Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

python3Packages.pillow: 8.0.1 -> 8.1.0 #111655

Merged
merged 2 commits into from
Feb 20, 2021
Merged

python3Packages.pillow: 8.0.1 -> 8.1.0 #111655

merged 2 commits into from
Feb 20, 2021

Conversation

mweinelt
Copy link
Member

@mweinelt mweinelt commented Feb 2, 2021

Motivation for this change

https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst#810-2020-01-02

Fixes: CVE-2020-35654, CVE-2020-35653, CVE-2020-35655

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@mweinelt mweinelt added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Feb 2, 2021
@SuperSandro2000
Copy link
Member

That should go trough staging because the amounts of rebuilds. The diff won't apply cleanly because pillow got converted into a generic.nix file for pilleow-simd.

@mweinelt
Copy link
Member Author

mweinelt commented Feb 2, 2021
edited
Loading

Hah, funny. I checked the last pillow update that was pullrequested and that was in the 100-500 region. That was only a year ago.

#77714

@mweinelt mweinelt changed the base branch from master to staging February 2, 2021 15:57
@ofborg ofborg bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: policy discussion 6.topic: vim 8.has: module (update) This PR changes an existing module in `nixos/` labels Feb 2, 2021
@ofborg ofborg bot requested a review from SuperSandro2000 February 2, 2021 16:07
@ofborg ofborg bot added the 8.has: package (new) This PR adds a new package label Feb 2, 2021
@mweinelt
python3Packages.pillow: update license
b5fa81e 
The url does not resolve anymore and after checking the current LICENSE
at https://github.com/python-pillow/Pillow/blob/master/LICENSE it states
that it is simply the HPND license.

> Like PIL, Pillow is licensed under the open source HPND License:
@ofborg ofborg bot removed 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: policy discussion 6.topic: vim 8.has: module (update) This PR changes an existing module in `nixos/` labels Feb 3, 2021
@ofborg ofborg bot requested a review from SuperSandro2000 February 3, 2021 17:54
@mweinelt mweinelt mentioned this pull request Feb 3, 2021
Merged
10 tasks
SuperSandro2000
SuperSandro2000 approved these changes Feb 4, 2021
View reviewed changes
Copy link
Member

@SuperSandro2000 SuperSandro2000 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

diff LGTM

@FRidh FRidh changed the base branch from staging to python-unstable February 20, 2021 09:28
@FRidh FRidh merged commit 491ddff into NixOS:python-unstable Feb 20, 2021
@mweinelt mweinelt deleted the pillow branch February 20, 2021 10:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SuperSandro2000 SuperSandro2000 SuperSandro2000 approved these changes

@FRidh FRidh Awaiting requested review from FRidh

@jonringer jonringer Awaiting requested review from jonringer

@cillianderoiste cillianderoiste Awaiting requested review from cillianderoiste

@prikhi prikhi Awaiting requested review from prikhi

@edolstra edolstra Awaiting requested review from edolstra

Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: python 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 501-1000 10.rebuild-darwin: 501+ 10.rebuild-linux: 501+ 10.rebuild-linux: 1001-2500
Projects
Python batch upgrade
Status: Done
Staging
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mweinelt @SuperSandro2000 @FRidh