python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2024-09-21 11:28:58 +03:00
Code Issues Packages Projects Releases Wiki Activity
c69dcc1c29
Pillow/docs/releasenotes/6.2.0.rst
Alex Clark c69dcc1c29 Fix headers and retro-add notes for #7864 
- Include CVE link in title (via @hugovk)
- Retro-add release notes for 2.3.2, 2.5.2 for CVE-2014-3589
2024-03-15 10:01:42 -04:00

113 lines
3.4 KiB
ReStructuredText
Raw Blame History

6.2.0
-----
Security
========
This release catches several buffer overruns and fixes CVE-2019-16865.
Buffer overruns
^^^^^^^^^^^^^^^
In RawDecode.c, an error is now thrown if skip is calculated to be less than
zero. It is intended to skip padding between lines, not to go backwards.
In PsdImagePlugin, if the combined sizes of the individual parts is larger than
the declared size of the extra data field, then it looked for the next layer by
seeking backwards. This is now corrected by seeking to (the start of the layer
+ the size of the extra data field) instead of (the read parts of the layer +
the rest of the layer).
Decompression bomb checks have been added to GIF and ICO formats.
An error is now raised if a TIFF dimension is a string, rather than trying to
perform operations on it.
:cve:`2019-16865`: Fix DOS attack
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The CVE is regarding DOS problems, such as consuming large amounts of memory,
or taking a large amount of time to process an image.
API Additions
=============
Text stroking
^^^^^^^^^^^^^
``stroke_width`` and ``stroke_fill`` arguments have been added to text drawing
operations. They allow text to be outlined, setting the width of the stroke and
and the color respectively. If not provided, ``stroke_fill`` will default to
the ``fill`` parameter. ::
from PIL import Image, ImageDraw, ImageFont
font = ImageFont.truetype("Tests/fonts/FreeMono.ttf", 40)
font.getsize_multiline("A", stroke_width=2)
font.getsize("ABC\nAaaa", stroke_width=2)
im = Image.new("RGB", (100, 100))
draw = ImageDraw.Draw(im)
draw.textsize("A", font, stroke_width=2)
draw.multiline_textsize("ABC\nAaaa", font, stroke_width=2)
draw.text((10, 10), "A", "#f00", font, stroke_width=2, stroke_fill="#0f0")
draw.multiline_text((10, 10), "A\nB", "#f00", font,
stroke_width=2, stroke_fill="#0f0")
For example, ::
from PIL import Image, ImageDraw, ImageFont
im = Image.new("RGB", (120, 130))
draw = ImageDraw.Draw(im)
font = ImageFont.truetype("Tests/fonts/FreeMono.ttf", 120)
draw.text((10, 10), "A", "#f00", font, stroke_width=2, stroke_fill="#0f0")
creates the following image:
.. image:: ../../Tests/images/imagedraw_stroke_different.png
ImageGrab on multi-monitor Windows
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
An ``all_screens`` argument has been added to ``ImageGrab.grab``. If ``True``,
all monitors will be included in the created image.
API Changes
===========
Image.getexif
^^^^^^^^^^^^^
To allow for lazy loading of Exif data, ``Image.getexif()`` now returns a
shared instance of ``Image.Exif``.
Deprecations
^^^^^^^^^^^^
Image.frombuffer
~~~~~~~~~~~~~~~~
There has been a longstanding warning that the defaults of ``Image.frombuffer``
may change in the future for the "raw" decoder. The change will now take place
in Pillow 7.0.
Other Changes
=============
Removed bdist_wininst .exe installers
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
.exe installers fell out of favour with :pep:`527`, and will be deprecated in
Python 3.8. Pillow will no longer be distributing them. Wheels should be used
instead.
Flags for libwebp in wheels
^^^^^^^^^^^^^^^^^^^^^^^^^^^
When building libwebp for inclusion in wheels, Pillow now adds the ``-O3`` and
``-DNDEBUG`` CFLAGS. These flags would be used by default if building libwebp
without debugging, and using them fixes a significant decrease in speed when
a wheel-installed copy of Pillow performs libwebp operations.
Reference in New Issue View Git Blame Copy Permalink