Hugo van Kemenade
0cc2943aef
Merge pull request #5386 from radarhere/previous_frame_loaded
...
Fixed ensuring that GIF previous frame was loaded
2021-04-15 10:47:44 +03:00
Andrew Murray
45003b78ed
Merge pull request #5399 from cholojuanito/docs-pdf-param-update
...
Fix PDF file format documentation
2021-04-11 15:18:37 +10:00
wiredfool
fe668716ed
Merge pull request #5397 from wiredfool/valgrind_fixes
...
Valgrind fixes
2021-04-10 19:15:17 +01:00
Eric Soroos
75c60bd6bb
Can't install valgrind in requirements, breaks doc building
2021-04-10 17:47:18 +02:00
Eric Soroos
1c872a9eda
lint stuff
2021-04-10 16:58:01 +02:00
Tanner Davis
a02e700f44
Merge pull request #2 from radarhere/docs-pdf-param-update
...
Corrected syntax
2021-04-10 06:54:56 -06:00
Eric Soroos
af6fb9c518
xfail the fuzzer check as well
2021-04-10 12:03:39 +02:00
Eric Soroos
c94f66ad13
make sure we return a mark decorator
2021-04-10 12:03:15 +02:00
Andrew Murray
302ddc9b5e
Corrected syntax
2021-04-10 11:39:24 +10:00
Eric Soroos
a3a69c8385
conditional mark for valgrind ignore
2021-04-09 23:53:24 +02:00
Tanner Davis
8c38c80bb1
Now the rst link to the Image class should work
2021-04-09 11:47:29 -06:00
Tanner Davis
8da6eef073
Made sure the rst link to the Image class was correct
2021-04-09 11:09:16 -06:00
Tanner Davis
ef3de6bf4f
PDF format docs, append_images
param update [ci skip]
...
Made sure it is documented that both the `append_images` and `save_all` params must be set. Just setting `append_images` does not work.
2021-04-09 10:53:33 -06:00
Andrew Murray
356681faae
Merge pull request #5393 from hugovk/test-redos
...
Add test for CVE-2021-25292 ReDoS
2021-04-09 23:34:11 +10:00
Eric Soroos
441e6426ae
Initialize buffer with 0, fixes valgrind undefined behavior issues
2021-04-09 13:41:23 +02:00
Eric Soroos
43aa6ade6f
Local valgrind test target
2021-04-09 13:39:28 +02:00
Hugo van Kemenade
b01fd46fe6
Merge pull request #5395 from radarhere/python3
2021-04-09 13:43:45 +03:00
Andrew Murray
714d6c8cd3
Removed shebang line
2021-04-09 19:10:53 +10:00
Andrew Murray
b8c8375d0c
Use python3 in shebang line
2021-04-09 19:10:36 +10:00
Hugo van Kemenade
bde149be38
Add test for CVE-2021-25292 ReDoS
2021-04-08 23:53:22 +03:00
Hugo van Kemenade
75c111903c
Merge pull request #5382 from radarhere/rounded_rectangle
...
Round down the radius in rounded_rectangle
2021-04-07 19:31:19 +03:00
Andrew Murray
97207a8b19
Update CHANGES.rst [ci skip]
2021-04-07 19:20:35 +10:00
Hugo van Kemenade
eeddc06305
Merge pull request #5383 from radarhere/dds
2021-04-07 12:15:02 +03:00
Andrew Murray
d661e438f6
Fixed ensuring that previous frame was loaded
2021-04-06 19:31:51 +10:00
Andrew Murray
d06871d543
Set mode of three channel uncompressed RGB data to RGB
2021-04-05 17:58:02 +10:00
Andrew Murray
6f87faf0ee
Reversed rawmode for uncompressed RGB data
2021-04-05 17:54:34 +10:00
Andrew Murray
92edc29439
Round down the radius in rounded_rectangle
2021-04-05 08:54:06 +10:00
Hugo van Kemenade
e2ac1d1c34
Merge pull request #5380 from radarhere/accept
2021-04-03 16:23:39 +03:00
Andrew Murray
60da129d4b
Replaced register_open lambdas with _accept method for consistency
2021-04-03 21:51:28 +11:00
Andrew Murray
d4f9c6e082
Renamed register_open accept methods for consistency
2021-04-03 21:51:23 +11:00
Hugo van Kemenade
ee079ae67e
Merge pull request #5378 from radarhere/fedora
...
Removed Fedora 32 docker job
2021-04-02 13:10:36 +03:00
Andrew Murray
ed8064df22
Removed Fedora 32 docker job
2021-04-02 18:07:03 +11:00
Hugo van Kemenade
330f77ae7a
8.3.0.dev0 version bump
2021-04-01 23:56:43 +03:00
Hugo van Kemenade
e0e353c0ef
8.2.0 version bump
2021-04-01 20:58:27 +03:00
Hugo van Kemenade
ee635befc6
Merge pull request #5377 from hugovk/security-and-release-notes
...
Security fixes for 8.2.0
2021-04-01 20:00:22 +03:00
Hugo van Kemenade
694c84f88f
Fix typo [ci skip]
...
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
2021-04-01 20:00:13 +03:00
Hugo van Kemenade
8febdad8dd
Review, typos and lint
2021-04-01 17:41:46 +03:00
Hugo van Kemenade
fea419665b
Reorder, roughly alphabetic
2021-04-01 17:26:24 +03:00
Eric Soroos
496245aa43
Fix BLP DOS -- CVE-2021-28678
...
* BlpImagePlugin did not properly check that reads after jumping to
file offsets returned data. This could lead to a DOS where the
decoder could be run a large number of times on empty data
* This dates to Pillow 5.1.0
2021-04-01 17:17:35 +03:00
Eric Soroos
22e9bee4ef
Fix DOS in PSDImagePlugin -- CVE-2021-28675
...
* PSDImagePlugin did not sanity check the number of input layers and
vs the size of the data block, this could lead to a DOS on
Image.open prior to Image.load.
* This issue dates to the PIL fork
2021-04-01 17:17:31 +03:00
Eric Soroos
ba65f0b08e
Fix Memory DOS in ImageFont
...
* A corrupt or specially crafted TTF font could have font metrics that
lead to unreasonably large sizes when rendering text in
font. ImageFont.py did not check the image size before allocating
memory for it.
* Found with oss-fuzz
* This dates from the PIL fork
2021-04-01 17:17:27 +03:00
Eric Soroos
bb6c11fb88
Fix FLI DOS -- CVE-2021-28676
...
* FliDecode did not properly check that the block advance was
non-zero, potentally leading to an infinite loop on load.
* This dates to the PIL Fork
* Found with oss-fuzz
2021-04-01 17:17:23 +03:00
Eric Soroos
5a5e6db0ab
Fix EPS DOS on _open -- CVE-2021-28677
...
* The readline used in EPS has to deal with any combination of \r and
\n as line endings. It used an accidentally quadratic method of
accumulating lines while looking for a line ending.
* A malicious EPS file could use this to perform a DOS of Pillow in
the open phase, before an image was accepted for opening.
* This dates to the PIL Fork
2021-04-01 17:17:18 +03:00
Eric Soroos
3bf5eddb89
Fix OOB Read in Jpeg2KDecode CVE-2021-25287,CVE-2021-25288
...
* For J2k images with multiple bands, it's legal in to have different
widths for each band, e.g. 1 byte for L, 4 bytes for A
* This dates to Pillow 2.4.0
2021-04-01 17:17:13 +03:00
Hugo van Kemenade
8ec027867f
Add security release notes
2021-04-01 17:15:44 +03:00
Hugo van Kemenade
ef5f294d74
Merge pull request #5376 from radarhere/xmp
2021-04-01 15:38:11 +03:00
Andrew Murray
ae7110a85d
Added release notes [ci skip]
2021-04-01 23:18:30 +11:00
Andrew Murray
e12d5042ad
Adjusted docstring
2021-04-01 22:28:42 +11:00
Andrew Murray
2c8684c525
Moved getxmp() into JpegImageFile
2021-04-01 22:28:37 +11:00
Andrew Murray
43c41720e9
Update CHANGES.rst [ci skip]
2021-04-01 21:40:53 +11:00