[Security] Fix some of vulnerability issue relative python packages (#14269)

Why I did it
Fix some of vulnerability issue relative python packages #14269
Pillow: [CVE-2021-27921]
Wheel: [CVE-2022-40898]
lxml: [CVE-2022-2309]

How I did it

files/build/versions/dockers/sonic-slave-bullseye/versions-py3

@@ -38,7 +38,7 @@ j2cli==0.3.10
 jinja2==2.11.3
 lazy-object-proxy==0.0.0
 logilab-common==1.8.1
-lxml==4.6.2
+lxml==4.9.1
 m2crypto==0.36.0
 mako==1.1.3
 markdown==3.3.4
@@ -104,7 +104,7 @@ unattended-upgrades==0.1
 unidiff==0.5.5
 urllib3==1.26.5
 webencodings==0.5.1
-wheel==0.35.1
+wheel==0.38.1
 wrapt==1.12.1
 xdg==5
 zipp==1.0.0

files/build/versions/dockers/sonic-slave-buster/versions-py2

@@ -38,7 +38,7 @@ keyring==17.1.1
 keyrings.alt==3.1.1
 lazy-object-proxy==1.3.1
 logilab-common==1.4.2
-lxml==4.6.5
+lxml==4.9.1
 m2crypto==0.36.0
 markupsafe==1.1.0
 mccabe==0.6.1

files/build/versions/dockers/sonic-slave-buster/versions-py3

@@ -24,7 +24,7 @@ importlib-metadata==6.1.0
 jinja2==3.0.3
 keyring==17.1.1
 keyrings.alt==3.1.1
-lxml==4.6.5
+lxml==4.9.1
 m2crypto==0.38.0
 mako==1.0.7
 markdown==3.0.1
@@ -77,5 +77,5 @@ typing_extensions==4.5.0
 unattended-upgrades==0.1
 unidiff==0.5.4
 urllib3==1.24.1
-wheel==0.35.1
+wheel==0.38.1
 zipp==3.15.0

sonic-slave-bullseye/Dockerfile.j2

@@ -476,7 +476,7 @@ RUN apt-get purge -y python3-pip python3-yaml
 
 # For building Python packages
 RUN pip3 install setuptools==49.6.00
-RUN pip3 install wheel==0.35.1
+RUN pip3 install wheel==0.38.1
 
 {%- if CONFIGURED_ARCH == "armhf" %}
 # Allow only manylinux wheels on armhf, to ensure that binaries/libraries work correctly on armhf
@@ -496,6 +496,19 @@ RUN pip3 install pytest-runner==5.2
 RUN pip3 install nose==1.3.7
 RUN pip3 install mockredispy==2.9.3
 
+# Fix CVE-2021-23437, need to build and install libjpeg-dev for armhf for pillow 9.4.0
+{%- if CONFIGURED_ARCH == "armhf" %}
+RUN TMP_DIR=$(mktemp -d) && \
+    cd $TMP_DIR && \
+    apt-get install -y nasm && \
+    apt-get source libjpeg-turbo && \
+    cd $(ls -d libjpeg-turbo*/) && \
+    dpkg-buildpackage -rfakeroot -b -us -uc > $TMP_DIR/libjpeg-dev.log && \
+    dpkg -i $TMP_DIR/libjpeg*-dev*.deb && \
+    rm -rf $TMP_DIR
+{%- endif %}
+RUN pip3 install pillow==9.4.0
+
 # For p4 build
 RUN pip3 install \
          ctypesgen==1.0.2 \
@@ -514,7 +527,7 @@ RUN pip3 install j2cli==0.3.10
 # For sonic-mgmt-framework
 RUN pip3 install "PyYAML==5.4.1"
 {%- if CROSS_BUILD_ENVIRON != "y" %}
-RUN pip3 install "lxml==4.6.2"
+RUN pip3 install "lxml==4.9.1"
 {%- endif %}
 
 # For sonic-platform-common testing

sonic-slave-buster/Dockerfile.j2

@@ -69,7 +69,7 @@ RUN cd /python_virtualenv && python3 -m virtualenv -p /usr/bin/python env2
 RUN cd /python_virtualenv && python3 -m virtualenv --copies -p /usr/bin/python3 env3
 
 RUN PATH=/python_virtualenv/env2/bin/:$PATH pip2 install setuptools==40.8.0 wheel==0.35.1 fastentrypoints pytest pytest-cov pytest-runner==4.4 nose==1.3.7 mockredispy==2.9.3 mock==3.0.5 j2cli==0.3.10 PyYAML==5.4.1 pexpect==4.6.0 Pympler==0.8 ctypesgen==1.0.2 natsort==6.2.1 redis==3.5.3 protobuf==3.17.3
-RUN PATH=/python_virtualenv/env3/bin/:$PATH pip3 install setuptools==49.6.00 wheel==0.35.1 fastentrypoints pytest pytest-cov pytest-runner==5.2 nose==1.3.7 mockredispy==2.9.3 mock==3.0.5 PyYAML==5.4.1 redis==3.5.3 pexpect==4.8.0 Pympler==0.8 parameterized natsort==6.2.1 MarkupSafe==2.0.1 Jinja2==3.0.3 sphinx && ln -s /python_virtualenv/env3/bin/pytest /python_virtualenv/env3/bin/pytest-3 
+RUN PATH=/python_virtualenv/env3/bin/:$PATH pip3 install setuptools==49.6.00 wheel==0.35.1 fastentrypoints pytest pytest-cov pytest-runner==5.2 nose==1.3.7 mockredispy==2.9.3 mock==3.0.5 PyYAML==5.4.1 redis==3.5.3 pexpect==4.8.0 Pympler==0.8 parameterized natsort==6.2.1 MarkupSafe==2.0.1 Jinja2==3.0.3 sphinx && ln -s /python_virtualenv/env3/bin/pytest /python_virtualenv/env3/bin/pytest-3
 
 RUN apt-get --fix-broken install -y
 RUN LIBPYTHON3_DEPS="`apt-cache depends libpython3-dev:$arch |grep Depends|awk {'print \$2;'}|tr "\n" " "`" && apt-get install -y libpython2.7-dev:$arch $LIBPYTHON3_DEPS libxml2-dev:$arch libxslt-dev:$arch libssl-dev:$arch libz-dev:$arch
@@ -488,7 +488,7 @@ RUN apt-get purge -y python-pip python3-pip python3-yaml
 RUN pip2 install setuptools==40.8.0
 RUN pip2 install wheel==0.35.1
 RUN pip3 install setuptools==49.6.00
-RUN pip3 install wheel==0.35.1
+RUN pip3 install wheel==0.38.1
 
 # For building sonic-utilities
 RUN pip2 install fastentrypoints
@@ -502,6 +502,19 @@ RUN pip3 install nose==1.3.7
 RUN pip2 install mockredispy==2.9.3
 RUN pip3 install mockredispy==2.9.3
 
+# Fix CVE-2021-23437, need to build and install libjpeg-dev for armhf for pillow 9.4.0
+{%- if CONFIGURED_ARCH == "armhf" %}
+RUN TMP_DIR=$(mktemp -d) && \
+    cd $TMP_DIR && \
+    apt-get install -y nasm && \
+    apt-get source libjpeg-turbo && \
+    cd $(ls -d libjpeg-turbo*/) && \
+    dpkg-buildpackage -rfakeroot -b -us -uc > $TMP_DIR/libjpeg-dev.log && \
+    dpkg -i $TMP_DIR/libjpeg*-dev*.deb && \
+    rm -rf $TMP_DIR
+{%- endif %}
+RUN pip3 install pillow==9.4.0
+
 # For Python 2 unit tests, we need 'mock'. The last version of 'mock'
 # which supports Python 2 is 3.0.5. In Python 3, 'mock' is part of 'unittest'
 # in the standard library
@@ -532,8 +545,8 @@ RUN pip2 install "PyYAML==5.4.1"
 RUN pip3 install "PyYAML==5.4.1"
 
 {%- if CROSS_BUILD_ENVIRON != "y" %}
-RUN pip2 install "lxml==4.6.5"
-RUN pip3 install "lxml==4.6.5"
+RUN pip2 install "lxml==4.9.1"
+RUN pip3 install "lxml==4.9.1"
 {%- endif %}
 
 # For sonic-platform-common testing

sonic-slave-stretch/Dockerfile.j2

@@ -332,8 +332,8 @@ RUN pip3 install mockredispy==2.9.3
 # For sonic-mgmt-framework
 RUN pip2 install "PyYAML==5.3.1"
 RUN pip3 install "PyYAML==5.3.1"
-RUN pip2 install "lxml==4.6.5"
-RUN pip3 install "lxml==4.6.5"
+RUN pip2 install "lxml==4.9.1"
+RUN pip3 install "lxml==4.9.1"
 
 
 # For sonic-platform-common testing