From 253b8ddc27bcbd3130ccf72eed9d279de669dfbd Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 2 Feb 2021 16:56:44 +0100 Subject: [PATCH 1/2] python3Packages.pillow: 8.0.1 -> 8.1.0 Fixes: CVE-2020-35654, CVE-2020-35653, CVE-2020-35655 --- pkgs/development/python-modules/pillow/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pillow/default.nix b/pkgs/development/python-modules/pillow/default.nix index 051e6ab8c6fd9..f8a1a2cfc65f3 100644 --- a/pkgs/development/python-modules/pillow/default.nix +++ b/pkgs/development/python-modules/pillow/default.nix @@ -5,13 +5,13 @@ import ./generic.nix (rec { pname = "Pillow"; - version = "8.0.1"; + version = "8.1.0"; disabled = !isPy3k; src = fetchPypi { inherit pname version; - sha256 = "11c5c6e9b02c9dac08af04f093eb5a2f84857df70a7d4a6a6ad461aca803fb9e"; + sha256 = "1fnvc07m15fv59bdlkds1q7rl9jrr3cbbn69sfqvzvdpjbknhxl8"; }; meta = with lib; { From b5fa81e5c19cd9e8dc720bff95d34105aa77122f Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 3 Feb 2021 18:44:05 +0100 Subject: [PATCH 2/2] python3Packages.pillow: update license The url does not resolve anymore and after checking the current LICENSE at https://github.com/python-pillow/Pillow/blob/master/LICENSE it states that it is simply the HPND license. > Like PIL, Pillow is licensed under the open source HPND License: --- pkgs/development/python-modules/pillow/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/pillow/default.nix b/pkgs/development/python-modules/pillow/default.nix index f8a1a2cfc65f3..5597f459219b0 100644 --- a/pkgs/development/python-modules/pillow/default.nix +++ b/pkgs/development/python-modules/pillow/default.nix @@ -23,7 +23,7 @@ import ./generic.nix (rec { supports many file formats, and provides powerful image processing and graphics capabilities. ''; - license = "http://www.pythonware.com/products/pil/license.htm"; + license = licenses.hpnd; maintainers = with maintainers; [ goibhniu prikhi SuperSandro2000 ]; }; } // args )