mirror of
https://github.com/python-pillow/Pillow.git
synced 2025-01-08 00:06:17 +03:00
113 lines
3.4 KiB
ReStructuredText
113 lines
3.4 KiB
ReStructuredText
6.2.0
|
|
-----
|
|
|
|
Security
|
|
========
|
|
|
|
This release catches several buffer overruns and fixes :cve:`2019-16865`.
|
|
|
|
Buffer overruns
|
|
^^^^^^^^^^^^^^^
|
|
|
|
In ``RawDecode.c``, an error is now thrown if skip is calculated to be less than
|
|
zero. It is intended to skip padding between lines, not to go backwards.
|
|
|
|
In ``PsdImagePlugin``, if the combined sizes of the individual parts is larger than
|
|
the declared size of the extra data field, then it looked for the next layer by
|
|
seeking backwards. This is now corrected by seeking to (the start of the layer
|
|
+ the size of the extra data field) instead of (the read parts of the layer +
|
|
the rest of the layer).
|
|
|
|
Decompression bomb checks have been added to GIF and ICO formats.
|
|
|
|
An error is now raised if a TIFF dimension is a string, rather than trying to
|
|
perform operations on it.
|
|
|
|
:cve:`2019-16865`: Fix DOS attack
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
The CVE is regarding DOS problems, such as consuming large amounts of memory,
|
|
or taking a large amount of time to process an image.
|
|
|
|
API Changes
|
|
===========
|
|
|
|
Image.getexif
|
|
^^^^^^^^^^^^^
|
|
|
|
To allow for lazy loading of Exif data, ``Image.getexif()`` now returns a
|
|
shared instance of ``Image.Exif``.
|
|
|
|
Deprecations
|
|
^^^^^^^^^^^^
|
|
|
|
Image.frombuffer
|
|
~~~~~~~~~~~~~~~~
|
|
|
|
There has been a longstanding warning that the defaults of ``Image.frombuffer``
|
|
may change in the future for the "raw" decoder. The change will now take place
|
|
in Pillow 7.0.
|
|
|
|
API Additions
|
|
=============
|
|
|
|
Text stroking
|
|
^^^^^^^^^^^^^
|
|
|
|
``stroke_width`` and ``stroke_fill`` arguments have been added to text drawing
|
|
operations. They allow text to be outlined, setting the width of the stroke and
|
|
and the color respectively. If not provided, ``stroke_fill`` will default to
|
|
the ``fill`` parameter. ::
|
|
|
|
from PIL import Image, ImageDraw, ImageFont
|
|
|
|
font = ImageFont.truetype("Tests/fonts/FreeMono.ttf", 40)
|
|
font.getsize_multiline("A", stroke_width=2)
|
|
font.getsize("ABC\nAaaa", stroke_width=2)
|
|
|
|
im = Image.new("RGB", (100, 100))
|
|
draw = ImageDraw.Draw(im)
|
|
draw.textsize("A", font, stroke_width=2)
|
|
draw.multiline_textsize("ABC\nAaaa", font, stroke_width=2)
|
|
draw.text((10, 10), "A", "#f00", font, stroke_width=2, stroke_fill="#0f0")
|
|
draw.multiline_text((10, 10), "A\nB", "#f00", font,
|
|
stroke_width=2, stroke_fill="#0f0")
|
|
|
|
For example, ::
|
|
|
|
from PIL import Image, ImageDraw, ImageFont
|
|
|
|
im = Image.new("RGB", (120, 130))
|
|
draw = ImageDraw.Draw(im)
|
|
font = ImageFont.truetype("Tests/fonts/FreeMono.ttf", 120)
|
|
draw.text((10, 10), "A", "#f00", font, stroke_width=2, stroke_fill="#0f0")
|
|
|
|
|
|
creates the following image:
|
|
|
|
.. image:: ../../Tests/images/imagedraw_stroke_different.png
|
|
|
|
ImageGrab on multi-monitor Windows
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
An ``all_screens`` argument has been added to ``ImageGrab.grab``. If ``True``,
|
|
all monitors will be included in the created image.
|
|
|
|
Other Changes
|
|
=============
|
|
|
|
Removed bdist_wininst .exe installers
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
.exe installers fell out of favour with :pep:`527`, and will be deprecated in
|
|
Python 3.8. Pillow will no longer be distributing them. Wheels should be used
|
|
instead.
|
|
|
|
Flags for libwebp in wheels
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
When building libwebp for inclusion in wheels, Pillow now adds the ``-O3`` and
|
|
``-DNDEBUG`` CFLAGS. These flags would be used by default if building libwebp
|
|
without debugging, and using them fixes a significant decrease in speed when
|
|
a wheel-installed copy of Pillow performs libwebp operations.
|