setup.py | 77 56 + 21 - 0 !
1 file changed, 56 insertions(+), 21 deletions(-)

---

Tests/test_file_webp.py | 8 7 + 1 - 0 !
1 file changed, 7 insertions(+), 1 deletion(-)

---

docs/_static/js/script.js | 60 60 + 0 - 0 !
1 file changed, 60 insertions(+)

---

docs/conf.py | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

---

src/libImaging/Jpeg2KDecode.c | 35 26 + 9 - 0 !
1 file changed, 26 insertions(+), 9 deletions(-)

 [patch] fix oob read in jpeg2kdecode cve-2021-25287,cve-2021-25288

src/PIL/ImageFile.py | 14 12 + 2 - 0 !
src/PIL/PsdImagePlugin.py | 32 21 + 11 - 0 !
2 files changed, 33 insertions(+), 13 deletions(-)

 [patch] fix dos in psdimageplugin -- cve-2021-28675

* PSDImagePlugin did not sanity check the number of input layers and
  vs the size of the data block, this could lead to a DOS on
  Image.open prior to Image.load.
* This issue dates to the PIL fork

src/libImaging/FliDecode.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 [patch] fix fli dos -- cve-2021-28676

* FliDecode did not properly check that the block advance was
  non-zero, potentally leading to an infinite loop on load.
* This dates to the PIL Fork
* Found with oss-fuzz

src/PIL/EpsImagePlugin.py | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 [patch] fix eps dos on _open -- cve-2021-28677

* The readline used in EPS has to deal with any combination of \r and
  \n as line endings. It used an accidentally quadratic method of
  accumulating lines while looking for a line ending.
* A malicious EPS file could use this to perform a DOS of Pillow in
  the open phase, before an image was accepted for opening.
* This dates to the PIL Fork

src/PIL/BlpImagePlugin.py | 43 23 + 20 - 0 !
1 file changed, 23 insertions(+), 20 deletions(-)

 [patch] fix blp dos -- cve-2021-28678

* BlpImagePlugin did not properly check that reads after jumping to
  file offsets returned data. This could lead to a DOS where the
  decoder could be run a large number of times on empty data
* This dates to Pillow 5.1.0

src/libImaging/Convert.c | 10 4 + 6 - 0 !
1 file changed, 4 insertions(+), 6 deletions(-)

 [patch 2/2] use snprintf instead of sprintf

* https://github.com/python-pillow/Pillow/pull/5567/files
* Replace sprintf with snprintf in src/libImaging/Convert.c

src/PIL/ImageMath.py | 7 6 + 1 - 0 !
src/path.c | 35 20 + 15 - 0 !
2 files changed, 26 insertions(+), 16 deletions(-)

---

Tests/test_imagemath.py | 15 15 + 0 - 0 !
src/PIL/ImageMath.py | 15 11 + 4 - 0 !
2 files changed, 26 insertions(+), 4 deletions(-)

 restrict builtins within lambdas for imagemath.eval

(cherry picked from commit c930be0758ac02cf15a2b8d5409d50d443550581)

src/PIL/ImageMath.py | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 don't allow __ or builtins in env dictionarys for imagemath.eval

(cherry picked from commit 45c726fd4daa63236a8f3653530f297dc87b160a)

Tests/test_imagemath.py | 5 5 + 0 - 0 !
src/PIL/ImageMath.py | 9 5 + 4 - 0 !
2 files changed, 10 insertions(+), 4 deletions(-)

 allow ops

(cherry picked from commit 0ca3c33c59927e1c7e0c14dbc1eea1dfb2431a80)

Tests/test_imagemath.py | 5 5 + 0 - 0 !
src/PIL/ImageMath.py | 2 1 + 1 - 0 !
2 files changed, 6 insertions(+), 1 deletion(-)

 include further builtins

(cherry picked from commit 557ba59d13de919d04b3fd4cdef8634f7d4b3348)

src/_imagingcms.c | 9 4 + 5 - 0 !
1 file changed, 4 insertions(+), 5 deletions(-)

 use strncpy to avoid buffer overflow

(cherry picked from commit 2a93aba5cfcf6e241ab4f9392c13e3b74032c061)

Tests/test_imagefont.py | 19 19 + 0 - 0 !
docs/reference/ImageFont.rst | 18 18 + 0 - 0 !
src/PIL/ImageFont.py | 19 19 + 0 - 0 !
3 files changed, 56 insertions(+)

 added imagefont.max_string_length

(cherry picked from commit 1fe1bb49c452b0318cad12ea9d97c3bef188e9a7)