Commit Graph

13038 Commits

Author SHA1 Message Date
Andrew Murray
d661e438f6 Fixed ensuring that previous frame was loaded 2021-04-06 19:31:51 +10:00
Andrew Murray
9d489f69ae Removed duplicate word in error message 2021-04-05 19:34:00 +10:00
Andrew Murray
56dfc4a956 Added 301 and 532 to core tags 2021-04-05 19:01:13 +10:00
Andrew Murray
d06871d543 Set mode of three channel uncompressed RGB data to RGB 2021-04-05 17:58:02 +10:00
Andrew Murray
6f87faf0ee Reversed rawmode for uncompressed RGB data 2021-04-05 17:54:34 +10:00
Andrew Murray
92edc29439 Round down the radius in rounded_rectangle 2021-04-05 08:54:06 +10:00
Hugo van Kemenade
e2ac1d1c34
Merge pull request #5380 from radarhere/accept 2021-04-03 16:23:39 +03:00
Andrew Murray
60da129d4b Replaced register_open lambdas with _accept method for consistency 2021-04-03 21:51:28 +11:00
Andrew Murray
d4f9c6e082 Renamed register_open accept methods for consistency 2021-04-03 21:51:23 +11:00
Andrew Murray
77a8a53a94 Allow converting an image to a numpy array to raise errors 2021-04-03 13:20:58 +11:00
Andrew Murray
3c129142c8 Catch OSError 2021-04-03 09:34:56 +11:00
Andrew Murray
39fe85f308
Merge branch 'master' into jp2-decode-subsample 2021-04-03 09:26:55 +11:00
Hugo van Kemenade
ee079ae67e
Merge pull request #5378 from radarhere/fedora
Removed Fedora 32 docker job
2021-04-02 13:10:36 +03:00
Andrew Murray
a69430047b Renamed function 2021-04-02 21:06:10 +11:00
Andrew Murray
6764650e2a Reduced memory usage 2021-04-02 20:48:06 +11:00
Andrew Murray
ed8064df22 Removed Fedora 32 docker job 2021-04-02 18:07:03 +11:00
Hugo van Kemenade
330f77ae7a 8.3.0.dev0 version bump 2021-04-01 23:56:43 +03:00
Hugo van Kemenade
e0e353c0ef 8.2.0 version bump 2021-04-01 20:58:27 +03:00
Andrew Murray
6541bd7cb5 Added second attribute to avoid unstable nature of qsort 2021-04-02 04:07:18 +11:00
Andrew Murray
7387ec23ac Revert "Removed return value of build_distance_tables"
This reverts commit a4a38b805b.
2021-04-02 04:07:18 +11:00
Hugo van Kemenade
ee635befc6
Merge pull request #5377 from hugovk/security-and-release-notes
Security fixes for 8.2.0
2021-04-01 20:00:22 +03:00
Hugo van Kemenade
694c84f88f
Fix typo [ci skip]
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
2021-04-01 20:00:13 +03:00
Hugo van Kemenade
8febdad8dd Review, typos and lint 2021-04-01 17:41:46 +03:00
Hugo van Kemenade
fea419665b Reorder, roughly alphabetic 2021-04-01 17:26:24 +03:00
Eric Soroos
496245aa43 Fix BLP DOS -- CVE-2021-28678
* BlpImagePlugin did not properly check that reads after jumping to
  file offsets returned data. This could lead to a DOS where the
  decoder could be run a large number of times on empty data
* This dates to Pillow 5.1.0
2021-04-01 17:17:35 +03:00
Eric Soroos
22e9bee4ef Fix DOS in PSDImagePlugin -- CVE-2021-28675
* PSDImagePlugin did not sanity check the number of input layers and
  vs the size of the data block, this could lead to a DOS on
  Image.open prior to Image.load.
* This issue dates to the PIL fork
2021-04-01 17:17:31 +03:00
Eric Soroos
ba65f0b08e Fix Memory DOS in ImageFont
* A corrupt or specially crafted TTF font could have font metrics that
  lead to unreasonably large sizes when rendering text in
  font. ImageFont.py did not check the image size before allocating
  memory for it.
* Found with oss-fuzz
* This dates from the PIL fork
2021-04-01 17:17:27 +03:00
Eric Soroos
bb6c11fb88 Fix FLI DOS -- CVE-2021-28676
* FliDecode did not properly check that the block advance was
  non-zero, potentally leading to an infinite loop on load.
* This dates to the PIL Fork
* Found with oss-fuzz
2021-04-01 17:17:23 +03:00
Eric Soroos
5a5e6db0ab Fix EPS DOS on _open -- CVE-2021-28677
* The readline used in EPS has to deal with any combination of \r and
  \n as line endings. It used an accidentally quadratic method of
  accumulating lines while looking for a line ending.
* A malicious EPS file could use this to perform a DOS of Pillow in
  the open phase, before an image was accepted for opening.
* This dates to the PIL Fork
2021-04-01 17:17:18 +03:00
Eric Soroos
3bf5eddb89 Fix OOB Read in Jpeg2KDecode CVE-2021-25287,CVE-2021-25288
* For J2k images with multiple bands, it's legal in to have different
  widths for each band, e.g. 1 byte for L, 4 bytes for A
* This dates to Pillow 2.4.0
2021-04-01 17:17:13 +03:00
Hugo van Kemenade
8ec027867f Add security release notes 2021-04-01 17:15:44 +03:00
Hugo van Kemenade
ef5f294d74
Merge pull request #5376 from radarhere/xmp 2021-04-01 15:38:11 +03:00
Andrew Murray
ae7110a85d Added release notes [ci skip] 2021-04-01 23:18:30 +11:00
Andrew Murray
e12d5042ad Adjusted docstring 2021-04-01 22:28:42 +11:00
Andrew Murray
2c8684c525 Moved getxmp() into JpegImageFile 2021-04-01 22:28:37 +11:00
Andrew Murray
43c41720e9 Update CHANGES.rst [ci skip] 2021-04-01 21:40:53 +11:00
Hugo van Kemenade
6812205f18
Merge pull request #5144 from UrielMaD/feature_xmp 2021-04-01 12:44:47 +03:00
Hugo van Kemenade
b90c73f08d
Merge pull request #5373 from wiredfool/valgrind_test_warnings
Fix pytest valgrind warnings
2021-04-01 12:17:50 +03:00
Hugo van Kemenade
cafd389770
Merge pull request #5359 from nulano/libtiff-cmake 2021-04-01 12:03:42 +03:00
Hugo van Kemenade
8c852e44f0
Merge pull request #5349 from latosha-maltba/master 2021-04-01 11:55:37 +03:00
Andrew Murray
37f9fcf93b Removed unused imports 2021-04-01 12:57:34 +11:00
Andrew Murray
682e3e2f69 Update CHANGES.rst [ci skip] 2021-04-01 11:53:33 +11:00
Andrew Murray
9afa64a36f
Merge pull request #5371 from hugovk/fix-link
Docs: Fix link in release notes
2021-04-01 11:43:32 +11:00
wiredfool
60dbc10cee
Merge pull request #5372 from wiredfool/tiff-crash-fixes
Fix recent Tiff crashes in TiffDecode.c
2021-03-31 22:53:58 +01:00
Eric Soroos
87934e22d0 Fix for crash-0da0 2021-03-31 23:24:30 +02:00
Eric Soroos
53c80281d7 fix for crash-8115 2021-03-31 22:23:57 +02:00
Eric Soroos
45530d5ce1 fixes crash-74d2 2021-03-31 22:23:57 +02:00
wiredfool
4044ecc1fb
Merge pull request #5366 from kkopachev/kk-remove-extra-check
Remove redundant check (addition to #5364)
2021-03-31 20:54:07 +01:00
Eric Soroos
22a6893364 Fix pytest valgrind warnings 2021-03-31 21:28:15 +02:00
Hugo van Kemenade
95ac35d287 Fix RST link [ci skip] 2021-03-31 21:28:29 +03:00