All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] package/python-pillow: bump to version 9.0.1
@ 2022-02-22 11:33 Angelo Compagnucci
  2022-03-12 17:07 ` Arnout Vandecappelle
  2022-03-19 19:11 ` Peter Korsgaard
  0 siblings, 2 replies; 4+ messages in thread
From: Angelo Compagnucci @ 2022-02-22 11:33 UTC (permalink / raw)
  To: buildroot; +Cc: Angelo Compagnucci

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
---
 package/python-pillow/python-pillow.hash | 4 ++--
 package/python-pillow/python-pillow.mk   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/python-pillow/python-pillow.hash b/package/python-pillow/python-pillow.hash
index f3ca8e6014..88a5d7cada 100644
--- a/package/python-pillow/python-pillow.hash
+++ b/package/python-pillow/python-pillow.hash
@@ -1,6 +1,6 @@
 # md5, sha256 from https://pypi.org/pypi/pillow/json
-md5  c5af6e413d2fe9247cf16ce25c816b14  Pillow-9.0.0.tar.gz
-sha256  ee6e2963e92762923956fe5d3479b1fdc3b76c83f290aad131a2f98c3df0593e  Pillow-9.0.0.tar.gz
+md5  8deffccb4f402df154fd2fd504d8487c  Pillow-9.0.1.tar.gz
+sha256  6c8bc8238a7dfdaf7a75f5ec5a663f4173f8c367e5a39f87e720495e1eed75fa  Pillow-9.0.1.tar.gz
 
 # Locally computed sha256 checksums
 sha256  a6554cb737ba6c9b47d3301f78de03b4ed0d3f08d6cf9400714f3d4c894f6943  LICENSE
diff --git a/package/python-pillow/python-pillow.mk b/package/python-pillow/python-pillow.mk
index 2f2e817882..901876e0ee 100644
--- a/package/python-pillow/python-pillow.mk
+++ b/package/python-pillow/python-pillow.mk
@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-PYTHON_PILLOW_VERSION = 9.0.0
-PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/b0/43/3e286c93b9fa20e233d53532cc419b5aad8a468d91065dbef4c846058834
+PYTHON_PILLOW_VERSION = 9.0.1
+PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/03/a3/f61a9a7ff7969cdef2a6e0383a346eb327495d20d25a2de5a088dbb543a6
 PYTHON_PILLOW_SOURCE = Pillow-$(PYTHON_PILLOW_VERSION).tar.gz
 PYTHON_PILLOW_LICENSE = HPND
 PYTHON_PILLOW_LICENSE_FILES = LICENSE
-- 
2.25.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/python-pillow: bump to version 9.0.1
  2022-02-22 11:33 [Buildroot] [PATCH] package/python-pillow: bump to version 9.0.1 Angelo Compagnucci
@ 2022-03-12 17:07 ` Arnout Vandecappelle
  2022-03-19 19:11 ` Peter Korsgaard
  1 sibling, 0 replies; 4+ messages in thread
From: Arnout Vandecappelle @ 2022-03-12 17:07 UTC (permalink / raw)
  To: Angelo Compagnucci, buildroot


On 22/02/2022 12:33, Angelo Compagnucci wrote:
> Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>

  Applied to master, thanks.

  Regards,
  Arnout

> ---
>   package/python-pillow/python-pillow.hash | 4 ++--
>   package/python-pillow/python-pillow.mk   | 4 ++--
>   2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/package/python-pillow/python-pillow.hash b/package/python-pillow/python-pillow.hash
> index f3ca8e6014..88a5d7cada 100644
> --- a/package/python-pillow/python-pillow.hash
> +++ b/package/python-pillow/python-pillow.hash
> @@ -1,6 +1,6 @@
>   # md5, sha256 from https://pypi.org/pypi/pillow/json
> -md5  c5af6e413d2fe9247cf16ce25c816b14  Pillow-9.0.0.tar.gz
> -sha256  ee6e2963e92762923956fe5d3479b1fdc3b76c83f290aad131a2f98c3df0593e  Pillow-9.0.0.tar.gz
> +md5  8deffccb4f402df154fd2fd504d8487c  Pillow-9.0.1.tar.gz
> +sha256  6c8bc8238a7dfdaf7a75f5ec5a663f4173f8c367e5a39f87e720495e1eed75fa  Pillow-9.0.1.tar.gz
>   
>   # Locally computed sha256 checksums
>   sha256  a6554cb737ba6c9b47d3301f78de03b4ed0d3f08d6cf9400714f3d4c894f6943  LICENSE
> diff --git a/package/python-pillow/python-pillow.mk b/package/python-pillow/python-pillow.mk
> index 2f2e817882..901876e0ee 100644
> --- a/package/python-pillow/python-pillow.mk
> +++ b/package/python-pillow/python-pillow.mk
> @@ -4,8 +4,8 @@
>   #
>   ################################################################################
>   
> -PYTHON_PILLOW_VERSION = 9.0.0
> -PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/b0/43/3e286c93b9fa20e233d53532cc419b5aad8a468d91065dbef4c846058834
> +PYTHON_PILLOW_VERSION = 9.0.1
> +PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/03/a3/f61a9a7ff7969cdef2a6e0383a346eb327495d20d25a2de5a088dbb543a6
>   PYTHON_PILLOW_SOURCE = Pillow-$(PYTHON_PILLOW_VERSION).tar.gz
>   PYTHON_PILLOW_LICENSE = HPND
>   PYTHON_PILLOW_LICENSE_FILES = LICENSE
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/python-pillow: bump to version 9.0.1
  2022-02-22 11:33 [Buildroot] [PATCH] package/python-pillow: bump to version 9.0.1 Angelo Compagnucci
  2022-03-12 17:07 ` Arnout Vandecappelle
@ 2022-03-19 19:11 ` Peter Korsgaard
  2022-03-19 23:47   ` James Hilliard
  1 sibling, 1 reply; 4+ messages in thread
From: Peter Korsgaard @ 2022-03-19 19:11 UTC (permalink / raw)
  To: Angelo Compagnucci; +Cc: buildroot

>>>>> "Angelo" == Angelo Compagnucci <angelo@amarulasolutions.com> writes:

 > Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>

Looking at the changelog, 9.0.1 seems to be a security fix release
fixing two CVEs:

https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst

Please mark such version bumps as security related so I don't miss them.

Committed with that fixed to 2022.02.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/python-pillow: bump to version 9.0.1
  2022-03-19 19:11 ` Peter Korsgaard
@ 2022-03-19 23:47   ` James Hilliard
  0 siblings, 0 replies; 4+ messages in thread
From: James Hilliard @ 2022-03-19 23:47 UTC (permalink / raw)
  To: Peter Korsgaard; +Cc: buildroot, Angelo Compagnucci

On Sat, Mar 19, 2022 at 1:11 PM Peter Korsgaard <peter@korsgaard.com> wrote:
>
> >>>>> "Angelo" == Angelo Compagnucci <angelo@amarulasolutions.com> writes:
>
>  > Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
>
> Looking at the changelog, 9.0.1 seems to be a security fix release
> fixing two CVEs:
>
> https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst
>
> Please mark such version bumps as security related so I don't miss them.
>
> Committed with that fixed to 2022.02.x, thanks.

FYI there might be a regression, 9.0.1 is broken on master at least,
this should fix it:
https://patchwork.ozlabs.org/project/buildroot/patch/20220316060219.3448648-1-james.hilliard1@gmail.com/

>
> --
> Bye, Peter Korsgaard
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-03-19 23:47 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-22 11:33 [Buildroot] [PATCH] package/python-pillow: bump to version 9.0.1 Angelo Compagnucci
2022-03-12 17:07 ` Arnout Vandecappelle
2022-03-19 19:11 ` Peter Korsgaard
2022-03-19 23:47   ` James Hilliard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.