1 files changed, 14 insertions, 4 deletions

diff --git a/main/py-pillow/APKBUILD b/main/py-pillow/APKBUILD
index 065e6a9f92a..65f674935d6 100644
--- a/main/py-pillow/APKBUILD
+++ b/main/py-pillow/APKBUILD
@@ -3,7 +3,7 @@
 pkgname=py-pillow
 _pkgname=Pillow
 pkgver=6.2.1
-pkgrel=0
+pkgrel=1
 pkgdesc="Python Imaging Library"
 url="https://python-pillow.org"
 arch="all"
@@ -12,11 +12,18 @@ depends="py-olefile"
 makedepends="python2-dev python3-dev py-setuptools freetype-dev jpeg-dev libwebp-dev
 	tiff-dev libpng-dev lcms2-dev libjpeg-turbo-dev zlib-dev"
 subpackages="py2-${pkgname#py-}:_py2 py3-${pkgname#py-}:_py3"
+options="!check" # missing dependencies
 source="https://files.pythonhosted.org/packages/source/${_pkgname:0:1}/$_pkgname/$_pkgname-$pkgver.tar.gz
-	py-pillow-fix-pytest-ver.patch"
+	py-pillow-fix-pytest-ver.patch
+	cve-2021-23437.patch
+	"
 builddir="$srcdir/$_pkgname-$pkgver"
 [ "$CARCH" = "s390x" ] && options="!check"
 
+# secfixes:
+#   6.2.1-r1:
+#     - CVE-2021-23437
+
 build() {
 	cd "$builddir"
 	# zlib resides in lib
@@ -55,5 +62,8 @@ _py() {
 	$python setup.py install --prefix=/usr --root="$subpkgdir"
 }
 
-sha512sums="757bfdab2ba418195e96e696d2d111de3b38b6bafe4f6f94012f024f59c9bc8542fdab54f643eaf7b2867a9214db806e72eecbdd636bfceb55b47d3164f643ec  Pillow-6.2.1.tar.gz
-b33216541d7cdeb481d650b7cafeb44333244abbdab035ff5aa086c8dc9c5b2e1e9e294048f299f803d251c7a70ac4ea0a68ba28e7a9ced136287d61310708cf  py-pillow-fix-pytest-ver.patch"
+sha512sums="
+757bfdab2ba418195e96e696d2d111de3b38b6bafe4f6f94012f024f59c9bc8542fdab54f643eaf7b2867a9214db806e72eecbdd636bfceb55b47d3164f643ec  Pillow-6.2.1.tar.gz
+b33216541d7cdeb481d650b7cafeb44333244abbdab035ff5aa086c8dc9c5b2e1e9e294048f299f803d251c7a70ac4ea0a68ba28e7a9ced136287d61310708cf  py-pillow-fix-pytest-ver.patch
+e603cfd1dc7eac99580871d42a0813ecd9189a2a6217b18873c6e7762736c5b93ea0933c3eb936920648b0bee6cac7a54dbff92fabeb5c7d4168ea4c2e1e1562  cve-2021-23437.patch
+"