Commit Graph

11528 Commits

Author SHA1 Message Date
Hugo van Kemenade
e2ac1d1c34
Merge pull request #5380 from radarhere/accept 2021-04-03 16:23:39 +03:00
Andrew Murray
60da129d4b Replaced register_open lambdas with _accept method for consistency 2021-04-03 21:51:28 +11:00
Andrew Murray
d4f9c6e082 Renamed register_open accept methods for consistency 2021-04-03 21:51:23 +11:00
Hugo van Kemenade
ee079ae67e
Merge pull request #5378 from radarhere/fedora
Removed Fedora 32 docker job
2021-04-02 13:10:36 +03:00
Andrew Murray
ed8064df22 Removed Fedora 32 docker job 2021-04-02 18:07:03 +11:00
Hugo van Kemenade
330f77ae7a 8.3.0.dev0 version bump 2021-04-01 23:56:43 +03:00
Hugo van Kemenade
e0e353c0ef 8.2.0 version bump 2021-04-01 20:58:27 +03:00
Hugo van Kemenade
ee635befc6
Merge pull request #5377 from hugovk/security-and-release-notes
Security fixes for 8.2.0
2021-04-01 20:00:22 +03:00
Hugo van Kemenade
694c84f88f
Fix typo [ci skip]
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
2021-04-01 20:00:13 +03:00
Hugo van Kemenade
8febdad8dd Review, typos and lint 2021-04-01 17:41:46 +03:00
Hugo van Kemenade
fea419665b Reorder, roughly alphabetic 2021-04-01 17:26:24 +03:00
Eric Soroos
496245aa43 Fix BLP DOS -- CVE-2021-28678
* BlpImagePlugin did not properly check that reads after jumping to
  file offsets returned data. This could lead to a DOS where the
  decoder could be run a large number of times on empty data
* This dates to Pillow 5.1.0
2021-04-01 17:17:35 +03:00
Eric Soroos
22e9bee4ef Fix DOS in PSDImagePlugin -- CVE-2021-28675
* PSDImagePlugin did not sanity check the number of input layers and
  vs the size of the data block, this could lead to a DOS on
  Image.open prior to Image.load.
* This issue dates to the PIL fork
2021-04-01 17:17:31 +03:00
Eric Soroos
ba65f0b08e Fix Memory DOS in ImageFont
* A corrupt or specially crafted TTF font could have font metrics that
  lead to unreasonably large sizes when rendering text in
  font. ImageFont.py did not check the image size before allocating
  memory for it.
* Found with oss-fuzz
* This dates from the PIL fork
2021-04-01 17:17:27 +03:00
Eric Soroos
bb6c11fb88 Fix FLI DOS -- CVE-2021-28676
* FliDecode did not properly check that the block advance was
  non-zero, potentally leading to an infinite loop on load.
* This dates to the PIL Fork
* Found with oss-fuzz
2021-04-01 17:17:23 +03:00
Eric Soroos
5a5e6db0ab Fix EPS DOS on _open -- CVE-2021-28677
* The readline used in EPS has to deal with any combination of \r and
  \n as line endings. It used an accidentally quadratic method of
  accumulating lines while looking for a line ending.
* A malicious EPS file could use this to perform a DOS of Pillow in
  the open phase, before an image was accepted for opening.
* This dates to the PIL Fork
2021-04-01 17:17:18 +03:00
Eric Soroos
3bf5eddb89 Fix OOB Read in Jpeg2KDecode CVE-2021-25287,CVE-2021-25288
* For J2k images with multiple bands, it's legal in to have different
  widths for each band, e.g. 1 byte for L, 4 bytes for A
* This dates to Pillow 2.4.0
2021-04-01 17:17:13 +03:00
Hugo van Kemenade
8ec027867f Add security release notes 2021-04-01 17:15:44 +03:00
Hugo van Kemenade
ef5f294d74
Merge pull request #5376 from radarhere/xmp 2021-04-01 15:38:11 +03:00
Andrew Murray
ae7110a85d Added release notes [ci skip] 2021-04-01 23:18:30 +11:00
Andrew Murray
e12d5042ad Adjusted docstring 2021-04-01 22:28:42 +11:00
Andrew Murray
2c8684c525 Moved getxmp() into JpegImageFile 2021-04-01 22:28:37 +11:00
Andrew Murray
43c41720e9 Update CHANGES.rst [ci skip] 2021-04-01 21:40:53 +11:00
Hugo van Kemenade
6812205f18
Merge pull request #5144 from UrielMaD/feature_xmp 2021-04-01 12:44:47 +03:00
Hugo van Kemenade
b90c73f08d
Merge pull request #5373 from wiredfool/valgrind_test_warnings
Fix pytest valgrind warnings
2021-04-01 12:17:50 +03:00
Hugo van Kemenade
cafd389770
Merge pull request #5359 from nulano/libtiff-cmake 2021-04-01 12:03:42 +03:00
Hugo van Kemenade
8c852e44f0
Merge pull request #5349 from latosha-maltba/master 2021-04-01 11:55:37 +03:00
Andrew Murray
37f9fcf93b Removed unused imports 2021-04-01 12:57:34 +11:00
Andrew Murray
682e3e2f69 Update CHANGES.rst [ci skip] 2021-04-01 11:53:33 +11:00
Andrew Murray
9afa64a36f
Merge pull request #5371 from hugovk/fix-link
Docs: Fix link in release notes
2021-04-01 11:43:32 +11:00
wiredfool
60dbc10cee
Merge pull request #5372 from wiredfool/tiff-crash-fixes
Fix recent Tiff crashes in TiffDecode.c
2021-03-31 22:53:58 +01:00
Eric Soroos
87934e22d0 Fix for crash-0da0 2021-03-31 23:24:30 +02:00
Eric Soroos
53c80281d7 fix for crash-8115 2021-03-31 22:23:57 +02:00
Eric Soroos
45530d5ce1 fixes crash-74d2 2021-03-31 22:23:57 +02:00
wiredfool
4044ecc1fb
Merge pull request #5366 from kkopachev/kk-remove-extra-check
Remove redundant check (addition to #5364)
2021-03-31 20:54:07 +01:00
Eric Soroos
22a6893364 Fix pytest valgrind warnings 2021-03-31 21:28:15 +02:00
Hugo van Kemenade
95ac35d287 Fix RST link [ci skip] 2021-03-31 21:28:29 +03:00
Hugo van Kemenade
c54a7bb031
Merge pull request #5333 from radarhere/gif_frame_transparency 2021-03-31 18:08:11 +03:00
Hugo van Kemenade
54e9f3bd0f
Merge pull request #5291 from raygard/giflzw 2021-03-31 17:58:44 +03:00
Hugo van Kemenade
727533148e
Merge pull request #5282 from radarhere/quantize
Set all transparent colors to be equal in quantize()
2021-03-31 17:58:21 +03:00
Hugo van Kemenade
683affa29c
Merge pull request #5206 from radarhere/numpy 2021-03-31 17:46:32 +03:00
Hugo van Kemenade
06dfbb8e3e
Merge branch 'master' into giflzw 2021-03-31 16:45:02 +03:00
Ray Gardner
d6dfdd3617 Add GIF LZW encoding to 8.2.0 release notes. 2021-03-31 06:48:17 -06:00
Hugo van Kemenade
7785931f43
Merge pull request #5316 from radarhere/modes 2021-03-31 11:43:49 +03:00
Andrew Murray
7e940dea5e Added release notes [ci skip] 2021-03-31 19:22:31 +11:00
Andrew Murray
80878fa4c6 Merge branch 'master' into modes 2021-03-31 18:58:11 +11:00
Andrew Murray
a911c0fb94
Merge pull request #5368 from radarhere/ghostscript
Updated Ghostscript to 9.54.0
2021-03-31 18:26:17 +11:00
Hugo van Kemenade
d3ad66d851
Merge pull request #5332 from radarhere/typo
Corrected grammar
2021-03-31 09:40:41 +03:00
Andrew Murray
d8b4a92806 Updated Ghostscript to 9.54.0 2021-03-31 16:03:13 +11:00
Ray Gardner
306d030fce Add comment to reference GIF LZW specification. 2021-03-30 17:35:21 -06:00