- update to 9.1.0:
* Fix loading FriBiDi on Alpine #6165
* Added setting for converting GIF P frames to RGB #6150
* Allow 1 mode images to be inverted #6034
* Raise ValueError when trying to save empty JPEG #6159
* Always save TIFF with contiguous planar configuration #5973
* Connected discontiguous polygon corners #5980
* Ensure Tkinter hook is activated for getimage() #6032
* Use screencapture arguments to crop on macOS #6152
* Do not mark L mode JPEG as 1 bit in PDF #6151
* Added support for reading I;16R TIFF images #6132
* If an error occurs after creating a file, remove the file #6134
* Fixed calling DisplayViewer or XVViewer without a title #6136
* Retain RGBA transparency when saving multiple GIF frames #6128
* Save additional ICO frames with other bit depths if supplied #6122
* Handle EXIF data truncated to just the header #6124
* Added support for reading BMP images with RLE8 compression #6102
* Support Python distributions where _tkinter is compiled in #6006
* Added support for PPM arbitrary maxval #6119
* Added BigTIFF reading #6097
* When converting, clip I;16 to be unsigned, not signed #6112
* Fixed loading L mode GIF with transparency #6086
* Improved handling of PPM header #5121
* Reset size when seeking away from "Large Thumbnail" MPO frame #6101
* Replace requirements.txt with extras #6072
* Added PyEncoder and support BLP saving #6069
* Handle TGA images with packets that cross scan lines #6087
* Added FITS reading #6056
* Added rawmode argument to Image.getpalette() #6061
* Fixed BUFR, GRIB and HDF5 stub saving #6071
OBS-URL: https://build.opensuse.org/request/show/967882
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Pillow?expand=0&rev=53
- update to 8.4.0:
- Prefer global transparency in GIF when replacing with background color #5756
- Added "exif" keyword argument to TIFF saving #5575
- Copy Python palette to new image in quantize() #5696
- Read ICO AND mask from end #5667
- Actually check the framesize in FliDecode.c #5659
- Determine JPEG2000 mode purely from ihdr header box #5654
- Fixed using info dictionary when writing multiple APNG frames #5611
- Allow saving 1 and L mode TIFF with PhotometricInterpretation 0 #5655
- For GIF save_all with palette, do not include palette with each frame #5603
- Keep transparency when converting from P to LA or PA #5606
- Copy palette to new image in transform() #5647
- Added "transparency" argument to EpsImagePlugin load() #5620
- Corrected pathlib.Path detection when saving #5633
- Added WalImageFile class #5618
- Consider I;16 pixel size when drawing text #5598
- If default conversion from P is RGB with transparency, convert to RGBA #5594
- Speed up rotating square images by 90 or 270 degrees #5646
- Add support for reading DPI information from JPEG2000 images
- Catch TypeError from corrupted DPI value in EXIF #5639
- Do not close file pointer when saving SGI images #5645
- Deprecate ImagePalette size parameter #5641
- Prefer command line tools SDK on macOS #5624
OBS-URL: https://build.opensuse.org/request/show/928313
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Pillow?expand=0&rev=51
- Prefer global transparency in GIF when replacing with background color #5756
- Added "exif" keyword argument to TIFF saving #5575
- Copy Python palette to new image in quantize() #5696
- Read ICO AND mask from end #5667
- Actually check the framesize in FliDecode.c #5659
- Determine JPEG2000 mode purely from ihdr header box #5654
- Fixed using info dictionary when writing multiple APNG frames #5611
- Allow saving 1 and L mode TIFF with PhotometricInterpretation 0 #5655
- For GIF save_all with palette, do not include palette with each frame #5603
- Keep transparency when converting from P to LA or PA #5606
- Copy palette to new image in transform() #5647
- Added "transparency" argument to EpsImagePlugin load() #5620
- Corrected pathlib.Path detection when saving #5633
- Added WalImageFile class #5618
- Consider I;16 pixel size when drawing text #5598
- If default conversion from P is RGB with transparency, convert to RGBA #5594
- Speed up rotating square images by 90 or 270 degrees #5646
- Add support for reading DPI information from JPEG2000 images
- Catch TypeError from corrupted DPI value in EXIF #5639
- Do not close file pointer when saving SGI images #5645
- Deprecate ImagePalette size parameter #5641
- Prefer command line tools SDK on macOS #5624
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=121
- update to 8.1.2:
- Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922) and ICO (CVE-2021-27923) Image Plugins
- Update to 8.1.1
Security
* CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c.
* CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size
* CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
* CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
* CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow
did not properly check the reported size of the contained image. These images could cause
arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie,
and Akshay Ajayan of ASU.edu.
Other Changes
A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed
OBS-URL: https://build.opensuse.org/request/show/877608
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Pillow?expand=0&rev=46
- Update to 8.1.1
Security
* CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c.
* CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size
* CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
* CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
* CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow
did not properly check the reported size of the contained image. These images could cause
arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie,
and Akshay Ajayan of ASU.edu.
Other Changes
A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed
OBS-URL: https://build.opensuse.org/request/show/876407
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=111
* Fix TIFF OOB Write error. CVE-2020-35654
* Fix for Read Overflow in PCX Decoding. CVE-2020-35653
* Fix for SGI Decode buffer overrun. CVE-2020-35655
* Fix OOB Read when saving GIF of xsize=1
* Makefile updates
* Add support for PySide6
* Use disposal settings from previous frame in APNG
* Added exception explaining that _repr_png_ saves to PNG
* Use previous disposal method in GIF load_end
* Allow putpalette to accept 1024 integers to include alpha values
* Fix OOB Read when writing TIFF with custom Metadata
* Added append_images support for ICO
* Block TIFFTAG_SUBIFD
* Fixed dereferencing potential null pointers
* Deprecate FreeType 2.7
* Moved warning to end of execution
* Removed unused fromstring and tostring C methods
* init() if one of the formats is unrecognised
* Moved string_dimension CVE image to pillow-depends
* Support raw rgba8888 for DDS
- drop patches python-Pillow-tiff-4.2.0.patch
python-Pillow-tiff-fix-oob-read.patch (upstream)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Pillow?expand=0&rev=108
- Update to 7.1.2:
* This fixes a regression introduced in 7.1.0 when adding support
for APNG files.
* When calling seek(n) on a regular PNG where n > 0, it failed to
raise an EOFError as it should have done
- update to version 7.1.1:
* Fix regression seeking and telling PNGs #4512#4514 [hugovk,
radarhere]
- changes from version 7.1.0:
* Fix multiple OOB reads in FLI decoding #4503 [wiredfool]
* Fix buffer overflow in SGI-RLE decoding #4504 [wiredfool, hugovk]
* Fix bounds overflow in JPEG 2000 decoding #4505 [wiredfool]
* Fix bounds overflow in PCX decoding #4506 [wiredfool]
* Fix 2 buffer overflows in TIFF decoding #4507 [wiredfool]
* Add APNG support #4243 [pmrowla, radarhere, hugovk]
* ImageGrab.grab() for Linux with XCB #4260 [nulano, radarhere]
* Added three new channel operations #4230 [dwastberg, radarhere]
* Prevent masking of Image reduce method in Jpeg2KImagePlugin #4474
[radarhere, homm]
* Added reading of earlier ImageMagick PNG EXIF data #4471
[radarhere]
* Fixed endian handling for I;16 getextrema #4457 [radarhere]
* Release buffer if function returns prematurely #4381 [radarhere]
* Add JPEG comment to info dictionary #4455 [radarhere]
* Fix size calculation of Image.thumbnail() #4404 [orlnub123]
* Fixed stroke on FreeType < 2.9 #4401 [radarhere]
* If present, only use alpha channel for bounding box #4454
[radarhere]
* Warn if an unknown feature is passed to features.check() #4438
OBS-URL: https://build.opensuse.org/request/show/799155
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Pillow?expand=0&rev=38