Log In
Log In
Places
All Projects
Status Monitor
Collapse sidebar
matrix-synapse:testing
matrix-synapse
matrix-synapse-older-pillow.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File matrix-synapse-older-pillow.patch of Package matrix-synapse
From 6a240442505bfefbb40bd2f1d88a36f242c07b30 Mon Sep 17 00:00:00 2001 From: Oleg Girko <ol@infoserver.lv> Date: Mon, 18 Sep 2023 18:14:32 +0100 Subject: [PATCH] Revert "Mandate Pillow>=10.0.1 because of libwebp CVE (#16347)" It's not needed to update Pillow in Fedora because it has no bundled libwebp. Fedora has older version of Pillow, and it's OK because it's not vulnerable to this bug. This reverts commit 053155a2af52aa66910e4a22dad60109607b1098. --- pyproject.toml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 6b73f43ba4..39e47b1272 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -182,9 +182,7 @@ PyYAML = ">=3.13" pyasn1 = ">=0.1.9" pyasn1-modules = ">=0.0.7" bcrypt = ">=3.1.7" -# 10.0.1 minimum is mandatory here because of libwebp CVE-2023-4863. -# Packagers that already took care of libwebp can lower that down to 5.4.0. -Pillow = ">=10.0.1" +Pillow = ">=5.4.0" # We use SortedDict.peekitem(), which was added in sortedcontainers 1.5.2. sortedcontainers = ">=1.5.2" pymacaroons = ">=0.13.0" -- 2.46.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Contact
Support
@OBShq
The Open Build Service is an
openSUSE project
.
Log In
Places
Places
All Projects
Status Monitor