mirror of
https://github.com/python-pillow/Pillow.git
synced 2025-01-22 15:24:37 +03:00
124 lines
4.5 KiB
ReStructuredText
124 lines
4.5 KiB
ReStructuredText
7.1.0
|
|
-----
|
|
|
|
Security
|
|
========
|
|
|
|
This release includes many security fixes.
|
|
|
|
:cve:`2020-10177`: Multiple out-of-bounds reads in FLI decoding
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
Pillow before 7.1.0 has multiple out-of-bounds reads in ``libImaging/FliDecode.c``.
|
|
|
|
:cve:`2020-10378`: Bounds overflow in PCX decoding
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
In ``libImaging/PcxDecode.c`` in Pillow before 7.1.0, an out-of-bounds read can occur
|
|
when reading PCX files where ``state->shuffle`` is instructed to read beyond
|
|
``state->buffer``.
|
|
|
|
:cve:`2020-10379`: Two buffer overflows in TIFF decoding
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
In Pillow before 7.1.0, there are two buffer overflows in ``libImaging/TiffDecode.c``.
|
|
|
|
:cve:`2020-10994`: Bounds overflow in JPEG 2000 decoding
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
In ``libImaging/Jpeg2KDecode.c`` in Pillow before 7.1.0, there are multiple
|
|
out-of-bounds reads via a crafted JP2 file.
|
|
|
|
:cve:`2020-11538`: Buffer overflow in SGI-RLE decoding
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
In ``libImaging/SgiRleDecode.c`` in Pillow through 7.0.0, a number of out-of-bounds
|
|
reads exist in the parsing of SGI image files, a different issue than :cve:`2020-5311`.
|
|
|
|
API Changes
|
|
===========
|
|
|
|
Allow saving of zero quality JPEG images
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
If no quality was specified when saving a JPEG, Pillow internally used a value
|
|
of zero to indicate that the default quality should be used. However, this
|
|
removed the ability to actually save a JPEG with zero quality. This has now
|
|
been resolved. ::
|
|
|
|
from PIL import Image
|
|
im = Image.open("hopper.jpg")
|
|
im.save("out.jpg", quality=0)
|
|
|
|
API Additions
|
|
=============
|
|
|
|
New channel operations
|
|
^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
Three new channel operations have been added: :py:meth:`~PIL.ImageChops.soft_light`,
|
|
:py:meth:`~PIL.ImageChops.hard_light` and :py:meth:`~PIL.ImageChops.overlay`.
|
|
|
|
PILLOW_VERSION constant
|
|
^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
``PILLOW_VERSION`` has been re-added but is deprecated and will be removed in a future
|
|
release. Use ``__version__`` instead.
|
|
|
|
It was initially removed in Pillow 7.0.0, but brought back in 7.1.0 to give projects
|
|
more time to upgrade.
|
|
|
|
Reading JPEG comments
|
|
^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
When opening a JPEG image, the comment may now be read into
|
|
:py:attr:`~PIL.Image.Image.info`.
|
|
|
|
Support for different charset encodings in PcfFontFile
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
Previously ``PcfFontFile`` output only bitmap PIL fonts with ISO 8859-1 encoding, even
|
|
though the PCF format supports Unicode, making it hard to work with Pillow with bitmap
|
|
fonts in languages which use different character sets.
|
|
|
|
Now it's possible to set a different charset encoding in ``PcfFontFile``'s class
|
|
constructor. By default, it generates a PIL font file with ISO 8859-1 as before. The
|
|
generated PIL font file still contains up to 256 characters, but the character set is
|
|
different depending on the selected encoding.
|
|
|
|
To use such a font with ``ImageDraw.text``, call it with a bytes object with the same
|
|
encoding as the font file.
|
|
|
|
X11 ImageGrab.grab()
|
|
^^^^^^^^^^^^^^^^^^^^
|
|
Support has been added for ``ImageGrab.grab()`` on Linux using the X server
|
|
with the XCB library.
|
|
|
|
An optional ``xdisplay`` parameter has been added to select the X server,
|
|
with the default value of :data:`None` using the default X server.
|
|
|
|
Passing a different value on Windows or macOS will force taking a snapshot
|
|
using the selected X server; pass an empty string to use the default X server.
|
|
XCB support is not included in pre-compiled wheels for Windows and macOS.
|
|
|
|
Other Changes
|
|
=============
|
|
|
|
If present, only use alpha channel for bounding box
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
When the :py:meth:`~PIL.Image.Image.getbbox` method calculates the bounding
|
|
box, for an RGB image it trims black pixels. Similarly, for an RGBA image it
|
|
would trim black transparent pixels. This is now changed so that if an image
|
|
has an alpha channel (RGBA, RGBa, PA, LA, La), any transparent pixels are
|
|
trimmed.
|
|
|
|
Improved APNG support
|
|
^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
Added support for reading and writing Animated Portable Network Graphics (APNG) images.
|
|
The PNG plugin now supports using the :py:meth:`~PIL.Image.Image.seek` method and the
|
|
:py:class:`~PIL.ImageSequence.Iterator` class to read APNG frame sequences.
|
|
The PNG plugin also now supports using the ``append_images`` argument to write APNG frame
|
|
sequences. See :ref:`apng-sequences` for further details.
|