diff --git a/files/build/versions/dockers/sonic-slave-bullseye/versions-py3 b/files/build/versions/dockers/sonic-slave-bullseye/versions-py3 index 7dec593dc7..e82c8436f5 100644 --- a/files/build/versions/dockers/sonic-slave-bullseye/versions-py3 +++ b/files/build/versions/dockers/sonic-slave-bullseye/versions-py3 @@ -39,7 +39,7 @@ j2cli==0.3.10 jinja2==2.11.3 lazy-object-proxy==0.0.0 logilab-common==1.8.1 -lxml==4.6.2 +lxml==4.9.1 m2crypto==0.36.0 mako==1.1.3 markdown==3.3.4 @@ -107,4 +107,4 @@ webencodings==0.5.1 wrapt==1.12.1 xdg==5 zipp==1.0.0 -zope.interface==5.2.0 \ No newline at end of file +zope.interface==5.2.0 diff --git a/files/build/versions/dockers/sonic-slave-buster/versions-py2 b/files/build/versions/dockers/sonic-slave-buster/versions-py2 index d0fec6b118..fc08fb4cf1 100644 --- a/files/build/versions/dockers/sonic-slave-buster/versions-py2 +++ b/files/build/versions/dockers/sonic-slave-buster/versions-py2 @@ -38,7 +38,7 @@ keyring==17.1.1 keyrings.alt==3.1.1 lazy-object-proxy==1.3.1 logilab-common==1.4.2 -lxml==4.6.5 +lxml==4.9.1 m2crypto==0.36.0 markupsafe==1.1.0 mccabe==0.6.1 diff --git a/files/build/versions/dockers/sonic-slave-buster/versions-py3 b/files/build/versions/dockers/sonic-slave-buster/versions-py3 index f6b14323f9..85d369ae4c 100644 --- a/files/build/versions/dockers/sonic-slave-buster/versions-py3 +++ b/files/build/versions/dockers/sonic-slave-buster/versions-py3 @@ -24,7 +24,7 @@ importlib-metadata==6.1.0 jinja2==3.0.3 keyring==17.1.1 keyrings.alt==3.1.1 -lxml==4.6.5 +lxml==4.9.1 m2crypto==0.38.0 mako==1.0.7 markdown==3.0.1 @@ -75,4 +75,4 @@ typing_extensions==4.5.0 unattended-upgrades==0.1 unidiff==0.5.4 urllib3==1.24.1 -zipp==3.15.0 \ No newline at end of file +zipp==3.15.0 diff --git a/sonic-slave-bullseye/Dockerfile.j2 b/sonic-slave-bullseye/Dockerfile.j2 index ee3f2c3910..3203ebb217 100644 --- a/sonic-slave-bullseye/Dockerfile.j2 +++ b/sonic-slave-bullseye/Dockerfile.j2 @@ -395,7 +395,7 @@ RUN apt-get purge -y python3-pip python3-yaml # For building Python packages RUN pip3 install setuptools==49.6.00 -RUN pip3 install wheel==0.35.1 +RUN pip3 install wheel==0.38.1 # For building sonic-utilities RUN pip3 install fastentrypoints mock @@ -405,6 +405,19 @@ RUN pip3 install pytest-runner==5.2 RUN pip3 install nose==1.3.7 RUN pip3 install mockredispy==2.9.3 +# Fix CVE-2021-23437, need to build and install libjpeg-dev for armhf for pillow 9.4.0 +{%- if CONFIGURED_ARCH == "armhf" %} +RUN TMP_DIR=$(mktemp -d) && \ + cd $TMP_DIR && \ + apt-get install -y nasm && \ + apt-get source libjpeg-turbo && \ + cd $(ls -d libjpeg-turbo*/) && \ + dpkg-buildpackage -rfakeroot -b -us -uc > $TMP_DIR/libjpeg-dev.log && \ + dpkg -i $TMP_DIR/libjpeg*-dev*.deb && \ + rm -rf $TMP_DIR +{%- endif %} +RUN pip3 install pillow==9.4.0 + # For p4 build RUN pip3 install \ ctypesgen==1.0.2 \ @@ -422,7 +435,7 @@ RUN pip3 install j2cli==0.3.10 # For sonic-mgmt-framework RUN pip3 install "PyYAML==5.4.1" -RUN pip3 install "lxml==4.6.2" +RUN pip3 install "lxml==4.9.1" # For sonic-platform-common testing RUN pip3 install redis diff --git a/sonic-slave-buster/Dockerfile.j2 b/sonic-slave-buster/Dockerfile.j2 index c093f70c0b..4853d72e29 100644 --- a/sonic-slave-buster/Dockerfile.j2 +++ b/sonic-slave-buster/Dockerfile.j2 @@ -406,7 +406,7 @@ RUN apt-get purge -y python-pip python3-pip python3-yaml RUN pip2 install setuptools==40.8.0 RUN pip2 install wheel==0.35.1 RUN pip3 install setuptools==49.6.00 -RUN pip3 install wheel==0.35.1 +RUN pip3 install wheel==0.38.1 # For building sonic-utilities RUN pip2 install fastentrypoints @@ -420,6 +420,19 @@ RUN pip3 install nose==1.3.7 RUN pip2 install mockredispy==2.9.3 RUN pip3 install mockredispy==2.9.3 +# Fix CVE-2021-23437, need to build and install libjpeg-dev for armhf for pillow 9.4.0 +{%- if CONFIGURED_ARCH == "armhf" %} +RUN TMP_DIR=$(mktemp -d) && \ + cd $TMP_DIR && \ + apt-get install -y nasm && \ + apt-get source libjpeg-turbo && \ + cd $(ls -d libjpeg-turbo*/) && \ + dpkg-buildpackage -rfakeroot -b -us -uc > $TMP_DIR/libjpeg-dev.log && \ + dpkg -i $TMP_DIR/libjpeg*-dev*.deb && \ + rm -rf $TMP_DIR +{%- endif %} +RUN pip3 install pillow==9.4.0 + # For Python 2 unit tests, we need 'mock'. The last version of 'mock' # which supports Python 2 is 3.0.5. In Python 3, 'mock' is part of 'unittest' # in the standard library @@ -448,8 +461,8 @@ RUN pip3 install Jinja2==3.0.3 # For sonic-mgmt-framework RUN pip2 install "PyYAML==5.4.1" RUN pip3 install "PyYAML==5.4.1" -RUN pip2 install "lxml==4.6.5" -RUN pip3 install "lxml==4.6.5" +RUN pip2 install "lxml==4.9.1" +RUN pip3 install "lxml==4.9.1" # For sonic-platform-common testing RUN pip3 install redis diff --git a/sonic-slave-stretch/Dockerfile.j2 b/sonic-slave-stretch/Dockerfile.j2 index 6dea980ab9..92176e6e1e 100644 --- a/sonic-slave-stretch/Dockerfile.j2 +++ b/sonic-slave-stretch/Dockerfile.j2 @@ -331,8 +331,8 @@ RUN pip3 install mockredispy==2.9.3 # For sonic-mgmt-framework RUN pip2 install "PyYAML==5.3.1" RUN pip3 install "PyYAML==5.3.1" -RUN pip2 install "lxml==4.6.5" -RUN pip3 install "lxml==4.6.5" +RUN pip2 install "lxml==4.9.1" +RUN pip3 install "lxml==4.9.1" # For sonic-platform-common testing