helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
meta-openembedded/meta-python/recipes-devtools/python/python3-pillow_12.0.0.bb
Gyorgy Sarvari 9fcdfa8b22
python3-pillow: patch CVE-2026-25990 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25990

Backport the patch referenced by the NVD advisory.

Note that the patch contain some new binary test data, which
requires "git" PATCHTOOL - other tools fail to apply binary patches.

All ptests passed successfully:

Testsuite summary
TOTAL: 5011
PASS: 4577
SKIP: 431
XFAIL: 3
FAIL: 0
XPASS: 0
ERROR: 0
DURATION: 59
END: /usr/lib/python3-pillow/ptest
2026-03-06T17:58
STOP: ptest-runner
TOTAL: 1 FAIL: 0

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-09 07:49:31 +05:30

73 lines
1.7 KiB
BlitzBasic
Raw Blame History

DESCRIPTION = "Python Imaging Library (Fork). Pillow is the friendly PIL fork by Alex \
Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and \
Contributors."
HOMEPAGE = "https://pillow.readthedocs.io"
LICENSE = "MIT-CMU"
LIC_FILES_CHKSUM = "file://LICENSE;md5=a1b708da743e3fc0e5c35e92daac0bf8"
SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=main;protocol=https;tag=${PV} \
file://0001-support-cross-compiling.patch \
file://CVE-2026-25990.patch \
"
SRCREV = "693df7b42c666f88c719f9973be0ad71607328e0"
inherit python_setuptools_build_meta ptest-python-pytest
PTEST_PYTEST_DIR = "Tests"
PEP517_BUILD_OPTS += " \
-C platform-guessing=disable \
-C zlib=enable \
-C jpeg=enable \
-C tiff=enable \
-C freetype=enable \
-C lcms=enable \
-C jpeg2000=enable \
-C webp=disable \
-C webpmux=disable \
-C imagequant=disable \
"
DEPENDS += " \
zlib \
jpeg \
tiff \
freetype \
lcms \
openjpeg \
python3-pybind11-native \
"
RDEPENDS:${PN} += " \
python3-misc \
python3-logging \
python3-numbers \
${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'libxcb', '', d)} \
"
# python3-compile for filecmp module
RDEPENDS:${PN}-ptest += " \
bash \
ghostscript \
jpeg-tools \
libwebp \
python3-compile \
python3-core \
python3-image \
python3-mmap \
python3-pytest-timeout \
python3-resource \
python3-unixadmin\
${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'tk', '', d)} \
"
CVE_PRODUCT = "pillow"
RPROVIDES:${PN} += "python3-imaging"
BBCLASSEXTEND = "native"
# CVE-2026-25990.patch in SRC_URI contains a binary blob, which needs to
# be applied with git
PATCHTOOL = "git"
Reference in New Issue View Git Blame Copy Permalink