Skip to content

Commit

Permalink
Merge pull request python-pillow#8356 from hugovk/deprecate-freetype-…
Browse files Browse the repository at this point in the history 
…2.9.0

Deprecate support for FreeType 2.9.0
  • Loading branch information
@radarhere
radarhere authored Sep 9, 2024
2 parents 012270d + 2f13c45 commit 906f932
Show file tree
Hide file tree
Showing 4 changed files with 54 additions and 1 deletion.
12 changes: 12 additions & 0 deletions Tests/test_imagefont.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1150,3 +1150,15 @@ def test_invalid_truetype_sizes_raise_valueerror(
) -> None:
with pytest.raises(ValueError):
ImageFont.truetype(FONT_PATH, size, layout_engine=layout_engine)


def test_freetype_deprecation(monkeypatch: pytest.MonkeyPatch) -> None:
# Arrange: mock features.version_module to return fake FreeType version
def fake_version_module(module: str) -> str:
return "2.9.0"

monkeypatch.setattr(features, "version_module", fake_version_module)

# Act / Assert
with pytest.warns(DeprecationWarning):
ImageFont.truetype(FONT_PATH, FONT_SIZE)
13 changes: 13 additions & 0 deletions docs/deprecations.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,19 @@ ImageDraw.getdraw hints parameter

The ``hints`` parameter in :py:meth:`~PIL.ImageDraw.getdraw()` has been deprecated.

FreeType 2.9.0
^^^^^^^^^^^^^^

.. deprecated:: 11.0.0

Support for FreeType 2.9.0 is deprecated and will be removed in Pillow 12.0.0
(2025-10-15), when FreeType 2.9.1 will be the minimum supported.

We recommend upgrading to at least FreeType `2.10.4`_, which fixed a severe
vulnerability introduced in FreeType 2.6 (:cve:`2020-15999`).

.. _2.10.4: https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/

ImageMath.lambda_eval and ImageMath.unsafe_eval options parameter
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Expand Down
13 changes: 13 additions & 0 deletions docs/releasenotes/11.0.0.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,19 @@ An unused setting, ``TiffImagePlugin.IFD_LEGACY_API``, has been removed.
Deprecations
============

FreeType 2.9.0
^^^^^^^^^^^^^^

.. deprecated:: 11.0.0

Support for FreeType 2.9.0 is deprecated and will be removed in Pillow 12.0.0
(2025-10-15), when FreeType 2.9.1 will be the minimum supported.

We recommend upgrading to at least FreeType `2.10.4`_, which fixed a severe
vulnerability introduced in FreeType 2.6 (:cve:`2020-15999`).

.. _2.10.4: https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/

ImageMath.lambda_eval and ImageMath.unsafe_eval options parameter
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Expand Down
17 changes: 16 additions & 1 deletion src/PIL/ImageFont.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
from types import ModuleType
from typing import IO, TYPE_CHECKING, Any, BinaryIO, TypedDict, cast

from . import Image
from . import Image, features
from ._typing import StrOrBytesPath
from ._util import DeferredError, is_path

Expand Down Expand Up @@ -232,6 +232,21 @@ def __init__(
self.index = index
self.encoding = encoding

try:
from packaging.version import parse as parse_version
except ImportError:
pass
else:
if freetype_version := features.version_module("freetype2"):
if parse_version(freetype_version) < parse_version("2.9.1"):
warnings.warn(
"Support for FreeType 2.9.0 is deprecated and will be removed "
"in Pillow 12 (2025-10-15). Please upgrade to FreeType 2.9.1 "
"or newer, preferably FreeType 2.10.4 which fixes "
"CVE-2020-15999.",
DeprecationWarning,
)

if layout_engine not in (Layout.BASIC, Layout.RAQM):
layout_engine = Layout.BASIC
if core.HAVE_RAQM:
Expand Down

0 comments on commit 906f932

Please sign in to comment.