| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
|
|
|
|
They should include the full list of libraries and linker flags, similar
to pkg-config and other *-config scripts. Bump PKGREVISION.
|
|
|
|
pkglint -Wall -F --only aligned --only indent -r
No manual corrections.
|
|
This is largely a bugfix-only release. Most importantly, it contains
a fix for a use-after-free vulnerability (CVE-2019-7317) affecting
the simplified libpng API, and a fix for a memory leak affecting the
ARM NEON implementation of the palette-to-RGB(A) expansion.
|
|
Version 1.6.36 [December 1, 2018]
Optimized png_do_expand_palette for ARM processors.
Improved performance by around 10-22% on a recent ARM Chromebook.
(Contributed by Richard Townsend, ARM Holdings)
Fixed manipulation of machine-specific optimization options.
(Contributed by Vicki Pfau)
Used memcpy instead of manual pointer arithmetic on Intel SSE2.
(Contributed by Samuel Williams)
Fixed build errors with MSVC on ARM64.
(Contributed by Zhijie Liang)
Fixed detection of libm in CMakeLists.
(Contributed by Cameron Cawley)
Fixed incorrect creation of pkg-config file in CMakeLists.
(Contributed by Kyle Bentley)
Fixed the CMake build on Windows MSYS by avoiding symlinks.
Fixed a build warning on OpenBSD.
(Contributed by Theo Buehler)
Fixed various typos in comments.
(Contributed by "luz.paz")
Raised the minimum required CMake version from 3.0.2 to 3.1.
Removed yet more of the vestigial support for pre-ANSI C compilers.
Removed ancient makefiles for ancient systems that have been broken
across all previous libpng-1.6.x versions.
Removed the Y2K compliance statement and the export control
information.
Applied various code style and documentation fixes.
|
|
Version 1.6.35:
* Replaced the remaining uses of png_size_t with size_t (Cosmin)
* Fixed the calculation of row_factor in png_check_chunk_length
* Added missing parentheses to a macro definition
|
|
Version 1.6.33beta01 [August 28, 2017]
Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing
parenthesis in contrib/pngminus/pnm2png.c (bug report by Christian Hesse).
Fixed off-by-one error in png_do_check_palette_indexes() (Bug report
by Mick P., Source Forge Issue #269).
Version 1.6.33beta02 [September 3, 2017]
Initialize png_handler.row_ptr in contrib/oss-fuzz/libpng_read_fuzzer.cc
to fix shortlived oss-fuzz issue 3234.
Compute a larger limit on IDAT because some applications write a deflate
buffer for each row (Bug report by Andrew Church).
Use current date (DATE) instead of release-date (RDATE) in last
changed date of contrib/oss-fuzz files.
Enabled ARM support in CMakeLists.txt (Bernd Kuhls).
Version 1.6.33beta03 [September 14, 2017]
Fixed incorrect typecast of some arguments to png_malloc() and
png_calloc() that were png_uint_32 instead of png_alloc_size_t
(Bug report by "irwir" in Github libpng issue #175).
Use pnglibconf.h.prebuilt when building for ANDROID with cmake (Github
issue 162, by rcdailey).
Version 1.6.33rc01 [September 20, 2017]
Initialize memory allocated by png_inflate to zero, using memset, to
stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2()
due to truncated iTXt or zTXt chunk.
Initialize memory allocated by png_read_buffer to zero, using memset, to
stop an oss-fuzz "use of uninitialized value" detection in
png_icc_check_tag_table() due to truncated iCCP chunk.
Removed a redundant test (suggested by "irwir" in Github issue #180).
Version 1.6.33rc02 [September 23, 2017]
Added an interlaced version of each file in contrib/pngsuite.
Relocate new memset() call in pngrutil.c.
Removed more redundant tests (suggested by "irwir" in Github issue #180).
Add support for loading images with associated alpha in the Simplified
API (Samuel Williams).
Version 1.6.33 [September 28, 2017]
Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state.
Initialize png_handler.row_ptr in contrib/oss-fuzz/libpng_read_fuzzer.cc
Add end_info structure and png_read_end() to the libpng fuzzer.
Version 1.6.34 [September 29, 2017]
Removed contrib/pngsuite/i*.png; some of these were incorrect and caused
test failures.
|
|
Version 1.6.32beta01 [July 31, 2017]
Avoid possible NULL dereference in png_handle_eXIf when benign_errors
are allowed. Avoid leaking the input buffer "eXIf_buf".
Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif
to arguments for png_get_eXIf() and png_set_eXIf().
Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in
pngwrite.c, and made various other fixes to png_write_eXIf().
Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and
png_set_eXIf_1(), respectively, to avoid breaking API compatibility
with libpng-1.6.31.
Version 1.6.32beta02 [August 1, 2017]
Updated contrib/libtests/pngunknown.c with eXIf chunk.
Version 1.6.32beta03 [August 2, 2017]
Initialized btoa[] in pngstest.c
Stop memory leak when returning from png_handle_eXIf() with an error
(Bug report from the OSS-fuzz project).
Version 1.6.32beta04 [August 2, 2017]
Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
Update libpng.3 and libpng-manual.txt about eXIf functions.
Version 1.6.32beta05 [August 2, 2017]
Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability.
Version 1.6.32beta06 [August 2, 2017]
Removed png_get_eXIf_1() and png_set_eXIf_1().
Version 1.6.32beta07 [August 3, 2017]
Check length of all chunks except IDAT against user limit to fix an
OSS-fuzz issue.
Version 1.6.32beta08 [August 3, 2017]
Check length of IDAT against maximum possible IDAT size, accounting
for height, rowbytes, interlacing and zlib/deflate overhead.
Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf)
does not work (the eXIf chunk data can contain zeroes).
Version 1.6.32beta09 [August 3, 2017]
Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation,
no longer using deprecated cmake LOCATION feature (Clifford Yapp).
Fixed five-byte error in the calculation of IDAT maximum possible size.
Version 1.6.32beta10 [August 5, 2017]
Moved chunk-length check into a png_check_chunk_length() private
function (Suggested by Max Stepin).
Moved bad pngs from tests to contrib/libtests/crashers
Moved testing of bad pngs into a separate tests/pngtest-badpngs script
Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL
in the output but PASS for the libpng test.
Require cmake-3.0.2 in CMakeLists.txt (Clifford Yapp).
Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the
num_exif argument to png_get_eXIf_1() (Github Issue 171).
Version 1.6.32beta11 [August 7, 2017]
Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers.
Make pngtest --strict, --relax, --xfail options imply -m (multiple).
Removed unused chunk_name parameter from png_check_chunk_length().
Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak.
Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue.
Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR.
Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.
Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account
for the minimum 'deflate' stream, and relocate the test to a point
after the keyword has been read.
Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM".
Version 1.6.32rc01 [August 18, 2017]
Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers,
one for each known chunk type, with length = 2GB-1.
Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts
in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706,
and 162707).
Renamed chunks in contrib/testpngs/crashers to avoid having files whose
names differ only in case; this causes problems with some platforms
(github issue #172).
Version 1.6.32rc02 [August 22, 2017]
Added contrib/oss-fuzz directory which contains files used by the oss-fuzz
project (https://github.com/google/oss-fuzz/tree/master/projects/libpng).
Version 1.6.32 [August 24, 2017]
No changes.
|
|
Changes since the last public release (1.6.30):
Guard the definition of _POSIX_SOURCE in pngpriv.h (AIX already defines it;
bug report by Michael Felt).
Revised pngpriv.h to work around failure to compile arm/filter_neon.S
("typedef" directive is unrecognized by the assembler). The problem
was introduced in libpng-1.6.30beta01.
Added "Requires: zlib" to libpng.pc.in (Pieter Neerincx).
Added special case for FreeBSD in arm/filter_neon.S (Maya Rashish).
Added instructions for disabling hardware optimizations in INSTALL.
Added "--enable-hardware-optimizations" configuration flag to enable
or disable all hardware optimizations with one flag.
Updated CMakeLists.txt to add INTEL_SSE and MIPS_MSA platforms.
Changed "int" to "png_size_t" in intel/filter_sse2.c to prevent
possible integer overflow (Bug report by John Bowler).
Quieted "declaration after statement" warnings in intel/filter_sse2.c.
Added scripts/makefile-linux-opt, which has hardware optimizations enabled.
Removed one of the GCC-7.1.0 'strict-overflow' warnings that result when
integers appear on both sides of a compare. Worked around the others by
forcing the strict-overflow setting in the relevant functions to a level
where they are not reported (John Bowler).
Changed "FALL THROUGH" comments to "FALLTHROUGH" because GCC doesn't like
the space.
Worked around some C-style casts from (void*) because g++ 5.4.0 objects
to them.
Increased the buffer size for 'sprint' to pass the gcc 7.1.0 'sprint
overflow' check that is on by default with -Wall -Wextra.
Added eXIf chunk support.
Added a minimal eXIf chunk (with Orientation and FocalLengthIn35mmFilm
tags) to pngtest.png.
|
|
the current change is somewhat overkill and excludes some extra function
declarations, but there's only one assembler file for which it applies and
it was tested to build.
Fixes compilation on ARM reported by John Klos in PR pkg/52367
|
|
Changes since the last public release (1.6.29):
Added missing "$(CPPFLAGS)" to the compile line for c.pic.o in
makefile.linux and makefile.solaris-x86 (Cosmin).
Revised documentation of png_get_error_ptr() in the libpng manual.
Silence clang -Wcomma and const drop warnings (Viktor Szakats).
Update Sourceforge URLs in documentation (https instead of http).
Document need to check for integer overflow when allocating a pixel
buffer for multiple rows in contrib/gregbook, contrib/pngminus,
example.c, and in the manual (suggested by Jaeseung Choi). This
is similar to the bug reported against pngquant in CVE-2016-5735.
Removed reference to the obsolete PNG_SAFE_LIMITS macro in the documentation.
Check for integer overflow in contrib/visupng and contrib/tools/genpng.
Do not double evaluate CMAKE_SYSTEM_PROCESSOR in CMakeLists.txt.
Test CMAKE_HOST_WIN32 instead of WIN32 in CMakeLists.txt.
Fix some URL in documentation.
Avoid writing an empty IDAT when the last IDAT exactly fills the
compression buffer (bug report by Brian Baird). This bug was
introduced in libpng-1.6.0.
Update copyright year in pnglibconf.h, make ltmain.sh executable.
Add a reference to the libpng.download site in README.
|
|
|
|
Version 1.6.29beta01 [January 12, 2017]
Readded "include(GNUInstallDirs)" to CMakeLists.txt (Gianfranco Costamagna).
Moved SSE2 optimization code into the main libpng source directory.
Configure libpng with "configure --enable-intel-sse" or compile
libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it.
Simplified conditional compilation in pngvalid.c, for AIX (Michael Felt).
Version 1.6.29beta02 [February 22, 2017]
Avoid conditional directives that break statements in pngrutil.c (Romero
Malaquias)
The contrib/examples/pngtopng.c recovery code was in the wrong "if"
branches; the comments were correct.
Added code for PowerPC VSX optimisation (Vadim Barkov).
Version 1.6.29beta03 [March 1, 2017]
Avoid potential overflow of shift operations in png_do_expand() (Aaron Boxer).
Change test ZLIB_VERNUM >= 0x1281 to ZLIB_VERNUM >= 0x1290 in pngrutil.c
because Solaris 11 distributes zlib-1.2.8.f that is older than 1.2.8.1.
Suppress clang warnings about implicit sign changes in png.c
Version 1.6.29 [March 16, 2017]
No changes.
|
|
MASTER_SITES= site1 \
site2
style continuation lines to be simple repeated
MASTER_SITES+= site1
MASTER_SITES+= site2
lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
|
|
Version 1.6.28rc01 [January 3, 2017]
Fixed arm/aarch64 detection in CMakeLists.txt (Gianfranco Costamagna).
Added option to Cmake build allowing a custom location of zlib to be
specified in a scenario where libpng is being built as a subproject
alongside zlib by another project (Sam Serrels).
Changed png_ptr->options from a png_byte to png_uint_32, to accomodate
up to 16 options.
Version 1.6.28rc02 [January 4, 2017]
Added "include(GNUInstallDirs)" to CMakeLists.txt (Gianfranco Costamagna).
Moved SSE2 optimization code into the main libpng source directory.
Configure libpng with "configure --enable-intel-sse" or compile
libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it.
Version 1.6.28rc03 [January 4, 2017]
Backed out the SSE optimization and last CMakeLists.txt to allow time for QA.
Version 1.6.28 [January 5, 2017]
No changes.
|
|
Version 1.6.27beta01 [November 2, 2016]
Restrict the new ADLER32-skipping to IDAT chunks. It broke iCCP chunk
handling: an erroneous iCCP chunk would throw a png_error and reject the
entire PNG image instead of rejecting just the iCCP chunk with a warning,
if built with zlib-1.2.8.1.
Version 1.6.27rc01 [December 27, 2016]
Control ADLER32 checking with new PNG_IGNORE_ADLER32 option.
Removed the use of a macro containing the pre-processor 'defined'
operator. It is unclear whether this is valid; a macro that
"generates" 'defined' is not permitted, but the use of the word
"generates" within the C90 standard seems to imply more than simple
substitution of an expression itself containing a well-formed defined
operation.
Added ARM support to CMakeLists.txt (Andreas Franek).
Version 1.6.27 [December 29, 2016]
Fixed a potential null pointer dereference in png_set_text_2() (bug report
and patch by Patrick Keshishian).
|
|
Version 1.6.26beta01 [September 26, 2016]
Fixed handling zero length IDAT in pngfix (bug report by Agostino Sarubbo,
bugfix by John Bowler).
Do not issue a png_error() on read in png_set_pCAL() because png_handle_pCAL
has allocated memory that libpng needs to free.
Conditionally compile png_set_benign_errors() in pngread.c and pngtest.c
Issue a png_benign_error instead of a png_error on ADLER32 mismatch
while decoding compressed data chunks.
Changed PNG_ZLIB_VERNUM to ZLIB_VERNUM in pngpriv.h, pngstruct.h, and
pngrutil.c.
If CRC handling of critical chunks has been set to PNG_CRC_QUIET_USE,
ignore the ADLER32 checksum in the IDAT chunk as well as the chunk CRCs.
Issue png_benign_error() on ADLER32 checksum mismatch instead of png_error().
Add tests/badcrc.png and tests/badadler.png to tests/pngtest.
Merged pngtest.c with libpng-1.7.0beta84/pngtest.c
Version 1.6.26beta02 [October 1, 2016]
Updated the documentation about CRC and ADLER32 handling.
Quieted 117 warnings from clang-3.8 in pngtrans.c, pngread.c,
pngwrite.c, pngunknown.c, and pngvalid.c.
Quieted 58 (out of 144) -Wconversion compiler warnings by changing
flag definitions in pngpriv.h from 0xnnnn to 0xnnnnU and trivial changes
in png.c, pngread.c, and pngwutil.c.
Version 1.6.26beta03 [October 2, 2016]
Removed contrib/libtests/*.orig and *.rej that slipped into the tarballs.
Quieted the 86 remaining -Wconversion compiler warnings by
revising the png_isaligned() macro and trivial changes in png.c,
pngerror.c, pngget.c, pngmem.c, pngset.c, pngrtran.c, pngrutil.c,
pngwtran.c, pngwrite.c, and pngwutil.c.
Version 1.6.26beta04 [October 3, 2016]
Quieted (bogus?) clang warnings about "absolute value has no effect"
when PNG_USE_ABS is defined.
Fixed offsets in contrib/intel/intel_sse.patch
Version 1.6.26beta05 [October 6, 2016]
Changed integer constant 4294967294 to unsigned 4294967294U in pngconf.h
to avoid a signed/unsigned compare in the preprocessor.
Version 1.6.26beta06 [October 7, 2016]
Use zlib-1.2.8.1 inflateValidate() instead of inflateReset2() to
optionally avoid ADLER32 evaluation.
Version 1.6.26rc01 [October 12, 2016]
No changes.
Version 1.6.26 [October 20, 2016]
Cosmetic change, "ptr != 0" to "ptr != NULL" in png.c and pngrutil.c
Despammed email addresses (replaced "@" with " at ").
|
|
Changes since the last public release (1.6.24):
Reject oversized iCCP profile immediately.
Cleaned up PNG_DEBUG compile of pngtest.c.
Conditionally compile png_inflate().
Don't install pngcp; it conflicts with pngcp in the pngtools package.
Minor editing of INSTALL, (whitespace, added copyright line)
Added MIPS support (Mandar Sahastrabuddhe <Mandar.Sahastrabuddhe@imgtec.com>).
Rebased contrib/intel/intel_sse.patch after the MIPS implementation.
|
|
Version 1.6.24beta01 [June 11, 2016]
Avoid potential overflow of the PNG_IMAGE_SIZE macro. This macro
is not used within libpng, but is used in some of the examples.
Version 1.6.24beta02 [June 23, 2016]
Correct filter heuristic overflow handling. This was broken when the
write filter code was moved out-of-line; if there is a single filter and
the heuristic sum overflows the calculation of the filtered line is not
completed. In versions prior to 1.6 the code was duplicated in-line
and the check not performed, so the filter operation completed; however,
in the multi-filter case where the sum is performed the 'none' filter would
be selected if all the sums overflowed, even if it wasn't in the filter
list. The fix to the first problem is simply to provide PNG_SIZE_MAX as
the current lmins sum value; this means the sum can never exceed it and
overflows silently. A reasonable compiler that does choose to inline
the code will simply eliminate the sum check.
The fix to the second problem is to use high precision arithmetic (this is
implemented in 1.7), however a simple safe fix here is to chose the lowest
numbered filter in the list from png_set_filter (this only works if the
first problem is also fixed) (John Bowler).
Use a more efficient absolute value calculation on SSE2 (Matthieu Darbois).
Fixed the case where PNG_IMAGE_BUFFER_SIZE can overflow in the application
as a result of the application using an increased 'row_stride'; previously
png_image_finish_read only checked for overflow on the base calculation of
components. (I.e. it checked for overflow of a 32-bit number on the total
number of pixel components in the output format, not the possibly padded row
length and not the number of bytes, which for linear formats is twice the
number of components.)
MSVC does not like '-(unsigned)', so replaced it with 0U-(unsigned)
MSVC does not like (uInt) = -(unsigned) (i.e. as an initializer), unless
the conversion is explicitly invoked by a cast.
Put the SKIP definition in the correct place. It needs to come after the
png.h include (see all the other .c files in contrib/libtests) because it
depends on PNG_LIBPNG_VER.
Removed the three compile warning options from the individual project
files into the zlib.props globals. It increases the warning level from 4
to All and adds a list of the warnings that need to be turned off. This is
semi-documentary; the intent is to tell libpng users which warnings have
been examined and judged non-fixable at present. The warning about
structure padding is fixable, but it would be a signficant change (moving
structure members around).
Version 1.6.24beta03 [July 4, 2016]
Optimized absolute value calculation in filter selection, similar to
code in the PAETH decoder in pngrutil.c. Build with PNG_USE_ABS to
use this.
Added pngcp to the build together with a pngcp.dfa configuration test.
Added high resolution timing to pngcp.
Added "Common linking failures" section to INSTALL.
Relocated misplaced #endif in png.c sRGB profile checking.
Fixed two Coverity issues in pngcp.c.
Version 1.6.24beta04 [July 8, 2016]
Avoid filter-selection heuristic sum calculations in cases where only one
filter is a candidate for selection. This trades off code size (added
private png_setup_*_row_only() functions) for speed.
Version 1.6.24beta05 [July 13, 2016]
Fixed some indentation to comply with our coding style.
Added contrib/tools/reindent.
Version 1.6.24beta06 [July 18, 2016]
Fixed more indentation to comply with our coding style.
Eliminated unnecessary tests of boolean png_isaligned() vs 0.
Version 1.6.24rc01 [July 25, 2016]
No changes.
Version 1.6.24rc02 [August 1, 2016]
Conditionally compile SSE2 headers in contrib/intel/intel_sse.patch
Conditionally compile png_decompress_chunk().
Version 1.6.24rc03 [August 2, 2016]
Conditionally compile ARM_NEON headers in pngpriv.h
Updated contrib/intel/intel_sse.patch
Version 1.6.24[August 4, 2016]
No changes.
|
|
Version 1.6.23beta01 [May 29, 2016]
Stop a potential memory leak in png_set_tRNS() (Bug report by Ted Ying).
Fixed the progressive reader to handle empty first IDAT chunk properly
(patch by Timothy Nikkel). This bug was introduced in libpng-1.6.0 and
only affected the libpng16 branch.
Added tests in pngvalid.c to check zero-length IDAT chunks in various
positions. Fixed the sequential reader to handle these more robustly
(John Bowler).
Version 1.6.23rc01 [June 2, 2016]
Corrected progressive read input buffer in pngvalid.c. The previous version
the code invariably passed just one byte at a time to libpng. The intent
was to pass a random number of bytes in the range 0..511.
Moved sse2 prototype from pngpriv.h to contrib/intel/intel_sse.patch.
Added missing ")" in pngerror.c (Matt Sarrett).
Version 1.6.23rc02 [June 4, 2016]
Fixed undefined behavior in png_push_save_buffer(). Do not call
memcpy() with a null source, even if count is zero (Leon Scroggins III).
Version 1.6.23 [June 9, 2016]
Fixed bad link to RFC2083 in png.5 (Nikola Forro).
|
|
Version 1.6.22beta01 [January 23, 2016]
Changed PNG_USE_MKSTEMP to __COVERITY__ to select alternate
"tmpfile()" implementation in contrib/libtests/pngstest.c
Fixed NO_STDIO build of pngunknown.c to skip calling png_init_io()
if there is no stdio.h support.
Added a png_image_write_to_memory() API and a number of assist macros
to allow an application that uses the simplified API write to bypass
stdio and write directly to memory.
Added some warnings (png.h) and some check code to detect *possible*
overflow in the ROW_STRIDE and simplified image SIZE macros. This
disallows image width/height/format that *might* overflow. This is
a quiet API change that limits in-memory image size (uncompressed) to
less than 4GByte and image row size (stride) to less than 2GByte.
Revised workaround for false-positive Coverity issue in pngvalid.c.
Version 1.6.22beta02 [February 8, 2016]
Only use exit(77) in configure builds.
Corrected error in PNG_IMAGE_PNG_SIZE_MAX. This new macro underreported
the palette size because it failed to take into account that the memory
palette has to be expanded to full RGB when it is written to PNG.
Updated CMakeLists.txt, added supporting scripts/gen*.cmake.in
and test.cmake.in (Roger Leigh).
Relaxed limit checks on gamma values in pngrtran.c. As suggested in
the comments gamma values outside the range currently permitted
by png_set_alpha_mode are useful for HDR data encoding. These values
are already permitted by png_set_gamma so it is reasonable caution to
extend the png_set_alpha_mode range as HDR imaging systems are starting
to emerge.
Version 1.6.22beta03 [March 9, 2016]
Added a common-law trademark notice and export control information
to the LICENSE file, png.h, and the man page.
Restored "& 0xff" in png_save_uint_16() and png_save_uint_32() that
were accidentally removed from libpng-1.6.17.
Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0xnnnn to 0xnnnnU in png.h
(Robert C. Seacord).
Removed dubious "#if INT_MAX" test from png.h that was added to
libpng-1.6.19beta02 (John Bowler).
Add ${INCLUDES} in scripts/genout.cmake.in (Bug report by Nixon Kwok).
Updated LICENSE to say files in the contrib directory are not
necessarily under the libpng license, and that some makefiles have
other copyright owners.
Added INTEL-SSE2 support (Mike Klein and Matt Sarett, Google, Inc.).
Made contrib/libtests/timepng more robust. The code no longer gives
up/fails on invalid PNG data, it just skips it (with error messages).
The code no longer fails on PNG files with data beyond IEND. Options
exist to use png_read_png (reading the whole image, not by row) and, in
that case, to apply any of the supported transforms. This makes for
more realistic testing; the decoded data actually gets used in a
meaningful fashion (John Bowler).
Fixed some misleading indentation (Krishnaraj Bhat).
Version 1.6.22beta04 [April 5, 2016]
Force GCC compilation to C89 if needed (Dagobert Michelsen).
SSE filter speed improvements for bpp=3:
memcpy-free implementations of load3() / store3().
call load3() only when needed at the end of a scanline.
Version 1.6.22beta05 [April 27, 2016]
Added PNG_FAST_FILTERS macro (defined as
PNG_FILTER_NONE|PNG_FILTER_SUB|PNG_FILTER_UP).
Various fixes for contrib/libtests/timepng.c
Moved INTEL-SSE code from pngpriv.h into contrib/intel/intel_sse.patch.
Fixed typo (missing underscore) in #define PNG_READ_16_TO_8_SUPPORTED
(Bug report by Y.Ohashik).
Version 1.6.22beta06 [May 5, 2016]
Rebased contrib/intel_sse.patch.
Quieted two Coverity issues in contrib/libtests/timepng.c.
Fixed issues with scripts/genout.cmake.in (David Capello, Nixon Kwok):
Added support to use multiple directories in ZLIBINCDIR variable,
Fixed CMAKE_C_FLAGS with multiple values when genout is compiled on MSVC,
Fixed pnglibconf.c compilation on OS X including the sysroot path.
Version 1.6.22rc01 [May 14, 2016]
No changes.
Version 1.6.22rc02 [May 16, 2016]
Removed contrib/timepng from default build; it does not build on platforms
that don't supply clock_gettime().
Version 1.6.22rc03 [May 17, 2016]
Restored contrib/timepng to default build but check for the presence
of clock_gettime() in configure.ac and Makefile.am.
Version 1.6.22 [May 26, 2016]
No changes.
|
|
Version 1.6.21beta01 [December 11, 2015]
Fixed syntax "$(command)" in tests/pngstest that some shells other than
bash could not parse (Bug report by Nelson Beebe). Use `command` instead.
Version 1.6.21beta02 [December 14, 2015]
Moved png_check_keyword() from pngwutil.c to pngset.c
Removed LE/BE dependencies in pngvalid, to 'fix' the current problem
in the BigEndian tests by not testing it, making the BE code the same
as the LE version.
Fixes to pngvalid for various reduced build configurations (eliminate unused
statics) and a fix for the case in rgb_to_gray when the digitize option
reduces graylo to 0, producing a large error.
Version 1.6.21beta03 [December 18, 2015]
Widened the 'limit' check on the internally calculated error limits in
the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error
checks) and changed the check to only operate in non-release builds
(base build type not RC or RELEASE.)
Fixed undefined behavior in pngvalid.c, undefined because
(png_byte) << shift is undefined if it changes the signed bit
(because png_byte is promoted to int). The libpng exported functions
png_get_uint_32 and png_get_uint_16 handle this. (Bug reported by
David Drysdale as a result of reports from UBSAN in clang 3.8).
This changes pngvalid to use BE random numbers; this used to produce
errors but these should not be fixed as a result of the previous changes.
Version 1.6.21rc01 [January 4, 2016]
In projects/vstudio, combined readme.txt and WARNING into README.txt
Version 1.6.21rc02 [January 7, 2016]
Relocated assert() in contrib/tools/pngfix.c, bug found by American
Fuzzy Lop, reported by Brian Carpenter.
Marked 'limit' UNUSED in transform_range_check(). This only affects
release builds.
Version 1.6.21 [January 15, 2016]
Worked around a false-positive Coverity issue in pngvalid.c.
|
|
Version 1.6.20beta01 [November 20, 2015]
Avoid potential pointer overflow/underflow in png_handle_sPLT() and
png_handle_pCAL() (Bug report by John Regehr).
Version 1.6.20beta02 [November 23, 2015]
Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
vulnerability.
Version 1.6.20beta03 [November 24, 2015]
Backported tests from libpng-1.7.0beta69.
Version 1.6.20rc01 [November 26, 2015]
Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't
immediately fault a bad CMINFO field; instead a 'too far back' error
happens later (at least some times). pngfix failed to limit CMINFO to
the allowed values but then assumed that window_bits was in range,
triggering an assert. The bug is mostly harmless; the PNG file cannot
be fixed.
Version 1.6.20rc02 [November 29, 2015]
In libpng 1.6 zlib initialization was changed to use the window size
in the zlib stream, not a fixed value. This causes some invalid images,
where CINFO is too large, to display 'correctly' if the rest of the
data is valid. This provides a workaround for zlib versions where the
error arises (ones that support the API change to use the window size
in the stream).
Version 1.6.20 [December 3, 2015]
No changes.
|
|
Libpng 1.6.19 - November 12, 2015
Changes since the last public release (1.6.18):
Updated obsolete information about the simplified API macros in the
manual pages (Bug report by Arc Riley).
Avoid potentially dereferencing NULL info_ptr in png_info_init_3().
Rearranged png.h to put the major sections in the same order as
in libpng17.
Eliminated unused PNG_COST_SHIFT, PNG_WEIGHT_SHIFT, PNG_COST_FACTOR, and
PNG_WEIGHT_FACTOR macros.
Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler
(Bug report by Viktor Szakats). Several warnings remain and are
unavoidable, where we test for overflow.
Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
Moved config.h.in~ from the "libpng_autotools_files" list to the
"libpng_autotools_extra" list in autogen.sh because it was causing a
false positive for missing files (bug report by Robert C. Seacord).
Removed unreachable "break" statements in png.c, pngread.c, and pngrtran.c
to suppress clang warnings (Bug report by Viktor Szakats).
Fixed some bad links in the man page.
Changed "n bit" to "n-bit" in comments.
Added signed/unsigned 16-bit safety net. This removes the dubious
0x8000 flag definitions on 16-bit systems. They aren't supported
yet the defs *probably* work, however it seems much safer to do this
and be advised if anyone, contrary to advice, is building libpng 1.6
on a 16-bit system. It also adds back various switch default clauses
for GCC; GCC errors out if they are not present (with an appropriately
high level of warnings).
Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert
Seacord).
Fixed the recently reported 1's complement security issue by replacing
the value that is illegal in the PNG spec, in both signed and unsigned
values, with 0. Illegal unsigned values (anything greater than or equal
to 0x80000000) can still pass through, but since these are not illegal
in ANSI-C (unlike 0x80000000 in the signed case) the checking that
occurs later can catch them (John Bowler).
Fixed png_save_int_32 when int is not 2's complement (John Bowler).
Updated libpng16 with all the recent test changes from libpng17,
including changes to pngvalid.c to ensure that the original,
distributed, version of contrib/visupng/cexcept.h can be used
(John Bowler).
pngvalid contains the correction to the use of SAVE/STORE_
UNKNOWN_CHUNKS; a bug revealed by changes in libpng 1.7. More
tests contain the --strict option to detect warnings and the
pngvalid-standard test has been corrected so that it does not
turn on progressive-read. There is a separate test which does
that. (John Bowler)
Also made some signed/unsigned fixes.
Make pngstest error limits version specific. Splitting the machine
generated error structs out to a file allows the values to be updated
without changing pngstest.c itself. Since libpng 1.6 and 1.7 have
slightly different error limits this simplifies maintenance. The
makepngs.sh script has also been updated to more accurately reflect
current problems in libpng 1.7 (John Bowler).
Incorporated new test PNG files into make check. tests/pngstest-*
are changed so that the new test files are divided into 8 groups by
gamma and alpha channel. These tests have considerably better code
and pixel-value coverage than contrib/pngsuite; however,coverage is
still incomplete (John Bowler).
Removed the '--strict' in 1.6 because of the double-gamma-correction
warning, updated pngstest-errors.h for the errors detected with the
new contrib/testspngs PNG test files (John Bowler).
Worked around rgb-to-gray issues in libpng 1.6. The previous
attempts to ignore the errors in the code aren't quite enough to
deal with the 'channel selection' encoding added to libpng 1.7; abort.
Fixed 'pow' macros in pngvalid.c. It is legal for 'pow' to be a
macro, therefore the argument list cannot contain preprocessing
directives. Make sure pow is a function where this happens. This is
a minimal safe fix, the issue only arises in non-performance-critical
code (bug report by Curtis Leach, fix by John Bowler).
Added sPLT support to pngtest.c
Prevent setting or writing over-length PLTE chunk (Cosmin Truta).
Silently truncate over-length PLTE chunk while reading.
Libpng incorrectly calculated the output rowbytes when the application
decreased either the number of channels or the bit depth (or both) in
a user transform. This was safe; libpng overallocated buffer space
(potentially by quite a lot; up to 4 times the amount required) but,
from 1.5.4 on, resulted in a png_error (John Bowler).
Fixed some inconsequential cut-and-paste typos in
png_set_cHRM_XYZ_fixed().
Clarified COPYRIGHT information to state explicitly that versions
are derived from previous versions.
Removed much of the long list of previous versions from png.h and
libpng.3.
|
|
Problems found with existing digests:
Package fotoxx distfile fotoxx-14.03.1.tar.gz
ac2033f87de2c23941261f7c50160cddf872c110 [recorded]
118e98a8cc0414676b3c4d37b8df407c28a1407c [calculated]
Package ploticus-examples distfile ploticus-2.00/plnode200.tar.gz
34274a03d0c41fae5690633663e3d4114b9d7a6d [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Problems found locating distfiles:
Package AfterShotPro: missing distfile AfterShotPro-1.1.0.30/AfterShotPro_i386.deb
Package pgraf: missing distfile pgraf-20010131.tar.gz
Package qvplay: missing distfile qvplay-0.95.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
Version 1.6.18beta01 [April 1, 2015]
Removed PNG_SET_CHUNK_[CACHE|MALLOC]_LIMIT_SUPPORTED macros. They
have been combined with PNG_SET_USER_LIMITS_SUPPORTED (resolves
bug report by Andrew Church).
Fixed rgb_to_gray checks and added tRNS checks to pngvalid.c. This
fixes some arithmetic errors that caused some tests to fail on
some 32-bit platforms (Bug reports by Peter Breitenlohner [i686]
and Petr Gajdos [i586]).
Version 1.6.18beta02 [April 26, 2015]
Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler
(Bug report by Viktor Szaka'ts).
Version 1.6.18beta03 [May 6, 2015]
Replaced "unexpected" with an integer (0xabadca11) in pngset.c
where a long was expected, to avoid a compiler warning when PNG_DEBUG > 1.
Added contrib/examples/simpleover.c, to demonstrate how to handle
alpha compositing of multiple images, using the "simplified API"
and an example PNG generation tool, contrib/examples/genpng.c
(John Bowler).
Version 1.6.18beta04 [May 20, 2015]
PNG_RELEASE_BUILD replaces tests where the code depended on the build base
type and can be defined on the command line, allowing testing in beta
builds (John Bowler).
Avoid Coverity issue 80858 (REVERSE NULL) in pngtest.c PNG_DEBUG builds.
Avoid a harmless potential integer overflow in png_XYZ_from_xy() (Bug
report from Christopher Ferris).
Version 1.6.18beta05 [May 31, 2015]
Backport filter selection code from libpng-1.7.0beta51, to combine
sub_row, up_row, avg_row, and paeth_row into try_row and tst_row.
Changed png_voidcast(), etc., to voidcast(), etc., in contrib/tools/pngfix.c
to avoid confusion with the libpng private macros.
Fixed old cut&paste bug in the weighted filter selection code in
pngwutil.c, introduced in libpng-0.95, March 1997.
Version 1.6.18beta06 [June 1, 2015]
Removed WRITE_WEIGHTED_FILTERED code, to save a few kbytes of the
compiled library size. It never worked properly and as far as we can
tell, no one uses it. The png_set_filter_heuristics() and
png_set_filter_heuristics_fixed() APIs are retained but deprecated
and do nothing.
Version 1.6.18beta07 [June 6, 2015]
Removed non-working progressive reader 'skip' function. This
function has apparently never been used. It was implemented
to support back-door modification of png_struct in libpng-1.4.x
but (because it does nothing and cannot do anything) was apparently
never tested (John Bowler).
Fixed cexcept.h in which GCC 5 now reports that one of the auto
variables in the Try macro needs to be volatile to prevent value
being lost over the setjmp (John Bowler).
Fixed NO_WRITE_FILTER and -Wconversion build breaks (John Bowler).
Fix g++ build breaks (John Bowler).
Quieted some Coverity issues in pngfix.c, png-fix-itxt.c, pngvalid.c,
pngstest.c, and pngimage.c. Most seem harmless, but png-fix-itxt
would only work with iTXt chunks with length 255 or less.
Added #ifdef's to contrib/examples programs so people don't try
to compile them without the minimum required support enabled
(suggested by Flavio Medeiros).
Version 1.6.18beta08 [June 30, 2015]
Eliminated the final two Coverity defects (insecure temporary file
handling in contrib/libtests/pngstest.c; possible overflow of
unsigned char in contrib/tools/png-fix-itxt.c). To use the "secure"
file handling, define PNG_USE_MKSTEMP, otherwise "tmpfile()" will
be used.
Removed some unused WEIGHTED_FILTER macros from png.h and pngstruct.h
Version 1.6.18beta09 [July 5, 2015]
Removed some useless typecasts from contrib/tools/png-fix-itxt.c
Fixed a new signed-unsigned comparison in pngrtran.c (Max Stepin).
Replaced arbitrary use of 'extern' with #define PNG_LINKAGE_*. To
preserve API compatibility, the new defines all default to "extern"
(requested by Jan Nijtmans).
Version 1.6.18rc01 [July 9, 2015]
Belatedly added Mans Rullgard and James Yu to the list of Contributing
Authors.
Version 1.6.18rc02 [July 12, 2015]
Restored unused FILTER_HEURISTIC macros removed at libpng-1.6.18beta08
to png.h to avoid compatibility warnings.
Version 1.6.18rc03 [July 15, 2015]
Minor changes to the man page
Version 1.6.18 [July 23, 2015]
No changes.
|
|
Version 1.6.17beta01 [January 29, 2015]
Removed duplicate PNG_SAFE_LIMITS_SUPPORTED handling from pngconf.h
Corrected the width limit calculation in png_check_IHDR().
Removed user limits from pngfix. Also pass NULL pointers to
png_read_row to skip the unnecessary row de-interlace stuff.
Added testing of png_set_packing() to pngvalid.c
Regenerated configure scripts in the *.tar distributions with libtool-2.4.4
Implement previously untested cases of libpng transforms in pngvalid.c
Fixed byte order in 2-byte filler, in png_do_read_filler().
Made the check for out-of-range values in png_set_tRNS() detect
values that are exactly 2^bit_depth, and work on 16-bit platforms.
Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47.
Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and
pngset.c to avoid warnings about dead code.
Added "& 0xff" to many instances of expressions that are typecast
to (png_byte), to avoid Coverity gripes.
Version 1.6.17beta02 [February 7, 2015]
Work around one more Coverity-scan dead-code warning.
Do not build png_product2() when it is unused.
Version 1.6.17beta03 [February 17, 2015]
Display user limits in the output from pngtest.
Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column
and 1-million-row default limits in pnglibconf.dfa, that can be reset
by the user at build time or run time. This provides a more robust
defense against DOS and as-yet undiscovered overflows.
Version 1.6.17beta04 [February 21, 2015]
Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default.
Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins).
Rebuilt configure scripts with automake-1.15 and libtool-2.4.6
Version 1.6.17beta05 [February 25, 2015]
Restored compiling of png_reciprocal2 with PNG_NO_16BIT.
Version 1.6.17beta06 [February 27, 2015]
Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block
of png.h.
Avoid runtime checks when converting integer to png_byte with
Visual Studio (Sergey Kosarevsky)
Version 1.6.17rc01 [March 4, 2015]
No changes.
Version 1.6.17rc02 [March 9, 2015]
Removed some comments that the configure script did not handle
properly from scripts/pnglibconf.dfa and pnglibconf.h.prebuilt.
Free the unknown_chunks structure even when it contains no data.
Version 1.6.17rc03 [March 12, 2015]
Updated CMakeLists.txt to add OSX framework, change YES/NO to ON/OFF
for consistency, and remove some useless tests (Alexey Petruchik).
Version 1.6.17rc04 [March 16, 2015]
Remove pnglibconf.h, pnglibconf.c, and pnglibconf.out instead of
pnglibconf.* in "make clean" (Cosmin).
Fix bug in calculation of maxbits, in png_write_sBIT, introduced
in libpng-1.6.17beta01 (John Bowler).
Version 1.6.17rc05 [March 21, 2015]
Define PNG_FILTER_* and PNG_FILTER_VALUE_* in png.h even when WRITE
is not supported (John Bowler). This fixes an error introduced in
libpng-1.6.17beta06.
Reverted "& 0xff" additions of version 1.6.17beta01. Libpng passes
the Coverity scan without them.
Version 1.6.17rc06 [March 23, 2015]
Remove pnglibconf.dfn and pnglibconf.pre with "make clean".
Reformatted some "&0xff" instances to "& 0xff".
Fixed simplified 8-bit-linear to sRGB alpha. The calculated alpha
value was wrong. It's not clear if this affected the final stored
value; in the obvious code path the upper and lower 8-bits of the
alpha value were identical and the alpha was truncated to 8-bits
rather than dividing by 257 (John Bowler).
Version 1.6.17 [March 26, 2015]
No changes.
|
|
Changes since the last public release (1.6.15):
Added ".align 2" to arm/filter_neon.S to support old GAS assemblers that
don't do alignment correctly.
Revised Makefile.am and scripts/*.dfn to work with MinGW/MSYS;
renamed scripts/*.dfn to scripts/*.c (Bob Friesenhahn and John Bowler).
Quiet a "comparison always true" warning in pngstest.c (John Bowler).
Restored a test on width that was removed from png.c at libpng-1.6.9
(Bug report by Alex Eubanks).
Fixed an overflow in png_combine_row with very wide interlaced images.
|
|
only the latter is supported by cwrappers. Change them all to "opt" rules for
consistency and to gain compatibility with cwrappers.
|
|
Version 1.6.15beta01 [October 29, 2014]
Changed "if (!x)" to "if (x == 0)" and "if (x)" to "if (x != 0)"
Simplified png_free_data().
Added missing "ptr = NULL" after some instances of png_free().
Version 1.6.15beta02 [November 1, 2014]
Changed remaining "if (!x)" to "if (x == 0)" and "if (x)" to "if (x != 0)"
Version 1.6.15beta03 [November 3, 2014]
Added PNG_USE_ARM_NEON configuration flag (Marcin Juszkiewicz).
Version 1.6.15beta04 [November 4, 2014]
Removed new PNG_USE_ARM_NEON configuration flag and made a one-line
revision to configure.ac to support ARM on aarch64 instead (John Bowler).
Version 1.6.15beta05 [November 5, 2014]
Use png_get_libpng_ver(NULL) instead of PNG_LIBPNG_VER_STRING in
example.c, pngtest.c, and applications in the contrib directory.
Avoid out-of-bounds memory access in png_user_version_check().
Simplified and future-proofed png_user_version_check().
Fixed GCC unsigned int->float warnings. Various versions of GCC
seem to generate warnings when an unsigned value is implicitly
converted to double. This is probably a GCC bug but this change
avoids the issue by explicitly converting to (int) where safe.
Free all allocated memory in pngimage. The file buffer cache was left
allocated at the end of the program, harmless but it causes memory
leak reports from clang.
Fixed array size calculations to avoid warnings. At various points
in the code the number of elements in an array is calculated using
sizeof. This generates a compile time constant of type (size_t) which
is then typically assigned to an (unsigned int) or (int). Some versions
of GCC on 64-bit systems warn about the apparent narrowing, even though
the same compiler does apparently generate the correct, in-range,
numeric constant. This adds appropriate, safe, casts to make the
warnings go away.
Version 1.6.15beta06 [November 6, 2014]
Reverted use png_get_libpng_ver(NULL) instead of PNG_LIBPNG_VER_STRING
in the manual, example.c, pngtest.c, and applications in the contrib
directory. It was incorrect advice.
Version 1.6.15beta07 [November 7, 2014]
Removed #ifdef PNG_16BIT_SUPPORTED/#endif around png_product2(); it is
needed by png_reciprocal2().
Added #ifdef PNG_16BIT_SUPPORTED/#endif around png_log16bit() and
png_do_swap().
Changed all "#endif /* PNG_FEATURE_SUPPORTED */" to "#endif /* FEATURE */"
Version 1.6.15beta08 [November 8, 2014]
More housecleaning in *.h
Version 1.6.15rc01 [November 13, 2014]
Version 1.6.15rc02 [November 14, 2014]
The macros passed in the command line to Borland make were ignored if
similarly-named macros were already defined in makefiles. This behavior
is different from POSIX make and other make programs. Surround the
macro definitions with ifndef guards (Cosmin).
Version 1.6.15rc03 [November 16, 2014]
Added "-D_CRT_SECURE_NO_WARNINGS" to CFLAGS in scripts/makefile.vcwin32.
Removed the obsolete $ARCH variable from scripts/makefile.darwin.
Version 1.6.15 [November 20, 2014]
No changes.
|
|
Version 1.6.14beta01 [September 14, 2014]
Guard usage of png_ptr->options with #ifdef PNG_SET_OPTION_SUPPORTED.
Do not build contrib/tools/pngfix.c when PNG_SETJMP_NOT_SUPPORTED,
to allow "make" to complete without setjmp support (bug report by
Claudio Fontana)
Add "#include <setjmp.h>" to contrib/tools/pngfix.c (John Bowler)
Version 1.6.14beta02 [September 18, 2014]
Use nanosleep() instead of usleep() in contrib/gregbook/rpng2-x.c
because usleep() is deprecated.
Define usleep() in contrib/gregbook/rpng2-x.c if not already defined
in unistd.h and nanosleep() is not available; fixes error introduced
in libpng-1.6.13.
Disable floating point exception handling in pngvalid.c when
PNG_FLOATING_ARITHMETIC is not supported (bug report by "zootus
at users.sourceforge.net").
Version 1.6.14beta03 [September 19, 2014]
Define FE_DIVBYZERO, FE_INVALID, and FE_OVERFLOW in pngvalid.c if not
already defined. Revert floating point exception handling in pngvalid.c
to version 1.6.14beta01 behavior.
Version 1.6.14beta04 [September 27, 2014]
Fixed incorrect handling of the iTXt compression flag in pngrutil.c
(bug report by Shunsaku Hirata). Bug was introduced in libpng-1.6.0.
Version 1.6.14beta05 [October 1, 2014]
Added "option READ_iCCP enables READ_COMPRESSED_TEXT" to pnglibconf.dfa
Version 1.6.14beta06 [October 5, 2014]
Removed unused "text_len" parameter from private function png_write_zTXt().
Conditionally compile some code in png_deflate_claim(), when
PNG_WARNINGS_SUPPORTED and PNG_ERROR_TEXT_SUPPORTED are disabled.
Replaced repeated code in pngpread.c with PNG_PUSH_SAVE_BUFFER_IF_FULL.
Added "chunk iTXt enables TEXT" and "chunk zTXt enables TEXT"
to pnglibconf.dfa.
Removed "option READ_COMPRESSED_TEXT enables READ_TEXT" from pnglibconf.dfa,
to make it possible to configure a libpng that supports iCCP but not TEXT.
Version 1.6.14beta07 [October 7, 2014]
Removed "option WRITE_COMPRESSED_TEXT enables WRITE_TEXT" from pnglibconf.dfa
Only mark text chunks as written after successfully writing them.
Version 1.6.14rc01 [October 15, 2014]
Fixed some typos in comments.
Version 1.6.14rc02 [October 17, 2014]
Changed png_convert_to_rfc_1123() to png_convert_to_rfc_1123_buffer()
in the manual, to reflect the change made in libpng-1.6.0.
Updated README file to explain that direct access to the png_struct
and info_struct members has not been permitted since libpng-1.5.0.
Version 1.6.14 [October 23, 2014]
No changes.
|
|
|
|
Version 1.6.13beta01 [July 4, 2014]
Quieted -Wsign-compare and -Wclobber compiler warnings in
contrib/pngminus/*.c
Added "(void) png_ptr;" where needed in contrib/gregbook to quiet
compiler complaints about unused pointers.
Split a long output string in contrib/gregbook/rpng2-x.c.
Added "PNG_SET_OPTION" requirement for sRGB chunk support to pnglibconf.dfa,
Needed for write-only support (John Bowler).
Changed "if defined(__ARM_NEON__)" to
"if (defined(__ARM_NEON__) || defined(__ARM_NEON))" (James Wu).
Fixed clang no-warning builds: png_digit was defined but never used.
Version 1.6.13beta02 [July 21, 2014]
Fixed an incorrect separator ("/" should be "\") in scripts/makefile.vcwin32
(bug report from Wolfgang S. Kechel). Bug was introduced in libpng-1.6.11.
Also fixed makefile.bc32, makefile.bor, makefile.msc, makefile.intel, and
makefile.tc3 similarly.
Version 1.6.13beta03 [August 3, 2014]
Removed scripts/makefile.elf. It has not worked since libpng-1.5.0beta14
due to elimination of the PNG_FUNCTION_EXPORT and PNG_DATA_EXPORT
definitions from pngconf.h.
Ensure that CMakeLists.txt makes the target "lib" directory before making
symbolic link into it (SourceForge bug report #226 by Rolf Timmermans).
Version 1.6.13beta04 [August 8, 2014]
Added opinion that the ECCN (Export Control Classification Number) for
libpng is EAR99 to the README file.
Eliminated use of "$<" in makefile explicit rules, when copying
$PNGLIBCONF_H_PREBUILT. This does not work on some versions of make;
bug introduced in libpng version 1.6.11.
Version 1.6.13rc01 [August 14, 2014]
Made "ccopts" agree with "CFLAGS" in scripts/makefile.hp* and makefile.*sunu
Version 1.6.13 [August 21, 2014]
No changes.
|
|
Version 1.6.12rc01 [June 6, 2014]
Relocated new code from 1.6.11beta06 in png.c to a point after the
declarations (Max Stepin).
Version 1.6.12rc02 [June 7, 2014]
Changed file permissions of contrib/tools/intgamma.sh,
test-driver, and compile from 0644 to 0755 (Cosmin).
Version 1.6.12rc03 [June 8, 2014]
Ensure "__has_attribute()" macro exists before trying to use it with
old clang compilers (MacPorts Ticket #43939).
Version 1.6.12 [June 12, 2014]
No changes.
|
|
Version 1.6.11beta01 [March 17, 2014]
Use "if (value != 0)" instead of "if (value)" consistently.
Changed ZlibSrcDir from 1.2.5 to 1.2.8 in projects/vstudio.
Moved configuration information from the manual to the INSTALL file.
Version 1.6.11beta02 [April 6, 2014]
Removed #if/#else/#endif from inside two pow() calls in pngvalid.c because
they were handled improperly by Portland Group's PGI-14.1 - PGI-14.3
when using its "__builtin_pow()" function.
Silence 'unused parameter' build warnings (Cosmin Truta).
$(CP) is now used alongside $(RM_F). Also, use 'copy' instead of 'cp'
where applicable, and applied other minor makefile changes (Cosmin).
Don't warn about invalid dimensions exceeding user limits (Cosmin).
Allow an easy replacement of the default pre-built configuration
header with a custom header, via the make PNGLIBCONF_H_PREBUILT
macro (Cosmin).
Version 1.6.11beta03 [April 6, 2014]
Fixed a typo in pngrutil.c, introduced in libpng-1.5.6, that interferes
with "blocky" expansion of sub-8-bit interlaced PNG files (Eric Huss).
Optionally use __builtin_bswap16() in png_do_swap().
Version 1.6.11beta04 [April 19, 2014]
Made progressive reading of interlaced images consistent with the
behavior of the sequential reader and consistent with the manual, by
moving some code out of the PNG_READ_INTERLACING_SUPPORTED blocks. The
row_callback now receives the proper pass number and unexpanded rows, when
png_combine_row() isn't built or used, and png_set_interlace_handling()
is not called.
Allow PNG_sRGB_PROFILE_CHECKING = (-1) to mean no sRGB profile checking.
Version 1.6.11beta05 [April 26, 2014]
Do not reject ICC V2 profiles that lack padding (Kai-Uwe Behrmann).
Relocated closing bracket of the sRGB profile test loop to avoid getting
"Not recognizing known sRGB profile that has been edited" warning for
ICC V2 profiles that lack the MD5 signature in the profile header.
Version 1.6.11beta06 [May 19, 2014]
Added PNG_SKIP_sRGB_CHECK_PROFILE choice for png_set_option().
Version 1.6.11rc01 [May 27, 2014]
No changes.
Version 1.6.11rc02 [June 3, 2014]
Test ZLIB_VERNUM instead of PNG_ZLIB_VERNUM in contrib/tools/pngfix.c
Version 1.6.11 [June 5, 2014]
No changes.
|
|
Version 1.6.10rc02 [February 28, 2014]
Removed unreachable return statement after png_chunk_error()
in pngrutil.c
Version 1.6.10rc03 [March 4, 2014]
Un-deprecated png_data_freer().
Version 1.6.10 [March 6, 2014]
|
|
This fixes CERT VU#684412 and CVE-2014-0333.
Version 1.6.10beta01 [February 9, 2014]
Backported changes from libpng-1.7.0beta30 and beta31:
Fixed a large number of instances where PNGCBAPI was omitted from
function definitions.
Added pngimage test program for png_read_png() and png_write_png()
with two new test scripts.
Removed dependence on !PNG_READ_EXPAND_SUPPORTED for calling
png_set_packing() in png_read_png().
Fixed combination of ~alpha with shift. On read invert alpha, processing
occurred after shift processing, which causes the final values to be
outside the range that should be produced by the shift. Reversing the
order on read makes the two transforms work together correctly and mirrors
the order used on write.
Do not read invalid sBIT chunks. Previously libpng only checked sBIT
values on write, so a malicious PNG writer could therefore cause
the read code to return an invalid sBIT chunk, which might lead to
application errors or crashes. Such chunks are now skipped (with
chunk_benign_error).
Make png_read_png() and png_write_png() prototypes in png.h depend
upon PNG_READ_SUPPORTED and PNG_WRITE_SUPPORTED.
Support builds with unsupported PNG_TRANSFORM_* values. All of the
PNG_TRANSFORM_* values are always defined in png.h and, because they
are used for both read and write in some cases, it is not reliable
to #if out ones that are totally unsupported. This change adds error
detection in png_read_image() and png_write_image() to do a
png_app_error() if the app requests something that cannot be done
and it adds corresponding code to pngimage.c to handle such options
by not attempting to test them.
Version 1.6.10beta02 [February 23, 2014]
Moved redefines of png_error(), png_warning(), png_chunk_error(),
and png_chunk_warning() from pngpriv.h to png.h to make them visible
to libpng-calling applications.
Moved OS dependent code from arm/arm_init.c, to allow the included
implementation of the ARM NEON discovery function to be set at
build-time and provide sample implementations from the current code in the
contrib/arm-neon subdirectory. The __linux__ code has also been changed to
compile and link on Android by using /proc/cpuinfo, and the old linux code
is in contrib/arm-neon/linux-auxv.c. The new code avoids POSIX and Linux
dependencies apart from opening /proc/cpuinfo and is C90 compliant.
Check for info_ptr == NULL early in png_read_end() so we don't need to
run all the png_handle_*() and depend on them to return if info_ptr == NULL.
This improves the performance of png_read_end(png_ptr, NULL) and makes
it more robust against future programming errors.
Check for __has_extension before using it in pngconf.h, to
support older Clang versions (Jeremy Sequoia).
Treat CRC error handling with png_set_crc_action(), instead of with
png_set_benign_errors(), which has been the case since libpng-1.6.0beta18.
Use a user warning handler in contrib/gregbook/readpng2.c instead of default,
so warnings will be put on stderr even if libpng has CONSOLE_IO disabled.
Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk
after recognizing the IDAT chunk, which avoids an infinite loop while
reading a datastream whose first IDAT chunk is of zero-length.
This fixes CERT VU#684412 and CVE-2014-0333.
Don't recognize known sRGB profiles as sRGB if they have been hacked,
but don't reject them and don't issue a copyright violation warning.
Version 1.6.10beta03 [February 25, 2014]
Moved some documentation from png.h to libpng.3 and libpng-manual.txt
Minor editing of contrib/arm-neon/README and contrib/examples/*.c
Version 1.6.10rc01 [February 27, 2014]
Fixed typos in the manual and in scripts/pnglibconf.dfa (CFLAGS -> CPPFLAGS
and PNG_USR_CONFIG -> PNG_USER_CONFIG).
|
|
with very helpful upstream.
Changes:
Version 1.6.9beta01 [December 26, 2013]
Bookkeeping: Moved functions around (no changes). Moved transform
function definitions before the place where they are called so that
they can be masde static. Move the intrapixel functions and the
grayscale palette builder out of the png?tran.c files. The latter
isn't a transform function and is no longer used internally, and the
former MNG specific functions are better placed in pngread/pngwrite.c
Made transform implementation functions static. This makes the internal
functions called by png_do_{read|write}_transformations static. On an
x86-64 DLL build (Gentoo Linux) this reduces the size of the text
segment of the DLL by 1208 bytes, about 0.6%. It also simplifies
maintenance by removing the declarations from pngpriv.h and allowing
easier changes to the internal interfaces.
Rebuilt configure scripts with automake-1.14.1 and autoconf-2.69
in the tar distributions.
Version 1.6.9beta02 [January 1, 2014]
Added checks for libpng 1.5 to pngvalid.c. This supports the use of
this version of pngvalid in libpng 1.5
Merged with pngvalid.c from libpng-1.7 changes to create a single
pngvalid.c
Removed #error macro from contrib/tools/pngfix.c (Thomas Klausner).
Merged pngrio.c, pngtrans.c, pngwio.c, and pngerror.c with libpng-1.7.0
Merged libpng-1.7.0 changes to make no-interlace configurations work
with test programs.
Revised pngvalid.c to support libpng 1.5, which does not support the
PNG_MAXIMUM_INFLATE_WINDOW option, so #define it out when appropriate in
pngvalid.c
Allow unversioned links created on install to be disabled in configure.
In configure builds 'make install' changes/adds links like png.h
and libpng.a to point to the newly installed, versioned, files (e.g.
libpng17/png.h and libpng17.a). Three new configure options and some
rearrangement of Makefile.am allow creation of these links to be disabled.
Version 1.6.9beta03 [January 10, 2014]
Removed potentially misleading warning from png_check_IHDR().
Version 1.6.9beta04 [January 20, 2014]
Updated scripts/makefile.* to use CPPFLAGS (Cosmin).
Added clang attribute support (Cosmin).
Version 1.6.9rc01 [January 28, 2014]
No changes.
Version 1.6.9rc02 [January 30, 2014]
Quiet an uninitialized memory warning from VC2013 in png_get_png().
Version 1.6.9 [February 6, 2014]
|
|
Version 1.6.8beta01 [November 24, 2013]
Moved prototype for png_handle_unknown() in pngpriv.h outside of
the #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED/#endif block.
Added "-Wall" to CFLAGS in contrib/pngminim/*/makefile
Conditionally compile some unused functions reported by -Wall in
pngminim.
Fixed 'minimal' builds. Various obviously useful minimal configurations
don't build because of missing contrib/libtests test programs and
overly complex dependencies in scripts/pnglibconf.dfa. This change
adds contrib/conftest/*.dfa files that can be used in automatic build
scripts to ensure that these configurations continue to build.
Enabled WRITE_INVERT and WRITE_PACK in contrib/pngminim/encoder.
Fixed pngvalid 'fail' function declaration on the Intel C Compiler.
This reverts to the previous 'static' implementation and works round
the 'unused static function' warning by using PNG_UNUSED().
Version 1.6.8beta02 [November 30, 2013]
Removed or marked PNG_UNUSED some harmless "dead assignments" reported
by clang scan-build.
Changed tabs to 3 spaces in png_debug macros and changed '"%s"m'
to '"%s" m' to improve portability among compilers.
Changed png_free_default() to free() in pngtest.c
Version 1.6.8rc01 [December 12, 2013]
Tidied up pngfix inits and fixed pngtest no-write builds.
Version 1.6.8rc02 [December 14, 2013]
Handle zero-length PLTE chunk or NULL palette with png_error()
instead of png_chunk_report(), which by default issues a warning
rather than an error, leading to later reading from a NULL pointer
(png_ptr->palette) in png_do_expand_palette(). This is CVE-2013-6954
and VU#650142.
Version 1.6.8 [December 19, 2013]
|
|
|
|
|
|
Version 1.6.7beta01 [September 30, 2013]
Revised unknown chunk code to correct several bugs in the NO_SAVE_/NO_WRITE
combination
Allow HANDLE_AS_UNKNOWN to work when other options are configured off. Also
fixed the pngminim makefiles to work when $(MAKEFLAGS) contains stuff
which terminates the make options (as by default in recent versions of
Gentoo).
Avoid up-cast warnings in pngvalid.c. On ARM the alignment requirements of
png_modifier are greater than that of png_store and as a consequence
compilation of pngvalid.c results in a warning about increased alignment
requirements because of the bare cast to (png_modifier*). The code is safe,
because the pointer is known to point to a stack allocated png_modifier,
but this change avoids the warning.
Fixed default behavior of ARM_NEON_API. If the ARM NEON API option was
compiled without the CHECK option it defaulted to on, not off.
Check user callback behavior in pngunknown.c. Previous versions compiled
if SAVE_UNKNOWN was not available but did nothing since the callback
was never implemented.
Merged pngunknown.c with 1.7 version and back ported 1.7 improvements/fixes
Version 1.6.7beta02 [October 12, 2013]
Made changes for compatibility with automake 1.14:
1) Added the 'compile' program to the list of programs that must be cleaned
in autogen.sh
2) Added 'subdir-objects' which causes .c files in sub-directories to be
compiled such that the corresponding .o files are also in the
sub-directory. This is because automake 1.14 warns that the
current behavior of compiling to the top level directory may be removed
in the future.
3) Updated dependencies on pnglibconf.h to match the new .o locations and
added all the files in contrib/libtests and contrib/tools that depend
on pnglibconf.h
4) Added 'BUILD_SOURCES = pnglibconf.h'; this is the automake recommended
way of handling the dependencies of sources that are machine generated;
unfortunately it only works if the user does 'make all' or 'make check',
so the dependencies (3) are still required.
Cleaned up (char*) casts of zlib messages. The latest version of the Intel C
compiler complains about casting a string literal as (char*), so copied the
treatment of z_const from the library code into pngfix.c
Simplified error message code in pngunknown. The simplification has the
useful side effect of avoiding a bogus warning generated by the latest
version of the Intel C compiler (it objects to
condition ? string-literal : string-literal).
Make autogen.sh work with automake 1.13 as well as 1.14. Do this by always
removing the 1.14 'compile' script but never checking for it.
Version 1.6.7beta03 [October 19, 2013]
Added ARMv8 support (James Yu <james.yu at linaro.org>). Added file
arm/filter_neon_intrinsics.c; enable with -mfpu=neon.
Revised pngvalid to generate size images with as many filters as it can
manage, limited by the number of rows.
Cleaned up ARM NEON compilation handling. The tests are now in pngpriv.h
and detect the broken GCC compilers.
Version 1.6.7beta04 [October 26, 2013]
Allow clang derived from older GCC versions to use ARM intrinsics. This
causes all clang builds that use -mfpu=neon to use the intrinsics code,
not the assembler code. This has only been tested on iOS 7. It may be
necessary to exclude some earlier clang versions but this seems unlikely.
Changed NEON implementation selection mechanism. This allows assembler
or intrinsics to be turned on at compile time during the build by defining
PNG_ARM_NEON_IMPLEMENTATION to the correct value (2 or 1). This macro
is undefined by default and the build type is selected in pngpriv.h.
Version 1.6.7rc01 [November 2, 2013]
No changes.
Version 1.6.7rc02 [November 7, 2013]
Fixed #include in filter_neon_intrinsics.c and ctype macros. The ctype char
checking macros take an unsigned char argument, not a signed char.
Version 1.6.7 [November 14, 2013]
|
|
Version 1.6.6 [September 16, 2013]
Removed two stray lines of code from arm/arm_init.c, again.
|
|
libpng-1.6.5 has been released, to remove two stray lines in arm/arm_init.c
that caused libpng to fail to compile when ARM support is enabled. This
problem was apparently due to a cut-and-paste error of some sort on my part.
|
|
Changes since the last public release (1.6.3):
Added information about png_set_options() to the manual.
Delay calling png_init_filter_functions() until a row with nonzero filter
is found.
Fixed inconsistent conditional compilation of png_chunk_unknown_handling()
prototype, definition, and usage. Made it depend on
PNG_HANDLE_AS_UNKNOWN_SUPPORTED everywhere.
|
|
|
|
Changes since the last public release (1.6.2):
Revised stack marking in arm/filter_neon.S and configure.ac.
Ensure that NEON filter stuff is completely disabled when switched 'off'.
Previously the ARM NEON specific files were still built if the option
was switched 'off' as opposed to being explicitly disabled.
Test for 'arm*' not just 'arm' in the host_cpu configure variable.
Rebuilt the configure scripts.
Expanded manual paragraph about writing private chunks, particularly
the need to call png_set_keep_unknown_chunks() when writing them.
Avoid dereferencing NULL pointer possibly returned from
png_create_write_struct() (Andrew Church).
Calculate our own zlib windowBits when decoding rather than trusting the
CMF bytes in the PNG datastream.
Added an option to force maximum window size for inflating, which was
the behavior of libpng15 and earlier.
Added png-fix-itxt and png-fix-too-far-back to the built programs and
removed warnings from the source code and timepng that are revealed as
a result.
Detect wrong libpng versions linked to png-fix-too-far-back, which currently
only works with libpng versions that can be made to reliably fail when
the deflate data contains an out-of-window reference. This means only
1.6 and later.
Fixed gnu issues: g++ needs a static_cast, gcc 4.4.7 has a broken warning
message which it is easier to work round than ignore.
Updated contrib/pngminus/pnm2png.c (Paul Stewart):
Check for EOF
Ignore "#" delimited comments in input file to pnm2png.c.
Fixed whitespace handling
Added a call to png_set_packing()
Initialize dimension values so if sscanf fails at least we have known
invalid values.
Attempt to detect configuration issues with png-fix-too-far-back, which
requires both the correct libpng and the correct zlib to function
correctly.
Check ZLIB_VERNUM for mismatches, enclose #error in quotes
Added information in the documentation about problems with and fixes for
the bad CRC and bad iTXt chunk situations.
Allow contrib/pngminus/pnm2png.c to compile without WRITE_INVERT and
WRITE_PACK supported (writes error message that it can't read P1 or
Improved png-fix-too-far-back usage message, added --suffix option.
Revised contrib/pngminim/*/makefile to generate pnglibconf.h with the
right zlib header files.
Separated CPPFLAGS and CFLAGS in contrib/pngminim/*/makefile
Removed a redundant test in png_set_IHDR().
Added set(CMAKE_CONFIGURATION_TYPES ...) to CMakeLists.txt (Andrew Hundt)
Deleted set(CMAKE_BUILD_TYPE) block from CMakeLists.txt
Enclose the prototypes for the simplified write API in
#ifdef PNG_STDIO_SUPPORTED/#endif
Make ARM NEON support work at compile time (not just configure time).
This moves the test on __ARM_NEON__ into pngconf.h to avoid issues when
using a compiler that compiles for multiple architectures at one time.
Removed PNG_FILTER_OPTIMIZATIONS and PNG_ARM_NEON_SUPPORTED from
pnglibconf.h, allowing more of the decisions to be made internally
(pngpriv.h) during the compile. Without this, symbol prefixing is broken
under certain circumstances on ARM platforms. Now only the API parts of
the optimizations ('check' vs 'api') are exposed in the public header files
except that the new setting PNG_ARM_NEON_OPT documents how libpng makes the
decision about whether or not to use the optimizations.
Protect symbol prefixing against CC/CPPFLAGS/CFLAGS useage.
Previous iOS/Xcode fixes for the ARM NEON optimizations moved the test
on __ARM_NEON__ from configure time to compile time. This breaks symbol
prefixing because the definition of the special png_init_filter_functions
call was hidden at configure time if the relevant compiler arguments are
passed in CFLAGS as opposed to CC. This change attempts to avoid all
the confusion that would result by declaring the init function even when
it is not used, so that it will always get prefixed.
Revised libpng.3 so that "doclifter" can process it.
Revised example.c to illustrate use of PNG_DEFAULT_sRGB and
PNG_GAMMA_MAC_18
as parameters for png_set_gamma(). These have been available since
libpng-1.5.4.
Renamed contrib/tools/png-fix-too-far-back.c to pngfix.c and revised it
to check all compressed chunks known to libpng.
Updated documentation to show default behavior of benign errors correctly.
Only compile ARM code when PNG_READ_SUPPORTED is defined.
Fixed undefined behavior in contrib/tools/pngfix.c and added new strip
option. pngfix relied on undefined behavior and even a simple change from
gcc to g++ caused it to fail. The new strip option 'unsafe' has been
implemented and is the default if --max is given. Option names have
been clarified, with --strip=transform now stripping the bKGD chunk,
which was stripped previously with --strip=unused.
Added all documented chunk types to pngpriv.h
Unified pngfix.c source with libpng17.
Revised manual about changes in iTXt chunk handling made in libpng-1.6.0.
Added "/* SAFE */" comments in pngrutil.c and pngrtran.c where warnings
may be erroneously issued by code-checking applications.
|
|
- specify "-O2 -fno-ipa-sra" for NetBSD/arm and gcc-4.5.* in hacks.mk
- also bump PKGREVISION for explicit rebuild
"Please commit that" from wiz@.
|
