mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[libpng17] Updated CHANGES and ANNOUNCE

Browse Source
This commit is contained in:
Glenn Randers-Pehrson 2015-12-05 13:51:07 -06:00
parent 99436a407e
commit 3407d0f7c4
2 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ANNOUNCE
View File

@ -1,5 +1,5 @@
Libpng 1.7.0beta71 - December 3, 2015
Libpng 1.7.0beta71 - December 5, 2015
This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version.
@ -1060,7 +1060,8 @@ Version 1.7.0beta70 [December 3, 2015]
Removed the side-effect on the png_struct palette of calling png_set_PLTE()
or png_set_tRNS(). This is a quiet API change; it was previously possible
to alter the palette on a PNG image by using png_set_PLTE, but this was
unintended and inconsistent with the other png_set APIs.
unintended and inconsistent with the other png_set APIs. This fixes
CVE-2015-8472.
Fixed a bug in palette index checking; png_struct::num_palette could, in
principle, get changed by the transformations (e.g. png_set_quantize)
and this would invalidate the check. The palette checking init function
@ -1071,7 +1072,12 @@ Version 1.7.0beta70 [December 3, 2015]
In particular an abort as a result of a bogus colorspace information
(gAMA, cHRM, sBIT etc) prevents the write of the PLTE chunk.
Version 1.7.0beta71 [December 3, 2015]
Version 1.7.0beta71 [December 5, 2015]
Implemented new filter selection heuristic.
Attempted to make the selection options more intuitive.
Fixed a build break in no-write-filters cases.
Re-applied some recent patches to libpng17beta70 that were
accidentally lost while publishing the beta70 tar distribution.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit

11
CHANGES
View File

@ -5359,7 +5359,8 @@ Version 1.7.0beta70 [December 3, 2015]
Removed the side-effect on the png_struct palette of calling png_set_PLTE()
or png_set_tRNS(). This is a quiet API change; it was previously possible
to alter the palette on a PNG image by using png_set_PLTE, but this was
unintended and inconsistent with the other png_set APIs.
unintended and inconsistent with the other png_set APIs. This fixes
CVE-2015-8472.
Fixed a bug in palette index checking; png_struct::num_palette could, in
principle, get changed by the transformations (e.g. png_set_quantize)
and this would invalidate the check. The palette checking init function
@ -5370,9 +5371,13 @@ Version 1.7.0beta70 [December 3, 2015]
In particular an abort as a result of a bogus colorspace information
(gAMA, cHRM, sBIT etc) prevents the write of the PLTE chunk.
Version 1.7.0beta71 [December 3, 2015]
Version 1.7.0beta71 [December 5, 2015]
Implemented new filter selection heuristic.
Attempted to make the selection options more intuitive.
Fixed a build break in no-write-filters cases.
Re-applied some recent patches to libpng17beta70 that were
accidentally lost while publishing the beta70 tar distribution.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
to subscribe)