Merge pull request #115 from radarhere/update-release-notes

docs/releasenotes/2.7.0.rst

@@ -102,6 +102,7 @@ other filters gave poor quality for reduction. Starting from Pillow 2.7.0,
 uses supersampling internally, not convolutions.
 
 Image transposition
++++++++++++++++++++
 
 A new method ``TRANSPOSE`` has been added for the
 :py:meth:`~PIL.Image.Image.transpose` operation in addition to

docs/releasenotes/3.1.1.rst

@@ -8,8 +8,7 @@ Security
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 Pillow 3.1.0 and earlier when linked against libtiff >= 4.0.0 on x64
-may overflow a buffer when reading a specially crafted tiff file
-(:cve:`2016-0740`).
+may overflow a buffer when reading a specially crafted tiff file.
 
 Specifically, libtiff >= 4.0.0 changed the return type of
 ``TIFFScanlineSize`` from ``int32`` to machine dependent
@@ -63,8 +62,8 @@ assuming 4 bytes per pixel. This writes 768 bytes beyond the end of
 the buffer into other Python object storage. In some cases, this
 causes a segfault, in others an internal Python malloc error.
 
-Integer overflow in Resample.c
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+Integer overflow in ``Resample.c``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 If a large value was passed into the new size for an image, it is
 possible to overflow an ``int32`` value passed into malloc.

docs/releasenotes/5.1.0.rst

@@ -12,6 +12,9 @@ and ``CMYK`` with up to 6 8-bit channels, discarding any extra
 channels if the content is tagged as UNSPECIFIED.  Pillow still does
 not store more than 4 8-bit channels of image data.
 
+API Additions
+=============
+
 Append to PDF Files
 ^^^^^^^^^^^^^^^^^^^
 

docs/releasenotes/6.2.0.rst

@@ -29,6 +29,25 @@ perform operations on it.
 The CVE is regarding DOS problems, such as consuming large amounts of memory,
 or taking a large amount of time to process an image.
 
+API Changes
+===========
+
+Image.getexif
+^^^^^^^^^^^^^
+
+To allow for lazy loading of Exif data, ``Image.getexif()`` now returns a
+shared instance of ``Image.Exif``.
+
+Deprecations
+^^^^^^^^^^^^
+
+Image.frombuffer
+~~~~~~~~~~~~~~~~
+
+There has been a longstanding warning that the defaults of ``Image.frombuffer``
+may change in the future for the "raw" decoder. The change will now take place
+in Pillow 7.0.
+
 API Additions
 =============
 
@@ -74,25 +93,6 @@ ImageGrab on multi-monitor Windows
 An ``all_screens`` argument has been added to ``ImageGrab.grab``. If ``True``,
 all monitors will be included in the created image.
 
-API Changes
-===========
-
-Image.getexif
-^^^^^^^^^^^^^
-
-To allow for lazy loading of Exif data, ``Image.getexif()`` now returns a
-shared instance of ``Image.Exif``.
-
-Deprecations
-^^^^^^^^^^^^
-
-Image.frombuffer
-~~~~~~~~~~~~~~~~
-
-There has been a longstanding warning that the defaults of ``Image.frombuffer``
-may change in the future for the "raw" decoder. The change will now take place
-in Pillow 7.0.
-
 Other Changes
 =============
 

docs/releasenotes/6.2.1.rst

@@ -18,8 +18,6 @@ Pillow 7.0.0 will be released on 2020-01-01 and will drop support for Python
 Other Changes
 =============
 
-
-
 Support added for Python 3.8
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 

docs/releasenotes/6.2.2.rst

@@ -6,15 +6,15 @@ Security
 
 This release fixes several buffer overflow issues and a DOS attack vulnerability.
 
+:cve:`2020-5310`, :cve:`2020-5311`, :cve:`2020-5312`, :cve:`2020-5313`: Overflow checks added
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Overflow checks have been added when calculating the size of a memory block to be reallocated
+in the processing of TIFF, SGI, PCX and FLI images.
+
 :cve:`2019-19911`: DOS attack vulnerability
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 If an FPX image reports that it has a large number of bands, a large amount of
 resources will be used when trying to process the image. This is fixed by
 limiting the number of bands to those usable by Pillow.
-
-:cve:`2020-5310`, :cve:`2020-5311`, :cve:`2020-5312`, :cve:`2020-5313`: Overflow checks added
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Overflow checks have been added when calculating the size of a memory block to be reallocated
-in the processing of TIFF, SGI, PCX and FLI images.

docs/releasenotes/7.1.0.rst

@@ -14,7 +14,9 @@ Pillow before 7.1.0 has multiple out-of-bounds reads in ``libImaging/FliDecode.c
 :cve:`2020-10378`: Bounds overflow in PCX decoding
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-In ``libImaging/PcxDecode.c`` in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
+In ``libImaging/PcxDecode.c`` in Pillow before 7.1.0, an out-of-bounds read can occur
+when reading PCX files where ``state->shuffle`` is instructed to read beyond
+``state->buffer``.
 
 :cve:`2020-10379`: Two buffer overflows in TIFF decoding
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -24,7 +26,8 @@ In Pillow before 7.1.0, there are two buffer overflows in ``libImaging/TiffDecod
 :cve:`2020-10994`: Bounds overflow in JPEG 2000 decoding
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-In ``libImaging/Jpeg2KDecode.c`` in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
+In ``libImaging/Jpeg2KDecode.c`` in Pillow before 7.1.0, there are multiple
+out-of-bounds reads via a crafted JP2 file.
 
 :cve:`2020-11538`: Buffer overflow in SGI-RLE decoding
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

docs/releasenotes/8.1.1.rst

@@ -4,8 +4,8 @@
 Security
 ========
 
-:cve:`2021-25289`: Fix the fix for :cve:`2020-35654`
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+:cve:`2021-25289`: Correct the fix for :cve:`2020-35654`
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 The previous fix for :cve:`2020-35654` was insufficient due to incorrect
 error checking in ``TiffDecode.c``.

docs/releasenotes/8.4.0.rst

@@ -1,14 +1,11 @@
 8.4.0
 -----
 
-API Changes
-===========
-
 Deprecations
-^^^^^^^^^^^^
+============
 
 ImagePalette size parameter
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 The ``size`` parameter will be removed in Pillow 10.0.0 (2023-07-01).
 

docs/releasenotes/9.0.0.rst

@@ -44,17 +44,18 @@ duplicate tiles that only differ by their offset, only load the last tile. Credi
 Google's `OSS-Fuzz`_ project for finding this issue.
 
 :cve:`2022-22817`: Restrict builtins available to ImageMath.eval
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 To limit :py:class:`PIL.ImageMath` to working with images, Pillow
 will now restrict the builtins available to :py:meth:`PIL.ImageMath.eval`. This will
 help prevent problems arising if users evaluate arbitrary expressions, such as
 ``ImageMath.eval("exec(exit())")``.
 
-:cve:`2022-22815`: ImagePath.Path array handling
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+:cve:`2022-22815`, :cve:`2022-22816`: ImagePath.Path array handling
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-(:cwe:`126`) and :cve:`2022-22816` (:cwe:`665`) were found when initializing ``ImagePath.Path``.
+:cve:`2022-22815` (:cwe:`126`) and :cve:`2022-22816` (:cwe:`665`) were found when
+initializing ``ImagePath.Path``.
 
 .. _OSS-Fuzz: https://github.com/google/oss-fuzz
 

docs/releasenotes/9.1.0.rst

@@ -1,49 +1,6 @@
 9.1.0
 -----
 
-API Changes
-===========
-
-Raise an error when performing a negative crop
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Performing a negative crop on an image previously just returned a ``(0, 0)`` image. Now
-it will raise a :py:exc:`ValueError`, to help reduce confusion if a user has unintentionally
-provided the wrong arguments.
-
-Added specific error if path coordinate type is incorrect
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Rather than returning a :py:exc:`SystemError`, passing the incorrect types of coordinates into
-a path will now raise a more specific :py:exc:`ValueError`, with the message "incorrect
-coordinate type".
-
-Replace requirements.txt with extras
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Rather than installing all dependencies for docs and tests via ``requirements.txt``,
-``extras_require`` is used instead. This installs only those needed and at the same
-time as installing Pillow.
-
-For example:
-
-.. code-block:: bash
-
-    # Install with dependencies for tests:
-    python3 -m pip install .[tests]
-
-    # Or for building docs:
-    python3 -m pip install .[docs]
-
-    # Or for all:
-    python3 -m pip install .[docs,tests]
-
-On macOS, the last argument may need to be wrapped in quotes, e.g.
-``python3 -m pip install ".[tests]"``
-
-Therefore ``requirements.txt`` has been removed along with the ``make install-req``
-command for installing its contents.
-
 Deprecations
 ============
 
@@ -137,6 +94,49 @@ The stub image plugin ``FitsStubImagePlugin`` has been deprecated and will be re
 Pillow 10.0.0 (2023-07-01). FITS images can be read without a handler through
 :mod:`~PIL.FitsImagePlugin` instead.
 
+API Changes
+===========
+
+Raise an error when performing a negative crop
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Performing a negative crop on an image previously just returned a ``(0, 0)`` image. Now
+it will raise a :py:exc:`ValueError`, to help reduce confusion if a user has unintentionally
+provided the wrong arguments.
+
+Added specific error if path coordinate type is incorrect
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Rather than returning a :py:exc:`SystemError`, passing the incorrect types of coordinates into
+a path will now raise a more specific :py:exc:`ValueError`, with the message "incorrect
+coordinate type".
+
+Replace requirements.txt with extras
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Rather than installing all dependencies for docs and tests via ``requirements.txt``,
+``extras_require`` is used instead. This installs only those needed and at the same
+time as installing Pillow.
+
+For example:
+
+.. code-block:: bash
+
+    # Install with dependencies for tests:
+    python3 -m pip install .[tests]
+
+    # Or for building docs:
+    python3 -m pip install .[docs]
+
+    # Or for all:
+    python3 -m pip install .[docs,tests]
+
+On macOS, the last argument may need to be wrapped in quotes, e.g.
+``python3 -m pip install ".[tests]"``
+
+Therefore ``requirements.txt`` has been removed along with the ``make install-req``
+command for installing its contents.
+
 API Additions
 =============
 

docs/releasenotes/9.1.1.rst

@@ -14,6 +14,9 @@ Pillow reads the information past the end of the first line without deducting th
 from the length of the remaining file data. This vulnerability was introduced in Pillow
 9.1.0, and can cause a heap buffer overflow.
 
+Decompression bomb check fix
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
 Opening an image with a zero or negative height has been found to bypass a
 decompression bomb check. This will now raise a :py:exc:`SyntaxError` instead, in turn
 raising a ``PIL.UnidentifiedImageError``.

docs/releasenotes/9.2.0.rst

@@ -1,6 +1,11 @@
 9.2.0
 -----
 
+Security
+========
+
+An additional decompression bomb check has been added for the GIF format.
+
 Deprecations
 ============
 
@@ -132,11 +137,6 @@ with "transparency" in ``im.info``, and apply the transparency to the palette in
 The image's palette mode will become "RGBA", and "transparency" will be removed from
 ``im.info``.
 
-Security
-========
-
-An additional decompression bomb check has been added for the GIF format.
-
 Other Changes
 =============
 

docs/releasenotes/9.3.0.rst

@@ -1,6 +1,33 @@
 9.3.0
 -----
 
+Security
+========
+
+Initialize libtiff buffer when saving
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+When saving a TIFF image to a file object using libtiff, the buffer was not
+initialized. This behaviour introduced in Pillow 2.0.0, and has now been fixed.
+
+Decode JPEG compressed BLP1 data in original mode
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Within the BLP image format, BLP1 data may use JPEG compression. Instead of
+telling the JPEG library that this data is in BGRX mode, Pillow will now
+decode the data in its natural CMYK mode, then convert it to RGB and rearrange
+the channels afterwards. Trying to load the data in an incorrect mode could
+result in a segmentation fault. This issue was introduced in Pillow 9.1.0.
+
+Limit SAMPLESPERPIXEL to avoid runtime DOS
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+A large value in the ``SAMPLESPERPIXEL`` tag could lead to a memory and runtime DOS in
+``TiffImagePlugin.py`` when setting up the context for image decoding.
+This was introduced in Pillow 9.2.0, found with `OSS-Fuzz`_ and fixed by limiting
+``SAMPLESPERPIXEL`` to the number of planes that we can decode.
+
+
 API Additions
 =============
 
@@ -38,33 +65,6 @@ The data from :py:data:`~PIL.ExifTags.TAGS` and
 :py:data:`~PIL.ExifTags.GPS`.
 
 
-Security
-========
-
-Initialize libtiff buffer when saving
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-When saving a TIFF image to a file object using libtiff, the buffer was not
-initialized. This behaviour introduced in Pillow 2.0.0, and has now been fixed.
-
-Decode JPEG compressed BLP1 data in original mode
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Within the BLP image format, BLP1 data may use JPEG compression. Instead of
-telling the JPEG library that this data is in BGRX mode, Pillow will now
-decode the data in its natural CMYK mode, then convert it to RGB and rearrange
-the channels afterwards. Trying to load the data in an incorrect mode could
-result in a segmentation fault. This issue was introduced in Pillow 9.1.0.
-
-Limit SAMPLESPERPIXEL to avoid runtime DOS
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-A large value in the ``SAMPLESPERPIXEL`` tag could lead to a memory and runtime DOS in
-``TiffImagePlugin.py`` when setting up the context for image decoding.
-This was introduced in Pillow 9.2.0, found with `OSS-Fuzz`_ and fixed by limiting
-``SAMPLESPERPIXEL`` to the number of planes that we can decode.
-
-
 Other Changes
 =============