From c16add7fd9783db46bb5b308a885af62f0299e61 Mon Sep 17 00:00:00 2001
From: Lars-Dominik Braun <lars@6xq.net>
Date: Sat, 11 Feb 2023 14:47:59 +0100
Subject: gnu: python-pillow: Fix CVE-2022-45199.

Fixes: <https://issues.guix.gnu.org/issue/61172>

* gnu/packages/python-xyz.scm (python-pillow/security-fixes): New variable.
(python-pillow): Add replacement.
* gnu/packages/patches/python-pillow-CVE-2022-45199.patch: New file.
* gnu/local.mk: Register it.
---
 gnu/packages/python-xyz.scm | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'gnu/packages/python-xyz.scm')

diff --git a/gnu/packages/python-xyz.scm b/gnu/packages/python-xyz.scm
index 7c8b3b3378..abe4862121 100644
--- a/gnu/packages/python-xyz.scm
+++ b/gnu/packages/python-xyz.scm
@@ -7676,6 +7676,7 @@ retrieve text and metadata from PDFs as well as merge entire files together.")
   (package
     (name "python-pillow")
     (version "9.2.0")
+    (replacement python-pillow/security-fixes)
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "Pillow" version))
@@ -7723,6 +7724,10 @@ a general image processing tool.")
               "http://www.pythonware.com/products/pil/license.htm"
               "The PIL Software License"))))
 
+(define-public python-pillow/security-fixes
+  (package-with-patches python-pillow
+                        (search-patches "python-pillow-CVE-2022-45199.patch")))
+
 (define-public python-pillow-2.9
   (package
     (inherit python-pillow)
-- 
cgit v1.2.3