On 02.06.2014 23:07, Toshio Kuratomi wrote:
On Mon, Jun 02, 2014 at 10:39:56PM +0200, Nicolas Chauvet wrote:
python-pillow-2.2.1-4.fc20.src.rpm
This one can be fixed by upgrading to 2.3.0 (or greater. 2.4.0 is current).
2.4.0 is what's in rawhide. Not sure if that's safe to push back to f20 and
earlier. (Although I see that there's an insecure use of tempfile CVE that
was ficed in 2.3.1 so maybe it makes sense to update even if there is API
breakage.)
@smani: Do you have more information here?
-Toshio
The API has never been broken as far as I can tell. I guess we could
update to 2.4.0 (although given the number of packages which depend on
pillow I wasn't planning to do so in a stable release), or otherwise we
could backport [1]. But, more generally, why introduce such a change in
a stable release? Can't lcms just be removed for F21+?
Sandro
[1] https://github.com/python-pillow/Pillow/pull/380
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
