Changes since the last public release (1.2.7):
Fixed bug in png_text_compress() that would fail to complete a large block.
Fixed bug, introduced in libpng-1.2.7, that overruns a buffer during
strip alpha operation in png_do_strip_filler().
Added PNG_1_2_X definition in pngconf.h
#ifdef out png_info_init in png.c and png_read_init in pngread.c (as of 1.3.0)
Reduce color_type to a nonalpha type after strip alpha operation in
png_do_strip_filler().
Revised definitions of PNG_MAX_UINT_32, PNG_MAX_SIZE, and PNG_MAXSUM
Fixed (again) definition of PNG_LIBPNG_VER_DLLNUM in png.h (Cosmin).
Added PNG_LIBPNG_BUILD_PRIVATE in png.h (Cosmin).
Set png_ptr->zstream.data_type to Z_BINARY, to avoid unnecessary detection
of data type in deflate (Cosmin).
Deprecated but continue to support SPECIALBUILD and PRIVATEBUILD in favor of
PNG_LIBPNG_BUILD_SPECIAL_STRING and PNG_LIBPNG_BUILD_PRIVATE_STRING.
Despammed mailing addresses by masking "@" with "at".
Added scripts/makefile.elf with supporting code in pngconf.h for symbol
versioning (John Bowler).
Added projects/visualc71 (Simon-pierre).
* Removed unused pngasmrd.h file.
* Removed references to uu.net for archived files. Added references to
PNG Spec (second edition) and the PNG ISO/IEC Standard.
* Added "test-dd" target in 15 makefiles, to run pngtest in DESTDIR.
* Fixed bug with "optimized window size" in the IDAT datastream, that
causes libpng to write PNG files with incorrect zlib header bytes.
* Fixed bug with sCAL chunk and big-endian machines (David Munro).
* Undid new code added in 1.2.6rc2 to update the color_type in
png_set_filler().
* Added png_set_add_alpha() that updates color type.
* Revised png_set_strip_filler() to not remove alpha if color_type has alpha.
* Added makefile.hp64
* Changed projects/msvc/png32ms.def to scripts/png32ms.def in makefile.cygwin
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
because no ABI change or soname changes.
It is important to note that because of the fixed *_RECOMMENDED
mechanism, that 1.2.6rc2 will be the default version required.
security fixes)
changes:
version 1.2.6rc3 [August 9, 2004]
Eliminated use of "abs()" in testing cHRM and gAMA values, to avoid
trouble with some 64-bit compilers. Created PNG_OUT_OF_RANGE() macro.
Revised documentation of png_set_keep_unknown_chunks().
Check handle_as_unknown status in pngpread.c, as in pngread.c previously.
Moved "PNG_HANDLE_CHUNK_*" macros out of PNG_INTERNAL section of png.h
Added "rim" definitions for CONST4 and CONST6 in pnggccrd.c
version 1.2.6rc4 [August 10, 2004]
Fixed mistake in pngtest.c introduced in 1.2.6rc2 (declaration of
"pinfo" was out of place).
version 1.2.6rc5 [August 10, 2004]
Moved "PNG_HANDLE_CHUNK_*" macros out of PNG_ASSEMBLER_CODE_SUPPORTED
section of png.h where they were inadvertently placed in version rc3.
version 1.2.6rc6 [August 15, 2004]
Revised pngtest so memory allocation testing is only done when PNG_DEBUG==1.
changes:
version 1.2.6rc2 [August 8, 2004]
Revised makefile.darwin and makefile.solaris. Removed makefile.macosx.
Revised pngtest's png_debug_malloc() to use png_malloc() instead of
png_malloc_default() which is not supposed to be exported.
Fixed off-by-one error in one of the conversions to PNG_ROWBYTES() in
pngpread.c. Bug was introduced in 1.2.6rc1.
Fixed bug in RGB to RGBX transformation introduced in 1.2.6rc1.
Fixed old bug in RGB to Gray transformation.
Fixed problem with 64-bit compilers by casting arguments to abs()
to png_int_32.
Changed "ln -sf" to "ln -f -s" in three makefiles (solaris, sco, so9).
Changed "HANDLE_CHUNK_*" to "PNG_HANDLE_CHUNK_*" (Cosmin)
Added "-@/bin/rm -f $(DL)/$(LIBNAME).so.$(PNGMAJ)" to 15 *NIX makefiles.
Added code to update the row_info->colortype in png_do_read_filler() (MSB).
posted to png-implement by Glenn Randers-Pherson, libpng's maintainer.
This error was widely reported as "security issue",
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421
even though there is no security issue. The most the error could do is
SIGSEGV, and that only with some fairly uncommon circumstances. The patch
posted with the advisory is in fact flawed, in that it calls strlen() on
presumably arbitrary data.
Bump PKGREVISION.
by moving the inclusion of buildlink3.mk files outside of the protected
region. This bug would be seen by users that have set PREFER_PKGSRC
or PREFER_NATIVE to non-default values.
BUILDLINK_PACKAGES should be ordered so that for any package in the
list, that package doesn't depend on any packages to the left of it
in the list. This ordering property is used to check for builtin
packages in the correct order. The problem was that including a
buildlink3.mk file for <pkg> correctly ensured that <pkg> was removed
from BUILDLINK_PACKAGES and appended to the end. However, since the
inclusion of any other buildlink3.mk files within that buildlink3.mk
was in a region that was protected against multiple inclusion, those
dependencies weren't also moved to the end of BUILDLINK_PACKAGES.
the normal case when BUILDLINK_DEPENDS.<pkg> isn't specified, it receives
a value only once due to the multiple inclusion protection in the
bulldlink3.mk files. In the case where a package includes several
buildlink3.mk files that each want a slightly different version of another
dependency, having BUILDLINK_DEPENDS.<pkg> be a list allows for the
strictest <pkg> dependency to be matched.
images (and bump package to 1.2.5nb2). The following is taken directly
from the png-implement mailing list...
Date: Fri, 20 Dec 2002 11:26:31 -0500
From: Glenn Randers-Pehrson <glennrp@comcast.net>
Reply-To: png-implement@ccrc.wustl.edu
To: png-implement@ccrc.wustl.edu
Subject: Re: [png-implement] bug in png_read_filler() with 16-bit samples
At 01:01 AM 12/5/02 -0500, Glenn Randers-Pehrson wrote:
>A bug has turned up in png_read_filler() with 16-bit samples.
>The starting offsets for the loops are calculated incorrectly
>which causes a buffer overrun beyond the beginning of the row
>buffer.
>
>To fix, at lines 1968 and 1990,
>change "row_width * 3" to "row_width * 6"
>and at lines 1969 and 1991,
>change "row_width;" to "row_width * 2;"
This is only half of the story. Adding an alpha channel to
16-bit *grayscale* images with png_do_read_filler() exhibits
the same bug, and pngcrush crashes if I try to do it.
To fix, at lines 1892, 1893, 1910, and 1911 of pngrtran.c
change "row_width" to "row_width * 2"
Note that applications that do not add an alpha channel via
png_set_filler(), and any applications that do, but reduce 16-bit
samples to 8 bit via png_set_strip_16() are invulnerable to
the bug. Pngcrush is the only application that I know of
that uses png_set_filler() without also using png_set_strip_16().
Glenn
--
Send the message body "help" to png-implement-request@ccrc.wustl.edu
reported to the png-implement mailing list by Glenn Randers-Pehrson:
ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-implement.200212
[Glenn Randers-Pehrson is the original author and chief maintainer of
libpng.]
From the discussion in the archive, it appears to be unlikely that the
bug could be exploited by a malicious web-server, chiefly because the
operation that triggers it is more likely to be carried out by an image
manipulation program (i.e. pngcrush), than by a web browser.
* Changed png_error() to png_warning() about
"Too much data" in pngpread.c and about
"Extra compressed data" in pngrutil.c.
* Prevent png_ptr->pass from exceeding 7 in
png_push_finish_row().
* Updated png.c and pnggccrd.c handling of return from
png_mmx_support() [Doesn't apply to the package.]
* Only issue png_warning() about "Too much data" in
pngpread.c when avail_in is nonzero.
* Relocated two misplaced PNGAPI lines in pngtest.c
Update submitted by Stefan Krüger in PR/18926.
buildlink2.mk files back into the main trunk. This provides sufficient
buildlink2 infrastructure to start merging other packages from the
buildlink2 branch that have already been converted to use the buildlink2
framework.
and png_set_text_2(), call for a minor version bump in the shared library.
Update "BUILDLINK_DEPENDS" to current level. Also make the shared library
versions visible in the top-level "Makefile", and add a top-level "test"
target to invoke "pngtest" in ${WRKSRC}.
The following is culled from the extensive "CHANGES" file, ommitting
all make system and doc changes, and some bug fixes for bugs that weren't
present in 1.2.1. See "CHANGES" for complete details:
Added setjmp() at the end of png_create_*_struct_2() in case user forgets
to put one in their application.
Exported png_zalloc(), png_zfree(), png_default_read(), png_default_write(),
png_default_flush(), and png_push_fill_buffer() and included them in
module definition files.
Revised prototype for png_default_flush()
Typos in *.def files (png_default_read|write -> png_default_read|write_data)
Once more restored png_zalloc and png_zfree to regular nonexported form.
Restored png_default_read|write_data, png_default_flush, png_read_fill_buffer
to nonexported form, but with PNGAPI, and removed them from module def files.
Removed "PNGAPI" from png_zalloc() and png_zfree() in png.c
Plugged various memory leaks; added png_malloc_warn() and png_set_text_2()
functions.
Plugged memory leak of png_ptr->current_text (Matt Holgate).
Check for buffer overflow before reading CRC in pngpread.c (Warwick Allison)
Plugged memory leak of row_buf in pngtest.c when there is a png_error().
Detect buffer overflow in pngpread.c when IDAT is corrupted with extra data.
Changed png_warning() to png_error() when width is too large to process.
