python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-02-11 09:00:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
11,089 Commits 49 Branches 92 Tags 256 MiB
0907fb13f4
Commit Graph

11089 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Murray
0907fb13f4 Expanded "OOB" to "out-of-bounds" [ci skip] 2021-03-06 13:37:58 +11:00
heitbaum
c60c09280b CHANGES.rst: update dates 2021-03-06 13:37:58 +11:00
Andrew Murray
8fb5e5035b Added more CVE numbers [ci skip] 2021-03-05 22:05:03 +11:00
Andrew Murray
a10d2c950a Updated spelling [ci skip] 
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
 2021-03-05 22:04:55 +11:00
Andrew Murray
4bdc0da7ca Corrected list of relevant dependencies [ci skip] 2021-03-05 22:04:47 +11:00
Hugo van Kemenade
20c0e1a19e Update release notes formatting, links, spelling 2021-03-05 22:04:36 +11:00
Andrew Murray
741d8744a5 8.1.1 version bump 2021-03-01 19:24:03 +11:00
Andrew Murray
179cd1c8f9 Added 8.1.1 release notes to index 2021-03-01 19:23:56 +11:00
Andrew Murray
7d296653da Update CHANGES.rst [ci skip] 2021-03-01 19:15:48 +11:00
Eric Soroos
d25036fca7 Credits 2021-03-01 19:09:20 +11:00
Eric Soroos
973a4c333a Release notes for 8.1.1 2021-03-01 19:09:14 +11:00
Hugo van Kemenade
521dab94c7 Use more specific regex chars to prevent ReDoS 
* CVE-2021-25292
 2021-03-01 19:08:58 +11:00
Eric Soroos
8b8076bdcb Fix for CVE-2021-25291 
* Invalid tile boundaries lead to OOB Read in TiffDecode.c, in TiffReadRGBATile
* Check the tile validity before attempting to read.
 2021-03-01 19:08:52 +11:00
Eric Soroos
e25be1e33d Fix negative size read in TiffDecode.c 
* Caught by oss-fuzz runs
* CVE-2021-25290
 2021-03-01 19:08:39 +11:00
Eric Soroos
f891baa604 Fix OOB read in SgiRleDecode.c 
* From Pillow 4.3.0->8.1.0
* CVE-2021-25293
 2021-03-01 19:08:26 +11:00
Eric Soroos
cbfdde7b1f Incorrect error code checking in TiffDecode.c 
* since Pillow 8.1.0
* CVE-2021-25289
 2021-03-01 19:08:17 +11:00
Andrew Murray
2ba5eb1cd9 PyModule_AddObject fix for Python 3.10 2021-03-01 19:08:11 +11:00
Andrew Murray
a0a5b7a01d Added import test 2021-03-01 19:08:05 +11:00
Andrew Murray
fcc42e0d34 8.1.0 version bump 2021-01-02 22:39:02 +11:00
Andrew Murray
a99128052c Update CHANGES.rst [ci skip] 2021-01-02 22:38:16 +11:00
Andrew Murray
470e48be4f
Merge pull request #5176 from radarhere/security 
Document CVE fixes
 2021-01-02 22:37:19 +11:00
Andrew Murray
cd316feead Link to OSS-Fuzz [ci skip] 2021-01-02 22:09:07 +11:00
Andrew Murray
2711549503 Link to TideLift [ci skip] 2021-01-02 22:07:03 +11:00
Andrew Murray
d88fdcda06
Updated capitalisation [ci skip] 
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
 2021-01-02 22:00:35 +11:00
Andrew Murray
95f99d52c4 Document CVE fixes [ci skip] 2021-01-02 21:27:50 +11:00
Andrew Murray
c8dd1c8422
Merge pull request #5175 from radarhere/tiff 
Fix TIFF OOB Write error
 2021-01-02 21:13:28 +11:00
Andrew Murray
0117694533
Merge pull request #5174 from radarhere/pcx 
Fix for Read Overflow in PCX Decoding
 2021-01-02 21:00:25 +11:00
Andrew Murray
120eea2e45
Merge pull request #5173 from radarhere/sgi 
Fix for SGI Decode buffer overrun
 2021-01-02 20:47:36 +11:00
Andrew Murray
903c67353d Lint fix 2021-01-02 20:41:17 +11:00
Eric Soroos
2f409261eb Fix for CVE CVE-2020-35655 - Read Overflow in PCX Decoding. 
* Don't trust the image to specify a buffer size
 2021-01-02 20:38:46 +11:00
wiredfool
45a62e91b1 Rework ReadTile 
* Don't malloc for the swap line, just shuffle backwards
* Ensure that im->pixelsize is sanity checked
* Ensure that we're using the right size for the buffer from TiffReadRGBATile
 2021-01-02 20:37:48 +11:00
wiredfool
eb8c1206d6 Fix CVE-2020-35654 - OOB Write in TiffDecode.c 
* In some circumstances with some versions of libtiff (4.1.0+), there
  could be a 4 byte out of bound write when decoding a YCbCr tiff.
* The Pillow code dates to 6.0.0
* Found and reported through Tidelift
 2021-01-02 20:37:48 +11:00
Andrew Murray
0c39689690
Merge pull request #5171 from radarhere/makefile 
Add #5159 to the release notes
 2021-01-02 20:20:05 +11:00
Andrew Murray
1cbb12fb6e Lint fix 2021-01-02 20:19:26 +11:00
Andrew Murray
aa390a5a79
Merge pull request #5172 from radarhere/security 
Added release notes for #5149
 2021-01-02 20:17:36 +11:00
Eric Soroos
9a2c9f722f Make the SGI code return -1 as an error flag, error in state 2021-01-02 20:10:02 +11:00
Eric Soroos
7e95c63fa7 Fix for SGI Decode buffer overrun CVE-2020-35655 
* Independently found by a contributor and sent to Tidelift, and by Google's OSS Fuzz.
 2021-01-02 20:09:58 +11:00
Andrew Murray
6ffa37b85b Document #5149 [ci skip] 2021-01-02 19:59:29 +11:00
Andrew Murray
e6ef8a6c09 Update CHANGES.rst [ci skip] 2021-01-02 19:58:03 +11:00
Andrew Murray
527409053f Added deprecation message for install-venv 2021-01-02 19:40:03 +11:00
Hugo van Kemenade
07bbc46589
Merge pull request #5149 from wiredfool/gif_write_oob_read 2021-01-02 10:14:17 +02:00
Andrew Murray
01cad6bcad Update CHANGES.rst [ci skip] 2021-01-02 11:24:20 +11:00
Andrew Murray
852503a4a3 Document #5159 [ci skip] 2021-01-02 11:00:33 +11:00
Andrew Murray
312213723d
Merge pull request #5159 from wiredfool/makefile_updates 
Makefile updates
 2021-01-02 10:57:13 +11:00
Hugo van Kemenade
06b0d3905e
Merge pull request #5170 from radarhere/pyside6 
Document #5161 in release notes
 2021-01-02 01:01:58 +02:00
Andrew Murray
6f3670df4d
Updated description 2021-01-02 09:46:03 +11:00
Andrew Murray
3808aee4e6 Document #5161 [ci skip] 2021-01-02 09:39:04 +11:00
Andrew Murray
8e948d066a Update CHANGES.rst [ci skip] 2021-01-02 09:34:31 +11:00
Andrew Murray
f54ea8fadd
Merge pull request #5161 from hugovk/add-pyside6 
Add support for PySide6
 2021-01-02 09:33:16 +11:00
Hugo van Kemenade
effa65cb38 Refactor 2021-01-01 20:37:16 +02:00