Andrew Murray
120eea2e45
Merge pull request #5173 from radarhere/sgi
...
Fix for SGI Decode buffer overrun
2021-01-02 20:47:36 +11:00
Andrew Murray
903c67353d
Lint fix
2021-01-02 20:41:17 +11:00
Eric Soroos
2f409261eb
Fix for CVE CVE-2020-35655 - Read Overflow in PCX Decoding.
...
* Don't trust the image to specify a buffer size
2021-01-02 20:38:46 +11:00
wiredfool
45a62e91b1
Rework ReadTile
...
* Don't malloc for the swap line, just shuffle backwards
* Ensure that im->pixelsize is sanity checked
* Ensure that we're using the right size for the buffer from TiffReadRGBATile
2021-01-02 20:37:48 +11:00
wiredfool
eb8c1206d6
Fix CVE-2020-35654 - OOB Write in TiffDecode.c
...
* In some circumstances with some versions of libtiff (4.1.0+), there
could be a 4 byte out of bound write when decoding a YCbCr tiff.
* The Pillow code dates to 6.0.0
* Found and reported through Tidelift
2021-01-02 20:37:48 +11:00
Andrew Murray
0c39689690
Merge pull request #5171 from radarhere/makefile
...
Add #5159 to the release notes
2021-01-02 20:20:05 +11:00
Andrew Murray
1cbb12fb6e
Lint fix
2021-01-02 20:19:26 +11:00
Andrew Murray
aa390a5a79
Merge pull request #5172 from radarhere/security
...
Added release notes for #5149
2021-01-02 20:17:36 +11:00
Eric Soroos
9a2c9f722f
Make the SGI code return -1 as an error flag, error in state
2021-01-02 20:10:02 +11:00
Eric Soroos
7e95c63fa7
Fix for SGI Decode buffer overrun CVE-2020-35655
...
* Independently found by a contributor and sent to Tidelift, and by Google's OSS Fuzz.
2021-01-02 20:09:58 +11:00
Andrew Murray
6ffa37b85b
Document #5149 [ci skip]
2021-01-02 19:59:29 +11:00
Andrew Murray
e6ef8a6c09
Update CHANGES.rst [ci skip]
2021-01-02 19:58:03 +11:00
Andrew Murray
527409053f
Added deprecation message for install-venv
2021-01-02 19:40:03 +11:00
Hugo van Kemenade
07bbc46589
Merge pull request #5149 from wiredfool/gif_write_oob_read
2021-01-02 10:14:17 +02:00
Andrew Murray
01cad6bcad
Update CHANGES.rst [ci skip]
2021-01-02 11:24:20 +11:00
Andrew Murray
852503a4a3
Document #5159 [ci skip]
2021-01-02 11:00:33 +11:00
Andrew Murray
312213723d
Merge pull request #5159 from wiredfool/makefile_updates
...
Makefile updates
2021-01-02 10:57:13 +11:00
Hugo van Kemenade
06b0d3905e
Merge pull request #5170 from radarhere/pyside6
...
Document #5161 in release notes
2021-01-02 01:01:58 +02:00
Andrew Murray
6f3670df4d
Updated description
2021-01-02 09:46:03 +11:00
Andrew Murray
3808aee4e6
Document #5161 [ci skip]
2021-01-02 09:39:04 +11:00
Andrew Murray
8e948d066a
Update CHANGES.rst [ci skip]
2021-01-02 09:34:31 +11:00
Andrew Murray
f54ea8fadd
Merge pull request #5161 from hugovk/add-pyside6
...
Add support for PySide6
2021-01-02 09:33:16 +11:00
Hugo van Kemenade
effa65cb38
Refactor
2021-01-01 20:37:16 +02:00
Hugo van Kemenade
4e3dc9a06b
Add support for PySide6
2021-01-01 20:34:44 +02:00
Hugo van Kemenade
11e63b6a64
Merge pull request #5167 from radarhere/pyside2
...
Moved QApplication into one test
2021-01-01 20:28:31 +02:00
wiredfool
a955e97625
Merge pull request #5 from radarhere/makefile_updates
...
Added isort to lint-fix
2021-01-01 13:02:01 +00:00
Andrew Murray
4f28ed3956
Changed tabs to spaces for consistency
2021-01-01 23:32:46 +11:00
Andrew Murray
78a051470c
Added isort to lint-fix
2021-01-01 15:54:53 +11:00
Andrew Murray
62693b7c54
Moved QApplication into one test
2021-01-01 11:33:20 +11:00
Hugo van Kemenade
41462d8c55
Merge pull request #5166 from radarhere/copyright
...
Updated copyright year
2021-01-01 00:54:25 +02:00
Andrew Murray
d7350bd403
Update CHANGES.rst [ci skip]
2021-01-01 09:06:32 +11:00
Eric Soroos
31b6e80f6e
lint-fix target, currently including black
2020-12-31 16:39:10 +01:00
Eric Soroos
35c396c1e6
the other pip invocation
2020-12-31 16:38:57 +01:00
Eric Soroos
4ba769f99e
documentation
2020-12-31 16:38:41 +01:00
Hugo van Kemenade
4093897673
Merge pull request #5126 from radarhere/apng_disposal
...
Use disposal settings from previous frame in APNG
2020-12-31 16:06:33 +02:00
Hugo van Kemenade
3718c350f9
Merge pull request #5162 from radarhere/argument
...
Corrected argument
2020-12-31 16:04:25 +02:00
Andrew Murray
48eb46ece6
Updated copyright year
2021-01-01 00:05:47 +11:00
Hugo van Kemenade
01f068f978
Merge pull request #5163 from radarhere/3.10
...
Revert "skip wheels on 3.10-dev due to wheel#354"
2020-12-31 10:20:33 +02:00
Andrew Murray
1af26f3159
Revert "skip wheels on 3.10-dev due to wheel#354"
...
This reverts commit bdcc48f0a2
.
2020-12-31 18:38:17 +11:00
Andrew Murray
77b16efba3
Corrected argument
2020-12-31 16:25:46 +11:00
Andrew Murray
01cee38b9b
Merge pull request #5153 from radarhere/tiff_wheels
...
Updated libtiff to 4.2.0
2020-12-31 10:01:19 +11:00
Andrew Murray
737205c67f
Update CHANGES.rst [ci skip]
2020-12-31 09:35:35 +11:00
Andrew Murray
e1e77ff735
Merge pull request #5156 from radarhere/better-binary-use
...
Better _binary module use
2020-12-31 00:07:46 +11:00
Hugo van Kemenade
bba84e53f2
Merge pull request #5154 from radarhere/security
...
Added #5148 to the release notes
2020-12-30 13:40:59 +02:00
Eric Soroos
85649e299d
Makefile: Lint target
2020-12-30 11:51:04 +01:00
Eric Soroos
dae30d8601
Removed co target -- Artifact of previous code review process
2020-12-30 11:26:32 +01:00
Eric Soroos
e126001e62
Help as default goal
2020-12-30 11:25:34 +01:00
Eric Soroos
250e42f7f8
Bad Rebase
2020-12-30 11:07:58 +01:00
Alexander
1ff61bcaa6
use offset for all binary input functions instead of slicing
2020-12-30 19:10:50 +11:00
Alexander
3757b8c748
remove extra i8 calls where input is proved bytes[] or int
2020-12-30 19:04:11 +11:00