Commit Graph

11262 Commits

Author SHA1 Message Date
Andrew Murray
e7f5bb1831 Ensure file is closed if it is opened by ImageQt.ImageQt 2021-03-08 20:38:03 +11:00
Andrew Murray
441a1cf9cf Update CHANGES.rst [ci skip] 2021-03-08 19:00:57 +11:00
Hugo van Kemenade
8accaf0259
Merge pull request #5155 from nulano/sbix 2021-03-08 09:44:37 +02:00
Ondrej Baranovič
14671f715f
Merge branch 'master' into sbix 2021-03-07 20:05:25 +01:00
Hugo van Kemenade
6108596ff8
Merge pull request #5289 from radarhere/ipythonviewer 2021-03-07 14:26:50 +02:00
Hugo van Kemenade
3a27118d76
Merge pull request #5183 from radarhere/rectangle
Only draw each rectangle outline pixel once
2021-03-07 12:25:45 +02:00
Hugo van Kemenade
f15f573e51
Merge pull request #5224 from radarhere/mapper 2021-03-07 11:51:46 +02:00
Hugo van Kemenade
a95fee0475
Merge pull request #5215 from radarhere/license
Document license for several fonts
2021-03-07 11:41:56 +02:00
Hugo van Kemenade
f9b830f058
Merge pull request #5214 from radarhere/pcx
Handle PCX images with an odd stride
2021-03-07 11:41:14 +02:00
Hugo van Kemenade
95986f38da
Merge pull request #5168 from radarhere/mpo 2021-03-07 11:38:36 +02:00
Andrew Murray
1d7cbeb338 Update CHANGES.rst [ci skip] 2021-03-06 13:26:09 +11:00
Andrew Murray
f2ea25780a Added release notes for 8.1.2 2021-03-06 13:25:36 +11:00
Andrew Murray
5269ab13a7 Lint fix 2021-03-06 10:20:01 +11:00
Eric Soroos
480f6819b5 Fix Memory DOS in Icns, Ico and Blp Image Plugins
Some container plugins that could contain images of other formats,
such as the ICNS format, did not properly check the reported size of
the contained image. These images could cause arbitrariliy large
memory allocations.

This is fixed for all locations where individual *ImageFile classes
are created without going through the usual Image.open method.
2021-03-06 10:19:14 +11:00
Hugo van Kemenade
b511d704ae
Merge pull request #5306 from radarhere/releasenotes
Added more CVE numbers to 8.1.1 release notes
2021-03-04 13:23:09 +02:00
Andrew Murray
b885af93cb Added more CVE numbers [ci skip] 2021-03-04 17:33:47 +11:00
Andrew Murray
a1463ff211 Added release notes 2021-03-04 08:59:47 +11:00
Andrew Murray
7b09463809 Added IPythonViewer docstring 2021-03-04 08:56:49 +11:00
Kipkurui Mutai
5e0a4acb85 Update ImageShow.rst 2021-03-04 08:56:13 +11:00
Andrew Murray
f067fe4c05 Added import alias for clarity 2021-03-04 08:56:03 +11:00
Andrew Murray
346bfc9537 Added IPythonViewer 2021-03-04 08:55:24 +11:00
Andrew Murray
4b73397bdf
Merge pull request #5303 from radarhere/releasenotes
Corrected list of relevant dependencies
2021-03-03 22:40:44 +11:00
Andrew Murray
944fd834db
Updated spelling [ci skip]
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
2021-03-03 22:38:24 +11:00
Andrew Murray
b959ee7885 Corrected list of relevant dependencies [ci skip] 2021-03-03 20:34:52 +11:00
Andrew Murray
0de08851e4
Merge pull request #5301 from hugovk/update-release-notes
Update release notes: formatting, links, spelling
2021-03-03 20:29:14 +11:00
Hugo van Kemenade
d0cf8ffef5
Fix filename spelling
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
2021-03-03 10:47:21 +02:00
Hugo van Kemenade
fbb825e3bf
Merge pull request #5302 from radarhere/libimagequant 2021-03-03 10:45:39 +02:00
Andrew Murray
4103b50852
Merge pull request #13 from nulano/libimagequant
Update libimagequant in winbuild
2021-03-03 10:43:07 +11:00
nulano
333fd06e90 update libimagequant in winbuild 2021-03-02 23:19:20 +01:00
Andrew Murray
f676b10813 Updated libimagequant to 2.14.1 2021-03-03 07:56:29 +11:00
Hugo van Kemenade
b23e261300
Merge pull request #67 from radarhere/update-release-notes
Expanded "OOB" to "out-of-bounds"
2021-03-02 15:12:11 +02:00
Andrew Murray
b41dab0e9b Expanded "OOB" to "out-of-bounds" [ci skip] 2021-03-02 23:22:06 +11:00
Hugo van Kemenade
915f68967f Update release notes formatting, links, spelling 2021-03-02 13:16:14 +02:00
Andrew Murray
e563366863
Merge pull request #5299 from heitbaum/patch-1
CHANGES.rst: update dates
2021-03-02 20:30:50 +11:00
heitbaum
8e887b62ac
CHANGES.rst: update dates 2021-03-02 20:09:23 +11:00
wiredfool
35f8fafdf5
Merge pull request #5198 from wiredfool/cifuzz
Add CIFuzz Github Action
2021-03-01 20:25:30 +00:00
wiredfool
c477bed95f
Merge pull request #5280 from cgohlke/patch-1
Fix suspicious sequence of types castings
2021-03-01 20:19:26 +00:00
Eric Soroos
3c96fbf908 Removed "Remove me" testing lines 2021-03-01 21:03:26 +01:00
Andrew Murray
a80cf42275 Added 8.1.1 release notes to index 2021-03-01 19:22:57 +11:00
Andrew Murray
fb4ae1ee3c Update CHANGES.rst [ci skip] 2021-03-01 19:20:52 +11:00
Eric Soroos
c96eac1ca4 Credits 2021-03-01 19:05:23 +11:00
Eric Soroos
3f2b7d7140 Release notes for 8.1.1 2021-03-01 19:05:08 +11:00
Hugo van Kemenade
3bce145966 Use more specific regex chars to prevent ReDoS
* CVE-2021-25292
2021-03-01 19:04:57 +11:00
Eric Soroos
cbdce6c5d0 Fix for CVE-2021-25291
* Invalid tile boundaries lead to OOB Read in TiffDecode.c, in TiffReadRGBATile
* Check the tile validity before attempting to read.
2021-03-01 19:04:48 +11:00
Eric Soroos
86f02f7c70 Fix negative size read in TiffDecode.c
* Caught by oss-fuzz runs
* CVE-2021-25290
2021-03-01 19:04:42 +11:00
Eric Soroos
4853e522bd Fix OOB read in SgiRleDecode.c
* From Pillow 4.3.0->8.1.0
* CVE-2021-25293
2021-03-01 19:04:19 +11:00
Eric Soroos
3fee28eb94 Incorrect error code checking in TiffDecode.c
* since Pillow 8.1.0
* CVE-2021-25289
2021-03-01 18:51:13 +11:00
wiredfool
e5839216a5
Merge pull request #5293 from wiredfool/valgrind_action
Add Valgrind GHA
2021-02-28 16:25:13 +00:00
Eric Soroos
aa0b982ef6 Added failure if out/crash-* exists 2021-02-28 17:17:33 +01:00
Eric Soroos
f74d046574 Removing the .yml files from the triggers 2021-02-28 17:09:27 +01:00