Commit graph

198 commits

Author SHA1 Message Date
wiz
20b356c6ae png: update to 1.6.37.
This is largely a bugfix-only release. Most importantly, it contains
a fix for a use-after-free vulnerability (CVE-2019-7317) affecting
the simplified libpng API, and a fix for a memory leak affecting the
ARM NEON implementation of the palette-to-RGB(A) expansion.
2019-04-17 07:05:20 +00:00
wiz
74f82d77e8 png: update to 1.6.36.
Version 1.6.36 [December 1, 2018]
  Optimized png_do_expand_palette for ARM processors.
  Improved performance by around 10-22% on a recent ARM Chromebook.
  (Contributed by Richard Townsend, ARM Holdings)
  Fixed manipulation of machine-specific optimization options.
  (Contributed by Vicki Pfau)
  Used memcpy instead of manual pointer arithmetic on Intel SSE2.
  (Contributed by Samuel Williams)
  Fixed build errors with MSVC on ARM64.
  (Contributed by Zhijie Liang)
  Fixed detection of libm in CMakeLists.
  (Contributed by Cameron Cawley)
  Fixed incorrect creation of pkg-config file in CMakeLists.
  (Contributed by Kyle Bentley)
  Fixed the CMake build on Windows MSYS by avoiding symlinks.
  Fixed a build warning on OpenBSD.
  (Contributed by Theo Buehler)
  Fixed various typos in comments.
  (Contributed by "luz.paz")
  Raised the minimum required CMake version from 3.0.2 to 3.1.
  Removed yet more of the vestigial support for pre-ANSI C compilers.
  Removed ancient makefiles for ancient systems that have been broken
  across all previous libpng-1.6.x versions.
  Removed the Y2K compliance statement and the export control
  information.
  Applied various code style and documentation fixes.
2018-12-02 12:43:23 +00:00
adam
6b355f2eed png: updated to 1.6.35
Version 1.6.35:
* Replaced the remaining uses of png_size_t with size_t (Cosmin)
* Fixed the calculation of row_factor in png_check_chunk_length
* Added missing parentheses to a macro definition
2018-08-02 15:01:12 +00:00
wiz
3361586e7c png: update to 1.6.34.
Version 1.6.33beta01 [August 28, 2017]
  Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing
    parenthesis in contrib/pngminus/pnm2png.c (bug report by Christian Hesse).
  Fixed off-by-one error in png_do_check_palette_indexes() (Bug report
    by Mick P., Source Forge Issue #269).

Version 1.6.33beta02 [September 3, 2017]
  Initialize png_handler.row_ptr in contrib/oss-fuzz/libpng_read_fuzzer.cc
    to fix shortlived oss-fuzz issue 3234.
  Compute a larger limit on IDAT because some applications write a deflate
    buffer for each row (Bug report by Andrew Church).
  Use current date (DATE) instead of release-date (RDATE) in last
    changed date of contrib/oss-fuzz files.
  Enabled ARM support in CMakeLists.txt (Bernd Kuhls).

Version 1.6.33beta03 [September 14, 2017]
  Fixed incorrect typecast of some arguments to png_malloc() and
    png_calloc() that were png_uint_32 instead of png_alloc_size_t
    (Bug report by "irwir" in Github libpng issue #175).
  Use pnglibconf.h.prebuilt when building for ANDROID with cmake (Github
    issue 162, by rcdailey).

Version 1.6.33rc01 [September 20, 2017]
  Initialize memory allocated by png_inflate to zero, using memset, to
    stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2()
    due to truncated iTXt or zTXt chunk.
  Initialize memory allocated by png_read_buffer to zero, using memset, to
    stop an oss-fuzz "use of uninitialized value" detection in
    png_icc_check_tag_table() due to truncated iCCP chunk.
  Removed a redundant test (suggested by "irwir" in Github issue #180).

Version 1.6.33rc02 [September 23, 2017]
  Added an interlaced version of each file in contrib/pngsuite.
  Relocate new memset() call in pngrutil.c.
  Removed more redundant tests (suggested by "irwir" in Github issue #180).
  Add support for loading images with associated alpha in the Simplified
    API (Samuel Williams).

Version 1.6.33 [September 28, 2017]
  Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state.
  Initialize png_handler.row_ptr in contrib/oss-fuzz/libpng_read_fuzzer.cc
  Add end_info structure and png_read_end() to the libpng fuzzer.

Version 1.6.34 [September 29, 2017]
  Removed contrib/pngsuite/i*.png; some of these were incorrect and caused
    test failures.
2017-10-02 09:24:30 +00:00
wiz
47496c84e0 Updated png to 1.6.32.
Version 1.6.32beta01 [July 31, 2017]
  Avoid possible NULL dereference in png_handle_eXIf when benign_errors
    are allowed. Avoid leaking the input buffer "eXIf_buf".
  Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif
    to arguments for png_get_eXIf() and png_set_eXIf().
  Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in
    pngwrite.c, and made various other fixes to png_write_eXIf().
  Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and
    png_set_eXIf_1(), respectively, to avoid breaking API compatibility
    with libpng-1.6.31.

Version 1.6.32beta02 [August 1, 2017]
  Updated contrib/libtests/pngunknown.c with eXIf chunk.

Version 1.6.32beta03 [August 2, 2017]
  Initialized btoa[] in pngstest.c
  Stop memory leak when returning from png_handle_eXIf() with an error
    (Bug report from the OSS-fuzz project).

Version 1.6.32beta04 [August 2, 2017]
  Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
  Update libpng.3 and libpng-manual.txt about eXIf functions.

Version 1.6.32beta05 [August 2, 2017]
  Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability.

Version 1.6.32beta06 [August 2, 2017]
  Removed png_get_eXIf_1() and png_set_eXIf_1().

Version 1.6.32beta07 [August 3, 2017]
  Check length of all chunks except IDAT against user limit to fix an
    OSS-fuzz issue.

Version 1.6.32beta08 [August 3, 2017]
  Check length of IDAT against maximum possible IDAT size, accounting
    for height, rowbytes, interlacing and zlib/deflate overhead.
  Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf)
    does not work (the eXIf chunk data can contain zeroes).

Version 1.6.32beta09 [August 3, 2017]
  Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation,
    no longer using deprecated cmake LOCATION feature (Clifford Yapp).
  Fixed five-byte error in the calculation of IDAT maximum possible size.

Version 1.6.32beta10 [August 5, 2017]
  Moved chunk-length check into a png_check_chunk_length() private
    function (Suggested by Max Stepin).
  Moved bad pngs from tests to contrib/libtests/crashers
  Moved testing of bad pngs into a separate tests/pngtest-badpngs script
  Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL
    in the output but PASS for the libpng test.
  Require cmake-3.0.2 in CMakeLists.txt (Clifford Yapp).
  Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the
    num_exif argument to png_get_eXIf_1() (Github Issue 171).

Version 1.6.32beta11 [August 7, 2017]
  Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
  Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers.
  Make pngtest --strict, --relax, --xfail options imply -m (multiple).
  Removed unused chunk_name parameter from png_check_chunk_length().
  Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak.
  Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue.
  Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR.
  Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.
  Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account
    for the minimum 'deflate' stream, and relocate the test to a point
    after the keyword has been read.
  Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM".

Version 1.6.32rc01 [August 18, 2017]
  Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers,
    one for each known chunk type, with length = 2GB-1.
  Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts
    in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706,
    and 162707).
  Renamed chunks in contrib/testpngs/crashers to avoid having files whose
    names differ only in case; this causes problems with some platforms
    (github issue #172).

Version 1.6.32rc02 [August 22, 2017]
  Added contrib/oss-fuzz directory which contains files used by the oss-fuzz
    project (https://github.com/google/oss-fuzz/tree/master/projects/libpng).

Version 1.6.32 [August 24, 2017]
  No changes.
2017-08-26 05:50:00 +00:00
wiz
74c55634c2 Updated png to 1.6.31.
Changes since the last public release (1.6.30):

  Guard the definition of _POSIX_SOURCE in pngpriv.h (AIX already defines it;
    bug report by Michael Felt).
  Revised pngpriv.h to work around failure to compile arm/filter_neon.S
    ("typedef" directive is unrecognized by the assembler). The problem
    was introduced in libpng-1.6.30beta01.
  Added "Requires: zlib" to libpng.pc.in (Pieter Neerincx).
  Added special case for FreeBSD in arm/filter_neon.S (Maya Rashish).
  Added instructions for disabling hardware optimizations in INSTALL.
  Added "--enable-hardware-optimizations" configuration flag to enable
    or disable all hardware optimizations with one flag.
  Updated CMakeLists.txt to add INTEL_SSE and MIPS_MSA platforms.
  Changed "int" to "png_size_t" in intel/filter_sse2.c to prevent
    possible integer overflow (Bug report by John Bowler).
  Quieted "declaration after statement" warnings in intel/filter_sse2.c.
  Added scripts/makefile-linux-opt, which has hardware optimizations enabled.
  Removed one of the GCC-7.1.0 'strict-overflow' warnings that result when
    integers appear on both sides of a compare.  Worked around the others by
    forcing the strict-overflow setting in the relevant functions to a level
    where they are not reported (John Bowler).
  Changed "FALL THROUGH" comments to "FALLTHROUGH" because GCC doesn't like
    the space.
  Worked around some C-style casts from (void*) because g++ 5.4.0 objects
    to them.
  Increased the buffer size for 'sprint' to pass the gcc 7.1.0 'sprint
    overflow' check that is on by default with -Wall -Wextra.
  Added eXIf chunk support.
  Added a minimal eXIf chunk (with Orientation and FocalLengthIn35mmFilm
    tags) to pngtest.png.
2017-07-27 22:07:07 +00:00
wiz
2b5e9acc7e Updated png to 1.6.30.
Changes since the last public release (1.6.29):

  Added missing "$(CPPFLAGS)" to the compile line for c.pic.o in
    makefile.linux and makefile.solaris-x86 (Cosmin).
  Revised documentation of png_get_error_ptr() in the libpng manual.
  Silence clang -Wcomma and const drop warnings (Viktor Szakats).
  Update Sourceforge URLs in documentation (https instead of http).
  Document need to check for integer overflow when allocating a pixel
    buffer for multiple rows in contrib/gregbook, contrib/pngminus,
    example.c, and in the manual (suggested by Jaeseung Choi). This
    is similar to the bug reported against pngquant in CVE-2016-5735.
  Removed reference to the obsolete PNG_SAFE_LIMITS macro in the documentation.
  Check for integer overflow in contrib/visupng and contrib/tools/genpng.
  Do not double evaluate CMAKE_SYSTEM_PROCESSOR in CMakeLists.txt.
  Test CMAKE_HOST_WIN32 instead of WIN32 in CMakeLists.txt.
  Fix some URL in documentation.
  Avoid writing an empty IDAT when the last IDAT exactly fills the
    compression buffer (bug report by Brian Baird).  This bug was
    introduced in libpng-1.6.0.
  Update copyright year in pnglibconf.h, make ltmain.sh executable.
  Add a reference to the libpng.download site in README.
2017-07-03 11:07:00 +00:00
wiz
a7dfae2c13 Add new main master site. 2017-04-24 07:18:59 +00:00
wiz
225b288f23 Updated png to 1.6.29.
Version 1.6.29beta01 [January 12, 2017]
  Readded "include(GNUInstallDirs)" to CMakeLists.txt (Gianfranco Costamagna).
  Moved SSE2 optimization code into the main libpng source directory.
    Configure libpng with "configure --enable-intel-sse" or compile
    libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it.
  Simplified conditional compilation in pngvalid.c, for AIX (Michael Felt).

Version 1.6.29beta02 [February 22, 2017]
  Avoid conditional directives that break statements in pngrutil.c (Romero
    Malaquias)
  The contrib/examples/pngtopng.c recovery code was in the wrong "if"
    branches; the comments were correct.
  Added code for PowerPC VSX optimisation (Vadim Barkov).

Version 1.6.29beta03 [March 1, 2017]
  Avoid potential overflow of shift operations in png_do_expand() (Aaron Boxer).
  Change test ZLIB_VERNUM >= 0x1281 to ZLIB_VERNUM >= 0x1290 in pngrutil.c
    because Solaris 11 distributes zlib-1.2.8.f that is older than 1.2.8.1.
  Suppress clang warnings about implicit sign changes in png.c

Version 1.6.29 [March 16, 2017]
  No changes.
2017-03-16 15:15:42 +00:00
agc
30b55df38e Convert all occurrences (353 by my count) of
MASTER_SITES= 	site1 \
			site2

style continuation lines to be simple repeated

	MASTER_SITES+= site1
	MASTER_SITES+= site2

lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
2017-01-19 18:52:01 +00:00
wiz
8198c749c7 Updated png to 1.6.28.
Version 1.6.28rc01 [January 3, 2017]
  Fixed arm/aarch64 detection in CMakeLists.txt (Gianfranco Costamagna).
  Added option to Cmake build allowing a custom location of zlib to be
    specified in a scenario where libpng is being built as a subproject
    alongside zlib by another project (Sam Serrels).
  Changed png_ptr->options from a png_byte to png_uint_32, to accomodate
    up to 16 options.

Version 1.6.28rc02 [January 4, 2017]
  Added "include(GNUInstallDirs)" to CMakeLists.txt (Gianfranco Costamagna).
  Moved SSE2 optimization code into the main libpng source directory.
    Configure libpng with "configure --enable-intel-sse" or compile
    libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it.

Version 1.6.28rc03 [January 4, 2017]
  Backed out the SSE optimization and last CMakeLists.txt to allow time for QA.

Version 1.6.28 [January 5, 2017]
  No changes.
2017-01-05 17:54:44 +00:00
wiz
b43896f630 Updated png to 1.6.27, security fix release.
Version 1.6.27beta01 [November 2, 2016]
  Restrict the new ADLER32-skipping to IDAT chunks.  It broke iCCP chunk
    handling: an erroneous iCCP chunk would throw a png_error and reject the
    entire PNG image instead of rejecting just the iCCP chunk with a warning,
    if built with zlib-1.2.8.1.

Version 1.6.27rc01 [December 27, 2016]
  Control ADLER32 checking with new PNG_IGNORE_ADLER32 option.
  Removed the use of a macro containing the pre-processor 'defined'
    operator.  It is unclear whether this is valid; a macro that
    "generates" 'defined' is not permitted, but the use of the word
    "generates" within the C90 standard seems to imply more than simple
    substitution of an expression itself containing a well-formed defined
    operation.
  Added ARM support to CMakeLists.txt (Andreas Franek).

Version 1.6.27 [December 29, 2016]
  Fixed a potential null pointer dereference in png_set_text_2() (bug report
    and patch by Patrick Keshishian).
2016-12-29 18:41:03 +00:00
wiz
73c83b5c90 Updated png to 1.6.26.
Version 1.6.26beta01 [September 26, 2016]
  Fixed handling zero length IDAT in pngfix (bug report by Agostino Sarubbo,
    bugfix by John Bowler).
  Do not issue a png_error() on read in png_set_pCAL() because png_handle_pCAL
    has allocated memory that libpng needs to free.
  Conditionally compile png_set_benign_errors() in pngread.c and pngtest.c
  Issue a png_benign_error instead of a png_error on ADLER32 mismatch
    while decoding compressed data chunks.
  Changed PNG_ZLIB_VERNUM to ZLIB_VERNUM in pngpriv.h, pngstruct.h, and
    pngrutil.c.
  If CRC handling of critical chunks has been set to PNG_CRC_QUIET_USE,
    ignore the ADLER32 checksum in the IDAT chunk as well as the chunk CRCs.
  Issue png_benign_error() on ADLER32 checksum mismatch instead of png_error().
  Add tests/badcrc.png and tests/badadler.png to tests/pngtest.
  Merged pngtest.c with libpng-1.7.0beta84/pngtest.c

Version 1.6.26beta02 [October 1, 2016]
  Updated the documentation about CRC and ADLER32 handling.
  Quieted 117 warnings from clang-3.8 in pngtrans.c, pngread.c,
     pngwrite.c, pngunknown.c, and pngvalid.c.
  Quieted 58 (out of 144) -Wconversion compiler warnings by changing
    flag definitions in pngpriv.h from 0xnnnn to 0xnnnnU and trivial changes
    in png.c, pngread.c, and pngwutil.c.

Version 1.6.26beta03 [October 2, 2016]
  Removed contrib/libtests/*.orig and *.rej that slipped into the tarballs.
  Quieted the 86 remaining -Wconversion compiler warnings by
    revising the png_isaligned() macro and trivial changes in png.c,
    pngerror.c, pngget.c, pngmem.c, pngset.c, pngrtran.c, pngrutil.c,
    pngwtran.c, pngwrite.c, and pngwutil.c.

Version 1.6.26beta04 [October 3, 2016]
  Quieted (bogus?) clang warnings about "absolute value has no effect"
    when PNG_USE_ABS is defined.
  Fixed offsets in contrib/intel/intel_sse.patch

Version 1.6.26beta05 [October 6, 2016]
  Changed integer constant 4294967294 to unsigned 4294967294U in pngconf.h
    to avoid a signed/unsigned compare in the preprocessor.

Version 1.6.26beta06 [October 7, 2016]
  Use zlib-1.2.8.1 inflateValidate() instead of inflateReset2() to
    optionally avoid ADLER32 evaluation.

Version 1.6.26rc01 [October 12, 2016]
  No changes.

Version 1.6.26 [October 20, 2016]
  Cosmetic change, "ptr != 0" to "ptr != NULL" in png.c and pngrutil.c
  Despammed email addresses (replaced "@" with " at ").
2016-10-20 11:36:36 +00:00
wiz
9217b5bcea Updated png to 1.6.25.
Changes since the last public release (1.6.24):
  Reject oversized iCCP profile immediately.
  Cleaned up PNG_DEBUG compile of pngtest.c.
  Conditionally compile png_inflate().
  Don't install pngcp; it conflicts with pngcp in the pngtools package.
  Minor editing of INSTALL, (whitespace, added copyright line)
  Added MIPS support (Mandar Sahastrabuddhe <Mandar.Sahastrabuddhe@imgtec.com>).
  Rebased contrib/intel/intel_sse.patch after the MIPS implementation.
2016-09-01 04:14:23 +00:00
wiz
2740df4603 Updated png to 1.6.24.
Version 1.6.24beta01 [June 11, 2016]
  Avoid potential overflow of the PNG_IMAGE_SIZE macro.  This macro
    is not used within libpng, but is used in some of the examples.

Version 1.6.24beta02 [June 23, 2016]
  Correct filter heuristic overflow handling. This was broken when the
    write filter code was moved out-of-line; if there is a single filter and
    the heuristic sum overflows the calculation of the filtered line is not
    completed.  In versions prior to 1.6 the code was duplicated in-line
    and the check not performed, so the filter operation completed; however,
    in the multi-filter case where the sum is performed the 'none' filter would
    be selected if all the sums overflowed, even if it wasn't in the filter
    list.  The fix to the first problem is simply to provide PNG_SIZE_MAX as
    the current lmins sum value; this means the sum can never exceed it and
    overflows silently.  A reasonable compiler that does choose to inline
    the code will simply eliminate the sum check.
  The fix to the second problem is to use high precision arithmetic (this is
    implemented in 1.7), however a simple safe fix here is to chose the lowest
    numbered filter in the list from png_set_filter (this only works if the
    first problem is also fixed) (John Bowler).
  Use a more efficient absolute value calculation on SSE2 (Matthieu Darbois).
  Fixed the case where PNG_IMAGE_BUFFER_SIZE can overflow in the application
    as a result of the application using an increased 'row_stride'; previously
    png_image_finish_read only checked for overflow on the base calculation of
    components.  (I.e. it checked for overflow of a 32-bit number on the total
    number of pixel components in the output format, not the possibly padded row
    length and not the number of bytes, which for linear formats is twice the
    number of components.)
  MSVC does not like '-(unsigned)', so replaced it with 0U-(unsigned)
  MSVC does not like (uInt) = -(unsigned) (i.e. as an initializer), unless
    the conversion is explicitly invoked by a cast.
  Put the SKIP definition in the correct place. It needs to come after the
    png.h include (see all the other .c files in contrib/libtests) because it
    depends on PNG_LIBPNG_VER.
  Removed the three compile warning options from the individual project
    files into the zlib.props globals.  It increases the warning level from 4
    to All and adds a list of the warnings that need to be turned off.  This is
    semi-documentary; the intent is to tell libpng users which warnings have
    been examined and judged non-fixable at present.  The warning about
    structure padding is fixable, but it would be a signficant change (moving
    structure members around).

Version 1.6.24beta03 [July 4, 2016]
  Optimized absolute value calculation in filter selection, similar to
    code in the PAETH decoder in pngrutil.c. Build with PNG_USE_ABS to
    use this.
  Added pngcp to the build together with a pngcp.dfa configuration test.
  Added high resolution timing to pngcp.
  Added "Common linking failures" section to INSTALL.
  Relocated misplaced #endif in png.c sRGB profile checking.
  Fixed two Coverity issues in pngcp.c.

Version 1.6.24beta04 [July 8, 2016]
  Avoid filter-selection heuristic sum calculations in cases where only one
    filter is a candidate for selection. This trades off code size (added
    private png_setup_*_row_only() functions) for speed.

Version 1.6.24beta05 [July 13, 2016]
  Fixed some indentation to comply with our coding style.
  Added contrib/tools/reindent.

Version 1.6.24beta06 [July 18, 2016]
  Fixed more indentation to comply with our coding style.
  Eliminated unnecessary tests of boolean png_isaligned() vs 0.

Version 1.6.24rc01 [July 25, 2016]
  No changes.

Version 1.6.24rc02 [August 1, 2016]
  Conditionally compile SSE2 headers in contrib/intel/intel_sse.patch
  Conditionally compile png_decompress_chunk().

Version 1.6.24rc03 [August 2, 2016]
  Conditionally compile ARM_NEON headers in pngpriv.h
  Updated contrib/intel/intel_sse.patch

Version 1.6.24[August 4, 2016]
  No changes.
2016-08-04 06:05:08 +00:00
wiz
8bb76004f4 Updated png to 1.6.23.
Version 1.6.23beta01 [May 29, 2016]
  Stop a potential memory leak in png_set_tRNS() (Bug report by Ted Ying).
  Fixed the progressive reader to handle empty first IDAT chunk properly
    (patch by Timothy Nikkel).  This bug was introduced in libpng-1.6.0 and
    only affected the libpng16 branch.
  Added tests in pngvalid.c to check zero-length IDAT chunks in various
    positions.  Fixed the sequential reader to handle these more robustly
    (John Bowler).

Version 1.6.23rc01 [June 2, 2016]
  Corrected progressive read input buffer in pngvalid.c. The previous version
    the code invariably passed just one byte at a time to libpng.  The intent
    was to pass a random number of bytes in the range 0..511.
  Moved sse2 prototype from pngpriv.h to contrib/intel/intel_sse.patch.
  Added missing ")" in pngerror.c (Matt Sarrett).

Version 1.6.23rc02 [June 4, 2016]
  Fixed undefined behavior in png_push_save_buffer(). Do not call
    memcpy() with a null source, even if count is zero (Leon Scroggins III).

Version 1.6.23 [June 9, 2016]
  Fixed bad link to RFC2083 in png.5 (Nikola Forro).
2016-06-10 15:23:47 +00:00
wiz
fdf294f8a4 Updated png to 1.6.22.
Version 1.6.22beta01 [January 23, 2016]
  Changed PNG_USE_MKSTEMP to __COVERITY__ to select alternate
    "tmpfile()" implementation in contrib/libtests/pngstest.c
  Fixed NO_STDIO build of pngunknown.c to skip calling png_init_io()
    if there is no stdio.h support.
  Added a png_image_write_to_memory() API and a number of assist macros
    to allow an application that uses the simplified API write to bypass
    stdio and write directly to memory.
  Added some warnings (png.h) and some check code to detect *possible*
    overflow in the ROW_STRIDE and simplified image SIZE macros.  This
    disallows image width/height/format that *might* overflow.  This is
    a quiet API change that limits in-memory image size (uncompressed) to
    less than 4GByte and image row size (stride) to less than 2GByte.
  Revised workaround for false-positive Coverity issue in pngvalid.c.

Version 1.6.22beta02 [February 8, 2016]
  Only use exit(77) in configure builds.
  Corrected error in PNG_IMAGE_PNG_SIZE_MAX. This new macro underreported
    the palette size because it failed to take into account that the memory
    palette has to be expanded to full RGB when it is written to PNG.
  Updated CMakeLists.txt, added supporting scripts/gen*.cmake.in
    and test.cmake.in (Roger Leigh).
  Relaxed limit checks on gamma values in pngrtran.c. As suggested in
    the comments gamma values outside the range currently permitted
    by png_set_alpha_mode are useful for HDR data encoding.  These values
    are already permitted by png_set_gamma so it is reasonable caution to
    extend the png_set_alpha_mode range as HDR imaging systems are starting
    to emerge.

Version 1.6.22beta03 [March 9, 2016]
  Added a common-law trademark notice and export control information
    to the LICENSE file, png.h, and the man page.
  Restored "& 0xff" in png_save_uint_16() and png_save_uint_32() that
    were accidentally removed from libpng-1.6.17.
  Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0xnnnn to 0xnnnnU in png.h
    (Robert C. Seacord).
  Removed dubious "#if INT_MAX" test from png.h that was added to
    libpng-1.6.19beta02 (John Bowler).
  Add ${INCLUDES} in scripts/genout.cmake.in (Bug report by Nixon Kwok).
  Updated LICENSE to say files in the contrib directory are not
    necessarily under the libpng license, and that some makefiles have
    other copyright owners.
  Added INTEL-SSE2 support (Mike Klein and Matt Sarett, Google, Inc.).
  Made contrib/libtests/timepng more robust.  The code no longer gives
    up/fails on invalid PNG data, it just skips it (with error messages).
    The code no longer fails on PNG files with data beyond IEND.  Options
    exist to use png_read_png (reading the whole image, not by row) and, in
    that case, to apply any of the supported transforms.  This makes for
    more realistic testing; the decoded data actually gets used in a
    meaningful fashion (John Bowler).
  Fixed some misleading indentation (Krishnaraj Bhat).

Version 1.6.22beta04 [April 5, 2016]
  Force GCC compilation to C89 if needed (Dagobert Michelsen).
  SSE filter speed improvements for bpp=3:
    memcpy-free implementations of load3() / store3().
    call load3() only when needed at the end of a scanline.

Version 1.6.22beta05 [April 27, 2016]
  Added PNG_FAST_FILTERS macro (defined as
    PNG_FILTER_NONE|PNG_FILTER_SUB|PNG_FILTER_UP).
  Various fixes for contrib/libtests/timepng.c
  Moved INTEL-SSE code from pngpriv.h into contrib/intel/intel_sse.patch.
  Fixed typo (missing underscore) in #define PNG_READ_16_TO_8_SUPPORTED
    (Bug report by Y.Ohashik).

Version 1.6.22beta06 [May 5, 2016]
  Rebased contrib/intel_sse.patch.
  Quieted two Coverity issues in contrib/libtests/timepng.c.
  Fixed issues with scripts/genout.cmake.in (David Capello, Nixon Kwok):
    Added support to use multiple directories in ZLIBINCDIR variable,
    Fixed CMAKE_C_FLAGS with multiple values when genout is compiled on MSVC,
    Fixed pnglibconf.c compilation on OS X including the sysroot path.

Version 1.6.22rc01 [May 14, 2016]
  No changes.

Version 1.6.22rc02 [May 16, 2016]
  Removed contrib/timepng from default build; it does not build on platforms
    that don't supply clock_gettime().

Version 1.6.22rc03 [May 17, 2016]
  Restored contrib/timepng to default build but check for the presence
    of clock_gettime() in configure.ac and Makefile.am.

Version 1.6.22 [May 26, 2016]
  No changes.
2016-05-26 13:32:00 +00:00
wiz
f3813c0f54 Update png to 1.6.21:
Version 1.6.21beta01 [December 11, 2015]
  Fixed syntax "$(command)" in tests/pngstest that some shells other than
    bash could not parse (Bug report by Nelson Beebe). Use `command` instead.

Version 1.6.21beta02 [December 14, 2015]
  Moved png_check_keyword() from pngwutil.c to pngset.c
  Removed LE/BE dependencies in pngvalid, to 'fix' the current problem
    in the BigEndian tests by not testing it, making the BE code the same
    as the LE version.
  Fixes to pngvalid for various reduced build configurations (eliminate unused
    statics) and a fix for the case in rgb_to_gray when the digitize option
    reduces graylo to 0, producing a large error.

Version 1.6.21beta03 [December 18, 2015]
  Widened the 'limit' check on the internally calculated error limits in
    the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error
    checks) and changed the check to only operate in non-release builds
    (base build type not RC or RELEASE.)
  Fixed undefined behavior in pngvalid.c, undefined because
    (png_byte) << shift is undefined if it changes the signed bit
    (because png_byte is promoted to int). The libpng exported functions
    png_get_uint_32 and png_get_uint_16 handle this. (Bug reported by
    David Drysdale as a result of reports from UBSAN in clang 3.8).
  This changes pngvalid to use BE random numbers; this used to produce
    errors but these should not be fixed as a result of the previous changes.

Version 1.6.21rc01 [January 4, 2016]
  In projects/vstudio, combined readme.txt and WARNING into README.txt

Version 1.6.21rc02 [January 7, 2016]
  Relocated assert() in contrib/tools/pngfix.c, bug found by American
    Fuzzy Lop, reported by Brian Carpenter.
  Marked 'limit' UNUSED in transform_range_check().  This only affects
    release builds.

Version 1.6.21 [January 15, 2016]
  Worked around a false-positive Coverity issue in pngvalid.c.
2016-01-16 00:05:15 +00:00
wiz
8d173e1daa Update to 1.6.20:
Version 1.6.20beta01 [November 20, 2015]
  Avoid potential pointer overflow/underflow in png_handle_sPLT() and
    png_handle_pCAL() (Bug report by John Regehr).

Version 1.6.20beta02 [November 23, 2015]
  Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
    not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
    vulnerability.

Version 1.6.20beta03 [November 24, 2015]
  Backported tests from libpng-1.7.0beta69.

Version 1.6.20rc01 [November 26, 2015]
  Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
    American Fuzzy Lop, reported by Brian Carpenter.  inflate() doesn't
    immediately fault a bad CMINFO field; instead a 'too far back' error
    happens later (at least some times).  pngfix failed to limit CMINFO to
    the allowed values but then assumed that window_bits was in range,
    triggering an assert. The bug is mostly harmless; the PNG file cannot
    be fixed.

Version 1.6.20rc02 [November 29, 2015]
  In libpng 1.6 zlib initialization was changed to use the window size
    in the zlib stream, not a fixed value. This causes some invalid images,
    where CINFO is too large, to display 'correctly' if the rest of the
    data is valid.  This provides a workaround for zlib versions where the
    error arises (ones that support the API change to use the window size
    in the stream).

Version 1.6.20 [December 3, 2015]
  No changes.
2015-12-03 15:17:02 +00:00
wiz
01a3d7cec2 Update png to 1.6.19:
Libpng 1.6.19 - November 12, 2015
Changes since the last public release (1.6.18):
  Updated obsolete information about the simplified API macros in the
    manual pages (Bug report by Arc Riley).
  Avoid potentially dereferencing NULL info_ptr in png_info_init_3().
  Rearranged png.h to put the major sections in the same order as
    in libpng17.
  Eliminated unused PNG_COST_SHIFT, PNG_WEIGHT_SHIFT, PNG_COST_FACTOR, and
    PNG_WEIGHT_FACTOR macros.
  Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler
    (Bug report by Viktor Szakats).  Several warnings remain and are
    unavoidable, where we test for overflow.
  Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
  Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
  Moved config.h.in~ from the "libpng_autotools_files" list to the
    "libpng_autotools_extra" list in autogen.sh because it was causing a
    false positive for missing files (bug report by Robert C. Seacord).
  Removed unreachable "break" statements in png.c, pngread.c, and pngrtran.c
    to suppress clang warnings (Bug report by Viktor Szakats).
  Fixed some bad links in the man page.
  Changed "n bit" to "n-bit" in comments.
  Added signed/unsigned 16-bit safety net. This removes the dubious
    0x8000 flag definitions on 16-bit systems. They aren't supported
    yet the defs *probably* work, however it seems much safer to do this
    and be advised if anyone, contrary to advice, is building libpng 1.6
    on a 16-bit system. It also adds back various switch default clauses
    for GCC; GCC errors out if they are not present (with an appropriately
    high level of warnings).
  Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert
    Seacord).
  Fixed the recently reported 1's complement security issue by replacing
    the value that is illegal in the PNG spec, in both signed and unsigned
    values, with 0. Illegal unsigned values (anything greater than or equal
    to  0x80000000) can still pass through, but since these are not illegal
    in ANSI-C (unlike 0x80000000 in the signed case) the checking that
    occurs later can catch them (John Bowler).
  Fixed png_save_int_32 when int is not 2's complement (John Bowler).
  Updated libpng16 with all the recent test changes from libpng17,
    including changes to pngvalid.c to ensure that the original,
    distributed, version of contrib/visupng/cexcept.h can be used
    (John Bowler).
  pngvalid contains the correction to the use of SAVE/STORE_
    UNKNOWN_CHUNKS; a bug revealed by changes in libpng 1.7. More
    tests contain the --strict option to detect warnings and the
    pngvalid-standard test has been corrected so that it does not
    turn on progressive-read. There is a separate test which does
    that. (John Bowler)
  Also made some signed/unsigned fixes.
  Make pngstest error limits version specific. Splitting the machine
    generated error structs out to a file allows the values to be updated
    without changing pngstest.c itself. Since libpng 1.6 and 1.7 have
    slightly different error limits this simplifies maintenance. The
    makepngs.sh script has also been updated to more accurately reflect
    current problems in libpng 1.7 (John Bowler).
  Incorporated new test PNG files into make check.  tests/pngstest-*
    are changed so that the new test files are divided into 8 groups by
    gamma and alpha channel.  These tests have considerably better code
    and pixel-value coverage than contrib/pngsuite; however,coverage is
    still incomplete (John Bowler).
  Removed the '--strict' in 1.6 because of the double-gamma-correction
    warning, updated pngstest-errors.h for the errors detected with the
    new contrib/testspngs PNG test files (John Bowler).
  Worked around rgb-to-gray issues in libpng 1.6.  The previous
    attempts to ignore the errors in the code aren't quite enough to
    deal with the 'channel selection' encoding added to libpng 1.7; abort.
  Fixed 'pow' macros in pngvalid.c. It is legal for 'pow' to be a
    macro, therefore the argument list cannot contain preprocessing
    directives.  Make sure pow is a function where this happens. This is
    a minimal safe fix, the issue only arises in non-performance-critical
    code (bug report by Curtis Leach, fix by John Bowler).
  Added sPLT support to pngtest.c
  Prevent setting or writing over-length PLTE chunk (Cosmin Truta).
  Silently truncate over-length PLTE chunk while reading.
  Libpng incorrectly calculated the output rowbytes when the application
    decreased either the number of channels or the bit depth (or both) in
    a user transform.  This was safe; libpng overallocated buffer space
   (potentially by quite a lot; up to 4 times the amount required) but,
   from 1.5.4 on, resulted in a png_error (John Bowler).
  Fixed some inconsequential cut-and-paste typos in
png_set_cHRM_XYZ_fixed().
  Clarified COPYRIGHT information to state explicitly that versions
    are derived from previous versions.
  Removed much of the long list of previous versions from png.h and
    libpng.3.
2015-11-12 16:12:19 +00:00
wiz
f9cc6a5950 Update to 1.6.18:
Version 1.6.18beta01 [April 1, 2015]
  Removed PNG_SET_CHUNK_[CACHE|MALLOC]_LIMIT_SUPPORTED macros.  They
    have been combined with PNG_SET_USER_LIMITS_SUPPORTED (resolves
    bug report by Andrew Church).
  Fixed rgb_to_gray checks and added tRNS checks to pngvalid.c.  This
    fixes some arithmetic errors that caused some tests to fail on
    some 32-bit platforms (Bug reports by Peter Breitenlohner [i686]
    and Petr Gajdos [i586]).

Version 1.6.18beta02 [April 26, 2015]
  Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler
    (Bug report by Viktor Szaka'ts).

Version 1.6.18beta03 [May 6, 2015]
  Replaced "unexpected" with an integer (0xabadca11) in pngset.c
    where a long was expected, to avoid a compiler warning when PNG_DEBUG > 1.
  Added contrib/examples/simpleover.c, to demonstrate how to handle
    alpha compositing of multiple images, using the "simplified API"
    and an example PNG generation tool, contrib/examples/genpng.c
    (John Bowler).

Version 1.6.18beta04 [May 20, 2015]
  PNG_RELEASE_BUILD replaces tests where the code depended on the build base
    type and can be defined on the command line, allowing testing in beta
    builds (John Bowler).
  Avoid Coverity issue 80858 (REVERSE NULL) in pngtest.c PNG_DEBUG builds.
  Avoid a harmless potential integer overflow in png_XYZ_from_xy() (Bug
    report from Christopher Ferris).

Version 1.6.18beta05 [May 31, 2015]
  Backport filter selection code from libpng-1.7.0beta51, to combine
    sub_row, up_row, avg_row, and paeth_row into try_row and tst_row.
  Changed png_voidcast(), etc., to voidcast(), etc., in contrib/tools/pngfix.c
    to avoid confusion with the libpng private macros.
  Fixed old cut&paste bug in the weighted filter selection code in
    pngwutil.c, introduced in libpng-0.95, March 1997.

Version 1.6.18beta06 [June 1, 2015]
  Removed WRITE_WEIGHTED_FILTERED code, to save a few kbytes of the
    compiled library size. It never worked properly and as far as we can
    tell, no one uses it. The png_set_filter_heuristics() and
    png_set_filter_heuristics_fixed() APIs are retained but deprecated
    and do nothing.

Version 1.6.18beta07 [June 6, 2015]
  Removed non-working progressive reader 'skip' function. This
    function has apparently never been used. It was implemented
    to support back-door modification of png_struct in libpng-1.4.x
    but (because it does nothing and cannot do anything) was apparently
    never tested (John Bowler).
  Fixed cexcept.h in which GCC 5 now reports that one of the auto
    variables in the Try macro needs to be volatile to prevent value
    being lost over the setjmp (John Bowler).
  Fixed NO_WRITE_FILTER and -Wconversion build breaks (John Bowler).
  Fix g++ build breaks (John Bowler).
  Quieted some Coverity issues in pngfix.c, png-fix-itxt.c, pngvalid.c,
    pngstest.c, and pngimage.c. Most seem harmless, but png-fix-itxt
    would only work with iTXt chunks with length 255 or less.
  Added #ifdef's to contrib/examples programs so people don't try
    to compile them without the minimum required support enabled
    (suggested by Flavio Medeiros).

Version 1.6.18beta08 [June 30, 2015]
  Eliminated the final two Coverity defects (insecure temporary file
    handling in contrib/libtests/pngstest.c; possible overflow of
    unsigned char in contrib/tools/png-fix-itxt.c). To use the "secure"
    file handling, define PNG_USE_MKSTEMP, otherwise "tmpfile()" will
    be used.
  Removed some unused WEIGHTED_FILTER macros from png.h and pngstruct.h

Version 1.6.18beta09 [July 5, 2015]
  Removed some useless typecasts from contrib/tools/png-fix-itxt.c
  Fixed a new signed-unsigned comparison in pngrtran.c (Max Stepin).
  Replaced arbitrary use of 'extern' with #define PNG_LINKAGE_*.  To
    preserve API compatibility, the new defines all default to "extern"
    (requested by Jan Nijtmans).

Version 1.6.18rc01 [July 9, 2015]
  Belatedly added Mans Rullgard and James Yu to the list of Contributing
    Authors.

Version 1.6.18rc02 [July 12, 2015]
  Restored unused FILTER_HEURISTIC macros removed at libpng-1.6.18beta08
    to png.h to avoid compatibility warnings.

Version 1.6.18rc03 [July 15, 2015]
  Minor changes to the man page

Version 1.6.18 [July 23, 2015]
  No changes.
2015-07-26 22:46:53 +00:00
wiz
34384d09e9 Update to 1.6.17:
Version 1.6.17beta01 [January 29, 2015]
  Removed duplicate PNG_SAFE_LIMITS_SUPPORTED handling from pngconf.h
  Corrected the width limit calculation in png_check_IHDR().
  Removed user limits from pngfix. Also pass NULL pointers to
    png_read_row to skip the unnecessary row de-interlace stuff.
  Added testing of png_set_packing() to pngvalid.c
  Regenerated configure scripts in the *.tar distributions with libtool-2.4.4
  Implement previously untested cases of libpng transforms in pngvalid.c
  Fixed byte order in 2-byte filler, in png_do_read_filler().
  Made the check for out-of-range values in png_set_tRNS() detect
    values that are exactly 2^bit_depth, and work on 16-bit platforms.
  Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47.
  Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and
    pngset.c to avoid warnings about dead code.
  Added "& 0xff" to many instances of expressions that are typecast
    to (png_byte), to avoid Coverity gripes.

Version 1.6.17beta02 [February 7, 2015]
  Work around one more Coverity-scan dead-code warning.
  Do not build png_product2() when it is unused.

Version 1.6.17beta03 [February 17, 2015]
  Display user limits in the output from pngtest.
  Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column
    and 1-million-row default limits in pnglibconf.dfa, that can be reset
    by the user at build time or run time.  This provides a more robust
    defense against DOS and as-yet undiscovered overflows.

Version 1.6.17beta04 [February 21, 2015]
  Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default.
  Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins).
  Rebuilt configure scripts with automake-1.15 and libtool-2.4.6

Version 1.6.17beta05 [February 25, 2015]
  Restored compiling of png_reciprocal2 with PNG_NO_16BIT.

Version 1.6.17beta06 [February 27, 2015]
  Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block
    of png.h.
  Avoid runtime checks when converting integer to png_byte with
    Visual Studio (Sergey Kosarevsky)

Version 1.6.17rc01 [March 4, 2015]
  No changes.

Version 1.6.17rc02 [March 9, 2015]
  Removed some comments that the configure script did not handle
    properly from scripts/pnglibconf.dfa and pnglibconf.h.prebuilt.
  Free the unknown_chunks structure even when it contains no data.

Version 1.6.17rc03 [March 12, 2015]
  Updated CMakeLists.txt to add OSX framework, change YES/NO to ON/OFF
    for consistency, and remove some useless tests (Alexey Petruchik).

Version 1.6.17rc04 [March 16, 2015]
  Remove pnglibconf.h, pnglibconf.c, and pnglibconf.out instead of
    pnglibconf.* in "make clean" (Cosmin).
  Fix bug in calculation of maxbits, in png_write_sBIT, introduced
    in libpng-1.6.17beta01 (John Bowler).

Version 1.6.17rc05 [March 21, 2015]
  Define PNG_FILTER_* and PNG_FILTER_VALUE_* in png.h even when WRITE
    is not supported (John Bowler).  This fixes an error introduced in
    libpng-1.6.17beta06.
  Reverted "& 0xff" additions of version 1.6.17beta01. Libpng passes
    the Coverity scan without them.

Version 1.6.17rc06 [March 23, 2015]
  Remove pnglibconf.dfn and pnglibconf.pre with "make clean".
  Reformatted some "&0xff" instances to "& 0xff".
  Fixed simplified 8-bit-linear to sRGB alpha. The calculated alpha
    value was wrong.  It's not clear if this affected the final stored
    value; in the obvious code path the upper and lower 8-bits of the
    alpha value were identical and the alpha was truncated to 8-bits
    rather than dividing by 257 (John Bowler).

Version 1.6.17 [March 26, 2015]
  No changes.
2015-04-02 22:35:54 +00:00
wiz
9b93375b2e Update to 1.6.16; a CVE was requested for a heap overflow.
Changes since the last public release (1.6.15):
  Added ".align 2" to arm/filter_neon.S to support old GAS assemblers that
    don't do alignment correctly.
  Revised Makefile.am and scripts/*.dfn to work with MinGW/MSYS;
    renamed scripts/*.dfn to scripts/*.c (Bob Friesenhahn and John Bowler).
  Quiet a "comparison always true" warning in pngstest.c (John Bowler).
  Restored a test on width that was removed from png.c at libpng-1.6.9
    (Bug report by Alex Eubanks).
  Fixed an overflow in png_combine_row with very wide interlaced images.
2014-12-23 07:54:21 +00:00
wiz
093f109e54 Update to 1.6.15:
Version 1.6.15beta01 [October 29, 2014]
  Changed "if (!x)" to "if (x == 0)" and "if (x)" to "if (x != 0)"
  Simplified png_free_data().
  Added missing "ptr = NULL" after some instances of png_free().

Version 1.6.15beta02 [November 1, 2014]
  Changed remaining "if (!x)" to "if (x == 0)" and "if (x)" to "if (x != 0)"

Version 1.6.15beta03 [November 3, 2014]
  Added PNG_USE_ARM_NEON configuration flag (Marcin Juszkiewicz).

Version 1.6.15beta04 [November 4, 2014]
  Removed new PNG_USE_ARM_NEON configuration flag and made a one-line
    revision to configure.ac to support ARM on aarch64 instead (John Bowler).

Version 1.6.15beta05 [November 5, 2014]
  Use png_get_libpng_ver(NULL) instead of PNG_LIBPNG_VER_STRING in
    example.c, pngtest.c, and applications in the contrib directory.
  Avoid out-of-bounds memory access in png_user_version_check().
  Simplified and future-proofed png_user_version_check().
  Fixed GCC unsigned int->float warnings. Various versions of GCC
    seem to generate warnings when an unsigned value is implicitly
    converted to double. This is probably a GCC bug but this change
    avoids the issue by explicitly converting to (int) where safe.
  Free all allocated memory in pngimage. The file buffer cache was left
    allocated at the end of the program, harmless but it causes memory
    leak reports from clang.
  Fixed array size calculations to avoid warnings. At various points
    in the code the number of elements in an array is calculated using
    sizeof.  This generates a compile time constant of type (size_t) which
    is then typically assigned to an (unsigned int) or (int). Some versions
    of GCC on 64-bit systems warn about the apparent narrowing, even though
    the same compiler does apparently generate the correct, in-range,
    numeric constant.  This adds appropriate, safe, casts to make the
    warnings go away.

Version 1.6.15beta06 [November 6, 2014]
  Reverted use png_get_libpng_ver(NULL) instead of PNG_LIBPNG_VER_STRING
    in the manual, example.c, pngtest.c, and applications in the contrib
    directory.  It was incorrect advice.

Version 1.6.15beta07 [November 7, 2014]
  Removed #ifdef PNG_16BIT_SUPPORTED/#endif around png_product2(); it is
    needed by png_reciprocal2().
  Added #ifdef PNG_16BIT_SUPPORTED/#endif around png_log16bit() and
    png_do_swap().
  Changed all "#endif /* PNG_FEATURE_SUPPORTED */" to "#endif /* FEATURE */"

Version 1.6.15beta08 [November 8, 2014]
  More housecleaning in *.h

Version 1.6.15rc01 [November 13, 2014]

Version 1.6.15rc02 [November 14, 2014]
  The macros passed in the command line to Borland make were ignored if
    similarly-named macros were already defined in makefiles. This behavior
    is different from POSIX make and other make programs.  Surround the
    macro definitions with ifndef guards (Cosmin).

Version 1.6.15rc03 [November 16, 2014]
  Added "-D_CRT_SECURE_NO_WARNINGS" to CFLAGS in scripts/makefile.vcwin32.
  Removed the obsolete $ARCH variable from scripts/makefile.darwin.

Version 1.6.15 [November 20, 2014]
  No changes.
2014-11-20 23:49:11 +00:00
wiz
09fee1cf1e Update to 1.6.14:
Version 1.6.14beta01 [September 14, 2014]
  Guard usage of png_ptr->options with #ifdef PNG_SET_OPTION_SUPPORTED.
  Do not build contrib/tools/pngfix.c when PNG_SETJMP_NOT_SUPPORTED,
    to allow "make" to complete without setjmp support (bug report by
    Claudio Fontana)
  Add "#include <setjmp.h>" to contrib/tools/pngfix.c (John Bowler)

Version 1.6.14beta02 [September 18, 2014]
  Use nanosleep() instead of usleep() in contrib/gregbook/rpng2-x.c
    because usleep() is deprecated.
  Define usleep() in contrib/gregbook/rpng2-x.c if not already defined
    in unistd.h and nanosleep() is not available; fixes error introduced
    in libpng-1.6.13.
  Disable floating point exception handling in pngvalid.c when
    PNG_FLOATING_ARITHMETIC is not supported (bug report by "zootus
    at users.sourceforge.net").

Version 1.6.14beta03 [September 19, 2014]
  Define FE_DIVBYZERO, FE_INVALID, and FE_OVERFLOW in pngvalid.c if not
    already defined.  Revert floating point exception handling in pngvalid.c
    to version 1.6.14beta01 behavior.

Version 1.6.14beta04 [September 27, 2014]
  Fixed incorrect handling of the iTXt compression flag in pngrutil.c
    (bug report by Shunsaku Hirata).  Bug was introduced in libpng-1.6.0.

Version 1.6.14beta05 [October 1, 2014]
  Added "option READ_iCCP enables READ_COMPRESSED_TEXT" to pnglibconf.dfa

Version 1.6.14beta06 [October 5, 2014]
  Removed unused "text_len" parameter from private function png_write_zTXt().
  Conditionally compile some code in png_deflate_claim(), when
    PNG_WARNINGS_SUPPORTED and PNG_ERROR_TEXT_SUPPORTED are disabled.
  Replaced repeated code in pngpread.c with PNG_PUSH_SAVE_BUFFER_IF_FULL.
  Added "chunk iTXt enables TEXT" and "chunk zTXt enables TEXT"
    to pnglibconf.dfa.
  Removed "option READ_COMPRESSED_TEXT enables READ_TEXT" from pnglibconf.dfa,
    to make it possible to configure a libpng that supports iCCP but not TEXT.

Version 1.6.14beta07 [October 7, 2014]
  Removed "option WRITE_COMPRESSED_TEXT enables WRITE_TEXT" from pnglibconf.dfa
  Only mark text chunks as written after successfully writing them.

Version 1.6.14rc01 [October 15, 2014]
  Fixed some typos in comments.

Version 1.6.14rc02 [October 17, 2014]
  Changed png_convert_to_rfc_1123() to png_convert_to_rfc_1123_buffer()
    in the manual, to reflect the change made in libpng-1.6.0.
  Updated README file to explain that direct access to the png_struct
    and info_struct members has not been permitted since libpng-1.5.0.

Version 1.6.14 [October 23, 2014]
  No changes.
2014-10-23 07:18:23 +00:00
wiz
cda18437be Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles. 2014-10-09 14:05:50 +00:00
wiz
79641b40ec Update to 1.6.13:
Version 1.6.13beta01 [July 4, 2014]
  Quieted -Wsign-compare and -Wclobber compiler warnings in
    contrib/pngminus/*.c
  Added "(void) png_ptr;" where needed in contrib/gregbook to quiet
    compiler complaints about unused pointers.
  Split a long output string in contrib/gregbook/rpng2-x.c.
  Added "PNG_SET_OPTION" requirement for sRGB chunk support to pnglibconf.dfa,
    Needed for write-only support (John Bowler).
  Changed "if defined(__ARM_NEON__)" to
    "if (defined(__ARM_NEON__) || defined(__ARM_NEON))" (James Wu).
  Fixed clang no-warning builds: png_digit was defined but never used.

Version 1.6.13beta02 [July 21, 2014]
  Fixed an incorrect separator ("/" should be "\") in scripts/makefile.vcwin32
    (bug report from Wolfgang S. Kechel).  Bug was introduced in libpng-1.6.11.
    Also fixed makefile.bc32, makefile.bor, makefile.msc, makefile.intel, and
    makefile.tc3 similarly.

Version 1.6.13beta03 [August 3, 2014]
  Removed scripts/makefile.elf. It has not worked since libpng-1.5.0beta14
    due to elimination of the PNG_FUNCTION_EXPORT and PNG_DATA_EXPORT
    definitions from pngconf.h.
  Ensure that CMakeLists.txt makes the target "lib" directory before making
    symbolic link into it (SourceForge bug report #226 by Rolf Timmermans).

Version 1.6.13beta04 [August 8, 2014]
  Added opinion that the ECCN (Export Control Classification Number) for
    libpng is EAR99 to the README file.
  Eliminated use of "$<" in makefile explicit rules, when copying
    $PNGLIBCONF_H_PREBUILT.  This does not work on some versions of make;
    bug introduced in libpng version 1.6.11.

Version 1.6.13rc01 [August 14, 2014]
  Made "ccopts" agree with "CFLAGS" in scripts/makefile.hp* and makefile.*sunu

Version 1.6.13 [August 21, 2014]
  No changes.
2014-08-21 12:02:59 +00:00
wiz
e92602209f Update to 1.6.12:
Version 1.6.12rc01 [June 6, 2014]
  Relocated new code from 1.6.11beta06 in png.c to a point after the
    declarations (Max Stepin).

Version 1.6.12rc02 [June 7, 2014]
  Changed file permissions of contrib/tools/intgamma.sh,
    test-driver, and compile from 0644 to 0755 (Cosmin).

Version 1.6.12rc03 [June 8, 2014]
  Ensure "__has_attribute()" macro exists before trying to use it with
    old clang compilers (MacPorts Ticket #43939).

Version 1.6.12 [June 12, 2014]
  No changes.
2014-06-12 08:59:19 +00:00
wiz
2cc4eba4ca Update to 1.6.11:
Version 1.6.11beta01 [March 17, 2014]
  Use "if (value != 0)" instead of "if (value)" consistently.
  Changed ZlibSrcDir from 1.2.5 to 1.2.8 in projects/vstudio.
  Moved configuration information from the manual to the INSTALL file.

Version 1.6.11beta02 [April 6, 2014]
  Removed #if/#else/#endif from inside two pow() calls in pngvalid.c because
    they were handled improperly by Portland Group's PGI-14.1 - PGI-14.3
    when using its "__builtin_pow()" function.
  Silence 'unused parameter' build warnings (Cosmin Truta).
  $(CP) is now used alongside $(RM_F).  Also, use 'copy' instead of 'cp'
    where applicable, and applied other minor makefile changes (Cosmin).
  Don't warn about invalid dimensions exceeding user limits (Cosmin).
  Allow an easy replacement of the default pre-built configuration
    header with a custom header, via the make PNGLIBCONF_H_PREBUILT
    macro (Cosmin).

Version 1.6.11beta03 [April 6, 2014]
  Fixed a typo in pngrutil.c, introduced in libpng-1.5.6, that interferes
    with "blocky" expansion of sub-8-bit interlaced PNG files (Eric Huss).
  Optionally use  __builtin_bswap16() in png_do_swap().

Version 1.6.11beta04 [April 19, 2014]
  Made progressive reading of interlaced images consistent with the
    behavior of the sequential reader and consistent with the manual, by
    moving some code out of the PNG_READ_INTERLACING_SUPPORTED blocks. The
    row_callback now receives the proper pass number and unexpanded rows, when
    png_combine_row() isn't built or used, and png_set_interlace_handling()
    is not called.
  Allow PNG_sRGB_PROFILE_CHECKING = (-1) to mean no sRGB profile checking.

Version 1.6.11beta05 [April 26, 2014]
  Do not reject ICC V2 profiles that lack padding (Kai-Uwe Behrmann).
  Relocated closing bracket of the sRGB profile test loop to avoid getting
    "Not recognizing known sRGB profile that has been edited" warning for
    ICC V2 profiles that lack the MD5 signature in the profile header.

Version 1.6.11beta06 [May 19, 2014]
  Added PNG_SKIP_sRGB_CHECK_PROFILE choice for png_set_option().

Version 1.6.11rc01 [May 27, 2014]
  No changes.

Version 1.6.11rc02 [June 3, 2014]
  Test ZLIB_VERNUM instead of PNG_ZLIB_VERNUM in contrib/tools/pngfix.c

Version 1.6.11 [June 5, 2014]
  No changes.
2014-06-05 16:33:54 +00:00
wiz
8a42dfadcc Update to 1.6.10:
Version 1.6.10rc02 [February 28, 2014]
  Removed unreachable return statement after png_chunk_error()
    in pngrutil.c

Version 1.6.10rc03 [March 4, 2014]
  Un-deprecated png_data_freer().

Version 1.6.10 [March 6, 2014]
2014-03-12 09:17:52 +00:00
wiz
c0a78ac6e2 Update to 1.6.10rc01:
This fixes CERT VU#684412 and CVE-2014-0333.

Version 1.6.10beta01 [February 9, 2014]
  Backported changes from libpng-1.7.0beta30 and beta31:
  Fixed a large number of instances where PNGCBAPI was omitted from
    function definitions.
  Added pngimage test program for png_read_png() and png_write_png()
    with two new test scripts.
  Removed dependence on !PNG_READ_EXPAND_SUPPORTED for calling
    png_set_packing() in png_read_png().
  Fixed combination of ~alpha with shift. On read invert alpha, processing
    occurred after shift processing, which causes the final values to be
    outside the range that should be produced by the shift. Reversing the
    order on read makes the two transforms work together correctly and mirrors
    the order used on write.
  Do not read invalid sBIT chunks. Previously libpng only checked sBIT
    values on write, so a malicious PNG writer could therefore cause
    the read code to return an invalid sBIT chunk, which might lead to
    application errors or crashes.  Such chunks are now skipped (with
    chunk_benign_error).
  Make png_read_png() and png_write_png() prototypes in png.h depend
    upon PNG_READ_SUPPORTED and PNG_WRITE_SUPPORTED.
  Support builds with unsupported PNG_TRANSFORM_* values.  All of the
    PNG_TRANSFORM_* values are always defined in png.h and, because they
    are used for both read and write in some cases, it is not reliable
    to #if out ones that are totally unsupported. This change adds error
    detection in png_read_image() and png_write_image() to do a
    png_app_error() if the app requests something that cannot be done
    and it adds corresponding code to pngimage.c to handle such options
    by not attempting to test them.

Version 1.6.10beta02 [February 23, 2014]
  Moved redefines of png_error(), png_warning(), png_chunk_error(),
    and png_chunk_warning() from pngpriv.h to png.h to make them visible
    to libpng-calling applications.
  Moved OS dependent code from arm/arm_init.c, to allow the included
    implementation of the ARM NEON discovery function to be set at
    build-time and provide sample implementations from the current code in the
    contrib/arm-neon subdirectory. The __linux__ code has also been changed to
    compile and link on Android by using /proc/cpuinfo, and the old linux code
    is in contrib/arm-neon/linux-auxv.c.  The new code avoids POSIX and Linux
    dependencies apart from opening /proc/cpuinfo and is C90 compliant.
  Check for info_ptr == NULL early in png_read_end() so we don't need to
    run all the png_handle_*() and depend on them to return if info_ptr == NULL.
    This improves the performance of png_read_end(png_ptr, NULL) and makes
    it more robust against future programming errors.
  Check for __has_extension before using it in pngconf.h, to
    support older Clang versions (Jeremy Sequoia).
  Treat CRC error handling with png_set_crc_action(), instead of with
    png_set_benign_errors(), which has been the case since libpng-1.6.0beta18.
  Use a user warning handler in contrib/gregbook/readpng2.c instead of default,
    so warnings will be put on stderr even if libpng has CONSOLE_IO disabled.
  Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk
    after recognizing the IDAT chunk, which avoids an infinite loop while
    reading a datastream whose first IDAT chunk is of zero-length.
    This fixes CERT VU#684412 and CVE-2014-0333.
  Don't recognize known sRGB profiles as sRGB if they have been hacked,
    but don't reject them and don't issue a copyright violation warning.

Version 1.6.10beta03 [February 25, 2014]
  Moved some documentation from png.h to libpng.3 and libpng-manual.txt
  Minor editing of contrib/arm-neon/README and contrib/examples/*.c

Version 1.6.10rc01 [February 27, 2014]
  Fixed typos in the manual and in scripts/pnglibconf.dfa (CFLAGS -> CPPFLAGS
    and PNG_USR_CONFIG -> PNG_USER_CONFIG).
2014-02-27 15:07:09 +00:00
wiz
24d26b9f86 Update to 1.6.9, getting rid of the final two patches after discussion
with very helpful upstream.

Changes:

Version 1.6.9beta01 [December 26, 2013]
  Bookkeeping: Moved functions around (no changes). Moved transform
    function definitions before the place where they are called so that
    they can be masde static. Move the intrapixel functions and the
    grayscale palette builder out of the png?tran.c files. The latter
    isn't a transform function and is no longer used internally, and the
    former MNG specific functions are better placed in pngread/pngwrite.c
  Made transform implementation functions static. This makes the internal
    functions called by png_do_{read|write}_transformations static. On an
    x86-64 DLL build (Gentoo Linux) this reduces the size of the text
    segment of the DLL by 1208 bytes, about 0.6%. It also simplifies
    maintenance by removing the declarations from pngpriv.h and allowing
    easier changes to the internal interfaces.
  Rebuilt configure scripts with automake-1.14.1 and autoconf-2.69
    in the tar distributions.

Version 1.6.9beta02 [January 1, 2014]
  Added checks for libpng 1.5 to pngvalid.c.  This supports the use of
    this version of pngvalid in libpng 1.5
  Merged with pngvalid.c from libpng-1.7 changes to create a single
    pngvalid.c
  Removed #error macro from contrib/tools/pngfix.c (Thomas Klausner).
  Merged pngrio.c, pngtrans.c, pngwio.c, and pngerror.c with libpng-1.7.0
  Merged libpng-1.7.0 changes to make no-interlace configurations work
    with test programs.
  Revised pngvalid.c to support libpng 1.5, which does not support the
    PNG_MAXIMUM_INFLATE_WINDOW option, so #define it out when appropriate in
    pngvalid.c
  Allow unversioned links created on install to be disabled in configure.
    In configure builds 'make install' changes/adds links like png.h
    and libpng.a to point to the newly installed, versioned, files (e.g.
    libpng17/png.h and libpng17.a). Three new configure options and some
    rearrangement of Makefile.am allow creation of these links to be disabled.

Version 1.6.9beta03 [January 10, 2014]
  Removed potentially misleading warning from png_check_IHDR().

Version 1.6.9beta04 [January 20, 2014]
  Updated scripts/makefile.* to use CPPFLAGS (Cosmin).
  Added clang attribute support (Cosmin).

Version 1.6.9rc01 [January 28, 2014]
  No changes.

Version 1.6.9rc02 [January 30, 2014]
  Quiet an uninitialized memory warning from VC2013 in png_get_png().

Version 1.6.9 [February 6, 2014]
2014-02-06 18:24:11 +00:00
wiz
a64f837fc0 Update to 1.6.8:
Version 1.6.8beta01 [November 24, 2013]
  Moved prototype for png_handle_unknown() in pngpriv.h outside of
    the #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED/#endif block.
  Added "-Wall" to CFLAGS in contrib/pngminim/*/makefile
  Conditionally compile some unused functions reported by -Wall in
    pngminim.
  Fixed 'minimal' builds. Various obviously useful minimal configurations
    don't build because of missing contrib/libtests test programs and
    overly complex dependencies in scripts/pnglibconf.dfa. This change
    adds contrib/conftest/*.dfa files that can be used in automatic build
    scripts to ensure that these configurations continue to build.
  Enabled WRITE_INVERT and WRITE_PACK in contrib/pngminim/encoder.
  Fixed pngvalid 'fail' function declaration on the Intel C Compiler.
    This reverts to the previous 'static' implementation and works round
    the 'unused static function' warning by using PNG_UNUSED().

Version 1.6.8beta02 [November 30, 2013]
  Removed or marked PNG_UNUSED some harmless "dead assignments" reported
    by clang scan-build.
  Changed tabs to 3 spaces in png_debug macros and changed '"%s"m'
    to '"%s" m' to improve portability among compilers.
  Changed png_free_default() to free() in pngtest.c

Version 1.6.8rc01 [December 12, 2013]
  Tidied up pngfix inits and fixed pngtest no-write builds.

Version 1.6.8rc02 [December 14, 2013]
  Handle zero-length PLTE chunk or NULL palette with png_error()
    instead of png_chunk_report(), which by default issues a warning
    rather than an error, leading to later reading from a NULL pointer
    (png_ptr->palette) in png_do_expand_palette(). This is CVE-2013-6954
    and VU#650142.

Version 1.6.8 [December 19, 2013]
2013-12-31 17:27:48 +00:00
tron
0cf9e8de00 Fix download URL on "ftp.fu-berlin.de". 2013-11-15 07:42:08 +00:00
wiz
0b4e792c1d Update to 1.6.7:
Version 1.6.7beta01 [September 30, 2013]
  Revised unknown chunk code to correct several bugs in the NO_SAVE_/NO_WRITE
    combination
  Allow HANDLE_AS_UNKNOWN to work when other options are configured off. Also
    fixed the pngminim makefiles to work when $(MAKEFLAGS) contains stuff
    which terminates the make options (as by default in recent versions of
    Gentoo).
  Avoid up-cast warnings in pngvalid.c. On ARM the alignment requirements of
    png_modifier are greater than that of png_store and as a consequence
    compilation of pngvalid.c results in a warning about increased alignment
    requirements because of the bare cast to (png_modifier*). The code is safe,
    because the pointer is known to point to a stack allocated png_modifier,
    but this change avoids the warning.
  Fixed default behavior of ARM_NEON_API. If the ARM NEON API option was
    compiled without the CHECK option it defaulted to on, not off.
  Check user callback behavior in pngunknown.c. Previous versions compiled
    if SAVE_UNKNOWN was not available but did nothing since the callback
    was never implemented.
  Merged pngunknown.c with 1.7 version and back ported 1.7 improvements/fixes

Version 1.6.7beta02 [October 12, 2013]
  Made changes for compatibility with automake 1.14:
    1) Added the 'compile' program to the list of programs that must be cleaned
       in autogen.sh
    2) Added 'subdir-objects' which causes .c files in sub-directories to be
       compiled such that the corresponding .o files are also in the
       sub-directory.  This is because automake 1.14 warns that the
       current behavior of compiling to the top level directory may be removed
       in the future.
    3) Updated dependencies on pnglibconf.h to match the new .o locations and
       added all the files in contrib/libtests and contrib/tools that depend
       on pnglibconf.h
    4) Added 'BUILD_SOURCES = pnglibconf.h'; this is the automake recommended
       way of handling the dependencies of sources that are machine generated;
       unfortunately it only works if the user does 'make all' or 'make check',
       so the dependencies (3) are still required.
  Cleaned up (char*) casts of zlib messages. The latest version of the Intel C
    compiler complains about casting a string literal as (char*), so copied the
    treatment of z_const from the library code into pngfix.c
  Simplified error message code in pngunknown. The simplification has the
    useful side effect of avoiding a bogus warning generated by the latest
    version of the Intel C compiler (it objects to
    condition ? string-literal : string-literal).
  Make autogen.sh work with automake 1.13 as well as 1.14. Do this by always
    removing the 1.14 'compile' script but never checking for it.

Version 1.6.7beta03 [October 19, 2013]
  Added ARMv8 support (James Yu <james.yu at linaro.org>).  Added file
    arm/filter_neon_intrinsics.c; enable with -mfpu=neon.
  Revised pngvalid to generate size images with as many filters as it can
    manage, limited by the number of rows.
  Cleaned up ARM NEON compilation handling. The tests are now in pngpriv.h
    and detect the broken GCC compilers.

Version 1.6.7beta04 [October 26, 2013]
  Allow clang derived from older GCC versions to use ARM intrinsics. This
    causes all clang builds that use -mfpu=neon to use the intrinsics code,
    not the assembler code.  This has only been tested on iOS 7. It may be
    necessary to exclude some earlier clang versions but this seems unlikely.
  Changed NEON implementation selection mechanism. This allows assembler
    or intrinsics to be turned on at compile time during the build by defining
    PNG_ARM_NEON_IMPLEMENTATION to the correct value (2 or 1).  This macro
    is undefined by default and the build type is selected in pngpriv.h.

Version 1.6.7rc01 [November 2, 2013]
  No changes.

Version 1.6.7rc02 [November 7, 2013]
  Fixed #include in filter_neon_intrinsics.c and ctype macros. The ctype char
    checking macros take an unsigned char argument, not a signed char.

Version 1.6.7 [November 14, 2013]
2013-11-14 23:09:45 +00:00
wiz
bcf94f1f6b Update to 1.6.6:
Version 1.6.6 [September 16, 2013]
  Removed two stray lines of code from arm/arm_init.c, again.
2013-09-30 18:17:03 +00:00
wiz
661ca80926 Update to 1.6.5:
libpng-1.6.5 has been released, to remove two stray lines in arm/arm_init.c
that caused libpng to fail to compile when ARM support is enabled.  This
problem was apparently due to a cut-and-paste error of some sort on my part.
2013-09-14 16:45:48 +00:00
wiz
14676caa15 Update to 1.6.4:
Changes since the last public release (1.6.3):
  Added information about png_set_options() to the manual.
  Delay calling png_init_filter_functions() until a row with nonzero filter
    is found.
  Fixed inconsistent conditional compilation of png_chunk_unknown_handling()
    prototype, definition, and usage.  Made it depend on
    PNG_HANDLE_AS_UNKNOWN_SUPPORTED everywhere.
2013-09-12 13:00:53 +00:00
wiz
6162b3ee5e Update to 1.6.3:
Changes since the last public release (1.6.2):

  Revised stack marking in arm/filter_neon.S and configure.ac.
  Ensure that NEON filter stuff is completely disabled when switched 'off'.
    Previously the ARM NEON specific files were still built if the option
    was switched 'off' as opposed to being explicitly disabled.
  Test for 'arm*' not just 'arm' in the host_cpu configure variable.
  Rebuilt the configure scripts.
  Expanded manual paragraph about writing private chunks, particularly
    the need to call png_set_keep_unknown_chunks() when writing them.
  Avoid dereferencing NULL pointer possibly returned from
     png_create_write_struct() (Andrew Church).
  Calculate our own zlib windowBits when decoding rather than trusting the
    CMF bytes in the PNG datastream.
  Added an option to force maximum window size for inflating, which was
    the behavior of libpng15 and earlier.
  Added png-fix-itxt and png-fix-too-far-back to the built programs and
    removed warnings from the source code and timepng that are revealed as
    a result.
  Detect wrong libpng versions linked to png-fix-too-far-back, which currently
    only works with libpng versions that can be made to reliably fail when
    the deflate data contains an out-of-window reference.  This means only
    1.6 and later.
  Fixed gnu issues: g++ needs a static_cast, gcc 4.4.7 has a broken warning
    message which it is easier to work round than ignore.
  Updated contrib/pngminus/pnm2png.c (Paul Stewart):
    Check for EOF
    Ignore "#" delimited comments in input file to pnm2png.c.
    Fixed whitespace handling
    Added a call to png_set_packing()
    Initialize dimension values so if sscanf fails at least we have known
      invalid values.
  Attempt to detect configuration issues with png-fix-too-far-back, which
    requires both the correct libpng and the correct zlib to function
    correctly.
  Check ZLIB_VERNUM for mismatches, enclose #error in quotes
  Added information in the documentation about problems with and fixes for
    the bad CRC and bad iTXt chunk situations.
  Allow contrib/pngminus/pnm2png.c to compile without WRITE_INVERT and
    WRITE_PACK supported (writes error message that it can't read P1 or
  Improved png-fix-too-far-back usage message, added --suffix option.
  Revised contrib/pngminim/*/makefile to generate pnglibconf.h with the
    right zlib header files.
  Separated CPPFLAGS and CFLAGS in contrib/pngminim/*/makefile
  Removed a redundant test in png_set_IHDR().
  Added set(CMAKE_CONFIGURATION_TYPES ...) to CMakeLists.txt (Andrew Hundt)
  Deleted set(CMAKE_BUILD_TYPE) block from CMakeLists.txt
  Enclose the prototypes for the simplified write API in
    #ifdef PNG_STDIO_SUPPORTED/#endif
  Make ARM NEON support work at compile time (not just configure time).
    This moves the test on __ARM_NEON__ into pngconf.h to avoid issues when
    using a compiler that compiles for multiple architectures at one time.
  Removed PNG_FILTER_OPTIMIZATIONS and PNG_ARM_NEON_SUPPORTED from
    pnglibconf.h, allowing more of the decisions to be made internally
    (pngpriv.h) during the compile.  Without this, symbol prefixing is broken
    under certain circumstances on ARM platforms.  Now only the API parts of
    the optimizations ('check' vs 'api') are exposed in the public header files
    except that the new setting PNG_ARM_NEON_OPT documents how libpng makes the
    decision about whether or not to use the optimizations.
  Protect symbol prefixing against CC/CPPFLAGS/CFLAGS useage.
    Previous iOS/Xcode fixes for the ARM NEON optimizations moved the test
    on __ARM_NEON__ from configure time to compile time.  This breaks symbol
    prefixing because the definition of the special png_init_filter_functions
    call was hidden at configure time if the relevant compiler arguments are
    passed in CFLAGS as opposed to CC.  This change attempts to avoid all
    the confusion that would result by declaring the init function even when
    it is not used, so that it will always get prefixed.
  Revised libpng.3 so that "doclifter" can process it.
  Revised example.c to illustrate use of PNG_DEFAULT_sRGB and
PNG_GAMMA_MAC_18
    as parameters for png_set_gamma().  These have been available since
    libpng-1.5.4.
  Renamed contrib/tools/png-fix-too-far-back.c to pngfix.c and revised it
    to check all compressed chunks known to libpng.
  Updated documentation to show default behavior of benign errors correctly.
  Only compile ARM code when PNG_READ_SUPPORTED is defined.
  Fixed undefined behavior in contrib/tools/pngfix.c and added new strip
    option. pngfix relied on undefined behavior and even a simple change from
    gcc to g++ caused it to fail.  The new strip option 'unsafe' has been
    implemented and is the default if --max is given.  Option names have
    been clarified, with --strip=transform now stripping the bKGD chunk,
    which was stripped previously with --strip=unused.
  Added all documented chunk types to pngpriv.h
  Unified pngfix.c source with libpng17.
  Revised manual about changes in iTXt chunk handling made in libpng-1.6.0.
  Added "/* SAFE */" comments in pngrutil.c and pngrtran.c where warnings
    may be erroneously issued by code-checking applications.
2013-07-18 06:26:51 +00:00
tsutsui
b074ccf342 Add workaround for PR/47798 (png gets SEGV on NetBSD/arm 6.1 due to gcc bug).
- specify "-O2 -fno-ipa-sra" for NetBSD/arm and gcc-4.5.* in hacks.mk
 - also bump PKGREVISION for explicit rebuild

"Please commit that" from wiz@.
2013-06-23 05:20:33 +00:00
wiz
9bc5e5ec4f Update to 1.6.2:
Version 1.6.2rc01 [April 18, 2013]
  Added contrib/tools/fixitxt.c, to repair the erroneous iTXt chunk length
    written by libpng-1.6.0 and 1.6.1.
  Disallow storing sRGB information when the sRGB is not supported.

Version 1.6.2rc02 [April 18, 2013]
  Merge pngtest.c with libpng-1.7.0

Version 1.6.2rc03 [April 22, 2013]
  Trivial spelling cleanup.

Version 1.6.2rc04 and 1.6.2rc05 [omitted]

Version 1.6.2rc06 [April 24, 2013]
  Reverted to version 1.6.2rc03.  Recent changes to arm/neon support
    have been ported to libpng-1.7.0beta09 and will reappear in version
    1.6.3beta01.
2013-04-25 22:01:14 +00:00
prlw1
2ec428dffe Update png to 1.6.2beta01
Version 1.6.2beta01 [April 14, 2013]
  Updated documentation of 1.5.x to 1.6.x changes in iCCP chunk handling.
  Fixed incorrect warning of excess deflate data. End condition - the
    warning would be produced if the end of the deflate stream wasn't read
    in the last row.  The warning is harmless.
  Corrected the test on user transform changes on read. It was in the
    png_set of the transform function, but that doesn't matter unless the
    transform function changes the rowbuf size, and that is only valid if
    transform_info is called.
  Corrected a misplaced closing bracket in contrib/libtests/pngvalid.c
    (Flavio Medeiros).
  Corrected length written to uncompressed iTXt chunks (Samuli Suominen).
2013-04-15 22:33:41 +00:00
kim
cc611c7e14 Updated graphics/png to 1.6.1 [kim 2013-04-01]
Version 1.6.1beta06 [March 4, 2013]
  Better documentation of unknown handling API interactions.
  Corrected Android builds and corrected libpng.vers with symbol
    prefixing This adds an API to set optimization options externally,
    providing an alternative and general solution for the non-portable
    run-time tests used by the ARM Neon code.  It also makes those tests
    compile and link on Android.
  The order of settings vs options in pnglibconf.h is reversed to allow
    settings to depend on options and options can now set (or override) the
    defaults for settings.

Version 1.6.1beta07 [March 7, 2013]
  Corrected simplified API default gamma for color-mapped output, added
    a flag to change default. In 1.6.0 when the simplified API was used
    to produce color-mapped output from an input image with no gamma
    information the gamma assumed for the input could be different from
    that assumed for non-color-mapped output.  In particular 16-bit depth
    input files were assumed to be sRGB encoded, whereas in the 'direct'
    case they were assumed to have linear data.  This was an error.  The
    fix makes the simplified API treat all input files the same way and
    adds a new flag to the png_image::flags member to allow the
    application/user to specify that 16-bit files contain sRGB data
    rather than the default linear.
  Fixed bugs in the pngpixel and makepng test programs.

Version 1.6.1beta08 [March 7, 2013]
  Fixed CMakelists.txt to allow building a single variant of the library
    (Claudio Bley):
  Introduced a PNG_LIB_TARGETS variable that lists all activated library
    targets.  It is an error if this variable ends up empty, ie. you have
    to build at least one library variant.
  Made the *_COPY targets only depend on library targets actually being build.
  Use PNG_LIB_TARGETS to unify a code path.
  Changed the CREATE_SYMLINK macro to expect the full path to a file as the
    first argument. When symlinking the filename component of that path is
    determined and used as the link target.
  Use copy_if_different in the CREATE_SYMLINK macro.

Version 1.6.1beta09 [March 13, 2013]
  Eliminated two warnings from the Intel C compiler. The warnings are
    technically valid, although a reasonable treatment of division would
    show it to be incorrect.

Version 1.6.1rc01 [March 21, 2013]
  No changes.

Version 1.6.1 [March 28, 2013]
  No changes.
2013-04-01 18:26:12 +00:00
wiz
a72187dd20 Update to 1.6.1beta05 for a bugfix needed by wm/awesome (via
ImageMagick).

Version 1.6.1beta01 [February 16, 2013]
  Made symbol prefixing work with the ARM neon optimizations. Also allow
    pngpriv.h to be included for preprocessor definitions only, so it can
    be used in non-C/C++ files. Back ported from libpng 1.7.
  Made sRGB check numbers consistent.
  Ported libpng 1.5 options.awk/dfn file handling to 1.6, fixed one bug.
  Removed cc -E workround, corrected png_get_palette_max API Tested on
    SUN OS cc 5.9, which demonstrates the tokenization problem previously
    avoided by using /lib/cpp.  Since all .dfn output is now protected in
    double quotes unless it is to be macro substituted the fix should
    work everywhere.
  Enabled parallel tests - back ported from libpng-1.7.
  scripts/pnglibconf.dfa formatting improvements back ported from libpng17.
  Fixed a race condition in the creation of the build 'scripts' directory
    while building with a parallel make.
  Use approved/supported Android method to check for NEON, use Linux/POSIX
    1003.1 API to check /proc/self/auxv avoiding buffer allocation and other
    library calls (ported from libpng15).

Version 1.6.1beta02 [February 19, 2013]
  Use parentheses more consistently in "#if defined(MACRO)" tests.
  Folded long lines.
  Reenabled code to allow zero length PLTE chunks for MNG.

Version 1.6.1beta03 [February 22, 2013]
  Fixed ALIGNED_MEMORY support.
  Allow run-time ARM NEON checking to be disabled. A new configure option:
    --enable-arm-neon=always will stop the run-time checks. New checks
    within arm/arm_init.c will cause the code not to be compiled unless
    __ARM_NEON__ is set. This should make it fail safe (if someone asks
    for it on then the build will fail if it can't be done.)
  Updated the INSTALL document.

Version 1.6.1beta04 [February 27, 2013]
  Revised INSTALL to recommend using CPPFLAGS instead of INCLUDES.
  Revised scripts/makefile.freebsd to respect ZLIBLIB and ZLIBINC.
  Revised scripts/dfn.awk to work with the buggy MSYS awk that has trouble
    with CRLF line endings.

Version 1.6.1beta05 [March 2, 2013]
  Avoid a possible memory leak in contrib/gregbook/readpng.c
  Fixed bug introduced in libpng-1.6.0beta28 that causes libpng to handle chunks
    even when they have been tagged PNG_HANDLE_CHUNK_NEVER.
2013-03-02 10:55:25 +00:00
wiz
8f0bb77899 Update to 1.6.0:
This release adds a "simplified API" and removes some features
that have been deprecated since libpng.1.5.x.

Changes to Libpng from version 1.5.x to 1.6.x:

A "simplified API" has been added (see documentation in png.h and a simple
example in contrib/examples/pngtopng.c).  The new publicly visible API
includes the following:

   macros:
     PNG_FORMAT_*
     PNG_IMAGE_*
   structures:
     png_control
     png_image
   read functions
     png_image_begin_read_from_file()
     png_image_begin_read_from_stdio()
     png_image_begin_read_from_memory()
     png_image_finish_read()
     png_image_free()
   write functions
     png_image_write_to_file()
     png_image_write_to_stdio()

Starting with libpng-1.6.0, you can configure libpng to prefix all exported
symbols, using the PNG_PREFIX macro.

We no longer include string.h in png.h.  The include statement has been moved
to pngpriv.h, where it is not accessible by applications.  Applications that
need access to information in string.h must add an '#include "string.h"'
directive.  It does not matter whether this is placed prior to or after
the '"#include png.h"' directive.

The following API are now DEPRECATED:
   png_info_init_3()
   png_convert_to_rfc1123() which has been replaced
     with png_convert_to_rfc1123_buffer()
   png_data_freer()
   png_malloc_default()
   png_free_default()
   png_reset_zstream()

The following has been removed:
   png_get_io_chunk_name(), which has been replaced
     with png_get_io_chunk_type().  The new
     function returns a 32-bit integer instead of
     a string.
   The png_sizeof(), png_strlen(), png_memcpy(), png_memcmp(), and
     png_memset() macros are no longer used in the libpng sources and
     have been removed.  These had already been made invisible to
applications
     (i.e., defined in the private pngpriv.h header file) since
libpng-1.5.0.

The signatures of many exported functions were changed, such that
   png_structp became png_structrp or png_const_structrp
   png_infop became png_inforp or png_const_inforp
where "rp" indicates a "restricted pointer".

Error detection in some chunks has improved; in particular the iCCP chunk
reader now does pretty complete validation of the basic format.  Some bad
profiles that were previously accepted are now rejected, in particular the
very old broken Microsoft/HP sRGB profile.

The library now issues a warning if both background processing and RGB to
gray are used when gamma correction happens. As with previous versions of
the library the results are numerically very incorrect in this case.

There are some minor arithmetic changes in some transforms such as
png_set_background(), that might be detected by certain regression tests.

Unknown chunk handling has been improved internally, without any API change.
This adds more correct option control of the unknown handling, corrects
a pre-existing bug where the per-chunk 'keep' setting is ignored, and makes
it possible to skip IDAT chunks in the sequential reader.
2013-02-16 11:16:06 +00:00
wiz
559d7db9b4 Update to 1.5.14:
Changes since the last public release (1.5.13):
  Added -DZ_SOLO to contrib/pngminim/*/makefile to work with zlib-1.2.7
  Warn about the incorrect runtime library setting for VS2010 debug DLL builds.
  Fixed build when using #define PNG_NO_READ_GAMMA in png_do_compose() in
    pngrtran.c (Domani Hannes).
  Check for png_ptr==NULL earlier in png_zalloc().
  Ignore, with a warning, out-of-range value of num_trans in png_set_tRNS().
  Rearranged building of ARM NEON optimizations. The ARM specific code is
    split out entirely to the arm subdirectory and changes to configure.acand
    Makefile.am to add new stuff are reduced.  Now material code changes,
    although for build test purposes, --enable-arm-neon now builds on non-ARM
    systems.
  Rebuilt Makefile.in, configure, etc., with autoconf-2.69 and automake-1.12.5.
  Fixed cases of unquoted DESTDIR in Makefile.am
  Fixed a minor bug in types to malloc and major bug in handling compressed
    iTXt. Compressed iTXt could not be handled.
  Cleaned up whitespace in the synopsis portion of the manpage "libpng.3"
  Disassembled the version number in scripts/options.awk (necessary for
    building on SunOs).
  Fixed Windows build issues, enabled ARM compilation. Various warnings issued
    by earlier versions of GCC fixed for Cygwin and Min/GW (which both use old
    GCCs.) ARM support is enabled by default in zlib.props (unsupported by
    Microsoft) and ARM compilation is made possible by deleting the check for
    x86. The test programs cannot be run because they are not signed.
  Fixed 'make distcheck' on SUN OS - libpng.so was not being removed
  Replaced AM_CONFIG_HEADER(config.h) with AC_CONFIG_HEADERS([config.h])
    in configure.ac
  De-configured build fixes to make a range of deconfiguration options (such
    as switching off read or write support) work in more cases.  Also upgraded
    pngtest and pngvalid to the libpng 1.6 versions (with some modifications)
    which provide more extensive testing.  Replaced pngtest.png because pngtest
    writes the ancillary chunks in a different order.
  Check validity of "num_unknowns" parameter of png_set_unknown_chunks()
    (Bug report from yuris).
  Check the validity of the "nentries" parameter of png_set_sPLT() and the
  "num_text" parameter of png_set_text_2().
2013-01-24 08:15:50 +00:00
asau
08f35c7155 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-06 14:10:39 +00:00
wiz
88edc8d491 Update to 1.5.13:
Version 1.5.13beta01 [August 8, 2012]
  Do not compile PNG_DEPRECATED, PNG_ALLOC and PNG_PRIVATE when __GNUC__ < 3.
  Removed references to png_zalloc() and png_zfree() from the manual.
  Revised PNG_FP_EXPORT and PNG_FIXED_EXPORT macros to avoid generating
    lone semicolons (patch ported from libpng-1.6.0beta11).

Version 1.5.13beta02 [September 10, 2012]
  Corrected handling of the image array and the row_pointers array in example.c
  When png_set_filler is used to strip a filler channel during write, the
    code prior to 1.5 would ignore the case where the output required an
    alpha channel or when the output was a palettized PNG.  In libpng-1.5 the
    ignorance was lost and libpng proceeded to strip the channel resulting
    in a bad (potential memory overwrite) failure later.  This reverts
    the behavior to the pre-1.5 state but issues a warning. libpng-1.6 is
    expected to issue an error on the erroneous png_set_filler call.
  Use png_memset() consistently (pngmem.c contained some bare "memset" calls).

Version 1.5.13rc01 [September 17, 2012]
  No changes.

Version 1.5.13 [September 27, 2012]
  No changes.
2012-10-02 16:58:46 +00:00
wiz
fd1c22c3b7 Update to 1.5.12:
Removed scripts/makefile.cegcc from the *.zip and *.7z distributions; it
    depends on configure, which is not included in those archives.
  Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386.

I don't see CVS-2012-3386 as a vulnerability that applies to pkgsrc,
since to trigger it, you have to run 'make distcheck', and pkgsrc
never does that.
2012-07-11 09:00:41 +00:00
wiz
5610e35d8a Update to 1.5.11:
Version 1.5.11beta01 [April 28, 2012]
  Revised scripts/makefile.darwin: use system zlib; remove quotes around
    architecture list; add missing ppc architecture; add architecture options
    to shared library link; don't try to create a shared lib based on missing
    RELEASE variable.
  Enable png_set_check_for_invalid_index() for both read and write.
  Removed #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED/#endif in pngpriv.h around
    declaration of png_handle_unknown().
  Added -lssp_nonshared in a comment in scripts/makefile.freebsd
    and changed deprecated NOOBJ and NOPROFILE to NO_OBJ and NO_PROFILE.

Version 1.5.11rc01 [May 23, 2012]
  No changes.

Version 1.5.11rc02 [May 29, 2012]
  Fixed some typos in comments.
  Revised CMakeLists.txt to not attempt to make a symlink under mingw.
  Added two images to contrib/pngsuite (1-bit and 2-bit transparent grayscale),
    and renamed three whose names were inconsistent with those in
    pngsuite/README.txt.

Version 1.5.11rc03 [June 4, 2012]
  Do not depend upon a GCC feature macro being available for use in generating
    the linker mapfile symbol prefix.
  Made fixes for new optimization warnings from gcc 4.7.0. The compiler
    performed an optimization which is safe but then warned about it.
    Changing the type of 'palette_number' in pngvalid.c removes the warning.

Version 1.5.11rc04 [June 6, 2012]
  Improved performance of new do_check_palette_indexes() function.

Version 1.5.11rc05 [June 7, 2012]
  Don't check palette indexes if num_palette is 0 (as it can be in MNG files).

Version 1.5.11 [June 14, 2012]
  Include zlib.h in contrib/gregbook and contrib/visupng examples.
2012-06-14 15:40:35 +00:00