diff options
| author | Hugo Buddelmeijer <hugo@buddelmeijer.nl> | 2026-03-16 14:32:21 +0100 |
|---|---|---|
| committer | Sharlatan Hellseher <sharlatanus@gmail.com> | 2026-05-18 14:36:10 +0100 |
| commit | 7dad3662848ffb4587a269fc28efba8cd04dfd02 (patch) | |
| tree | 6764ac6197ecf39758e2a8139af3aba606a88540 /gnu | |
| parent | ea5b5296127639ffaf0cc29ec2d2dde31114c743 (diff) | |
gnu: python-pillow: Update to 12.1.1 [security-fixes].
Release notes since 11.1.0 (2025-01-02):
- 12.1.1 (2026-02-11)
<https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html>.
- 12.1.0 (2026-01-02)
<https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html>.
- 12.0.0 (2025-10-15)
<https://pillow.readthedocs.io/en/stable/releasenotes/12.0.0.html>.
- 11.3.0 (2025-07-01)
<https://pillow.readthedocs.io/en/stable/releasenotes/11.3.0.html>.
- 11.2.1 (2025-04-12)
<https://pillow.readthedocs.io/en/stable/releasenotes/11.2.1.html>.
Containes fixes for:
CVE-2026-25990: Out-of-bounds write vulnerability in Pillow (Python
imaging library) affecting versions 10.3.0 through
12.1.0. The vulnerability can be triggered when loading
specially crafted PSD image files.
CVE 2025-48379: Write buffer overflow on BCn encoding.
CVE-2021-25289: Heap-based Buffer Overflow.
* gnu/packages/python-xyz.scm (python-pillow): Update to 12.1.1.
[source]: Switch to git-fetch.
[native-inputs]: Add pybind11.
[home-page]: Update URL.
[license]: Switch to MIT-CMU license.
Merges: https://codeberg.org/guix/guix/pulls/7218
Change-Id: I5b13dca66aeb7efdfcc44c8c144b6c64601d9b1e
Reviewed-by: Nguyễn Gia Phong <cnx@loang.net>
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
Diffstat (limited to 'gnu')
| -rw-r--r-- | gnu/packages/python-xyz.scm | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/gnu/packages/python-xyz.scm b/gnu/packages/python-xyz.scm index e7757c469a..1c8e9933af 100644 --- a/gnu/packages/python-xyz.scm +++ b/gnu/packages/python-xyz.scm @@ -13398,13 +13398,16 @@ Python list with elements of type @code{PIL.Image} (from the (define-public python-pillow (package (name "python-pillow") - (version "11.1.0") + (version "12.1.1") (source (origin - (method url-fetch) - (uri (pypi-uri "pillow" version)) + (method git-fetch) + (uri (git-reference + (url "https://github.com/python-pillow/Pillow") + (commit version))) + (file-name (git-file-name name version)) (sha256 - (base32 "081abgpz7g013cgzz7pjhmf8m7q626ngza4hnfs76vdk104ag39n")))) + (base32 "1g374rklljx0941j6d1gib9pgcq3scmqw9psqaj2c7m8pilqsn9n")))) (build-system pyproject-build-system) (arguments (list @@ -13420,7 +13423,8 @@ Python list with elements of type @code{PIL.Image} (from the (setenv "HOME" (getcwd)) (invoke "python" "selftest.py" "--installed") (invoke "python" "-m" "pytest" "-vv"))))))) - (native-inputs (list python-defusedxml + (native-inputs (list pybind11 + python-defusedxml python-markdown2 python-olefile python-pytest @@ -13433,7 +13437,7 @@ Python list with elements of type @code{PIL.Image} (from the libwebp openjpeg zlib)) - (home-page "https://python-pillow.org") + (home-page "https://python-pillow.github.io/") (synopsis "Fork of the Python Imaging Library") (description "The Python Imaging Library adds image processing capabilities to your @@ -13444,8 +13448,8 @@ stored in a few basic pixel formats. It should provide a solid foundation for a general image processing tool.") (properties `((cpe-name . "pillow"))) (license (license:x11-style - "http://www.pythonware.com/products/pil/license.htm" - "The PIL Software License")))) + "https://github.com/python-pillow/Pillow/blob/12.1.1/LICENSE" + "MIT-CMU License")))) (define-public python-pillow-heif (package |
