pillow: fix wheel build f41b3757dd python3-pillow: Upgrade 8.3.2 -> 9.0.0 4b9bceea4c python3-pillow: upgrade 8.3.1 -> 8.3.2 a5fc60071f python3-pillow: Upgrade 8.2.0 -> 8.3.1 0fc9235bbb python3-pillow: Upgrade 8.1.2 -> 8.2.0 bb0789998e python3-pillow: 8.1.0 -> 8.1.2 ae76da9210 python3-pillow: Upgrade 7.2.0 -> 8.1.0 995fc86b29 python3-pillow: Upgrade 6.2.1 -> 7.2.0 Ranjitsinh Rathod |
|
|
|
What changes are there in new version is there anything of concern ? Sometimes we may be fine to bump a revision of it only contains smaller fixes On Wed, Jun 1, 2022 at 11:30 PM Ranjitsinh Rathod <ranjitsinhrathod1991@...> wrote: Hi Armin, |
|
|
|
Ranjitsinh Rathod
CVE-2019-19911 CVE-2020-10177 CVE-2020-10378 CVE-2020-10379
CVE-2020-10994 CVE-2020-11538 CVE-2020-35653 CVE-2020-35654
CVE-2020-35655 CVE-2020-5310 CVE-2020-5311 CVE-2020-5312
CVE-2020-5313 CVE-2021-23437 CVE-2021-25287 CVE-2021-25288
CVE-2021-25289 CVE-2021-25290 CVE-2021-25291 CVE-2021-25292
CVE-2021-25293 CVE-2021-27921 CVE-2021-27922 CVE-2021-27923
CVE-2021-28675 CVE-2021-28676 CVE-2021-28677 CVE-2021-28678
CVE-2021-34552 CVE-2022-22815 CVE-2022-22816 CVE-2022-22817
CVE-2022-24303 above is the exact CVE list. Thanks, Ranjitsinh Rathod |
|
|
|
Ranjitsinh Rathod
Hi Armin,
I understand that we are not upgrading versions on the LTS branch, but this series of upgrades fixing the below CVEs. CVE-2019-19911 CVE-2020-10177 CVE-2020-10378 CVE-2020-10379 CVE-2020-10994 CVE-2020-11538 CVE-2020-35653 CVE-2020-35654 CVE-2020-35655 CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 CVE-2021-23437 CVE-2021-25287 CVE-2021-25288 CVE-2021-25289 CVE-2021-25290 CVE-2021-25291 CVE-2021-25292 CVE-2021-25293 CVE-2021-27921 CVE-2021-27922 CVE-2021-27923 CVE-2021-28675 CVE-2021-28676 CVE-2021-28677 CVE-2021-28678 CVE-2021-34552 CVE-2022-22815 CVE-2022-22816 CVE-2022-22817 CVE-2022-24303 To solve these many CVEs by applying a patch would be really tough and maintaining patches too. What is your opinion here? Thanks, Ranjitsinh Rathod |
|
|
|
On 6/1/22 05:25, Ranjitsinh Rathod wrote:
From: Leon Anavi <leon.anavi@...>This appears to be more than a bug fix only update. This series of changes are not suited for a stable release. Thanks for thinking about this LTS release. -armin
|
|
|
|
Ranjitsinh Rathod
From: Leon Anavi <leon.anavi@...>
Upgrade to release 7.2.0: - Do not convert I;16 images when showing PNGs - Fixed ICNS file pointer saving - Fixed loading non-RGBA mode APNGs with dispose background - Deprecated _showxv - Deprecate Image.show(command="...") - Updated JPEG magic number - Change STRIPBYTECOUNTS to LONG if necessary when saving - Write JFIF header when saving JPEG - Replaced tiff_jpeg with jpeg compression when saving TIFF images - Writing TIFF tags: improved BYTE, added UNDEFINED - Consider transparency when pasting text on an RGBA image - Added method argument to single frame WebP saving - Use ImageFileDirectory_v2 in Image.Exif - Corrected reading EXIF metadata without prefix - Fixed drawing a jointed line with a sequence of numeric values - Added support for 1-D NumPy arrays - Parse orientation from XMP tags - Speed up text layout by not rendering glyphs - Fixed ZeroDivisionError in Image.thumbnail - Replaced TiffImagePlugin DEBUG with logging - Fix repeatedly loading .gbr - JPEG: Truncate icclist instead of setting to None - Fixes default offset for Exif - Fixed bug when unpickling TIFF images - Fix pickling WebP - Replace IOError and WindowsError aliases with OSError License-Update: Word wrap and updated copyright year. Conflicts: meta-python/recipes-devtools/python/python3-pillow_7.2.0.bb Conflicts due to extra parameter protocol=https in SRC_URI Signed-off-by: Leon Anavi <leon.anavi@...> Acked-by: Trevor Gamblin <trevor.gamblin@...> Signed-off-by: Khem Raj <raj.khem@...> (cherry picked from commit 995fc86b298d5b09fdd6288b9e9f4211feea3b18) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@...> --- .../0001-explicitly-set-compile-options.patch | 19 +++++++++++-------- ...illow_6.2.1.bb => python3-pillow_7.2.0.bb} | 6 +++--- 2 files changed, 14 insertions(+), 11 deletions(-) rename meta-python/recipes-devtools/python/{python3-pillow_6.2.1.bb => python3-pillow_7.2.0.bb} (78%) diff --git a/meta-python/recipes-devtools/python/python3-pillow/0001-explicitly-set-compile-options.patch b/meta-python/recipes-devtools/python/python3-pillow/0001-explicitly-set-compile-options.patch index 35aee42145..005fea5c66 100644 --- a/meta-python/recipes-devtools/python/python3-pillow/0001-explicitly-set-compile-options.patch +++ b/meta-python/recipes-devtools/python/python3-pillow/0001-explicitly-set-compile-options.patch @@ -1,6 +1,6 @@ -From 862a981ce462cd83a99e3db9faeeda1f8c64983f Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@...> -Date: Mon, 18 Mar 2019 23:23:55 -0400 +From 27bfa4028453dc79a72569823e97da8fd1994ffc Mon Sep 17 00:00:00 2001 +From: Leon Anavi <leon.anavi@...> +Date: Tue, 1 Sep 2020 11:53:53 +0000 Subject: [PATCH] explicitly set compile options OE does not support to install egg package, so @@ -10,19 +10,19 @@ explicitly set build_ext options for oe-core's Upstream-Status: Inappropriate [oe specific] Signed-off-by: Hongxu Jia <hongxu.jia@...> - +Signed-off-by: Leon Anavi <leon.anavi@...> --- setup.cfg | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/setup.cfg b/setup.cfg -index 1c6ebc84..1ccc3d69 100644 +index 19979cf7..ed27dfe1 100644 --- a/setup.cfg +++ b/setup.cfg -@@ -13,3 +13,15 @@ multi_line_output = 3 - +@@ -11,3 +11,15 @@ multi_line_output = 3 [tool:pytest] - addopts = -rs + addopts = -ra --color=yes + testpaths = Tests + +[build_ext] +disable-platform-guessing = 1 @@ -35,3 +35,6 @@ index 1c6ebc84..1ccc3d69 100644 +disable-webp = 1 +disable-webpmux = 1 +disable-imagequant = 1 +-- +2.17.1 + diff --git a/meta-python/recipes-devtools/python/python3-pillow_6.2.1.bb b/meta-python/recipes-devtools/python/python3-pillow_7.2.0.bb similarity index 78% rename from meta-python/recipes-devtools/python/python3-pillow_6.2.1.bb rename to meta-python/recipes-devtools/python/python3-pillow_7.2.0.bb index 80b7e941ae..28aaff8060 100644 --- a/meta-python/recipes-devtools/python/python3-pillow_6.2.1.bb +++ b/meta-python/recipes-devtools/python/python3-pillow_7.2.0.bb @@ -3,13 +3,13 @@ Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and \ Contributors." HOMEPAGE = "https://pillow.readthedocs.io" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=55c0f320370091249c1755c0d2b48e89" +LIC_FILES_CHKSUM = "file://LICENSE;md5=ea2dc3f5611e69058503d4b940049d03" -SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=6.2.x;protocol=https \ +SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=7.2.x;protocol=https \ file://0001-support-cross-compiling.patch \ file://0001-explicitly-set-compile-options.patch \ " -SRCREV ?= "6e0f07bbe38def22d36ee176b2efd9ea74b453a6" +SRCREV ?= "2bd74943fb9f320def6c066e732b701d1c15f677" inherit setuptools3 -- 2.17.1 |
|
|