mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-24 21:19:56 +00:00
Code Issues Projects Releases Wiki Activity

python3-pillow: patch CVE-2026-25990

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25990

Backport the patch referenced by the NVD advisory.

Note that the patch contain some new binary test data, which
requires "git" PATCHTOOL - other tools fail to apply binary patches.

All ptests passed successfully:

Testsuite summary
TOTAL: 5011
PASS: 4577
SKIP: 431
XFAIL: 3
FAIL: 0
XPASS: 0
ERROR: 0
DURATION: 59
END: /usr/lib/python3-pillow/ptest
2026-03-06T17:58
STOP: ptest-runner
TOTAL: 1 FAIL: 0

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2026-03-06 19:33:45 +01:00
committed by Anuj Mittal
parent a892f6cfc9
commit 9fcdfa8b22
2 changed files with 156 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-python/recipes-devtools/python/python3-pillow_12.0.0.bb
+5
View File
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a1b708da743e3fc0e5c35e92daac0bf8"
SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=main;protocol=https;tag=${PV} \
file://0001-support-cross-compiling.patch \
file://CVE-2026-25990.patch \
"
SRCREV = "693df7b42c666f88c719f9973be0ad71607328e0"
@@ -65,3 +66,7 @@ CVE_PRODUCT = "pillow"
RPROVIDES:${PN} += "python3-imaging"
BBCLASSEXTEND = "native"
# CVE-2026-25990.patch in SRC_URI contains a binary blob, which needs to
# be applied with git
PATCHTOOL = "git"