mirror of
https://github.com/python-pillow/Pillow.git
synced 2024-12-25 17:36:18 +03:00
Merge pull request #115 from radarhere/update-release-notes
This commit is contained in:
commit
e57fb3e819
|
@ -102,6 +102,7 @@ other filters gave poor quality for reduction. Starting from Pillow 2.7.0,
|
|||
uses supersampling internally, not convolutions.
|
||||
|
||||
Image transposition
|
||||
+++++++++++++++++++
|
||||
|
||||
A new method ``TRANSPOSE`` has been added for the
|
||||
:py:meth:`~PIL.Image.Image.transpose` operation in addition to
|
||||
|
|
|
@ -8,8 +8,7 @@ Security
|
|||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Pillow 3.1.0 and earlier when linked against libtiff >= 4.0.0 on x64
|
||||
may overflow a buffer when reading a specially crafted tiff file
|
||||
(:cve:`2016-0740`).
|
||||
may overflow a buffer when reading a specially crafted tiff file.
|
||||
|
||||
Specifically, libtiff >= 4.0.0 changed the return type of
|
||||
``TIFFScanlineSize`` from ``int32`` to machine dependent
|
||||
|
@ -63,8 +62,8 @@ assuming 4 bytes per pixel. This writes 768 bytes beyond the end of
|
|||
the buffer into other Python object storage. In some cases, this
|
||||
causes a segfault, in others an internal Python malloc error.
|
||||
|
||||
Integer overflow in Resample.c
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
Integer overflow in ``Resample.c``
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
If a large value was passed into the new size for an image, it is
|
||||
possible to overflow an ``int32`` value passed into malloc.
|
||||
|
|
|
@ -12,6 +12,9 @@ and ``CMYK`` with up to 6 8-bit channels, discarding any extra
|
|||
channels if the content is tagged as UNSPECIFIED. Pillow still does
|
||||
not store more than 4 8-bit channels of image data.
|
||||
|
||||
API Additions
|
||||
=============
|
||||
|
||||
Append to PDF Files
|
||||
^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
|
|
|
@ -29,6 +29,25 @@ perform operations on it.
|
|||
The CVE is regarding DOS problems, such as consuming large amounts of memory,
|
||||
or taking a large amount of time to process an image.
|
||||
|
||||
API Changes
|
||||
===========
|
||||
|
||||
Image.getexif
|
||||
^^^^^^^^^^^^^
|
||||
|
||||
To allow for lazy loading of Exif data, ``Image.getexif()`` now returns a
|
||||
shared instance of ``Image.Exif``.
|
||||
|
||||
Deprecations
|
||||
^^^^^^^^^^^^
|
||||
|
||||
Image.frombuffer
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
There has been a longstanding warning that the defaults of ``Image.frombuffer``
|
||||
may change in the future for the "raw" decoder. The change will now take place
|
||||
in Pillow 7.0.
|
||||
|
||||
API Additions
|
||||
=============
|
||||
|
||||
|
@ -74,25 +93,6 @@ ImageGrab on multi-monitor Windows
|
|||
An ``all_screens`` argument has been added to ``ImageGrab.grab``. If ``True``,
|
||||
all monitors will be included in the created image.
|
||||
|
||||
API Changes
|
||||
===========
|
||||
|
||||
Image.getexif
|
||||
^^^^^^^^^^^^^
|
||||
|
||||
To allow for lazy loading of Exif data, ``Image.getexif()`` now returns a
|
||||
shared instance of ``Image.Exif``.
|
||||
|
||||
Deprecations
|
||||
^^^^^^^^^^^^
|
||||
|
||||
Image.frombuffer
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
There has been a longstanding warning that the defaults of ``Image.frombuffer``
|
||||
may change in the future for the "raw" decoder. The change will now take place
|
||||
in Pillow 7.0.
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
|
|
|
@ -18,8 +18,6 @@ Pillow 7.0.0 will be released on 2020-01-01 and will drop support for Python
|
|||
Other Changes
|
||||
=============
|
||||
|
||||
|
||||
|
||||
Support added for Python 3.8
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
|
|
|
@ -6,15 +6,15 @@ Security
|
|||
|
||||
This release fixes several buffer overflow issues and a DOS attack vulnerability.
|
||||
|
||||
:cve:`2020-5310`, :cve:`2020-5311`, :cve:`2020-5312`, :cve:`2020-5313`: Overflow checks added
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Overflow checks have been added when calculating the size of a memory block to be reallocated
|
||||
in the processing of TIFF, SGI, PCX and FLI images.
|
||||
|
||||
:cve:`2019-19911`: DOS attack vulnerability
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
If an FPX image reports that it has a large number of bands, a large amount of
|
||||
resources will be used when trying to process the image. This is fixed by
|
||||
limiting the number of bands to those usable by Pillow.
|
||||
|
||||
:cve:`2020-5310`, :cve:`2020-5311`, :cve:`2020-5312`, :cve:`2020-5313`: Overflow checks added
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Overflow checks have been added when calculating the size of a memory block to be reallocated
|
||||
in the processing of TIFF, SGI, PCX and FLI images.
|
||||
|
|
|
@ -14,7 +14,9 @@ Pillow before 7.1.0 has multiple out-of-bounds reads in ``libImaging/FliDecode.c
|
|||
:cve:`2020-10378`: Bounds overflow in PCX decoding
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
In ``libImaging/PcxDecode.c`` in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
|
||||
In ``libImaging/PcxDecode.c`` in Pillow before 7.1.0, an out-of-bounds read can occur
|
||||
when reading PCX files where ``state->shuffle`` is instructed to read beyond
|
||||
``state->buffer``.
|
||||
|
||||
:cve:`2020-10379`: Two buffer overflows in TIFF decoding
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
@ -24,7 +26,8 @@ In Pillow before 7.1.0, there are two buffer overflows in ``libImaging/TiffDecod
|
|||
:cve:`2020-10994`: Bounds overflow in JPEG 2000 decoding
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
In ``libImaging/Jpeg2KDecode.c`` in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
|
||||
In ``libImaging/Jpeg2KDecode.c`` in Pillow before 7.1.0, there are multiple
|
||||
out-of-bounds reads via a crafted JP2 file.
|
||||
|
||||
:cve:`2020-11538`: Buffer overflow in SGI-RLE decoding
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
|
|
@ -4,8 +4,8 @@
|
|||
Security
|
||||
========
|
||||
|
||||
:cve:`2021-25289`: Fix the fix for :cve:`2020-35654`
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
:cve:`2021-25289`: Correct the fix for :cve:`2020-35654`
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
The previous fix for :cve:`2020-35654` was insufficient due to incorrect
|
||||
error checking in ``TiffDecode.c``.
|
||||
|
|
|
@ -1,14 +1,11 @@
|
|||
8.4.0
|
||||
-----
|
||||
|
||||
API Changes
|
||||
===========
|
||||
|
||||
Deprecations
|
||||
^^^^^^^^^^^^
|
||||
============
|
||||
|
||||
ImagePalette size parameter
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
The ``size`` parameter will be removed in Pillow 10.0.0 (2023-07-01).
|
||||
|
||||
|
|
|
@ -44,17 +44,18 @@ duplicate tiles that only differ by their offset, only load the last tile. Credi
|
|||
Google's `OSS-Fuzz`_ project for finding this issue.
|
||||
|
||||
:cve:`2022-22817`: Restrict builtins available to ImageMath.eval
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
To limit :py:class:`PIL.ImageMath` to working with images, Pillow
|
||||
will now restrict the builtins available to :py:meth:`PIL.ImageMath.eval`. This will
|
||||
help prevent problems arising if users evaluate arbitrary expressions, such as
|
||||
``ImageMath.eval("exec(exit())")``.
|
||||
|
||||
:cve:`2022-22815`: ImagePath.Path array handling
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
:cve:`2022-22815`, :cve:`2022-22816`: ImagePath.Path array handling
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
(:cwe:`126`) and :cve:`2022-22816` (:cwe:`665`) were found when initializing ``ImagePath.Path``.
|
||||
:cve:`2022-22815` (:cwe:`126`) and :cve:`2022-22816` (:cwe:`665`) were found when
|
||||
initializing ``ImagePath.Path``.
|
||||
|
||||
.. _OSS-Fuzz: https://github.com/google/oss-fuzz
|
||||
|
||||
|
|
|
@ -1,49 +1,6 @@
|
|||
9.1.0
|
||||
-----
|
||||
|
||||
API Changes
|
||||
===========
|
||||
|
||||
Raise an error when performing a negative crop
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Performing a negative crop on an image previously just returned a ``(0, 0)`` image. Now
|
||||
it will raise a :py:exc:`ValueError`, to help reduce confusion if a user has unintentionally
|
||||
provided the wrong arguments.
|
||||
|
||||
Added specific error if path coordinate type is incorrect
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Rather than returning a :py:exc:`SystemError`, passing the incorrect types of coordinates into
|
||||
a path will now raise a more specific :py:exc:`ValueError`, with the message "incorrect
|
||||
coordinate type".
|
||||
|
||||
Replace requirements.txt with extras
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Rather than installing all dependencies for docs and tests via ``requirements.txt``,
|
||||
``extras_require`` is used instead. This installs only those needed and at the same
|
||||
time as installing Pillow.
|
||||
|
||||
For example:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
# Install with dependencies for tests:
|
||||
python3 -m pip install .[tests]
|
||||
|
||||
# Or for building docs:
|
||||
python3 -m pip install .[docs]
|
||||
|
||||
# Or for all:
|
||||
python3 -m pip install .[docs,tests]
|
||||
|
||||
On macOS, the last argument may need to be wrapped in quotes, e.g.
|
||||
``python3 -m pip install ".[tests]"``
|
||||
|
||||
Therefore ``requirements.txt`` has been removed along with the ``make install-req``
|
||||
command for installing its contents.
|
||||
|
||||
Deprecations
|
||||
============
|
||||
|
||||
|
@ -137,6 +94,49 @@ The stub image plugin ``FitsStubImagePlugin`` has been deprecated and will be re
|
|||
Pillow 10.0.0 (2023-07-01). FITS images can be read without a handler through
|
||||
:mod:`~PIL.FitsImagePlugin` instead.
|
||||
|
||||
API Changes
|
||||
===========
|
||||
|
||||
Raise an error when performing a negative crop
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Performing a negative crop on an image previously just returned a ``(0, 0)`` image. Now
|
||||
it will raise a :py:exc:`ValueError`, to help reduce confusion if a user has unintentionally
|
||||
provided the wrong arguments.
|
||||
|
||||
Added specific error if path coordinate type is incorrect
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Rather than returning a :py:exc:`SystemError`, passing the incorrect types of coordinates into
|
||||
a path will now raise a more specific :py:exc:`ValueError`, with the message "incorrect
|
||||
coordinate type".
|
||||
|
||||
Replace requirements.txt with extras
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Rather than installing all dependencies for docs and tests via ``requirements.txt``,
|
||||
``extras_require`` is used instead. This installs only those needed and at the same
|
||||
time as installing Pillow.
|
||||
|
||||
For example:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
# Install with dependencies for tests:
|
||||
python3 -m pip install .[tests]
|
||||
|
||||
# Or for building docs:
|
||||
python3 -m pip install .[docs]
|
||||
|
||||
# Or for all:
|
||||
python3 -m pip install .[docs,tests]
|
||||
|
||||
On macOS, the last argument may need to be wrapped in quotes, e.g.
|
||||
``python3 -m pip install ".[tests]"``
|
||||
|
||||
Therefore ``requirements.txt`` has been removed along with the ``make install-req``
|
||||
command for installing its contents.
|
||||
|
||||
API Additions
|
||||
=============
|
||||
|
||||
|
|
|
@ -14,6 +14,9 @@ Pillow reads the information past the end of the first line without deducting th
|
|||
from the length of the remaining file data. This vulnerability was introduced in Pillow
|
||||
9.1.0, and can cause a heap buffer overflow.
|
||||
|
||||
Decompression bomb check fix
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Opening an image with a zero or negative height has been found to bypass a
|
||||
decompression bomb check. This will now raise a :py:exc:`SyntaxError` instead, in turn
|
||||
raising a ``PIL.UnidentifiedImageError``.
|
||||
|
|
|
@ -1,6 +1,11 @@
|
|||
9.2.0
|
||||
-----
|
||||
|
||||
Security
|
||||
========
|
||||
|
||||
An additional decompression bomb check has been added for the GIF format.
|
||||
|
||||
Deprecations
|
||||
============
|
||||
|
||||
|
@ -132,11 +137,6 @@ with "transparency" in ``im.info``, and apply the transparency to the palette in
|
|||
The image's palette mode will become "RGBA", and "transparency" will be removed from
|
||||
``im.info``.
|
||||
|
||||
Security
|
||||
========
|
||||
|
||||
An additional decompression bomb check has been added for the GIF format.
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
|
|
|
@ -1,6 +1,33 @@
|
|||
9.3.0
|
||||
-----
|
||||
|
||||
Security
|
||||
========
|
||||
|
||||
Initialize libtiff buffer when saving
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
When saving a TIFF image to a file object using libtiff, the buffer was not
|
||||
initialized. This behaviour introduced in Pillow 2.0.0, and has now been fixed.
|
||||
|
||||
Decode JPEG compressed BLP1 data in original mode
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Within the BLP image format, BLP1 data may use JPEG compression. Instead of
|
||||
telling the JPEG library that this data is in BGRX mode, Pillow will now
|
||||
decode the data in its natural CMYK mode, then convert it to RGB and rearrange
|
||||
the channels afterwards. Trying to load the data in an incorrect mode could
|
||||
result in a segmentation fault. This issue was introduced in Pillow 9.1.0.
|
||||
|
||||
Limit SAMPLESPERPIXEL to avoid runtime DOS
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
A large value in the ``SAMPLESPERPIXEL`` tag could lead to a memory and runtime DOS in
|
||||
``TiffImagePlugin.py`` when setting up the context for image decoding.
|
||||
This was introduced in Pillow 9.2.0, found with `OSS-Fuzz`_ and fixed by limiting
|
||||
``SAMPLESPERPIXEL`` to the number of planes that we can decode.
|
||||
|
||||
|
||||
API Additions
|
||||
=============
|
||||
|
||||
|
@ -38,33 +65,6 @@ The data from :py:data:`~PIL.ExifTags.TAGS` and
|
|||
:py:data:`~PIL.ExifTags.GPS`.
|
||||
|
||||
|
||||
Security
|
||||
========
|
||||
|
||||
Initialize libtiff buffer when saving
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
When saving a TIFF image to a file object using libtiff, the buffer was not
|
||||
initialized. This behaviour introduced in Pillow 2.0.0, and has now been fixed.
|
||||
|
||||
Decode JPEG compressed BLP1 data in original mode
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Within the BLP image format, BLP1 data may use JPEG compression. Instead of
|
||||
telling the JPEG library that this data is in BGRX mode, Pillow will now
|
||||
decode the data in its natural CMYK mode, then convert it to RGB and rearrange
|
||||
the channels afterwards. Trying to load the data in an incorrect mode could
|
||||
result in a segmentation fault. This issue was introduced in Pillow 9.1.0.
|
||||
|
||||
Limit SAMPLESPERPIXEL to avoid runtime DOS
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
A large value in the ``SAMPLESPERPIXEL`` tag could lead to a memory and runtime DOS in
|
||||
``TiffImagePlugin.py`` when setting up the context for image decoding.
|
||||
This was introduced in Pillow 9.2.0, found with `OSS-Fuzz`_ and fixed by limiting
|
||||
``SAMPLESPERPIXEL`` to the number of planes that we can decode.
|
||||
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
|
|
|
@ -1,6 +1,31 @@
|
|||
9.5.0
|
||||
-----
|
||||
|
||||
Security
|
||||
========
|
||||
|
||||
Clear PPM half token after use
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Image files that are small on disk are often prevented from expanding to be
|
||||
big images consuming a large amount of resources simply because they lack the
|
||||
data to populate those resources.
|
||||
|
||||
PpmImagePlugin might hold onto the last data read for a pixel value in case the
|
||||
pixel value has not been finished yet. However, that data was not being cleared
|
||||
afterwards, meaning that infinite data could be available to fill any image
|
||||
size. This has been present since Pillow 9.2.0.
|
||||
|
||||
That data is now cleared after use.
|
||||
|
||||
Saving TIFF tag ImageSourceData
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
If Pillow incorrectly saved the TIFF tag ImageSourceData as ASCII instead of
|
||||
UNDEFINED, a segmentation fault was triggered.
|
||||
|
||||
The correct tag type will now be used by default instead.
|
||||
|
||||
Deprecations
|
||||
============
|
||||
|
||||
|
@ -46,31 +71,6 @@ If OpenJPEG 2.4.0 or later is available and the ``plt`` keyword argument
|
|||
is present and true when saving JPEG2000 images, tell the encoder to generate
|
||||
PLT markers.
|
||||
|
||||
Security
|
||||
========
|
||||
|
||||
Clear PPM half token after use
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Image files that are small on disk are often prevented from expanding to be
|
||||
big images consuming a large amount of resources simply because they lack the
|
||||
data to populate those resources.
|
||||
|
||||
PpmImagePlugin might hold onto the last data read for a pixel value in case the
|
||||
pixel value has not been finished yet. However, that data was not being cleared
|
||||
afterwards, meaning that infinite data could be available to fill any image
|
||||
size. This has been present since Pillow 9.2.0.
|
||||
|
||||
That data is now cleared after use.
|
||||
|
||||
Saving TIFF tag ImageSourceData
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
If Pillow incorrectly saved the TIFF tag ImageSourceData as ASCII instead of
|
||||
UNDEFINED, a segmentation fault was triggered.
|
||||
|
||||
The correct tag type will now be used by default instead.
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user