Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Changes since the last public release (1.2.7):
Fixed bug in png_text_compress() that would fail to complete a large block.
Fixed bug, introduced in libpng-1.2.7, that overruns a buffer during
strip alpha operation in png_do_strip_filler().
Added PNG_1_2_X definition in pngconf.h
#ifdef out png_info_init in png.c and png_read_init in pngread.c (as of 1.3.0)
Reduce color_type to a nonalpha type after strip alpha operation in
png_do_strip_filler().
Revised definitions of PNG_MAX_UINT_32, PNG_MAX_SIZE, and PNG_MAXSUM
Fixed (again) definition of PNG_LIBPNG_VER_DLLNUM in png.h (Cosmin).
Added PNG_LIBPNG_BUILD_PRIVATE in png.h (Cosmin).
Set png_ptr->zstream.data_type to Z_BINARY, to avoid unnecessary detection
of data type in deflate (Cosmin).
Deprecated but continue to support SPECIALBUILD and PRIVATEBUILD in favor of
PNG_LIBPNG_BUILD_SPECIAL_STRING and PNG_LIBPNG_BUILD_PRIVATE_STRING.
Despammed mailing addresses by masking "@" with "at".
Added scripts/makefile.elf with supporting code in pngconf.h for symbol
versioning (John Bowler).
Added projects/visualc71 (Simon-pierre).
|
|
* Removed unused pngasmrd.h file.
* Removed references to uu.net for archived files. Added references to
PNG Spec (second edition) and the PNG ISO/IEC Standard.
* Added "test-dd" target in 15 makefiles, to run pngtest in DESTDIR.
* Fixed bug with "optimized window size" in the IDAT datastream, that
causes libpng to write PNG files with incorrect zlib header bytes.
* Fixed bug with sCAL chunk and big-endian machines (David Munro).
* Undid new code added in 1.2.6rc2 to update the color_type in
png_set_filler().
* Added png_set_add_alpha() that updates color type.
* Revised png_set_strip_filler() to not remove alpha if color_type has alpha.
* Added makefile.hp64
* Changed projects/msvc/png32ms.def to scripts/png32ms.def in makefile.cygwin
|
|
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
|
|
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
|
|
because no ABI change or soname changes.
It is important to note that because of the fixed *_RECOMMENDED
mechanism, that 1.2.6rc2 will be the default version required.
|
|
security fixes)
changes:
version 1.2.6rc3 [August 9, 2004]
Eliminated use of "abs()" in testing cHRM and gAMA values, to avoid
trouble with some 64-bit compilers. Created PNG_OUT_OF_RANGE() macro.
Revised documentation of png_set_keep_unknown_chunks().
Check handle_as_unknown status in pngpread.c, as in pngread.c previously.
Moved "PNG_HANDLE_CHUNK_*" macros out of PNG_INTERNAL section of png.h
Added "rim" definitions for CONST4 and CONST6 in pnggccrd.c
version 1.2.6rc4 [August 10, 2004]
Fixed mistake in pngtest.c introduced in 1.2.6rc2 (declaration of
"pinfo" was out of place).
version 1.2.6rc5 [August 10, 2004]
Moved "PNG_HANDLE_CHUNK_*" macros out of PNG_ASSEMBLER_CODE_SUPPORTED
section of png.h where they were inadvertently placed in version rc3.
version 1.2.6rc6 [August 15, 2004]
Revised pngtest so memory allocation testing is only done when PNG_DEBUG==1.
|
|
|
|
This fixes PR 26602 submitted by Hauke Fath.
|
|
changes:
version 1.2.6rc2 [August 8, 2004]
Revised makefile.darwin and makefile.solaris. Removed makefile.macosx.
Revised pngtest's png_debug_malloc() to use png_malloc() instead of
png_malloc_default() which is not supposed to be exported.
Fixed off-by-one error in one of the conversions to PNG_ROWBYTES() in
pngpread.c. Bug was introduced in 1.2.6rc1.
Fixed bug in RGB to RGBX transformation introduced in 1.2.6rc1.
Fixed old bug in RGB to Gray transformation.
Fixed problem with 64-bit compilers by casting arguments to abs()
to png_int_32.
Changed "ln -sf" to "ln -f -s" in three makefiles (solaris, sco, so9).
Changed "HANDLE_CHUNK_*" to "PNG_HANDLE_CHUNK_*" (Cosmin)
Added "-@/bin/rm -f $(DL)/$(LIBNAME).so.$(PNGMAJ)" to 15 *NIX makefiles.
Added code to update the row_info->colortype in png_do_read_filler() (MSB).
|
|
|
|
fixes some security issues, see
http://scary.beasts.org/security/CESA-2004-001.txt
|
|
Bump PKGREVISION, since now the pkgconfig file contains the right rpath.
|
|
|
|
posted to png-implement by Glenn Randers-Pherson, libpng's maintainer.
This error was widely reported as "security issue",
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421
even though there is no security issue. The most the error could do is
SIGSEGV, and that only with some fairly uncommon circumstances. The patch
posted with the advisory is in fact flawed, in that it calls strlen() on
presumably arbitrary data.
Bump PKGREVISION.
|
|
|
|
BSD_INSTALL_DATA to BSD_INSTALL_SCRIPT.
|
|
Cesar Catrian C. in PR pkg/24974.
|
|
Ride yesterday's PKGREVISION bump for this one.
|
|
|
|
fail with an error if imlib2 is installed.
|
|
was done incorrectly and because it was disruptive to the pkgsrc freeze.
Will fix this correctly after the freeze is finished.
|
|
fail with an error if imlib2 is installed.
|
|
by moving the inclusion of buildlink3.mk files outside of the protected
region. This bug would be seen by users that have set PREFER_PKGSRC
or PREFER_NATIVE to non-default values.
BUILDLINK_PACKAGES should be ordered so that for any package in the
list, that package doesn't depend on any packages to the left of it
in the list. This ordering property is used to check for builtin
packages in the correct order. The problem was that including a
buildlink3.mk file for <pkg> correctly ensured that <pkg> was removed
from BUILDLINK_PACKAGES and appended to the end. However, since the
inclusion of any other buildlink3.mk files within that buildlink3.mk
was in a region that was protected against multiple inclusion, those
dependencies weren't also moved to the end of BUILDLINK_PACKAGES.
|
|
buildlink3.mk file in revision 1.101 of bsd.buildlink3.mk.
|
|
etc. because the bare variables will point to the correct executables.
|
|
the normal case when BUILDLINK_DEPENDS.<pkg> isn't specified, it receives
a value only once due to the multiple inclusion protection in the
bulldlink3.mk files. In the case where a package includes several
buildlink3.mk files that each want a slightly different version of another
dependency, having BUILDLINK_DEPENDS.<pkg> be a list allows for the
strictest <pkg> dependency to be matched.
|
|
BUILDLINK_CC.
|
|
|
|
recommended by seb :)
|
|
|
|
buildlink3 framework.
|
|
bsd.pkg.mk, so no need for the same logic here.
|
|
|
|
|
|
|
|
addresses PR pkg/19416
|
|
images (and bump package to 1.2.5nb2). The following is taken directly
from the png-implement mailing list...
Date: Fri, 20 Dec 2002 11:26:31 -0500
From: Glenn Randers-Pehrson <glennrp@comcast.net>
Reply-To: png-implement@ccrc.wustl.edu
To: png-implement@ccrc.wustl.edu
Subject: Re: [png-implement] bug in png_read_filler() with 16-bit samples
At 01:01 AM 12/5/02 -0500, Glenn Randers-Pehrson wrote:
>A bug has turned up in png_read_filler() with 16-bit samples.
>The starting offsets for the loops are calculated incorrectly
>which causes a buffer overrun beyond the beginning of the row
>buffer.
>
>To fix, at lines 1968 and 1990,
>change "row_width * 3" to "row_width * 6"
>and at lines 1969 and 1991,
>change "row_width;" to "row_width * 2;"
This is only half of the story. Adding an alpha channel to
16-bit *grayscale* images with png_do_read_filler() exhibits
the same bug, and pngcrush crashes if I try to do it.
To fix, at lines 1892, 1893, 1910, and 1911 of pngrtran.c
change "row_width" to "row_width * 2"
Note that applications that do not add an alpha channel via
png_set_filler(), and any applications that do, but reduce 16-bit
samples to 8 bit via png_set_strip_16() are invulnerable to
the bug. Pngcrush is the only application that I know of
that uses png_set_filler() without also using png_set_strip_16().
Glenn
--
Send the message body "help" to png-implement-request@ccrc.wustl.edu
|
|
reported to the png-implement mailing list by Glenn Randers-Pehrson:
ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-implement.200212
[Glenn Randers-Pehrson is the original author and chief maintainer of
libpng.]
From the discussion in the archive, it appears to be unlikely that the
bug could be exploited by a malicious web-server, chiefly because the
operation that triggers it is more likely to be carried out by an image
manipulation program (i.e. pngcrush), than by a web browser.
|
|
|
|
* Changed png_error() to png_warning() about
"Too much data" in pngpread.c and about
"Extra compressed data" in pngrutil.c.
* Prevent png_ptr->pass from exceeding 7 in
png_push_finish_row().
* Updated png.c and pnggccrd.c handling of return from
png_mmx_support() [Doesn't apply to the package.]
* Only issue png_warning() about "Too much data" in
pngpread.c when avail_in is nonzero.
* Relocated two misplaced PNGAPI lines in pngtest.c
Update submitted by Stefan Krüger in PR/18926.
|
|
|
|
buildlink2.mk files back into the main trunk. This provides sufficient
buildlink2 infrastructure to start merging other packages from the
buildlink2 branch that have already been converted to use the buildlink2
framework.
|
|
and png_set_text_2(), call for a minor version bump in the shared library.
Update "BUILDLINK_DEPENDS" to current level. Also make the shared library
versions visible in the top-level "Makefile", and add a top-level "test"
target to invoke "pngtest" in ${WRKSRC}.
The following is culled from the extensive "CHANGES" file, ommitting
all make system and doc changes, and some bug fixes for bugs that weren't
present in 1.2.1. See "CHANGES" for complete details:
Added setjmp() at the end of png_create_*_struct_2() in case user forgets
to put one in their application.
Exported png_zalloc(), png_zfree(), png_default_read(), png_default_write(),
png_default_flush(), and png_push_fill_buffer() and included them in
module definition files.
Revised prototype for png_default_flush()
Typos in *.def files (png_default_read|write -> png_default_read|write_data)
Once more restored png_zalloc and png_zfree to regular nonexported form.
Restored png_default_read|write_data, png_default_flush, png_read_fill_buffer
to nonexported form, but with PNGAPI, and removed them from module def files.
Removed "PNGAPI" from png_zalloc() and png_zfree() in png.c
Plugged various memory leaks; added png_malloc_warn() and png_set_text_2()
functions.
Plugged memory leak of png_ptr->current_text (Matt Holgate).
Check for buffer overflow before reading CRC in pngpread.c (Warwick Allison)
Plugged memory leak of row_buf in pngtest.c when there is a png_error().
Detect buffer overflow in pngpread.c when IDAT is corrupted with extra data.
Changed png_warning() to png_error() when width is too large to process.
|
|
|
|
|
|
|
|
shared library version, and in the dependendency information for hundreds of
other packages. [Update to png itself was supplied by Thomas Wizner.]
Relevant changes since 1.0.12, extracted from the "CHANGES" file:
Re-enabled PNG_MNG_FEATURES_SUPPORTED and enabled PNG_ASSEMBLER_CODE_SUPPORTED
by default.
Added runtime selection of MMX features.
Added png_set_strip_error_numbers function and related macros.
Added a check for attempts to read or write PLTE in grayscale PNG datastreams.
Enabled user memory function by default.
Modified png_create_struct so it passes user mem_ptr to user memory allocator.
Increased png_mng_features flag from png_byte to png_uint_32.
Check for missing profile length field in iCCP chunk and free chunk_data
in case of truncated iCCP chunk.
Revised contrib/gregbook/rpng*-x.c to avoid a memory leak and to exit cleanly
if user attempts to run it on an 8-bit display.
Updated contrib/gregbook
Use png_malloc instead of png_zalloc to allocate palette in pngset.c
Added some typecasts to eliminate gcc 3.0 warnings. Changed prototypes
of png_write_oFFS width and height from png_uint_32 to png_int_32.
Updated example.c
Revised prototypes for png_debug_malloc and png_debug_free in pngtest.c
Revised contrib/gregbook
Revised pnggccrd.c to conditionally compile some thread-unsafe code only
when PNG_THREAD_UNSAFE_OK is defined.
Added tests to prevent pngwutil.c from writing a bKGD or tRNS chunk with
value exceeding 2^bit_depth-1
Replaced calls to fprintf(stderr,...) with png_warning() in pnggccrd.c
Removed restriction that do_invert_mono only operate on 1-bit opaque files
Changed a png_warning() to png_debug() in pnggccrd.c
Fixed contrib/gregbook/rpng-x.c, rpng2-x.c to avoid crash with XFreeGC().
Include background_1 in png_struct regardless of gamma support.
Revised example.c to provide more details about using row_callback().
Added type cast to each NULL appearing in a function call, except for
WINCE functions.
Removed type casts from all NULLs.
Simplified png_create_struct_2().
Revised png_create_info_struct() and png_creat_struct_2().
Added error message if png_write_info() was omitted.
Type cast NULLs appearing in function calls when _NO_PROTO or
PNG_TYPECAST_NULL is defined.
Type cast NULLs appearing in function calls except when PNG_NO_TYPECAST_NULL
is defined.
Changed typecast of "size" argument to png_size_t in pngmem.c calls to
the user malloc_fn, to agree with the prototype in png.h
Added a pop/push operation to pnggccrd.c, to preserve Eflag (Maxim Sobolev)
Added a pop/push operation to pngvcrd.c, to preserve Eflag.
Always allocate 256-entry internal palette, hist, and trans arrays, to
avoid out-of-bounds memory reference caused by invalid PNG datastreams.
Added a check for prefix_length > data_length in iCCP chunk handler.
|
|
|
|
. Added some never-to-be-executed code in pnggccrd.c to quiet compiler
warnings.
. Added a check for attempts to read or write PLTE in grayscale PNG
datastreams.
. Eliminated the png_error about apps using png_read|write_init(). Instead,
libpng will reallocate the png_struct and info_struct if they are too small.
This achieves future binary compatibility for old applications written for
libpng-0.88 and earlier. Expanded the warnings about incompatible library
and application.
. Modified png_create_struct so it passes user mem_ptr to user memory
allocator.
. Check for missing profile length field in iCCP chunk and free the chunk_data
in case of truncated iCCP chunk.
|