Updated order

10.0.1 version bump
Added release notes for 10.0.1
2025-07-31 18:40:05 +03:00 · 2023-09-15 21:55:25 +10:00 · 2023-09-15 21:37:59 +10:00 · 2023-09-15 21:37:50 +10:00 · 2023-09-15 21:22:29 +10:00 · 2023-09-15 21:20:29 +10:00
7 changed files with 33 additions and 9 deletions
--- a/CHANGES.rst
+++ b/CHANGES.rst
@ -2,6 +2,15 @@
 Changelog (Pillow)
 ==================

+10.0.1 (2023-09-15)
+-------------------
+
+- Updated libwebp to 1.3.2 #7395
+  [radarhere]
+
+- Updated zlib to 1.3 #7344
+  [radarhere]
+
 10.0.0 (2023-07-01)
 -------------------

--- a/Tests/test_file_png.py
+++ b/Tests/test_file_png.py
@ -79,7 +79,7 @@ class TestFilePng:

    def test_sanity(self, tmp_path):
        # internal version number
-        assert re.search(r"\d+\.\d+\.\d+(\.\d+)?$", features.version_codec("zlib"))
+        assert re.search(r"\d+(\.\d+){1,3}$", features.version_codec("zlib"))

        test_file = str(tmp_path / "temp.png")

--- a/depends/install_webp.sh
+++ b/depends/install_webp.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 # install webp

-archive=libwebp-1.3.1
+archive=libwebp-1.3.2

 ./download-and-extract.sh $archive https://raw.githubusercontent.com/python-pillow/pillow-depends/main/$archive.tar.gz

--- a/docs/releasenotes/10.0.1.rst
+++ b/docs/releasenotes/10.0.1.rst
@ -0,0 +1,14 @@
+10.0.1
+------
+
+Security
+========
+
+This release addresses :cve:`2023-4863`, by providing an updated install script and
+updated wheels to include libwebp 1.3.2, preventing a potential heap buffer overflow
+in WebP.
+
+Updated tests to pass with latest zlib version
+==============================================
+
+The release of zlib 1.3 caused one of the tests in the Pillow test suite to fail.
--- a/docs/releasenotes/index.rst
+++ b/docs/releasenotes/index.rst
@ -14,6 +14,7 @@ expected to be backported to earlier versions.
 .. toctree::
  :maxdepth: 2

+  10.0.1
  10.0.0
  9.5.0
  9.4.0
--- a/src/PIL/_version.py
+++ b/src/PIL/_version.py
@ -1,2 +1,2 @@
 # Master version for Pillow
-__version__ = "10.0.0"
+__version__ = "10.0.1"
--- a/winbuild/build_prepare.py
+++ b/winbuild/build_prepare.py
@ -130,9 +130,9 @@ deps = {
        "bins": ["cjpeg.exe", "djpeg.exe"],
    },
    "zlib": {
-        "url": "https://zlib.net/zlib1213.zip",
-        "filename": "zlib1213.zip",
-        "dir": "zlib-1.2.13",
+        "url": "https://zlib.net/zlib13.zip",
+        "filename": "zlib13.zip",
+        "dir": "zlib-1.3",
        "license": "README",
        "license_pattern": "Copyright notice:\n\n(.+)$",
        "build": [
@ -157,9 +157,9 @@ deps = {
        "libs": [r"liblzma.lib"],
    },
    "libwebp": {
-        "url": "http://downloads.webmproject.org/releases/webp/libwebp-1.3.1.tar.gz",
-        "filename": "libwebp-1.3.1.tar.gz",
-        "dir": "libwebp-1.3.1",
+        "url": "http://downloads.webmproject.org/releases/webp/libwebp-1.3.2.tar.gz",
+        "filename": "libwebp-1.3.2.tar.gz",
+        "dir": "libwebp-1.3.2",
        "license": "COPYING",
        "build": [
            cmd_rmdir(r"output\release-static"),  # clean
Author	SHA1	Message	Date
Andrew Murray	e34d346f10	Updated order	2023-09-15 21:55:25 +10:00
Andrew Murray	a62f2402a6	10.0.1 version bump	2023-09-15 21:37:59 +10:00
Andrew Murray	d50250d9ea	Added release notes for 10.0.1	2023-09-15 21:37:50 +10:00
Andrew Murray	b4c7d4b8b2	Update CHANGES.rst [ci skip]	2023-09-15 21:22:29 +10:00
Andrew Murray	730f74600e	Updated libwebp to 1.3.2	2023-09-15 21:20:29 +10:00
Andrew Murray	b0e28048d6	Updated zlib to 1.3	2023-09-15 21:20:12 +10:00