github-actions[bot]
commented
1 month ago This pull request has been inactive for 30 days: labeled as stale. Please either merge or close or add the label keep-active
Closed krypton-build-user closed 1 month ago
github-actions[bot]
commented
1 month ago This pull request has been inactive for 30 days: labeled as stale. Please either merge or close or add the label keep-active
This PR contains the following updates:
==10.2.0->==10.4.0GitHub Vulnerability Alerts
CVE-2024-28219
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
Release Notes
python-pillow/Pillow (pillow)
### [`v10.4.0`](https://togithub.com/python-pillow/Pillow/blob/HEAD/CHANGES.rst#1040-2024-07-01) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/10.3.0...10.4.0) - Raise FileNotFoundError if show_file() path does not exist [#8178](https://togithub.com/python-pillow/Pillow/issues/8178) \[radarhere] - Improved reading 16-bit TGA images with colour [#7965](https://togithub.com/python-pillow/Pillow/issues/7965) \[Yay295, radarhere] - Deprecate non-image ImageCms modes [#8031](https://togithub.com/python-pillow/Pillow/issues/8031) \[radarhere] - Fixed processing multiple JPEG EXIF markers [#8127](https://togithub.com/python-pillow/Pillow/issues/8127) \[radarhere] - Do not preserve EXIFIFD tag by default when saving TIFF images [#8110](https://togithub.com/python-pillow/Pillow/issues/8110) \[radarhere] - Added ImageFont.load_default_imagefont() [#8086](https://togithub.com/python-pillow/Pillow/issues/8086) \[radarhere] - Added Image.WARN_POSSIBLE_FORMATS [#8063](https://togithub.com/python-pillow/Pillow/issues/8063) \[radarhere] - Remove zero-byte end padding when parsing any XMP data [#8171](https://togithub.com/python-pillow/Pillow/issues/8171) \[radarhere] - Do not detect Ultra HDR images as MPO [#8056](https://togithub.com/python-pillow/Pillow/issues/8056) \[radarhere] - Raise SyntaxError specific to JP2 [#8146](https://togithub.com/python-pillow/Pillow/issues/8146) \[Yay295, radarhere] - Do not use first frame duration for other frames when saving APNG images [#8104](https://togithub.com/python-pillow/Pillow/issues/8104) \[radarhere] - Consider I;16 pixel size when using a 1 mode mask [#8112](https://togithub.com/python-pillow/Pillow/issues/8112) \[radarhere] - When saving multiple PNG frames, convert to mode rather than raw mode [#8087](https://togithub.com/python-pillow/Pillow/issues/8087) \[radarhere] - Added byte support to FreeTypeFont [#8141](https://togithub.com/python-pillow/Pillow/issues/8141) \[radarhere] - Allow float center for rotate operations [#8114](https://togithub.com/python-pillow/Pillow/issues/8114) \[radarhere] - Do not read layers immediately when opening PSD images [#8039](https://togithub.com/python-pillow/Pillow/issues/8039) \[radarhere] - Restore original thread state [#8065](https://togithub.com/python-pillow/Pillow/issues/8065) \[radarhere] - Read IM and TIFF images as RGB, rather than RGBX [#7997](https://togithub.com/python-pillow/Pillow/issues/7997) \[radarhere] - Only preserve TIFF IPTC_NAA_CHUNK tag if type is BYTE or UNDEFINED [#7948](https://togithub.com/python-pillow/Pillow/issues/7948) \[radarhere] - Clarify ImageDraw2 error message when size is missing [#8165](https://togithub.com/python-pillow/Pillow/issues/8165) \[radarhere] - Support unpacking more rawmodes to RGBA palettes [#7966](https://togithub.com/python-pillow/Pillow/issues/7966) \[radarhere] - Removed support for Qt 5 [#8159](https://togithub.com/python-pillow/Pillow/issues/8159) \[radarhere] - Improve `ImageFont.freetype` support for XDG directories on Linux [#8135](https://togithub.com/python-pillow/Pillow/issues/8135) \[mamg22, radarhere] - Improved consistency of XMP handling [#8069](https://togithub.com/python-pillow/Pillow/issues/8069) \[radarhere] - Use pkg-config to help find libwebp and raqm [#8142](https://togithub.com/python-pillow/Pillow/issues/8142) \[radarhere] - Accept 't' suffix for libtiff version [#8126](https://togithub.com/python-pillow/Pillow/issues/8126), [#8129](https://togithub.com/python-pillow/Pillow/issues/8129) \[radarhere] - Deprecate ImageDraw.getdraw hints parameter [#8124](https://togithub.com/python-pillow/Pillow/issues/8124) \[radarhere, hugovk] - Added ImageDraw circle() [#8085](https://togithub.com/python-pillow/Pillow/issues/8085) \[void4, hugovk, radarhere] - Add mypy target to Makefile [#8077](https://togithub.com/python-pillow/Pillow/issues/8077) \[Yay295] - Added more modes to Image.MODES [#7984](https://togithub.com/python-pillow/Pillow/issues/7984) \[radarhere] - Deprecate BGR;15, BGR;16 and BGR;24 modes [#7978](https://togithub.com/python-pillow/Pillow/issues/7978) \[radarhere, hugovk] - Fix ImagingAccess for I;16N on big-endian [#7921](https://togithub.com/python-pillow/Pillow/issues/7921) \[Yay295, radarhere] - Support reading P mode TIFF images with padding [#7996](https://togithub.com/python-pillow/Pillow/issues/7996) \[radarhere] - Deprecate support for libtiff < 4 [#7998](https://togithub.com/python-pillow/Pillow/issues/7998) \[radarhere, hugovk] - Corrected ImageShow UnixViewer command [#7987](https://togithub.com/python-pillow/Pillow/issues/7987) \[radarhere] - Use functools.cached_property in ImageStat [#7952](https://togithub.com/python-pillow/Pillow/issues/7952) \[nulano, hugovk, radarhere] - Add support for reading BITMAPV2INFOHEADER and BITMAPV3INFOHEADER [#7956](https://togithub.com/python-pillow/Pillow/issues/7956) \[Cirras, radarhere] - Support reading CMYK JPEG2000 images [#7947](https://togithub.com/python-pillow/Pillow/issues/7947) \[radarhere] ### [`v10.3.0`](https://togithub.com/python-pillow/Pillow/blob/HEAD/CHANGES.rst#1030-2024-04-01) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/10.2.0...10.3.0) - CVE-2024-28219: Use `strncpy` to avoid buffer overflow [#7928](https://togithub.com/python-pillow/Pillow/issues/7928) \[radarhere, hugovk] - Deprecate `eval()`, replacing it with `lambda_eval()` and `unsafe_eval()` [#7927](https://togithub.com/python-pillow/Pillow/issues/7927) \[radarhere, hugovk] - Raise `ValueError` if seeking to greater than offset-sized integer in TIFF [#7883](https://togithub.com/python-pillow/Pillow/issues/7883) \[radarhere] - Add `--report` argument to `__main__.py` to omit supported formats [#7818](https://togithub.com/python-pillow/Pillow/issues/7818) \[nulano, radarhere, hugovk] - Added RGB to I;16, I;16L, I;16B and I;16N conversion [#7918](https://togithub.com/python-pillow/Pillow/issues/7918), [#7920](https://togithub.com/python-pillow/Pillow/issues/7920) \[radarhere] - Fix editable installation with custom build backend and configuration options [#7658](https://togithub.com/python-pillow/Pillow/issues/7658) \[nulano, radarhere] - Fix putdata() for I;16N on big-endian [#7209](https://togithub.com/python-pillow/Pillow/issues/7209) \[Yay295, hugovk, radarhere] - Determine MPO size from markers, not EXIF data [#7884](https://togithub.com/python-pillow/Pillow/issues/7884) \[radarhere] - Improved conversion from RGB to RGBa, LA and La [#7888](https://togithub.com/python-pillow/Pillow/issues/7888) \[radarhere] - Support FITS images with GZIP\_1 compression [#7894](https://togithub.com/python-pillow/Pillow/issues/7894) \[radarhere] - Use I;16 mode for 9-bit JPEG 2000 images [#7900](https://togithub.com/python-pillow/Pillow/issues/7900) \[scaramallion, radarhere] - Raise ValueError if kmeans is negative [#7891](https://togithub.com/python-pillow/Pillow/issues/7891) \[radarhere] - Remove TIFF tag OSUBFILETYPE when saving using libtiff [#7893](https://togithub.com/python-pillow/Pillow/issues/7893) \[radarhere] - Raise ValueError for negative values when loading P1-P3 PPM images [#7882](https://togithub.com/python-pillow/Pillow/issues/7882) \[radarhere] - Added reading of JPEG2000 palettes [#7870](https://togithub.com/python-pillow/Pillow/issues/7870) \[radarhere] - Added alpha_quality argument when saving WebP images [#7872](https://togithub.com/python-pillow/Pillow/issues/7872) \[radarhere] - Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions [#7881](https://togithub.com/python-pillow/Pillow/issues/7881) \[radarhere] - Stop reading EPS image at EOF marker [#7753](https://togithub.com/python-pillow/Pillow/issues/7753) \[radarhere] - PSD layer co-ordinates may be negative [#7706](https://togithub.com/python-pillow/Pillow/issues/7706) \[radarhere] - Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer [#7791](https://togithub.com/python-pillow/Pillow/issues/7791) \[radarhere] - When saving GIF frame that restores to background color, do not fill identical pixels [#7788](https://togithub.com/python-pillow/Pillow/issues/7788) \[radarhere] - Fixed reading PNG iCCP compression method [#7823](https://togithub.com/python-pillow/Pillow/issues/7823) \[radarhere] - Allow writing IFDRational to UNDEFINED tag [#7840](https://togithub.com/python-pillow/Pillow/issues/7840) \[radarhere] - Fix logged tag name when loading Exif data [#7842](https://togithub.com/python-pillow/Pillow/issues/7842) \[radarhere] - Use maximum frame size in IHDR chunk when saving APNG images [#7821](https://togithub.com/python-pillow/Pillow/issues/7821) \[radarhere] - Prevent opening P TGA images without a palette [#7797](https://togithub.com/python-pillow/Pillow/issues/7797) \[radarhere] - Use palette when loading ICO images [#7798](https://togithub.com/python-pillow/Pillow/issues/7798) \[radarhere] - Use consistent arguments for load_read and load_seek [#7713](https://togithub.com/python-pillow/Pillow/issues/7713) \[radarhere] - Turn off nullability warnings for macOS SDK [#7827](https://togithub.com/python-pillow/Pillow/issues/7827) \[radarhere] - Fix shift-sign issue in Convert.c [#7838](https://togithub.com/python-pillow/Pillow/issues/7838) \[r-barnes, radarhere] - Open 16-bit grayscale PNGs as I;16 [#7849](https://togithub.com/python-pillow/Pillow/issues/7849) \[radarhere] - Handle truncated chunks at the end of PNG images [#7709](https://togithub.com/python-pillow/Pillow/issues/7709) \[lajiyuan, radarhere] - Match mask size to pasted image size in GifImagePlugin [#7779](https://togithub.com/python-pillow/Pillow/issues/7779) \[radarhere] - Release GIL while calling `WebPAnimDecoderGetNext` [#7782](https://togithub.com/python-pillow/Pillow/issues/7782) \[evanmiller, radarhere] - Fixed reading FLI/FLC images with a prefix chunk [#7804](https://togithub.com/python-pillow/Pillow/issues/7804) \[twolife] - Update wl-paste handling and return None for some errors in grabclipboard() on Linux [#7745](https://togithub.com/python-pillow/Pillow/issues/7745) \[nik012003, radarhere] - Remove execute bit from `setup.py` [#7760](https://togithub.com/python-pillow/Pillow/issues/7760) \[hugovk] - Do not support using test-image-results to upload images after test failures [#7739](https://togithub.com/python-pillow/Pillow/issues/7739) \[radarhere] - Changed ImageMath.ops to be static [#7721](https://togithub.com/python-pillow/Pillow/issues/7721) \[radarhere] - Fix APNG info after seeking backwards more than twice [#7701](https://togithub.com/python-pillow/Pillow/issues/7701) \[esoma, radarhere] - Deprecate ImageCms constants and versions() function [#7702](https://togithub.com/python-pillow/Pillow/issues/7702) \[nulano, radarhere] - Added PerspectiveTransform [#7699](https://togithub.com/python-pillow/Pillow/issues/7699) \[radarhere] - Add support for reading and writing grayscale PFM images [#7696](https://togithub.com/python-pillow/Pillow/issues/7696) \[nulano, hugovk] - Add LCMS2 flags to ImageCms [#7676](https://togithub.com/python-pillow/Pillow/issues/7676) \[nulano, radarhere, hugovk] - Rename x64 to AMD64 in winbuild [#7693](https://togithub.com/python-pillow/Pillow/issues/7693) \[nulano]Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Self-Hosted Renovate Bot. Find all logs here.