1 files changed, 134 insertions, 1 deletions

diff --git a/plugins/AdvaImg/src/LibPNG/CHANGES b/plugins/AdvaImg/src/LibPNG/CHANGES
index 6447bbb3c6..80f4c771b5 100644
--- a/plugins/AdvaImg/src/LibPNG/CHANGES
+++ b/plugins/AdvaImg/src/LibPNG/CHANGES
@@ -833,7 +833,7 @@ Version 1.0.7beta11 [May 7, 2000]
   Removed the new PNG_CREATED_READ_STRUCT and PNG_CREATED_WRITE_STRUCT modes

     which are no longer used.

   Eliminated the three new members of png_text when PNG_LEGACY_SUPPORTED is

-    defined or when neither PNG_READ_iTXt_SUPPORTED nor PNG_WRITE_iTXT_SUPPORTED

+    defined or when neither PNG_READ_iTXt_SUPPORTED nor PNG_WRITE_iTXt_SUPPORTED

     is defined.

   Made PNG_NO_READ|WRITE_iTXt the default setting, to avoid memory

     overrun when old applications fill the info_ptr->text structure directly.

@@ -5908,6 +5908,139 @@ Version 1.6.31rc02 [July 25, 2017]
 Version 1.6.31 [July 27, 2017]

   No changes.

 

+Version 1.6.32beta01 [July 31, 2017]

+  Avoid possible NULL dereference in png_handle_eXIf when benign_errors

+    are allowed. Avoid leaking the input buffer "eXIf_buf".

+  Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif

+    to arguments for png_get_eXIf() and png_set_eXIf().

+  Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in

+    pngwrite.c, and made various other fixes to png_write_eXIf().

+  Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and

+    png_set_eXIf_1(), respectively, to avoid breaking API compatibility

+    with libpng-1.6.31.

+

+Version 1.6.32beta02 [August 1, 2017]

+  Updated contrib/libtests/pngunknown.c with eXIf chunk.

+

+Version 1.6.32beta03 [August 2, 2017]

+  Initialized btoa[] in pngstest.c

+  Stop memory leak when returning from png_handle_eXIf() with an error

+    (Bug report from the OSS-fuzz project).

+

+Version 1.6.32beta04 [August 2, 2017]

+  Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().

+  Update libpng.3 and libpng-manual.txt about eXIf functions.

+

+Version 1.6.32beta05 [August 2, 2017]

+  Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability.

+

+Version 1.6.32beta06 [August 2, 2017]

+  Removed png_get_eXIf_1() and png_set_eXIf_1().

+

+Version 1.6.32beta07 [August 3, 2017]

+  Check length of all chunks except IDAT against user limit to fix an

+    OSS-fuzz issue (Fixes CVE-2017-12652).

+

+Version 1.6.32beta08 [August 3, 2017]

+  Check length of IDAT against maximum possible IDAT size, accounting

+    for height, rowbytes, interlacing and zlib/deflate overhead.

+  Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf)

+    does not work (the eXIf chunk data can contain zeroes).

+

+Version 1.6.32beta09 [August 3, 2017]

+  Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation,

+    no longer using deprecated cmake LOCATION feature (Clifford Yapp).

+  Fixed five-byte error in the calculation of IDAT maximum possible size.

+  

+Version 1.6.32beta10 [August 5, 2017]

+  Moved chunk-length check into a png_check_chunk_length() private

+    function (Suggested by Max Stepin).

+  Moved bad pngs from tests to contrib/libtests/crashers

+  Moved testing of bad pngs into a separate tests/pngtest-badpngs script

+  Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL

+    in the output but PASS for the libpng test.

+  Require cmake-3.0.2 in CMakeLists.txt (Clifford Yapp).

+  Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the

+    num_exif argument to png_get_eXIf_1() (Github Issue 171).

+

+Version 1.6.32beta11 [August 7, 2017]

+  Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().

+  Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers.

+  Make pngtest --strict, --relax, --xfail options imply -m (multiple).

+  Removed unused chunk_name parameter from png_check_chunk_length().

+  Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak.

+  Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue.

+  Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR.

+  Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.

+  Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account

+    for the minimum 'deflate' stream, and relocate the test to a point

+    after the keyword has been read.

+  Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM".

+

+Version 1.6.32rc01 [August 18, 2017]

+  Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers,

+    one for each known chunk type, with length = 2GB-1.

+  Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts

+    in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706,

+    and 162707).

+  Renamed chunks in contrib/testpngs/crashers to avoid having files whose

+    names differ only in case; this causes problems with some platforms

+    (github issue #172).

+

+Version 1.6.32rc02 [August 22, 2017]

+  Added contrib/oss-fuzz directory which contains files used by the oss-fuzz

+    project (https://github.com/google/oss-fuzz/tree/master/projects/libpng).

+

+Version 1.6.32 [August 24, 2017]

+  No changes.

+

+Version 1.6.33beta01 [August 28, 2017]

+  Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing

+    parenthesis in contrib/pngminus/pnm2png.c (bug report by Christian Hesse).

+  Fixed off-by-one error in png_do_check_palette_indexes() (Bug report

+    by Mick P., Source Forge Issue #269).

+

+Version 1.6.33beta02 [September 3, 2017]

+  Initialize png_handler.row_ptr in contrib/oss-fuzz/libpng_read_fuzzer.cc

+    to fix shortlived oss-fuzz issue 3234.

+  Compute a larger limit on IDAT because some applications write a deflate

+    buffer for each row (Bug report by Andrew Church).

+  Use current date (DATE) instead of release-date (RDATE) in last

+    changed date of contrib/oss-fuzz files.

+  Enabled ARM support in CMakeLists.txt (Bernd Kuhls).

+

+Version 1.6.33beta03 [September 14, 2017]

+  Fixed incorrect typecast of some arguments to png_malloc() and

+    png_calloc() that were png_uint_32 instead of png_alloc_size_t

+    (Bug report by "irwir" in Github libpng issue #175).

+  Use pnglibconf.h.prebuilt when building for ANDROID with cmake (Github

+    issue 162, by rcdailey).

+

+Version 1.6.33rc01 [September 20, 2017]

+  Initialize memory allocated by png_inflate to zero, using memset, to

+    stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2()

+    due to truncated iTXt or zTXt chunk.

+  Initialize memory allocated by png_read_buffer to zero, using memset, to

+    stop an oss-fuzz "use of uninitialized value" detection in

+    png_icc_check_tag_table() due to truncated iCCP chunk.

+  Removed a redundant test (suggested by "irwir" in Github issue #180).

+

+Version 1.6.33rc02 [September 23, 2017]

+  Added an interlaced version of each file in contrib/pngsuite.

+  Relocate new memset() call in pngrutil.c.

+  Removed more redundant tests (suggested by "irwir" in Github issue #180).

+  Add support for loading images with associated alpha in the Simplified

+    API (Samuel Williams).

+

+Version 1.6.33 [September 28, 2017]

+  Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state.

+  Initialize png_handler.row_ptr in contrib/oss-fuzz/libpng_read_fuzzer.cc

+  Add end_info structure and png_read_end() to the libpng fuzzer.

+

+Version 1.6.34 [September 29, 2017]

+  Removed contrib/pngsuite/i*.png; some of these were incorrect and caused

+    test failures.

+

 Send comments/corrections/commendations to png-mng-implement at lists.sf.net

 (subscription required; visit

 https://lists.sourceforge.net/lists/listinfo/png-mng-implement