Commit graph

135 commits

Author SHA1 Message Date
wiz
2b5e9acc7e Updated png to 1.6.30.
Changes since the last public release (1.6.29):

  Added missing "$(CPPFLAGS)" to the compile line for c.pic.o in
    makefile.linux and makefile.solaris-x86 (Cosmin).
  Revised documentation of png_get_error_ptr() in the libpng manual.
  Silence clang -Wcomma and const drop warnings (Viktor Szakats).
  Update Sourceforge URLs in documentation (https instead of http).
  Document need to check for integer overflow when allocating a pixel
    buffer for multiple rows in contrib/gregbook, contrib/pngminus,
    example.c, and in the manual (suggested by Jaeseung Choi). This
    is similar to the bug reported against pngquant in CVE-2016-5735.
  Removed reference to the obsolete PNG_SAFE_LIMITS macro in the documentation.
  Check for integer overflow in contrib/visupng and contrib/tools/genpng.
  Do not double evaluate CMAKE_SYSTEM_PROCESSOR in CMakeLists.txt.
  Test CMAKE_HOST_WIN32 instead of WIN32 in CMakeLists.txt.
  Fix some URL in documentation.
  Avoid writing an empty IDAT when the last IDAT exactly fills the
    compression buffer (bug report by Brian Baird).  This bug was
    introduced in libpng-1.6.0.
  Update copyright year in pnglibconf.h, make ltmain.sh executable.
  Add a reference to the libpng.download site in README.
2017-07-03 11:07:00 +00:00
wiz
225b288f23 Updated png to 1.6.29.
Version 1.6.29beta01 [January 12, 2017]
  Readded "include(GNUInstallDirs)" to CMakeLists.txt (Gianfranco Costamagna).
  Moved SSE2 optimization code into the main libpng source directory.
    Configure libpng with "configure --enable-intel-sse" or compile
    libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it.
  Simplified conditional compilation in pngvalid.c, for AIX (Michael Felt).

Version 1.6.29beta02 [February 22, 2017]
  Avoid conditional directives that break statements in pngrutil.c (Romero
    Malaquias)
  The contrib/examples/pngtopng.c recovery code was in the wrong "if"
    branches; the comments were correct.
  Added code for PowerPC VSX optimisation (Vadim Barkov).

Version 1.6.29beta03 [March 1, 2017]
  Avoid potential overflow of shift operations in png_do_expand() (Aaron Boxer).
  Change test ZLIB_VERNUM >= 0x1281 to ZLIB_VERNUM >= 0x1290 in pngrutil.c
    because Solaris 11 distributes zlib-1.2.8.f that is older than 1.2.8.1.
  Suppress clang warnings about implicit sign changes in png.c

Version 1.6.29 [March 16, 2017]
  No changes.
2017-03-16 15:15:42 +00:00
wiz
8198c749c7 Updated png to 1.6.28.
Version 1.6.28rc01 [January 3, 2017]
  Fixed arm/aarch64 detection in CMakeLists.txt (Gianfranco Costamagna).
  Added option to Cmake build allowing a custom location of zlib to be
    specified in a scenario where libpng is being built as a subproject
    alongside zlib by another project (Sam Serrels).
  Changed png_ptr->options from a png_byte to png_uint_32, to accomodate
    up to 16 options.

Version 1.6.28rc02 [January 4, 2017]
  Added "include(GNUInstallDirs)" to CMakeLists.txt (Gianfranco Costamagna).
  Moved SSE2 optimization code into the main libpng source directory.
    Configure libpng with "configure --enable-intel-sse" or compile
    libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it.

Version 1.6.28rc03 [January 4, 2017]
  Backed out the SSE optimization and last CMakeLists.txt to allow time for QA.

Version 1.6.28 [January 5, 2017]
  No changes.
2017-01-05 17:54:44 +00:00
wiz
b43896f630 Updated png to 1.6.27, security fix release.
Version 1.6.27beta01 [November 2, 2016]
  Restrict the new ADLER32-skipping to IDAT chunks.  It broke iCCP chunk
    handling: an erroneous iCCP chunk would throw a png_error and reject the
    entire PNG image instead of rejecting just the iCCP chunk with a warning,
    if built with zlib-1.2.8.1.

Version 1.6.27rc01 [December 27, 2016]
  Control ADLER32 checking with new PNG_IGNORE_ADLER32 option.
  Removed the use of a macro containing the pre-processor 'defined'
    operator.  It is unclear whether this is valid; a macro that
    "generates" 'defined' is not permitted, but the use of the word
    "generates" within the C90 standard seems to imply more than simple
    substitution of an expression itself containing a well-formed defined
    operation.
  Added ARM support to CMakeLists.txt (Andreas Franek).

Version 1.6.27 [December 29, 2016]
  Fixed a potential null pointer dereference in png_set_text_2() (bug report
    and patch by Patrick Keshishian).
2016-12-29 18:41:03 +00:00
wiz
73c83b5c90 Updated png to 1.6.26.
Version 1.6.26beta01 [September 26, 2016]
  Fixed handling zero length IDAT in pngfix (bug report by Agostino Sarubbo,
    bugfix by John Bowler).
  Do not issue a png_error() on read in png_set_pCAL() because png_handle_pCAL
    has allocated memory that libpng needs to free.
  Conditionally compile png_set_benign_errors() in pngread.c and pngtest.c
  Issue a png_benign_error instead of a png_error on ADLER32 mismatch
    while decoding compressed data chunks.
  Changed PNG_ZLIB_VERNUM to ZLIB_VERNUM in pngpriv.h, pngstruct.h, and
    pngrutil.c.
  If CRC handling of critical chunks has been set to PNG_CRC_QUIET_USE,
    ignore the ADLER32 checksum in the IDAT chunk as well as the chunk CRCs.
  Issue png_benign_error() on ADLER32 checksum mismatch instead of png_error().
  Add tests/badcrc.png and tests/badadler.png to tests/pngtest.
  Merged pngtest.c with libpng-1.7.0beta84/pngtest.c

Version 1.6.26beta02 [October 1, 2016]
  Updated the documentation about CRC and ADLER32 handling.
  Quieted 117 warnings from clang-3.8 in pngtrans.c, pngread.c,
     pngwrite.c, pngunknown.c, and pngvalid.c.
  Quieted 58 (out of 144) -Wconversion compiler warnings by changing
    flag definitions in pngpriv.h from 0xnnnn to 0xnnnnU and trivial changes
    in png.c, pngread.c, and pngwutil.c.

Version 1.6.26beta03 [October 2, 2016]
  Removed contrib/libtests/*.orig and *.rej that slipped into the tarballs.
  Quieted the 86 remaining -Wconversion compiler warnings by
    revising the png_isaligned() macro and trivial changes in png.c,
    pngerror.c, pngget.c, pngmem.c, pngset.c, pngrtran.c, pngrutil.c,
    pngwtran.c, pngwrite.c, and pngwutil.c.

Version 1.6.26beta04 [October 3, 2016]
  Quieted (bogus?) clang warnings about "absolute value has no effect"
    when PNG_USE_ABS is defined.
  Fixed offsets in contrib/intel/intel_sse.patch

Version 1.6.26beta05 [October 6, 2016]
  Changed integer constant 4294967294 to unsigned 4294967294U in pngconf.h
    to avoid a signed/unsigned compare in the preprocessor.

Version 1.6.26beta06 [October 7, 2016]
  Use zlib-1.2.8.1 inflateValidate() instead of inflateReset2() to
    optionally avoid ADLER32 evaluation.

Version 1.6.26rc01 [October 12, 2016]
  No changes.

Version 1.6.26 [October 20, 2016]
  Cosmetic change, "ptr != 0" to "ptr != NULL" in png.c and pngrutil.c
  Despammed email addresses (replaced "@" with " at ").
2016-10-20 11:36:36 +00:00
wiz
9217b5bcea Updated png to 1.6.25.
Changes since the last public release (1.6.24):
  Reject oversized iCCP profile immediately.
  Cleaned up PNG_DEBUG compile of pngtest.c.
  Conditionally compile png_inflate().
  Don't install pngcp; it conflicts with pngcp in the pngtools package.
  Minor editing of INSTALL, (whitespace, added copyright line)
  Added MIPS support (Mandar Sahastrabuddhe <Mandar.Sahastrabuddhe@imgtec.com>).
  Rebased contrib/intel/intel_sse.patch after the MIPS implementation.
2016-09-01 04:14:23 +00:00
wiz
2740df4603 Updated png to 1.6.24.
Version 1.6.24beta01 [June 11, 2016]
  Avoid potential overflow of the PNG_IMAGE_SIZE macro.  This macro
    is not used within libpng, but is used in some of the examples.

Version 1.6.24beta02 [June 23, 2016]
  Correct filter heuristic overflow handling. This was broken when the
    write filter code was moved out-of-line; if there is a single filter and
    the heuristic sum overflows the calculation of the filtered line is not
    completed.  In versions prior to 1.6 the code was duplicated in-line
    and the check not performed, so the filter operation completed; however,
    in the multi-filter case where the sum is performed the 'none' filter would
    be selected if all the sums overflowed, even if it wasn't in the filter
    list.  The fix to the first problem is simply to provide PNG_SIZE_MAX as
    the current lmins sum value; this means the sum can never exceed it and
    overflows silently.  A reasonable compiler that does choose to inline
    the code will simply eliminate the sum check.
  The fix to the second problem is to use high precision arithmetic (this is
    implemented in 1.7), however a simple safe fix here is to chose the lowest
    numbered filter in the list from png_set_filter (this only works if the
    first problem is also fixed) (John Bowler).
  Use a more efficient absolute value calculation on SSE2 (Matthieu Darbois).
  Fixed the case where PNG_IMAGE_BUFFER_SIZE can overflow in the application
    as a result of the application using an increased 'row_stride'; previously
    png_image_finish_read only checked for overflow on the base calculation of
    components.  (I.e. it checked for overflow of a 32-bit number on the total
    number of pixel components in the output format, not the possibly padded row
    length and not the number of bytes, which for linear formats is twice the
    number of components.)
  MSVC does not like '-(unsigned)', so replaced it with 0U-(unsigned)
  MSVC does not like (uInt) = -(unsigned) (i.e. as an initializer), unless
    the conversion is explicitly invoked by a cast.
  Put the SKIP definition in the correct place. It needs to come after the
    png.h include (see all the other .c files in contrib/libtests) because it
    depends on PNG_LIBPNG_VER.
  Removed the three compile warning options from the individual project
    files into the zlib.props globals.  It increases the warning level from 4
    to All and adds a list of the warnings that need to be turned off.  This is
    semi-documentary; the intent is to tell libpng users which warnings have
    been examined and judged non-fixable at present.  The warning about
    structure padding is fixable, but it would be a signficant change (moving
    structure members around).

Version 1.6.24beta03 [July 4, 2016]
  Optimized absolute value calculation in filter selection, similar to
    code in the PAETH decoder in pngrutil.c. Build with PNG_USE_ABS to
    use this.
  Added pngcp to the build together with a pngcp.dfa configuration test.
  Added high resolution timing to pngcp.
  Added "Common linking failures" section to INSTALL.
  Relocated misplaced #endif in png.c sRGB profile checking.
  Fixed two Coverity issues in pngcp.c.

Version 1.6.24beta04 [July 8, 2016]
  Avoid filter-selection heuristic sum calculations in cases where only one
    filter is a candidate for selection. This trades off code size (added
    private png_setup_*_row_only() functions) for speed.

Version 1.6.24beta05 [July 13, 2016]
  Fixed some indentation to comply with our coding style.
  Added contrib/tools/reindent.

Version 1.6.24beta06 [July 18, 2016]
  Fixed more indentation to comply with our coding style.
  Eliminated unnecessary tests of boolean png_isaligned() vs 0.

Version 1.6.24rc01 [July 25, 2016]
  No changes.

Version 1.6.24rc02 [August 1, 2016]
  Conditionally compile SSE2 headers in contrib/intel/intel_sse.patch
  Conditionally compile png_decompress_chunk().

Version 1.6.24rc03 [August 2, 2016]
  Conditionally compile ARM_NEON headers in pngpriv.h
  Updated contrib/intel/intel_sse.patch

Version 1.6.24[August 4, 2016]
  No changes.
2016-08-04 06:05:08 +00:00
wiz
8bb76004f4 Updated png to 1.6.23.
Version 1.6.23beta01 [May 29, 2016]
  Stop a potential memory leak in png_set_tRNS() (Bug report by Ted Ying).
  Fixed the progressive reader to handle empty first IDAT chunk properly
    (patch by Timothy Nikkel).  This bug was introduced in libpng-1.6.0 and
    only affected the libpng16 branch.
  Added tests in pngvalid.c to check zero-length IDAT chunks in various
    positions.  Fixed the sequential reader to handle these more robustly
    (John Bowler).

Version 1.6.23rc01 [June 2, 2016]
  Corrected progressive read input buffer in pngvalid.c. The previous version
    the code invariably passed just one byte at a time to libpng.  The intent
    was to pass a random number of bytes in the range 0..511.
  Moved sse2 prototype from pngpriv.h to contrib/intel/intel_sse.patch.
  Added missing ")" in pngerror.c (Matt Sarrett).

Version 1.6.23rc02 [June 4, 2016]
  Fixed undefined behavior in png_push_save_buffer(). Do not call
    memcpy() with a null source, even if count is zero (Leon Scroggins III).

Version 1.6.23 [June 9, 2016]
  Fixed bad link to RFC2083 in png.5 (Nikola Forro).
2016-06-10 15:23:47 +00:00
wiz
fdf294f8a4 Updated png to 1.6.22.
Version 1.6.22beta01 [January 23, 2016]
  Changed PNG_USE_MKSTEMP to __COVERITY__ to select alternate
    "tmpfile()" implementation in contrib/libtests/pngstest.c
  Fixed NO_STDIO build of pngunknown.c to skip calling png_init_io()
    if there is no stdio.h support.
  Added a png_image_write_to_memory() API and a number of assist macros
    to allow an application that uses the simplified API write to bypass
    stdio and write directly to memory.
  Added some warnings (png.h) and some check code to detect *possible*
    overflow in the ROW_STRIDE and simplified image SIZE macros.  This
    disallows image width/height/format that *might* overflow.  This is
    a quiet API change that limits in-memory image size (uncompressed) to
    less than 4GByte and image row size (stride) to less than 2GByte.
  Revised workaround for false-positive Coverity issue in pngvalid.c.

Version 1.6.22beta02 [February 8, 2016]
  Only use exit(77) in configure builds.
  Corrected error in PNG_IMAGE_PNG_SIZE_MAX. This new macro underreported
    the palette size because it failed to take into account that the memory
    palette has to be expanded to full RGB when it is written to PNG.
  Updated CMakeLists.txt, added supporting scripts/gen*.cmake.in
    and test.cmake.in (Roger Leigh).
  Relaxed limit checks on gamma values in pngrtran.c. As suggested in
    the comments gamma values outside the range currently permitted
    by png_set_alpha_mode are useful for HDR data encoding.  These values
    are already permitted by png_set_gamma so it is reasonable caution to
    extend the png_set_alpha_mode range as HDR imaging systems are starting
    to emerge.

Version 1.6.22beta03 [March 9, 2016]
  Added a common-law trademark notice and export control information
    to the LICENSE file, png.h, and the man page.
  Restored "& 0xff" in png_save_uint_16() and png_save_uint_32() that
    were accidentally removed from libpng-1.6.17.
  Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0xnnnn to 0xnnnnU in png.h
    (Robert C. Seacord).
  Removed dubious "#if INT_MAX" test from png.h that was added to
    libpng-1.6.19beta02 (John Bowler).
  Add ${INCLUDES} in scripts/genout.cmake.in (Bug report by Nixon Kwok).
  Updated LICENSE to say files in the contrib directory are not
    necessarily under the libpng license, and that some makefiles have
    other copyright owners.
  Added INTEL-SSE2 support (Mike Klein and Matt Sarett, Google, Inc.).
  Made contrib/libtests/timepng more robust.  The code no longer gives
    up/fails on invalid PNG data, it just skips it (with error messages).
    The code no longer fails on PNG files with data beyond IEND.  Options
    exist to use png_read_png (reading the whole image, not by row) and, in
    that case, to apply any of the supported transforms.  This makes for
    more realistic testing; the decoded data actually gets used in a
    meaningful fashion (John Bowler).
  Fixed some misleading indentation (Krishnaraj Bhat).

Version 1.6.22beta04 [April 5, 2016]
  Force GCC compilation to C89 if needed (Dagobert Michelsen).
  SSE filter speed improvements for bpp=3:
    memcpy-free implementations of load3() / store3().
    call load3() only when needed at the end of a scanline.

Version 1.6.22beta05 [April 27, 2016]
  Added PNG_FAST_FILTERS macro (defined as
    PNG_FILTER_NONE|PNG_FILTER_SUB|PNG_FILTER_UP).
  Various fixes for contrib/libtests/timepng.c
  Moved INTEL-SSE code from pngpriv.h into contrib/intel/intel_sse.patch.
  Fixed typo (missing underscore) in #define PNG_READ_16_TO_8_SUPPORTED
    (Bug report by Y.Ohashik).

Version 1.6.22beta06 [May 5, 2016]
  Rebased contrib/intel_sse.patch.
  Quieted two Coverity issues in contrib/libtests/timepng.c.
  Fixed issues with scripts/genout.cmake.in (David Capello, Nixon Kwok):
    Added support to use multiple directories in ZLIBINCDIR variable,
    Fixed CMAKE_C_FLAGS with multiple values when genout is compiled on MSVC,
    Fixed pnglibconf.c compilation on OS X including the sysroot path.

Version 1.6.22rc01 [May 14, 2016]
  No changes.

Version 1.6.22rc02 [May 16, 2016]
  Removed contrib/timepng from default build; it does not build on platforms
    that don't supply clock_gettime().

Version 1.6.22rc03 [May 17, 2016]
  Restored contrib/timepng to default build but check for the presence
    of clock_gettime() in configure.ac and Makefile.am.

Version 1.6.22 [May 26, 2016]
  No changes.
2016-05-26 13:32:00 +00:00
wiz
f3813c0f54 Update png to 1.6.21:
Version 1.6.21beta01 [December 11, 2015]
  Fixed syntax "$(command)" in tests/pngstest that some shells other than
    bash could not parse (Bug report by Nelson Beebe). Use `command` instead.

Version 1.6.21beta02 [December 14, 2015]
  Moved png_check_keyword() from pngwutil.c to pngset.c
  Removed LE/BE dependencies in pngvalid, to 'fix' the current problem
    in the BigEndian tests by not testing it, making the BE code the same
    as the LE version.
  Fixes to pngvalid for various reduced build configurations (eliminate unused
    statics) and a fix for the case in rgb_to_gray when the digitize option
    reduces graylo to 0, producing a large error.

Version 1.6.21beta03 [December 18, 2015]
  Widened the 'limit' check on the internally calculated error limits in
    the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error
    checks) and changed the check to only operate in non-release builds
    (base build type not RC or RELEASE.)
  Fixed undefined behavior in pngvalid.c, undefined because
    (png_byte) << shift is undefined if it changes the signed bit
    (because png_byte is promoted to int). The libpng exported functions
    png_get_uint_32 and png_get_uint_16 handle this. (Bug reported by
    David Drysdale as a result of reports from UBSAN in clang 3.8).
  This changes pngvalid to use BE random numbers; this used to produce
    errors but these should not be fixed as a result of the previous changes.

Version 1.6.21rc01 [January 4, 2016]
  In projects/vstudio, combined readme.txt and WARNING into README.txt

Version 1.6.21rc02 [January 7, 2016]
  Relocated assert() in contrib/tools/pngfix.c, bug found by American
    Fuzzy Lop, reported by Brian Carpenter.
  Marked 'limit' UNUSED in transform_range_check().  This only affects
    release builds.

Version 1.6.21 [January 15, 2016]
  Worked around a false-positive Coverity issue in pngvalid.c.
2016-01-16 00:05:15 +00:00
wiz
8d173e1daa Update to 1.6.20:
Version 1.6.20beta01 [November 20, 2015]
  Avoid potential pointer overflow/underflow in png_handle_sPLT() and
    png_handle_pCAL() (Bug report by John Regehr).

Version 1.6.20beta02 [November 23, 2015]
  Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
    not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
    vulnerability.

Version 1.6.20beta03 [November 24, 2015]
  Backported tests from libpng-1.7.0beta69.

Version 1.6.20rc01 [November 26, 2015]
  Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
    American Fuzzy Lop, reported by Brian Carpenter.  inflate() doesn't
    immediately fault a bad CMINFO field; instead a 'too far back' error
    happens later (at least some times).  pngfix failed to limit CMINFO to
    the allowed values but then assumed that window_bits was in range,
    triggering an assert. The bug is mostly harmless; the PNG file cannot
    be fixed.

Version 1.6.20rc02 [November 29, 2015]
  In libpng 1.6 zlib initialization was changed to use the window size
    in the zlib stream, not a fixed value. This causes some invalid images,
    where CINFO is too large, to display 'correctly' if the rest of the
    data is valid.  This provides a workaround for zlib versions where the
    error arises (ones that support the API change to use the window size
    in the stream).

Version 1.6.20 [December 3, 2015]
  No changes.
2015-12-03 15:17:02 +00:00
wiz
01a3d7cec2 Update png to 1.6.19:
Libpng 1.6.19 - November 12, 2015
Changes since the last public release (1.6.18):
  Updated obsolete information about the simplified API macros in the
    manual pages (Bug report by Arc Riley).
  Avoid potentially dereferencing NULL info_ptr in png_info_init_3().
  Rearranged png.h to put the major sections in the same order as
    in libpng17.
  Eliminated unused PNG_COST_SHIFT, PNG_WEIGHT_SHIFT, PNG_COST_FACTOR, and
    PNG_WEIGHT_FACTOR macros.
  Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler
    (Bug report by Viktor Szakats).  Several warnings remain and are
    unavoidable, where we test for overflow.
  Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
  Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
  Moved config.h.in~ from the "libpng_autotools_files" list to the
    "libpng_autotools_extra" list in autogen.sh because it was causing a
    false positive for missing files (bug report by Robert C. Seacord).
  Removed unreachable "break" statements in png.c, pngread.c, and pngrtran.c
    to suppress clang warnings (Bug report by Viktor Szakats).
  Fixed some bad links in the man page.
  Changed "n bit" to "n-bit" in comments.
  Added signed/unsigned 16-bit safety net. This removes the dubious
    0x8000 flag definitions on 16-bit systems. They aren't supported
    yet the defs *probably* work, however it seems much safer to do this
    and be advised if anyone, contrary to advice, is building libpng 1.6
    on a 16-bit system. It also adds back various switch default clauses
    for GCC; GCC errors out if they are not present (with an appropriately
    high level of warnings).
  Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert
    Seacord).
  Fixed the recently reported 1's complement security issue by replacing
    the value that is illegal in the PNG spec, in both signed and unsigned
    values, with 0. Illegal unsigned values (anything greater than or equal
    to  0x80000000) can still pass through, but since these are not illegal
    in ANSI-C (unlike 0x80000000 in the signed case) the checking that
    occurs later can catch them (John Bowler).
  Fixed png_save_int_32 when int is not 2's complement (John Bowler).
  Updated libpng16 with all the recent test changes from libpng17,
    including changes to pngvalid.c to ensure that the original,
    distributed, version of contrib/visupng/cexcept.h can be used
    (John Bowler).
  pngvalid contains the correction to the use of SAVE/STORE_
    UNKNOWN_CHUNKS; a bug revealed by changes in libpng 1.7. More
    tests contain the --strict option to detect warnings and the
    pngvalid-standard test has been corrected so that it does not
    turn on progressive-read. There is a separate test which does
    that. (John Bowler)
  Also made some signed/unsigned fixes.
  Make pngstest error limits version specific. Splitting the machine
    generated error structs out to a file allows the values to be updated
    without changing pngstest.c itself. Since libpng 1.6 and 1.7 have
    slightly different error limits this simplifies maintenance. The
    makepngs.sh script has also been updated to more accurately reflect
    current problems in libpng 1.7 (John Bowler).
  Incorporated new test PNG files into make check.  tests/pngstest-*
    are changed so that the new test files are divided into 8 groups by
    gamma and alpha channel.  These tests have considerably better code
    and pixel-value coverage than contrib/pngsuite; however,coverage is
    still incomplete (John Bowler).
  Removed the '--strict' in 1.6 because of the double-gamma-correction
    warning, updated pngstest-errors.h for the errors detected with the
    new contrib/testspngs PNG test files (John Bowler).
  Worked around rgb-to-gray issues in libpng 1.6.  The previous
    attempts to ignore the errors in the code aren't quite enough to
    deal with the 'channel selection' encoding added to libpng 1.7; abort.
  Fixed 'pow' macros in pngvalid.c. It is legal for 'pow' to be a
    macro, therefore the argument list cannot contain preprocessing
    directives.  Make sure pow is a function where this happens. This is
    a minimal safe fix, the issue only arises in non-performance-critical
    code (bug report by Curtis Leach, fix by John Bowler).
  Added sPLT support to pngtest.c
  Prevent setting or writing over-length PLTE chunk (Cosmin Truta).
  Silently truncate over-length PLTE chunk while reading.
  Libpng incorrectly calculated the output rowbytes when the application
    decreased either the number of channels or the bit depth (or both) in
    a user transform.  This was safe; libpng overallocated buffer space
   (potentially by quite a lot; up to 4 times the amount required) but,
   from 1.5.4 on, resulted in a png_error (John Bowler).
  Fixed some inconsequential cut-and-paste typos in
png_set_cHRM_XYZ_fixed().
  Clarified COPYRIGHT information to state explicitly that versions
    are derived from previous versions.
  Removed much of the long list of previous versions from png.h and
    libpng.3.
2015-11-12 16:12:19 +00:00
agc
7f810a359f Add SHA512 digests for distfiles for graphics category
Problems found with existing digests:
	Package fotoxx distfile fotoxx-14.03.1.tar.gz
	ac2033f87de2c23941261f7c50160cddf872c110 [recorded]
	118e98a8cc0414676b3c4d37b8df407c28a1407c [calculated]
	Package ploticus-examples distfile ploticus-2.00/plnode200.tar.gz
	34274a03d0c41fae5690633663e3d4114b9d7a6d [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package AfterShotPro: missing distfile AfterShotPro-1.1.0.30/AfterShotPro_i386.deb
	Package pgraf: missing distfile pgraf-20010131.tar.gz
	Package qvplay: missing distfile qvplay-0.95.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-03 21:33:50 +00:00
wiz
f9cc6a5950 Update to 1.6.18:
Version 1.6.18beta01 [April 1, 2015]
  Removed PNG_SET_CHUNK_[CACHE|MALLOC]_LIMIT_SUPPORTED macros.  They
    have been combined with PNG_SET_USER_LIMITS_SUPPORTED (resolves
    bug report by Andrew Church).
  Fixed rgb_to_gray checks and added tRNS checks to pngvalid.c.  This
    fixes some arithmetic errors that caused some tests to fail on
    some 32-bit platforms (Bug reports by Peter Breitenlohner [i686]
    and Petr Gajdos [i586]).

Version 1.6.18beta02 [April 26, 2015]
  Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler
    (Bug report by Viktor Szaka'ts).

Version 1.6.18beta03 [May 6, 2015]
  Replaced "unexpected" with an integer (0xabadca11) in pngset.c
    where a long was expected, to avoid a compiler warning when PNG_DEBUG > 1.
  Added contrib/examples/simpleover.c, to demonstrate how to handle
    alpha compositing of multiple images, using the "simplified API"
    and an example PNG generation tool, contrib/examples/genpng.c
    (John Bowler).

Version 1.6.18beta04 [May 20, 2015]
  PNG_RELEASE_BUILD replaces tests where the code depended on the build base
    type and can be defined on the command line, allowing testing in beta
    builds (John Bowler).
  Avoid Coverity issue 80858 (REVERSE NULL) in pngtest.c PNG_DEBUG builds.
  Avoid a harmless potential integer overflow in png_XYZ_from_xy() (Bug
    report from Christopher Ferris).

Version 1.6.18beta05 [May 31, 2015]
  Backport filter selection code from libpng-1.7.0beta51, to combine
    sub_row, up_row, avg_row, and paeth_row into try_row and tst_row.
  Changed png_voidcast(), etc., to voidcast(), etc., in contrib/tools/pngfix.c
    to avoid confusion with the libpng private macros.
  Fixed old cut&paste bug in the weighted filter selection code in
    pngwutil.c, introduced in libpng-0.95, March 1997.

Version 1.6.18beta06 [June 1, 2015]
  Removed WRITE_WEIGHTED_FILTERED code, to save a few kbytes of the
    compiled library size. It never worked properly and as far as we can
    tell, no one uses it. The png_set_filter_heuristics() and
    png_set_filter_heuristics_fixed() APIs are retained but deprecated
    and do nothing.

Version 1.6.18beta07 [June 6, 2015]
  Removed non-working progressive reader 'skip' function. This
    function has apparently never been used. It was implemented
    to support back-door modification of png_struct in libpng-1.4.x
    but (because it does nothing and cannot do anything) was apparently
    never tested (John Bowler).
  Fixed cexcept.h in which GCC 5 now reports that one of the auto
    variables in the Try macro needs to be volatile to prevent value
    being lost over the setjmp (John Bowler).
  Fixed NO_WRITE_FILTER and -Wconversion build breaks (John Bowler).
  Fix g++ build breaks (John Bowler).
  Quieted some Coverity issues in pngfix.c, png-fix-itxt.c, pngvalid.c,
    pngstest.c, and pngimage.c. Most seem harmless, but png-fix-itxt
    would only work with iTXt chunks with length 255 or less.
  Added #ifdef's to contrib/examples programs so people don't try
    to compile them without the minimum required support enabled
    (suggested by Flavio Medeiros).

Version 1.6.18beta08 [June 30, 2015]
  Eliminated the final two Coverity defects (insecure temporary file
    handling in contrib/libtests/pngstest.c; possible overflow of
    unsigned char in contrib/tools/png-fix-itxt.c). To use the "secure"
    file handling, define PNG_USE_MKSTEMP, otherwise "tmpfile()" will
    be used.
  Removed some unused WEIGHTED_FILTER macros from png.h and pngstruct.h

Version 1.6.18beta09 [July 5, 2015]
  Removed some useless typecasts from contrib/tools/png-fix-itxt.c
  Fixed a new signed-unsigned comparison in pngrtran.c (Max Stepin).
  Replaced arbitrary use of 'extern' with #define PNG_LINKAGE_*.  To
    preserve API compatibility, the new defines all default to "extern"
    (requested by Jan Nijtmans).

Version 1.6.18rc01 [July 9, 2015]
  Belatedly added Mans Rullgard and James Yu to the list of Contributing
    Authors.

Version 1.6.18rc02 [July 12, 2015]
  Restored unused FILTER_HEURISTIC macros removed at libpng-1.6.18beta08
    to png.h to avoid compatibility warnings.

Version 1.6.18rc03 [July 15, 2015]
  Minor changes to the man page

Version 1.6.18 [July 23, 2015]
  No changes.
2015-07-26 22:46:53 +00:00
wiz
34384d09e9 Update to 1.6.17:
Version 1.6.17beta01 [January 29, 2015]
  Removed duplicate PNG_SAFE_LIMITS_SUPPORTED handling from pngconf.h
  Corrected the width limit calculation in png_check_IHDR().
  Removed user limits from pngfix. Also pass NULL pointers to
    png_read_row to skip the unnecessary row de-interlace stuff.
  Added testing of png_set_packing() to pngvalid.c
  Regenerated configure scripts in the *.tar distributions with libtool-2.4.4
  Implement previously untested cases of libpng transforms in pngvalid.c
  Fixed byte order in 2-byte filler, in png_do_read_filler().
  Made the check for out-of-range values in png_set_tRNS() detect
    values that are exactly 2^bit_depth, and work on 16-bit platforms.
  Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47.
  Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and
    pngset.c to avoid warnings about dead code.
  Added "& 0xff" to many instances of expressions that are typecast
    to (png_byte), to avoid Coverity gripes.

Version 1.6.17beta02 [February 7, 2015]
  Work around one more Coverity-scan dead-code warning.
  Do not build png_product2() when it is unused.

Version 1.6.17beta03 [February 17, 2015]
  Display user limits in the output from pngtest.
  Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column
    and 1-million-row default limits in pnglibconf.dfa, that can be reset
    by the user at build time or run time.  This provides a more robust
    defense against DOS and as-yet undiscovered overflows.

Version 1.6.17beta04 [February 21, 2015]
  Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default.
  Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins).
  Rebuilt configure scripts with automake-1.15 and libtool-2.4.6

Version 1.6.17beta05 [February 25, 2015]
  Restored compiling of png_reciprocal2 with PNG_NO_16BIT.

Version 1.6.17beta06 [February 27, 2015]
  Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block
    of png.h.
  Avoid runtime checks when converting integer to png_byte with
    Visual Studio (Sergey Kosarevsky)

Version 1.6.17rc01 [March 4, 2015]
  No changes.

Version 1.6.17rc02 [March 9, 2015]
  Removed some comments that the configure script did not handle
    properly from scripts/pnglibconf.dfa and pnglibconf.h.prebuilt.
  Free the unknown_chunks structure even when it contains no data.

Version 1.6.17rc03 [March 12, 2015]
  Updated CMakeLists.txt to add OSX framework, change YES/NO to ON/OFF
    for consistency, and remove some useless tests (Alexey Petruchik).

Version 1.6.17rc04 [March 16, 2015]
  Remove pnglibconf.h, pnglibconf.c, and pnglibconf.out instead of
    pnglibconf.* in "make clean" (Cosmin).
  Fix bug in calculation of maxbits, in png_write_sBIT, introduced
    in libpng-1.6.17beta01 (John Bowler).

Version 1.6.17rc05 [March 21, 2015]
  Define PNG_FILTER_* and PNG_FILTER_VALUE_* in png.h even when WRITE
    is not supported (John Bowler).  This fixes an error introduced in
    libpng-1.6.17beta06.
  Reverted "& 0xff" additions of version 1.6.17beta01. Libpng passes
    the Coverity scan without them.

Version 1.6.17rc06 [March 23, 2015]
  Remove pnglibconf.dfn and pnglibconf.pre with "make clean".
  Reformatted some "&0xff" instances to "& 0xff".
  Fixed simplified 8-bit-linear to sRGB alpha. The calculated alpha
    value was wrong.  It's not clear if this affected the final stored
    value; in the obvious code path the upper and lower 8-bits of the
    alpha value were identical and the alpha was truncated to 8-bits
    rather than dividing by 257 (John Bowler).

Version 1.6.17 [March 26, 2015]
  No changes.
2015-04-02 22:35:54 +00:00
wiz
9b93375b2e Update to 1.6.16; a CVE was requested for a heap overflow.
Changes since the last public release (1.6.15):
  Added ".align 2" to arm/filter_neon.S to support old GAS assemblers that
    don't do alignment correctly.
  Revised Makefile.am and scripts/*.dfn to work with MinGW/MSYS;
    renamed scripts/*.dfn to scripts/*.c (Bob Friesenhahn and John Bowler).
  Quiet a "comparison always true" warning in pngstest.c (John Bowler).
  Restored a test on width that was removed from png.c at libpng-1.6.9
    (Bug report by Alex Eubanks).
  Fixed an overflow in png_combine_row with very wide interlaced images.
2014-12-23 07:54:21 +00:00
wiz
093f109e54 Update to 1.6.15:
Version 1.6.15beta01 [October 29, 2014]
  Changed "if (!x)" to "if (x == 0)" and "if (x)" to "if (x != 0)"
  Simplified png_free_data().
  Added missing "ptr = NULL" after some instances of png_free().

Version 1.6.15beta02 [November 1, 2014]
  Changed remaining "if (!x)" to "if (x == 0)" and "if (x)" to "if (x != 0)"

Version 1.6.15beta03 [November 3, 2014]
  Added PNG_USE_ARM_NEON configuration flag (Marcin Juszkiewicz).

Version 1.6.15beta04 [November 4, 2014]
  Removed new PNG_USE_ARM_NEON configuration flag and made a one-line
    revision to configure.ac to support ARM on aarch64 instead (John Bowler).

Version 1.6.15beta05 [November 5, 2014]
  Use png_get_libpng_ver(NULL) instead of PNG_LIBPNG_VER_STRING in
    example.c, pngtest.c, and applications in the contrib directory.
  Avoid out-of-bounds memory access in png_user_version_check().
  Simplified and future-proofed png_user_version_check().
  Fixed GCC unsigned int->float warnings. Various versions of GCC
    seem to generate warnings when an unsigned value is implicitly
    converted to double. This is probably a GCC bug but this change
    avoids the issue by explicitly converting to (int) where safe.
  Free all allocated memory in pngimage. The file buffer cache was left
    allocated at the end of the program, harmless but it causes memory
    leak reports from clang.
  Fixed array size calculations to avoid warnings. At various points
    in the code the number of elements in an array is calculated using
    sizeof.  This generates a compile time constant of type (size_t) which
    is then typically assigned to an (unsigned int) or (int). Some versions
    of GCC on 64-bit systems warn about the apparent narrowing, even though
    the same compiler does apparently generate the correct, in-range,
    numeric constant.  This adds appropriate, safe, casts to make the
    warnings go away.

Version 1.6.15beta06 [November 6, 2014]
  Reverted use png_get_libpng_ver(NULL) instead of PNG_LIBPNG_VER_STRING
    in the manual, example.c, pngtest.c, and applications in the contrib
    directory.  It was incorrect advice.

Version 1.6.15beta07 [November 7, 2014]
  Removed #ifdef PNG_16BIT_SUPPORTED/#endif around png_product2(); it is
    needed by png_reciprocal2().
  Added #ifdef PNG_16BIT_SUPPORTED/#endif around png_log16bit() and
    png_do_swap().
  Changed all "#endif /* PNG_FEATURE_SUPPORTED */" to "#endif /* FEATURE */"

Version 1.6.15beta08 [November 8, 2014]
  More housecleaning in *.h

Version 1.6.15rc01 [November 13, 2014]

Version 1.6.15rc02 [November 14, 2014]
  The macros passed in the command line to Borland make were ignored if
    similarly-named macros were already defined in makefiles. This behavior
    is different from POSIX make and other make programs.  Surround the
    macro definitions with ifndef guards (Cosmin).

Version 1.6.15rc03 [November 16, 2014]
  Added "-D_CRT_SECURE_NO_WARNINGS" to CFLAGS in scripts/makefile.vcwin32.
  Removed the obsolete $ARCH variable from scripts/makefile.darwin.

Version 1.6.15 [November 20, 2014]
  No changes.
2014-11-20 23:49:11 +00:00
wiz
09fee1cf1e Update to 1.6.14:
Version 1.6.14beta01 [September 14, 2014]
  Guard usage of png_ptr->options with #ifdef PNG_SET_OPTION_SUPPORTED.
  Do not build contrib/tools/pngfix.c when PNG_SETJMP_NOT_SUPPORTED,
    to allow "make" to complete without setjmp support (bug report by
    Claudio Fontana)
  Add "#include <setjmp.h>" to contrib/tools/pngfix.c (John Bowler)

Version 1.6.14beta02 [September 18, 2014]
  Use nanosleep() instead of usleep() in contrib/gregbook/rpng2-x.c
    because usleep() is deprecated.
  Define usleep() in contrib/gregbook/rpng2-x.c if not already defined
    in unistd.h and nanosleep() is not available; fixes error introduced
    in libpng-1.6.13.
  Disable floating point exception handling in pngvalid.c when
    PNG_FLOATING_ARITHMETIC is not supported (bug report by "zootus
    at users.sourceforge.net").

Version 1.6.14beta03 [September 19, 2014]
  Define FE_DIVBYZERO, FE_INVALID, and FE_OVERFLOW in pngvalid.c if not
    already defined.  Revert floating point exception handling in pngvalid.c
    to version 1.6.14beta01 behavior.

Version 1.6.14beta04 [September 27, 2014]
  Fixed incorrect handling of the iTXt compression flag in pngrutil.c
    (bug report by Shunsaku Hirata).  Bug was introduced in libpng-1.6.0.

Version 1.6.14beta05 [October 1, 2014]
  Added "option READ_iCCP enables READ_COMPRESSED_TEXT" to pnglibconf.dfa

Version 1.6.14beta06 [October 5, 2014]
  Removed unused "text_len" parameter from private function png_write_zTXt().
  Conditionally compile some code in png_deflate_claim(), when
    PNG_WARNINGS_SUPPORTED and PNG_ERROR_TEXT_SUPPORTED are disabled.
  Replaced repeated code in pngpread.c with PNG_PUSH_SAVE_BUFFER_IF_FULL.
  Added "chunk iTXt enables TEXT" and "chunk zTXt enables TEXT"
    to pnglibconf.dfa.
  Removed "option READ_COMPRESSED_TEXT enables READ_TEXT" from pnglibconf.dfa,
    to make it possible to configure a libpng that supports iCCP but not TEXT.

Version 1.6.14beta07 [October 7, 2014]
  Removed "option WRITE_COMPRESSED_TEXT enables WRITE_TEXT" from pnglibconf.dfa
  Only mark text chunks as written after successfully writing them.

Version 1.6.14rc01 [October 15, 2014]
  Fixed some typos in comments.

Version 1.6.14rc02 [October 17, 2014]
  Changed png_convert_to_rfc_1123() to png_convert_to_rfc_1123_buffer()
    in the manual, to reflect the change made in libpng-1.6.0.
  Updated README file to explain that direct access to the png_struct
    and info_struct members has not been permitted since libpng-1.5.0.

Version 1.6.14 [October 23, 2014]
  No changes.
2014-10-23 07:18:23 +00:00
wiz
79641b40ec Update to 1.6.13:
Version 1.6.13beta01 [July 4, 2014]
  Quieted -Wsign-compare and -Wclobber compiler warnings in
    contrib/pngminus/*.c
  Added "(void) png_ptr;" where needed in contrib/gregbook to quiet
    compiler complaints about unused pointers.
  Split a long output string in contrib/gregbook/rpng2-x.c.
  Added "PNG_SET_OPTION" requirement for sRGB chunk support to pnglibconf.dfa,
    Needed for write-only support (John Bowler).
  Changed "if defined(__ARM_NEON__)" to
    "if (defined(__ARM_NEON__) || defined(__ARM_NEON))" (James Wu).
  Fixed clang no-warning builds: png_digit was defined but never used.

Version 1.6.13beta02 [July 21, 2014]
  Fixed an incorrect separator ("/" should be "\") in scripts/makefile.vcwin32
    (bug report from Wolfgang S. Kechel).  Bug was introduced in libpng-1.6.11.
    Also fixed makefile.bc32, makefile.bor, makefile.msc, makefile.intel, and
    makefile.tc3 similarly.

Version 1.6.13beta03 [August 3, 2014]
  Removed scripts/makefile.elf. It has not worked since libpng-1.5.0beta14
    due to elimination of the PNG_FUNCTION_EXPORT and PNG_DATA_EXPORT
    definitions from pngconf.h.
  Ensure that CMakeLists.txt makes the target "lib" directory before making
    symbolic link into it (SourceForge bug report #226 by Rolf Timmermans).

Version 1.6.13beta04 [August 8, 2014]
  Added opinion that the ECCN (Export Control Classification Number) for
    libpng is EAR99 to the README file.
  Eliminated use of "$<" in makefile explicit rules, when copying
    $PNGLIBCONF_H_PREBUILT.  This does not work on some versions of make;
    bug introduced in libpng version 1.6.11.

Version 1.6.13rc01 [August 14, 2014]
  Made "ccopts" agree with "CFLAGS" in scripts/makefile.hp* and makefile.*sunu

Version 1.6.13 [August 21, 2014]
  No changes.
2014-08-21 12:02:59 +00:00
wiz
e92602209f Update to 1.6.12:
Version 1.6.12rc01 [June 6, 2014]
  Relocated new code from 1.6.11beta06 in png.c to a point after the
    declarations (Max Stepin).

Version 1.6.12rc02 [June 7, 2014]
  Changed file permissions of contrib/tools/intgamma.sh,
    test-driver, and compile from 0644 to 0755 (Cosmin).

Version 1.6.12rc03 [June 8, 2014]
  Ensure "__has_attribute()" macro exists before trying to use it with
    old clang compilers (MacPorts Ticket #43939).

Version 1.6.12 [June 12, 2014]
  No changes.
2014-06-12 08:59:19 +00:00
wiz
2cc4eba4ca Update to 1.6.11:
Version 1.6.11beta01 [March 17, 2014]
  Use "if (value != 0)" instead of "if (value)" consistently.
  Changed ZlibSrcDir from 1.2.5 to 1.2.8 in projects/vstudio.
  Moved configuration information from the manual to the INSTALL file.

Version 1.6.11beta02 [April 6, 2014]
  Removed #if/#else/#endif from inside two pow() calls in pngvalid.c because
    they were handled improperly by Portland Group's PGI-14.1 - PGI-14.3
    when using its "__builtin_pow()" function.
  Silence 'unused parameter' build warnings (Cosmin Truta).
  $(CP) is now used alongside $(RM_F).  Also, use 'copy' instead of 'cp'
    where applicable, and applied other minor makefile changes (Cosmin).
  Don't warn about invalid dimensions exceeding user limits (Cosmin).
  Allow an easy replacement of the default pre-built configuration
    header with a custom header, via the make PNGLIBCONF_H_PREBUILT
    macro (Cosmin).

Version 1.6.11beta03 [April 6, 2014]
  Fixed a typo in pngrutil.c, introduced in libpng-1.5.6, that interferes
    with "blocky" expansion of sub-8-bit interlaced PNG files (Eric Huss).
  Optionally use  __builtin_bswap16() in png_do_swap().

Version 1.6.11beta04 [April 19, 2014]
  Made progressive reading of interlaced images consistent with the
    behavior of the sequential reader and consistent with the manual, by
    moving some code out of the PNG_READ_INTERLACING_SUPPORTED blocks. The
    row_callback now receives the proper pass number and unexpanded rows, when
    png_combine_row() isn't built or used, and png_set_interlace_handling()
    is not called.
  Allow PNG_sRGB_PROFILE_CHECKING = (-1) to mean no sRGB profile checking.

Version 1.6.11beta05 [April 26, 2014]
  Do not reject ICC V2 profiles that lack padding (Kai-Uwe Behrmann).
  Relocated closing bracket of the sRGB profile test loop to avoid getting
    "Not recognizing known sRGB profile that has been edited" warning for
    ICC V2 profiles that lack the MD5 signature in the profile header.

Version 1.6.11beta06 [May 19, 2014]
  Added PNG_SKIP_sRGB_CHECK_PROFILE choice for png_set_option().

Version 1.6.11rc01 [May 27, 2014]
  No changes.

Version 1.6.11rc02 [June 3, 2014]
  Test ZLIB_VERNUM instead of PNG_ZLIB_VERNUM in contrib/tools/pngfix.c

Version 1.6.11 [June 5, 2014]
  No changes.
2014-06-05 16:33:54 +00:00
wiz
8a42dfadcc Update to 1.6.10:
Version 1.6.10rc02 [February 28, 2014]
  Removed unreachable return statement after png_chunk_error()
    in pngrutil.c

Version 1.6.10rc03 [March 4, 2014]
  Un-deprecated png_data_freer().

Version 1.6.10 [March 6, 2014]
2014-03-12 09:17:52 +00:00
wiz
c0a78ac6e2 Update to 1.6.10rc01:
This fixes CERT VU#684412 and CVE-2014-0333.

Version 1.6.10beta01 [February 9, 2014]
  Backported changes from libpng-1.7.0beta30 and beta31:
  Fixed a large number of instances where PNGCBAPI was omitted from
    function definitions.
  Added pngimage test program for png_read_png() and png_write_png()
    with two new test scripts.
  Removed dependence on !PNG_READ_EXPAND_SUPPORTED for calling
    png_set_packing() in png_read_png().
  Fixed combination of ~alpha with shift. On read invert alpha, processing
    occurred after shift processing, which causes the final values to be
    outside the range that should be produced by the shift. Reversing the
    order on read makes the two transforms work together correctly and mirrors
    the order used on write.
  Do not read invalid sBIT chunks. Previously libpng only checked sBIT
    values on write, so a malicious PNG writer could therefore cause
    the read code to return an invalid sBIT chunk, which might lead to
    application errors or crashes.  Such chunks are now skipped (with
    chunk_benign_error).
  Make png_read_png() and png_write_png() prototypes in png.h depend
    upon PNG_READ_SUPPORTED and PNG_WRITE_SUPPORTED.
  Support builds with unsupported PNG_TRANSFORM_* values.  All of the
    PNG_TRANSFORM_* values are always defined in png.h and, because they
    are used for both read and write in some cases, it is not reliable
    to #if out ones that are totally unsupported. This change adds error
    detection in png_read_image() and png_write_image() to do a
    png_app_error() if the app requests something that cannot be done
    and it adds corresponding code to pngimage.c to handle such options
    by not attempting to test them.

Version 1.6.10beta02 [February 23, 2014]
  Moved redefines of png_error(), png_warning(), png_chunk_error(),
    and png_chunk_warning() from pngpriv.h to png.h to make them visible
    to libpng-calling applications.
  Moved OS dependent code from arm/arm_init.c, to allow the included
    implementation of the ARM NEON discovery function to be set at
    build-time and provide sample implementations from the current code in the
    contrib/arm-neon subdirectory. The __linux__ code has also been changed to
    compile and link on Android by using /proc/cpuinfo, and the old linux code
    is in contrib/arm-neon/linux-auxv.c.  The new code avoids POSIX and Linux
    dependencies apart from opening /proc/cpuinfo and is C90 compliant.
  Check for info_ptr == NULL early in png_read_end() so we don't need to
    run all the png_handle_*() and depend on them to return if info_ptr == NULL.
    This improves the performance of png_read_end(png_ptr, NULL) and makes
    it more robust against future programming errors.
  Check for __has_extension before using it in pngconf.h, to
    support older Clang versions (Jeremy Sequoia).
  Treat CRC error handling with png_set_crc_action(), instead of with
    png_set_benign_errors(), which has been the case since libpng-1.6.0beta18.
  Use a user warning handler in contrib/gregbook/readpng2.c instead of default,
    so warnings will be put on stderr even if libpng has CONSOLE_IO disabled.
  Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk
    after recognizing the IDAT chunk, which avoids an infinite loop while
    reading a datastream whose first IDAT chunk is of zero-length.
    This fixes CERT VU#684412 and CVE-2014-0333.
  Don't recognize known sRGB profiles as sRGB if they have been hacked,
    but don't reject them and don't issue a copyright violation warning.

Version 1.6.10beta03 [February 25, 2014]
  Moved some documentation from png.h to libpng.3 and libpng-manual.txt
  Minor editing of contrib/arm-neon/README and contrib/examples/*.c

Version 1.6.10rc01 [February 27, 2014]
  Fixed typos in the manual and in scripts/pnglibconf.dfa (CFLAGS -> CPPFLAGS
    and PNG_USR_CONFIG -> PNG_USER_CONFIG).
2014-02-27 15:07:09 +00:00
wiz
24d26b9f86 Update to 1.6.9, getting rid of the final two patches after discussion
with very helpful upstream.

Changes:

Version 1.6.9beta01 [December 26, 2013]
  Bookkeeping: Moved functions around (no changes). Moved transform
    function definitions before the place where they are called so that
    they can be masde static. Move the intrapixel functions and the
    grayscale palette builder out of the png?tran.c files. The latter
    isn't a transform function and is no longer used internally, and the
    former MNG specific functions are better placed in pngread/pngwrite.c
  Made transform implementation functions static. This makes the internal
    functions called by png_do_{read|write}_transformations static. On an
    x86-64 DLL build (Gentoo Linux) this reduces the size of the text
    segment of the DLL by 1208 bytes, about 0.6%. It also simplifies
    maintenance by removing the declarations from pngpriv.h and allowing
    easier changes to the internal interfaces.
  Rebuilt configure scripts with automake-1.14.1 and autoconf-2.69
    in the tar distributions.

Version 1.6.9beta02 [January 1, 2014]
  Added checks for libpng 1.5 to pngvalid.c.  This supports the use of
    this version of pngvalid in libpng 1.5
  Merged with pngvalid.c from libpng-1.7 changes to create a single
    pngvalid.c
  Removed #error macro from contrib/tools/pngfix.c (Thomas Klausner).
  Merged pngrio.c, pngtrans.c, pngwio.c, and pngerror.c with libpng-1.7.0
  Merged libpng-1.7.0 changes to make no-interlace configurations work
    with test programs.
  Revised pngvalid.c to support libpng 1.5, which does not support the
    PNG_MAXIMUM_INFLATE_WINDOW option, so #define it out when appropriate in
    pngvalid.c
  Allow unversioned links created on install to be disabled in configure.
    In configure builds 'make install' changes/adds links like png.h
    and libpng.a to point to the newly installed, versioned, files (e.g.
    libpng17/png.h and libpng17.a). Three new configure options and some
    rearrangement of Makefile.am allow creation of these links to be disabled.

Version 1.6.9beta03 [January 10, 2014]
  Removed potentially misleading warning from png_check_IHDR().

Version 1.6.9beta04 [January 20, 2014]
  Updated scripts/makefile.* to use CPPFLAGS (Cosmin).
  Added clang attribute support (Cosmin).

Version 1.6.9rc01 [January 28, 2014]
  No changes.

Version 1.6.9rc02 [January 30, 2014]
  Quiet an uninitialized memory warning from VC2013 in png_get_png().

Version 1.6.9 [February 6, 2014]
2014-02-06 18:24:11 +00:00
wiz
a64f837fc0 Update to 1.6.8:
Version 1.6.8beta01 [November 24, 2013]
  Moved prototype for png_handle_unknown() in pngpriv.h outside of
    the #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED/#endif block.
  Added "-Wall" to CFLAGS in contrib/pngminim/*/makefile
  Conditionally compile some unused functions reported by -Wall in
    pngminim.
  Fixed 'minimal' builds. Various obviously useful minimal configurations
    don't build because of missing contrib/libtests test programs and
    overly complex dependencies in scripts/pnglibconf.dfa. This change
    adds contrib/conftest/*.dfa files that can be used in automatic build
    scripts to ensure that these configurations continue to build.
  Enabled WRITE_INVERT and WRITE_PACK in contrib/pngminim/encoder.
  Fixed pngvalid 'fail' function declaration on the Intel C Compiler.
    This reverts to the previous 'static' implementation and works round
    the 'unused static function' warning by using PNG_UNUSED().

Version 1.6.8beta02 [November 30, 2013]
  Removed or marked PNG_UNUSED some harmless "dead assignments" reported
    by clang scan-build.
  Changed tabs to 3 spaces in png_debug macros and changed '"%s"m'
    to '"%s" m' to improve portability among compilers.
  Changed png_free_default() to free() in pngtest.c

Version 1.6.8rc01 [December 12, 2013]
  Tidied up pngfix inits and fixed pngtest no-write builds.

Version 1.6.8rc02 [December 14, 2013]
  Handle zero-length PLTE chunk or NULL palette with png_error()
    instead of png_chunk_report(), which by default issues a warning
    rather than an error, leading to later reading from a NULL pointer
    (png_ptr->palette) in png_do_expand_palette(). This is CVE-2013-6954
    and VU#650142.

Version 1.6.8 [December 19, 2013]
2013-12-31 17:27:48 +00:00
tron
556df919f8 Fix build with SunStudio compiler under Solaris. 2013-12-26 15:59:20 +00:00
wiz
0b4e792c1d Update to 1.6.7:
Version 1.6.7beta01 [September 30, 2013]
  Revised unknown chunk code to correct several bugs in the NO_SAVE_/NO_WRITE
    combination
  Allow HANDLE_AS_UNKNOWN to work when other options are configured off. Also
    fixed the pngminim makefiles to work when $(MAKEFLAGS) contains stuff
    which terminates the make options (as by default in recent versions of
    Gentoo).
  Avoid up-cast warnings in pngvalid.c. On ARM the alignment requirements of
    png_modifier are greater than that of png_store and as a consequence
    compilation of pngvalid.c results in a warning about increased alignment
    requirements because of the bare cast to (png_modifier*). The code is safe,
    because the pointer is known to point to a stack allocated png_modifier,
    but this change avoids the warning.
  Fixed default behavior of ARM_NEON_API. If the ARM NEON API option was
    compiled without the CHECK option it defaulted to on, not off.
  Check user callback behavior in pngunknown.c. Previous versions compiled
    if SAVE_UNKNOWN was not available but did nothing since the callback
    was never implemented.
  Merged pngunknown.c with 1.7 version and back ported 1.7 improvements/fixes

Version 1.6.7beta02 [October 12, 2013]
  Made changes for compatibility with automake 1.14:
    1) Added the 'compile' program to the list of programs that must be cleaned
       in autogen.sh
    2) Added 'subdir-objects' which causes .c files in sub-directories to be
       compiled such that the corresponding .o files are also in the
       sub-directory.  This is because automake 1.14 warns that the
       current behavior of compiling to the top level directory may be removed
       in the future.
    3) Updated dependencies on pnglibconf.h to match the new .o locations and
       added all the files in contrib/libtests and contrib/tools that depend
       on pnglibconf.h
    4) Added 'BUILD_SOURCES = pnglibconf.h'; this is the automake recommended
       way of handling the dependencies of sources that are machine generated;
       unfortunately it only works if the user does 'make all' or 'make check',
       so the dependencies (3) are still required.
  Cleaned up (char*) casts of zlib messages. The latest version of the Intel C
    compiler complains about casting a string literal as (char*), so copied the
    treatment of z_const from the library code into pngfix.c
  Simplified error message code in pngunknown. The simplification has the
    useful side effect of avoiding a bogus warning generated by the latest
    version of the Intel C compiler (it objects to
    condition ? string-literal : string-literal).
  Make autogen.sh work with automake 1.13 as well as 1.14. Do this by always
    removing the 1.14 'compile' script but never checking for it.

Version 1.6.7beta03 [October 19, 2013]
  Added ARMv8 support (James Yu <james.yu at linaro.org>).  Added file
    arm/filter_neon_intrinsics.c; enable with -mfpu=neon.
  Revised pngvalid to generate size images with as many filters as it can
    manage, limited by the number of rows.
  Cleaned up ARM NEON compilation handling. The tests are now in pngpriv.h
    and detect the broken GCC compilers.

Version 1.6.7beta04 [October 26, 2013]
  Allow clang derived from older GCC versions to use ARM intrinsics. This
    causes all clang builds that use -mfpu=neon to use the intrinsics code,
    not the assembler code.  This has only been tested on iOS 7. It may be
    necessary to exclude some earlier clang versions but this seems unlikely.
  Changed NEON implementation selection mechanism. This allows assembler
    or intrinsics to be turned on at compile time during the build by defining
    PNG_ARM_NEON_IMPLEMENTATION to the correct value (2 or 1).  This macro
    is undefined by default and the build type is selected in pngpriv.h.

Version 1.6.7rc01 [November 2, 2013]
  No changes.

Version 1.6.7rc02 [November 7, 2013]
  Fixed #include in filter_neon_intrinsics.c and ctype macros. The ctype char
    checking macros take an unsigned char argument, not a signed char.

Version 1.6.7 [November 14, 2013]
2013-11-14 23:09:45 +00:00
wiz
bcf94f1f6b Update to 1.6.6:
Version 1.6.6 [September 16, 2013]
  Removed two stray lines of code from arm/arm_init.c, again.
2013-09-30 18:17:03 +00:00
wiz
661ca80926 Update to 1.6.5:
libpng-1.6.5 has been released, to remove two stray lines in arm/arm_init.c
that caused libpng to fail to compile when ARM support is enabled.  This
problem was apparently due to a cut-and-paste error of some sort on my part.
2013-09-14 16:45:48 +00:00
wiz
14676caa15 Update to 1.6.4:
Changes since the last public release (1.6.3):
  Added information about png_set_options() to the manual.
  Delay calling png_init_filter_functions() until a row with nonzero filter
    is found.
  Fixed inconsistent conditional compilation of png_chunk_unknown_handling()
    prototype, definition, and usage.  Made it depend on
    PNG_HANDLE_AS_UNKNOWN_SUPPORTED everywhere.
2013-09-12 13:00:53 +00:00
wiz
6162b3ee5e Update to 1.6.3:
Changes since the last public release (1.6.2):

  Revised stack marking in arm/filter_neon.S and configure.ac.
  Ensure that NEON filter stuff is completely disabled when switched 'off'.
    Previously the ARM NEON specific files were still built if the option
    was switched 'off' as opposed to being explicitly disabled.
  Test for 'arm*' not just 'arm' in the host_cpu configure variable.
  Rebuilt the configure scripts.
  Expanded manual paragraph about writing private chunks, particularly
    the need to call png_set_keep_unknown_chunks() when writing them.
  Avoid dereferencing NULL pointer possibly returned from
     png_create_write_struct() (Andrew Church).
  Calculate our own zlib windowBits when decoding rather than trusting the
    CMF bytes in the PNG datastream.
  Added an option to force maximum window size for inflating, which was
    the behavior of libpng15 and earlier.
  Added png-fix-itxt and png-fix-too-far-back to the built programs and
    removed warnings from the source code and timepng that are revealed as
    a result.
  Detect wrong libpng versions linked to png-fix-too-far-back, which currently
    only works with libpng versions that can be made to reliably fail when
    the deflate data contains an out-of-window reference.  This means only
    1.6 and later.
  Fixed gnu issues: g++ needs a static_cast, gcc 4.4.7 has a broken warning
    message which it is easier to work round than ignore.
  Updated contrib/pngminus/pnm2png.c (Paul Stewart):
    Check for EOF
    Ignore "#" delimited comments in input file to pnm2png.c.
    Fixed whitespace handling
    Added a call to png_set_packing()
    Initialize dimension values so if sscanf fails at least we have known
      invalid values.
  Attempt to detect configuration issues with png-fix-too-far-back, which
    requires both the correct libpng and the correct zlib to function
    correctly.
  Check ZLIB_VERNUM for mismatches, enclose #error in quotes
  Added information in the documentation about problems with and fixes for
    the bad CRC and bad iTXt chunk situations.
  Allow contrib/pngminus/pnm2png.c to compile without WRITE_INVERT and
    WRITE_PACK supported (writes error message that it can't read P1 or
  Improved png-fix-too-far-back usage message, added --suffix option.
  Revised contrib/pngminim/*/makefile to generate pnglibconf.h with the
    right zlib header files.
  Separated CPPFLAGS and CFLAGS in contrib/pngminim/*/makefile
  Removed a redundant test in png_set_IHDR().
  Added set(CMAKE_CONFIGURATION_TYPES ...) to CMakeLists.txt (Andrew Hundt)
  Deleted set(CMAKE_BUILD_TYPE) block from CMakeLists.txt
  Enclose the prototypes for the simplified write API in
    #ifdef PNG_STDIO_SUPPORTED/#endif
  Make ARM NEON support work at compile time (not just configure time).
    This moves the test on __ARM_NEON__ into pngconf.h to avoid issues when
    using a compiler that compiles for multiple architectures at one time.
  Removed PNG_FILTER_OPTIMIZATIONS and PNG_ARM_NEON_SUPPORTED from
    pnglibconf.h, allowing more of the decisions to be made internally
    (pngpriv.h) during the compile.  Without this, symbol prefixing is broken
    under certain circumstances on ARM platforms.  Now only the API parts of
    the optimizations ('check' vs 'api') are exposed in the public header files
    except that the new setting PNG_ARM_NEON_OPT documents how libpng makes the
    decision about whether or not to use the optimizations.
  Protect symbol prefixing against CC/CPPFLAGS/CFLAGS useage.
    Previous iOS/Xcode fixes for the ARM NEON optimizations moved the test
    on __ARM_NEON__ from configure time to compile time.  This breaks symbol
    prefixing because the definition of the special png_init_filter_functions
    call was hidden at configure time if the relevant compiler arguments are
    passed in CFLAGS as opposed to CC.  This change attempts to avoid all
    the confusion that would result by declaring the init function even when
    it is not used, so that it will always get prefixed.
  Revised libpng.3 so that "doclifter" can process it.
  Revised example.c to illustrate use of PNG_DEFAULT_sRGB and
PNG_GAMMA_MAC_18
    as parameters for png_set_gamma().  These have been available since
    libpng-1.5.4.
  Renamed contrib/tools/png-fix-too-far-back.c to pngfix.c and revised it
    to check all compressed chunks known to libpng.
  Updated documentation to show default behavior of benign errors correctly.
  Only compile ARM code when PNG_READ_SUPPORTED is defined.
  Fixed undefined behavior in contrib/tools/pngfix.c and added new strip
    option. pngfix relied on undefined behavior and even a simple change from
    gcc to g++ caused it to fail.  The new strip option 'unsafe' has been
    implemented and is the default if --max is given.  Option names have
    been clarified, with --strip=transform now stripping the bKGD chunk,
    which was stripped previously with --strip=unused.
  Added all documented chunk types to pngpriv.h
  Unified pngfix.c source with libpng17.
  Revised manual about changes in iTXt chunk handling made in libpng-1.6.0.
  Added "/* SAFE */" comments in pngrutil.c and pngrtran.c where warnings
    may be erroneously issued by code-checking applications.
2013-07-18 06:26:51 +00:00
wiz
9bc5e5ec4f Update to 1.6.2:
Version 1.6.2rc01 [April 18, 2013]
  Added contrib/tools/fixitxt.c, to repair the erroneous iTXt chunk length
    written by libpng-1.6.0 and 1.6.1.
  Disallow storing sRGB information when the sRGB is not supported.

Version 1.6.2rc02 [April 18, 2013]
  Merge pngtest.c with libpng-1.7.0

Version 1.6.2rc03 [April 22, 2013]
  Trivial spelling cleanup.

Version 1.6.2rc04 and 1.6.2rc05 [omitted]

Version 1.6.2rc06 [April 24, 2013]
  Reverted to version 1.6.2rc03.  Recent changes to arm/neon support
    have been ported to libpng-1.7.0beta09 and will reappear in version
    1.6.3beta01.
2013-04-25 22:01:14 +00:00
prlw1
2ec428dffe Update png to 1.6.2beta01
Version 1.6.2beta01 [April 14, 2013]
  Updated documentation of 1.5.x to 1.6.x changes in iCCP chunk handling.
  Fixed incorrect warning of excess deflate data. End condition - the
    warning would be produced if the end of the deflate stream wasn't read
    in the last row.  The warning is harmless.
  Corrected the test on user transform changes on read. It was in the
    png_set of the transform function, but that doesn't matter unless the
    transform function changes the rowbuf size, and that is only valid if
    transform_info is called.
  Corrected a misplaced closing bracket in contrib/libtests/pngvalid.c
    (Flavio Medeiros).
  Corrected length written to uncompressed iTXt chunks (Samuli Suominen).
2013-04-15 22:33:41 +00:00
kim
cc611c7e14 Updated graphics/png to 1.6.1 [kim 2013-04-01]
Version 1.6.1beta06 [March 4, 2013]
  Better documentation of unknown handling API interactions.
  Corrected Android builds and corrected libpng.vers with symbol
    prefixing This adds an API to set optimization options externally,
    providing an alternative and general solution for the non-portable
    run-time tests used by the ARM Neon code.  It also makes those tests
    compile and link on Android.
  The order of settings vs options in pnglibconf.h is reversed to allow
    settings to depend on options and options can now set (or override) the
    defaults for settings.

Version 1.6.1beta07 [March 7, 2013]
  Corrected simplified API default gamma for color-mapped output, added
    a flag to change default. In 1.6.0 when the simplified API was used
    to produce color-mapped output from an input image with no gamma
    information the gamma assumed for the input could be different from
    that assumed for non-color-mapped output.  In particular 16-bit depth
    input files were assumed to be sRGB encoded, whereas in the 'direct'
    case they were assumed to have linear data.  This was an error.  The
    fix makes the simplified API treat all input files the same way and
    adds a new flag to the png_image::flags member to allow the
    application/user to specify that 16-bit files contain sRGB data
    rather than the default linear.
  Fixed bugs in the pngpixel and makepng test programs.

Version 1.6.1beta08 [March 7, 2013]
  Fixed CMakelists.txt to allow building a single variant of the library
    (Claudio Bley):
  Introduced a PNG_LIB_TARGETS variable that lists all activated library
    targets.  It is an error if this variable ends up empty, ie. you have
    to build at least one library variant.
  Made the *_COPY targets only depend on library targets actually being build.
  Use PNG_LIB_TARGETS to unify a code path.
  Changed the CREATE_SYMLINK macro to expect the full path to a file as the
    first argument. When symlinking the filename component of that path is
    determined and used as the link target.
  Use copy_if_different in the CREATE_SYMLINK macro.

Version 1.6.1beta09 [March 13, 2013]
  Eliminated two warnings from the Intel C compiler. The warnings are
    technically valid, although a reasonable treatment of division would
    show it to be incorrect.

Version 1.6.1rc01 [March 21, 2013]
  No changes.

Version 1.6.1 [March 28, 2013]
  No changes.
2013-04-01 18:26:12 +00:00
wiz
a72187dd20 Update to 1.6.1beta05 for a bugfix needed by wm/awesome (via
ImageMagick).

Version 1.6.1beta01 [February 16, 2013]
  Made symbol prefixing work with the ARM neon optimizations. Also allow
    pngpriv.h to be included for preprocessor definitions only, so it can
    be used in non-C/C++ files. Back ported from libpng 1.7.
  Made sRGB check numbers consistent.
  Ported libpng 1.5 options.awk/dfn file handling to 1.6, fixed one bug.
  Removed cc -E workround, corrected png_get_palette_max API Tested on
    SUN OS cc 5.9, which demonstrates the tokenization problem previously
    avoided by using /lib/cpp.  Since all .dfn output is now protected in
    double quotes unless it is to be macro substituted the fix should
    work everywhere.
  Enabled parallel tests - back ported from libpng-1.7.
  scripts/pnglibconf.dfa formatting improvements back ported from libpng17.
  Fixed a race condition in the creation of the build 'scripts' directory
    while building with a parallel make.
  Use approved/supported Android method to check for NEON, use Linux/POSIX
    1003.1 API to check /proc/self/auxv avoiding buffer allocation and other
    library calls (ported from libpng15).

Version 1.6.1beta02 [February 19, 2013]
  Use parentheses more consistently in "#if defined(MACRO)" tests.
  Folded long lines.
  Reenabled code to allow zero length PLTE chunks for MNG.

Version 1.6.1beta03 [February 22, 2013]
  Fixed ALIGNED_MEMORY support.
  Allow run-time ARM NEON checking to be disabled. A new configure option:
    --enable-arm-neon=always will stop the run-time checks. New checks
    within arm/arm_init.c will cause the code not to be compiled unless
    __ARM_NEON__ is set. This should make it fail safe (if someone asks
    for it on then the build will fail if it can't be done.)
  Updated the INSTALL document.

Version 1.6.1beta04 [February 27, 2013]
  Revised INSTALL to recommend using CPPFLAGS instead of INCLUDES.
  Revised scripts/makefile.freebsd to respect ZLIBLIB and ZLIBINC.
  Revised scripts/dfn.awk to work with the buggy MSYS awk that has trouble
    with CRLF line endings.

Version 1.6.1beta05 [March 2, 2013]
  Avoid a possible memory leak in contrib/gregbook/readpng.c
  Fixed bug introduced in libpng-1.6.0beta28 that causes libpng to handle chunks
    even when they have been tagged PNG_HANDLE_CHUNK_NEVER.
2013-03-02 10:55:25 +00:00
wiz
8f0bb77899 Update to 1.6.0:
This release adds a "simplified API" and removes some features
that have been deprecated since libpng.1.5.x.

Changes to Libpng from version 1.5.x to 1.6.x:

A "simplified API" has been added (see documentation in png.h and a simple
example in contrib/examples/pngtopng.c).  The new publicly visible API
includes the following:

   macros:
     PNG_FORMAT_*
     PNG_IMAGE_*
   structures:
     png_control
     png_image
   read functions
     png_image_begin_read_from_file()
     png_image_begin_read_from_stdio()
     png_image_begin_read_from_memory()
     png_image_finish_read()
     png_image_free()
   write functions
     png_image_write_to_file()
     png_image_write_to_stdio()

Starting with libpng-1.6.0, you can configure libpng to prefix all exported
symbols, using the PNG_PREFIX macro.

We no longer include string.h in png.h.  The include statement has been moved
to pngpriv.h, where it is not accessible by applications.  Applications that
need access to information in string.h must add an '#include "string.h"'
directive.  It does not matter whether this is placed prior to or after
the '"#include png.h"' directive.

The following API are now DEPRECATED:
   png_info_init_3()
   png_convert_to_rfc1123() which has been replaced
     with png_convert_to_rfc1123_buffer()
   png_data_freer()
   png_malloc_default()
   png_free_default()
   png_reset_zstream()

The following has been removed:
   png_get_io_chunk_name(), which has been replaced
     with png_get_io_chunk_type().  The new
     function returns a 32-bit integer instead of
     a string.
   The png_sizeof(), png_strlen(), png_memcpy(), png_memcmp(), and
     png_memset() macros are no longer used in the libpng sources and
     have been removed.  These had already been made invisible to
applications
     (i.e., defined in the private pngpriv.h header file) since
libpng-1.5.0.

The signatures of many exported functions were changed, such that
   png_structp became png_structrp or png_const_structrp
   png_infop became png_inforp or png_const_inforp
where "rp" indicates a "restricted pointer".

Error detection in some chunks has improved; in particular the iCCP chunk
reader now does pretty complete validation of the basic format.  Some bad
profiles that were previously accepted are now rejected, in particular the
very old broken Microsoft/HP sRGB profile.

The library now issues a warning if both background processing and RGB to
gray are used when gamma correction happens. As with previous versions of
the library the results are numerically very incorrect in this case.

There are some minor arithmetic changes in some transforms such as
png_set_background(), that might be detected by certain regression tests.

Unknown chunk handling has been improved internally, without any API change.
This adds more correct option control of the unknown handling, corrects
a pre-existing bug where the per-chunk 'keep' setting is ignored, and makes
it possible to skip IDAT chunks in the sequential reader.
2013-02-16 11:16:06 +00:00
wiz
559d7db9b4 Update to 1.5.14:
Changes since the last public release (1.5.13):
  Added -DZ_SOLO to contrib/pngminim/*/makefile to work with zlib-1.2.7
  Warn about the incorrect runtime library setting for VS2010 debug DLL builds.
  Fixed build when using #define PNG_NO_READ_GAMMA in png_do_compose() in
    pngrtran.c (Domani Hannes).
  Check for png_ptr==NULL earlier in png_zalloc().
  Ignore, with a warning, out-of-range value of num_trans in png_set_tRNS().
  Rearranged building of ARM NEON optimizations. The ARM specific code is
    split out entirely to the arm subdirectory and changes to configure.acand
    Makefile.am to add new stuff are reduced.  Now material code changes,
    although for build test purposes, --enable-arm-neon now builds on non-ARM
    systems.
  Rebuilt Makefile.in, configure, etc., with autoconf-2.69 and automake-1.12.5.
  Fixed cases of unquoted DESTDIR in Makefile.am
  Fixed a minor bug in types to malloc and major bug in handling compressed
    iTXt. Compressed iTXt could not be handled.
  Cleaned up whitespace in the synopsis portion of the manpage "libpng.3"
  Disassembled the version number in scripts/options.awk (necessary for
    building on SunOs).
  Fixed Windows build issues, enabled ARM compilation. Various warnings issued
    by earlier versions of GCC fixed for Cygwin and Min/GW (which both use old
    GCCs.) ARM support is enabled by default in zlib.props (unsupported by
    Microsoft) and ARM compilation is made possible by deleting the check for
    x86. The test programs cannot be run because they are not signed.
  Fixed 'make distcheck' on SUN OS - libpng.so was not being removed
  Replaced AM_CONFIG_HEADER(config.h) with AC_CONFIG_HEADERS([config.h])
    in configure.ac
  De-configured build fixes to make a range of deconfiguration options (such
    as switching off read or write support) work in more cases.  Also upgraded
    pngtest and pngvalid to the libpng 1.6 versions (with some modifications)
    which provide more extensive testing.  Replaced pngtest.png because pngtest
    writes the ancillary chunks in a different order.
  Check validity of "num_unknowns" parameter of png_set_unknown_chunks()
    (Bug report from yuris).
  Check the validity of the "nentries" parameter of png_set_sPLT() and the
  "num_text" parameter of png_set_text_2().
2013-01-24 08:15:50 +00:00
wiz
88edc8d491 Update to 1.5.13:
Version 1.5.13beta01 [August 8, 2012]
  Do not compile PNG_DEPRECATED, PNG_ALLOC and PNG_PRIVATE when __GNUC__ < 3.
  Removed references to png_zalloc() and png_zfree() from the manual.
  Revised PNG_FP_EXPORT and PNG_FIXED_EXPORT macros to avoid generating
    lone semicolons (patch ported from libpng-1.6.0beta11).

Version 1.5.13beta02 [September 10, 2012]
  Corrected handling of the image array and the row_pointers array in example.c
  When png_set_filler is used to strip a filler channel during write, the
    code prior to 1.5 would ignore the case where the output required an
    alpha channel or when the output was a palettized PNG.  In libpng-1.5 the
    ignorance was lost and libpng proceeded to strip the channel resulting
    in a bad (potential memory overwrite) failure later.  This reverts
    the behavior to the pre-1.5 state but issues a warning. libpng-1.6 is
    expected to issue an error on the erroneous png_set_filler call.
  Use png_memset() consistently (pngmem.c contained some bare "memset" calls).

Version 1.5.13rc01 [September 17, 2012]
  No changes.

Version 1.5.13 [September 27, 2012]
  No changes.
2012-10-02 16:58:46 +00:00
wiz
fd1c22c3b7 Update to 1.5.12:
Removed scripts/makefile.cegcc from the *.zip and *.7z distributions; it
    depends on configure, which is not included in those archives.
  Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386.

I don't see CVS-2012-3386 as a vulnerability that applies to pkgsrc,
since to trigger it, you have to run 'make distcheck', and pkgsrc
never does that.
2012-07-11 09:00:41 +00:00
wiz
5610e35d8a Update to 1.5.11:
Version 1.5.11beta01 [April 28, 2012]
  Revised scripts/makefile.darwin: use system zlib; remove quotes around
    architecture list; add missing ppc architecture; add architecture options
    to shared library link; don't try to create a shared lib based on missing
    RELEASE variable.
  Enable png_set_check_for_invalid_index() for both read and write.
  Removed #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED/#endif in pngpriv.h around
    declaration of png_handle_unknown().
  Added -lssp_nonshared in a comment in scripts/makefile.freebsd
    and changed deprecated NOOBJ and NOPROFILE to NO_OBJ and NO_PROFILE.

Version 1.5.11rc01 [May 23, 2012]
  No changes.

Version 1.5.11rc02 [May 29, 2012]
  Fixed some typos in comments.
  Revised CMakeLists.txt to not attempt to make a symlink under mingw.
  Added two images to contrib/pngsuite (1-bit and 2-bit transparent grayscale),
    and renamed three whose names were inconsistent with those in
    pngsuite/README.txt.

Version 1.5.11rc03 [June 4, 2012]
  Do not depend upon a GCC feature macro being available for use in generating
    the linker mapfile symbol prefix.
  Made fixes for new optimization warnings from gcc 4.7.0. The compiler
    performed an optimization which is safe but then warned about it.
    Changing the type of 'palette_number' in pngvalid.c removes the warning.

Version 1.5.11rc04 [June 6, 2012]
  Improved performance of new do_check_palette_indexes() function.

Version 1.5.11rc05 [June 7, 2012]
  Don't check palette indexes if num_palette is 0 (as it can be in MNG files).

Version 1.5.11 [June 14, 2012]
  Include zlib.h in contrib/gregbook and contrib/visupng examples.
2012-06-14 15:40:35 +00:00
wiz
5d8180206d Update to 1.5.10 (security fix):
Version 1.5.10beta01 [February 24, 2012]
  Removed two useless #ifdef directives from pngread.c and one from pngrutil.c
  Always put the CMAKE_LIBRARY in "lib" (removed special WIN32 case).
  Removed empty vstudio/pngstest directory (Clifford Yapp).
  Eliminated redundant png_push_read_tEXt|zTXt|iTXt|unknown code from
    pngpread.c and use the sequential png_handle_tEXt, etc., in pngrutil.c;
    now that png_ptr->buffer is inaccessible to applications, the special
    handling is no longer useful.
  Fixed bug with png_handle_hIST with odd chunk length (Frank Busse).
  Added PNG_SAFE_LIMITS feature to pnglibconf.dfa and code in pngconf.h
    to reset the user limits to safe ones if PNG_SAFE_LIMITS is defined.
    To enable, use "CPPFLAGS=-DPNG_SAFE_LIMITS_SUPPORTED" on the configure
    command or put "#define PNG_SAFE_LIMITS_SUPPORTED" in pnglibconf.h.
  Revised the SAFE_LIMITS feature to be the same as the feature in libpng16.
  Added information about the new limits in the manual.

Version 1.5.10beta02 [February 27, 2012]
  Updated Makefile.in

Version 1.5.10beta03 [March 6, 2012]
  Removed unused "current_text" members of png_struct and the png_free()
    of png_ptr->current_text from pngread.c
  Added palette-index checking. Issue a png_warning() if an invalid index is
    found.

Version 1.5.10beta04 [March 10, 2012]
  Fixed PNG_LIBPNG_BUILD_BASE_TYPE definition.
  Fixed CMF optimization of non-IDAT compressed chunks, which was added at
    libpng-1.5.4.  It sometimes produced too small of a window.

Version 1.5.10beta05 [March 10, 2012]
  Reject all iCCP chunks after the first, even if the first one is invalid.
  Issue a png_benign_error() instead of png_warning() about bad palette index.
  Fixed an off-by-one error in the palette index checking function.
  Revised example.c to put text strings in a temporary character array
    instead of directly assigning string constants to png_textp members.
    This avoids compiler warnings when -Wwrite-strings is enabled.

Version 1.5.10 [March 29, 2012]
  Prevent PNG_EXPAND+PNG_SHIFT doing the shift twice.
  Revised png_set_text_2() to avoid potential memory corruption (fixes
    CVE-2011-3048).
2012-03-29 13:26:33 +00:00
wiz
6a9b8ccbd7 Set some defaults so that CVE-2011-3026 will not repeat,
following suggestions from upstream.
Bump PKGREVISION.
2012-02-20 22:42:29 +00:00
tron
d7961ccc4c Update "libpng" package to version 1.5.9. There are no change since
version 1.5.9rc01 except of the minor detail that you can actually
fetch the distfile.
2012-02-19 09:26:39 +00:00
wiz
be1670669d Update to 1.5.9rc01, which includes the official patch for CVE-2011-3026.
Version 1.5.9beta01 [February 3, 2012]
  Rebuilt configure scripts in the tar distributions.

Version 1.5.9beta02 [February 16, 2012]
  Removed two unused definitions from scripts/pnglibconf.h.prebuilt
  Removed some unused arrays (with #ifdef) from png_read_push_finish_row().
  Removed tests for no-longer-used *_EMPTY_PLTE_SUPPORTED from pngstruct.h

Version 1.5.9rc01 [February 17, 2012]
  Fixed CVE-2011-3026 buffer overrun bug.  Deal more correctly with the test
    on iCCP chunk length. Also removed spurious casts that may hide problems
    on 16-bit systems.
2012-02-18 15:42:57 +00:00
drochner
18665ec075 fix possible buffer overflow due to integer overflow in malloc()
size calculation (2011-3026), patch from Chromium via Redhat/Debian
bump PKGREV
2012-02-18 15:16:59 +00:00
wiz
b3082f9743 Update to 1.5.8:
Version 1.5.8beta01 [January 15, 2011]
  Removed '#include config.h"' from contrib/libtests/pngvalid.c.  It's not
    needed and causes trouble for VPATH building.
  Moved AC_MSG_CHECKING([if libraries can be versioned]) later to the proper
    location in configure.ac (Gilles Espinasse).
  Fix bug in pngerror.c: some long warnings were being improperly truncated
    (bug introduced in libpng-1.5.3beta05).

Version 1.5.8rc01 [January 21, 2012]
  No changes.

Version 1.5.8rc02 [January 25, 2012]
  Fixed Min/GW uninstall to remove libpng.dll.a
  Conditionalize the install rules for MINGW and CYGWIN in CMakeLists.txt
2012-02-01 23:05:19 +00:00
wiz
0b0f51d434 Update png to 1.5.7:
Changes since the last public release (1.5.6):
  Added support for ARM processor (Mans Rullgard)
  Fixed bug in pngvalid on early allocation failure; fixed type cast in
    pngmem.c; pngvalid would attempt to call png_error() if the allocation
    of a png_struct or png_info failed. This would probably have led to a
    crash.  The pngmem.c implementation of png_malloc() included a cast
    to png_size_t which would fail on large allocations on 16-bit systems.
  Fix for the preprocessor of the Intel C compiler. The preprocessor
    splits adjacent @ signs with a space; this changes the concatentation
    token from @-@-@ to PNG_JOIN; that should work with all compiler
    preprocessors.
  Paeth filter speed improvements from work by Siarhei Siamashka. This
    changes the 'Paeth' reconstruction function to improve the GCC code
    generation on x86. The changes are only part of the suggested ones;
    just the changes that definitely improve speed and remain simple.
    The changes also slightly increase the clarity of the code.
  Check compression_type parameter in png_get_iCCP and remove spurious
    casts. The compression_type parameter is always assigned to, so must
    be non-NULL. The cast of the profile length potentially truncated the
    value unnecessarily on a 16-bit int system, so the cast of the (byte)
    compression type to (int) is specified by ANSI-C anyway.
  Fixed FP division by zero in pngvalid.c; the 'test_pixel' code left
    the sBIT fields in the test pixel as 0, which resulted in a floating
    point division by zero which was irrelevant but causes systems where
    FP exceptions cause a crash. Added code to pngvalid to turn on FP
    exceptions if the appropriate glibc support is there to ensure this is
    tested in the future.
  Added versioning to pnglibconf.h comments.
  Installed more accurate linear to sRGB conversion tables. The slightly
    modified tables reduce the number of 16-bit values that
    convert to an off-by-one 8-bit value.  The "makesRGB.c" code that was used
    to generate the tables is now in a contrib/sRGBtables sub-directory.
  Added run-time detection of NEON support.
  Multiple transform bug fixes plus a work-round for double gamma correction.
    libpng does not support more than one transform that requires linear data
    at once - if this is tried typically the results is double gamma
    correction. Since the simplified APIs can need rgb to gray combined with
    a compose operation it is necessary to do one of these outside the main
    libpng transform code. This check-in also contains fixes to various bugs
    in compose and rgb to gray (on palette).
  Fixes for C++ compilation using g++ When libpng source is compiled
    using g++. The compiler imposes C++ rules on the C source; thus it
    is desireable to make the source work with either C or C++ rules
    without throwing away useful error information.  This change adds
    png_voidcast to allow C semantic (void*) cases or the corresponding
    C++ static_cast operation, as appropriate.
  Added --noexecstack to assembler file compilation. GCC does not set
    this on assembler compilation, even though it does on C compilation.
    This creates security issues if assembler code is enabled; the
    work-around is to set it by default in the flags for $(CCAS)
  Removed "zTXt" from warning in generic chunk decompression function.
  Validate time settings passed to pngset() and png_convert_to_rfc1123()
    (Frank Busse).
  Added MINGW support to CMakeLists.txt
  Reject invalid compression flag or method when reading the iTXt chunk.
  Moved pngvalid.c into contrib/libtests
  Rebuilt Makefile.in, configure, etc., with autoconf-2.68
  Replaced an "#if" with "#ifdef" in pngrtran.c
  Revised #if PNG_DO_BC block in png.c (use #ifdef and add #else)
  Revised pngconf.h to use " __declspec(restrict)" only when MSC_VER >= 1400,
    as in libpng-1.5.4.
  Put CRLF line endings in the owatcom project files.
  Updated CMakeLists.txt to account for the relocation of pngvalid.c
  Minor fixes to pngvalid.c for gcc 4.6.2 compatibility to remove warnings
    reported by earlier versions.
2011-12-15 17:16:26 +00:00
wiz
8278595a5a Update to 1.5.6, which integrated part of patch-aa (see beta04).
Version 1.5.6beta01 [September 22, 2011]
  Fixed some 64-bit type conversion warnings in pngrtran.c
  Moved row_info from png_struct to a local variable.
  The various interlace mask arrays have been made into arrays of
    bytes and made PNG_CONST and static (previously some arrays were
    marked PNG_CONST and some weren't).
  Additional checks have been added to the transform code to validate the
    pixel depths after the transforms on both read and write.
  Removed some redundant code from pngwrite.c, in png_destroy_write_struct().
  Changed chunk reading/writing code to use png_uint_32 instead of png_byte[4].
    This removes the need to allocate temporary strings for chunk names on
    the stack in the read/write code.  Unknown chunk handling still uses the
    string form because this is exposed in the API.

Version 1.5.6beta02 [September 26, 2011]
  Added a note in the manual the png_read_update_info() must be called only
    once with a particular info_ptr.
  Fixed a typo in the definition of the new PNG_STRING_FROM_CHUNK(s,c) macro.

Version 1.5.6beta03 [September 28, 2011]
  Revised test-pngtest.sh to report FAIL when pngtest fails.
  Added "--strict" option to pngtest, to report FAIL when the failure is
    only because the resulting valid files are different.
  Revised CMakeLists.txt to work with mingw and removed some material from
    CMakeLists.txt that is no longer useful in libpng-1.5.

Version 1.5.6beta04 [October 5, 2011]
  Fixed typo in Makefile.in and Makefile.am ("-M Wl" should be "-M -Wl")."

Version 1.5.6beta05 [October 12, 2011]
  Speed up png_combine_row() for interlaced images. This reduces the generality
    of the code, allowing it to be optimized for Adam7 interlace.  The masks
    passed to png_combine_row() are now generated internally, avoiding
    some code duplication and localizing the interlace handling somewhat.
  Align png_struct::row_buf - previously it was always unaligned, caused by
    a bug in the code that attempted to align it; the code needs to subtract
    one from the pointer to take account of the filter byte prepended to
    each row.
  Optimized png_combine_row() when rows are aligned. This gains a small
    percentage for 16-bit and 32-bit pixels in the typical case where the
    output row buffers are appropriately aligned. The optimization was not
    previously possible because the png_struct buffer was always misaligned.
  Fixed bug in png_write_chunk_header() debug print, introduced in 1.5.6beta01.

Version 1.5.6beta06 [October 17, 2011]
  Removed two redundant tests for unitialized row.
  Fixed a relatively harmless memory overwrite in compressed text writing
    with a 1 byte zlib buffer.
  Add ability to call png_read_update_info multiple times to pngvalid.c.
  Fixes for multiple calls to png_read_update_info. These fixes attend to
    most of the errors revealed in pngvalid, however doing the gamma work
    twice results in inaccuracies that can't be easily fixed.  There is now
    a warning in the code if this is going to happen.
  Turned on multiple png_read_update_info in pngvalid transform tests.
  Prevent libpng from overwriting unused bits at the end of the image when
    it is not byte aligned, while reading. Prior to libpng-1.5.6 libpng would
    overwrite the partial byte at the end of each row if the row width was not
    an exact multiple of 8 bits and the image is not interlaced.

Version 1.5.6beta07 [October 21, 2011]
  Made png_ptr->prev_row an aligned pointer into png_ptr->big_prev_row
    (Mans Rullgard).

Version 1.5.6rc01 [October 26, 2011]
  Changed misleading "Missing PLTE before cHRM" warning to "Out of place cHRM"

Version 1.5.6rc02 [October 27, 2011]
  Added LSR() macro to defend against buggy compilers that evaluate non-taken
    code branches and complain about out-of-range shifts.

Version 1.5.6rc03 [October 28, 2011]
  Renamed the LSR() macro to PNG_LSR() and added PNG_LSL() macro.
  Fixed compiler warnings with Intel and MSYS compilers. The logical shift
    fix for Microsoft Visual C is required by other compilers, so this
    enables that fix for all compilers when using compile-time constants.
    Under MSYS 'byte' is a name declared in a system header file, so we
    changed the name of a local variable to avoid the warnings that result.
  Added #define PNG_ALIGN_TYPE PNG_ALIGN_NONE to contrib/pngminim/*/pngusr.h

Version 1.5.6 [November 3, 2011]
  No changes.
2011-11-06 23:53:46 +00:00
hans
bcb7d1e0a2 Fix typo to make this build again on SunOS. 2011-10-05 16:23:39 +00:00
wiz
ff6cc22837 Update to 1.5.5 to fix CVE-2011-3328, requested by tron.
Version 1.5.5beta01 [July 13, 2011]
  Fixed some typos and made other minor changes in the manual.
  Updated contrib/pngminus/makefile.std (Samuli Souminen)

Version 1.5.5beta02 [July 14, 2011]
  Revised Makefile.am and Makefile.in to look in the right directory for
    pnglibconf.h.prebuilt

Version 1.5.5beta03 [July 27, 2011]
  Enabled compilation with g++ compiler.  This compiler does not recognize
    the file extension, so it always compiles with C++ rules.  Made minor
    changes to pngrutil.c to cast results where C++ expects it but C does not.
  Minor editing of libpng.3 and libpng-manual.txt.

Version 1.5.5beta04 [July 29, 2011]
  Revised CMakeLists.txt (Clifford Yapp)
  Updated commentary about the png_rgb_to_gray() default coefficients
    in the manual and in pngrtran.c

Version 1.5.5beta05 [August 17, 2011]
  Prevent unexpected API exports from non-libpng DLLs on Windows.  The "_DLL"
    is removed from the test of whether a DLL is being built (this erroneously
    caused the libpng APIs to be marked as DLL exports in static builds under
    Microsoft Visual Studio).  Almost all of the libpng building configuration
    is moved from pngconf.h to pngpriv.h, but PNG_DLL_EXPORT remains in
    pngconf.h, though, so that it is colocated with the import definition (it
    is no longer used anywhere in the installed headers).  The VStudio project
    definitions have been cleaned up: "_USRDLL" has been removed from the
    static library builds (this was incorrect), and PNG_USE_DLL has been added
    to pngvalid to test the functionality (pngtest does not supply it,
    deliberately).  The spurious "_EXPORTS" has been removed from the
    libpng build (all these errors were a result of copy/paste between project
    configurations.)
  Added new types and internal functions for CIE RGB end point handling to
    pngpriv.h (functions yet to be implemented).

Version 1.5.5beta06 [August 26, 2011]
  Ensure the CMAKE_LIBRARY_OUTPUT_DIRECTORY is set in CMakeLists.txt
    (Clifford Yap)
  Fixes to rgb_to_gray and cHRM XYZ APIs (John Bowler):
    The rgb_to_gray code had errors when combined with gamma correction.
    Some pixels were treated as true grey when they weren't and such pixels
    and true grey ones were not gamma corrected (the original value of the
    red component was used instead).  APIs to get and set cHRM using color
    space end points have been added and the rgb_to_gray code that defaults
    based on cHRM, and the divide-by-zero bug in png_handle_cHRM (CERT
    VU#477046, CVE-2011-3328, introduced in 1.5.4) have been corrected.
  A considerable number of tests has been added to pngvalid for the
    rgb_to_gray transform.
  Arithmetic errors in rgb_to_gray whereby the calculated gray value was
    truncated to the bit depth rather than rounded have been fixed except in
    the 8-bit non-gamma-corrected case (where consistency seems more important
    than correctness.)  The code still has considerable inaccuracies in the
    8-bit case because 8-bit linear arithmetic is used.

Version 1.5.5beta07 [September 7, 2011]
  Added "$(ARCH)" option to makefile.darwin
  Added SunOS support to configure.ac and Makefile.am
  Changed png_chunk_benign_error() to png_warning() in png.c, in
    png_XYZ_from_xy_checked().

Version 1.5.5beta08 [September 10, 2011]
  Fixed 64-bit compilation errors (gcc). The errors fixed relate
    to conditions where types that are 32 bits in the GCC 32-bit
    world (uLong and png_size_t) become 64 bits in the 64-bit
    world.  This produces potential truncation errors that the
    compiler correctly flags.
  Relocated new HAVE_SOLARIS_LD definition in configure.ac
  Constant changes for 64-bit compatibility (removal of L suffixes). The
    16-bit cases still use "L" as we don't have a 16-bit test system.

Version 1.5.5rc01 [September 17, 2011]
  Removed "L" suffixes from constants in pngpriv.h

Version 1.5.5 [September 22, 2011]
  No changes.
2011-09-28 05:34:08 +00:00