mirror of
https://github.com/python-pillow/Pillow.git
synced 2024-12-25 17:36:18 +03:00
Merge pull request #7885 from hugovk/update-release-notes
This commit is contained in:
commit
b3edfb08ce
|
@ -90,19 +90,3 @@ Release GIL when fetching WebP frames
|
|||
|
||||
Python's Global Interpreter Lock is now released when fetching WebP frames from
|
||||
the libwebp decoder.
|
||||
|
||||
Added release notes for past releases
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Added release notes for past releases: ``2.6.0``, ``2.5.2``,
|
||||
``2.3.2``, ``2.3.1``. With these additions we are able to
|
||||
provide a comprehensive list of all Pillow CVE records from
|
||||
1995 to 2024 across three noteworthy periods:
|
||||
|
||||
- 1995-2009: No known CVEs
|
||||
- 2010-2018: :cve:`2014-1932`, :cve:`2014-3589`, :cve:`2016-0740`, :cve:`2016-3076`
|
||||
- 2019-2024: :cve:`2019-16865`, :cve:`2019-19911`, :cve:`2020-10177`, :cve:`2020-15999`,
|
||||
:cve:`2020-35653`, :cve:`2021-25289`, :cve:`2020-35654`, :cve:`2020-35654`,
|
||||
:cve:`2021-27921`, :cve:`2021-27922`, :cve:`2021-27923`, :cve:`2021-25287`,
|
||||
:cve:`2021-25288`, :cve:`2021-34552`, :cve:`2021-23437`, :cve:`2022-22817`,
|
||||
:cve:`2022-24303`, :cve:`2022-30595`, :cve:`2023-44271`, :cve:`2023-4863`
|
||||
|
|
|
@ -4,23 +4,23 @@
|
|||
Security
|
||||
========
|
||||
|
||||
These issues reported in
|
||||
These issues were reported in
|
||||
`Debian bug #737059 <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059>`_.
|
||||
|
||||
:cve:`2014-1932`: Fix insecure use of :py:func:`tempfile.mktemp`
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
The (1) load_djpeg function in ``JpegImagePlugin.py``, (2) Ghostscript function
|
||||
in EpsImagePlugin.py, (3) load function in ``IptcImagePlugin.py``, and (4)
|
||||
``_copy`` function in Image.py in Python Image Library (PIL) 1.1.7 and earlier
|
||||
and Pillow before 2.3.1 do not properly create temporary files, which allow
|
||||
The (1) ``load_djpeg`` function in ``JpegImagePlugin.py``, (2) Ghostscript function
|
||||
in ``EpsImagePlugin.py``, (3) ``load`` function in ``IptcImagePlugin.py``, and (4)
|
||||
``_copy`` function in ``Image.py`` in
|
||||
Pillow before 2.3.1 do not properly create temporary files, which allow
|
||||
local users to overwrite arbitrary files and obtain sensitive information via a
|
||||
symlink attack on the temporary file.
|
||||
|
||||
:cve:`2014-1933`: Fix insecure use of :py:func:`tempfile.mktemp`
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
The (1) ``JpegImagePlugin.py`` and (2) ``EpsImagePlugin.py`` scripts in Python
|
||||
Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of
|
||||
The (1) ``JpegImagePlugin.py`` and (2) ``EpsImagePlugin.py`` scripts in
|
||||
Pillow before 2.3.1 uses the names of
|
||||
temporary files on the command line, which makes it easier for local users to
|
||||
conduct symlink attacks by listing the processes.
|
||||
|
|
|
@ -7,8 +7,8 @@ Security
|
|||
:cve:`2014-3589`: Fix DOS attack
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
``PIL/IcnsImagePlugin.py`` in Python Imaging Library (PIL) and Pillow before 2.3.2 and
|
||||
``PIL/IcnsImagePlugin.py`` in Pillow before 2.3.2 and
|
||||
2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted
|
||||
block size.
|
||||
|
||||
Found and reported by Andrew Drake of dropbox.com
|
||||
Found and reported by Andrew Drake of `Dropbox <https://www.dropbox.com/>`__.
|
||||
|
|
|
@ -7,8 +7,8 @@ Security
|
|||
:cve:`2014-3589`: Fix DOS attack
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
``PIL/IcnsImagePlugin.py`` in Python Imaging Library (PIL) and Pillow before 2.3.2 and
|
||||
``PIL/IcnsImagePlugin.py`` in Pillow before 2.3.2 and
|
||||
2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted
|
||||
block size.
|
||||
|
||||
Found and reported by Andrew Drake of dropbox.com
|
||||
Found and reported by Andrew Drake of `Dropbox <https://www.dropbox.com/>`__.
|
||||
|
|
|
@ -7,16 +7,8 @@ Security
|
|||
:cve:`2014-3589`: Fix DOS attack
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
``PIL/IcnsImagePlugin.py`` in Python Imaging Library (PIL) and Pillow before 2.3.2 and
|
||||
``PIL/IcnsImagePlugin.py`` in Pillow before 2.3.2 and
|
||||
2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted
|
||||
block size.
|
||||
|
||||
Found and reported by Andrew Drake of dropbox.com
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
Relaxed precision of some tests
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Relaxed imagedraw tests to allow slight errors for x86 vs x64.
|
||||
Found and reported by Andrew Drake of `Dropbox <https://www.dropbox.com/>`__.
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
2.7.0
|
||||
-----
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
Sane Plugin
|
||||
^^^^^^^^^^^
|
||||
|
||||
|
@ -105,6 +102,7 @@ other filters gave poor quality for reduction. Starting from Pillow 2.7.0,
|
|||
uses supersampling internally, not convolutions.
|
||||
|
||||
Image transposition
|
||||
+++++++++++++++++++
|
||||
|
||||
A new method ``TRANSPOSE`` has been added for the
|
||||
:py:meth:`~PIL.Image.Image.transpose` operation in addition to
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
2.8.0
|
||||
-----
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
Open HTTP response objects with Image.open
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
|
|
|
@ -1,22 +1,22 @@
|
|||
3.0.0
|
||||
-----
|
||||
|
||||
Deprecations
|
||||
============
|
||||
Backwards Incompatible Changes
|
||||
==============================
|
||||
|
||||
Several methods that have been marked as deprecated for many releases
|
||||
have been removed in this release::
|
||||
have been removed in this release:
|
||||
|
||||
Image.tostring()
|
||||
Image.fromstring()
|
||||
Image.offset()
|
||||
ImageDraw.setink()
|
||||
ImageDraw.setfill()
|
||||
The ImageFileIO module
|
||||
The ImageFont.FreeTypeFont and ImageFont.truetype ``file`` keyword arg
|
||||
The ImagePalette private _make functions
|
||||
ImageWin.fromstring()
|
||||
ImageWin.tostring()
|
||||
* ``Image.tostring()``
|
||||
* ``Image.fromstring()``
|
||||
* ``Image.offset()``
|
||||
* ``ImageDraw.setink()``
|
||||
* ``ImageDraw.setfill()``
|
||||
* The ``ImageFileIO`` module
|
||||
* The ``ImageFont.FreeTypeFont`` and ``ImageFont.truetype`` ``file`` keyword arg
|
||||
* The ``ImagePalette`` private ``_make`` functions
|
||||
* ``ImageWin.fromstring()``
|
||||
* ``ImageWin.tostring()``
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
3.1.0
|
||||
-----
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
ImageDraw arc, chord and pieslice can now use floats
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
|
|
|
@ -8,8 +8,7 @@ Security
|
|||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Pillow 3.1.0 and earlier when linked against libtiff >= 4.0.0 on x64
|
||||
may overflow a buffer when reading a specially crafted tiff file
|
||||
(:cve:`2016-0740`).
|
||||
may overflow a buffer when reading a specially crafted tiff file.
|
||||
|
||||
Specifically, libtiff >= 4.0.0 changed the return type of
|
||||
``TIFFScanlineSize`` from ``int32`` to machine dependent
|
||||
|
@ -63,8 +62,8 @@ assuming 4 bytes per pixel. This writes 768 bytes beyond the end of
|
|||
the buffer into other Python object storage. In some cases, this
|
||||
causes a segfault, in others an internal Python malloc error.
|
||||
|
||||
Integer overflow in Resample.c
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
Integer overflow in ``Resample.c``
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
If a large value was passed into the new size for an image, it is
|
||||
possible to overflow an ``int32`` value passed into malloc.
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
3.2.0
|
||||
-----
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
New DDS and FTEX Image Plugins
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
3.3.0
|
||||
-----
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
Libimagequant support
|
||||
^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
|
@ -19,13 +16,13 @@ New Setup.py options
|
|||
|
||||
There are two new options to control the ``build_ext`` task in ``setup.py``:
|
||||
|
||||
* ``--debug`` dumps all of the directories and files that are
|
||||
checked when searching for libraries or headers when building the
|
||||
extensions.
|
||||
* ``--disable-platform-guessing`` removes many of the directories
|
||||
that are checked for libraries and headers for build systems or
|
||||
cross compilers that specify that information in via environment
|
||||
variables.
|
||||
* ``--debug`` dumps all of the directories and files that are
|
||||
checked when searching for libraries or headers when building the
|
||||
extensions.
|
||||
* ``--disable-platform-guessing`` removes many of the directories
|
||||
that are checked for libraries and headers for build systems or
|
||||
cross compilers that specify that information in via environment
|
||||
variables.
|
||||
|
||||
Resizing
|
||||
^^^^^^^^
|
||||
|
@ -51,4 +48,4 @@ Image Metadata
|
|||
|
||||
The return type for binary data in version 2 Exif and Tiff metadata
|
||||
has been changed from a tuple of integers to bytes. This is a change
|
||||
from the behavior since ``3.0.0``.
|
||||
from the behavior since 3.0.0.
|
||||
|
|
|
@ -1,6 +1,16 @@
|
|||
3.4.0
|
||||
-----
|
||||
|
||||
Backwards Incompatible Changes
|
||||
==============================
|
||||
|
||||
Image.core.open_ppm removed
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
The nominally private/debugging function ``Image.core.open_ppm`` has
|
||||
been removed. If you were using this function, please use
|
||||
``Image.open`` instead.
|
||||
|
||||
Deprecations
|
||||
============
|
||||
|
||||
|
@ -12,14 +22,7 @@ silently drops the alpha channel. With this release Pillow will now
|
|||
issue a :py:exc:`DeprecationWarning` when attempting to save a ``RGBA`` mode
|
||||
image as a JPEG. This will become an error in Pillow 4.2.
|
||||
|
||||
Image.core.open_ppm removed
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
The nominally private/debugging function ``Image.core.open_ppm`` has
|
||||
been removed. If you were using this function, please use
|
||||
``Image.open`` instead.
|
||||
|
||||
Other changes
|
||||
API Additions
|
||||
=============
|
||||
|
||||
New resizing filters
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
4.0.0
|
||||
-----
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
Python 2.6 and 3.2 Dropped
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
4.1.1
|
||||
-----
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
Fix Regression with reading DPI from EXIF data
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
4.2.0
|
||||
-----
|
||||
|
||||
Deprecations
|
||||
============
|
||||
Backwards Incompatible Changes
|
||||
==============================
|
||||
|
||||
Several deprecated items have been removed
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
|
|
@ -3,9 +3,6 @@
|
|||
|
||||
There are no functional changes in this release.
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
Fixed Windows PyPy Build
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
|
|
|
@ -12,21 +12,24 @@ and ``CMYK`` with up to 6 8-bit channels, discarding any extra
|
|||
channels if the content is tagged as UNSPECIFIED. Pillow still does
|
||||
not store more than 4 8-bit channels of image data.
|
||||
|
||||
API Additions
|
||||
=============
|
||||
|
||||
Append to PDF Files
|
||||
^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Images can now be appended to PDF files in place by passing in
|
||||
``append=True`` when saving the image.
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
New BLP File Format
|
||||
^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Pillow now supports reading the BLP "Blizzard Mipmap" file format used
|
||||
for tiles in Blizzard's engine.
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
WebP memory leak
|
||||
^^^^^^^^^^^^^^^^
|
||||
|
||||
|
|
|
@ -3,9 +3,6 @@
|
|||
|
||||
This release fixes regressions in 5.4.0.
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
Installation on Termux
|
||||
^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
|
|
|
@ -29,6 +29,25 @@ perform operations on it.
|
|||
The CVE is regarding DOS problems, such as consuming large amounts of memory,
|
||||
or taking a large amount of time to process an image.
|
||||
|
||||
API Changes
|
||||
===========
|
||||
|
||||
Image.getexif
|
||||
^^^^^^^^^^^^^
|
||||
|
||||
To allow for lazy loading of Exif data, ``Image.getexif()`` now returns a
|
||||
shared instance of ``Image.Exif``.
|
||||
|
||||
Deprecations
|
||||
^^^^^^^^^^^^
|
||||
|
||||
Image.frombuffer
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
There has been a longstanding warning that the defaults of ``Image.frombuffer``
|
||||
may change in the future for the "raw" decoder. The change will now take place
|
||||
in Pillow 7.0.
|
||||
|
||||
API Additions
|
||||
=============
|
||||
|
||||
|
@ -74,25 +93,6 @@ ImageGrab on multi-monitor Windows
|
|||
An ``all_screens`` argument has been added to ``ImageGrab.grab``. If ``True``,
|
||||
all monitors will be included in the created image.
|
||||
|
||||
API Changes
|
||||
===========
|
||||
|
||||
Image.getexif
|
||||
^^^^^^^^^^^^^
|
||||
|
||||
To allow for lazy loading of Exif data, ``Image.getexif()`` now returns a
|
||||
shared instance of ``Image.Exif``.
|
||||
|
||||
Deprecations
|
||||
^^^^^^^^^^^^
|
||||
|
||||
Image.frombuffer
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
There has been a longstanding warning that the defaults of ``Image.frombuffer``
|
||||
may change in the future for the "raw" decoder. The change will now take place
|
||||
in Pillow 7.0.
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
|
|
|
@ -18,8 +18,6 @@ Pillow 7.0.0 will be released on 2020-01-01 and will drop support for Python
|
|||
Other Changes
|
||||
=============
|
||||
|
||||
|
||||
|
||||
Support added for Python 3.8
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
|
|
|
@ -6,15 +6,15 @@ Security
|
|||
|
||||
This release fixes several buffer overflow issues and a DOS attack vulnerability.
|
||||
|
||||
:cve:`2020-5310`, :cve:`2020-5311`, :cve:`2020-5312`, :cve:`2020-5313`: Overflow checks added
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Overflow checks have been added when calculating the size of a memory block to be reallocated
|
||||
in the processing of TIFF, SGI, PCX and FLI images.
|
||||
|
||||
:cve:`2019-19911`: DOS attack vulnerability
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
If an FPX image reports that it has a large number of bands, a large amount of
|
||||
resources will be used when trying to process the image. This is fixed by
|
||||
limiting the number of bands to those usable by Pillow.
|
||||
|
||||
:cve:`2020-5310`, :cve:`2020-5311`, :cve:`2020-5312`, :cve:`2020-5313`: Overflow checks added
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Overflow checks have been added when calculating the size of a memory block to be reallocated
|
||||
in the processing of TIFF, SGI, PCX and FLI images.
|
||||
|
|
|
@ -14,7 +14,9 @@ Pillow before 7.1.0 has multiple out-of-bounds reads in ``libImaging/FliDecode.c
|
|||
:cve:`2020-10378`: Bounds overflow in PCX decoding
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
In ``libImaging/PcxDecode.c`` in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
|
||||
In ``libImaging/PcxDecode.c`` in Pillow before 7.1.0, an out-of-bounds read can occur
|
||||
when reading PCX files where ``state->shuffle`` is instructed to read beyond
|
||||
``state->buffer``.
|
||||
|
||||
:cve:`2020-10379`: Two buffer overflows in TIFF decoding
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
@ -24,7 +26,8 @@ In Pillow before 7.1.0, there are two buffer overflows in ``libImaging/TiffDecod
|
|||
:cve:`2020-10994`: Bounds overflow in JPEG 2000 decoding
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
In ``libImaging/Jpeg2KDecode.c`` in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
|
||||
In ``libImaging/Jpeg2KDecode.c`` in Pillow before 7.1.0, there are multiple
|
||||
out-of-bounds reads via a crafted JP2 file.
|
||||
|
||||
:cve:`2020-11538`: Buffer overflow in SGI-RLE decoding
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
7.1.1
|
||||
-----
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
Fix regression seeking PNG files
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
7.1.2
|
||||
-----
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
Fix another regression seeking PNG files
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
|
|
|
@ -4,8 +4,8 @@
|
|||
Security
|
||||
========
|
||||
|
||||
:cve:`2021-25289`: Fix the fix for :cve:`2020-35654`
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
:cve:`2021-25289`: Correct the fix for :cve:`2020-35654`
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
The previous fix for :cve:`2020-35654` was insufficient due to incorrect
|
||||
error checking in ``TiffDecode.c``.
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
8.3.1
|
||||
-----
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
Fixed regression converting to NumPy arrays
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
|
|
|
@ -1,14 +1,11 @@
|
|||
8.4.0
|
||||
-----
|
||||
|
||||
API Changes
|
||||
===========
|
||||
|
||||
Deprecations
|
||||
^^^^^^^^^^^^
|
||||
============
|
||||
|
||||
ImagePalette size parameter
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
The ``size`` parameter will be removed in Pillow 10.0.0 (2023-07-01).
|
||||
|
||||
|
|
|
@ -44,17 +44,18 @@ duplicate tiles that only differ by their offset, only load the last tile. Credi
|
|||
Google's `OSS-Fuzz`_ project for finding this issue.
|
||||
|
||||
:cve:`2022-22817`: Restrict builtins available to ImageMath.eval
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
To limit :py:class:`PIL.ImageMath` to working with images, Pillow
|
||||
will now restrict the builtins available to :py:meth:`PIL.ImageMath.eval`. This will
|
||||
help prevent problems arising if users evaluate arbitrary expressions, such as
|
||||
``ImageMath.eval("exec(exit())")``.
|
||||
|
||||
:cve:`2022-22815`: ImagePath.Path array handling
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
:cve:`2022-22815`, :cve:`2022-22816`: ImagePath.Path array handling
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
(:cwe:`126`) and :cve:`2022-22816` (:cwe:`665`) were found when initializing ``ImagePath.Path``.
|
||||
:cve:`2022-22815` (:cwe:`126`) and :cve:`2022-22816` (:cwe:`665`) were found when
|
||||
initializing ``ImagePath.Path``.
|
||||
|
||||
.. _OSS-Fuzz: https://github.com/google/oss-fuzz
|
||||
|
||||
|
|
|
@ -1,49 +1,6 @@
|
|||
9.1.0
|
||||
-----
|
||||
|
||||
API Changes
|
||||
===========
|
||||
|
||||
Raise an error when performing a negative crop
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Performing a negative crop on an image previously just returned a ``(0, 0)`` image. Now
|
||||
it will raise a :py:exc:`ValueError`, to help reduce confusion if a user has unintentionally
|
||||
provided the wrong arguments.
|
||||
|
||||
Added specific error if path coordinate type is incorrect
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Rather than returning a :py:exc:`SystemError`, passing the incorrect types of coordinates into
|
||||
a path will now raise a more specific :py:exc:`ValueError`, with the message "incorrect
|
||||
coordinate type".
|
||||
|
||||
Replace requirements.txt with extras
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Rather than installing all dependencies for docs and tests via ``requirements.txt``,
|
||||
``extras_require`` is used instead. This installs only those needed and at the same
|
||||
time as installing Pillow.
|
||||
|
||||
For example:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
# Install with dependencies for tests:
|
||||
python3 -m pip install .[tests]
|
||||
|
||||
# Or for building docs:
|
||||
python3 -m pip install .[docs]
|
||||
|
||||
# Or for all:
|
||||
python3 -m pip install .[docs,tests]
|
||||
|
||||
On macOS, the last argument may need to be wrapped in quotes, e.g.
|
||||
``python3 -m pip install ".[tests]"``
|
||||
|
||||
Therefore ``requirements.txt`` has been removed along with the ``make install-req``
|
||||
command for installing its contents.
|
||||
|
||||
Deprecations
|
||||
============
|
||||
|
||||
|
@ -137,6 +94,49 @@ The stub image plugin ``FitsStubImagePlugin`` has been deprecated and will be re
|
|||
Pillow 10.0.0 (2023-07-01). FITS images can be read without a handler through
|
||||
:mod:`~PIL.FitsImagePlugin` instead.
|
||||
|
||||
API Changes
|
||||
===========
|
||||
|
||||
Raise an error when performing a negative crop
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Performing a negative crop on an image previously just returned a ``(0, 0)`` image. Now
|
||||
it will raise a :py:exc:`ValueError`, to help reduce confusion if a user has unintentionally
|
||||
provided the wrong arguments.
|
||||
|
||||
Added specific error if path coordinate type is incorrect
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Rather than returning a :py:exc:`SystemError`, passing the incorrect types of coordinates into
|
||||
a path will now raise a more specific :py:exc:`ValueError`, with the message "incorrect
|
||||
coordinate type".
|
||||
|
||||
Replace requirements.txt with extras
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Rather than installing all dependencies for docs and tests via ``requirements.txt``,
|
||||
``extras_require`` is used instead. This installs only those needed and at the same
|
||||
time as installing Pillow.
|
||||
|
||||
For example:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
# Install with dependencies for tests:
|
||||
python3 -m pip install .[tests]
|
||||
|
||||
# Or for building docs:
|
||||
python3 -m pip install .[docs]
|
||||
|
||||
# Or for all:
|
||||
python3 -m pip install .[docs,tests]
|
||||
|
||||
On macOS, the last argument may need to be wrapped in quotes, e.g.
|
||||
``python3 -m pip install ".[tests]"``
|
||||
|
||||
Therefore ``requirements.txt`` has been removed along with the ``make install-req``
|
||||
command for installing its contents.
|
||||
|
||||
API Additions
|
||||
=============
|
||||
|
||||
|
|
|
@ -14,6 +14,9 @@ Pillow reads the information past the end of the first line without deducting th
|
|||
from the length of the remaining file data. This vulnerability was introduced in Pillow
|
||||
9.1.0, and can cause a heap buffer overflow.
|
||||
|
||||
Decompression bomb check fix
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Opening an image with a zero or negative height has been found to bypass a
|
||||
decompression bomb check. This will now raise a :py:exc:`SyntaxError` instead, in turn
|
||||
raising a ``PIL.UnidentifiedImageError``.
|
||||
|
|
|
@ -1,6 +1,11 @@
|
|||
9.2.0
|
||||
-----
|
||||
|
||||
Security
|
||||
========
|
||||
|
||||
An additional decompression bomb check has been added for the GIF format.
|
||||
|
||||
Deprecations
|
||||
============
|
||||
|
||||
|
@ -132,11 +137,6 @@ with "transparency" in ``im.info``, and apply the transparency to the palette in
|
|||
The image's palette mode will become "RGBA", and "transparency" will be removed from
|
||||
``im.info``.
|
||||
|
||||
Security
|
||||
========
|
||||
|
||||
An additional decompression bomb check has been added for the GIF format.
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
|
|
|
@ -1,6 +1,33 @@
|
|||
9.3.0
|
||||
-----
|
||||
|
||||
Security
|
||||
========
|
||||
|
||||
Initialize libtiff buffer when saving
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
When saving a TIFF image to a file object using libtiff, the buffer was not
|
||||
initialized. This behaviour introduced in Pillow 2.0.0, and has now been fixed.
|
||||
|
||||
Decode JPEG compressed BLP1 data in original mode
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Within the BLP image format, BLP1 data may use JPEG compression. Instead of
|
||||
telling the JPEG library that this data is in BGRX mode, Pillow will now
|
||||
decode the data in its natural CMYK mode, then convert it to RGB and rearrange
|
||||
the channels afterwards. Trying to load the data in an incorrect mode could
|
||||
result in a segmentation fault. This issue was introduced in Pillow 9.1.0.
|
||||
|
||||
Limit SAMPLESPERPIXEL to avoid runtime DOS
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
A large value in the ``SAMPLESPERPIXEL`` tag could lead to a memory and runtime DOS in
|
||||
``TiffImagePlugin.py`` when setting up the context for image decoding.
|
||||
This was introduced in Pillow 9.2.0, found with `OSS-Fuzz`_ and fixed by limiting
|
||||
``SAMPLESPERPIXEL`` to the number of planes that we can decode.
|
||||
|
||||
|
||||
API Additions
|
||||
=============
|
||||
|
||||
|
@ -38,33 +65,6 @@ The data from :py:data:`~PIL.ExifTags.TAGS` and
|
|||
:py:data:`~PIL.ExifTags.GPS`.
|
||||
|
||||
|
||||
Security
|
||||
========
|
||||
|
||||
Initialize libtiff buffer when saving
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
When saving a TIFF image to a file object using libtiff, the buffer was not
|
||||
initialized. This behaviour introduced in Pillow 2.0.0, and has now been fixed.
|
||||
|
||||
Decode JPEG compressed BLP1 data in original mode
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Within the BLP image format, BLP1 data may use JPEG compression. Instead of
|
||||
telling the JPEG library that this data is in BGRX mode, Pillow will now
|
||||
decode the data in its natural CMYK mode, then convert it to RGB and rearrange
|
||||
the channels afterwards. Trying to load the data in an incorrect mode could
|
||||
result in a segmentation fault. This issue was introduced in Pillow 9.1.0.
|
||||
|
||||
Limit SAMPLESPERPIXEL to avoid runtime DOS
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
A large value in the ``SAMPLESPERPIXEL`` tag could lead to a memory and runtime DOS in
|
||||
``TiffImagePlugin.py`` when setting up the context for image decoding.
|
||||
This was introduced in Pillow 9.2.0, found with `OSS-Fuzz`_ and fixed by limiting
|
||||
``SAMPLESPERPIXEL`` to the number of planes that we can decode.
|
||||
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
|
|
|
@ -1,6 +1,31 @@
|
|||
9.5.0
|
||||
-----
|
||||
|
||||
Security
|
||||
========
|
||||
|
||||
Clear PPM half token after use
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Image files that are small on disk are often prevented from expanding to be
|
||||
big images consuming a large amount of resources simply because they lack the
|
||||
data to populate those resources.
|
||||
|
||||
PpmImagePlugin might hold onto the last data read for a pixel value in case the
|
||||
pixel value has not been finished yet. However, that data was not being cleared
|
||||
afterwards, meaning that infinite data could be available to fill any image
|
||||
size. This has been present since Pillow 9.2.0.
|
||||
|
||||
That data is now cleared after use.
|
||||
|
||||
Saving TIFF tag ImageSourceData
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
If Pillow incorrectly saved the TIFF tag ImageSourceData as ASCII instead of
|
||||
UNDEFINED, a segmentation fault was triggered.
|
||||
|
||||
The correct tag type will now be used by default instead.
|
||||
|
||||
Deprecations
|
||||
============
|
||||
|
||||
|
@ -46,31 +71,6 @@ If OpenJPEG 2.4.0 or later is available and the ``plt`` keyword argument
|
|||
is present and true when saving JPEG2000 images, tell the encoder to generate
|
||||
PLT markers.
|
||||
|
||||
Security
|
||||
========
|
||||
|
||||
Clear PPM half token after use
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Image files that are small on disk are often prevented from expanding to be
|
||||
big images consuming a large amount of resources simply because they lack the
|
||||
data to populate those resources.
|
||||
|
||||
PpmImagePlugin might hold onto the last data read for a pixel value in case the
|
||||
pixel value has not been finished yet. However, that data was not being cleared
|
||||
afterwards, meaning that infinite data could be available to fill any image
|
||||
size. This has been present since Pillow 9.2.0.
|
||||
|
||||
That data is now cleared after use.
|
||||
|
||||
Saving TIFF tag ImageSourceData
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
If Pillow incorrectly saved the TIFF tag ImageSourceData as ASCII instead of
|
||||
UNDEFINED, a segmentation fault was triggered.
|
||||
|
||||
The correct tag type will now be used by default instead.
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user