mirror of
https://git.code.sf.net/p/libpng/code.git
synced 2025-07-10 18:04:09 +02:00
[master] Imported from libpng-1.6.33.tar
This commit is contained in:
Glenn Randers-Pehrson
106
ANNOUNCE
106
ANNOUNCE
@@ -1,4 +1,4 @@
|
||||
Libpng 1.6.32 - August 24, 2017
|
||||
Libpng 1.6.33 - September 28, 2017
|
||||
|
||||
This is a public release of libpng, intended for use in production codes.
|
||||
|
||||
@@ -7,79 +7,53 @@ Files available for download:
|
||||
Source files with LF line endings (for Unix/Linux) and with a
|
||||
"configure" script
|
||||
|
||||
libpng-1.6.32.tar.xz (LZMA-compressed, recommended)
|
||||
libpng-1.6.32.tar.gz
|
||||
libpng-1.6.33.tar.xz (LZMA-compressed, recommended)
|
||||
libpng-1.6.33.tar.gz
|
||||
|
||||
Source files with CRLF line endings (for Windows), without the
|
||||
"configure" script
|
||||
|
||||
lpng1632.7z (LZMA-compressed, recommended)
|
||||
lpng1632.zip
|
||||
lpng1633.7z (LZMA-compressed, recommended)
|
||||
lpng1633.zip
|
||||
|
||||
Other information:
|
||||
|
||||
libpng-1.6.32-README.txt
|
||||
libpng-1.6.32-LICENSE.txt
|
||||
libpng-1.6.32-*.asc (armored detached GPG signatures)
|
||||
libpng-1.6.33-README.txt
|
||||
libpng-1.6.33-LICENSE.txt
|
||||
libpng-1.6.33-*.asc (armored detached GPG signatures)
|
||||
|
||||
Changes since the last public release (1.6.31):
|
||||
Avoid possible NULL dereference in png_handle_eXIf when benign_errors
|
||||
are allowed. Avoid leaking the input buffer "eXIf_buf".
|
||||
Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif
|
||||
to arguments for png_get_eXIf() and png_set_eXIf().
|
||||
Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in
|
||||
pngwrite.c, and made various other fixes to png_write_eXIf().
|
||||
Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and
|
||||
png_set_eXIf_1(), respectively, to avoid breaking API compatibility
|
||||
with libpng-1.6.31.
|
||||
Updated contrib/libtests/pngunknown.c with eXIf chunk.
|
||||
Initialized btoa[] in pngstest.c
|
||||
Stop memory leak when returning from png_handle_eXIf() with an error
|
||||
(Bug report from the OSS-fuzz project).
|
||||
Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
|
||||
Update libpng.3 and libpng-manual.txt about eXIf functions.
|
||||
Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability.
|
||||
Removed png_get_eXIf_1() and png_set_eXIf_1().
|
||||
Check length of all chunks except IDAT against user limit to fix an
|
||||
OSS-fuzz issue.
|
||||
Check length of IDAT against maximum possible IDAT size, accounting
|
||||
for height, rowbytes, interlacing and zlib/deflate overhead.
|
||||
Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf)
|
||||
does not work (the eXIf chunk data can contain zeroes).
|
||||
Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation,
|
||||
no longer using deprecated cmake LOCATION feature (Clifford Yapp).
|
||||
Fixed five-byte error in the calculation of IDAT maximum possible size.
|
||||
Moved chunk-length check into a png_check_chunk_length() private
|
||||
function (Suggested by Max Stepin).
|
||||
Moved bad pngs from tests to contrib/libtests/crashers
|
||||
Moved testing of bad pngs into a separate tests/pngtest-badpngs script
|
||||
Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL
|
||||
in the output but PASS for the libpng test.
|
||||
Require cmake-3.0.2 in CMakeLists.txt (Clifford Yapp).
|
||||
Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the
|
||||
num_exif argument to png_get_eXIf_1() (Github Issue 171).
|
||||
Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
|
||||
Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers.
|
||||
Make pngtest --strict, --relax, --xfail options imply -m (multiple).
|
||||
Removed unused chunk_name parameter from png_check_chunk_length().
|
||||
Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak.
|
||||
Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue.
|
||||
Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR.
|
||||
Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.
|
||||
Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account
|
||||
for the minimum 'deflate' stream, and relocate the test to a point
|
||||
after the keyword has been read.
|
||||
Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM".
|
||||
Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers,
|
||||
one for each known chunk type, with length = 2GB-1.
|
||||
Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts
|
||||
in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706,
|
||||
and 162707).
|
||||
Renamed chunks in contrib/testpngs/crashers to avoid having files whose
|
||||
names differ only in case; this causes problems with some platforms
|
||||
(github issue #172).
|
||||
Added contrib/oss-fuzz directory which contains files used by the oss-fuzz
|
||||
project (https://github.com/google/oss-fuzz/tree/master/projects/libpng).
|
||||
Changes since the last public release (1.6.32):
|
||||
Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing
|
||||
parenthesis in contrib/pngminus/pnm2png.c (bug report by Christian Hesse).
|
||||
Fixed off-by-one error in png_do_check_palette_indexes() (Bug report
|
||||
by Mick P., Source Forge Issue #269).
|
||||
Initialize png_handler.row_ptr in contrib/oss-fuzz/libpng_read_fuzzer.cc
|
||||
to fix shortlived oss-fuzz issue 3234.
|
||||
Compute a larger limit on IDAT because some applications write a deflate
|
||||
buffer for each row (Bug report by Andrew Church).
|
||||
Use current date (DATE) instead of release-date (RDATE) in last
|
||||
changed date of contrib/oss-fuzz files.
|
||||
Enabled ARM support in CMakeLists.txt (Bernd Kuhls).
|
||||
Fixed incorrect typecast of some arguments to png_malloc() and
|
||||
png_calloc() that were png_uint_32 instead of png_alloc_size_t
|
||||
(Bug report by "irwir" in Github libpng issue #175).
|
||||
Use pnglibconf.h.prebuilt when building for ANDROID with cmake (Github
|
||||
issue 162, by rcdailey).
|
||||
Initialize memory allocated by png_inflate to zero, using memset, to
|
||||
stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2()
|
||||
due to truncated iTXt or zTXt chunk.
|
||||
Initialize memory allocated by png_read_buffer to zero, using memset, to
|
||||
stop an oss-fuzz "use of uninitialized value" detection in
|
||||
png_icc_check_tag_table() due to truncated iCCP chunk.
|
||||
Removed a redundant test (suggested by "irwir" in Github issue #180).
|
||||
Added an interlaced version of each file in contrib/pngsuite.
|
||||
Relocate new memset() call in pngrutil.c.
|
||||
Removed more redundant tests (suggested by "irwir" in Github issue #180).
|
||||
Add support for loading images with associated alpha in the Simplified
|
||||
API (Samuel Williams).
|
||||
Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state.
|
||||
Initialize png_handler.row_ptr in contrib/oss-fuzz/libpng_read_fuzzer.cc
|
||||
Add end_info structure and png_read_end() to the libpng fuzzer.
|
||||
|
||||
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
||||
(subscription required; visit
|
||||
|
||||
Reference in New Issue
Block a user