python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2024-11-10 19:56:47 +03:00
Code Issues Packages Projects Releases Wiki Activity
11,250 Commits 48 Branches 91 Tags 311 MiB
becd633d3f
Commit Graph

11250 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Eric Soroos
becd633d3f Refactor fuzzers, add fuzzer tests 2021-03-14 13:01:27 +01:00
Eric Soroos
e2577d1736 font fuzzer 2021-03-13 11:35:50 +01:00
Eric Soroos
38692f222f Delegate building of oss-fuzz versions to pillow 2021-03-13 11:12:05 +01:00
Hugo van Kemenade
f15f573e51
Merge pull request #5224 from radarhere/mapper 2021-03-07 11:51:46 +02:00
Hugo van Kemenade
a95fee0475
Merge pull request #5215 from radarhere/license 
Document license for several fonts
 2021-03-07 11:41:56 +02:00
Hugo van Kemenade
f9b830f058
Merge pull request #5214 from radarhere/pcx 
Handle PCX images with an odd stride
 2021-03-07 11:41:14 +02:00
Hugo van Kemenade
95986f38da
Merge pull request #5168 from radarhere/mpo 2021-03-07 11:38:36 +02:00
Andrew Murray
1d7cbeb338 Update CHANGES.rst [ci skip] 2021-03-06 13:26:09 +11:00
Andrew Murray
f2ea25780a Added release notes for 8.1.2 2021-03-06 13:25:36 +11:00
Andrew Murray
5269ab13a7 Lint fix 2021-03-06 10:20:01 +11:00
Eric Soroos
480f6819b5 Fix Memory DOS in Icns, Ico and Blp Image Plugins 
Some container plugins that could contain images of other formats,
such as the ICNS format, did not properly check the reported size of
the contained image. These images could cause arbitrariliy large
memory allocations.

This is fixed for all locations where individual *ImageFile classes
are created without going through the usual Image.open method.
 2021-03-06 10:19:14 +11:00
Hugo van Kemenade
b511d704ae
Merge pull request #5306 from radarhere/releasenotes 
Added more CVE numbers to 8.1.1 release notes
 2021-03-04 13:23:09 +02:00
Andrew Murray
b885af93cb Added more CVE numbers [ci skip] 2021-03-04 17:33:47 +11:00
Andrew Murray
4b73397bdf
Merge pull request #5303 from radarhere/releasenotes 
Corrected list of relevant dependencies
 2021-03-03 22:40:44 +11:00
Andrew Murray
944fd834db
Updated spelling [ci skip] 
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
 2021-03-03 22:38:24 +11:00
Andrew Murray
b959ee7885 Corrected list of relevant dependencies [ci skip] 2021-03-03 20:34:52 +11:00
Andrew Murray
0de08851e4
Merge pull request #5301 from hugovk/update-release-notes 
Update release notes: formatting, links, spelling
 2021-03-03 20:29:14 +11:00
Hugo van Kemenade
d0cf8ffef5
Fix filename spelling 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2021-03-03 10:47:21 +02:00
Hugo van Kemenade
fbb825e3bf
Merge pull request #5302 from radarhere/libimagequant 2021-03-03 10:45:39 +02:00
Andrew Murray
4103b50852
Merge pull request #13 from nulano/libimagequant 
Update libimagequant in winbuild
 2021-03-03 10:43:07 +11:00
nulano
333fd06e90 update libimagequant in winbuild 2021-03-02 23:19:20 +01:00
Andrew Murray
f676b10813 Updated libimagequant to 2.14.1 2021-03-03 07:56:29 +11:00
Hugo van Kemenade
b23e261300
Merge pull request #67 from radarhere/update-release-notes 
Expanded "OOB" to "out-of-bounds"
 2021-03-02 15:12:11 +02:00
Andrew Murray
b41dab0e9b Expanded "OOB" to "out-of-bounds" [ci skip] 2021-03-02 23:22:06 +11:00
Hugo van Kemenade
915f68967f Update release notes formatting, links, spelling 2021-03-02 13:16:14 +02:00
Andrew Murray
e563366863
Merge pull request #5299 from heitbaum/patch-1 
CHANGES.rst: update dates
 2021-03-02 20:30:50 +11:00
heitbaum
8e887b62ac
CHANGES.rst: update dates 2021-03-02 20:09:23 +11:00
wiredfool
35f8fafdf5
Merge pull request #5198 from wiredfool/cifuzz 
Add CIFuzz Github Action
 2021-03-01 20:25:30 +00:00
wiredfool
c477bed95f
Merge pull request #5280 from cgohlke/patch-1 
Fix suspicious sequence of types castings
 2021-03-01 20:19:26 +00:00
Eric Soroos
3c96fbf908 Removed "Remove me" testing lines 2021-03-01 21:03:26 +01:00
Andrew Murray
a80cf42275 Added 8.1.1 release notes to index 2021-03-01 19:22:57 +11:00
Andrew Murray
fb4ae1ee3c Update CHANGES.rst [ci skip] 2021-03-01 19:20:52 +11:00
Eric Soroos
c96eac1ca4 Credits 2021-03-01 19:05:23 +11:00
Eric Soroos
3f2b7d7140 Release notes for 8.1.1 2021-03-01 19:05:08 +11:00
Hugo van Kemenade
3bce145966 Use more specific regex chars to prevent ReDoS 
* CVE-2021-25292
 2021-03-01 19:04:57 +11:00
Eric Soroos
cbdce6c5d0 Fix for CVE-2021-25291 
* Invalid tile boundaries lead to OOB Read in TiffDecode.c, in TiffReadRGBATile
* Check the tile validity before attempting to read.
 2021-03-01 19:04:48 +11:00
Eric Soroos
86f02f7c70 Fix negative size read in TiffDecode.c 
* Caught by oss-fuzz runs
* CVE-2021-25290
 2021-03-01 19:04:42 +11:00
Eric Soroos
4853e522bd Fix OOB read in SgiRleDecode.c 
* From Pillow 4.3.0->8.1.0
* CVE-2021-25293
 2021-03-01 19:04:19 +11:00
Eric Soroos
3fee28eb94 Incorrect error code checking in TiffDecode.c 
* since Pillow 8.1.0
* CVE-2021-25289
 2021-03-01 18:51:13 +11:00
wiredfool
e5839216a5
Merge pull request #5293 from wiredfool/valgrind_action 
Add Valgrind GHA
 2021-02-28 16:25:13 +00:00
Eric Soroos
aa0b982ef6 Added failure if out/crash-* exists 2021-02-28 17:17:33 +01:00
Eric Soroos
f74d046574 Removing the .yml files from the triggers 2021-02-28 17:09:27 +01:00
Eric Soroos
95884c6b2d Riun on .c/.h 2021-02-27 12:54:38 +01:00
Eric Soroos
3c2893cdf1 No coverage from the valgrind run 2021-02-27 12:00:18 +01:00
Eric Soroos
2d52a9fcf2 Syntax 2021-02-27 11:54:33 +01:00
Eric Soroos
061012c46a Stage Title Change 2021-02-27 11:52:52 +01:00
Eric Soroos
f194d9e6e2 Keep errors if they're "known" 2021-02-27 11:46:19 +01:00
Eric Soroos
ba1555a485 syntax 2021-02-27 11:31:43 +01:00
Eric Soroos
cf5b9a77b3 Add Valgrind GHA 2021-02-27 11:22:26 +01:00
Hugo van Kemenade
a3f34e71ed
Merge pull request #5283 from radarhere/context_managers 
Added context managers to documentation
 2021-02-26 20:17:18 +02:00