mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[master] Imported from libpng-1.6.21.tar

Browse Source
This commit is contained in:
Glenn Randers-Pehrson
2016-01-15 09:52:13 -06:00
parent 047737496a
commit 5756fcab2f
53 changed files with 501 additions and 332 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
CHANGES
View File

@@ -5421,7 +5421,7 @@ Version 1.6.20beta01 [November 20, 2015]
Version 1.6.20beta02 [November 23, 2015]
Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
vulnerability.
vulnerability. Fixes CVE-2015-8472.
Version 1.6.20beta03 [November 24, 2015]
Backported tests from libpng-1.7.0beta69.
@@ -5446,6 +5446,44 @@ Version 1.6.20rc02 [November 29, 2015]
Version 1.6.20 [December 3, 2015]
No changes.
Version 1.6.21beta01 [December 11, 2015]
Fixed syntax "$(command)" in tests/pngstest that some shells other than
bash could not parse (Bug report by Nelson Beebe). Use `command` instead.
Version 1.6.21beta02 [December 14, 2015]
Moved png_check_keyword() from pngwutil.c to pngset.c
Removed LE/BE dependencies in pngvalid, to 'fix' the current problem
in the BigEndian tests by not testing it, making the BE code the same
as the LE version.
Fixes to pngvalid for various reduced build configurations (eliminate unused
statics) and a fix for the case in rgb_to_gray when the digitize option
reduces graylo to 0, producing a large error.
Version 1.6.21beta03 [December 18, 2015]
Widened the 'limit' check on the internally calculated error limits in
the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error
checks) and changed the check to only operate in non-release builds
(base build type not RC or RELEASE.)
Fixed undefined behavior in pngvalid.c, undefined because
(png_byte) << shift is undefined if it changes the signed bit
(because png_byte is promoted to int). The libpng exported functions
png_get_uint_32 and png_get_uint_16 handle this. (Bug reported by
David Drysdale as a result of reports from UBSAN in clang 3.8).
This changes pngvalid to use BE random numbers; this used to produce
errors but these should not be fixed as a result of the previous changes.
Version 1.6.21rc01 [January 4, 2016]
In projects/vstudio, combined readme.txt and WARNING into README.txt
Version 1.6.21rc02 [January 7, 2016]
Relocated assert() in contrib/tools/pngfix.c, bug found by American
Fuzzy Lop, reported by Brian Carpenter.
Marked 'limit' UNUSED in transform_range_check(). This only affects
release builds.
Version 1.6.21 [January 15, 2016]
Worked around a false-positive Coverity issue in pngvalid.c.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement