- Update to 8.1.1
Security
* CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c.
* CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size
* CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
* CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
* CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow
did not properly check the reported size of the contained image. These images could cause
arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie,
and Akshay Ajayan of ASU.edu.
Other Changes
A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed
OBS-URL: https://build.opensuse.org/request/show/876407
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=111
* Fix TIFF OOB Write error. CVE-2020-35654
* Fix for Read Overflow in PCX Decoding. CVE-2020-35653
* Fix for SGI Decode buffer overrun. CVE-2020-35655
* Fix OOB Read when saving GIF of xsize=1
* Makefile updates
* Add support for PySide6
* Use disposal settings from previous frame in APNG
* Added exception explaining that _repr_png_ saves to PNG
* Use previous disposal method in GIF load_end
* Allow putpalette to accept 1024 integers to include alpha values
* Fix OOB Read when writing TIFF with custom Metadata
* Added append_images support for ICO
* Block TIFFTAG_SUBIFD
* Fixed dereferencing potential null pointers
* Deprecate FreeType 2.7
* Moved warning to end of execution
* Removed unused fromstring and tostring C methods
* init() if one of the formats is unrecognised
* Moved string_dimension CVE image to pillow-depends
* Support raw rgba8888 for DDS
- drop patches python-Pillow-tiff-4.2.0.patch
python-Pillow-tiff-fix-oob-read.patch (upstream)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=108
* Python 2.7 support will be removed in Pillow 7.0.0 #3682 [hugovk]
* Add EXIF class #3625 [radarhere]
* Add ImageOps exif_transpose method #3687 [radarhere]
* Added warnings to deprecated CMSProfile attributes #3615 [hugovk]
* Documented reading TIFF multiframe images #3720 [akuchling]
* Improved speed of opening an MPO file #3658 [Glandos]
* Update palette in quantize #3721 [radarhere]
* Improvements to TIFF is_animated and n_frames #3714 [radarhere]
* Fixed incompatible pointer type warnings #3754 [radarhere]
* Improvements to PA and LA conversion and palette operations #3728 [radarhere]
* Consistent DPI rounding #3709 [radarhere]
* Change size of MPO image to match frame #3588 [radarhere]
* Read Photoshop resolution data #3701 [radarhere]
* Ensure image is mutable before saving #3724 [radarhere]
* Correct remap_palette documentation #3740 [radarhere]
* Promote P images to PA in putalpha #3726 [radarhere]
* Allow RGB and RGBA values for new P images #3719 [radarhere]
* Fixed TIFF bug when seeking backwards and then forwards #3713 [radarhere]
* Cache EXIF information #3498 [Glandos]
* Added transparency for all PNG greyscale modes #3744 [radarhere]
* Fix deprecation warnings in Python 3.8 #3749 [radarhere]
* Fixed GIF bug when rewinding to a non-zero frame #3716 [radarhere]
* Only close original fp in __del__ and __exit__ if original fp is exclusive #3683 [radarhere]
* Fix BytesWarning in Tests/test_numpy.py #3725 [jdufresne]
* Add missing MIME types and extensions #3520 [pirate486743186]
* Add I;16 PNG save #3566 [radarhere]
* Add support for BMP RGBA bitfield compression #3705 [radarhere]
* Added ability to set language for text rendering #3693 [iwsfutcmd]
* Only close exclusive fp on Image __exit__ #3698 [radarhere]
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=80
- Version update to 5.0.0:
* Docs: Added docstrings from documentation #2914 [radarhere]
* Test: Switch from nose to pytest #2815 [hugovk]
* Rework Source directory layout, preventing accidental import of PIL. #2911 [wiredfool]
* Dynamically link libraqm #2753 [wiredfool]
* Removed scripts directory #2901 [wiredfool]
* TIFF: Run all compressed tiffs through libtiff decoder #2899 [wiredfool]
* GIF: Add disposal option when saving GIFs #2902 [linnil1, wiredfool]
* EPS: Allow for an empty line in EPS header data #2903 [radarhere]
* PNG: Add support for sRGB and cHRM chunks, permit sRGB when no iCCP chunk present #2898 [wiredfool]
* Dependencies: Update Tk Tcl to 8.6.8 #2905 [radarhere]
* Decompression bomb error now raised for images 2x larger than a decompression bomb warning #2583 [wiredfool]
* Test: avoid random failure in test_effect_noise #2894 [hugovk]
* Increased epsilon for test_file_eps.py:test_showpage due to Arch update. #2896 [wiredfool]
* Removed check parameter from _save in BmpImagePlugin, PngImagePlugin, ImImagePlugin, PalmImagePlugin, and PcxImagePlugin. #2873 [radarhere]
* Make PngImagePlugin.add_text() zip argument type bool #2890 [jdufresne]
* Depends: Updated libwebp to 0.6.1 #2880 [radarhere]
* Remove unnecessary bool() calls in Image.registered_extensions and skipKnownBadTests #2891 [jdufresne]
* Fix count of BITSPERSAMPLE items in broken TIFF files #2883 [homm]
* Fillcolor parameter for Image.Transform #2852 [wiredfool]
* Test: Display differences for test failures #2862 [wiredfool]
* Added executable flag to file with shebang line #2884 [radarhere]
* Setup: Specify compatible Python versions for pip #2877 [hugovk]
* Dependencies: Updated libimagequant to 2.11.4 #2878 [radarhere]
* Setup: Warn if trying to install for Py3.7 on Windows #2855 [hugovk]
* Doc: Fonts can be loaded from a file-like object, not just filename #2861 [robin-norwood]
* Add eog support for Ubuntu Image Viewer #2864 [NafisFaysal]
* Test: Test on 3.7-dev on Travis.ci #2870 [hugovk]
* Dependencies: Update libtiff to 4.0.9 #2871 [radarhere]
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=65
- update to 4.2.1:
- CI: Fix version specification and test on CI for PyPy/Windows #2608
- Doc: Clarified Image.save:append_images documentation #2604
- CI: Amazon Linux and Centos6 docker images added to TravisCI #2585
- Image.alpha_composite added #2595
- Complex Text Support #2576
- Added threshold parameter to ImageDraw.floodfill #2599
- Added dBATCH parameter to ghostscript command #2588
- JPEG: Adjust buffer size when icc_profile > MAXBLOCK #2596
- Specify Pillow Version in one place #2517
- CI: Change the owner of the TRAVIS_BUILD_DIR, fixing broken docker runs #2587
- Fix truncated PNG loading for some images, Fix memory leak on truncated PNG images. #2541, #2598
- Add decompression bomb check to Image.crop #2410
- ImageFile: Ensure that the `err_code` variable is initialized in case of exception. #2363
- Tiff: Support append_images for saving multipage TIFFs #2406
- Doc: Clarify that draft is only implemented for JPEG and PCD #2409
- Test: MicImagePlugin #2447
- Use round() instead of floor() to eliminate zero coefficients in resample #2558
- Remove deprecated code #2549
- Added append_images to PDF saving #2526
- Remove unused function core image function new_array #2548
- Remove unnecessary calls to dict.keys() #2551
- Add more ImageDraw.py tests and remove unused Draw.c code #2533
- Test: More tests for ImageMorph #2554
- Test: McIDAS area file #2552
- Update Feature Detection #2520
- CI: Update pypy on TravisCI #2573
- ImageMorph: Fix wrong expected size of MRLs read from disk #2561
- Docs: Update install docs for FreeBSD #2546
- Build: Ignore OpenJpeg 1.5 on FreeBSD #2544
OBS-URL: https://build.opensuse.org/request/show/517892
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=62
- fix wrong macro name in %post - it's %{py_ver}, not %{py-ver}
With the wrong name, the macro wasn't expanded, which lead to funny messages when installing the package:
(10/15) Installation von: python-Pillow-3.0.0-1.1 .....................................................................................................................................................................................................................[fertig]
Zusätzliche rpm-Ausgabe:
update-alternatives: using /usr/bin/pilconvert-2.7 to provide /usr/bin/pilconvert (pilconvert) in auto mode
update-alternatives: warning: skip creation of /usr/bin/createfontdatachunk because associated file /usr/bin/createfontdatachunk-%{py-ver} (of link group pilconvert) doesn't exist
update-alternatives: warning: skip creation of /usr/bin/enhancer because associated file /usr/bin/enhancer-%{py-ver} (of link group pilconvert) doesn't exist
update-alternatives: warning: skip creation of /usr/bin/explode because associated file /usr/bin/explode-%{py-ver} (of link group pilconvert) doesn't exist
update-alternatives: warning: skip creation of /usr/bin/gifmaker because associated file /usr/bin/gifmaker-%{py-ver} (of link group pilconvert) doesn't exist
update-alternatives: warning: skip creation of /usr/bin/painter because associated file /usr/bin/painter-%{py-ver} (of link group pilconvert) doesn't exist
update-alternatives: warning: skip creation of /usr/bin/player because associated file /usr/bin/player-%{py-ver} (of link group pilconvert) doesn't exist
update-alternatives: warning: skip creation of /usr/bin/thresholder because associated file /usr/bin/thresholder-%{py-ver} (of link group pilconvert) doesn't exist
update-alternatives: warning: skip creation of /usr/bin/viewer because associated file /usr/bin/viewer-%{py-ver} (of link group pilconvert) doesn't exist
Please forward this fix to factory.
OBS-URL: https://build.opensuse.org/request/show/344484
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=41
