- update to 10.3.0 (bsc#1222262, CVE-2024-28219):
* CVE-2024-28219: Use strncpy to avoid buffer overflow #7928
[radarhere, hugovk]
* Deprecate eval(), replacing it with lambda_eval() and
unsafe_eval() #7927 [radarhere, hugovk]
* Raise ValueError if seeking to greater than offset-sized
integer in TIFF #7883 [radarhere]
* Add --report argument to __main__.py to omit supported
formats #7818 [nulano, radarhere, hugovk]
* Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918,
#7920 [radarhere]
* Fix editable installation with custom build backend and
configuration options #7658 [nulano, radarhere]
* Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk,
radarhere]
* Determine MPO size from markers, not EXIF data #7884
[radarhere]
* Improved conversion from RGB to RGBa, LA and La #7888
[radarhere]
* Support FITS images with GZIP_1 compression #7894 [radarhere]
* Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion,
radarhere]
* Raise ValueError if kmeans is negative #7891 [radarhere]
* Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893
[radarhere]
* Raise ValueError for negative values when loading P1-P3 PPM
images #7882 [radarhere]
* Added reading of JPEG2000 palettes #7870 [radarhere]
* Added alpha_quality argument when saving WebP images #7872
[radarhere]
OBS-URL: https://build.opensuse.org/request/show/1164299
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Pillow?expand=0&rev=66
* CVE-2024-28219: Use strncpy to avoid buffer overflow #7928
[radarhere, hugovk]
* Deprecate eval(), replacing it with lambda_eval() and
unsafe_eval() #7927 [radarhere, hugovk]
* Raise ValueError if seeking to greater than offset-sized
integer in TIFF #7883 [radarhere]
* Add --report argument to __main__.py to omit supported
formats #7818 [nulano, radarhere, hugovk]
* Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918,
#7920 [radarhere]
* Fix editable installation with custom build backend and
configuration options #7658 [nulano, radarhere]
* Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk,
radarhere]
* Determine MPO size from markers, not EXIF data #7884
[radarhere]
* Improved conversion from RGB to RGBa, LA and La #7888
[radarhere]
* Support FITS images with GZIP_1 compression #7894 [radarhere]
* Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion,
radarhere]
* Raise ValueError if kmeans is negative #7891 [radarhere]
* Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893
[radarhere]
* Raise ValueError for negative values when loading P1-P3 PPM
images #7882 [radarhere]
* Added reading of JPEG2000 palettes #7870 [radarhere]
* Added alpha_quality argument when saving WebP images #7872
[radarhere]
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=152
- Update to 10.2.0:
* Add ``keep_rgb`` option when saving JPEG to prevent conversion of
RGB colorspace
* Trim glyph size in ImageFont.getmask()
* Deprecate IptcImagePlugin helpers
* Allow uncompressed TIFF images to be saved in chunks
* Concatenate multiple JPEG EXIF markers
* Changed IPTC tile tuple to match other plugins
* Do not assign new fp attribute when exiting context manager
* Support arbitrary masks for uncompressed RGB DDS images
* Support setting ROWSPERSTRIP tag
* Apply ImageFont.MAX_STRING_LENGTH to ImageFont.getmask()
* Optimise ``ImageColor`` using ``functools.lru_cache``
* Restricted environment keys for ImageMath.eval()
(CVE-2023-50447, bsc#1219048)
* Optimise ``ImageMode.getmode`` using ``functools.lru_cache``
* Fix incorrect color blending for overlapping glyphs
* Attempt memory mapping when tile args is a string
* Fill identical pixels with transparency in subsequent frames when
saving GIF
* Corrected duration when combining multiple GIF frames into single frame
* Handle disposing GIF background from outside palette
* Seek past the data when skipping a PSD layer
* Import plugins relative to the module
* Translate encoder error codes to strings; deprecate
``ImageFile.raise_oserror()``
* Support reading BC4U and DX10 BC1 images
* Optimize ImageStat.Stat.extrema
* Handle pathlib.Path in FreeTypeFont
* Added support for reading DX10 BC4 DDS images
OBS-URL: https://build.opensuse.org/request/show/1140356
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Pillow?expand=0&rev=65
* Add ``keep_rgb`` option when saving JPEG to prevent conversion of
RGB colorspace
* Trim glyph size in ImageFont.getmask()
* Deprecate IptcImagePlugin helpers
* Allow uncompressed TIFF images to be saved in chunks
* Concatenate multiple JPEG EXIF markers
* Changed IPTC tile tuple to match other plugins
* Do not assign new fp attribute when exiting context manager
* Support arbitrary masks for uncompressed RGB DDS images
* Support setting ROWSPERSTRIP tag
* Apply ImageFont.MAX_STRING_LENGTH to ImageFont.getmask()
* Optimise ``ImageColor`` using ``functools.lru_cache``
* Restricted environment keys for ImageMath.eval()
(CVE-2023-50447, bsc#1219048)
* Optimise ``ImageMode.getmode`` using ``functools.lru_cache``
* Fix incorrect color blending for overlapping glyphs
* Attempt memory mapping when tile args is a string
* Fill identical pixels with transparency in subsequent frames when
saving GIF
* Corrected duration when combining multiple GIF frames into single frame
* Handle disposing GIF background from outside palette
* Seek past the data when skipping a PSD layer
* Import plugins relative to the module
* Translate encoder error codes to strings; deprecate
``ImageFile.raise_oserror()``
* Support reading BC4U and DX10 BC1 images
* Optimize ImageStat.Stat.extrema
* Handle pathlib.Path in FreeTypeFont
* Added support for reading DX10 BC4 DDS images
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=150
- update to 10.1.0:
* Added TrueType default font to allow for different sizes
* Fixed invalid argument warning #7442
* Added ImageOps cover method #7412
* Catch struct.error from truncated EXIF when reading JPEG DPI
* Consider default image when selecting mode for PNG save_all
* Support BGR;15, BGR;16 and BGR;24 access, unpacking and
putdata #7303
* Added CMYK to RGB unpacker #7310
* Improved flexibility of XMP parsing #7274
* Support reading 8-bit YCbCr TIFF images #7415
* Allow saving I;16B images as PNG #7302
* Corrected drawing I;16 points and writing I;16 text #7257
* Set blue channel to 128 for BC5S #7413
* Increase flexibility when reading IPTC fields #7319
* Set C palette to be empty by default #7289
* Added gs_binary to control Ghostscript use on all platforms
* Read bounding box information from the trailer of EPS files
if specified #7382
* Added reading 8-bit color DDS images #7426
* Added has_transparency_data #7420
* Fixed bug when reading BC5S DDS images #7401
* Prevent TIFF orientation from being applied more than once
* Use previous pixel alpha for QOI_OP_RGB #7357
* Added BC5U reading #7358
* Allow getpixel() to accept a list #7355
* Allow GaussianBlur and BoxBlur to accept a sequence of x and
y radii #7336
* Expand JPEG buffer size when saving optimized or progressive
* Added session type check for Linux in
OBS-URL: https://build.opensuse.org/request/show/1129060
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Pillow?expand=0&rev=64
* Added TrueType default font to allow for different sizes
* Fixed invalid argument warning #7442
* Added ImageOps cover method #7412
* Catch struct.error from truncated EXIF when reading JPEG DPI
* Consider default image when selecting mode for PNG save_all
* Support BGR;15, BGR;16 and BGR;24 access, unpacking and
putdata #7303
* Added CMYK to RGB unpacker #7310
* Improved flexibility of XMP parsing #7274
* Support reading 8-bit YCbCr TIFF images #7415
* Allow saving I;16B images as PNG #7302
* Corrected drawing I;16 points and writing I;16 text #7257
* Set blue channel to 128 for BC5S #7413
* Increase flexibility when reading IPTC fields #7319
* Set C palette to be empty by default #7289
* Added gs_binary to control Ghostscript use on all platforms
* Read bounding box information from the trailer of EPS files
if specified #7382
* Added reading 8-bit color DDS images #7426
* Added has_transparency_data #7420
* Fixed bug when reading BC5S DDS images #7401
* Prevent TIFF orientation from being applied more than once
* Use previous pixel alpha for QOI_OP_RGB #7357
* Added BC5U reading #7358
* Allow getpixel() to accept a list #7355
* Allow GaussianBlur and BoxBlur to accept a sequence of x and
y radii #7336
* Expand JPEG buffer size when saving optimized or progressive
* Added session type check for Linux in
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=148
- Update to 10.0.1
- Updated libwebp to 1.3.2 #7395 [radarhere]
- Updated zlib to 1.3 #7344 [radarhere]
- Changes from 10.0.0
- Fixed deallocating mask images #7246 [radarhere]
- Added ImageFont.MAX_STRING_LENGTH #7244 [radarhere, hugovk]
- Fix Windows build with pyproject.toml #7230 [hugovk, nulano, radarhere]
- Do not close provided file handles with libtiff #7199 [radarhere]
- Convert to HSV if mode is HSV in getcolor() #7226 [radarhere]
- Added alpha_only argument to getbbox() #7123 [radarhere. hugovk]
- Prioritise speed in _repr_png_ #7242 [radarhere]
- Do not use CFFI access by default on PyPy #7236 [radarhere]
- Limit size even if one dimension is zero in decompression bomb check #7235 [radarhere]
- Use --config-settings instead of deprecated --global-option #7171 [radarhere]
- Better C integer definitions #6645 [Yay295, hugovk]
- Fixed finding dependencies on Cygwin #7175 [radarhere]
- Changed grabclipboard() to use PNG instead of JPG compression on macOS #7219 [abey79, radarhere]
- Added in_place argument to ImageOps.exif_transpose() #7092 [radarhere]
- Fixed calling putpalette() on L and LA images before load() #7187 [radarhere]
- Fixed saving TIFF multiframe images with LONG8 tag types #7078 [radarhere]
- Fixed combining single duration across duplicate APNG frames #7146 [radarhere]
- Remove temporary file when error is raised #7148 [radarhere]
- Do not use temporary file when grabbing clipboard on Linux #7200 [radarhere]
- If the clipboard fails to open on Windows, wait and try again #7141 [radarhere]
- Fixed saving multiple 1 mode frames to GIF #7181 [radarhere]
- Replaced absolute PIL import with relative import #7173 [radarhere]
- Replaced deprecated Py_FileSystemDefaultEncoding for Python >= 3.12 #7192 [radarhere]
- Improved wl-paste mimetype handling in ImageGrab #7094 [rrcgat, radarhere]
- Added _repr_jpeg_() for IPython display_jpeg #7135 [n3011, radarhere, nulano]
- Use "/sbin/ldconfig" if ldconfig is not found #7068 [radarhere]
- Prefer screenshots using XCB over gnome-screenshot #7143 [nulano, radarhere]
- Fixed joined corners for ImageDraw rounded_rectangle() odd dimensions #7151 [radarhere]
- Support reading signed 8-bit TIFF images #7111 [radarhere]
- Added width argument to ImageDraw regular_polygon #7132 [radarhere]
- Support I mode for ImageFilter.BuiltinFilter #7108 [radarhere]
- Raise error from stderr of Linux ImageGrab.grabclipboard() command #7112 [radarhere]
- Added unpacker from I;16B to I;16 #7125 [radarhere]
- Support float font sizes #7107 [radarhere]
- Use later value for duplicate xref entries in PdfParser #7102 [radarhere]
- Load before getting size in __getstate__ #7105 [bigcat88, radarhere]
- Fixed type handling for include and lib directories #7069 [adisbladis, radarhere]
- Remove deprecations for Pillow 10.0.0 #7059, #7080 [hugovk, radarhere]
- Drop support for soon-EOL Python 3.7 #7058 [hugovk, radarhere]
OBS-URL: https://build.opensuse.org/request/show/1112102
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=144
- update to 9.5.0:
* Added ImageSourceData to TAGS_V2 #7053
* Clear PPM half token after use #7052
* Removed absolute path to ldconfig #7044
* Support custom comments and PLT markers when saving JPEG2000
images #6903
* Load before getting size in __array_interface__ #7034
* Support creating BGR;15, BGR;16 and BGR;24 images, but drop
support for BGR;32 #7010
* Consider transparency when applying APNG blend mask #7018
* Round duration when saving animated WebP images #6996
* Added reading of JPEG2000 comments #6909
* Decrement reference count #7003
* Allow libtiff_support_custom_tags to be missing #7020
* Improved I;16N support #6834
* Added QOI reading #6852
* Added saving RGBA images as PDFs #6925
* Do not raise an error if os.environ does not contain PATH
* Close OleFileIO instance when closing or exiting FPX or MIC
* Added __int__ to IFDRational for Python >= 3.11 #6998
* Added memoryview support to Dib.frombytes() #6988
* Close file pointer copy in the libtiff encoder if still open
* Raise an error if ImageDraw co-ordinates are incorrectly
ordered #6978
* Added "corners" argument to ImageDraw rounded_rectangle()
* Added memoryview support to frombytes() #6974
* Allow comments in FITS images #6973
* Support saving PDF with different X and Y resolutions #6961
* [jvanderneutstulen, radarhere, hugovk]
* Fixed writing int as UNDEFINED tag #6950
OBS-URL: https://build.opensuse.org/request/show/1077061
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Pillow?expand=0&rev=59
* Added ImageSourceData to TAGS_V2 #7053
* Clear PPM half token after use #7052
* Removed absolute path to ldconfig #7044
* Support custom comments and PLT markers when saving JPEG2000
images #6903
* Load before getting size in __array_interface__ #7034
* Support creating BGR;15, BGR;16 and BGR;24 images, but drop
support for BGR;32 #7010
* Consider transparency when applying APNG blend mask #7018
* Round duration when saving animated WebP images #6996
* Added reading of JPEG2000 comments #6909
* Decrement reference count #7003
* Allow libtiff_support_custom_tags to be missing #7020
* Improved I;16N support #6834
* Added QOI reading #6852
* Added saving RGBA images as PDFs #6925
* Do not raise an error if os.environ does not contain PATH
* Close OleFileIO instance when closing or exiting FPX or MIC
* Added __int__ to IFDRational for Python >= 3.11 #6998
* Added memoryview support to Dib.frombytes() #6988
* Close file pointer copy in the libtiff encoder if still open
* Raise an error if ImageDraw co-ordinates are incorrectly
ordered #6978
* Added "corners" argument to ImageDraw rounded_rectangle()
* Added memoryview support to frombytes() #6974
* Allow comments in FITS images #6973
* Support saving PDF with different X and Y resolutions #6961
* [jvanderneutstulen, radarhere, hugovk]
* Fixed writing int as UNDEFINED tag #6950
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=138
- update to 9.1.0:
* Fix loading FriBiDi on Alpine #6165
* Added setting for converting GIF P frames to RGB #6150
* Allow 1 mode images to be inverted #6034
* Raise ValueError when trying to save empty JPEG #6159
* Always save TIFF with contiguous planar configuration #5973
* Connected discontiguous polygon corners #5980
* Ensure Tkinter hook is activated for getimage() #6032
* Use screencapture arguments to crop on macOS #6152
* Do not mark L mode JPEG as 1 bit in PDF #6151
* Added support for reading I;16R TIFF images #6132
* If an error occurs after creating a file, remove the file #6134
* Fixed calling DisplayViewer or XVViewer without a title #6136
* Retain RGBA transparency when saving multiple GIF frames #6128
* Save additional ICO frames with other bit depths if supplied #6122
* Handle EXIF data truncated to just the header #6124
* Added support for reading BMP images with RLE8 compression #6102
* Support Python distributions where _tkinter is compiled in #6006
* Added support for PPM arbitrary maxval #6119
* Added BigTIFF reading #6097
* When converting, clip I;16 to be unsigned, not signed #6112
* Fixed loading L mode GIF with transparency #6086
* Improved handling of PPM header #5121
* Reset size when seeking away from "Large Thumbnail" MPO frame #6101
* Replace requirements.txt with extras #6072
* Added PyEncoder and support BLP saving #6069
* Handle TGA images with packets that cross scan lines #6087
* Added FITS reading #6056
* Added rawmode argument to Image.getpalette() #6061
* Fixed BUFR, GRIB and HDF5 stub saving #6071
OBS-URL: https://build.opensuse.org/request/show/967882
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Pillow?expand=0&rev=53
- update to 8.4.0:
- Prefer global transparency in GIF when replacing with background color #5756
- Added "exif" keyword argument to TIFF saving #5575
- Copy Python palette to new image in quantize() #5696
- Read ICO AND mask from end #5667
- Actually check the framesize in FliDecode.c #5659
- Determine JPEG2000 mode purely from ihdr header box #5654
- Fixed using info dictionary when writing multiple APNG frames #5611
- Allow saving 1 and L mode TIFF with PhotometricInterpretation 0 #5655
- For GIF save_all with palette, do not include palette with each frame #5603
- Keep transparency when converting from P to LA or PA #5606
- Copy palette to new image in transform() #5647
- Added "transparency" argument to EpsImagePlugin load() #5620
- Corrected pathlib.Path detection when saving #5633
- Added WalImageFile class #5618
- Consider I;16 pixel size when drawing text #5598
- If default conversion from P is RGB with transparency, convert to RGBA #5594
- Speed up rotating square images by 90 or 270 degrees #5646
- Add support for reading DPI information from JPEG2000 images
- Catch TypeError from corrupted DPI value in EXIF #5639
- Do not close file pointer when saving SGI images #5645
- Deprecate ImagePalette size parameter #5641
- Prefer command line tools SDK on macOS #5624
OBS-URL: https://build.opensuse.org/request/show/928313
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Pillow?expand=0&rev=51
- Prefer global transparency in GIF when replacing with background color #5756
- Added "exif" keyword argument to TIFF saving #5575
- Copy Python palette to new image in quantize() #5696
- Read ICO AND mask from end #5667
- Actually check the framesize in FliDecode.c #5659
- Determine JPEG2000 mode purely from ihdr header box #5654
- Fixed using info dictionary when writing multiple APNG frames #5611
- Allow saving 1 and L mode TIFF with PhotometricInterpretation 0 #5655
- For GIF save_all with palette, do not include palette with each frame #5603
- Keep transparency when converting from P to LA or PA #5606
- Copy palette to new image in transform() #5647
- Added "transparency" argument to EpsImagePlugin load() #5620
- Corrected pathlib.Path detection when saving #5633
- Added WalImageFile class #5618
- Consider I;16 pixel size when drawing text #5598
- If default conversion from P is RGB with transparency, convert to RGBA #5594
- Speed up rotating square images by 90 or 270 degrees #5646
- Add support for reading DPI information from JPEG2000 images
- Catch TypeError from corrupted DPI value in EXIF #5639
- Do not close file pointer when saving SGI images #5645
- Deprecate ImagePalette size parameter #5641
- Prefer command line tools SDK on macOS #5624
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=121
- update to 8.1.2:
- Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922) and ICO (CVE-2021-27923) Image Plugins
- Update to 8.1.1
Security
* CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c.
* CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size
* CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
* CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
* CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow
did not properly check the reported size of the contained image. These images could cause
arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie,
and Akshay Ajayan of ASU.edu.
Other Changes
A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed
OBS-URL: https://build.opensuse.org/request/show/877608
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Pillow?expand=0&rev=46
- Update to 8.1.1
Security
* CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c.
* CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size
* CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
* CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
* CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow
did not properly check the reported size of the contained image. These images could cause
arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie,
and Akshay Ajayan of ASU.edu.
Other Changes
A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed
OBS-URL: https://build.opensuse.org/request/show/876407
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=111