Merge pull request #7885 from hugovk/update-release-notes

Author: hugovk

docs/releasenotes/10.3.0.rst

@@ -90,19 +90,3 @@ Release GIL when fetching WebP frames
 
 Python's Global Interpreter Lock is now released when fetching WebP frames from
 the libwebp decoder.
-
-Added release notes for past releases
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Added release notes for past releases: ``2.6.0``, ``2.5.2``,
-``2.3.2``, ``2.3.1``. With these additions we are able to
-provide a comprehensive list of all Pillow CVE records from
-1995 to 2024 across three noteworthy periods:
-
-- 1995-2009: No known CVEs
-- 2010-2018: :cve:`2014-1932`, :cve:`2014-3589`, :cve:`2016-0740`, :cve:`2016-3076`
-- 2019-2024: :cve:`2019-16865`, :cve:`2019-19911`, :cve:`2020-10177`, :cve:`2020-15999`,
-  :cve:`2020-35653`, :cve:`2021-25289`, :cve:`2020-35654`, :cve:`2020-35654`,
-  :cve:`2021-27921`, :cve:`2021-27922`, :cve:`2021-27923`, :cve:`2021-25287`,
-  :cve:`2021-25288`, :cve:`2021-34552`, :cve:`2021-23437`, :cve:`2022-22817`,
-  :cve:`2022-24303`, :cve:`2022-30595`, :cve:`2023-44271`, :cve:`2023-4863`

docs/releasenotes/2.3.1.rst

@@ -4,23 +4,23 @@
 Security
 ========
 
-These issues reported in
+These issues were reported in
 `Debian bug #737059 <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059>`_.
 
 :cve:`2014-1932`: Fix insecure use of :py:func:`tempfile.mktemp`
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-The (1) load_djpeg function in ``JpegImagePlugin.py``, (2) Ghostscript function
-in EpsImagePlugin.py, (3) load function in ``IptcImagePlugin.py``, and (4)
-``_copy`` function in Image.py in Python Image Library (PIL) 1.1.7 and earlier
-and Pillow before 2.3.1 do not properly create temporary files, which allow
+The (1) ``load_djpeg`` function in ``JpegImagePlugin.py``, (2) Ghostscript function
+in ``EpsImagePlugin.py``, (3) ``load`` function in ``IptcImagePlugin.py``, and (4)
+``_copy`` function in ``Image.py`` in
+Pillow before 2.3.1 do not properly create temporary files, which allow
 local users to overwrite arbitrary files and obtain sensitive information via a
 symlink attack on the temporary file.
 
 :cve:`2014-1933`: Fix insecure use of :py:func:`tempfile.mktemp`
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-The (1) ``JpegImagePlugin.py`` and (2) ``EpsImagePlugin.py`` scripts in Python
-Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of
+The (1) ``JpegImagePlugin.py`` and (2) ``EpsImagePlugin.py`` scripts in
+Pillow before 2.3.1 uses the names of
 temporary files on the command line, which makes it easier for local users to
 conduct symlink attacks by listing the processes.

docs/releasenotes/2.3.2.rst

@@ -7,8 +7,8 @@ Security
 :cve:`2014-3589`: Fix DOS attack
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-``PIL/IcnsImagePlugin.py`` in Python Imaging Library (PIL) and Pillow before 2.3.2 and
+``PIL/IcnsImagePlugin.py`` in Pillow before 2.3.2 and
 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted
 block size.
 
-Found and reported by Andrew Drake of dropbox.com
+Found and reported by Andrew Drake of `Dropbox <https://www.dropbox.com/>`__.

docs/releasenotes/2.5.2.rst

@@ -7,8 +7,8 @@ Security
 :cve:`2014-3589`: Fix DOS attack
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-``PIL/IcnsImagePlugin.py`` in Python Imaging Library (PIL) and Pillow before 2.3.2 and
+``PIL/IcnsImagePlugin.py`` in Pillow before 2.3.2 and
 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted
 block size.
 
-Found and reported by Andrew Drake of dropbox.com
+Found and reported by Andrew Drake of `Dropbox <https://www.dropbox.com/>`__.

docs/releasenotes/2.6.0.rst

@@ -7,16 +7,8 @@ Security
 :cve:`2014-3589`: Fix DOS attack
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-``PIL/IcnsImagePlugin.py`` in Python Imaging Library (PIL) and Pillow before 2.3.2 and
+``PIL/IcnsImagePlugin.py`` in Pillow before 2.3.2 and
 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted
 block size.
 
-Found and reported by Andrew Drake of dropbox.com
-
-Other Changes
-=============
-
-Relaxed precision of some tests
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Relaxed imagedraw tests to allow slight errors for x86 vs x64.
+Found and reported by Andrew Drake of `Dropbox <https://www.dropbox.com/>`__.

docs/releasenotes/2.7.0.rst

@@ -1,9 +1,6 @@
 2.7.0
 -----
 
-Other Changes
-=============
-
 Sane Plugin
 ^^^^^^^^^^^
 
@@ -105,6 +102,7 @@ other filters gave poor quality for reduction. Starting from Pillow 2.7.0,
 uses supersampling internally, not convolutions.
 
 Image transposition
++++++++++++++++++++
 
 A new method ``TRANSPOSE`` has been added for the
 :py:meth:`~PIL.Image.Image.transpose` operation in addition to

docs/releasenotes/2.8.0.rst

@@ -1,9 +1,6 @@
 2.8.0
 -----
 
-Other Changes
-=============
-
 Open HTTP response objects with Image.open
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 

docs/releasenotes/3.0.0.rst

@@ -1,22 +1,22 @@
 3.0.0
 -----
 
-Deprecations
-============
+Backwards Incompatible Changes
+==============================
 
 Several methods that have been marked as deprecated for many releases
-have been removed in this release::
-
-    Image.tostring()
-    Image.fromstring()
-    Image.offset()
-    ImageDraw.setink()
-    ImageDraw.setfill()
-    The ImageFileIO module
-    The ImageFont.FreeTypeFont and ImageFont.truetype ``file`` keyword arg
-    The ImagePalette private _make functions
-    ImageWin.fromstring()
-    ImageWin.tostring()
+have been removed in this release:
+
+* ``Image.tostring()``
+* ``Image.fromstring()``
+* ``Image.offset()``
+* ``ImageDraw.setink()``
+* ``ImageDraw.setfill()``
+* The ``ImageFileIO`` module
+* The ``ImageFont.FreeTypeFont`` and ``ImageFont.truetype`` ``file`` keyword arg
+* The ``ImagePalette`` private ``_make`` functions
+* ``ImageWin.fromstring()``
+* ``ImageWin.tostring()``
 
 Other Changes
 =============

docs/releasenotes/3.1.0.rst

@@ -1,9 +1,6 @@
 3.1.0
 -----
 
-Other Changes
-=============
-
 ImageDraw arc, chord and pieslice can now use floats
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 

docs/releasenotes/3.1.1.rst

@@ -8,8 +8,7 @@ Security
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 Pillow 3.1.0 and earlier when linked against libtiff >= 4.0.0 on x64
-may overflow a buffer when reading a specially crafted tiff file
-(:cve:`2016-0740`).
+may overflow a buffer when reading a specially crafted tiff file.
 
 Specifically, libtiff >= 4.0.0 changed the return type of
 ``TIFFScanlineSize`` from ``int32`` to machine dependent
@@ -63,8 +62,8 @@ assuming 4 bytes per pixel. This writes 768 bytes beyond the end of
 the buffer into other Python object storage. In some cases, this
 causes a segfault, in others an internal Python malloc error.
 
-Integer overflow in Resample.c
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+Integer overflow in ``Resample.c``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 If a large value was passed into the new size for an image, it is
 possible to overflow an ``int32`` value passed into malloc.