[meta-python][dunfell][PATCH 1/9] python3-pillow: Upgrade 6.2.1 -> 7.2.0

[meta-python][dunfell][PATCH 1/9] python3-pillow: Upgrade 6.2.1 -> 7.2.0

[Ranjitsinh Rathod]

From: Leon Anavi <leon.anavi@konsulko.com>

Upgrade to release 7.2.0:

- Do not convert I;16 images when showing PNGs
- Fixed ICNS file pointer saving
- Fixed loading non-RGBA mode APNGs with dispose background
- Deprecated _showxv
- Deprecate Image.show(command="...")
- Updated JPEG magic number
- Change STRIPBYTECOUNTS to LONG if necessary when saving
- Write JFIF header when saving JPEG
- Replaced tiff_jpeg with jpeg compression when saving TIFF images
- Writing TIFF tags: improved BYTE, added UNDEFINED
- Consider transparency when pasting text on an RGBA image
- Added method argument to single frame WebP saving
- Use ImageFileDirectory_v2 in Image.Exif
- Corrected reading EXIF metadata without prefix
- Fixed drawing a jointed line with a sequence of numeric values
- Added support for 1-D NumPy arrays
- Parse orientation from XMP tags
- Speed up text layout by not rendering glyphs
- Fixed ZeroDivisionError in Image.thumbnail
- Replaced TiffImagePlugin DEBUG with logging
- Fix repeatedly loading .gbr
- JPEG: Truncate icclist instead of setting to None
- Fixes default offset for Exif
- Fixed bug when unpickling TIFF images
- Fix pickling WebP
- Replace IOError and WindowsError aliases with OSError

License-Update: Word wrap and updated copyright year.

Conflicts:
	meta-python/recipes-devtools/python/python3-pillow_7.2.0.bb
Conflicts due to extra parameter protocol=https in SRC_URI

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 995fc86b298d5b09fdd6288b9e9f4211feea3b18)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
---
 .../0001-explicitly-set-compile-options.patch | 19 +++++++++++--------
 ...illow_6.2.1.bb => python3-pillow_7.2.0.bb} |  6 +++---
 2 files changed, 14 insertions(+), 11 deletions(-)
 rename meta-python/recipes-devtools/python/{python3-pillow_6.2.1.bb => python3-pillow_7.2.0.bb} (78%)

diff --git a/meta-python/recipes-devtools/python/python3-pillow/0001-explicitly-set-compile-options.patch b/meta-python/recipes-devtools/python/python3-pillow/0001-explicitly-set-compile-options.patch
index 35aee42145..005fea5c66 100644
--- a/meta-python/recipes-devtools/python/python3-pillow/0001-explicitly-set-compile-options.patch
+++ b/meta-python/recipes-devtools/python/python3-pillow/0001-explicitly-set-compile-options.patch
@@ -1,6 +1,6 @@
-From 862a981ce462cd83a99e3db9faeeda1f8c64983f Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Mon, 18 Mar 2019 23:23:55 -0400
+From 27bfa4028453dc79a72569823e97da8fd1994ffc Mon Sep 17 00:00:00 2001
+From: Leon Anavi <leon.anavi@konsulko.com>
+Date: Tue, 1 Sep 2020 11:53:53 +0000
 Subject: [PATCH] explicitly set compile options
 
 OE does not support to install egg package, so
@@ -10,19 +10,19 @@ explicitly set build_ext options for oe-core's
 Upstream-Status: Inappropriate [oe specific]
 
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
-
+Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
 ---
  setup.cfg | 12 ++++++++++++
  1 file changed, 12 insertions(+)
 
 diff --git a/setup.cfg b/setup.cfg
-index 1c6ebc84..1ccc3d69 100644
+index 19979cf7..ed27dfe1 100644
 --- a/setup.cfg
 +++ b/setup.cfg
-@@ -13,3 +13,15 @@ multi_line_output = 3
- 
+@@ -11,3 +11,15 @@ multi_line_output = 3
  [tool:pytest]
- addopts = -rs
+ addopts = -ra --color=yes
+ testpaths = Tests
 +
 +[build_ext]
 +disable-platform-guessing = 1
@@ -35,3 +35,6 @@ index 1c6ebc84..1ccc3d69 100644
 +disable-webp = 1
 +disable-webpmux = 1
 +disable-imagequant = 1
+-- 
+2.17.1
+
diff --git a/meta-python/recipes-devtools/python/python3-pillow_6.2.1.bb b/meta-python/recipes-devtools/python/python3-pillow_7.2.0.bb
similarity index 78%
rename from meta-python/recipes-devtools/python/python3-pillow_6.2.1.bb
rename to meta-python/recipes-devtools/python/python3-pillow_7.2.0.bb
index 80b7e941ae..28aaff8060 100644
--- a/meta-python/recipes-devtools/python/python3-pillow_6.2.1.bb
+++ b/meta-python/recipes-devtools/python/python3-pillow_7.2.0.bb
@@ -3,13 +3,13 @@ Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and \
 Contributors."
 HOMEPAGE = "https://pillow.readthedocs.io"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=55c0f320370091249c1755c0d2b48e89"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=ea2dc3f5611e69058503d4b940049d03"
 
-SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=6.2.x;protocol=https \
+SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=7.2.x;protocol=https \
            file://0001-support-cross-compiling.patch \
            file://0001-explicitly-set-compile-options.patch \
 "
-SRCREV ?= "6e0f07bbe38def22d36ee176b2efd9ea74b453a6"
+SRCREV ?= "2bd74943fb9f320def6c066e732b701d1c15f677"
 
 
 inherit setuptools3
-- 
2.17.1

[meta-python][dunfell][PATCH 2/9] python3-pillow: Upgrade 7.2.0 -> 8.1.0

[Ranjitsinh Rathod]

From: Leon Anavi <leon.anavi@konsulko.com>

Upgrade to release 8.1.0:

- Fix TIFF OOB Write error
- Fix for Buffer Read Overrun in PCX Decoding
- Fix for SGI Decode buffer overrun
- Fix OOB Read when saving GIF of xsize=1
- Add support for PySide6
- Moved QApplication into one test
- Use disposal settings from previous frame in APNG
- Revert "skip wheels on 3.10-dev due to wheel#354"
- Better _binary module use
- Added exception explaining that repr_png saves to PNG
- Use previous disposal method in GIF load_end
- Do not catch a ValueError only to raise another
- Allow putpalette to accept 1024 integers to include alpha values
- Fix OOB Read when writing TIFF with custom Metadata
- Removed unused variable
- Fix dereferencing of potential null pointers
- Fixed warnings assigning to "unsigned char *" from "char *"
- Add append_images support for ICO
- Fixed comparison warnings
- Block TIFFTAG_SUBIFD
- Fix dereferencing potential null pointer
- Replaced PyErr_NoMemory with ImagingError_MemoryError
- Remove duplicate code
- Moved warning to end of execution
- Removed unused fromstring and tostring C methods
- init() if one of the formats is unrecognised

License-Update: Updated copyright year

Conflicts:
	meta-python/recipes-devtools/python/python3-pillow_8.1.0.bb
Conflicts due to extra parameter protocol=https in SRC_URI

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ae76da9210b51485da995b51f7ed41e89471dea9)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
---
 .../0001-support-cross-compiling.patch        | 43 ++++++-------------
 ...illow_7.2.0.bb => python3-pillow_8.1.0.bb} |  7 ++-
 2 files changed, 16 insertions(+), 34 deletions(-)
 rename meta-python/recipes-devtools/python/{python3-pillow_7.2.0.bb => python3-pillow_8.1.0.bb} (78%)

diff --git a/meta-python/recipes-devtools/python/python3-pillow/0001-support-cross-compiling.patch b/meta-python/recipes-devtools/python/python3-pillow/0001-support-cross-compiling.patch
index 6de19ad87a..e4ba35b886 100644
--- a/meta-python/recipes-devtools/python/python3-pillow/0001-support-cross-compiling.patch
+++ b/meta-python/recipes-devtools/python/python3-pillow/0001-support-cross-compiling.patch
@@ -1,20 +1,21 @@
-From ae7c8d0336381dd4c10e809e9c8926f9deeafeb8 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Thu, 14 Mar 2019 03:48:10 -0400
+From cd09b6f68aa49c72e9a9bb0765e8c666238a7b7e Mon Sep 17 00:00:00 2001
+From: Leon Anavi <leon.anavi@konsulko.com>
+Date: Mon, 11 Jan 2021 13:25:12 +0000
 Subject: [PATCH] support cross compiling
 
 Upstream-Status: Inappropriate [oe specific]
 
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+Suggested-by: Hongxu Jia <hongxu.jia@windriver.com>
+Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
 ---
- setup.py | 13 +++----------
- 1 file changed, 3 insertions(+), 10 deletions(-)
+ setup.py | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
 
 diff --git a/setup.py b/setup.py
-index 5ceae344..07863340 100755
+index cbc2641c..302bc6e7 100755
 --- a/setup.py
 +++ b/setup.py
-@@ -105,7 +105,7 @@ _LIB_IMAGING = (
+@@ -123,7 +123,7 @@ _LIB_IMAGING = (
      "codec_fd",
  )
  
@@ -23,39 +24,21 @@ index 5ceae344..07863340 100755
  
  
  class DependencyException(Exception):
-@@ -396,21 +396,16 @@ class pil_build_ext(build_ext):
+@@ -408,12 +408,12 @@ class pil_build_ext(build_ext):
                      _add_directory(library_dirs, match.group(1))
  
          # include, rpath, if set as environment variables:
 -        for k in ("C_INCLUDE_PATH", "CPATH", "INCLUDE"):
-+        for k in ('C_INCLUDE_PATH', 'CPATH', 'INCLUDE', 'STAGING_INCDIR'):
++        for k in ("C_INCLUDE_PATH", "CPATH", "INCLUDE", "STAGING_INCDIR"):
              if k in os.environ:
                  for d in os.environ[k].split(os.path.pathsep):
                      _add_directory(include_dirs, d)
  
 -        for k in ("LD_RUN_PATH", "LIBRARY_PATH", "LIB"):
-+        for k in ('LD_RUN_PATH', 'LIBRARY_PATH', 'LIB', 'STAGING_LIBDIR'):
++        for k in ("LD_RUN_PATH", "LIBRARY_PATH", "LIB", "STAGING_LIBDIR"):
              if k in os.environ:
                  for d in os.environ[k].split(os.path.pathsep):
                      _add_directory(library_dirs, d)
- 
--        prefix = sysconfig.get_config_var("prefix")
--        if prefix:
--            _add_directory(library_dirs, os.path.join(prefix, "lib"))
--            _add_directory(include_dirs, os.path.join(prefix, "include"))
--
-         #
-         # add platform directories
- 
-@@ -469,8 +464,6 @@ class pil_build_ext(build_ext):
-             or sys.platform.startswith("gnu")
-             or sys.platform.startswith("freebsd")
-         ):
--            for dirname in _find_library_dirs_ldconfig():
--                _add_directory(library_dirs, dirname)
-             if sys.platform.startswith("linux") and os.environ.get(
-                 "ANDROID_ROOT", None
-             ):
 -- 
-2.20.1
+2.17.1
 
diff --git a/meta-python/recipes-devtools/python/python3-pillow_7.2.0.bb b/meta-python/recipes-devtools/python/python3-pillow_8.1.0.bb
similarity index 78%
rename from meta-python/recipes-devtools/python/python3-pillow_7.2.0.bb
rename to meta-python/recipes-devtools/python/python3-pillow_8.1.0.bb
index 28aaff8060..adbf639b39 100644
--- a/meta-python/recipes-devtools/python/python3-pillow_7.2.0.bb
+++ b/meta-python/recipes-devtools/python/python3-pillow_8.1.0.bb
@@ -3,14 +3,13 @@ Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and \
 Contributors."
 HOMEPAGE = "https://pillow.readthedocs.io"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=ea2dc3f5611e69058503d4b940049d03"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=0337b116233da4616ae9fdb130bf6f1a"
 
-SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=7.2.x;protocol=https \
+SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=8.1.x;protocol=https \
            file://0001-support-cross-compiling.patch \
            file://0001-explicitly-set-compile-options.patch \
 "
-SRCREV ?= "2bd74943fb9f320def6c066e732b701d1c15f677"
-
+SRCREV ?= "fcc42e0d344146ee9d265d1f43c094ce5a0ec4cf"
 
 inherit setuptools3
 
-- 
2.17.1

[meta-python][dunfell][PATCH 3/9] python3-pillow: 8.1.0 -> 8.1.2

[Ranjitsinh Rathod]

From: Kai Kang <kai.kang@windriver.com>

8.1.2 fixes:
* CVE-2021-27921
* CVE-2021-27922
* CVE-2021-27923

8.1.1 fixes:
* CVE-2021-25289
* CVE-2021-25290
* CVE-2021-25291
* CVE-2021-25292
* CVE-2021-25293

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bb0789998e8fc5d916808421aa88764a1463228d)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
---
 .../python/{python3-pillow_8.1.0.bb => python3-pillow_8.1.2.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-pillow_8.1.0.bb => python3-pillow_8.1.2.bb} (94%)

diff --git a/meta-python/recipes-devtools/python/python3-pillow_8.1.0.bb b/meta-python/recipes-devtools/python/python3-pillow_8.1.2.bb
similarity index 94%
rename from meta-python/recipes-devtools/python/python3-pillow_8.1.0.bb
rename to meta-python/recipes-devtools/python/python3-pillow_8.1.2.bb
index adbf639b39..de234b01fe 100644
--- a/meta-python/recipes-devtools/python/python3-pillow_8.1.0.bb
+++ b/meta-python/recipes-devtools/python/python3-pillow_8.1.2.bb
@@ -9,7 +9,7 @@ SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=8.1.x;protocol=https
            file://0001-support-cross-compiling.patch \
            file://0001-explicitly-set-compile-options.patch \
 "
-SRCREV ?= "fcc42e0d344146ee9d265d1f43c094ce5a0ec4cf"
+SRCREV ?= "88bd672dafad68b419ea29bef941dfa17f941038"
 
 inherit setuptools3
 
-- 
2.17.1

[meta-python][dunfell][PATCH 4/9] python3-pillow: Upgrade 8.1.2 -> 8.2.0

[Ranjitsinh Rathod]

From: Leon Anavi <leon.anavi@konsulko.com>

Upgrade to release 8.2.0:

- Added getxmp() method
- Add ImageShow support for GraphicsMagick
- Do not load transparent pixels from subsequent GIF frames
- Use LZW encoding when saving GIF images
- Set all transparent colors to be equal in quantize()
- Allow PixelAccess to use Python __int__ when parsing x and y
- Removed Image._MODEINFO
- Add preserve_tone option to autocontrast
- Fixed linear_gradient and radial_gradient I and F modes
- Add support for reading TIFFs with PlanarConfiguration=2
- Deprecated categories
- Do not premultiply alpha when resizing with Image.NEAREST
  resampling
- Dynamically link FriBiDi instead of Raqm
- Allow fewer PNG palette entries than the bit depth maximum when
  saving
- Use duration from info dictionary when saving WebP
- Stop flattening EXIF IFD into getexif()
- Replaced tiff_deflate with tiff_adobe_deflate compression when
  saving TIFF images
- Save ICC profile from TIFF encoderinfo
- Moved RGB fix inside ImageQt class
- Allow alpha_composite destination to be negative
- Ensure file is closed if it is opened by ImageQt.ImageQt
- Added ImageDraw rounded_rectangle method
- Added IPythonViewer
- Only draw each rectangle outline pixel once
- Use mmap instead of built-in Win32 mapper
- Handle PCX images with an odd stride
- Only read different sizes for "Large Thumbnail" MPO frames
- Added PyQt6 support
- Changed Image.open formats parameter to be case-insensitive
- Deprecate Tk/Tcl 8.4, to be removed in Pillow 10 (2023-01-02)
- Added tk version to pilinfo
- Support for ignoring tests when running valgrind
- OSS-Fuzz support

Conflicts:
	meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb
Conflicts due to extra parameter protocol=https in SRC_URI

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 0fc9235bbb8f4df0ac7b33f0b875e1fc36e1e563)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
---
 .../{python3-pillow_8.1.2.bb => python3-pillow_8.2.0.bb}      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-python/recipes-devtools/python/{python3-pillow_8.1.2.bb => python3-pillow_8.2.0.bb} (86%)

diff --git a/meta-python/recipes-devtools/python/python3-pillow_8.1.2.bb b/meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb
similarity index 86%
rename from meta-python/recipes-devtools/python/python3-pillow_8.1.2.bb
rename to meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb
index de234b01fe..9a9a843b48 100644
--- a/meta-python/recipes-devtools/python/python3-pillow_8.1.2.bb
+++ b/meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb
@@ -5,11 +5,11 @@ HOMEPAGE = "https://pillow.readthedocs.io"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=0337b116233da4616ae9fdb130bf6f1a"
 
-SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=8.1.x;protocol=https \
+SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=8.2.x;protocol=https \
            file://0001-support-cross-compiling.patch \
            file://0001-explicitly-set-compile-options.patch \
 "
-SRCREV ?= "88bd672dafad68b419ea29bef941dfa17f941038"
+SRCREV ?= "e0e353c0ef7516979a9aedce3792596649ce4433"
 
 inherit setuptools3
 
-- 
2.17.1

[meta-python][dunfell][PATCH 5/9] python3-pillow: Upgrade 8.2.0 -> 8.3.1

[Ranjitsinh Rathod]

From: Leon Anavi <leon.anavi@konsulko.com>

Upgrade to release 8.3.1:

- Catch OSError when checking if fp is sys.stdout
- Handle removing orientation from alternate types of EXIF data
- Make Image.__array__ take optional dtype argument

Conflicts:
	meta-python/recipes-devtools/python/python3-pillow_8.3.1.bb
Conflicts due to extra parameter protocol=https in SRC_URI

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit a5fc60071f0a0a16096792c4e1970d31f5964539)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
---
 .../{python3-pillow_8.2.0.bb => python3-pillow_8.3.1.bb}      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-python/recipes-devtools/python/{python3-pillow_8.2.0.bb => python3-pillow_8.3.1.bb} (86%)

diff --git a/meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb b/meta-python/recipes-devtools/python/python3-pillow_8.3.1.bb
similarity index 86%
rename from meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb
rename to meta-python/recipes-devtools/python/python3-pillow_8.3.1.bb
index 9a9a843b48..1e954fcfa1 100644
--- a/meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb
+++ b/meta-python/recipes-devtools/python/python3-pillow_8.3.1.bb
@@ -5,11 +5,11 @@ HOMEPAGE = "https://pillow.readthedocs.io"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=0337b116233da4616ae9fdb130bf6f1a"
 
-SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=8.2.x;protocol=https \
+SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=8.3.x;protocol=https \
            file://0001-support-cross-compiling.patch \
            file://0001-explicitly-set-compile-options.patch \
 "
-SRCREV ?= "e0e353c0ef7516979a9aedce3792596649ce4433"
+SRCREV ?= "92933b86574b9c80764bf52c357ed29e1ef53382"
 
 inherit setuptools3
 
-- 
2.17.1

[meta-python][dunfell][PATCH 7/9] python3-pillow: Upgrade 8.3.2 -> 9.0.0

[Ranjitsinh Rathod]

From: Leon Anavi <leon.anavi@konsulko.com>

Upgrade to release 9.0.0:

- Restrict builtins for ImageMath.eval()
- Ensure JpegImagePlugin stops at the end of a truncated file
- Fixed ImagePath.Path array handling
- Remove consecutive duplicate tiles that only differ by their
  offset
- Removed redundant part of condition
- Explicitly enable strip chopping for large uncompressed TIFFs
- Use the Windows method to get TCL functions on Cygwin
- Changed error type to allow for incremental WebP parsing
- Improved I;16 operations on big endian
- Ensure that BMP pixel data offset does not ignore palette
- Limit quantized palette to number of colors
- Use latin1 encoding to decode bytes
- Fixed palette index for zeroed color in FASTOCTREE quantize
- When saving RGBA to GIF, make use of first transparent palette
  entry
- Pass SAMPLEFORMAT to libtiff
- Added rounding when converting P and PA
- Improved putdata() documentation and data handling
- Exclude carriage return in PDF regex to help prevent ReDoS
- Image.NONE is only used for resampling and dithers
- Fixed freeing pointer in ImageDraw.Outline.transform
- Add Tidelift alignment action and badge
- Replaced further direct invocations of setup.py
- Added ImageShow support for xdg-open
- Switched from deprecated "setup.py install" to "pip install ."
- Support 16-bit grayscale ImageQt conversion
- Fixed raising OSError in _safe_read when size is greater than
  SAFEBLOCK
- Convert subsequent GIF frames to RGB or RGBA
- WebP: Fix memory leak during decoding on failure
- Do not prematurely return in ImageFile when saving to stdout
- Added support for top right and bottom right TGA orientations
- Corrected ICNS file length in header
- Block tile TIFF tags when saving
- Added line width argument to ImageDraw polygon
- Do not redeclare class each time when converting to NumPy
- Only prevent repeated polygon pixels when drawing with
  transparency
- Fix pushes_fd method signature
- Add support for pickling TrueType fonts
- Only prefer command line tools SDK on macOS over default
  MacOSX SDK
- Fix compilation on 64-bit Termux
- Replace 'setup.py sdist' with '-m build --sdist'
- Use declarative package configuration
- Use title for display in ImageShow
- Fix for PyQt6
- Rename master to main

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit f41b3757dddfc1b950f0d21de3af6b81167cd3ba)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
---
 .../{python3-pillow_8.3.2.bb => python3-pillow_9.0.0.bb}    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 rename meta-python/recipes-devtools/python/{python3-pillow_8.3.2.bb => python3-pillow_9.0.0.bb} (78%)

diff --git a/meta-python/recipes-devtools/python/python3-pillow_8.3.2.bb b/meta-python/recipes-devtools/python/python3-pillow_9.0.0.bb
similarity index 78%
rename from meta-python/recipes-devtools/python/python3-pillow_8.3.2.bb
rename to meta-python/recipes-devtools/python/python3-pillow_9.0.0.bb
index 3e3214f142..e522269927 100644
--- a/meta-python/recipes-devtools/python/python3-pillow_8.3.2.bb
+++ b/meta-python/recipes-devtools/python/python3-pillow_9.0.0.bb
@@ -3,13 +3,13 @@ Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and \
 Contributors."
 HOMEPAGE = "https://pillow.readthedocs.io"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=0337b116233da4616ae9fdb130bf6f1a"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=ad081a0aede51e89f8da13333a8fb849"
 
-SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=8.3.x;protocol=https \
+SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=9.0.x;protocol=https \
            file://0001-support-cross-compiling.patch \
            file://0001-explicitly-set-compile-options.patch \
 "
-SRCREV ?= "8013f130a5077b238a4346b73e149432b180a8ea"
+SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8"
 
 inherit setuptools3
 
-- 
2.17.1

[meta-python][dunfell][PATCH 8/9] python3-pillow: fix wheel build

[Ranjitsinh Rathod]

From: Tim Orling <ticotimo@gmail.com>

Recipe does not inherit pypi nor would PN resolve to the name of the
wheel so we must set PIP_INSTALL_PACKAGE appropriately.

The recipe also builds its wheel in ${S}/dist so we must set
PIP_INSTALL_DIST_PATH appropriately.

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit b56940049dfa1968d5e0325ea3b2fe024a3aa34b)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
---
 meta-python/recipes-devtools/python/python3-pillow_9.0.0.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-python/recipes-devtools/python/python3-pillow_9.0.0.bb b/meta-python/recipes-devtools/python/python3-pillow_9.0.0.bb
index e522269927..346071d1ca 100644
--- a/meta-python/recipes-devtools/python/python3-pillow_9.0.0.bb
+++ b/meta-python/recipes-devtools/python/python3-pillow_9.0.0.bb
@@ -13,6 +13,9 @@ SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8"
 
 inherit setuptools3
 
+PIP_INSTALL_PACKAGE = "Pillow"
+PIP_INSTALL_DIST_PATH = "${S}/dist"
+
 DEPENDS += " \
     zlib \
     jpeg \
-- 
2.17.1

[meta-python][dunfell][PATCH 9/9] python3-pillow: upgrade 9.0.0 -> 9.0.1

[Ranjitsinh Rathod]

From: Xu Huan <xuhuan.fnst@fujitsu.com>

changelog:

In show_file, use os.remove to remove temporary images. CVE-2022-24303
Restrict builtins within lambdas for ImageMath.eval. CVE-2022-22817

Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 91e1461a2844e7d82287b7b9b3212678bcf67408)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
---
 .../python/{python3-pillow_9.0.0.bb => python3-pillow_9.0.1.bb} | 2 ++
 1 file changed, 2 insertions(+)
 rename meta-python/recipes-devtools/python/{python3-pillow_9.0.0.bb => python3-pillow_9.0.1.bb} (94%)

diff --git a/meta-python/recipes-devtools/python/python3-pillow_9.0.0.bb b/meta-python/recipes-devtools/python/python3-pillow_9.0.1.bb
similarity index 94%
rename from meta-python/recipes-devtools/python/python3-pillow_9.0.0.bb
rename to meta-python/recipes-devtools/python/python3-pillow_9.0.1.bb
index 346071d1ca..1f0fdfa349 100644
--- a/meta-python/recipes-devtools/python/python3-pillow_9.0.0.bb
+++ b/meta-python/recipes-devtools/python/python3-pillow_9.0.1.bb
@@ -38,3 +38,5 @@ S = "${WORKDIR}/git"
 RPROVIDES_${PN} += "python3-imaging"
 
 BBCLASSEXTEND = "native"
+
+SRCREV = "6deac9e3a23caffbfdd75c00d3f0a1cd36cdbd5d"
-- 
2.17.1

Re: [meta-python][dunfell][PATCH 8/9] python3-pillow: fix wheel build

[Tim Orling]

[-- Attachment #1: Type: text/plain, Size: 1709 bytes --]

On Wed, Jun 1, 2022 at 5:26 AM Ranjitsinh Rathod <
ranjitsinhrathod1991@gmail.com> wrote:

> From: Tim Orling <ticotimo@gmail.com>
>
> Recipe does not inherit pypi nor would PN resolve to the name of the
> wheel so we must set PIP_INSTALL_PACKAGE appropriately.
>
> The recipe also builds its wheel in ${S}/dist so we must set
> PIP_INSTALL_DIST_PATH appropriately.
>
> Signed-off-by: Tim Orling <tim.orling@konsulko.com>
> Signed-off-by: Khem Raj <raj.khem@gmail.com>
> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
> (cherry picked from commit b56940049dfa1968d5e0325ea3b2fe024a3aa34b)
> Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
>

Nacked-by: Tim Orling <ticotimo@gmail.com>
NO. We do not do version upgrades in stable branches and the wheel
infrastructure is only supported in 'kirkstone'+.

You can create a mixin layer for the upgrade if you require a newer
version. But we WILL NOT take this into meta-openembedded/meta-python.



> ---
>  meta-python/recipes-devtools/python/python3-pillow_9.0.0.bb | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/meta-python/recipes-devtools/python/python3-pillow_9.0.0.bb
> b/meta-python/recipes-devtools/python/python3-pillow_9.0.0.bb
> index e522269927..346071d1ca 100644
> --- a/meta-python/recipes-devtools/python/python3-pillow_9.0.0.bb
> +++ b/meta-python/recipes-devtools/python/python3-pillow_9.0.0.bb
> @@ -13,6 +13,9 @@ SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8"
>
>  inherit setuptools3
>
> +PIP_INSTALL_PACKAGE = "Pillow"
> +PIP_INSTALL_DIST_PATH = "${S}/dist"
> +
>  DEPENDS += " \
>      zlib \
>      jpeg \
> --
> 2.17.1
>
>

[-- Attachment #2: Type: text/html, Size: 3245 bytes --]

Re: [meta-python][dunfell][PATCH 1/9] python3-pillow: Upgrade 6.2.1 -> 7.2.0

[akuster808]

On 6/1/22 05:25, Ranjitsinh Rathod wrote:
> From: Leon Anavi <leon.anavi@konsulko.com>
>
> Upgrade to release 7.2.0:
>
> - Do not convert I;16 images when showing PNGs
> - Fixed ICNS file pointer saving
> - Fixed loading non-RGBA mode APNGs with dispose background
> - Deprecated _showxv
> - Deprecate Image.show(command="...")
> - Updated JPEG magic number
> - Change STRIPBYTECOUNTS to LONG if necessary when saving
> - Write JFIF header when saving JPEG
> - Replaced tiff_jpeg with jpeg compression when saving TIFF images
> - Writing TIFF tags: improved BYTE, added UNDEFINED
> - Consider transparency when pasting text on an RGBA image
> - Added method argument to single frame WebP saving
> - Use ImageFileDirectory_v2 in Image.Exif
> - Corrected reading EXIF metadata without prefix
> - Fixed drawing a jointed line with a sequence of numeric values
> - Added support for 1-D NumPy arrays
> - Parse orientation from XMP tags
> - Speed up text layout by not rendering glyphs
> - Fixed ZeroDivisionError in Image.thumbnail
> - Replaced TiffImagePlugin DEBUG with logging
> - Fix repeatedly loading .gbr
> - JPEG: Truncate icclist instead of setting to None
> - Fixes default offset for Exif
> - Fixed bug when unpickling TIFF images
> - Fix pickling WebP
> - Replace IOError and WindowsError aliases with OSError

This appears to be more than a bug fix only update. This series of 
changes are not suited for a stable release.

Thanks for thinking about this LTS release.

-armin
>
> License-Update: Word wrap and updated copyright year.
>
> Conflicts:
> 	meta-python/recipes-devtools/python/python3-pillow_7.2.0.bb
> Conflicts due to extra parameter protocol=https in SRC_URI
>
> Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
> Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com>
> Signed-off-by: Khem Raj <raj.khem@gmail.com>
> (cherry picked from commit 995fc86b298d5b09fdd6288b9e9f4211feea3b18)
> Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
> ---
>   .../0001-explicitly-set-compile-options.patch | 19 +++++++++++--------
>   ...illow_6.2.1.bb => python3-pillow_7.2.0.bb} |  6 +++---
>   2 files changed, 14 insertions(+), 11 deletions(-)
>   rename meta-python/recipes-devtools/python/{python3-pillow_6.2.1.bb => python3-pillow_7.2.0.bb} (78%)
>
> diff --git a/meta-python/recipes-devtools/python/python3-pillow/0001-explicitly-set-compile-options.patch b/meta-python/recipes-devtools/python/python3-pillow/0001-explicitly-set-compile-options.patch
> index 35aee42145..005fea5c66 100644
> --- a/meta-python/recipes-devtools/python/python3-pillow/0001-explicitly-set-compile-options.patch
> +++ b/meta-python/recipes-devtools/python/python3-pillow/0001-explicitly-set-compile-options.patch
> @@ -1,6 +1,6 @@
> -From 862a981ce462cd83a99e3db9faeeda1f8c64983f Mon Sep 17 00:00:00 2001
> -From: Hongxu Jia <hongxu.jia@windriver.com>
> -Date: Mon, 18 Mar 2019 23:23:55 -0400
> +From 27bfa4028453dc79a72569823e97da8fd1994ffc Mon Sep 17 00:00:00 2001
> +From: Leon Anavi <leon.anavi@konsulko.com>
> +Date: Tue, 1 Sep 2020 11:53:53 +0000
>   Subject: [PATCH] explicitly set compile options
>   
>   OE does not support to install egg package, so
> @@ -10,19 +10,19 @@ explicitly set build_ext options for oe-core's
>   Upstream-Status: Inappropriate [oe specific]
>   
>   Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
> -
> +Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
>   ---
>    setup.cfg | 12 ++++++++++++
>    1 file changed, 12 insertions(+)
>   
>   diff --git a/setup.cfg b/setup.cfg
> -index 1c6ebc84..1ccc3d69 100644
> +index 19979cf7..ed27dfe1 100644
>   --- a/setup.cfg
>   +++ b/setup.cfg
> -@@ -13,3 +13,15 @@ multi_line_output = 3
> -
> +@@ -11,3 +11,15 @@ multi_line_output = 3
>    [tool:pytest]
> - addopts = -rs
> + addopts = -ra --color=yes
> + testpaths = Tests
>   +
>   +[build_ext]
>   +disable-platform-guessing = 1
> @@ -35,3 +35,6 @@ index 1c6ebc84..1ccc3d69 100644
>   +disable-webp = 1
>   +disable-webpmux = 1
>   +disable-imagequant = 1
> +--
> +2.17.1
> +
> diff --git a/meta-python/recipes-devtools/python/python3-pillow_6.2.1.bb b/meta-python/recipes-devtools/python/python3-pillow_7.2.0.bb
> similarity index 78%
> rename from meta-python/recipes-devtools/python/python3-pillow_6.2.1.bb
> rename to meta-python/recipes-devtools/python/python3-pillow_7.2.0.bb
> index 80b7e941ae..28aaff8060 100644
> --- a/meta-python/recipes-devtools/python/python3-pillow_6.2.1.bb
> +++ b/meta-python/recipes-devtools/python/python3-pillow_7.2.0.bb
> @@ -3,13 +3,13 @@ Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and \
>   Contributors."
>   HOMEPAGE = "https://pillow.readthedocs.io"
>   LICENSE = "MIT"
> -LIC_FILES_CHKSUM = "file://LICENSE;md5=55c0f320370091249c1755c0d2b48e89"
> +LIC_FILES_CHKSUM = "file://LICENSE;md5=ea2dc3f5611e69058503d4b940049d03"
>   
> -SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=6.2.x;protocol=https \
> +SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=7.2.x;protocol=https \
>              file://0001-support-cross-compiling.patch \
>              file://0001-explicitly-set-compile-options.patch \
>   "
> -SRCREV ?= "6e0f07bbe38def22d36ee176b2efd9ea74b453a6"
> +SRCREV ?= "2bd74943fb9f320def6c066e732b701d1c15f677"
>   
>   
>   inherit setuptools3

Re: [meta-python][dunfell][PATCH 1/9] python3-pillow: Upgrade 6.2.1 -> 7.2.0

[Ranjitsinh Rathod]

[-- Attachment #1: Type: text/plain, Size: 2562 bytes --]

Hi Armin,

I understand that we are not upgrading versions on the LTS branch, but this series of upgrades fixing the below CVEs.
CVE-2019 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2019 ) -19911 CVE-2020 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2020 ) -10177 CVE-2020 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2020 ) -10378 CVE-2020 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2020 ) -10379 CVE-2020 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2020 ) -10994 CVE-2020 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2020 ) -11538 CVE-2020 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2020 ) -35653 CVE-2020 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2020 ) -35654 CVE-2020 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2020 ) -35655 CVE-2020 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2020 ) -5310 CVE-2020 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2020 ) -5311 CVE-2020 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2020 ) -5312 CVE-2020 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2020 ) -5313 CVE-2021 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2021 ) -23437 CVE-2021 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2021 ) -25287 CVE-2021 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2021 ) -25288 CVE-2021 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2021 ) -25289 CVE-2021 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2021 ) -25290 CVE-2021 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2021 ) -25291 CVE-2021 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2021 ) -25292 CVE-2021 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2021 ) -25293 CVE-2021 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2021 ) -27921 CVE-2021 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2021 ) -27922 CVE-2021 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2021 ) -27923 CVE-2021 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2021 ) -28675 CVE-2021 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2021 ) -28676 CVE-2021 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2021 ) -28677 CVE-2021 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2021 ) -28678 CVE-2021 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2021 ) -34552 CVE-2022 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2022 ) -22815 CVE-2022 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2022 ) -22816 CVE-2022 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2022 ) -22817 CVE-2022 ( https://asc.bmwgroup.net/mgujira/browse/CVE-2022 ) -24303

To solve these many CVEs by applying a patch would be really tough and maintaining patches too. What is your opinion here?

Thanks,
Ranjitsinh Rathod

[-- Attachment #2: Type: text/html, Size: 9860 bytes --]

Re: [meta-python][dunfell][PATCH 1/9] python3-pillow: Upgrade 6.2.1 -> 7.2.0

[Ranjitsinh Rathod]

[-- Attachment #1: Type: text/plain, Size: 562 bytes --]

CVE-2019-19911 CVE-2020-10177 CVE-2020-10378 CVE-2020-10379
CVE-2020-10994 CVE-2020-11538 CVE-2020-35653 CVE-2020-35654
CVE-2020-35655 CVE-2020-5310 CVE-2020-5311 CVE-2020-5312
CVE-2020-5313 CVE-2021-23437 CVE-2021-25287 CVE-2021-25288
CVE-2021-25289 CVE-2021-25290 CVE-2021-25291 CVE-2021-25292
CVE-2021-25293 CVE-2021-27921 CVE-2021-27922 CVE-2021-27923
CVE-2021-28675 CVE-2021-28676 CVE-2021-28677 CVE-2021-28678
CVE-2021-34552 CVE-2022-22815 CVE-2022-22816 CVE-2022-22817
CVE-2022-24303

above is the exact CVE list.

Thanks,
Ranjitsinh Rathod

[-- Attachment #2: Type: text/html, Size: 681 bytes --]

Re: [oe] [meta-python][dunfell][PATCH 1/9] python3-pillow: Upgrade 6.2.1 -> 7.2.0

[Khem Raj]

[-- Attachment #1: Type: text/plain, Size: 3217 bytes --]

What changes are there in new version is there anything of concern ?
Sometimes we may be fine to bump a revision of it only contains smaller
fixes

On Wed, Jun 1, 2022 at 11:30 PM Ranjitsinh Rathod <
ranjitsinhrathod1991@gmail.com> wrote:

> Hi Armin,
>
> I understand that we are not upgrading versions on the LTS branch, but
> this series of upgrades fixing the below CVEs.
> CVE-2019 <https://asc.bmwgroup.net/mgujira/browse/CVE-2019>-19911 CVE-2020
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2020>-10177 CVE-2020
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2020>-10378 CVE-2020
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2020>-10379 CVE-2020
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2020>-10994 CVE-2020
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2020>-11538 CVE-2020
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2020>-35653 CVE-2020
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2020>-35654 CVE-2020
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2020>-35655 CVE-2020
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2020>-5310 CVE-2020
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2020>-5311 CVE-2020
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2020>-5312 CVE-2020
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2020>-5313 CVE-2021
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2021>-23437 CVE-2021
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2021>-25287 CVE-2021
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2021>-25288 CVE-2021
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2021>-25289 CVE-2021
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2021>-25290 CVE-2021
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2021>-25291 CVE-2021
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2021>-25292 CVE-2021
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2021>-25293 CVE-2021
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2021>-27921 CVE-2021
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2021>-27922 CVE-2021
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2021>-27923 CVE-2021
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2021>-28675 CVE-2021
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2021>-28676 CVE-2021
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2021>-28677 CVE-2021
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2021>-28678 CVE-2021
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2021>-34552 CVE-2022
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2022>-22815 CVE-2022
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2022>-22816 CVE-2022
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2022>-22817 CVE-2022
> <https://asc.bmwgroup.net/mgujira/browse/CVE-2022>-24303
>
> To solve these many CVEs by applying a patch would be really tough and
> maintaining patches too. What is your opinion here?
>
> Thanks,
> Ranjitsinh Rathod
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#97380):
> https://lists.openembedded.org/g/openembedded-devel/message/97380
> Mute This Topic: https://lists.openembedded.org/mt/91473921/1997914
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [
> raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>

[-- Attachment #2: Type: text/html, Size: 11552 bytes --]

Re: [meta-python][dunfell][PATCH 1/9] python3-pillow: Upgrade 6.2.1 -> 7.2.0

[Ranjitsinh Rathod]

[-- Attachment #1: Type: text/plain, Size: 1412 bytes --]

Hi Khem,

I have sent the below patches for the upgrade python3-pillow to 9.0.1

https://lists.openembedded.org/g/openembedded-devel/message/97359
https://lists.openembedded.org/g/openembedded-devel/message/97360
https://lists.openembedded.org/g/openembedded-devel/message/97361
https://lists.openembedded.org/g/openembedded-devel/message/97362
https://lists.openembedded.org/g/openembedded-devel/message/97363
https://lists.openembedded.org/g/openembedded-devel/message/97364
https://lists.openembedded.org/g/openembedded-devel/message/97365
https://lists.openembedded.org/g/openembedded-devel/message/97366
https://lists.openembedded.org/g/openembedded-devel/message/97367

I have cherry-picked those from the master to fix all the CVEs mentioned in earlier thread. Also, each commit message has changelog included
$ git log origin/dunfell..upstream/master --oneline meta-python/recipes-devtools/python | grep "python3-pillow: " 91e1461a28 python3-pillow: upgrade 9.0.0 -> 9.0.1 b56940049d python3-pillow: fix wheel build f41b3757dd python3-pillow: Upgrade 8.3.2 -> 9.0.0 4b9bceea4c python3-pillow: upgrade 8.3.1 -> 8.3.2 a5fc60071f python3-pillow: Upgrade 8.2.0 -> 8.3.1 0fc9235bbb python3-pillow: Upgrade 8.1.2 -> 8.2.0 bb0789998e python3-pillow: 8.1.0 -> 8.1.2 ae76da9210 python3-pillow: Upgrade 7.2.0 -> 8.1.0 995fc86b29 python3-pillow: Upgrade 6.2.1 -> 7.2.0

Thanks,
Ranjitsinh Rathod

[-- Attachment #2: Type: text/html, Size: 1788 bytes --]