mirror of
				https://github.com/python-pillow/Pillow.git
				synced 2025-10-26 05:31:02 +03:00 
			
		
		
		
	
		
			
				
	
	
		
			228 lines
		
	
	
		
			8.0 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
			
		
		
	
	
			228 lines
		
	
	
		
			8.0 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
| 8.2.0
 | |
| -----
 | |
| 
 | |
| Security
 | |
| ========
 | |
| 
 | |
| These issues were all found with `OSS-Fuzz`_.
 | |
| 
 | |
| :cve:`2021-25287`, :cve:`2021-25288`: OOB read in Jpeg2KDecode
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| * For J2k images with multiple bands, it's legal to have different widths for each band,
 | |
|   e.g. 1 byte for ``L``, 4 bytes for ``A``.
 | |
| * This dates to Pillow 2.4.0.
 | |
| 
 | |
| :cve:`2021-28675`: DOS attack in PsdImagePlugin
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| * :py:class:`.PsdImagePlugin.PsdImageFile` did not sanity check the number of input
 | |
|   layers with regard to the size of the data block, this could lead to a
 | |
|   denial-of-service on :py:meth:`~PIL.Image.open` prior to
 | |
|   :py:meth:`~PIL.Image.Image.load`.
 | |
| * This dates to the PIL fork.
 | |
| 
 | |
| :cve:`2021-28676`: FLI image DOS attack
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| * ``FliDecode.c`` did not properly check that the block advance was non-zero,
 | |
|   potentially leading to an infinite loop on load.
 | |
| * This dates to the PIL fork.
 | |
| 
 | |
| :cve:`2021-28677`: EPS DOS on _open
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| * The readline used in EPS has to deal with any combination of ``\r`` and ``\n`` as line
 | |
|   endings. It accidentally used a quadratic method of accumulating lines while looking
 | |
|   for a line ending.
 | |
| * A malicious EPS file could use this to perform a denial-of-service of Pillow in the
 | |
|   open phase, before an image was accepted for opening.
 | |
| * This dates to the PIL fork.
 | |
| 
 | |
| :cve:`2021-28678`: BLP DOS attack
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| * ``BlpImagePlugin`` did not properly check that reads after jumping to file offsets
 | |
|   returned data. This could lead to a denial-of-service where the decoder could be run a
 | |
|   large number of times on empty data.
 | |
| * This dates to Pillow 5.1.0.
 | |
| 
 | |
| Fix memory DOS in ImageFont
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| * A corrupt or specially crafted TTF font could have font metrics that lead to
 | |
|   unreasonably large sizes when rendering text in font. ``ImageFont.py`` did not check
 | |
|   the image size before allocating memory for it.
 | |
| * This dates to the PIL fork.
 | |
| 
 | |
| Deprecations
 | |
| ============
 | |
| 
 | |
| Categories
 | |
| ^^^^^^^^^^
 | |
| 
 | |
| ``im.category`` is deprecated and will be removed in Pillow 10.0.0 (2023-07-01),
 | |
| along with the related ``Image.NORMAL``, ``Image.SEQUENCE`` and
 | |
| ``Image.CONTAINER`` attributes.
 | |
| 
 | |
| To determine if an image has multiple frames or not,
 | |
| ``getattr(im, "is_animated", False)`` can be used instead.
 | |
| 
 | |
| Tk/Tcl 8.4
 | |
| ^^^^^^^^^^
 | |
| 
 | |
| Support for Tk/Tcl 8.4 is deprecated and will be removed in Pillow 10.0.0 (2023-07-01),
 | |
| when Tk/Tcl 8.5 will be the minimum supported.
 | |
| 
 | |
| API Changes
 | |
| ===========
 | |
| 
 | |
| Image.alpha_composite: dest
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| When calling :py:meth:`~PIL.Image.Image.alpha_composite`, the ``dest`` argument now
 | |
| accepts negative co-ordinates, like the upper left corner of the ``box`` argument of
 | |
| :py:meth:`~PIL.Image.Image.paste` can be negative. Naturally, this has effect of
 | |
| cropping the overlaid image.
 | |
| 
 | |
| Image.getexif: EXIF and GPS IFD
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| Previously, :py:meth:`~PIL.Image.Image.getexif` flattened the EXIF IFD into the rest of
 | |
| the data, losing information. This information is now kept separate, moved under
 | |
| ``im.getexif().get_ifd(0x8769)``.
 | |
| 
 | |
| Direct access to the GPS IFD dictionary was possible through ``im.getexif()[0x8825]``.
 | |
| This is now consistent with other IFDs, and must be accessed through
 | |
| ``im.getexif().get_ifd(0x8825)``.
 | |
| 
 | |
| These changes only affect :py:meth:`~PIL.Image.Image.getexif`, introduced in Pillow
 | |
| 6.0. The older ``_getexif()`` methods are unaffected.
 | |
| 
 | |
| Image._MODEINFO
 | |
| ^^^^^^^^^^^^^^^
 | |
| 
 | |
| This internal dictionary had been deprecated by a comment since PIL, and is now
 | |
| removed. Instead, ``Image.getmodebase()``, ``Image.getmodetype()``,
 | |
| ``Image.getmodebandnames()``, ``Image.getmodebands()`` or ``ImageMode.getmode()``
 | |
| can be used.
 | |
| 
 | |
| API Additions
 | |
| =============
 | |
| 
 | |
| getxmp() for JPEG images
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| A new method has been added to return
 | |
| `XMP data <https://en.wikipedia.org/wiki/Extensible_Metadata_Platform>`_ for JPEG
 | |
| images. It reads the XML data into a dictionary of names and values.
 | |
| 
 | |
| For example::
 | |
| 
 | |
|     >>> from PIL import Image
 | |
|     >>> with Image.open("Tests/images/xmp_test.jpg") as im:
 | |
|     >>>     print(im.getxmp())
 | |
|     {'RDF': {}, 'Description': {'Version': '10.4', 'ProcessVersion': '10.0', ...}, ...}
 | |
| 
 | |
| ImageDraw.rounded_rectangle
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| Added :py:meth:`~PIL.ImageDraw.ImageDraw.rounded_rectangle`. It works the same as
 | |
| :py:meth:`~PIL.ImageDraw.ImageDraw.rectangle`, except with an additional ``radius``
 | |
| argument. ``radius`` is limited to half of the width or the height, so that users can
 | |
| create a circle, but not any other ellipse. ::
 | |
| 
 | |
|     from PIL import Image, ImageDraw
 | |
|     im = Image.new("RGB", (200, 200))
 | |
|     draw = ImageDraw.Draw(im)
 | |
|     draw.rounded_rectangle(xy=(10, 20, 190, 180), radius=30, fill="red")
 | |
| 
 | |
| ImageOps.autocontrast: preserve_tone
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| The default behaviour of :py:meth:`~PIL.ImageOps.autocontrast` is to normalize
 | |
| separate histograms for each color channel, changing the tone of the image. The new
 | |
| ``preserve_tone`` argument keeps the tone unchanged by using one luminance histogram
 | |
| for all channels.
 | |
| 
 | |
| ImageShow.GmDisplayViewer
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| If GraphicsMagick is present, this new :py:class:`PIL.ImageShow.Viewer` subclass will
 | |
| be registered. It uses GraphicsMagick_, an ImageMagick_ fork, to display images.
 | |
| 
 | |
| The GraphicsMagick based viewer has a lower priority than its ImageMagick
 | |
| counterpart.  Thus, if both ImageMagick and GraphicsMagick are installed,
 | |
| ``im.show()`` and :py:func:`.ImageShow.show()` prefer the viewer based on
 | |
| ImageMagick, i.e the behaviour stays the same for Pillow users having
 | |
| ImageMagick installed.
 | |
| 
 | |
| ImageShow.IPythonViewer
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| If IPython is present, this new :py:class:`PIL.ImageShow.Viewer` subclass will be
 | |
| registered. It displays images on all IPython frontends. This will be helpful
 | |
| to users of Google Colab, allowing ``im.show()`` to display images.
 | |
| 
 | |
| It is lower in priority than the other default :py:class:`PIL.ImageShow.Viewer`
 | |
| instances, so it will only be used by ``im.show()`` or :py:func:`.ImageShow.show()`
 | |
| if none of the other viewers are available. This means that the behaviour of
 | |
| :py:class:`PIL.ImageShow` will stay the same for most Pillow users.
 | |
| 
 | |
| Saving TIFF with ICC profile
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| As is already possible for JPEG, PNG and WebP, the ICC profile for TIFF files can now
 | |
| be specified through a keyword argument::
 | |
| 
 | |
|     im.save("out.tif", icc_profile=...)
 | |
| 
 | |
| Other Changes
 | |
| =============
 | |
| 
 | |
| GIF writer uses LZW encoding
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| GIF files are now written using LZW encoding, which will generate smaller files,
 | |
| typically about 70% of the size generated by the older encoder.
 | |
| 
 | |
| The pixel data is encoded using the format specified in the `CompuServe GIF standard
 | |
| <https://www.w3.org/Graphics/GIF/spec-gif89a.txt>`_.
 | |
| 
 | |
| The older encoder used a variant of run-length encoding that was compatible but less
 | |
| efficient.
 | |
| 
 | |
| GraphicsMagick
 | |
| ^^^^^^^^^^^^^^
 | |
| 
 | |
| The test suite can now be run on systems which have GraphicsMagick_ but not
 | |
| ImageMagick_ installed.  If both are installed, the tests prefer ImageMagick.
 | |
| 
 | |
| Libraqm and FriBiDi linking
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| The way the libraqm dependency for complex text scripts is linked has been changed:
 | |
| 
 | |
| Source builds will now link against the system version of libraqm at build time
 | |
| rather than at runtime by default.
 | |
| 
 | |
| Binary wheels now include a statically linked modified version of libraqm that
 | |
| links against FriBiDi at runtime instead. This change is intended to address
 | |
| issues with the previous implementation on some platforms. These are created
 | |
| by building Pillow with the new build flags ``--vendor-raqm --vendor-fribidi``.
 | |
| 
 | |
| Windows users will now need to install ``fribidi.dll`` (or ``fribidi-0.dll``) only,
 | |
| ``libraqm.dll`` is no longer used.
 | |
| 
 | |
| See :doc:`installation documentation<../installation>` for more information.
 | |
| 
 | |
| PyQt6
 | |
| ^^^^^
 | |
| 
 | |
| Support has been added for PyQt6. If it is installed, it will be used instead of
 | |
| PySide6, PyQt5 or PySide2.
 | |
| 
 | |
| .. _GraphicsMagick: http://www.graphicsmagick.org/
 | |
| .. _ImageMagick: https://imagemagick.org/
 | |
| .. _OSS-Fuzz: https://github.com/google/oss-fuzz
 |