guix_mirror_bot pushed a commit to branch python-team
in repository guix.
commit 75d931e890a51b441122bee0c18a19e3198a3e50
Author: Hugo Buddelmeijer <[email protected]>
AuthorDate: Mon Mar 16 14:32:21 2026 +0100
gnu: python-pillow: Update to 12.1.1 [security-fixes].
Release notes since 11.1.0 (2025-01-02):
- 12.1.1 (2026-02-11)
<https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html>.
- 12.1.0 (2026-01-02)
<https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html>.
- 12.0.0 (2025-10-15)
<https://pillow.readthedocs.io/en/stable/releasenotes/12.0.0.html>.
- 11.3.0 (2025-07-01)
<https://pillow.readthedocs.io/en/stable/releasenotes/11.3.0.html>.
- 11.2.1 (2025-04-12)
<https://pillow.readthedocs.io/en/stable/releasenotes/11.2.1.html>.
Containes fixes for:
CVE-2026-25990: Out-of-bounds write vulnerability in Pillow (Python
imaging library) affecting versions 10.3.0 through
12.1.0. The vulnerability can be triggered when loading
specially crafted PSD image files.
CVE 2025-48379: Write buffer overflow on BCn encoding.
CVE-2021-25289: Heap-based Buffer Overflow.
* gnu/packages/python-xyz.scm (python-pillow): Update to 12.1.1.
[source]: Switch to git-fetch.
[native-inputs]: Add pybind11.
[home-page]: Update URL.
[license]: Switch to MIT-CMU license.
Merges: https://codeberg.org/guix/guix/pulls/7218
Change-Id: I5b13dca66aeb7efdfcc44c8c144b6c64601d9b1e
Reviewed-by: Nguyễn Gia Phong <[email protected]>
Signed-off-by: Sharlatan Hellseher <[email protected]>
---
gnu/packages/python-xyz.scm | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/gnu/packages/python-xyz.scm b/gnu/packages/python-xyz.scm
index f08a58473d..7a3c285fa7 100644
--- a/gnu/packages/python-xyz.scm
+++ b/gnu/packages/python-xyz.scm
@@ -13015,13 +13015,16 @@ Python list with elements of type @code{PIL.Image}
(from the
(define-public python-pillow
(package
(name "python-pillow")
- (version "11.1.0")
+ (version "12.1.1")
(source
(origin
- (method url-fetch)
- (uri (pypi-uri "pillow" version))
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/python-pillow/Pillow";)
+ (commit version)))
+ (file-name (git-file-name name version))
(sha256
- (base32 "081abgpz7g013cgzz7pjhmf8m7q626ngza4hnfs76vdk104ag39n"))))
+ (base32 "1g374rklljx0941j6d1gib9pgcq3scmqw9psqaj2c7m8pilqsn9n"))))
(build-system pyproject-build-system)
(arguments
(list
@@ -13037,7 +13040,8 @@ Python list with elements of type @code{PIL.Image}
(from the
(setenv "HOME" (getcwd))
(invoke "python" "selftest.py" "--installed")
(invoke "python" "-m" "pytest" "-vv")))))))
- (native-inputs (list python-defusedxml
+ (native-inputs (list pybind11
+ python-defusedxml
python-markdown2
python-olefile
python-pytest
@@ -13050,7 +13054,7 @@ Python list with elements of type @code{PIL.Image}
(from the
libwebp
openjpeg
zlib))
- (home-page "https://python-pillow.org";)
+ (home-page "https://python-pillow.github.io/";)
(synopsis "Fork of the Python Imaging Library")
(description
"The Python Imaging Library adds image processing capabilities to your
@@ -13061,8 +13065,8 @@ stored in a few basic pixel formats. It should provide
a solid foundation for
a general image processing tool.")
(properties `((cpe-name . "pillow")))
(license (license:x11-style
- "http://www.pythonware.com/products/pil/license.htm";
- "The PIL Software License"))))
+ "https://github.com/python-pillow/Pillow/blob/12.1.1/LICENSE";
+ "MIT-CMU License"))))
(define-public python-pillow-heif
(package
