Commit Graph

11237 Commits

Author SHA1 Message Date
Andrew Murray
45c43fc911 Added release notes [ci skip] 2021-03-08 19:39:28 +11:00
Andrew Murray
690cf9ebe2 Allow alpha_composite destination to be negative 2021-03-06 20:54:21 +11:00
Andrew Murray
1d7cbeb338 Update CHANGES.rst [ci skip] 2021-03-06 13:26:09 +11:00
Andrew Murray
f2ea25780a Added release notes for 8.1.2 2021-03-06 13:25:36 +11:00
Andrew Murray
5269ab13a7 Lint fix 2021-03-06 10:20:01 +11:00
Eric Soroos
480f6819b5 Fix Memory DOS in Icns, Ico and Blp Image Plugins
Some container plugins that could contain images of other formats,
such as the ICNS format, did not properly check the reported size of
the contained image. These images could cause arbitrariliy large
memory allocations.

This is fixed for all locations where individual *ImageFile classes
are created without going through the usual Image.open method.
2021-03-06 10:19:14 +11:00
Hugo van Kemenade
b511d704ae
Merge pull request #5306 from radarhere/releasenotes
Added more CVE numbers to 8.1.1 release notes
2021-03-04 13:23:09 +02:00
Andrew Murray
b885af93cb Added more CVE numbers [ci skip] 2021-03-04 17:33:47 +11:00
Andrew Murray
4b73397bdf
Merge pull request #5303 from radarhere/releasenotes
Corrected list of relevant dependencies
2021-03-03 22:40:44 +11:00
Andrew Murray
944fd834db
Updated spelling [ci skip]
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
2021-03-03 22:38:24 +11:00
Andrew Murray
b959ee7885 Corrected list of relevant dependencies [ci skip] 2021-03-03 20:34:52 +11:00
Andrew Murray
0de08851e4
Merge pull request #5301 from hugovk/update-release-notes
Update release notes: formatting, links, spelling
2021-03-03 20:29:14 +11:00
Hugo van Kemenade
d0cf8ffef5
Fix filename spelling
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
2021-03-03 10:47:21 +02:00
Hugo van Kemenade
fbb825e3bf
Merge pull request #5302 from radarhere/libimagequant 2021-03-03 10:45:39 +02:00
Andrew Murray
4103b50852
Merge pull request #13 from nulano/libimagequant
Update libimagequant in winbuild
2021-03-03 10:43:07 +11:00
nulano
333fd06e90 update libimagequant in winbuild 2021-03-02 23:19:20 +01:00
Andrew Murray
f676b10813 Updated libimagequant to 2.14.1 2021-03-03 07:56:29 +11:00
Hugo van Kemenade
b23e261300
Merge pull request #67 from radarhere/update-release-notes
Expanded "OOB" to "out-of-bounds"
2021-03-02 15:12:11 +02:00
Andrew Murray
b41dab0e9b Expanded "OOB" to "out-of-bounds" [ci skip] 2021-03-02 23:22:06 +11:00
Hugo van Kemenade
915f68967f Update release notes formatting, links, spelling 2021-03-02 13:16:14 +02:00
Andrew Murray
e563366863
Merge pull request #5299 from heitbaum/patch-1
CHANGES.rst: update dates
2021-03-02 20:30:50 +11:00
heitbaum
8e887b62ac
CHANGES.rst: update dates 2021-03-02 20:09:23 +11:00
wiredfool
35f8fafdf5
Merge pull request #5198 from wiredfool/cifuzz
Add CIFuzz Github Action
2021-03-01 20:25:30 +00:00
wiredfool
c477bed95f
Merge pull request #5280 from cgohlke/patch-1
Fix suspicious sequence of types castings
2021-03-01 20:19:26 +00:00
Eric Soroos
3c96fbf908 Removed "Remove me" testing lines 2021-03-01 21:03:26 +01:00
Andrew Murray
a80cf42275 Added 8.1.1 release notes to index 2021-03-01 19:22:57 +11:00
Andrew Murray
fb4ae1ee3c Update CHANGES.rst [ci skip] 2021-03-01 19:20:52 +11:00
Eric Soroos
c96eac1ca4 Credits 2021-03-01 19:05:23 +11:00
Eric Soroos
3f2b7d7140 Release notes for 8.1.1 2021-03-01 19:05:08 +11:00
Hugo van Kemenade
3bce145966 Use more specific regex chars to prevent ReDoS
* CVE-2021-25292
2021-03-01 19:04:57 +11:00
Eric Soroos
cbdce6c5d0 Fix for CVE-2021-25291
* Invalid tile boundaries lead to OOB Read in TiffDecode.c, in TiffReadRGBATile
* Check the tile validity before attempting to read.
2021-03-01 19:04:48 +11:00
Eric Soroos
86f02f7c70 Fix negative size read in TiffDecode.c
* Caught by oss-fuzz runs
* CVE-2021-25290
2021-03-01 19:04:42 +11:00
Eric Soroos
4853e522bd Fix OOB read in SgiRleDecode.c
* From Pillow 4.3.0->8.1.0
* CVE-2021-25293
2021-03-01 19:04:19 +11:00
Eric Soroos
3fee28eb94 Incorrect error code checking in TiffDecode.c
* since Pillow 8.1.0
* CVE-2021-25289
2021-03-01 18:51:13 +11:00
wiredfool
e5839216a5
Merge pull request #5293 from wiredfool/valgrind_action
Add Valgrind GHA
2021-02-28 16:25:13 +00:00
Eric Soroos
aa0b982ef6 Added failure if out/crash-* exists 2021-02-28 17:17:33 +01:00
Eric Soroos
f74d046574 Removing the .yml files from the triggers 2021-02-28 17:09:27 +01:00
Eric Soroos
95884c6b2d Riun on .c/.h 2021-02-27 12:54:38 +01:00
Eric Soroos
3c2893cdf1 No coverage from the valgrind run 2021-02-27 12:00:18 +01:00
Eric Soroos
2d52a9fcf2 Syntax 2021-02-27 11:54:33 +01:00
Eric Soroos
061012c46a Stage Title Change 2021-02-27 11:52:52 +01:00
Eric Soroos
f194d9e6e2 Keep errors if they're "known" 2021-02-27 11:46:19 +01:00
Eric Soroos
ba1555a485 syntax 2021-02-27 11:31:43 +01:00
Eric Soroos
cf5b9a77b3 Add Valgrind GHA 2021-02-27 11:22:26 +01:00
Hugo van Kemenade
a3f34e71ed
Merge pull request #5283 from radarhere/context_managers
Added context managers to documentation
2021-02-26 20:17:18 +02:00
Hugo van Kemenade
f73ead103e
Merge pull request #5288 from radarhere/numpy_builtins 2021-02-26 18:48:40 +02:00
Hugo van Kemenade
af4ef759d2
Merge pull request #5290 from radarhere/imageshow
Removed comment
2021-02-26 18:46:41 +02:00
Andrew Murray
5f92636bd0 Removed comment 2021-02-27 00:33:23 +11:00
Andrew Murray
3e670d7737 Migrated from deprecated numpy bool and float 2021-02-26 20:59:11 +11:00
Andrew Murray
80e570bb99 Added context managers 2021-02-25 23:41:31 +11:00