gnu: python-pillow: Fix CVE-2022-45199.

Fixes: <https://issues.guix.gnu.org/issue/61172> * gnu/packages/python-xyz.scm (python-pillow/security-fixes): New variable. (python-pillow): Add replacement. * gnu/packages/patches/python-pillow-CVE-2022-45199.patch: New file. * gnu/local.mk: Register it.
author: Lars-Dominik Braun <lars@6xq.net> 2023-02-11 14:47:59 +0100
committer: Lars-Dominik Braun <lars@6xq.net> 2023-03-19 10:57:00 +0100
commit: c16add7fd9783db46bb5b308a885af62f0299e61 (patch)
tree: 53ddfa71f32007b8e61ae5f578038b0d2cffed38 /gnu/packages/python-xyz.scm
parent: d7b4ecdb4c1a845690d943f8b8d883e065081eb9 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/gnu/packages/python-xyz.scm b/gnu/packages/python-xyz.scm
index 7c8b3b3378..abe4862121 100644
--- a/gnu/packages/python-xyz.scm
+++ b/gnu/packages/python-xyz.scm
@@ -7676,6 +7676,7 @@ retrieve text and metadata from PDFs as well as merge entire files together.")
   (package
     (name "python-pillow")
     (version "9.2.0")
+    (replacement python-pillow/security-fixes)
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "Pillow" version))
@@ -7723,6 +7724,10 @@ a general image processing tool.")
               "http://www.pythonware.com/products/pil/license.htm"
               "The PIL Software License"))))
 
+(define-public python-pillow/security-fixes
+  (package-with-patches python-pillow
+                        (search-patches "python-pillow-CVE-2022-45199.patch")))
+
 (define-public python-pillow-2.9
   (package
     (inherit python-pillow)
author	Lars-Dominik Braun <lars@6xq.net>	2023-02-11 14:47:59 +0100
committer	Lars-Dominik Braun <lars@6xq.net>	2023-03-19 10:57:00 +0100
commit	c16add7fd9783db46bb5b308a885af62f0299e61 (patch)
tree	53ddfa71f32007b8e61ae5f578038b0d2cffed38 /gnu/packages/python-xyz.scm
parent	d7b4ecdb4c1a845690d943f8b8d883e065081eb9 (diff)