Commit Graph

11619 Commits

Author SHA1 Message Date
Eric Soroos
5a5e6db0ab Fix EPS DOS on _open -- CVE-2021-28677
* The readline used in EPS has to deal with any combination of \r and
  \n as line endings. It used an accidentally quadratic method of
  accumulating lines while looking for a line ending.
* A malicious EPS file could use this to perform a DOS of Pillow in
  the open phase, before an image was accepted for opening.
* This dates to the PIL Fork
2021-04-01 17:17:18 +03:00
Eric Soroos
3bf5eddb89 Fix OOB Read in Jpeg2KDecode CVE-2021-25287,CVE-2021-25288
* For J2k images with multiple bands, it's legal in to have different
  widths for each band, e.g. 1 byte for L, 4 bytes for A
* This dates to Pillow 2.4.0
2021-04-01 17:17:13 +03:00
Hugo van Kemenade
8ec027867f Add security release notes 2021-04-01 17:15:44 +03:00
Hugo van Kemenade
ef5f294d74
Merge pull request #5376 from radarhere/xmp 2021-04-01 15:38:11 +03:00
Andrew Murray
ae7110a85d Added release notes [ci skip] 2021-04-01 23:18:30 +11:00
Andrew Murray
e12d5042ad Adjusted docstring 2021-04-01 22:28:42 +11:00
Andrew Murray
2c8684c525 Moved getxmp() into JpegImageFile 2021-04-01 22:28:37 +11:00
Andrew Murray
43c41720e9 Update CHANGES.rst [ci skip] 2021-04-01 21:40:53 +11:00
Hugo van Kemenade
6812205f18
Merge pull request #5144 from UrielMaD/feature_xmp 2021-04-01 12:44:47 +03:00
Hugo van Kemenade
b90c73f08d
Merge pull request #5373 from wiredfool/valgrind_test_warnings
Fix pytest valgrind warnings
2021-04-01 12:17:50 +03:00
Hugo van Kemenade
cafd389770
Merge pull request #5359 from nulano/libtiff-cmake 2021-04-01 12:03:42 +03:00
Hugo van Kemenade
8c852e44f0
Merge pull request #5349 from latosha-maltba/master 2021-04-01 11:55:37 +03:00
Andrew Murray
37f9fcf93b Removed unused imports 2021-04-01 12:57:34 +11:00
Andrew Murray
682e3e2f69 Update CHANGES.rst [ci skip] 2021-04-01 11:53:33 +11:00
Andrew Murray
9afa64a36f
Merge pull request #5371 from hugovk/fix-link
Docs: Fix link in release notes
2021-04-01 11:43:32 +11:00
wiredfool
60dbc10cee
Merge pull request #5372 from wiredfool/tiff-crash-fixes
Fix recent Tiff crashes in TiffDecode.c
2021-03-31 22:53:58 +01:00
Eric Soroos
87934e22d0 Fix for crash-0da0 2021-03-31 23:24:30 +02:00
Eric Soroos
53c80281d7 fix for crash-8115 2021-03-31 22:23:57 +02:00
Eric Soroos
45530d5ce1 fixes crash-74d2 2021-03-31 22:23:57 +02:00
wiredfool
4044ecc1fb
Merge pull request #5366 from kkopachev/kk-remove-extra-check
Remove redundant check (addition to #5364)
2021-03-31 20:54:07 +01:00
Eric Soroos
22a6893364 Fix pytest valgrind warnings 2021-03-31 21:28:15 +02:00
Hugo van Kemenade
95ac35d287 Fix RST link [ci skip] 2021-03-31 21:28:29 +03:00
Hugo van Kemenade
c54a7bb031
Merge pull request #5333 from radarhere/gif_frame_transparency 2021-03-31 18:08:11 +03:00
Hugo van Kemenade
54e9f3bd0f
Merge pull request #5291 from raygard/giflzw 2021-03-31 17:58:44 +03:00
Hugo van Kemenade
727533148e
Merge pull request #5282 from radarhere/quantize
Set all transparent colors to be equal in quantize()
2021-03-31 17:58:21 +03:00
Hugo van Kemenade
683affa29c
Merge pull request #5206 from radarhere/numpy 2021-03-31 17:46:32 +03:00
Hugo van Kemenade
06dfbb8e3e
Merge branch 'master' into giflzw 2021-03-31 16:45:02 +03:00
Ray Gardner
d6dfdd3617 Add GIF LZW encoding to 8.2.0 release notes. 2021-03-31 06:48:17 -06:00
Hugo van Kemenade
7785931f43
Merge pull request #5316 from radarhere/modes 2021-03-31 11:43:49 +03:00
Andrew Murray
7e940dea5e Added release notes [ci skip] 2021-03-31 19:22:31 +11:00
Andrew Murray
80878fa4c6 Merge branch 'master' into modes 2021-03-31 18:58:11 +11:00
Andrew Murray
a911c0fb94
Merge pull request #5368 from radarhere/ghostscript
Updated Ghostscript to 9.54.0
2021-03-31 18:26:17 +11:00
Hugo van Kemenade
d3ad66d851
Merge pull request #5332 from radarhere/typo
Corrected grammar
2021-03-31 09:40:41 +03:00
Andrew Murray
d8b4a92806 Updated Ghostscript to 9.54.0 2021-03-31 16:03:13 +11:00
Ray Gardner
306d030fce Add comment to reference GIF LZW specification. 2021-03-30 17:35:21 -06:00
Hugo van Kemenade
e08474afa3
Merge pull request #5365 from nulano/fribidi-notes 2021-03-30 21:00:09 +03:00
Andrew Murray
9e5ecd6825 Update CHANGES.rst [ci skip] 2021-03-30 08:00:58 +11:00
Andrew Murray
b0b4fee796
Merge pull request #5350 from elejke/master
Add preserve_tone option to autocontrast
2021-03-30 07:59:57 +11:00
Konstantin Kopachev
19a815dd73
Remove redundant check
It's duplicated inside following call of TIFFReadTile
2021-03-29 11:27:50 -07:00
Ondrej Baranovič
00cc32e3f9
FriBiDi capitalization consistency
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
2021-03-29 19:45:27 +02:00
nulano
4f61637e7f document libraqm/fribidi linking, support fribidi-0.dll on Windows 2021-03-29 17:45:12 +02:00
German Novikov
b855d759cf
Merge pull request #2 from radarhere/autocontrast_tests 2021-03-29 16:01:51 +03:00
Andrew Murray
7844c6e483 Test that preserve_tone changes RGB images but not L images 2021-03-29 23:26:34 +11:00
German Novikov
9ea20c095e
Update docs/releasenotes/8.2.0.rst
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
2021-03-29 14:12:29 +03:00
Andrew Murray
6eae8fd592 Update CHANGES.rst [ci skip] 2021-03-29 08:11:41 +11:00
Hugo van Kemenade
b3a1de94d0
Merge pull request #5323 from radarhere/imagefilter_numpy
Only import numpy when necessary
2021-03-28 19:11:01 +03:00
wiredfool
9a683db339
Merge pull request #5274 from radarhere/gradient
Fixed linear_gradient and radial_gradient I and F modes
2021-03-28 14:35:22 +01:00
wiredfool
d0612030a0
Merge pull request #5364 from wiredfool/4641_merge
Add support for reading TIFFs with PlanarConfiguration=2
2021-03-28 14:33:42 +01:00
wiredfool
611a6d2330
Merge pull request #5328 from wiredfool/oss-fuzz
More OSS-Fuzz support
2021-03-28 14:19:29 +01:00
Konstantin Kopachev
52ecf1b142 Stop guessing strip size and pass expected size 2021-03-28 15:03:37 +02:00