From b25a0542415ed2e34f10aaa70dd84a6b6b789921 Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Sun, 17 Mar 2024 01:17:38 +0200 Subject: [PATCH] Update release notes --- docs/releasenotes/2.3.1.rst | 14 +++++++------- docs/releasenotes/2.3.2.rst | 4 ++-- docs/releasenotes/2.5.2.rst | 4 ++-- docs/releasenotes/2.6.0.rst | 12 ++---------- docs/releasenotes/2.7.0.rst | 3 --- docs/releasenotes/2.8.0.rst | 3 --- docs/releasenotes/3.0.0.rst | 26 +++++++++++++------------- docs/releasenotes/3.1.0.rst | 3 --- docs/releasenotes/3.2.0.rst | 3 --- docs/releasenotes/3.3.0.rst | 19 ++++++++----------- docs/releasenotes/3.4.0.rst | 19 +++++++++++-------- docs/releasenotes/4.0.0.rst | 3 --- docs/releasenotes/4.1.1.rst | 3 --- docs/releasenotes/4.2.0.rst | 4 ++-- docs/releasenotes/4.2.1.rst | 3 --- docs/releasenotes/5.1.0.rst | 6 +++--- docs/releasenotes/5.4.1.rst | 3 --- docs/releasenotes/7.1.1.rst | 3 --- docs/releasenotes/7.1.2.rst | 3 --- docs/releasenotes/8.3.1.rst | 3 --- 20 files changed, 50 insertions(+), 91 deletions(-) diff --git a/docs/releasenotes/2.3.1.rst b/docs/releasenotes/2.3.1.rst index d8c41d3ed..e54065a0b 100644 --- a/docs/releasenotes/2.3.1.rst +++ b/docs/releasenotes/2.3.1.rst @@ -4,23 +4,23 @@ Security ======== -These issues reported in +These issues were reported in `Debian bug #737059 `_. :cve:`2014-1932`: Fix insecure use of :py:func:`tempfile.mktemp` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The (1) load_djpeg function in ``JpegImagePlugin.py``, (2) Ghostscript function -in EpsImagePlugin.py, (3) load function in ``IptcImagePlugin.py``, and (4) -``_copy`` function in Image.py in Python Image Library (PIL) 1.1.7 and earlier -and Pillow before 2.3.1 do not properly create temporary files, which allow +The (1) ``load_djpeg`` function in ``JpegImagePlugin.py``, (2) Ghostscript function +in ``EpsImagePlugin.py``, (3) ``load`` function in ``IptcImagePlugin.py``, and (4) +``_copy`` function in ``Image.py`` in +Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. :cve:`2014-1933`: Fix insecure use of :py:func:`tempfile.mktemp` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The (1) ``JpegImagePlugin.py`` and (2) ``EpsImagePlugin.py`` scripts in Python -Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of +The (1) ``JpegImagePlugin.py`` and (2) ``EpsImagePlugin.py`` scripts in +Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes. diff --git a/docs/releasenotes/2.3.2.rst b/docs/releasenotes/2.3.2.rst index 56398a974..c4504ee33 100644 --- a/docs/releasenotes/2.3.2.rst +++ b/docs/releasenotes/2.3.2.rst @@ -7,8 +7,8 @@ Security :cve:`2014-3589`: Fix DOS attack ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -``PIL/IcnsImagePlugin.py`` in Python Imaging Library (PIL) and Pillow before 2.3.2 and +``PIL/IcnsImagePlugin.py`` in Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. -Found and reported by Andrew Drake of dropbox.com +Found and reported by Andrew Drake of `Dropbox `__. diff --git a/docs/releasenotes/2.5.2.rst b/docs/releasenotes/2.5.2.rst index 4884f8db8..a80b460a8 100644 --- a/docs/releasenotes/2.5.2.rst +++ b/docs/releasenotes/2.5.2.rst @@ -7,8 +7,8 @@ Security :cve:`2014-3589`: Fix DOS attack ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -``PIL/IcnsImagePlugin.py`` in Python Imaging Library (PIL) and Pillow before 2.3.2 and +``PIL/IcnsImagePlugin.py`` in Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. -Found and reported by Andrew Drake of dropbox.com +Found and reported by Andrew Drake of `Dropbox `__. diff --git a/docs/releasenotes/2.6.0.rst b/docs/releasenotes/2.6.0.rst index 22e8c737b..84b0016d2 100644 --- a/docs/releasenotes/2.6.0.rst +++ b/docs/releasenotes/2.6.0.rst @@ -7,16 +7,8 @@ Security :cve:`2014-3589`: Fix DOS attack ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -``PIL/IcnsImagePlugin.py`` in Python Imaging Library (PIL) and Pillow before 2.3.2 and +``PIL/IcnsImagePlugin.py`` in Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. -Found and reported by Andrew Drake of dropbox.com - -Other Changes -============= - -Relaxed precision of some tests -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Relaxed imagedraw tests to allow slight errors for x86 vs x64. +Found and reported by Andrew Drake of `Dropbox `__. diff --git a/docs/releasenotes/2.7.0.rst b/docs/releasenotes/2.7.0.rst index 82b59a6d8..5d76830d2 100644 --- a/docs/releasenotes/2.7.0.rst +++ b/docs/releasenotes/2.7.0.rst @@ -1,9 +1,6 @@ 2.7.0 ----- -Other Changes -============= - Sane Plugin ^^^^^^^^^^^ diff --git a/docs/releasenotes/2.8.0.rst b/docs/releasenotes/2.8.0.rst index 5af2d70ba..2b9eed524 100644 --- a/docs/releasenotes/2.8.0.rst +++ b/docs/releasenotes/2.8.0.rst @@ -1,9 +1,6 @@ 2.8.0 ----- -Other Changes -============= - Open HTTP response objects with Image.open ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/releasenotes/3.0.0.rst b/docs/releasenotes/3.0.0.rst index 4ec71fa67..8bc477f70 100644 --- a/docs/releasenotes/3.0.0.rst +++ b/docs/releasenotes/3.0.0.rst @@ -1,22 +1,22 @@ 3.0.0 ----- -Deprecations -============ +Backwards Incompatible Changes +============================== Several methods that have been marked as deprecated for many releases -have been removed in this release:: +have been removed in this release: - Image.tostring() - Image.fromstring() - Image.offset() - ImageDraw.setink() - ImageDraw.setfill() - The ImageFileIO module - The ImageFont.FreeTypeFont and ImageFont.truetype ``file`` keyword arg - The ImagePalette private _make functions - ImageWin.fromstring() - ImageWin.tostring() +* ``Image.tostring()`` +* ``Image.fromstring()`` +* ``Image.offset()`` +* ``ImageDraw.setink()`` +* ``ImageDraw.setfill()`` +* The ``ImageFileIO`` module +* The ``ImageFont.FreeTypeFont`` and ``ImageFont.truetype`` ``file`` keyword arg +* The ``ImagePalette`` private ``_make`` functions +* ``ImageWin.fromstring()`` +* ``ImageWin.tostring()`` Other Changes ============= diff --git a/docs/releasenotes/3.1.0.rst b/docs/releasenotes/3.1.0.rst index 78531ca37..951819f19 100644 --- a/docs/releasenotes/3.1.0.rst +++ b/docs/releasenotes/3.1.0.rst @@ -1,9 +1,6 @@ 3.1.0 ----- -Other Changes -============= - ImageDraw arc, chord and pieslice can now use floats ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/releasenotes/3.2.0.rst b/docs/releasenotes/3.2.0.rst index b050e1942..3ed8fae57 100644 --- a/docs/releasenotes/3.2.0.rst +++ b/docs/releasenotes/3.2.0.rst @@ -1,9 +1,6 @@ 3.2.0 ----- -Other Changes -============= - New DDS and FTEX Image Plugins ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/releasenotes/3.3.0.rst b/docs/releasenotes/3.3.0.rst index 35279d493..cd6f7e2f9 100644 --- a/docs/releasenotes/3.3.0.rst +++ b/docs/releasenotes/3.3.0.rst @@ -1,9 +1,6 @@ 3.3.0 ----- -Other Changes -============= - Libimagequant support ^^^^^^^^^^^^^^^^^^^^^ @@ -19,13 +16,13 @@ New Setup.py options There are two new options to control the ``build_ext`` task in ``setup.py``: - * ``--debug`` dumps all of the directories and files that are - checked when searching for libraries or headers when building the - extensions. - * ``--disable-platform-guessing`` removes many of the directories - that are checked for libraries and headers for build systems or - cross compilers that specify that information in via environment - variables. +* ``--debug`` dumps all of the directories and files that are + checked when searching for libraries or headers when building the + extensions. +* ``--disable-platform-guessing`` removes many of the directories + that are checked for libraries and headers for build systems or + cross compilers that specify that information in via environment + variables. Resizing ^^^^^^^^ @@ -51,4 +48,4 @@ Image Metadata The return type for binary data in version 2 Exif and Tiff metadata has been changed from a tuple of integers to bytes. This is a change -from the behavior since ``3.0.0``. +from the behavior since 3.0.0. diff --git a/docs/releasenotes/3.4.0.rst b/docs/releasenotes/3.4.0.rst index 05fa7e5e2..8a5a7efe3 100644 --- a/docs/releasenotes/3.4.0.rst +++ b/docs/releasenotes/3.4.0.rst @@ -1,6 +1,16 @@ 3.4.0 ----- +Backwards Incompatible Changes +============================== + +Image.core.open_ppm removed +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The nominally private/debugging function ``Image.core.open_ppm`` has +been removed. If you were using this function, please use +``Image.open`` instead. + Deprecations ============ @@ -12,14 +22,7 @@ silently drops the alpha channel. With this release Pillow will now issue a :py:exc:`DeprecationWarning` when attempting to save a ``RGBA`` mode image as a JPEG. This will become an error in Pillow 4.2. -Image.core.open_ppm removed -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The nominally private/debugging function ``Image.core.open_ppm`` has -been removed. If you were using this function, please use -``Image.open`` instead. - -Other changes +API Additions ============= New resizing filters diff --git a/docs/releasenotes/4.0.0.rst b/docs/releasenotes/4.0.0.rst index 34a59ab6a..625f237e8 100644 --- a/docs/releasenotes/4.0.0.rst +++ b/docs/releasenotes/4.0.0.rst @@ -1,9 +1,6 @@ 4.0.0 ----- -Other Changes -============= - Python 2.6 and 3.2 Dropped ^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/releasenotes/4.1.1.rst b/docs/releasenotes/4.1.1.rst index 8c04387d4..8c8055bfa 100644 --- a/docs/releasenotes/4.1.1.rst +++ b/docs/releasenotes/4.1.1.rst @@ -1,9 +1,6 @@ 4.1.1 ----- -Other Changes -============= - Fix Regression with reading DPI from EXIF data ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/releasenotes/4.2.0.rst b/docs/releasenotes/4.2.0.rst index 2590c2610..bc2a45f02 100644 --- a/docs/releasenotes/4.2.0.rst +++ b/docs/releasenotes/4.2.0.rst @@ -1,8 +1,8 @@ 4.2.0 ----- -Deprecations -============ +Backwards Incompatible Changes +============================== Several deprecated items have been removed ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/releasenotes/4.2.1.rst b/docs/releasenotes/4.2.1.rst index 220cc79b6..2061f6467 100644 --- a/docs/releasenotes/4.2.1.rst +++ b/docs/releasenotes/4.2.1.rst @@ -3,9 +3,6 @@ There are no functional changes in this release. -Other Changes -============= - Fixed Windows PyPy Build ^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/releasenotes/5.1.0.rst b/docs/releasenotes/5.1.0.rst index f965e74a1..c49376dee 100644 --- a/docs/releasenotes/5.1.0.rst +++ b/docs/releasenotes/5.1.0.rst @@ -18,15 +18,15 @@ Append to PDF Files Images can now be appended to PDF files in place by passing in ``append=True`` when saving the image. -Other Changes -============= - New BLP File Format ^^^^^^^^^^^^^^^^^^^ Pillow now supports reading the BLP "Blizzard Mipmap" file format used for tiles in Blizzard's engine. +Other Changes +============= + WebP memory leak ^^^^^^^^^^^^^^^^ diff --git a/docs/releasenotes/5.4.1.rst b/docs/releasenotes/5.4.1.rst index e02ab9b31..bbabd6520 100644 --- a/docs/releasenotes/5.4.1.rst +++ b/docs/releasenotes/5.4.1.rst @@ -3,9 +3,6 @@ This release fixes regressions in 5.4.0. -Other Changes -============= - Installation on Termux ^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/releasenotes/7.1.1.rst b/docs/releasenotes/7.1.1.rst index d0bf974ea..4afdb6645 100644 --- a/docs/releasenotes/7.1.1.rst +++ b/docs/releasenotes/7.1.1.rst @@ -1,9 +1,6 @@ 7.1.1 ----- -Other Changes -============= - Fix regression seeking PNG files ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/releasenotes/7.1.2.rst b/docs/releasenotes/7.1.2.rst index 211d9dbc1..63a4b7aad 100644 --- a/docs/releasenotes/7.1.2.rst +++ b/docs/releasenotes/7.1.2.rst @@ -1,9 +1,6 @@ 7.1.2 ----- -Other Changes -============= - Fix another regression seeking PNG files ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/releasenotes/8.3.1.rst b/docs/releasenotes/8.3.1.rst index 5f5f9ff29..edcda3d61 100644 --- a/docs/releasenotes/8.3.1.rst +++ b/docs/releasenotes/8.3.1.rst @@ -1,9 +1,6 @@ 8.3.1 ----- -Other Changes -============= - Fixed regression converting to NumPy arrays ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^