[libpng16] Added PNG_SECURE feature to pnglibconf.dfa and new pngusr.dfa file

to reset the user limits to safe ones if PNG_SECURE is defined.

CHANGES

@@ -3966,15 +3966,18 @@ Version 1.6.0beta12 [February 18, 2012]
   Do not increase num_palette on invalid_index.
   Relocated check for invalid palette index to pngrtran.c, after unpacking
     the sub-8-bit pixels.
-  Fixed CVE-2011-3026 buffer overrun bug.  Deal more correctly with the test
-    on iCCP chunk length. Also removed spurious casts that may hide problems
-    on 16-bit systems.
+  Fixed CVE-2011-3026 buffer overrun bug.  This bug was introduced when
+    iCCP chunk support was added at libpng-1.0.6. Deal more correctly with the
+    test on iCCP chunk length. Also removed spurious casts that may hide
+    problems on 16-bit systems.
 
-Version 1.6.0beta13 [February 21, 2012]
+Version 1.6.0beta13 [February 24, 2012]
   Eliminated redundant png_push_read_tEXt|zTXt|iTXt|unknown code from
     pngpread.c and use the sequential png_handle_tEXt, etc., in pngrutil.c;
     now that png_ptr->buffer is inaccessible to applications, the special
     handling is no longer useful.
+  Added PNG_SECURE feature to pnglibconf.dfa and new pngusr.dfa file
+    to reset the user limits to safe ones if PNG_SECURE is defined.
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit