mirror of
https://github.com/python-pillow/Pillow.git
synced 2024-12-26 09:56:17 +03:00
4d81ec804a
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
228 lines
8.0 KiB
ReStructuredText
228 lines
8.0 KiB
ReStructuredText
8.2.0
|
|
-----
|
|
|
|
Security
|
|
========
|
|
|
|
These issues were all found with `OSS-Fuzz`_.
|
|
|
|
:cve:`2021-25287`, :cve:`2021-25288`: OOB read in Jpeg2KDecode
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
* For J2k images with multiple bands, it's legal to have different widths for each band,
|
|
e.g. 1 byte for ``L``, 4 bytes for ``A``.
|
|
* This dates to Pillow 2.4.0.
|
|
|
|
:cve:`2021-28675`: DOS attack in PsdImagePlugin
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
* :py:class:`.PsdImagePlugin.PsdImageFile` did not sanity check the number of input
|
|
layers with regard to the size of the data block, this could lead to a
|
|
denial-of-service on :py:meth:`~PIL.Image.open` prior to
|
|
:py:meth:`~PIL.Image.Image.load`.
|
|
* This dates to the PIL fork.
|
|
|
|
:cve:`2021-28676`: FLI image DOS attack
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
* ``FliDecode.c`` did not properly check that the block advance was non-zero,
|
|
potentially leading to an infinite loop on load.
|
|
* This dates to the PIL fork.
|
|
|
|
:cve:`2021-28677`: EPS DOS on _open
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
* The readline used in EPS has to deal with any combination of ``\r`` and ``\n`` as line
|
|
endings. It accidentally used a quadratic method of accumulating lines while looking
|
|
for a line ending.
|
|
* A malicious EPS file could use this to perform a denial-of-service of Pillow in the
|
|
open phase, before an image was accepted for opening.
|
|
* This dates to the PIL fork.
|
|
|
|
:cve:`2021-28678`: BLP DOS attack
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
* ``BlpImagePlugin`` did not properly check that reads after jumping to file offsets
|
|
returned data. This could lead to a denial-of-service where the decoder could be run a
|
|
large number of times on empty data.
|
|
* This dates to Pillow 5.1.0.
|
|
|
|
Fix memory DOS in ImageFont
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
* A corrupt or specially crafted TTF font could have font metrics that lead to
|
|
unreasonably large sizes when rendering text in font. ``ImageFont.py`` did not check
|
|
the image size before allocating memory for it.
|
|
* This dates to the PIL fork.
|
|
|
|
Deprecations
|
|
============
|
|
|
|
Categories
|
|
^^^^^^^^^^
|
|
|
|
``im.category`` is deprecated and will be removed in Pillow 10.0.0 (2023-07-01),
|
|
along with the related ``Image.NORMAL``, ``Image.SEQUENCE`` and
|
|
``Image.CONTAINER`` attributes.
|
|
|
|
To determine if an image has multiple frames or not,
|
|
``getattr(im, "is_animated", False)`` can be used instead.
|
|
|
|
Tk/Tcl 8.4
|
|
^^^^^^^^^^
|
|
|
|
Support for Tk/Tcl 8.4 is deprecated and will be removed in Pillow 10.0.0 (2023-07-01),
|
|
when Tk/Tcl 8.5 will be the minimum supported.
|
|
|
|
API Changes
|
|
===========
|
|
|
|
Image.alpha_composite: dest
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
When calling :py:meth:`~PIL.Image.Image.alpha_composite`, the ``dest`` argument now
|
|
accepts negative co-ordinates, like the upper left corner of the ``box`` argument of
|
|
:py:meth:`~PIL.Image.Image.paste` can be negative. Naturally, this has effect of
|
|
cropping the overlaid image.
|
|
|
|
Image.getexif: EXIF and GPS IFD
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
Previously, :py:meth:`~PIL.Image.Image.getexif` flattened the EXIF IFD into the rest of
|
|
the data, losing information. This information is now kept separate, moved under
|
|
``im.getexif().get_ifd(0x8769)``.
|
|
|
|
Direct access to the GPS IFD dictionary was possible through ``im.getexif()[0x8825]``.
|
|
This is now consistent with other IFDs, and must be accessed through
|
|
``im.getexif().get_ifd(0x8825)``.
|
|
|
|
These changes only affect :py:meth:`~PIL.Image.Image.getexif`, introduced in Pillow
|
|
6.0. The older ``_getexif()`` methods are unaffected.
|
|
|
|
Image._MODEINFO
|
|
^^^^^^^^^^^^^^^
|
|
|
|
This internal dictionary had been deprecated by a comment since PIL, and is now
|
|
removed. Instead, ``Image.getmodebase()``, ``Image.getmodetype()``,
|
|
``Image.getmodebandnames()``, ``Image.getmodebands()`` or ``ImageMode.getmode()``
|
|
can be used.
|
|
|
|
API Additions
|
|
=============
|
|
|
|
getxmp() for JPEG images
|
|
^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
A new method has been added to return
|
|
`XMP data <https://en.wikipedia.org/wiki/Extensible_Metadata_Platform>`_ for JPEG
|
|
images. It reads the XML data into a dictionary of names and values.
|
|
|
|
For example::
|
|
|
|
>>> from PIL import Image
|
|
>>> with Image.open("Tests/images/xmp_test.jpg") as im:
|
|
>>> print(im.getxmp())
|
|
{'RDF': {}, 'Description': {'Version': '10.4', 'ProcessVersion': '10.0', ...}, ...}
|
|
|
|
ImageDraw.rounded_rectangle
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
Added :py:meth:`~PIL.ImageDraw.ImageDraw.rounded_rectangle`. It works the same as
|
|
:py:meth:`~PIL.ImageDraw.ImageDraw.rectangle`, except with an additional ``radius``
|
|
argument. ``radius`` is limited to half of the width or the height, so that users can
|
|
create a circle, but not any other ellipse. ::
|
|
|
|
from PIL import Image, ImageDraw
|
|
im = Image.new("RGB", (200, 200))
|
|
draw = ImageDraw.Draw(im)
|
|
draw.rounded_rectangle(xy=(10, 20, 190, 180), radius=30, fill="red")
|
|
|
|
ImageOps.autocontrast: preserve_tone
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
The default behaviour of :py:meth:`~PIL.ImageOps.autocontrast` is to normalize
|
|
separate histograms for each color channel, changing the tone of the image. The new
|
|
``preserve_tone`` argument keeps the tone unchanged by using one luminance histogram
|
|
for all channels.
|
|
|
|
ImageShow.GmDisplayViewer
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
If GraphicsMagick is present, this new :py:class:`PIL.ImageShow.Viewer` subclass will
|
|
be registered. It uses GraphicsMagick_, an ImageMagick_ fork, to display images.
|
|
|
|
The GraphicsMagick based viewer has a lower priority than its ImageMagick
|
|
counterpart. Thus, if both ImageMagick and GraphicsMagick are installed,
|
|
``im.show()`` and :py:func:`.ImageShow.show()` prefer the viewer based on
|
|
ImageMagick, i.e the behaviour stays the same for Pillow users having
|
|
ImageMagick installed.
|
|
|
|
ImageShow.IPythonViewer
|
|
^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
If IPython is present, this new :py:class:`PIL.ImageShow.Viewer` subclass will be
|
|
registered. It displays images on all IPython frontends. This will be helpful
|
|
to users of Google Colab, allowing ``im.show()`` to display images.
|
|
|
|
It is lower in priority than the other default :py:class:`PIL.ImageShow.Viewer`
|
|
instances, so it will only be used by ``im.show()`` or :py:func:`.ImageShow.show()`
|
|
if none of the other viewers are available. This means that the behaviour of
|
|
:py:class:`PIL.ImageShow` will stay the same for most Pillow users.
|
|
|
|
Saving TIFF with ICC profile
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
As is already possible for JPEG, PNG and WebP, the ICC profile for TIFF files can now
|
|
be specified through a keyword argument::
|
|
|
|
im.save("out.tif", icc_profile=...)
|
|
|
|
Other Changes
|
|
=============
|
|
|
|
GIF writer uses LZW encoding
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
GIF files are now written using LZW encoding, which will generate smaller files,
|
|
typically about 70% of the size generated by the older encoder.
|
|
|
|
The pixel data is encoded using the format specified in the `CompuServe GIF standard
|
|
<https://www.w3.org/Graphics/GIF/spec-gif89a.txt>`_.
|
|
|
|
The older encoder used a variant of run-length encoding that was compatible but less
|
|
efficient.
|
|
|
|
GraphicsMagick
|
|
^^^^^^^^^^^^^^
|
|
|
|
The test suite can now be run on systems which have GraphicsMagick_ but not
|
|
ImageMagick_ installed. If both are installed, the tests prefer ImageMagick.
|
|
|
|
Libraqm and FriBiDi linking
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
The way the libraqm dependency for complex text scripts is linked has been changed:
|
|
|
|
Source builds will now link against the system version of libraqm at build time
|
|
rather than at runtime by default.
|
|
|
|
Binary wheels now include a statically linked modified version of libraqm that
|
|
links against FriBiDi at runtime instead. This change is intended to address
|
|
issues with the previous implementation on some platforms. These are created
|
|
by building Pillow with the new build flags ``--vendor-raqm --vendor-fribidi``.
|
|
|
|
Windows users will now need to install ``fribidi.dll`` (or ``fribidi-0.dll``) only,
|
|
``libraqm.dll`` is no longer used.
|
|
|
|
See :doc:`installation documentation<../installation>` for more information.
|
|
|
|
PyQt6
|
|
^^^^^
|
|
|
|
Support has been added for PyQt6. If it is installed, it will be used instead of
|
|
PySide6, PyQt5 or PySide2.
|
|
|
|
.. _GraphicsMagick: http://www.graphicsmagick.org/
|
|
.. _ImageMagick: https://imagemagick.org/
|
|
.. _OSS-Fuzz: https://github.com/google/oss-fuzz
|