[libpng15] Imported from libpng-1.5.25beta01.tar

avoid potential overflow in calculations.

ANNOUNCE

@@ -1,5 +1,5 @@
 
-Libpng 1.5.24rc02 - November 3, 2015
+Libpng 1.5.25beta01 - November 20, 2015
 
 This is not intended to be a public release.  It will be replaced
 within a few weeks by a public version or by another test version.
@@ -9,64 +9,27 @@ Files available for download:
 Source files with LF line endings (for Unix/Linux) and with a
 "configure" script
 
-   1.5.24rc02.tar.xz (LZMA-compressed, recommended)
-   1.5.24rc02.tar.gz
-   1.5.24rc02.tar.bz2
+   1.5.25beta01.tar.xz (LZMA-compressed, recommended)
+   1.5.25beta01.tar.gz
+   1.5.25beta01.tar.bz2
 
 Source files with CRLF line endings (for Windows), without the
 "configure" script
 
-   lp1524r02.7z  (LZMA-compressed, recommended)
-   lp1524r02.zip
+   lp1525b01.7z  (LZMA-compressed, recommended)
+   lp1525b01.zip
 
 Other information:
 
-   1.5.24rc02-README.txt
-   1.5.24rc02-LICENSE.txt
-   libpng-1.5.24rc02-*.asc (armored detached GPG signatures)
+   1.5.25beta01-README.txt
+   1.5.25beta01-LICENSE.txt
+   libpng-1.5.25beta01-*.asc (armored detached GPG signatures)
 
-Changes since the last public release (1.5.23):
+Changes since the last public release (1.5.24):
 
-Version 1.5.24beta01 [August 19, 2015]
-  Avoid potentially dereferencing NULL info_ptr in png_info_init_3().
-  Eliminated unused PNG_COST_SHIFT, PNG_WEIGHT_SHIFT, PNG_COST_FACTOR, and
-    PNG_WEIGHT_FACTOR macros.
-  Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
-  Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
-  Fixed some bad links in the man page.
-  Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert
-    Seacord).
-  Fixed the recently reported 1's complement security issue by replacing
-    the value that is illegal in the PNG spec, in both signed and unsigned
-    values, with 0. Illegal unsigned values (anything greater than or equal
-    to  0x80000000) can still pass through, but since these are not illegal
-    in ANSI-C (unlike 0x80000000 in the signed case) the checking that
-    occurs later can catch them (John Bowler).
-
-Version 1.5.24beta02 [October 15, 2015]
-  Fixed png_save_int_32 when int is not 2's complement (John Bowler).
-  Fixed byte order in png_do_read_filler() with 16-bit input (previously
-    fixed in libpng-1.6.17 and 1.7.0beta46). Previously the high and
-    low bytes of the filler, from png_set_filler() or from
-    png_set_add_alpha(), were read in the wrong order.
-  Merged pngvalid.c with version 1.6.19.
-  Added sPLT support to pngtest.c
-
-Version 1.5.24rc01 [October 31, 2015]
-  Prevent writing over-length PLTE chunk (Cosmin Truta).
-  Libpng incorrectly calculated the output rowbytes when the application
-    decreased either the number of channels or the bit depth (or both) in
-    a user transform.  This was safe; libpng overallocated buffer space
-   (potentially by quite a lot; up to 4 times the amount required) but,
-   from 1.5.4 on, resulted in a png_error (John Bowler).
-  Silently truncate over-length PLTE chunk while reading.
-
-Version 1.5.24rc02 [November 3, 2015]
-  Fixed some inconsequential cut-and-paste typos in png_set_cHRM_XYZ_fixed().
-  Clarified COPYRIGHT information to state explicitly that versions
-    are derived from previous versions.
-  Removed much of the long list of previous versions from png.h and
-    libpng.3.
+version 1.5.25beta01 [(PENDING RELEASE)]
+  Avoid potential pointer overflow in png_handle_iTXt(), png_handle_zTXt(),
+    png_handle_sPLT(), and png_handle_pCAL() (Bug report by John Regehr).
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit

CHANGES

@@ -4415,6 +4415,19 @@ Version 1.5.24rc02 [November 3, 2015]
   Removed much of the long list of previous versions from png.h and
     libpng.3.
 
+Version 1.5.24rc03 [omitted]
+
+Version 1.5.24rc04 [November 5, 2015]
+  Fixed new bug with CRC error after reading an over-length palette
+    (bug report by Cosmin Truta) (CVE-2015-8126).
+
+version 1.5.24 [November 12, 2015]
+  Cleaned up coding style in png_handle_PLTE().
+
+version 1.5.25beta01 [(PENDING RELEASE)]
+  Avoid potential pointer overflow in png_handle_iTXt(), png_handle_zTXt(),
+    png_handle_sPLT(), and png_handle_pCAL() (Bug report by John Regehr).
+
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
 https://lists.sourceforge.net/lists/listinfo/png-mng-implement

CMakeLists.txt

@@ -16,7 +16,7 @@ enable_testing()
 
 set(PNGLIB_MAJOR 1)
 set(PNGLIB_MINOR 5)
-set(PNGLIB_RELEASE 24)
+set(PNGLIB_RELEASE 25)
 set(PNGLIB_NAME libpng${PNGLIB_MAJOR}${PNGLIB_MINOR})
 set(PNGLIB_VERSION ${PNGLIB_MAJOR}.${PNGLIB_MINOR}.${PNGLIB_RELEASE})
 
@@ -224,7 +224,7 @@ endif(NOT WIN32 OR CYGWIN OR MINGW)
 # SET UP LINKS
 if(PNG_SHARED)
   set_target_properties(${PNG_LIB_NAME} PROPERTIES
-#   VERSION 15.${PNGLIB_RELEASE}.1.5.24rc02
+#   VERSION 15.${PNGLIB_RELEASE}.1.5.25beta01
     VERSION 15.${PNGLIB_RELEASE}.0
     SOVERSION 15
     CLEAN_DIRECT_OUTPUT 1)

LICENSE

@@ -10,7 +10,7 @@ this sentence.
 
 This code is released under the libpng license.
 
-libpng versions 1.0.7, July 1, 2000, through 1.5.24rc02, November 3, 2015, are
+libpng versions 1.0.7, July 1, 2000, through 1.5.25beta01, November 20, 2015, are
 Copyright (c) 2000-2002, 2004, 2006-2015 Glenn Randers-Pehrson, are
 derived from libpng-1.0.6, and are distributed according to the same
 disclaimer and license as libpng-1.0.6 with the following individuals
@@ -108,4 +108,4 @@ the additional disclaimers inserted at version 1.0.7.
 
 Glenn Randers-Pehrson
 glennrp at users.sourceforge.net
-November 3, 2015
+November 20, 2015

README

@@ -1,4 +1,4 @@
-README for libpng version 1.5.24rc02 - November 3, 2015 (shared library 15.0)
+README for libpng version 1.5.25beta01 - November 20, 2015 (shared library 15.0)
 See the note about version numbers near the top of png.h
 
 See INSTALL for instructions on how to install libpng.

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libpng 1.5.24rc02.
+# Generated by GNU Autoconf 2.69 for libpng 1.5.25beta01.
 #
 # Report bugs to <png-mng-implement@lists.sourceforge.net>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='libpng'
 PACKAGE_TARNAME='libpng'
-PACKAGE_VERSION='1.5.24rc02'
-PACKAGE_STRING='libpng 1.5.24rc02'
+PACKAGE_VERSION='1.5.25beta01'
+PACKAGE_STRING='libpng 1.5.25beta01'
 PACKAGE_BUGREPORT='png-mng-implement@lists.sourceforge.net'
 PACKAGE_URL=''
 
@@ -1354,7 +1354,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures libpng 1.5.24rc02 to adapt to many kinds of systems.
+\`configure' configures libpng 1.5.25beta01 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1424,7 +1424,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of libpng 1.5.24rc02:";;
+     short | recursive ) echo "Configuration of libpng 1.5.25beta01:";;
    esac
   cat <<\_ACEOF
 
@@ -1579,7 +1579,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-libpng configure 1.5.24rc02
+libpng configure 1.5.25beta01
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2002,7 +2002,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by libpng $as_me 1.5.24rc02, which was
+It was created by libpng $as_me 1.5.25beta01, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2865,7 +2865,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='libpng'
- VERSION='1.5.24rc02'
+ VERSION='1.5.25beta01'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -2982,10 +2982,10 @@ fi
 
 
 
-PNGLIB_VERSION=1.5.24rc02
+PNGLIB_VERSION=1.5.25beta01
 PNGLIB_MAJOR=1
 PNGLIB_MINOR=5
-PNGLIB_RELEASE=24
+PNGLIB_RELEASE=25
 
 
 
@@ -14124,7 +14124,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by libpng $as_me 1.5.24rc02, which was
+This file was extended by libpng $as_me 1.5.25beta01, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -14190,7 +14190,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-libpng config.status 1.5.24rc02
+libpng config.status 1.5.25beta01
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

configure.ac

@@ -18,15 +18,15 @@ AC_PREREQ(2.59)
 
 dnl Version number stuff here:
 
-AC_INIT([libpng], [1.5.24rc02], [png-mng-implement@lists.sourceforge.net])
+AC_INIT([libpng], [1.5.25beta01], [png-mng-implement@lists.sourceforge.net])
 AM_INIT_AUTOMAKE([1.13 serial-tests subdir-objects])
 dnl stop configure from automagically running automake
 AM_MAINTAINER_MODE
 
-PNGLIB_VERSION=1.5.24rc02
+PNGLIB_VERSION=1.5.25beta01
 PNGLIB_MAJOR=1
 PNGLIB_MINOR=5
-PNGLIB_RELEASE=24
+PNGLIB_RELEASE=25
 
 dnl End of version number stuff
 

libpng-manual.txt

@@ -1,6 +1,6 @@
 Libpng-manual.txt - A description on how to use and modify libpng
 
- libpng version 1.5.24rc02 - November 3, 2015
+ libpng version 1.5.25beta01 - November 20, 2015
  Updated and distributed by Glenn Randers-Pehrson
  <glennrp at users.sourceforge.net>
  Copyright (c) 1998-2014 Glenn Randers-Pehrson
@@ -11,7 +11,7 @@ Libpng-manual.txt - A description on how to use and modify libpng
 
  Based on:
 
- libpng versions 0.97, January 1998, through 1.5.24rc02 - November 3, 2015
+ libpng versions 0.97, January 1998, through 1.5.25beta01 - November 20, 2015
  Updated and distributed by Glenn Randers-Pehrson
  Copyright (c) 1998-2014 Glenn Randers-Pehrson
 
@@ -4245,7 +4245,7 @@ a set of "safe" limits is applied in pngpriv.h.  These can be overridden by
 application calls to png_set_user_limits(), png_set_user_chunk_cache_max(),
 and/or png_set_user_malloc_max() that increase or decrease the limits.  Also,
 in libpng-1.5.10 the default width and height limits were increased
-from 1,000,000 to 0x7ffffff (i.e., made unlimited).  Therefore, the
+from 1,000,000 to 0x7fffffff (i.e., made unlimited).  Therefore, the
 limits are now
                                default      safe
    png_user_width_max        0x7fffffff    1,000,000
@@ -4506,13 +4506,11 @@ Other rules can be inferred by inspecting the libpng source.
 
 XIV. Y2K Compliance in libpng
 
-November 3, 2015
-
 Since the PNG Development group is an ad-hoc body, we can't make
 an official declaration.
 
 This is your unofficial assurance that libpng from version 0.71 and
-upward through 1.5.24rc02 are Y2K compliant.  It is my belief that earlier
+upward through 1.5.25beta01 are Y2K compliant.  It is my belief that earlier
 versions were also Y2K compliant.
 
 Libpng only has two year fields.  One is a 2-byte unsigned integer

libpng.3

@@ -1,6 +1,6 @@
-.TH LIBPNG 3 "November 3, 2015"
+.TH LIBPNG 3 "November 20, 2015"
 .SH NAME
-libpng \- Portable Network Graphics (PNG) Reference Library 1.5.24rc02
+libpng \- Portable Network Graphics (PNG) Reference Library 1.5.25beta01
 .SH SYNOPSIS
 \fB
 #include <png.h>\fP
@@ -496,7 +496,7 @@ Following is a copy of the libpng-manual.txt file that accompanies libpng.
 .SH LIBPNG.TXT
 Libpng-manual.txt - A description on how to use and modify libpng
 
- libpng version 1.5.24rc02 - November 3, 2015
+ libpng version 1.5.25beta01 - November 20, 2015
  Updated and distributed by Glenn Randers-Pehrson
  <glennrp at users.sourceforge.net>
  Copyright (c) 1998-2014 Glenn Randers-Pehrson
@@ -507,7 +507,7 @@ Libpng-manual.txt - A description on how to use and modify libpng
 
  Based on:
 
- libpng versions 0.97, January 1998, through 1.5.24rc02 - November 3, 2015
+ libpng versions 0.97, January 1998, through 1.5.25beta01 - November 20, 2015
  Updated and distributed by Glenn Randers-Pehrson
  Copyright (c) 1998-2014 Glenn Randers-Pehrson
 
@@ -4741,7 +4741,7 @@ a set of "safe" limits is applied in pngpriv.h.  These can be overridden by
 application calls to png_set_user_limits(), png_set_user_chunk_cache_max(),
 and/or png_set_user_malloc_max() that increase or decrease the limits.  Also,
 in libpng-1.5.10 the default width and height limits were increased
-from 1,000,000 to 0x7ffffff (i.e., made unlimited).  Therefore, the
+from 1,000,000 to 0x7fffffff (i.e., made unlimited).  Therefore, the
 limits are now
                                default      safe
    png_user_width_max        0x7fffffff    1,000,000
@@ -5002,13 +5002,11 @@ Other rules can be inferred by inspecting the libpng source.
 
 .SH XIV. Y2K Compliance in libpng
 
-November 3, 2015
-
 Since the PNG Development group is an ad-hoc body, we can't make
 an official declaration.
 
 This is your unofficial assurance that libpng from version 0.71 and
-upward through 1.5.24rc02 are Y2K compliant.  It is my belief that earlier
+upward through 1.5.25beta01 are Y2K compliant.  It is my belief that earlier
 versions were also Y2K compliant.
 
 Libpng only has two year fields.  One is a 2-byte unsigned integer
@@ -5107,8 +5105,7 @@ the first widely used release:
  ...
  1.2.53                  13    10253  12.so.0.53[.0]
  ...
- 1.5.24beta01-02         15    10524  15.so.15.24[.0]
- 1.5.24rc01-02           15    10524  15.so.15.24[.0]
+ 1.5.24                  15    10524  15.so.15.24[.0]
 
 Henceforth the source version will match the shared-library minor
 and patch numbers; the shared-library major version number will be
@@ -5164,7 +5161,7 @@ possible without all of you.
 
 Thanks to Frank J. T. Wojcik for helping with the documentation.
 
-Libpng version 1.5.24rc02 - November 3, 2015:
+Libpng version 1.5.25beta01 - November 20, 2015:
 Initially created in 1995 by Guy Eric Schalnat, then of Group 42, Inc.
 Currently maintained by Glenn Randers-Pehrson (glennrp at users.sourceforge.net).
 
@@ -5189,7 +5186,7 @@ this sentence.
 
 This code is released under the libpng license.
 
-libpng versions 1.0.7, July 1, 2000, through 1.5.24rc02, November 3, 2015, are
+libpng versions 1.0.7, July 1, 2000, through 1.5.25beta01, November 20, 2015, are
 Copyright (c) 2000-2002, 2004, 2006-2015 Glenn Randers-Pehrson, are
 derived from libpng-1.0.6, and are distributed according to the same
 disclaimer and license as libpng-1.0.6 with the following individuals
@@ -5287,7 +5284,7 @@ the additional disclaimers inserted at version 1.0.7.
 
 Glenn Randers-Pehrson
 glennrp at users.sourceforge.net
-November 3, 2015
+November 20, 2015
 
 .\" end of man page
 

libpngpf.3

@@ -1,6 +1,6 @@
-.TH LIBPNGPF 3 "November 3, 2015"
+.TH LIBPNGPF 3 "November 20, 2015"
 .SH NAME
-libpng \- Portable Network Graphics (PNG) Reference Library 1.5.24rc02
+libpng \- Portable Network Graphics (PNG) Reference Library 1.5.25beta01
 (private functions)
 .SH SYNOPSIS
 \fB#include \fI"pngpriv.h"

png.5

@@ -1,4 +1,4 @@
-.TH PNG 5 "November 3, 2015"
+.TH PNG 5 "November 20, 2015"
 .SH NAME
 png \- Portable Network Graphics (PNG) format
 .SH DESCRIPTION

png.c

@@ -14,7 +14,7 @@
 #include "pngpriv.h"
 
 /* Generate a compiler error if there is an old png.h in the search path. */
-typedef png_libpng_version_1_5_24rc02 Your_png_h_is_not_version_1_5_24rc02;
+typedef png_libpng_version_1_5_25beta01 Your_png_h_is_not_version_1_5_25beta01;
 
 /* Tells libpng that we have already handled the first "num_bytes" bytes
  * of the PNG file signature.  If the PNG data is embedded into another
@@ -655,13 +655,13 @@ png_get_copyright(png_const_structp png_ptr)
 #else
 #  ifdef __STDC__
    return PNG_STRING_NEWLINE \
-     "libpng version 1.5.24rc02 - November 3, 2015" PNG_STRING_NEWLINE \
+     "libpng version 1.5.25beta01 - November 20, 2015" PNG_STRING_NEWLINE \
      "Copyright (c) 1998-2015 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \
      "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \
      "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \
      PNG_STRING_NEWLINE;
 #  else
-      return "libpng version 1.5.24rc02 - November 3, 2015\
+      return "libpng version 1.5.25beta01 - November 20, 2015\
       Copyright (c) 1998-2015 Glenn Randers-Pehrson\
       Copyright (c) 1996-1997 Andreas Dilger\
       Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.";

png.h

@@ -1,7 +1,7 @@
 
 /* png.h - header file for PNG reference library
  *
- * libpng version 1.5.24rc02, November 3, 2015
+ * libpng version 1.5.25beta01, November 20, 2015
  *
  * Copyright (c) 1998-2015 Glenn Randers-Pehrson
  * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
@@ -12,7 +12,8 @@
  * Authors and maintainers:
  *   libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat
  *   libpng versions 0.89c, June 1996, through 0.96, May 1997: Andreas Dilger
- *   libpng versions 0.97, January 1998, through 1.5.24rc02, November 3, 2015: Glenn
+ *   libpng versions 0.97, January 1998, through 1.5.25beta01, November 20, 2015:
+ *     Glenn Randers-Pehrson.
  *   See also "Contributing Authors", below.
  */
 
@@ -24,7 +25,7 @@
  *
  * This code is released under the libpng license.
  *
- * libpng versions 1.0.7, July 1, 2000, through 1.5.24rc02, November 3, 2015, are
+ * libpng versions 1.0.7, July 1, 2000, through 1.5.25beta01, November 20, 2015, are
  * Copyright (c) 2000-2002, 2004, 2006-2015 Glenn Randers-Pehrson, are
  * derived from libpng-1.0.6, and are distributed according to the same
  * disclaimer and license as libpng-1.0.6 with the following individuals
@@ -182,8 +183,7 @@
  *    ...
  *    1.2.53                  13    10253  12.so.0.53[.0]
  *    ...
- *    1.5.24beta01-02         15    10524  15.so.15.24[.0]
- *    1.5.24rc01-02           15    10524  15.so.15.24[.0]
+ *    1.5.24                  15    10524  15.so.15.24[.0]
  *
  *    Henceforth the source version will match the shared-library major
  *    and minor numbers; the shared-library major version number will be
@@ -211,13 +211,13 @@
  * Y2K compliance in libpng:
  * =========================
  *
- *    November 3, 2015
+ *    November 20, 2015
  *
  *    Since the PNG Development group is an ad-hoc body, we can't make
  *    an official declaration.
  *
  *    This is your unofficial assurance that libpng from version 0.71 and
- *    upward through 1.5.24rc02 are Y2K compliant.  It is my belief that
+ *    upward through 1.5.25beta01 are Y2K compliant.  It is my belief that
  *    earlier versions were also Y2K compliant.
  *
  *    Libpng only has two year fields.  One is a 2-byte unsigned integer
@@ -278,9 +278,9 @@
  */
 
 /* Version information for png.h - this should match the version in png.c */
-#define PNG_LIBPNG_VER_STRING "1.5.24rc02"
+#define PNG_LIBPNG_VER_STRING "1.5.25beta01"
 #define PNG_HEADER_VERSION_STRING \
-     " libpng version 1.5.24rc02 - November 3, 2015\n"
+     " libpng version 1.5.25beta01 - November 20, 2015\n"
 
 #define PNG_LIBPNG_VER_SONUM   15
 #define PNG_LIBPNG_VER_DLLNUM  15
@@ -288,13 +288,13 @@
 /* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */
 #define PNG_LIBPNG_VER_MAJOR   1
 #define PNG_LIBPNG_VER_MINOR   5
-#define PNG_LIBPNG_VER_RELEASE 24
+#define PNG_LIBPNG_VER_RELEASE 25
 
 /* This should match the numeric part of the final component of
  * PNG_LIBPNG_VER_STRING, omitting any leading zero:
  */
 
-#define PNG_LIBPNG_VER_BUILD  02
+#define PNG_LIBPNG_VER_BUILD  01
 
 /* Release Status */
 #define PNG_LIBPNG_BUILD_ALPHA    1
@@ -311,7 +311,7 @@
 #define PNG_LIBPNG_BUILD_SPECIAL 32 /* Cannot be OR'ed with
                                        PNG_LIBPNG_BUILD_PRIVATE */
 
-#define PNG_LIBPNG_BUILD_BASE_TYPE PNG_LIBPNG_BUILD_RC
+#define PNG_LIBPNG_BUILD_BASE_TYPE PNG_LIBPNG_BUILD_BETA
 
 /* Careful here.  At one time, Guy wanted to use 082, but that would be octal.
  * We must not include leading zeros.
@@ -319,7 +319,7 @@
  * version 1.0.0 was mis-numbered 100 instead of 10000).  From
  * version 1.0.1 it's    xxyyzz, where x=major, y=minor, z=release
  */
-#define PNG_LIBPNG_VER 10524 /* 1.5.24 */
+#define PNG_LIBPNG_VER 10525 /* 1.5.25 */
 
 /* Library configuration: these options cannot be changed after
  * the library has been built.
@@ -441,7 +441,7 @@ extern "C" {
 /* This triggers a compiler error in png.c, if png.c and png.h
  * do not agree upon the version number.
  */
-typedef char* png_libpng_version_1_5_24rc02;
+typedef char* png_libpng_version_1_5_25beta01;
 
 /* Three color definitions.  The order of the red, green, and blue, (and the
  * exact size) is not important, although the size of the fields need to

pngconf.h

@@ -1,7 +1,7 @@
 
 /* pngconf.h - machine configurable file for libpng
  *
- * libpng version 1.5.24rc02, November 3, 2015
+ * libpng version 1.5.25beta01, November 20, 2015
  *
  * Copyright (c) 1998-2013 Glenn Randers-Pehrson
  * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)

pngrtran.c

@@ -1,7 +1,7 @@
 
 /* pngrtran.c - transforms the data in a row for PNG readers
  *
- * Last changed in libpng 1.5.24 [(PENDING RELEASE)]
+ * Last changed in libpng 1.5.24 [November 12, 2015]
  * Copyright (c) 1998-2015 Glenn Randers-Pehrson
  * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
  * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)

pngrutil.c

@@ -1,7 +1,7 @@
 
 /* pngrutil.c - utilities to read a PNG file
  *
- * Last changed in libpng 1.5.24 [(PENDING RELEASE)]
+ * Last changed in libpng 1.5.24 [November 12, 2015]
  * Copyright (c) 1998-2015 Glenn Randers-Pehrson
  * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
  * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@@ -667,16 +667,18 @@ png_handle_PLTE(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
    /* The cast is safe because 'length' is less than 3*PNG_MAX_PALETTE_LENGTH */
    num = (int)length / 3;
 
-   /* If the palette has 256 or fewer entries but is too large for the bit depth,
-    * we don't issue an error, to preserve the behavior of previous libpng versions.
-    * We silently truncate the unused extra palette entries here.
+   /* If the palette has 256 or fewer entries but is too large for the bit
+    * depth, we don't issue an error, to preserve the behavior of previous
+    * libpng versions. We silently truncate the unused extra palette entries
+    * here.
     */
-
-   max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ?
-      (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH;
+   if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
+      max_palette_length = (1 << png_ptr->bit_depth);
+   else
+      max_palette_length = PNG_MAX_PALETTE_LENGTH;
 
    if (num > max_palette_length)
-     num = max_palette_length;
+      num = max_palette_length;
 
 #ifdef PNG_POINTER_INDEXING_SUPPORTED
    for (i = 0, pal_ptr = palette; i < num; i++, pal_ptr++)
@@ -710,7 +712,7 @@ png_handle_PLTE(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
    if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
 #endif
    {
-      png_crc_finish(png_ptr, 0);
+      png_crc_finish(png_ptr, (int) length - num * 3);
    }
 
 #ifndef PNG_READ_OPT_PLTE_SUPPORTED
@@ -1325,7 +1327,7 @@ png_handle_iCCP(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
    /* There should be at least one zero (the compression type byte)
     * following the separator, and we should be on it
     */
-   if (profile >= png_ptr->chunkdata + slength - 1)
+   if (slength < 1U || profile >= png_ptr->chunkdata + slength - 1U)
    {
       png_free(png_ptr, png_ptr->chunkdata);
       png_ptr->chunkdata = NULL;
@@ -1474,7 +1476,8 @@ png_handle_sPLT(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
    ++entry_start;
 
    /* A sample depth should follow the separator, and we should be on it  */
-   if (entry_start > (png_bytep)png_ptr->chunkdata + slength - 2)
+   if (slength < 2U ||
+       entry_start > (png_bytep)png_ptr->chunkdata + slength - 2U)
    {
       png_free(png_ptr, png_ptr->chunkdata);
       png_ptr->chunkdata = NULL;
@@ -2003,7 +2006,7 @@ png_handle_pCAL(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
    /* We need to have at least 12 bytes after the purpose string
     * in order to get the parameter information.
     */
-   if (endptr <= buf + 12)
+   if (endptr - buf <= 12U)
    {
       png_warning(png_ptr, "Invalid pCAL data");
       png_free(png_ptr, png_ptr->chunkdata);
@@ -2415,7 +2418,7 @@ png_handle_zTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
       /* Empty loop */ ;
 
    /* zTXt must have some text after the chunkdataword */
-   if (text >= png_ptr->chunkdata + slength - 2)
+   if (slength < 2U || text >= png_ptr->chunkdata + slength - 2U)
    {
       png_warning(png_ptr, "Truncated zTXt chunk");
       png_free(png_ptr, png_ptr->chunkdata);
@@ -2552,7 +2555,7 @@ png_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
     * keyword
     */
 
-   if (lang >= png_ptr->chunkdata + slength - 3)
+   if (slength < 3U || lang >= png_ptr->chunkdata + slength - 3U)
    {
       png_warning(png_ptr, "Truncated iTXt chunk");
       png_free(png_ptr, png_ptr->chunkdata);

pngset.c

@@ -1,7 +1,7 @@
 
 /* pngset.c - storage of image information into info struct
  *
- * Last changed in libpng 1.5.24 [(PENDING RELEASE)]
+ * Last changed in libpng 1.5.24 [November 12, 2015]
  * Copyright (c) 1998-2015 Glenn Randers-Pehrson
  * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
  * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@@ -1289,7 +1289,7 @@ png_set_user_limits (png_structp png_ptr, png_uint_32 user_width_max,
 {
    /* Images with dimensions larger than these limits will be
     * rejected by png_set_IHDR().  To accept any PNG datastream
-    * regardless of dimensions, set both limits to 0x7ffffffL.
+    * regardless of dimensions, set both limits to 0x7fffffffL.
     */
    if (png_ptr == NULL)
       return;

pngtest.c

@@ -2056,4 +2056,4 @@ main(void)
 #endif
 
 /* Generate a compiler error if there is an old png.h in the search path. */
-typedef png_libpng_version_1_5_24rc02 Your_png_h_is_not_version_1_5_24rc02;
+typedef png_libpng_version_1_5_25beta01 Your_png_h_is_not_version_1_5_25beta01;

pngwutil.c

@@ -1,7 +1,7 @@
 
 /* pngwutil.c - utilities to write a PNG file
  *
- * Last changed in libpng 1.5.24 [(PENDING RELEASE)]
+ * Last changed in libpng 1.5.24 [November 12, 2015]
  * Copyright (c) 1998-2015 Glenn Randers-Pehrson
  * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
  * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)

projects/vstudio/readme.txt

@@ -1,7 +1,7 @@
 
 VisualStudio instructions
 
-libpng version 1.5.24rc02 - November 3, 2015
+libpng version 1.5.25beta01 - November 20, 2015
 
 Copyright (c) 1998-2010 Glenn Randers-Pehrson
 

projects/vstudio/zlib.props

@@ -2,7 +2,7 @@
 <!--
  * zlib.props - location of zlib source
  *
- * libpng version 1.5.24rc02 - November 3, 2015
+ * libpng version 1.5.25beta01 - November 20, 2015
  *
  * Copyright (c) 1998-2011 Glenn Randers-Pehrson
  *

scripts/README.txt

@@ -1,9 +1,9 @@
 
-Makefiles for  libpng version 1.5.24rc02 - November 3, 2015
+Makefiles for  libpng version 1.5.25beta01 - November 20, 2015
 
 pnglibconf.h.prebuilt       =>  Stores configuration settings
  makefile.linux    =>  Linux/ELF makefile
-                       (gcc, creates libpng15.so.15.1.5.24rc02)
+                       (gcc, creates libpng15.so.15.1.5.25beta01)
  makefile.gcc      =>  Generic makefile (gcc, creates static libpng.a)
  makefile.knr      =>  Archaic UNIX Makefile that converts files with
                        ansi2knr (Requires ansi2knr.c from
@@ -34,12 +34,12 @@ pnglibconf.h.prebuilt       =>  Stores configuration settings
  makefile.os2      =>  OS/2 Makefile (gcc and emx, requires libpng.def)
  makefile.sco      =>  For SCO OSr5  ELF and Unixware 7 with Native cc
  makefile.sggcc    =>  Silicon Graphics (gcc,
-                       creates libpng15.so.15.1.5.24rc02)
+                       creates libpng15.so.15.1.5.25beta01)
  makefile.sgi      =>  Silicon Graphics IRIX makefile (cc, creates static lib)
  makefile.solaris  =>  Solaris 2.X makefile (gcc,
-                       creates libpng15.so.15.1.5.24rc02)
+                       creates libpng15.so.15.1.5.25beta01)
  makefile.so9      =>  Solaris 9 makefile (gcc,
-                       creates libpng15.so.15.1.5.24rc02)
+                       creates libpng15.so.15.1.5.25beta01)
  makefile.std      =>  Generic UNIX makefile (cc, creates static libpng.a)
  makefile.sunos    =>  Sun makefile
  makefile.32sunu   =>  Sun Ultra 32-bit makefile

scripts/def.c

@@ -21,7 +21,7 @@ PNG_DFN "OS2 DESCRIPTION "PNG image compression library""
 PNG_DFN "OS2 CODE PRELOAD MOVEABLE DISCARDABLE"
 PNG_DFN ""
 PNG_DFN "EXPORTS"
-PNG_DFN ";Version 1.5.24rc02"
+PNG_DFN ";Version 1.5.25beta01"
 
 #define PNG_EXPORTA(ordinal, type, name, args, attributes)\
         PNG_DFN "@" SYMBOL_PREFIX "@@" name "@"

scripts/libpng-config-head.in

@@ -11,7 +11,7 @@
 
 # Modeled after libxml-config.
 
-version=1.5.24rc02
+version=1.5.25beta01
 prefix=""
 libdir=""
 libs=""

scripts/libpng.pc.in

@@ -5,6 +5,6 @@ includedir=@includedir@/libpng15
 
 Name: libpng
 Description: Loads and saves PNG files
-Version: 1.5.24rc02
+Version: 1.5.25beta01
 Libs: -L${libdir} -lpng15
 Cflags: -I${includedir}

scripts/makefile.cegcc

@@ -23,7 +23,7 @@
 
 VERMAJ = 1
 VERMIN = 5
-VERMIC = 24
+VERMIC = 25
 VER = $(VERMAJ).$(VERMIN).$(VERMIC)
 NAME = libpng
 PACKAGE = $(NAME)-$(VER)

scripts/makefile.linux

@@ -10,7 +10,7 @@
 # Library name:
 LIBNAME = libpng15
 PNGMAJ = 15
-RELEASE = 24
+RELEASE = 25
 
 # Shared library names:
 LIBSO=$(LIBNAME).so

scripts/makefile.msys

@@ -18,7 +18,7 @@ exec_prefix=$(prefix)
 # Library name:
 LIBNAME = libpng15
 PNGMAJ = 15
-RELEASE = 24
+RELEASE = 25
 
 # Shared library names:
 LIBSO=$(LIBNAME).dll

scripts/makefile.ne12bsd

@@ -17,7 +17,7 @@ INCSDIR=${LOCALBASE}/include/libpng15
 
 LIB=	png15
 SHLIB_MAJOR=	0
-SHLIB_MINOR=	1.5.24rc02
+SHLIB_MINOR=	1.5.25beta01
 SRCS=	png.c pngset.c pngget.c pngrutil.c pngtrans.c pngwutil.c \
 	pngread.c pngrio.c pngwio.c pngwrite.c pngrtran.c \
 	pngwtran.c pngmem.c pngerror.c pngpread.c

scripts/makefile.netbsd

@@ -17,7 +17,7 @@ INCSDIR=${LOCALBASE}/include
 
 LIB=	png
 SHLIB_MAJOR=	15
-SHLIB_MINOR=	1.5.24rc02
+SHLIB_MINOR=	1.5.25beta01
 SRCS=	png.c pngset.c pngget.c pngrutil.c pngtrans.c pngwutil.c \
 	pngread.c pngrio.c pngwio.c pngwrite.c pngrtran.c \
 	pngwtran.c pngmem.c pngerror.c pngpread.c

scripts/makefile.openbsd

@@ -11,7 +11,7 @@ LIBDIR=	${PREFIX}/lib
 MANDIR= ${PREFIX}/man/cat
 
 SHLIB_MAJOR=	15
-SHLIB_MINOR=	1.5.24rc02
+SHLIB_MINOR=	1.5.25beta01
 
 LIB=	png
 SRCS=	png.c pngerror.c pngget.c pngmem.c pngpread.c \

scripts/pnglibconf.h.prebuilt

@@ -1,9 +1,9 @@
-/* 1.5.24rc02 STANDARD API DEFINITION */
+/* 1.5.25beta01 STANDARD API DEFINITION */
 /* pnglibconf.h - library build configuration */
 
-/* libpng version 1.5.24rc02 - November 3, 2015 */
+/* libpng version 1.5.25beta01 - November 20, 2015 */
 
-/* Copyright (c) 1998-2013 Glenn Randers-Pehrson */
+/* Copyright (c) 1998-2015 Glenn Randers-Pehrson */
 
 /* This code is released under the libpng license. */
 /* For conditions of distribution and use, see the disclaimer */

scripts/symbols.def

@@ -1,4 +1,4 @@
-;Version 1.5.24rc02
+;Version 1.5.25beta01
 ;--------------------------------------------------------------
 ; LIBPNG symbol list as a Win32 DEF file
 ; Contains all the symbols that can be exported from libpng