python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2024-12-26 18:06:18 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update release notes

Browse Source
This commit is contained in:
Hugo van Kemenade 2024-03-17 01:17:38 +02:00
parent 2568fd891f
commit b25a054241
20 changed files with 50 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/releasenotes/2.3.1.rst
View File

@ -4,23 +4,23 @@
Security Security
======== ========
These issues reported in These issues were reported in
`Debian bug #737059 <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059>`_. `Debian bug #737059 <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059>`_.
:cve:`2014-1932`: Fix insecure use of :py:func:`tempfile.mktemp` :cve:`2014-1932`: Fix insecure use of :py:func:`tempfile.mktemp`
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The (1) load_djpeg function in ``JpegImagePlugin.py``, (2) Ghostscript function The (1) ``load_djpeg`` function in ``JpegImagePlugin.py``, (2) Ghostscript function
in EpsImagePlugin.py, (3) load function in ``IptcImagePlugin.py``, and (4) in ``EpsImagePlugin.py``, (3) ``load`` function in ``IptcImagePlugin.py``, and (4)
``_copy`` function in Image.py in Python Image Library (PIL) 1.1.7 and earlier ``_copy`` function in ``Image.py`` in
and Pillow before 2.3.1 do not properly create temporary files, which allow Pillow before 2.3.1 do not properly create temporary files, which allow
local users to overwrite arbitrary files and obtain sensitive information via a local users to overwrite arbitrary files and obtain sensitive information via a
symlink attack on the temporary file. symlink attack on the temporary file.
:cve:`2014-1933`: Fix insecure use of :py:func:`tempfile.mktemp` :cve:`2014-1933`: Fix insecure use of :py:func:`tempfile.mktemp`
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The (1) ``JpegImagePlugin.py`` and (2) ``EpsImagePlugin.py`` scripts in Python The (1) ``JpegImagePlugin.py`` and (2) ``EpsImagePlugin.py`` scripts in
Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of Pillow before 2.3.1 uses the names of
temporary files on the command line, which makes it easier for local users to temporary files on the command line, which makes it easier for local users to
conduct symlink attacks by listing the processes. conduct symlink attacks by listing the processes.

4
docs/releasenotes/2.3.2.rst
View File

@ -7,8 +7,8 @@ Security
:cve:`2014-3589`: Fix DOS attack :cve:`2014-3589`: Fix DOS attack
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
``PIL/IcnsImagePlugin.py`` in Python Imaging Library (PIL) and Pillow before 2.3.2 and ``PIL/IcnsImagePlugin.py`` in Pillow before 2.3.2 and
2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted
block size. block size.
Found and reported by Andrew Drake of dropbox.com Found and reported by Andrew Drake of `Dropbox <https://www.dropbox.com/>`__.

4
docs/releasenotes/2.5.2.rst
View File

@ -7,8 +7,8 @@ Security
:cve:`2014-3589`: Fix DOS attack :cve:`2014-3589`: Fix DOS attack
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
``PIL/IcnsImagePlugin.py`` in Python Imaging Library (PIL) and Pillow before 2.3.2 and ``PIL/IcnsImagePlugin.py`` in Pillow before 2.3.2 and
2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted
block size. block size.
Found and reported by Andrew Drake of dropbox.com Found and reported by Andrew Drake of `Dropbox <https://www.dropbox.com/>`__.

12
docs/releasenotes/2.6.0.rst
View File

@ -7,16 +7,8 @@ Security
:cve:`2014-3589`: Fix DOS attack :cve:`2014-3589`: Fix DOS attack
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
``PIL/IcnsImagePlugin.py`` in Python Imaging Library (PIL) and Pillow before 2.3.2 and ``PIL/IcnsImagePlugin.py`` in Pillow before 2.3.2 and
2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted
block size. block size.
Found and reported by Andrew Drake of dropbox.com Found and reported by Andrew Drake of `Dropbox <https://www.dropbox.com/>`__.
Other Changes
=============
Relaxed precision of some tests
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Relaxed imagedraw tests to allow slight errors for x86 vs x64.

3
docs/releasenotes/2.7.0.rst
View File

@ -1,9 +1,6 @@
2.7.0 2.7.0
----- -----
Other Changes
=============
Sane Plugin Sane Plugin
^^^^^^^^^^^ ^^^^^^^^^^^

3
docs/releasenotes/2.8.0.rst
View File

@ -1,9 +1,6 @@
2.8.0 2.8.0
----- -----
Other Changes
=============
Open HTTP response objects with Image.open Open HTTP response objects with Image.open
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

26
docs/releasenotes/3.0.0.rst
View File

@ -1,22 +1,22 @@
3.0.0 3.0.0
----- -----
Deprecations Backwards Incompatible Changes
============ ==============================
Several methods that have been marked as deprecated for many releases Several methods that have been marked as deprecated for many releases
have been removed in this release:: have been removed in this release:
Image.tostring() * ``Image.tostring()``
Image.fromstring() * ``Image.fromstring()``
Image.offset() * ``Image.offset()``
ImageDraw.setink() * ``ImageDraw.setink()``
ImageDraw.setfill() * ``ImageDraw.setfill()``
The ImageFileIO module * The ``ImageFileIO`` module
The ImageFont.FreeTypeFont and ImageFont.truetype ``file`` keyword arg * The ``ImageFont.FreeTypeFont`` and ``ImageFont.truetype`` ``file`` keyword arg
The ImagePalette private _make functions * The ``ImagePalette`` private ``_make`` functions
ImageWin.fromstring() * ``ImageWin.fromstring()``
ImageWin.tostring() * ``ImageWin.tostring()``
Other Changes Other Changes
============= =============

3
docs/releasenotes/3.1.0.rst
View File

@ -1,9 +1,6 @@
3.1.0 3.1.0
----- -----
Other Changes
=============
ImageDraw arc, chord and pieslice can now use floats ImageDraw arc, chord and pieslice can now use floats
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

3
docs/releasenotes/3.2.0.rst
View File

@ -1,9 +1,6 @@
3.2.0 3.2.0
----- -----
Other Changes
=============
New DDS and FTEX Image Plugins New DDS and FTEX Image Plugins
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

9
docs/releasenotes/3.3.0.rst
View File

@ -1,9 +1,6 @@
3.3.0 3.3.0
----- -----
Other Changes
=============
Libimagequant support Libimagequant support
^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^
@ -19,10 +16,10 @@ New Setup.py options
There are two new options to control the ``build_ext`` task in ``setup.py``: There are two new options to control the ``build_ext`` task in ``setup.py``:
* ``--debug`` dumps all of the directories and files that are * ``--debug`` dumps all of the directories and files that are
checked when searching for libraries or headers when building the checked when searching for libraries or headers when building the
extensions. extensions.
* ``--disable-platform-guessing`` removes many of the directories * ``--disable-platform-guessing`` removes many of the directories
that are checked for libraries and headers for build systems or that are checked for libraries and headers for build systems or
cross compilers that specify that information in via environment cross compilers that specify that information in via environment
variables. variables.
@ -51,4 +48,4 @@ Image Metadata
The return type for binary data in version 2 Exif and Tiff metadata The return type for binary data in version 2 Exif and Tiff metadata
has been changed from a tuple of integers to bytes. This is a change has been changed from a tuple of integers to bytes. This is a change
from the behavior since ``3.0.0``. from the behavior since 3.0.0.

19
docs/releasenotes/3.4.0.rst
View File

@ -1,6 +1,16 @@
3.4.0 3.4.0
----- -----
Backwards Incompatible Changes
==============================
Image.core.open_ppm removed
^^^^^^^^^^^^^^^^^^^^^^^^^^^
The nominally private/debugging function ``Image.core.open_ppm`` has
been removed. If you were using this function, please use
``Image.open`` instead.
Deprecations Deprecations
============ ============
@ -12,14 +22,7 @@ silently drops the alpha channel. With this release Pillow will now
issue a :py:exc:`DeprecationWarning` when attempting to save a ``RGBA`` mode issue a :py:exc:`DeprecationWarning` when attempting to save a ``RGBA`` mode
image as a JPEG. This will become an error in Pillow 4.2. image as a JPEG. This will become an error in Pillow 4.2.
Image.core.open_ppm removed API Additions
^^^^^^^^^^^^^^^^^^^^^^^^^^^
The nominally private/debugging function ``Image.core.open_ppm`` has
been removed. If you were using this function, please use
``Image.open`` instead.
Other changes
============= =============
New resizing filters New resizing filters

3
docs/releasenotes/4.0.0.rst
View File

@ -1,9 +1,6 @@
4.0.0 4.0.0
----- -----
Other Changes
=============
Python 2.6 and 3.2 Dropped Python 2.6 and 3.2 Dropped
^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^

3
docs/releasenotes/4.1.1.rst
View File

@ -1,9 +1,6 @@
4.1.1 4.1.1
----- -----
Other Changes
=============
Fix Regression with reading DPI from EXIF data Fix Regression with reading DPI from EXIF data
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

4
docs/releasenotes/4.2.0.rst
View File

@ -1,8 +1,8 @@
4.2.0 4.2.0
----- -----
Deprecations Backwards Incompatible Changes
============ ==============================
Several deprecated items have been removed Several deprecated items have been removed
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

3
docs/releasenotes/4.2.1.rst
View File

@ -3,9 +3,6 @@
There are no functional changes in this release. There are no functional changes in this release.
Other Changes
=============
Fixed Windows PyPy Build Fixed Windows PyPy Build
^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^

6
docs/releasenotes/5.1.0.rst
View File

@ -18,15 +18,15 @@ Append to PDF Files
Images can now be appended to PDF files in place by passing in Images can now be appended to PDF files in place by passing in
``append=True`` when saving the image. ``append=True`` when saving the image.
Other Changes
=============
New BLP File Format New BLP File Format
^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^
Pillow now supports reading the BLP "Blizzard Mipmap" file format used Pillow now supports reading the BLP "Blizzard Mipmap" file format used
for tiles in Blizzard's engine. for tiles in Blizzard's engine.
Other Changes
=============
WebP memory leak WebP memory leak
^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^

3
docs/releasenotes/5.4.1.rst
View File

@ -3,9 +3,6 @@
This release fixes regressions in 5.4.0. This release fixes regressions in 5.4.0.
Other Changes
=============
Installation on Termux Installation on Termux
^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^

3
docs/releasenotes/7.1.1.rst
View File

@ -1,9 +1,6 @@
7.1.1 7.1.1
----- -----
Other Changes
=============
Fix regression seeking PNG files Fix regression seeking PNG files
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

3
docs/releasenotes/7.1.2.rst
View File

@ -1,9 +1,6 @@
7.1.2 7.1.2
----- -----
Other Changes
=============
Fix another regression seeking PNG files Fix another regression seeking PNG files
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

3
docs/releasenotes/8.3.1.rst
View File

@ -1,9 +1,6 @@
8.3.1 8.3.1
----- -----
Other Changes
=============
Fixed regression converting to NumPy arrays Fixed regression converting to NumPy arrays
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^