Forbid Pillow 9.2.0 as a dependency - fix #628

py-pdf · Dec 19, 2022 · 77d8f07 · 77d8f07
1 parent 00f9b2a
commit 77d8f07
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/fpdf/output.py b/fpdf/output.py
@@ -587,8 +587,7 @@ def _add_fonts(self):
                 # allows searching the file and copying text from it.
                 bfChar = []
                 uni_to_new_code_char = font["subset"].dict()
-                for code in uni_to_new_code_char:
-                    code_mapped = uni_to_new_code_char.get(code)
+                for code, code_mapped in uni_to_new_code_char.items():
                     if code > 0xFFFF:
                         # Calculate surrogate pair
                         code_high = 0xD800 | (code - 0x10000) >> 10

diff --git a/setup.py b/setup.py
@@ -31,9 +31,12 @@
         package_dir={"fpdf": "fpdf"},
         install_requires=[
             "defusedxml",
-            "Pillow>=6.2.2",  # minimum version tested there: https://github.com/PyFPDF/fpdf2/actions/runs/2295868575
+            "Pillow>=6.2.2,!=9.2.*",  # minimum version tested there: https://github.com/PyFPDF/fpdf2/actions/runs/2295868575
+            # Version 9.2.0 is excluded due to DoS vulnerability with TIFF images: https://github.com/PyFPDF/fpdf2/issues/628
+            # Version exclusion explained here: https://devpress.csdn.net/python/630462c0c67703293080c302.html
             "fonttools>=4.34.0",
         ],
+        python_requires=">=3.7",
         classifiers=[
             "Development Status :: 5 - Production/Stable",
             "Intended Audience :: Developers",