An update that fixes 13 vulnerabilities is now available.
Description:
This update for python-CairoSVG, python-Pillow fixes the following issues:
Update to version 2.5.1.
Updates for version 2.5.0.
python-Pillow update to version 8.3.1:
Catch OSError when checking if fp is sys.stdout #5585 [radarhere]
Handle removing orientation from alternate types of EXIF data #5584
[radarhere]
Make Image.array take optional dtype argument #5572 [t-vi, radarhere]
Use snprintf instead of sprintf. CVE-2021-34552 #5567 [radarhere]
Limit TIFF strip size when saving with LibTIFF #5514 [kmilos]
Allow ICNS save on all operating systems #4526 [baletu, radarhere,
newpanjing, hugovk]
De-zigzag JPEG’s DQT when loading; deprecate convert_dict_qtables #4989
[gofr, radarhere]
Replaced xml.etree.ElementTree #5565 [radarhere]
Moved CVE image to pillow-depends #5561 [radarhere]
Added tag data for IFD groups #5554 [radarhere]
Improved ImagePalette #5552 [radarhere]
Add DDS saving #5402 [radarhere]
Improved getxmp() #5455 [radarhere]
Convert to float for comparison with float in IFDRational eq #5412
[radarhere]
Allow getexif() to access TIFF tag_v2 data #5416 [radarhere]
Read FITS image mode and size #5405 [radarhere]
Merge parallel horizontal edges in ImagingDrawPolygon #5347 [radarhere,
hrdrq]
Use transparency behind first GIF frame and when disposing to background
#5557 [radarhere, zewt]
Avoid unstable nature of qsort in Quant.c #5367 [radarhere]
Copy palette to new images in ImageOps expand #5551 [radarhere]
Ensure palette string matches RGB mode #5549 [radarhere]
Do not modify EXIF of original image instance in exif_transpose() #5547
[radarhere]
Fixed default numresolution for small JPEG2000 images #5540 [radarhere]
Added DDS BC5 reading #5501 [radarhere]
Raise an error if ImageDraw.textbbox is used without a TrueType font
#5510 [radarhere]
Added ICO saving in BMP format #5513 [radarhere]
Ensure PNG seeks to end of previous chunk at start of load_end #5493
[radarhere]
Do not allow TIFF to seek to a past frame #5473 [radarhere]
Avoid race condition when displaying images with eog #5507 [mconst]
Added specific error messages when ink has incorrect number of bands
#5504 [radarhere]
Allow converting an image to a numpy array to raise errors #5379
[radarhere]
Removed DPI rounding from BMP, JPEG, PNG and WMF loading #5476, #5470
[radarhere]
Remove spikes when drawing thin pieslices #5460 [xtsm]
Updated default value for SAMPLESPERPIXEL TIFF tag #5452 [radarhere]
Removed TIFF DPI rounding #5446 [radarhere, hugovk]
Include code in WebP error #5471 [radarhere]
Do not alter pixels outside mask when drawing text on an image with
transparency #5434 [radarhere]
Reset handle when seeking backwards in TIFF #5443 [radarhere]
Replace sys.stdout with sys.stdout.buffer when saving #5437 [radarhere]
Fixed UNDEFINED TIFF tag of length 0 being changed in roundtrip #5426
[radarhere]
Fixed bug when checking FreeType2 version if it is not installed #5445
[radarhere]
Do not round dimensions when saving PDF #5459 [radarhere]
Added ImageOps contain() #5417 [radarhere, hugovk]
Changed WebP default “method” value to 4 #5450 [radarhere]
Switched to saving 1-bit PDFs with DCTDecode #5430 [radarhere]
Use bpp from ICO header #5429 [radarhere]
Corrected JPEG APP14 transform value #5408 [radarhere]
Changed TIFF tag 33723 length to 1 #5425 [radarhere]
Changed ImageMorph incorrect mode errors to ValueError #5414 [radarhere]
Add EXIF tags specified in EXIF 2.32 #5419 [gladiusglad]
Treat previous contents of first GIF frame as transparent #5391
[radarhere]
For special image modes, revert default resize resampling to NEAREST
#5411 [radarhere]
JPEG2000: Support decoding subsampled RGB and YCbCr images #4996
[nulano, radarhere]
Stop decoding BC1 punchthrough alpha in BC2&3 #4144 [jansol]
Use zero if GIF background color index is missing #5390 [radarhere]
Fixed ensuring that GIF previous frame was loaded #5386 [radarhere]
Valgrind fixes #5397 [wiredfool]
Round down the radius in rounded_rectangle #5382 [radarhere]
Fixed reading uncompressed RGB data from DDS #5383 [radarhere]
update to version 8.2.0:
update to 8.1.2:
Update to 8.1.1
There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container
formats where Pillow did not properly check the reported size of the
contained image. These images could cause arbitrariliy large memory
allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie, and
Akshay Ajayan of ASU.edu.
Other Changes
A crash with the feature flags for LibJpeg and Webp on unreleased Python
3.10 has been fixed
Fix rpmlint warning about duplicate file definition
Fix package build by relying on %python_subpackages for
Obsoletes/Conflicts (boo#1181281)
update to 8.1.0 (boo#1180833, boo#1180834, boo#1180832):
update to version 8.0.1:
changes from version 8.0.0:
update to version 7.2.0:
Update to 7.1.2:
update to version 7.1.1:
changes from version 7.1.0:
update to version 7.0.0:
Update to 6.2.1:
Update to 6.2.0:
update to version 6.1.0:
Update to 6.0.0:
update to version 5.4.1:
changes from version 5.4.0:
update to version 5.3.0:
update to version 5.2.0:
update to version 5.1.0:
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1134=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 15.2 | noarch | < - openSUSE Leap 15.2 (noarch): | - openSUSE Leap 15.2 (noarch):.noarch.rpm | |
openSUSE Leap | 15.2 | x86_64 | < - openSUSE Leap 15.2 (x86_64): | - openSUSE Leap 15.2 (x86_64):.x86_64.rpm |