Bump pillow from 7.2.0 to 8.1.2
Bumps pillow from 7.2.0 to 8.1.2.
Release notes
Sourced from pillow's releases.
8.1.2
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
8.1.1
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
8.1.0
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html
Changes
- Fix TIFF OOB Write error #5175 [@radarhere]
- Fix for Buffer Read Overrun in PCX Decoding #5174 [@radarhere]
- Fix for SGI Decode buffer overrun #5173 [@radarhere]
- Fix OOB Read when saving GIF of xsize=1 #5149 [@wiredfool]
- Add support for PySide6 #5161 [@hugovk]
- Moved QApplication into one test #5167 [@radarhere]
- Use disposal settings from previous frame in APNG #5126 [@radarhere]
- Revert "skip wheels on 3.10-dev due to wheel#354" #5163 [@radarhere]
- Better _binary module use #5156 [@radarhere]
- Added exception explaining that repr_png saves to PNG #5139 [@radarhere]
- Use previous disposal method in GIF load_end #5125 [@radarhere]
- Do not catch a ValueError only to raise another #5090 [@radarhere]
- Allow putpalette to accept 1024 integers to include alpha values #5089 [@radarhere]
- Fix OOB Read when writing TIFF with custom Metadata #5148 [@wiredfool]
- Removed unused variable #5140 [@radarhere]
- Fix dereferencing of potential null pointers #5111 [@cgohlke]
- Fixed warnings assigning to "unsigned char *" from "char *" #5127 [@radarhere]
- Add append_images support for ICO #4568 [@ziplantil]
- Fixed comparison warnings #5122 [@radarhere]
- Block TIFFTAG_SUBIFD #5120 [@radarhere]
- Fix dereferencing potential null pointer #5108 [@cgohlke]
- Replaced PyErr_NoMemory with ImagingError_MemoryError #5113 [@radarhere]
- Remove duplicate code #5109 [@cgohlke]
- Moved warning to end of execution #4965 [@radarhere]
- Removed unused fromstring and tostring C methods #5026 [@radarhere]
- init() if one of the formats is unrecognised #5037 [@radarhere]
Dependencies
- Updated libtiff to 4.2.0 #5153 [@radarhere]
- Updated openjpeg to 2.4.0 #5151 [@radarhere]
- Updated harfbuzz to 2.7.4 #5138 [@radarhere]
- Updated harfbuzz to 2.7.3 #5128 [@radarhere]
- Updated libraqm to 0.7.1 #5070 [@radarhere]
- Updated libimagequant to 2.13.1 #5065 [@radarhere]
- Update FriBiDi to 1.0.10 #5064 [@nulano]
- Updated libraqm to 0.7.1 #5063 [@radarhere]
- Updated libjpeg-turbo to 2.0.6 #5044 [@radarhere]
... (truncated)
Changelog
Sourced from pillow's changelog.
8.1.2 (2021-03-06)
- Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922) and ICO (CVE-2021-27923) Image Plugins [wiredfool]
8.1.1 (2021-03-01)
Use more specific regex chars to prevent ReDoS. CVE-2021-25292 [hugovk]
Fix OOB Read in TiffDecode.c, and check the tile validity before reading. CVE-2021-25291 [wiredfool]
Fix negative size read in TiffDecode.c. CVE-2021-25290 [wiredfool]
Fix OOB read in SgiRleDecode.c. CVE-2021-25293 [wiredfool]
Incorrect error code checking in TiffDecode.c. CVE-2021-25289 [wiredfool]
PyModule_AddObject fix for Python 3.10 #5194 [radarhere]
8.1.0 (2021-01-02)
Fix TIFF OOB Write error. CVE-2020-35654 #5175 [wiredfool]
Fix for Read Overflow in PCX Decoding. CVE-2020-35653 #5174 [wiredfool, radarhere]
Fix for SGI Decode buffer overrun. CVE-2020-35655 #5173 [wiredfool, radarhere]
Fix OOB Read when saving GIF of xsize=1 #5149 [wiredfool]
Makefile updates #5159 [wiredfool, radarhere]
Add support for PySide6 #5161 [hugovk]
Use disposal settings from previous frame in APNG #5126 [radarhere]
... (truncated)
Commits
-
88bd672
8.1.2 version bump -
d348636
Update CHANGES.rst [ci skip] -
2a66fa7
Added release notes for 8.1.2 -
608bf4f
Lint fix -
756fff3
Fix Memory DOS in Icns, Ico and Blp Image Plugins -
886ad5a
Fix filename spelling -
0907fb1
Expanded "OOB" to "out-of-bounds" [ci skip] -
c60c092
CHANGES.rst: update dates -
8fb5e50
Added more CVE numbers [ci skip] -
a10d2c9
Updated spelling [ci skip] - Additional commits viewable in compare view