From d48a6cf1404c7ee06829a0d1a9d3a966595d2555 Mon Sep 17 00:00:00 2001 From: Alex Clark Date: Thu, 14 Mar 2024 20:50:17 -0400 Subject: [PATCH] Update release notes to match template for #7864 --- docs/releasenotes/10.0.1.rst | 5 ++++- docs/releasenotes/10.3.0.rst | 5 +++++ docs/releasenotes/2.7.0.rst | 19 +++++++++--------- docs/releasenotes/3.1.0.rst | 6 +++--- docs/releasenotes/3.2.0.rst | 4 ++-- docs/releasenotes/4.0.0.rst | 14 ++++++------- docs/releasenotes/4.1.0.rst | 6 +++--- docs/releasenotes/5.1.0.rst | 31 +++++++++++++---------------- docs/releasenotes/6.2.2.rst | 21 +++----------------- docs/releasenotes/8.3.1.rst | 2 +- docs/releasenotes/9.4.0.rst | 38 ++++++++++++++++++------------------ 11 files changed, 70 insertions(+), 81 deletions(-) diff --git a/docs/releasenotes/10.0.1.rst b/docs/releasenotes/10.0.1.rst index a260fc3819a..02189d51405 100644 --- a/docs/releasenotes/10.0.1.rst +++ b/docs/releasenotes/10.0.1.rst @@ -11,7 +11,10 @@ This release provides an updated install script and updated wheels to include libwebp 1.3.2, preventing a potential heap buffer overflow in WebP. +Other Changes +============= + Updated tests to pass with latest zlib version -============================================== +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The release of zlib 1.3 caused one of the tests in the Pillow test suite to fail. diff --git a/docs/releasenotes/10.3.0.rst b/docs/releasenotes/10.3.0.rst index b5dbf16d4cb..110126dc1e5 100644 --- a/docs/releasenotes/10.3.0.rst +++ b/docs/releasenotes/10.3.0.rst @@ -90,3 +90,8 @@ Release GIL when fetching WebP frames Python's Global Interpreter Lock is now released when fetching WebP frames from the libwebp decoder. + +Add release notes for 2.3.1, 2.3.2, 2.5.2 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +TODO diff --git a/docs/releasenotes/2.7.0.rst b/docs/releasenotes/2.7.0.rst index 3b4d6e65dee..82b59a6d8f3 100644 --- a/docs/releasenotes/2.7.0.rst +++ b/docs/releasenotes/2.7.0.rst @@ -35,7 +35,7 @@ which filter should be used for resampling. Possible values are: were changed in this version. Bicubic and bilinear downscaling --------------------------------- +++++++++++++++++++++++++++++++++ From the beginning ``BILINEAR`` and ``BICUBIC`` filters were based on affine transformations and used a fixed number of pixels from the source image for @@ -52,7 +52,7 @@ If you have previously used any tricks to maintain quality when downscaling with steps), they are unnecessary now. Antialias renamed to Lanczos ----------------------------- +++++++++++++++++++++++++++++ A new ``LANCZOS`` constant was added instead of ``ANTIALIAS``. @@ -66,19 +66,19 @@ The ``ANTIALIAS`` constant is left for backward compatibility and is an alias for ``LANCZOS``. Lanczos upscaling quality -------------------------- ++++++++++++++++++++++++++ The image upscaling quality with ``LANCZOS`` filter was almost the same as ``BILINEAR`` due to a bug. This has been fixed. Bicubic upscaling quality -------------------------- ++++++++++++++++++++++++++ The ``BICUBIC`` filter for affine transformations produced sharp, slightly pixelated image for upscaling. Bicubic for convolutions is more soft. Resize performance ------------------- +++++++++++++++++++ In most cases, convolution is more a expensive algorithm for downscaling because it takes into account all the pixels of source image. Therefore @@ -95,7 +95,7 @@ The upscaling performance of the ``LANCZOS`` filter has remained the same. For times. Default filter for thumbnails ------------------------------ ++++++++++++++++++++++++++++++ In Pillow 2.5 the default filter for :py:meth:`~PIL.Image.Image.thumbnail` was changed from ``NEAREST`` to ``ANTIALIAS``. Antialias was chosen because all the @@ -105,7 +105,6 @@ other filters gave poor quality for reduction. Starting from Pillow 2.7.0, uses supersampling internally, not convolutions. Image transposition -^^^^^^^^^^^^^^^^^^^ A new method ``TRANSPOSE`` has been added for the :py:meth:`~PIL.Image.Image.transpose` operation in addition to @@ -127,7 +126,7 @@ implementations use Gaussian blur internally, all changes from this chapter are also applicable to it. Blur radius ------------ ++++++++++++ There was an error in the previous version of Pillow, where blur radius (the standard deviation of Gaussian) actually meant blur diameter. For example, to @@ -138,7 +137,7 @@ If you used a Gaussian blur with some radius value, you need to divide this value by two. Blur performance ----------------- +++++++++++++++++ Box filter computation time is constant relative to the radius and depends on source image size only. Because the new Gaussian blur implementation @@ -150,7 +149,7 @@ second for radius 1, 3.6 seconds for radius 10 and 17 seconds for 50, now blur with any radius on same image is executed for 0.2 seconds. Blur quality ------------- +++++++++++++ The previous implementation takes into account only source pixels within 2 * standard deviation radius for every destination pixel. This was not enough, diff --git a/docs/releasenotes/3.1.0.rst b/docs/releasenotes/3.1.0.rst index a233b2b8f27..78531ca374f 100644 --- a/docs/releasenotes/3.1.0.rst +++ b/docs/releasenotes/3.1.0.rst @@ -34,7 +34,7 @@ fixed in Pillow 3.1, and some of them have been extended to have different behavior. TiffImagePlugin.IFDRational ---------------------------- ++++++++++++++++++++++++++++ Pillow 3.0 changed rational metadata to use a float. In Pillow 3.1, this has changed to allow the expression of 0/0 as a valid piece of @@ -52,7 +52,7 @@ This class should be used when adding a rational value to an ImageFileDirectory for saving to image metadata. JpegImagePlugin._getexif ------------------------- +++++++++++++++++++++++++ In Pillow 3.0, the dictionary returned from the private, experimental, but generally widely used ``_getexif`` function changed to reflect the @@ -67,7 +67,7 @@ The format returned by Pillow 3.0 has been abandoned. A more fully featured interface for EXIF is anticipated in a future release. Out of Spec Metadata --------------------- +++++++++++++++++++++ In Pillow 3.0 and 3.1, images that contain metadata that is internally consistent, but not in agreement with the TIFF spec, may cause an diff --git a/docs/releasenotes/3.2.0.rst b/docs/releasenotes/3.2.0.rst index 26a91db7950..b050e19426b 100644 --- a/docs/releasenotes/3.2.0.rst +++ b/docs/releasenotes/3.2.0.rst @@ -22,7 +22,7 @@ The ``GbrImagePlugin`` (GIMP brush format) has been updated to fix support for version 1 files and add support for version 2 files. Passthrough Parameters for ImageDraw.text -========================================= +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ``ImageDraw.multiline_text`` and ``ImageDraw.multiline_size`` take extra spacing parameters above what are used in ``ImageDraw.text`` and @@ -31,7 +31,7 @@ spacing parameters above what are used in ``ImageDraw.text`` and to the corresponding multiline functions. ImageSequence.Iterator changes -============================== +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ``ImageSequence.Iterator`` is now an actual iterator implementing the Iterator protocol. It is also now possible to seek to the first image diff --git a/docs/releasenotes/4.0.0.rst b/docs/releasenotes/4.0.0.rst index 8b4b403a7aa..34a59ab6ac4 100644 --- a/docs/releasenotes/4.0.0.rst +++ b/docs/releasenotes/4.0.0.rst @@ -5,7 +5,7 @@ Other Changes ============= Python 2.6 and 3.2 Dropped -========================== +^^^^^^^^^^^^^^^^^^^^^^^^^^ Pillow 4.0 no longer supports Python 2.6 and 3.2. We will not be creating binaries, testing, or retaining compatibility with these @@ -13,12 +13,12 @@ releases. This release removes some workarounds for those Python releases, so the final working version of Pillow on 2.6 or 3.2 is 3.4.2. Support added for Python 3.6 -============================ +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Pillow 4.0 supports Python 3.6. OleFileIO.py -============ +^^^^^^^^^^^^ ``OleFileIO.py`` has been removed as a vendored file and is now installed from the upstream :pypi:`olefile` PyPI package. All internal dependencies are @@ -27,19 +27,19 @@ redirected to the olefile package. Direct accesses to upstream olefile into ``sys.modules`` in its place. SGI image save -============== +^^^^^^^^^^^^^^ It is now possible to save images in modes ``L``, ``RGB``, and ``RGBA`` to the uncompressed SGI image format. Zero sized images -================= +^^^^^^^^^^^^^^^^^ Pillow 3.4.0 removed support for creating images with (0,0) size. This has been reenabled, restoring pre 3.4 behavior. Internal handles_eof flag -========================= +^^^^^^^^^^^^^^^^^^^^^^^^^ The ``handles_eof flag`` for decoding images has been removed, as there were no internal users of the flag. Anyone maintaining image decoders @@ -47,7 +47,7 @@ outside of the Pillow source tree should consider using the cleanup function pointers instead. Image.core.stretch removed -========================== +^^^^^^^^^^^^^^^^^^^^^^^^^^ The stretch function on the core image object has been removed. This used to be for enlarging the image, but has been aliased to resize diff --git a/docs/releasenotes/4.1.0.rst b/docs/releasenotes/4.1.0.rst index c57b1212f17..80ad9b9fb63 100644 --- a/docs/releasenotes/4.1.0.rst +++ b/docs/releasenotes/4.1.0.rst @@ -58,14 +58,14 @@ This refactor fixed some bugs with palette handling when saving multiple frame GIFs. New Method: Image.remap_palette -=============================== +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The method :py:meth:`PIL.Image.Image.remap_palette()` has been added. This method was hoisted from the GifImagePlugin code used to optimize the palette. Added Decoder Registry and Support for Python Based Decoders -============================================================ +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ There is now a decoder registry similar to the image plugin registries. Image plugins can register a decoder, and it will be @@ -75,7 +75,7 @@ their C based counterparts, they may be easier and quicker to develop or safer to run. Tests -===== +^^^^^ Many tests have been added, including correctness tests for image formats that have been previously untested. diff --git a/docs/releasenotes/5.1.0.rst b/docs/releasenotes/5.1.0.rst index 96d84f68117..f965e74a14b 100644 --- a/docs/releasenotes/5.1.0.rst +++ b/docs/releasenotes/5.1.0.rst @@ -1,23 +1,6 @@ 5.1.0 ----- -Other Changes -============= - -New File Format -^^^^^^^^^^^^^^^ - -BLP File Format ---------------- - -Pillow now supports reading the BLP "Blizzard Mipmap" file format used -for tiles in Blizzard's engine. - -WebP memory leak -^^^^^^^^^^^^^^^^ - -A memory leak when opening ``WebP`` files has been fixed. - API Changes =========== @@ -34,3 +17,17 @@ Append to PDF Files Images can now be appended to PDF files in place by passing in ``append=True`` when saving the image. + +Other Changes +============= + +New BLP File Format +^^^^^^^^^^^^^^^^^^^ + +Pillow now supports reading the BLP "Blizzard Mipmap" file format used +for tiles in Blizzard's engine. + +WebP memory leak +^^^^^^^^^^^^^^^^ + +A memory leak when opening ``WebP`` files has been fixed. diff --git a/docs/releasenotes/6.2.2.rst b/docs/releasenotes/6.2.2.rst index 941bda3a84f..44bb0ffe34d 100644 --- a/docs/releasenotes/6.2.2.rst +++ b/docs/releasenotes/6.2.2.rst @@ -13,23 +13,8 @@ If an FPX image reports that it has a large number of bands, a large amount of resources will be used when trying to process the image. This is fixed by limiting the number of bands to those usable by Pillow. -:cve:`2020-5310`: Overflow checks added to TIFF image processing -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +:cve:`2020-5310`, :cve:`2020-5311`, :cve:`2020-5312`, :cve:`2020-5313`: Overflow checks added +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Overflow checks have been added when calculating the size of a memory block to be reallocated -in the processing of a TIFF image. - -:cve:`2020-5311`: Overflow checks added to SGI image processing -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Buffer overruns were found when processing an SGI image. Checks have been added to prevent this. - -:cve:`2020-5312`: Overflow checks added to PCX image processing -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Buffer overruns were found when processing a PCX image. Checks have been added to prevent this. - -:cve:`2020-5313`: Overflow checks added to FLI image processing -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Buffer overruns were found when processing an FLI image. Checks have been added to prevent this. +in the processing of TIFF, SGI, PCX and FLI images. diff --git a/docs/releasenotes/8.3.1.rst b/docs/releasenotes/8.3.1.rst index c36aa09fbad..5f5f9ff29df 100644 --- a/docs/releasenotes/8.3.1.rst +++ b/docs/releasenotes/8.3.1.rst @@ -22,7 +22,7 @@ with a ``dtype`` argument. >>> Catch OSError when checking if destination is sys.stdout -======================================================== +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ In 8.3.0, a check to see if the destination was ``sys.stdout`` when saving an image was updated. This lead to an :py:exc:`OSError` being raised if the environment restricted diff --git a/docs/releasenotes/9.4.0.rst b/docs/releasenotes/9.4.0.rst index 0af5bc8ca11..37f26a22c05 100644 --- a/docs/releasenotes/9.4.0.rst +++ b/docs/releasenotes/9.4.0.rst @@ -1,6 +1,25 @@ 9.4.0 ----- +Security +======== + +Fix memory DOS in ImageFont +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +A corrupt or specially crafted TTF font could have font metrics that lead to +unreasonably large sizes when rendering text in font. ``ImageFont.py`` did not +check the image size before allocating memory for it. This dates to the PIL +fork. Pillow 8.2.0 added a check for large sizes, but did not consider the +case where one dimension is zero. + +Null pointer dereference crash in ImageFont +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Pillow attempted to dereference a null pointer in ``ImageFont``, leading to a +crash. An error is now raised instead. This has been present since +Pillow 8.0.0. + API Additions ============= @@ -69,25 +88,6 @@ When saving a JPEG image, a comment can now be written from im.save(out, comment="Test comment") -Security -======== - -Fix memory DOS in ImageFont -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -A corrupt or specially crafted TTF font could have font metrics that lead to -unreasonably large sizes when rendering text in font. ``ImageFont.py`` did not -check the image size before allocating memory for it. This dates to the PIL -fork. Pillow 8.2.0 added a check for large sizes, but did not consider the -case where one dimension is zero. - -Null pointer dereference crash in ImageFont -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Pillow attempted to dereference a null pointer in ``ImageFont``, leading to a -crash. An error is now raised instead. This has been present since -Pillow 8.0.0. - Other Changes =============