python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-11-04 01:47:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Reordered sections to match template

Browse Source
This commit is contained in:
Andrew Murray 2024-03-17 21:59:46 +11:00
parent d2dfb2f87f
commit 4f677f2183
5 changed files with 119 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
docs/releasenotes/6.2.0.rst
View File

@ -29,6 +29,25 @@ perform operations on it.
The CVE is regarding DOS problems, such as consuming large amounts of memory,
or taking a large amount of time to process an image.
API Changes
===========
Image.getexif
^^^^^^^^^^^^^
To allow for lazy loading of Exif data, ``Image.getexif()`` now returns a
shared instance of ``Image.Exif``.
Deprecations
^^^^^^^^^^^^
Image.frombuffer
~~~~~~~~~~~~~~~~
There has been a longstanding warning that the defaults of ``Image.frombuffer``
may change in the future for the "raw" decoder. The change will now take place
in Pillow 7.0.
API Additions
=============
@ -74,25 +93,6 @@ ImageGrab on multi-monitor Windows
An ``all_screens`` argument has been added to ``ImageGrab.grab``. If ``True``,
all monitors will be included in the created image.
API Changes
===========
Image.getexif
^^^^^^^^^^^^^
To allow for lazy loading of Exif data, ``Image.getexif()`` now returns a
shared instance of ``Image.Exif``.
Deprecations
^^^^^^^^^^^^
Image.frombuffer
~~~~~~~~~~~~~~~~
There has been a longstanding warning that the defaults of ``Image.frombuffer``
may change in the future for the "raw" decoder. The change will now take place
in Pillow 7.0.
Other Changes
=============

86
docs/releasenotes/9.1.0.rst
View File

@ -1,49 +1,6 @@
9.1.0
-----
API Changes
===========
Raise an error when performing a negative crop
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Performing a negative crop on an image previously just returned a ``(0, 0)`` image. Now
it will raise a :py:exc:`ValueError`, to help reduce confusion if a user has unintentionally
provided the wrong arguments.
Added specific error if path coordinate type is incorrect
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Rather than returning a :py:exc:`SystemError`, passing the incorrect types of coordinates into
a path will now raise a more specific :py:exc:`ValueError`, with the message "incorrect
coordinate type".
Replace requirements.txt with extras
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Rather than installing all dependencies for docs and tests via ``requirements.txt``,
``extras_require`` is used instead. This installs only those needed and at the same
time as installing Pillow.
For example:
.. code-block:: bash
# Install with dependencies for tests:
python3 -m pip install .[tests]
# Or for building docs:
python3 -m pip install .[docs]
# Or for all:
python3 -m pip install .[docs,tests]
On macOS, the last argument may need to be wrapped in quotes, e.g.
``python3 -m pip install ".[tests]"``
Therefore ``requirements.txt`` has been removed along with the ``make install-req``
command for installing its contents.
Deprecations
============
@ -137,6 +94,49 @@ The stub image plugin ``FitsStubImagePlugin`` has been deprecated and will be re
Pillow 10.0.0 (2023-07-01). FITS images can be read without a handler through
:mod:`~PIL.FitsImagePlugin` instead.
API Changes
===========
Raise an error when performing a negative crop
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Performing a negative crop on an image previously just returned a ``(0, 0)`` image. Now
it will raise a :py:exc:`ValueError`, to help reduce confusion if a user has unintentionally
provided the wrong arguments.
Added specific error if path coordinate type is incorrect
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Rather than returning a :py:exc:`SystemError`, passing the incorrect types of coordinates into
a path will now raise a more specific :py:exc:`ValueError`, with the message "incorrect
coordinate type".
Replace requirements.txt with extras
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Rather than installing all dependencies for docs and tests via ``requirements.txt``,
``extras_require`` is used instead. This installs only those needed and at the same
time as installing Pillow.
For example:
.. code-block:: bash
# Install with dependencies for tests:
python3 -m pip install .[tests]
# Or for building docs:
python3 -m pip install .[docs]
# Or for all:
python3 -m pip install .[docs,tests]
On macOS, the last argument may need to be wrapped in quotes, e.g.
``python3 -m pip install ".[tests]"``
Therefore ``requirements.txt`` has been removed along with the ``make install-req``
command for installing its contents.
API Additions
=============

10
docs/releasenotes/9.2.0.rst
View File

@ -1,6 +1,11 @@
9.2.0
-----
Security
========
An additional decompression bomb check has been added for the GIF format.
Deprecations
============
@ -132,11 +137,6 @@ with "transparency" in ``im.info``, and apply the transparency to the palette in
The image's palette mode will become "RGBA", and "transparency" will be removed from
``im.info``.
Security
========
An additional decompression bomb check has been added for the GIF format.
Other Changes
=============

54
docs/releasenotes/9.3.0.rst
View File

@ -1,6 +1,33 @@
9.3.0
-----
Security
========
Initialize libtiff buffer when saving
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
When saving a TIFF image to a file object using libtiff, the buffer was not
initialized. This behaviour introduced in Pillow 2.0.0, and has now been fixed.
Decode JPEG compressed BLP1 data in original mode
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Within the BLP image format, BLP1 data may use JPEG compression. Instead of
telling the JPEG library that this data is in BGRX mode, Pillow will now
decode the data in its natural CMYK mode, then convert it to RGB and rearrange
the channels afterwards. Trying to load the data in an incorrect mode could
result in a segmentation fault. This issue was introduced in Pillow 9.1.0.
Limit SAMPLESPERPIXEL to avoid runtime DOS
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
A large value in the ``SAMPLESPERPIXEL`` tag could lead to a memory and runtime DOS in
``TiffImagePlugin.py`` when setting up the context for image decoding.
This was introduced in Pillow 9.2.0, found with `OSS-Fuzz`_ and fixed by limiting
``SAMPLESPERPIXEL`` to the number of planes that we can decode.
API Additions
=============
@ -38,33 +65,6 @@ The data from :py:data:`~PIL.ExifTags.TAGS` and
:py:data:`~PIL.ExifTags.GPS`.
Security
========
Initialize libtiff buffer when saving
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
When saving a TIFF image to a file object using libtiff, the buffer was not
initialized. This behaviour introduced in Pillow 2.0.0, and has now been fixed.
Decode JPEG compressed BLP1 data in original mode
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Within the BLP image format, BLP1 data may use JPEG compression. Instead of
telling the JPEG library that this data is in BGRX mode, Pillow will now
decode the data in its natural CMYK mode, then convert it to RGB and rearrange
the channels afterwards. Trying to load the data in an incorrect mode could
result in a segmentation fault. This issue was introduced in Pillow 9.1.0.
Limit SAMPLESPERPIXEL to avoid runtime DOS
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
A large value in the ``SAMPLESPERPIXEL`` tag could lead to a memory and runtime DOS in
``TiffImagePlugin.py`` when setting up the context for image decoding.
This was introduced in Pillow 9.2.0, found with `OSS-Fuzz`_ and fixed by limiting
``SAMPLESPERPIXEL`` to the number of planes that we can decode.
Other Changes
=============

50
docs/releasenotes/9.5.0.rst
View File

@ -1,6 +1,31 @@
9.5.0
-----
Security
========
Clear PPM half token after use
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Image files that are small on disk are often prevented from expanding to be
big images consuming a large amount of resources simply because they lack the
data to populate those resources.
PpmImagePlugin might hold onto the last data read for a pixel value in case the
pixel value has not been finished yet. However, that data was not being cleared
afterwards, meaning that infinite data could be available to fill any image
size. This has been present since Pillow 9.2.0.
That data is now cleared after use.
Saving TIFF tag ImageSourceData
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If Pillow incorrectly saved the TIFF tag ImageSourceData as ASCII instead of
UNDEFINED, a segmentation fault was triggered.
The correct tag type will now be used by default instead.
Deprecations
============
@ -46,31 +71,6 @@ If OpenJPEG 2.4.0 or later is available and the ``plt`` keyword argument
is present and true when saving JPEG2000 images, tell the encoder to generate
PLT markers.
Security
========
Clear PPM half token after use
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Image files that are small on disk are often prevented from expanding to be
big images consuming a large amount of resources simply because they lack the
data to populate those resources.
PpmImagePlugin might hold onto the last data read for a pixel value in case the
pixel value has not been finished yet. However, that data was not being cleared
afterwards, meaning that infinite data could be available to fill any image
size. This has been present since Pillow 9.2.0.
That data is now cleared after use.
Saving TIFF tag ImageSourceData
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If Pillow incorrectly saved the TIFF tag ImageSourceData as ASCII instead of
UNDEFINED, a segmentation fault was triggered.
The correct tag type will now be used by default instead.
Other Changes
=============