summaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
authorHugo Buddelmeijer <hugo@buddelmeijer.nl>2026-03-16 14:32:21 +0100
committerSharlatan Hellseher <sharlatanus@gmail.com>2026-05-18 14:36:10 +0100
commit7dad3662848ffb4587a269fc28efba8cd04dfd02 (patch)
tree6764ac6197ecf39758e2a8139af3aba606a88540 /gnu
parentea5b5296127639ffaf0cc29ec2d2dde31114c743 (diff)
gnu: python-pillow: Update to 12.1.1 [security-fixes].
Release notes since 11.1.0 (2025-01-02): - 12.1.1 (2026-02-11) <https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html>. - 12.1.0 (2026-01-02) <https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html>. - 12.0.0 (2025-10-15) <https://pillow.readthedocs.io/en/stable/releasenotes/12.0.0.html>. - 11.3.0 (2025-07-01) <https://pillow.readthedocs.io/en/stable/releasenotes/11.3.0.html>. - 11.2.1 (2025-04-12) <https://pillow.readthedocs.io/en/stable/releasenotes/11.2.1.html>. Containes fixes for: CVE-2026-25990: Out-of-bounds write vulnerability in Pillow (Python imaging library) affecting versions 10.3.0 through 12.1.0. The vulnerability can be triggered when loading specially crafted PSD image files. CVE 2025-48379: Write buffer overflow on BCn encoding. CVE-2021-25289: Heap-based Buffer Overflow. * gnu/packages/python-xyz.scm (python-pillow): Update to 12.1.1. [source]: Switch to git-fetch. [native-inputs]: Add pybind11. [home-page]: Update URL. [license]: Switch to MIT-CMU license. Merges: https://codeberg.org/guix/guix/pulls/7218 Change-Id: I5b13dca66aeb7efdfcc44c8c144b6c64601d9b1e Reviewed-by: Nguyễn Gia Phong <cnx@loang.net> Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages/python-xyz.scm20
1 files changed, 12 insertions, 8 deletions
diff --git a/gnu/packages/python-xyz.scm b/gnu/packages/python-xyz.scm
index e7757c469a..1c8e9933af 100644
--- a/gnu/packages/python-xyz.scm
+++ b/gnu/packages/python-xyz.scm
@@ -13398,13 +13398,16 @@ Python list with elements of type @code{PIL.Image} (from the
(define-public python-pillow
(package
(name "python-pillow")
- (version "11.1.0")
+ (version "12.1.1")
(source
(origin
- (method url-fetch)
- (uri (pypi-uri "pillow" version))
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/python-pillow/Pillow")
+ (commit version)))
+ (file-name (git-file-name name version))
(sha256
- (base32 "081abgpz7g013cgzz7pjhmf8m7q626ngza4hnfs76vdk104ag39n"))))
+ (base32 "1g374rklljx0941j6d1gib9pgcq3scmqw9psqaj2c7m8pilqsn9n"))))
(build-system pyproject-build-system)
(arguments
(list
@@ -13420,7 +13423,8 @@ Python list with elements of type @code{PIL.Image} (from the
(setenv "HOME" (getcwd))
(invoke "python" "selftest.py" "--installed")
(invoke "python" "-m" "pytest" "-vv")))))))
- (native-inputs (list python-defusedxml
+ (native-inputs (list pybind11
+ python-defusedxml
python-markdown2
python-olefile
python-pytest
@@ -13433,7 +13437,7 @@ Python list with elements of type @code{PIL.Image} (from the
libwebp
openjpeg
zlib))
- (home-page "https://python-pillow.org")
+ (home-page "https://python-pillow.github.io/")
(synopsis "Fork of the Python Imaging Library")
(description
"The Python Imaging Library adds image processing capabilities to your
@@ -13444,8 +13448,8 @@ stored in a few basic pixel formats. It should provide a solid foundation for
a general image processing tool.")
(properties `((cpe-name . "pillow")))
(license (license:x11-style
- "http://www.pythonware.com/products/pil/license.htm"
- "The PIL Software License"))))
+ "https://github.com/python-pillow/Pillow/blob/12.1.1/LICENSE"
+ "MIT-CMU License"))))
(define-public python-pillow-heif
(package