- update to 9.5.0:
* Added ImageSourceData to TAGS_V2 #7053
* Clear PPM half token after use #7052
* Removed absolute path to ldconfig #7044
* Support custom comments and PLT markers when saving JPEG2000
images #6903
* Load before getting size in __array_interface__ #7034
* Support creating BGR;15, BGR;16 and BGR;24 images, but drop
support for BGR;32 #7010
* Consider transparency when applying APNG blend mask #7018
* Round duration when saving animated WebP images #6996
* Added reading of JPEG2000 comments #6909
* Decrement reference count #7003
* Allow libtiff_support_custom_tags to be missing #7020
* Improved I;16N support #6834
* Added QOI reading #6852
* Added saving RGBA images as PDFs #6925
* Do not raise an error if os.environ does not contain PATH
* Close OleFileIO instance when closing or exiting FPX or MIC
* Added __int__ to IFDRational for Python >= 3.11 #6998
* Added memoryview support to Dib.frombytes() #6988
* Close file pointer copy in the libtiff encoder if still open
* Raise an error if ImageDraw co-ordinates are incorrectly
ordered #6978
* Added "corners" argument to ImageDraw rounded_rectangle()
* Added memoryview support to frombytes() #6974
* Allow comments in FITS images #6973
* Support saving PDF with different X and Y resolutions #6961
* [jvanderneutstulen, radarhere, hugovk]
* Fixed writing int as UNDEFINED tag #6950
OBS-URL: https://build.opensuse.org/request/show/1077061
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Pillow?expand=0&rev=59
* Added ImageSourceData to TAGS_V2 #7053
* Clear PPM half token after use #7052
* Removed absolute path to ldconfig #7044
* Support custom comments and PLT markers when saving JPEG2000
images #6903
* Load before getting size in __array_interface__ #7034
* Support creating BGR;15, BGR;16 and BGR;24 images, but drop
support for BGR;32 #7010
* Consider transparency when applying APNG blend mask #7018
* Round duration when saving animated WebP images #6996
* Added reading of JPEG2000 comments #6909
* Decrement reference count #7003
* Allow libtiff_support_custom_tags to be missing #7020
* Improved I;16N support #6834
* Added QOI reading #6852
* Added saving RGBA images as PDFs #6925
* Do not raise an error if os.environ does not contain PATH
* Close OleFileIO instance when closing or exiting FPX or MIC
* Added __int__ to IFDRational for Python >= 3.11 #6998
* Added memoryview support to Dib.frombytes() #6988
* Close file pointer copy in the libtiff encoder if still open
* Raise an error if ImageDraw co-ordinates are incorrectly
ordered #6978
* Added "corners" argument to ImageDraw rounded_rectangle()
* Added memoryview support to frombytes() #6974
* Allow comments in FITS images #6973
* Support saving PDF with different X and Y resolutions #6961
* [jvanderneutstulen, radarhere, hugovk]
* Fixed writing int as UNDEFINED tag #6950
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=138
- update to 9.1.0:
* Fix loading FriBiDi on Alpine #6165
* Added setting for converting GIF P frames to RGB #6150
* Allow 1 mode images to be inverted #6034
* Raise ValueError when trying to save empty JPEG #6159
* Always save TIFF with contiguous planar configuration #5973
* Connected discontiguous polygon corners #5980
* Ensure Tkinter hook is activated for getimage() #6032
* Use screencapture arguments to crop on macOS #6152
* Do not mark L mode JPEG as 1 bit in PDF #6151
* Added support for reading I;16R TIFF images #6132
* If an error occurs after creating a file, remove the file #6134
* Fixed calling DisplayViewer or XVViewer without a title #6136
* Retain RGBA transparency when saving multiple GIF frames #6128
* Save additional ICO frames with other bit depths if supplied #6122
* Handle EXIF data truncated to just the header #6124
* Added support for reading BMP images with RLE8 compression #6102
* Support Python distributions where _tkinter is compiled in #6006
* Added support for PPM arbitrary maxval #6119
* Added BigTIFF reading #6097
* When converting, clip I;16 to be unsigned, not signed #6112
* Fixed loading L mode GIF with transparency #6086
* Improved handling of PPM header #5121
* Reset size when seeking away from "Large Thumbnail" MPO frame #6101
* Replace requirements.txt with extras #6072
* Added PyEncoder and support BLP saving #6069
* Handle TGA images with packets that cross scan lines #6087
* Added FITS reading #6056
* Added rawmode argument to Image.getpalette() #6061
* Fixed BUFR, GRIB and HDF5 stub saving #6071
OBS-URL: https://build.opensuse.org/request/show/967882
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Pillow?expand=0&rev=53
- update to 8.4.0:
- Prefer global transparency in GIF when replacing with background color #5756
- Added "exif" keyword argument to TIFF saving #5575
- Copy Python palette to new image in quantize() #5696
- Read ICO AND mask from end #5667
- Actually check the framesize in FliDecode.c #5659
- Determine JPEG2000 mode purely from ihdr header box #5654
- Fixed using info dictionary when writing multiple APNG frames #5611
- Allow saving 1 and L mode TIFF with PhotometricInterpretation 0 #5655
- For GIF save_all with palette, do not include palette with each frame #5603
- Keep transparency when converting from P to LA or PA #5606
- Copy palette to new image in transform() #5647
- Added "transparency" argument to EpsImagePlugin load() #5620
- Corrected pathlib.Path detection when saving #5633
- Added WalImageFile class #5618
- Consider I;16 pixel size when drawing text #5598
- If default conversion from P is RGB with transparency, convert to RGBA #5594
- Speed up rotating square images by 90 or 270 degrees #5646
- Add support for reading DPI information from JPEG2000 images
- Catch TypeError from corrupted DPI value in EXIF #5639
- Do not close file pointer when saving SGI images #5645
- Deprecate ImagePalette size parameter #5641
- Prefer command line tools SDK on macOS #5624
OBS-URL: https://build.opensuse.org/request/show/928313
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Pillow?expand=0&rev=51
- Prefer global transparency in GIF when replacing with background color #5756
- Added "exif" keyword argument to TIFF saving #5575
- Copy Python palette to new image in quantize() #5696
- Read ICO AND mask from end #5667
- Actually check the framesize in FliDecode.c #5659
- Determine JPEG2000 mode purely from ihdr header box #5654
- Fixed using info dictionary when writing multiple APNG frames #5611
- Allow saving 1 and L mode TIFF with PhotometricInterpretation 0 #5655
- For GIF save_all with palette, do not include palette with each frame #5603
- Keep transparency when converting from P to LA or PA #5606
- Copy palette to new image in transform() #5647
- Added "transparency" argument to EpsImagePlugin load() #5620
- Corrected pathlib.Path detection when saving #5633
- Added WalImageFile class #5618
- Consider I;16 pixel size when drawing text #5598
- If default conversion from P is RGB with transparency, convert to RGBA #5594
- Speed up rotating square images by 90 or 270 degrees #5646
- Add support for reading DPI information from JPEG2000 images
- Catch TypeError from corrupted DPI value in EXIF #5639
- Do not close file pointer when saving SGI images #5645
- Deprecate ImagePalette size parameter #5641
- Prefer command line tools SDK on macOS #5624
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=121
- update to 8.1.2:
- Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922) and ICO (CVE-2021-27923) Image Plugins
- Update to 8.1.1
Security
* CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c.
* CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size
* CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
* CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
* CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow
did not properly check the reported size of the contained image. These images could cause
arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie,
and Akshay Ajayan of ASU.edu.
Other Changes
A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed
OBS-URL: https://build.opensuse.org/request/show/877608
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Pillow?expand=0&rev=46
- Update to 8.1.1
Security
* CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c.
* CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size
* CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
* CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
* CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow
did not properly check the reported size of the contained image. These images could cause
arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie,
and Akshay Ajayan of ASU.edu.
Other Changes
A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed
OBS-URL: https://build.opensuse.org/request/show/876407
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=111
* Fix TIFF OOB Write error. CVE-2020-35654
* Fix for Read Overflow in PCX Decoding. CVE-2020-35653
* Fix for SGI Decode buffer overrun. CVE-2020-35655
* Fix OOB Read when saving GIF of xsize=1
* Makefile updates
* Add support for PySide6
* Use disposal settings from previous frame in APNG
* Added exception explaining that _repr_png_ saves to PNG
* Use previous disposal method in GIF load_end
* Allow putpalette to accept 1024 integers to include alpha values
* Fix OOB Read when writing TIFF with custom Metadata
* Added append_images support for ICO
* Block TIFFTAG_SUBIFD
* Fixed dereferencing potential null pointers
* Deprecate FreeType 2.7
* Moved warning to end of execution
* Removed unused fromstring and tostring C methods
* init() if one of the formats is unrecognised
* Moved string_dimension CVE image to pillow-depends
* Support raw rgba8888 for DDS
- drop patches python-Pillow-tiff-4.2.0.patch
python-Pillow-tiff-fix-oob-read.patch (upstream)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=108