summaryrefslogtreecommitdiff
path: root/plugins/AdvaImg/src/LibPNG/CHANGES
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/AdvaImg/src/LibPNG/CHANGES')
-rw-r--r--plugins/AdvaImg/src/LibPNG/CHANGES705
1 files changed, 659 insertions, 46 deletions
diff --git a/plugins/AdvaImg/src/LibPNG/CHANGES b/plugins/AdvaImg/src/LibPNG/CHANGES
index 560e3ffe97..62ab676da4 100644
--- a/plugins/AdvaImg/src/LibPNG/CHANGES
+++ b/plugins/AdvaImg/src/LibPNG/CHANGES
@@ -1,11 +1,14 @@
-
+#if 0
CHANGES - changes for libpng
-Version 0.2
+version 0.1 [March 29, 1995]
+ initial work-in-progress release
+
+version 0.2 [April 1, 1995]
added reader into png.h
fixed small problems in stub file
-Version 0.3
+version 0.3 [April 8, 1995]
added pull reader
split up pngwrite.c to several files
added pnglib.txt
@@ -14,9 +17,9 @@ Version 0.3
fixed some bugs in writer
interfaced with zlib 0.5
added K&R support
- added check for 64 KB blocks for 16-bit machines
+ added check for 64 KB blocks for 16 bit machines
-Version 0.4
+version 0.4 [April 26, 1995]
cleaned up code and commented code
simplified time handling into png_time
created png_color_16 and png_color_8 to handle color needs
@@ -27,28 +30,29 @@ Version 0.4
cleaned up zTXt reader and writer (using zlib's Reset functions)
split transformations into pngrtran.c and pngwtran.c
-Version 0.5
+version 0.5 [April 30, 1995]
interfaced with zlib 0.8
fixed many reading and writing bugs
saved using 3 spaces instead of tabs
-Version 0.6
+version 0.6 [May 1, 1995]
+ first beta release
added png_large_malloc() and png_large_free()
added png_size_t
cleaned up some compiler warnings
added png_start_read_image()
-Version 0.7
+version 0.7 [June 24, 1995]
cleaned up lots of bugs
finished dithering and other stuff
added test program
changed name from pnglib to libpng
-Version 0.71 [June, 1995]
+version 0.71 [June 26, 1995]
changed pngtest.png for zlib 0.93
fixed error in libpng.txt and example.c
-Version 0.8
+version 0.8 [August 20, 1995]
cleaned up some bugs
added png_set_filler()
split up pngstub.c into pngmem.c, pngio.c, and pngerror.c
@@ -91,7 +95,7 @@ Version 0.88 [January, 1996]
cleaned up documentation
added callbacks for read/write and warning/error functions
-Version 0.89 [July, 1996]
+Version 0.89 [June 5, 1996]
Added new initialization API to make libpng work better with shared libs
we now have png_create_read_struct(), png_create_write_struct(),
png_create_info_struct(), png_destroy_read_struct(), and
@@ -118,6 +122,9 @@ Version 0.89 [July, 1996]
New pngtest image also has interlacing and zTXt
Updated documentation to reflect new API
+Version 0.89c [June 17, 1996]
+ Bug fixes.
+
Version 0.90 [January, 1997]
Made CRC errors/warnings on critical and ancillary chunks configurable
libpng will use the zlib CRC routines by (compile-time) default
@@ -158,7 +165,7 @@ Version 0.95 [March, 1997]
Added new pCAL chunk read/write support
Added experimental filter selection weighting (Greg Roelofs)
Removed old png_set_rgbx() and png_set_xrgb() functions that have been
- obsolete for about 2 years now (use png_set_filler() instead)
+ obsolete for about 2 years now (use png_set_filler() instead)
Added macros to read 16- and 32-bit ints directly from buffer, to be
used only on those systems that support it (namely PowerPC and 680x0)
With some testing, this may become the default for MACOS/PPC systems.
@@ -440,7 +447,7 @@ Version 1.0.3 [January 14, 1999]
Version 1.0.3a [August 12, 1999]
Added check for PNG_READ_INTERLACE_SUPPORTED in pngread.c; issue a warning
- if an attempt is made to read an interlaced image when it's not supported.
+ if an attempt is made to read an interlaced image when it's not supported.
Added check if png_ptr->trans is defined before freeing it in pngread.c
Modified the Y2K statement to include versions back to version 0.71
Fixed a bug in the check for valid IHDR bit_depth/color_types in pngrutil.c
@@ -448,7 +455,7 @@ Version 1.0.3a [August 12, 1999]
Replaced leading blanks with tab characters in makefile.hux
Changed "dworkin.wustl.edu" to "ccrc.wustl.edu" in various documents.
Changed (float)red and (float)green to (double)red, (double)green
- in png_set_rgb_to_gray() to avoid "promotion" problems in AIX.
+ in png_set_rgb_to_gray() to avoid "promotion" problems in AIX.
Fixed a bug in pngconf.h that omitted <stdio.h> when PNG_DEBUG==0 (K Bracey).
Reformatted libpng.3 and libpngpf.3 with proper fonts (script by J. vanZandt).
Updated documentation to refer to the PNG-1.2 specification.
@@ -491,7 +498,7 @@ Version 1.0.3d [September 4, 1999]
Added new png_expand functions to scripts/pngdef.pas and pngos2.def
Added a demo read_user_transform_fn that examines the row filters in pngtest.c
-Version 1.0.4 [September 24, 1999]
+Version 1.0.4 [September 24, 1999, not distributed publicly]
Define PNG_ALWAYS_EXTERN in pngconf.h if __STDC__ is defined
Delete #define PNG_INTERNAL and include "png.h" from pngasmrd.h
Made several minor corrections to pngtest.c
@@ -518,6 +525,7 @@ Version 1.0.4c [October 1, 1999]
Added a "png_check_version" function in png.c and pngtest.c that will generate
a helpful compiler error if an old png.h is found in the search path.
Changed type of png_user_transform_depth|channels from int to png_byte.
+ Added "Libpng is OSI Certified Open Source Software" statement to png.h
Version 1.0.4d [October 6, 1999]
Changed 0.45 to 0.45455 in png_set_sRGB()
@@ -585,7 +593,7 @@ Version 1.0.5e [November 30, 1999]
with trailing compressed parts easier in the future, and added new functions
png_free_iCCP, png_free_pCAL, png_free_sPLT, png_free_text, png_get_iCCP,
png_get_spalettes, png_set_iCCP, png_set_spalettes (Eric S. Raymond).
- NOTE: Applications that write text chunks MUST define png_text->lang
+ NOTE: Applications that write text chunks MUST define png_text->lang
before calling png_set_text(). It must be set to NULL if you want to
write tEXt or zTXt chunks. If you want your application to be able to
run with older versions of libpng, use
@@ -904,7 +912,7 @@ Version 1.0.7 [July 1, 2000]
Version 1.0.8beta1 [July 8, 2000]
Added png_free(png_ptr, key) two places in pngpread.c to stop memory leaks.
Changed PNG_NO_STDIO to PNG_NO_CONSOLE_IO, several places in pngrutil.c and
- pngwutil.c.
+ pngwutil.c.
Changed PNG_EXPORT_VAR to use PNG_IMPEXP, in pngconf.h.
Removed unused "#include <assert.h>" from png.c
Added WindowsCE support.
@@ -912,12 +920,12 @@ Version 1.0.8beta1 [July 8, 2000]
Version 1.0.8beta2 [July 10, 2000]
Added project files to the wince directory and made further revisions
- of pngtest.c, pngrio.c, and pngwio.c in support of WindowsCE.
+ of pngtest.c, pngrio.c, and pngwio.c in support of WindowsCE.
Version 1.0.8beta3 [July 11, 2000]
Only set the PNG_FLAG_FREE_TRNS or PNG_FREE_TRNS flag in png_handle_tRNS()
- for indexed-color input files to avoid potential double-freeing trans array
- under some unusual conditions; problem was introduced in version 1.0.6f.
+ for indexed-color input files to avoid potential double-freeing trans array
+ under some unusual conditions; problem was introduced in version 1.0.6f.
Further revisions to pngtest.c and files in the wince subdirectory.
Version 1.0.8beta4 [July 14, 2000]
@@ -1089,16 +1097,16 @@ Version 1.2.0beta3 [May 17, 2001]
Version 1.2.0beta4 [June 23, 2001]
Check for missing profile length field in iCCP chunk and free chunk_data
- in case of truncated iCCP chunk.
+ in case of truncated iCCP chunk.
Bumped shared-library number to 3 in makefile.sgi and makefile.sggcc
Bumped dll-number from 2 to 3 in makefile.cygwin
Revised contrib/gregbook/rpng*-x.c to avoid a memory leak and to exit cleanly
- if user attempts to run it on an 8-bit display.
+ if user attempts to run it on an 8-bit display.
Updated contrib/gregbook
Use png_malloc instead of png_zalloc to allocate palette in pngset.c
Updated makefile.ibmc
Added some typecasts to eliminate gcc 3.0 warnings. Changed prototypes
- of png_write_oFFS width and height from png_uint_32 to png_int_32.
+ of png_write_oFFS width and height from png_uint_32 to png_int_32.
Updated example.c
Revised prototypes for png_debug_malloc and png_debug_free in pngtest.c
@@ -1106,9 +1114,9 @@ Version 1.2.0beta5 [August 8, 2001]
Revised contrib/gregbook
Revised makefile.gcmmx
Revised pnggccrd.c to conditionally compile some thread-unsafe code only
- when PNG_THREAD_UNSAFE_OK is defined.
+ when PNG_THREAD_UNSAFE_OK is defined.
Added tests to prevent pngwutil.c from writing a bKGD or tRNS chunk with
- value exceeding 2^bit_depth-1
+ value exceeding 2^bit_depth-1
Revised makefile.sgi and makefile.sggcc
Replaced calls to fprintf(stderr,...) with png_warning() in pnggccrd.c
Removed restriction that do_invert_mono only operate on 1-bit opaque files
@@ -1449,8 +1457,9 @@ Version 1.2.6beta4 [July 28, 2004]
Use png_malloc instead of png_zalloc to allocate the pallete.
Version 1.0.16rc1 and 1.2.6rc1 [August 4, 2004]
- Fixed buffer overflow vulnerability in png_handle_tRNS()
- Fixed integer arithmetic overflow vulnerability in png_read_png().
+ Fixed buffer overflow vulnerability (CVE-2004-0597) in png_handle_tRNS().
+ Fixed NULL dereference vulnerability (CVE-2004-0598) in png_handle_iCCP().
+ Fixed integer overflow vulnerability (CVE-2004-0599) in png_read_png().
Fixed some harmless bugs in png_handle_sBIT, etc, that would cause
duplicate chunk types to go undetected.
Fixed some timestamps in the -config version
@@ -1493,7 +1502,7 @@ Version 1.0.16rc4 and 1.2.6rc4 [August 10, 2004]
Version 1.0.16rc5 and 1.2.6rc5 [August 10, 2004]
Moved "PNG_HANDLE_CHUNK_*" macros out of PNG_ASSEMBLER_CODE_SUPPORTED
- section of png.h where they were inadvertently placed in version rc3.
+ section of png.h where they were inadvertently placed in version rc3.
Version 1.2.6 and 1.0.16 [August 15, 2004]
Revised pngtest so memory allocation testing is only done when PNG_DEBUG==1.
@@ -2325,7 +2334,7 @@ Version 1.4.0beta63 [June 15, 2009]
Version 1.4.0beta64 [June 24, 2009]
Eliminated PNG_LEGACY_SUPPORTED code.
Moved the various unknown chunk macro definitions outside of the
- PNG_READ|WRITE_ANCILLARY_CHUNK_SUPPORTED blocks.
+ PNG_READ|WRITE_ANCILLARY_CHUNK_SUPPORTED blocks.
Version 1.4.0beta65 [June 26, 2009]
Added a reference to the libpng license in each file.
@@ -3747,8 +3756,9 @@ Version 1.5.7beta04 [November 17, 2011]
Version 1.5.7beta05 [November 25, 2011]
Removed "zTXt" from warning in generic chunk decompression function.
- Validate time settings passed to pngset() and png_convert_to_rfc1123()
- (Frank Busse).
+ Validate time settings passed to png_set_tIME() and png_convert_to_rfc1123()
+ (Frank Busse). Note: This prevented CVE-2015-7981 from affecting
+ libpng-1.5.7 and later.
Added MINGW support to CMakeLists.txt
Reject invalid compression flag or method when reading the iTXt chunk.
Backed out 'simplified' API changes. The API seems too complex and there
@@ -3794,12 +3804,13 @@ Version 1.6.0beta01 [December 15, 2011]
(the other two required headers aren't used). Non-ANSI systems that don't
have stddef.h or limits.h will have to provide an appropriate fake
containing the relevant types and #defines.
- The use of FAR/far has been eliminated and the definition of png_alloc_size_t
- is now controlled by a flag so that 'small size_t' systems can select it
- if necessary. Libpng 1.6 may not currently work on such systems -- it
- seems likely that it will ask 'malloc' for more than 65535 bytes with any
- image that has a sufficiently large row size (rather than simply failing
- to read such images).
+ Dropped support for 16-bit platforms. The use of FAR/far has been eliminated
+ and the definition of png_alloc_size_t is now controlled by a flag so
+ that 'small size_t' systems can select it if necessary. Libpng 1.6 may
+ not currently work on such systems -- it seems likely that it will
+ ask 'malloc' for more than 65535 bytes with any image that has a
+ sufficiently large row size (rather than simply failing to read such
+ images).
New tools directory containing tools used to generate libpng code.
Fixed race conditions in parallel make builds. With higher degrees of
parallelism during 'make' the use of the same temporary file names such
@@ -4411,7 +4422,7 @@ Version 1.6.1beta02 [February 19, 2013]
Version 1.6.1beta03 [February 22, 2013]
Fixed ALIGNED_MEMORY support.
- Allow run-time ARM NEON checking to be disabled. A new configure option:
+ Added a new configure option:
--enable-arm-neon=always will stop the run-time checks. New checks
within arm/arm_init.c will cause the code not to be compiled unless
__ARM_NEON__ is set. This should make it fail safe (if someone asks
@@ -4430,10 +4441,10 @@ Version 1.6.1beta05 [March 1, 2013]
Version 1.6.1beta06 [March 4, 2013]
Better documentation of unknown handling API interactions.
Corrected Android builds and corrected libpng.vers with symbol
- prefixing. This adds an API to set optimization options externally,
+ prefixing. It also makes those tests compile and link on Android.
+ Added an API png_set_option() to set optimization options externally,
providing an alternative and general solution for the non-portable
- run-time tests used by the ARM Neon code. It also makes those tests
- compile and link on Android.
+ run-time tests used by the ARM Neon code, using the PNG_ARM_NEON option.
The order of settings vs options in pnglibconf.h is reversed to allow
settings to depend on options and options can now set (or override) the
defaults for settings.
@@ -4525,13 +4536,14 @@ Version 1.6.3beta03 [April 30, 2013]
Expanded manual paragraph about writing private chunks, particularly
the need to call png_set_keep_unknown_chunks() when writing them.
Avoid dereferencing NULL pointer possibly returned from
- png_create_write_struct() (Andrew Church).
+ png_create_write_struct() (Andrew Church).
Version 1.6.3beta05 [May 9, 2013]
Calculate our own zlib windowBits when decoding rather than trusting the
CMF bytes in the PNG datastream.
Added an option to force maximum window size for inflating, which was
- the behavior of libpng15 and earlier.
+ the behavior of libpng15 and earlier, via a new PNG_MAXIMUM_INFLATE_WINDOW
+ option for png_set_options().
Added png-fix-itxt and png-fix-too-far-back to the built programs and
removed warnings from the source code and timepng that are revealed as
a result.
@@ -5051,7 +5063,8 @@ Version 1.6.15beta04 [November 4, 2014]
Version 1.6.15beta05 [November 5, 2014]
Use png_get_libpng_ver(NULL) instead of PNG_LIBPNG_VER_STRING in
example.c, pngtest.c, and applications in the contrib directory.
- Avoid out-of-bounds memory access in png_user_version_check().
+ Fixed an out-of-range read in png_user_version_check() (Bug report from
+ Qixue Xiao, CVE-2015-8540).
Simplified and future-proofed png_user_version_check().
Fixed GCC unsigned int->float warnings. Various versions of GCC
seem to generate warnings when an unsigned value is implicitly
@@ -5134,14 +5147,16 @@ Version 1.6.17beta01 [January 29, 2015]
Added testing of png_set_packing() to pngvalid.c
Regenerated configure scripts in the *.tar distributions with libtool-2.4.4
Implement previously untested cases of libpng transforms in pngvalid.c
- Fixed byte order in 2-byte filler, in png_do_read_filler().
+ Fixed byte order in png_do_read_filler() with 16-bit input. Previously
+ the high and low bytes of the filler, from png_set_filler() or from
+ png_set_add_alpha(), were read in the wrong order.
Made the check for out-of-range values in png_set_tRNS() detect
values that are exactly 2^bit_depth, and work on 16-bit platforms.
Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47.
Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and
pngset.c to avoid warnings about dead code.
Added "& 0xff" to many instances of expressions that are typecast
- to (png_byte), to avoid Coverity gripes.
+ to (png_byte), to avoid Coverity warnings.
Version 1.6.17beta02 [February 7, 2015]
Work around one more Coverity-scan dead-code warning.
@@ -5205,6 +5220,603 @@ Version 1.6.17rc06 [March 23, 2015]
Version 1.6.17 [March 26, 2015]
No changes.
+Version 1.6.18beta01 [April 1, 2015]
+ Removed PNG_SET_CHUNK_[CACHE|MALLOC]_LIMIT_SUPPORTED macros. They
+ have been combined with PNG_SET_USER_LIMITS_SUPPORTED (resolves
+ bug report by Andrew Church).
+ Fixed rgb_to_gray checks and added tRNS checks to pngvalid.c. This
+ fixes some arithmetic errors that caused some tests to fail on
+ some 32-bit platforms (Bug reports by Peter Breitenlohner [i686]
+ and Petr Gajdos [i586]).
+
+Version 1.6.18beta02 [April 26, 2015]
+ Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler
+ (Bug report by Viktor Szakats).
+
+Version 1.6.18beta03 [May 6, 2015]
+ Replaced "unexpected" with an integer (0xabadca11) in pngset.c
+ where a long was expected, to avoid a compiler warning when PNG_DEBUG > 1.
+ Added contrib/examples/simpleover.c, to demonstrate how to handle
+ alpha compositing of multiple images, using the "simplified API"
+ and an example PNG generation tool, contrib/examples/genpng.c
+ (John Bowler).
+
+Version 1.6.18beta04 [May 20, 2015]
+ PNG_RELEASE_BUILD replaces tests where the code depended on the build base
+ type and can be defined on the command line, allowing testing in beta
+ builds (John Bowler).
+ Avoid Coverity issue 80858 (REVERSE NULL) in pngtest.c PNG_DEBUG builds.
+ Avoid a harmless potential integer overflow in png_XYZ_from_xy() (Bug
+ report from Christopher Ferris).
+
+Version 1.6.18beta05 [May 31, 2015]
+ Backport filter selection code from libpng-1.7.0beta51, to combine
+ sub_row, up_row, avg_row, and paeth_row into try_row and tst_row.
+ Changed png_voidcast(), etc., to voidcast(), etc., in contrib/tools/pngfix.c
+ to avoid confusion with the libpng private macros.
+ Fixed old cut&paste bug in the weighted filter selection code in
+ pngwutil.c, introduced in libpng-0.95, March 1997.
+
+Version 1.6.18beta06 [June 1, 2015]
+ Removed WRITE_WEIGHTED_FILTERED code, to save a few kbytes of the
+ compiled library size. It never worked properly and as far as we can
+ tell, no one uses it. The png_set_filter_heuristics() and
+ png_set_filter_heuristics_fixed() APIs are retained but deprecated
+ and do nothing.
+
+Version 1.6.18beta07 [June 6, 2015]
+ Removed non-working progressive reader 'skip' function. This
+ function has apparently never been used. It was implemented
+ to support back-door modification of png_struct in libpng-1.4.x
+ but (because it does nothing and cannot do anything) was apparently
+ never tested (John Bowler).
+ Fixed cexcept.h in which GCC 5 now reports that one of the auto
+ variables in the Try macro needs to be volatile to prevent value
+ being lost over the setjmp (John Bowler).
+ Fixed NO_WRITE_FILTER and -Wconversion build breaks (John Bowler).
+ Fix g++ build breaks (John Bowler).
+ Quieted some Coverity issues in pngfix.c, png-fix-itxt.c, pngvalid.c,
+ pngstest.c, and pngimage.c. Most seem harmless, but png-fix-itxt
+ would only work with iTXt chunks with length 255 or less.
+ Added #ifdef's to contrib/examples programs so people don't try
+ to compile them without the minimum required support enabled
+ (suggested by Flavio Medeiros).
+
+Version 1.6.18beta08 [June 30, 2015]
+ Eliminated the final two Coverity defects (insecure temporary file
+ handling in contrib/libtests/pngstest.c; possible overflow of
+ unsigned char in contrib/tools/png-fix-itxt.c). To use the "secure"
+ file handling, define PNG_USE_MKSTEMP, otherwise "tmpfile()" will
+ be used.
+ Removed some unused WEIGHTED_FILTER macros from png.h and pngstruct.h
+
+Version 1.6.18beta09 [July 5, 2015]
+ Removed some useless typecasts from contrib/tools/png-fix-itxt.c
+ Fixed a new signed-unsigned comparison in pngrtran.c (Max Stepin).
+ Replaced arbitrary use of 'extern' with #define PNG_LINKAGE_*. To
+ preserve API compatibility, the new defines all default to "extern"
+ (requested by Jan Nijtmans).
+
+Version 1.6.18rc01 [July 9, 2015]
+ Belatedly added Mans Rullgard and James Yu to the list of Contributing
+ Authors.
+
+Version 1.6.18rc02 [July 12, 2015]
+ Restored unused FILTER_HEURISTIC macros removed at libpng-1.6.18beta08
+ to png.h to avoid compatibility warnings.
+
+Version 1.6.18rc03 [July 15, 2015]
+ Minor changes to the man page
+
+Version 1.6.18 [July 23, 2015]
+ No changes.
+
+Version 1.6.19beta01 [July 30, 2015]
+ Updated obsolete information about the simplified API macros in the
+ manual pages (Bug report by Arc Riley).
+ Avoid potentially dereferencing NULL info_ptr in png_info_init_3().
+ Rearranged png.h to put the major sections in the same order as
+ in libpng17.
+ Eliminated unused PNG_COST_SHIFT, PNG_WEIGHT_SHIFT, PNG_COST_FACTOR, and
+ PNG_WEIGHT_FACTOR macros.
+ Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler
+ (Bug report by Viktor Szakats). Several warnings remain and are
+ unavoidable, where we test for overflow.
+ Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
+ Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
+
+Version 1.6.19beta02 [August 19, 2015]
+ Moved config.h.in~ from the "libpng_autotools_files" list to the
+ "libpng_autotools_extra" list in autogen.sh because it was causing a
+ false positive for missing files (bug report by Robert C. Seacord).
+ Removed unreachable "break" statements in png.c, pngread.c, and pngrtran.c
+ to suppress clang warnings (Bug report by Viktor Szakats).
+ Fixed some bad links in the man page.
+ Changed "n bit" to "n-bit" in comments.
+ Added signed/unsigned 16-bit safety net. This removes the dubious
+ 0x8000 flag definitions on 16-bit systems. They aren't supported
+ yet the defs *probably* work, however it seems much safer to do this
+ and be advised if anyone, contrary to advice, is building libpng 1.6
+ on a 16-bit system. It also adds back various switch default clauses
+ for GCC; GCC errors out if they are not present (with an appropriately
+ high level of warnings).
+ Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert
+ Seacord).
+ Fixed the recently reported 1's complement security issue by replacing
+ the value that is illegal in the PNG spec, in both signed and unsigned
+ values, with 0. Illegal unsigned values (anything greater than or equal
+ to 0x80000000) can still pass through, but since these are not illegal
+ in ANSI-C (unlike 0x80000000 in the signed case) the checking that
+ occurs later can catch them (John Bowler).
+
+Version 1.6.19beta03 [September 26, 2015]
+ Fixed png_save_int_32 when int is not 2's complement (John Bowler).
+ Updated libpng16 with all the recent test changes from libpng17,
+ including changes to pngvalid.c to ensure that the original,
+ distributed, version of contrib/visupng/cexcept.h can be used
+ (John Bowler).
+ pngvalid contains the correction to the use of SAVE/STORE_
+ UNKNOWN_CHUNKS; a bug revealed by changes in libpng 1.7. More
+ tests contain the --strict option to detect warnings and the
+ pngvalid-standard test has been corrected so that it does not
+ turn on progressive-read. There is a separate test which does
+ that. (John Bowler)
+ Also made some signed/unsigned fixes.
+ Make pngstest error limits version specific. Splitting the machine
+ generated error structs out to a file allows the values to be updated
+ without changing pngstest.c itself. Since libpng 1.6 and 1.7 have
+ slightly different error limits this simplifies maintenance. The
+ makepngs.sh script has also been updated to more accurately reflect
+ current problems in libpng 1.7 (John Bowler).
+ Incorporated new test PNG files into make check. tests/pngstest-*
+ are changed so that the new test files are divided into 8 groups by
+ gamma and alpha channel. These tests have considerably better code
+ and pixel-value coverage than contrib/pngsuite; however,coverage is
+ still incomplete (John Bowler).
+ Removed the '--strict' in 1.6 because of the double-gamma-correction
+ warning, updated pngstest-errors.h for the errors detected with the
+ new contrib/testspngs PNG test files (John Bowler).
+
+Version 1.6.19beta04 [October 15, 2015]
+ Worked around rgb-to-gray issues in libpng 1.6. The previous
+ attempts to ignore the errors in the code aren't quite enough to
+ deal with the 'channel selection' encoding added to libpng 1.7; abort.
+ pngvalid.c is changed to drop this encoding in prior versions.
+ Fixed 'pow' macros in pngvalid.c. It is legal for 'pow' to be a
+ macro, therefore the argument list cannot contain preprocessing
+ directives. Make sure pow is a function where this happens. This is
+ a minimal safe fix, the issue only arises in non-performance-critical
+ code (bug report by Curtis Leach, fix by John Bowler).
+ Added sPLT support to pngtest.c
+
+Version 1.6.19rc01 [October 23, 2015]
+ No changes.
+
+Version 1.6.19rc02 [October 31, 2015]
+ Prevent setting or writing over-length PLTE chunk (Cosmin Truta).
+ Silently truncate over-length PLTE chunk while reading.
+ Libpng incorrectly calculated the output rowbytes when the application
+ decreased either the number of channels or the bit depth (or both) in
+ a user transform. This was safe; libpng overallocated buffer space
+ (potentially by quite a lot; up to 4 times the amount required) but,
+ from 1.5.4 on, resulted in a png_error (John Bowler).
+
+Version 1.6.19rc03 [November 3, 2015]
+ Fixed some inconsequential cut-and-paste typos in png_set_cHRM_XYZ_fixed().
+ Clarified COPYRIGHT information to state explicitly that versions
+ are derived from previous versions.
+ Removed much of the long list of previous versions from png.h and
+ libpng.3.
+
+Version 1.6.19rc04 [November 5, 2015]
+ Fixed new bug with CRC error after reading an over-length palette
+ (bug report by Cosmin Truta) (CVE-2015-8126).
+
+Version 1.6.19 [November 12, 2015]
+ Cleaned up coding style in png_handle_PLTE().
+
+Version 1.6.20beta01 [November 20, 2015]
+ Avoid potential pointer overflow/underflow in png_handle_sPLT() and
+ png_handle_pCAL() (Bug report by John Regehr).
+
+Version 1.6.20beta02 [November 23, 2015]
+ Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
+ not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
+ vulnerability. Fixes CVE-2015-8472.
+
+Version 1.6.20beta03 [November 24, 2015]
+ Backported tests from libpng-1.7.0beta69.
+
+Version 1.6.20rc01 [November 26, 2015]
+ Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
+ American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't
+ immediately fault a bad CMINFO field; instead a 'too far back' error
+ happens later (at least some times). pngfix failed to limit CMINFO to
+ the allowed values but then assumed that window_bits was in range,
+ triggering an assert. The bug is mostly harmless; the PNG file cannot
+ be fixed.
+
+Version 1.6.20rc02 [November 29, 2015]
+ In libpng 1.6 zlib initialization was changed to use the window size
+ in the zlib stream, not a fixed value. This causes some invalid images,
+ where CINFO is too large, to display 'correctly' if the rest of the
+ data is valid. This provides a workaround for zlib versions where the
+ error arises (ones that support the API change to use the window size
+ in the stream).
+
+Version 1.6.20 [December 3, 2015]
+ No changes.
+
+Version 1.6.21beta01 [December 11, 2015]
+ Fixed syntax "$(command)" in tests/pngstest that some shells other than
+ bash could not parse (Bug report by Nelson Beebe). Use `command` instead.
+
+Version 1.6.21beta02 [December 14, 2015]
+ Moved png_check_keyword() from pngwutil.c to pngset.c
+ Removed LE/BE dependencies in pngvalid, to 'fix' the current problem
+ in the BigEndian tests by not testing it, making the BE code the same
+ as the LE version.
+ Fixes to pngvalid for various reduced build configurations (eliminate unused
+ statics) and a fix for the case in rgb_to_gray when the digitize option
+ reduces graylo to 0, producing a large error.
+
+Version 1.6.21beta03 [December 18, 2015]
+ Widened the 'limit' check on the internally calculated error limits in
+ the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error
+ checks) and changed the check to only operate in non-release builds
+ (base build type not RC or RELEASE.)
+ Fixed undefined behavior in pngvalid.c, undefined because
+ (png_byte) << shift is undefined if it changes the signed bit
+ (because png_byte is promoted to int). The libpng exported functions
+ png_get_uint_32 and png_get_uint_16 handle this. (Bug reported by
+ David Drysdale as a result of reports from UBSAN in clang 3.8).
+ This changes pngvalid to use BE random numbers; this used to produce
+ errors but these should not be fixed as a result of the previous changes.
+
+Version 1.6.21rc01 [January 4, 2016]
+ In projects/vstudio, combined readme.txt and WARNING into README.txt
+
+Version 1.6.21rc02 [January 7, 2016]
+ Relocated assert() in contrib/tools/pngfix.c, bug found by American
+ Fuzzy Lop, reported by Brian Carpenter.
+ Marked 'limit' UNUSED in transform_range_check(). This only affects
+ release builds.
+
+Version 1.6.21 [January 15, 2016]
+ Worked around a false-positive Coverity issue in pngvalid.c.
+
+Version 1.6.22beta01 [January 23, 2016]
+ Changed PNG_USE_MKSTEMP to __COVERITY__ to select alternate
+ "tmpfile()" implementation in contrib/libtests/pngstest.c
+ Fixed NO_STDIO build of pngunknown.c to skip calling png_init_io()
+ if there is no stdio.h support.
+ Added a png_image_write_to_memory() API and a number of assist macros
+ to allow an application that uses the simplified API write to bypass
+ stdio and write directly to memory.
+ Added some warnings (png.h) and some check code to detect *possible*
+ overflow in the ROW_STRIDE and simplified image SIZE macros. This
+ disallows image width/height/format that *might* overflow. This is
+ a quiet API change that limits in-memory image size (uncompressed) to
+ less than 4GByte and image row size (stride) to less than 2GByte.
+ Revised workaround for false-positive Coverity issue in pngvalid.c.
+
+Version 1.6.22beta02 [February 8, 2016]
+ Only use exit(77) in configure builds.
+ Corrected error in PNG_IMAGE_PNG_SIZE_MAX. This new macro underreported
+ the palette size because it failed to take into account that the memory
+ palette has to be expanded to full RGB when it is written to PNG.
+ Updated CMakeLists.txt, added supporting scripts/gen*.cmake.in
+ and test.cmake.in (Roger Leigh).
+ Relaxed limit checks on gamma values in pngrtran.c. As suggested in
+ the comments gamma values outside the range currently permitted
+ by png_set_alpha_mode are useful for HDR data encoding. These values
+ are already permitted by png_set_gamma so it is reasonable caution to
+ extend the png_set_alpha_mode range as HDR imaging systems are starting
+ to emerge.
+
+Version 1.6.22beta03 [March 9, 2016]
+ Added a common-law trademark notice and export control information
+ to the LICENSE file, png.h, and the man page.
+ Restored "& 0xff" in png_save_uint_16() and png_save_uint_32() that
+ were accidentally removed from libpng-1.6.17.
+ Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0xnnnn to 0xnnnnU in png.h
+ (Robert C. Seacord).
+ Removed dubious "#if INT_MAX" test from png.h that was added to
+ libpng-1.6.19beta02 (John Bowler).
+ Add ${INCLUDES} in scripts/genout.cmake.in (Bug report by Nixon Kwok).
+ Updated LICENSE to say files in the contrib directory are not
+ necessarily under the libpng license, and that some makefiles have
+ other copyright owners.
+ Added INTEL-SSE2 support (Mike Klein and Matt Sarett, Google, Inc.).
+ Made contrib/libtests/timepng more robust. The code no longer gives
+ up/fails on invalid PNG data, it just skips it (with error messages).
+ The code no longer fails on PNG files with data beyond IEND. Options
+ exist to use png_read_png (reading the whole image, not by row) and, in
+ that case, to apply any of the supported transforms. This makes for
+ more realistic testing; the decoded data actually gets used in a
+ meaningful fashion (John Bowler).
+ Fixed some misleading indentation (Krishnaraj Bhat).
+
+Version 1.6.22beta04 [April 5, 2016]
+ Force GCC compilation to C89 if needed (Dagobert Michelsen).
+ SSE filter speed improvements for bpp=3:
+ memcpy-free implementations of load3() / store3().
+ call load3() only when needed at the end of a scanline.
+
+Version 1.6.22beta05 [April 27, 2016]
+ Added PNG_FAST_FILTERS macro (defined as
+ PNG_FILTER_NONE|PNG_FILTER_SUB|PNG_FILTER_UP).
+ Various fixes for contrib/libtests/timepng.c
+ Moved INTEL-SSE code from pngpriv.h into contrib/intel/intel_sse.patch.
+ Fixed typo (missing underscore) in #define PNG_READ_16_TO_8_SUPPORTED
+ (Bug report by Y.Ohashik).
+
+Version 1.6.22beta06 [May 5, 2016]
+ Rebased contrib/intel_sse.patch.
+ Quieted two Coverity issues in contrib/libtests/timepng.c.
+ Fixed issues with scripts/genout.cmake.in (David Capello, Nixon Kwok):
+ Added support to use multiple directories in ZLIBINCDIR variable,
+ Fixed CMAKE_C_FLAGS with multiple values when genout is compiled on MSVC,
+ Fixed pnglibconf.c compilation on OS X including the sysroot path.
+
+Version 1.6.22rc01 [May 14, 2016]
+ No changes.
+
+Version 1.6.22rc02 [May 16, 2016]
+ Removed contrib/timepng from default build; it does not build on platforms
+ that don't supply clock_gettime().
+
+Version 1.6.22rc03 [May 17, 2016]
+ Restored contrib/timepng to default build but check for the presence
+ of clock_gettime() in configure.ac and Makefile.am.
+
+Version 1.6.22 [May 26, 2016]
+ No changes.
+
+Version 1.6.23beta01 [May 29, 2016]
+ Stop a potential memory leak in png_set_tRNS() (Bug report by Ted Ying).
+ Fixed the progressive reader to handle empty first IDAT chunk properly
+ (patch by Timothy Nikkel). This bug was introduced in libpng-1.6.0 and
+ only affected the libpng16 branch.
+ Added tests in pngvalid.c to check zero-length IDAT chunks in various
+ positions. Fixed the sequential reader to handle these more robustly
+ (John Bowler).
+
+Version 1.6.23rc01 [June 2, 2016]
+ Corrected progressive read input buffer in pngvalid.c. The previous version
+ the code invariably passed just one byte at a time to libpng. The intent
+ was to pass a random number of bytes in the range 0..511.
+ Moved sse2 prototype from pngpriv.h to contrib/intel/intel_sse.patch.
+ Added missing ")" in pngerror.c (Matt Sarrett).
+
+Version 1.6.23rc02 [June 4, 2016]
+ Fixed undefined behavior in png_push_save_buffer(). Do not call
+ memcpy() with a null source, even if count is zero (Leon Scroggins III).
+
+Version 1.6.23 [June 9, 2016]
+ Fixed bad link to RFC2083 in png.5 (Nikola Forro).
+
+Version 1.6.24beta01 [June 11, 2016]
+ Avoid potential overflow of the PNG_IMAGE_SIZE macro. This macro
+ is not used within libpng, but is used in some of the examples.
+
+Version 1.6.24beta02 [June 23, 2016]
+ Correct filter heuristic overflow handling. This was broken when the
+ write filter code was moved out-of-line; if there is a single filter and
+ the heuristic sum overflows the calculation of the filtered line is not
+ completed. In versions prior to 1.6 the code was duplicated in-line
+ and the check not performed, so the filter operation completed; however,
+ in the multi-filter case where the sum is performed the 'none' filter would
+ be selected if all the sums overflowed, even if it wasn't in the filter
+ list. The fix to the first problem is simply to provide PNG_SIZE_MAX as
+ the current lmins sum value; this means the sum can never exceed it and
+ overflows silently. A reasonable compiler that does choose to inline
+ the code will simply eliminate the sum check.
+ The fix to the second problem is to use high precision arithmetic (this is
+ implemented in 1.7), however a simple safe fix here is to chose the lowest
+ numbered filter in the list from png_set_filter (this only works if the
+ first problem is also fixed) (John Bowler).
+ Use a more efficient absolute value calculation on SSE2 (Matthieu Darbois).
+ Fixed the case where PNG_IMAGE_BUFFER_SIZE can overflow in the application
+ as a result of the application using an increased 'row_stride'; previously
+ png_image_finish_read only checked for overflow on the base calculation of
+ components. (I.e. it checked for overflow of a 32-bit number on the total
+ number of pixel components in the output format, not the possibly padded row
+ length and not the number of bytes, which for linear formats is twice the
+ number of components.)
+ MSVC does not like '-(unsigned)', so replaced it with 0U-(unsigned)
+ MSVC does not like (uInt) = -(unsigned) (i.e. as an initializer), unless
+ the conversion is explicitly invoked by a cast.
+ Put the SKIP definition in the correct place. It needs to come after the
+ png.h include (see all the other .c files in contrib/libtests) because it
+ depends on PNG_LIBPNG_VER.
+ Removed the three compile warning options from the individual project
+ files into the zlib.props globals. It increases the warning level from 4
+ to All and adds a list of the warnings that need to be turned off. This is
+ semi-documentary; the intent is to tell libpng users which warnings have
+ been examined and judged non-fixable at present. The warning about
+ structure padding is fixable, but it would be a signficant change (moving
+ structure members around).
+
+Version 1.6.24beta03 [July 4, 2016]
+ Optimized absolute value calculation in filter selection, similar to
+ code in the PAETH decoder in pngrutil.c. Build with PNG_USE_ABS to
+ use this.
+ Added pngcp to the build together with a pngcp.dfa configuration test.
+ Added high resolution timing to pngcp.
+ Added "Common linking failures" section to INSTALL.
+ Relocated misplaced #endif in png.c sRGB profile checking.
+ Fixed two Coverity issues in pngcp.c.
+
+Version 1.6.24beta04 [July 8, 2016]
+ Avoid filter-selection heuristic sum calculations in cases where only one
+ filter is a candidate for selection. This trades off code size (added
+ private png_setup_*_row_only() functions) for speed.
+
+Version 1.6.24beta05 [July 13, 2016]
+ Fixed some indentation to comply with our coding style.
+ Added contrib/tools/reindent.
+
+Version 1.6.24beta06 [July 18, 2016]
+ Fixed more indentation to comply with our coding style.
+ Eliminated unnecessary tests of boolean png_isaligned() vs 0.
+
+Version 1.6.24rc01 [July 25, 2016]
+ No changes.
+
+Version 1.6.24rc02 [August 1, 2016]
+ Conditionally compile SSE2 headers in contrib/intel/intel_sse.patch
+ Conditionally compile png_decompress_chunk().
+
+Version 1.6.24rc03 [August 2, 2016]
+ Conditionally compile ARM_NEON headers in pngpriv.h
+ Updated contrib/intel/intel_sse.patch
+
+Version 1.6.24[August 4, 2016]
+ No changes.
+
+Version 1.6.25beta01 [August 12, 2016]
+ Reject oversized iCCP profile immediately.
+ Cleaned up PNG_DEBUG compile of pngtest.c.
+ Conditionally compile png_inflate().
+
+Version 1.6.25beta02 [August 18, 2016]
+ Don't install pngcp; it conflicts with pngcp in the pngtools package.
+ Minor editing of INSTALL, (whitespace, added copyright line)
+
+Version 1.6.25rc01 [August 24, 2016]
+ No changes.
+
+Version 1.6.25rc02 [August 29, 2016]
+ Added MIPS support (Mandar Sahastrabuddhe <Mandar.Sahastrabuddhe@imgtec.com>).
+ Only the UP filter is currently implemented.
+
+Version 1.6.25rc03 [August 29, 2016]
+ Rebased contrib/intel/intel_sse.patch after the MIPS implementation.
+
+Version 1.6.25rc04 [August 30, 2016]
+ Added MIPS support for SUB, AVG, and PAETH filters (Mandar Sahastrabuddhe).
+
+Version 1.6.25rc05 [August 30, 2016]
+ Rebased contrib/intel/intel_sse.patch after the MIPS implementation update..
+
+Version 1.6.25 [September 1, 2016]
+ No changes.
+
+Version 1.6.26beta01 [September 26, 2016]
+ Fixed handling zero length IDAT in pngfix (bug report by Agostino Sarubbo,
+ bugfix by John Bowler).
+ Do not issue a png_error() on read in png_set_pCAL() because png_handle_pCAL
+ has allocated memory that libpng needs to free.
+ Conditionally compile png_set_benign_errors() in pngread.c and pngtest.c
+ Issue a png_benign_error instead of a png_error on ADLER32 mismatch
+ while decoding compressed data chunks.
+ Changed PNG_ZLIB_VERNUM to ZLIB_VERNUM in pngpriv.h, pngstruct.h, and
+ pngrutil.c.
+ If CRC handling of critical chunks has been set to PNG_CRC_QUIET_USE,
+ ignore the ADLER32 checksum in the IDAT chunk as well as the chunk CRCs.
+ Issue png_benign_error() on ADLER32 checksum mismatch instead of png_error().
+ Add tests/badcrc.png and tests/badadler.png to tests/pngtest.
+ Merged pngtest.c with libpng-1.7.0beta84/pngtest.c
+
+Version 1.6.26beta02 [October 1, 2016]
+ Updated the documentation about CRC and ADLER32 handling.
+ Quieted 117 warnings from clang-3.8 in pngtrans.c, pngread.c,
+ pngwrite.c, pngunknown.c, and pngvalid.c.
+ Quieted 58 (out of 144) -Wconversion compiler warnings by changing
+ flag definitions in pngpriv.h from 0xnnnn to 0xnnnnU and trivial changes
+ in png.c, pngread.c, and pngwutil.c.
+
+Version 1.6.26beta03 [October 2, 2016]
+ Removed contrib/libtests/*.orig and *.rej that slipped into the tarballs.
+ Quieted the 86 remaining -Wconversion compiler warnings by
+ revising the png_isaligned() macro and trivial changes in png.c,
+ pngerror.c, pngget.c, pngmem.c, pngset.c, pngrtran.c, pngrutil.c,
+ pngwtran.c, pngwrite.c, and pngwutil.c.
+
+Version 1.6.26beta04 [October 3, 2016]
+ Quieted (bogus?) clang warnings about "absolute value has no effect"
+ when PNG_USE_ABS is defined.
+ Fixed offsets in contrib/intel/intel_sse.patch
+
+Version 1.6.26beta05 [October 6, 2016]
+ Changed integer constant 4294967294 to unsigned 4294967294U in pngconf.h
+ to avoid a signed/unsigned compare in the preprocessor.
+
+Version 1.6.26beta06 [October 7, 2016]
+ Use zlib-1.2.8.1 inflateValidate() instead of inflateReset2() to
+ optionally avoid ADLER32 evaluation.
+
+Version 1.6.26rc01 [October 12, 2016]
+ No changes.
+
+Version 1.6.26 [October 20, 2016]
+ Cosmetic change, "ptr != 0" to "ptr != NULL" in png.c and pngrutil.c
+ Despammed email addresses (replaced "@" with " at ").
+
+Version 1.6.27beta01 [November 2, 2016]
+ Restrict the new ADLER32-skipping to IDAT chunks. It broke iCCP chunk
+ handling: an erroneous iCCP chunk would throw a png_error and reject the
+ entire PNG image instead of rejecting just the iCCP chunk with a warning,
+ if built with zlib-1.2.8.1.
+
+Version 1.6.27rc01 [December 27, 2016]
+ Control ADLER32 checking with new PNG_IGNORE_ADLER32 option.
+ Removed the use of a macro containing the pre-processor 'defined'
+ operator. It is unclear whether this is valid; a macro that
+ "generates" 'defined' is not permitted, but the use of the word
+ "generates" within the C90 standard seems to imply more than simple
+ substitution of an expression itself containing a well-formed defined
+ operation.
+ Added ARM support to CMakeLists.txt (Andreas Franek).
+
+Version 1.6.27 [December 29, 2016]
+ Fixed a potential null pointer dereference in png_set_text_2() (bug report
+ and patch by Patrick Keshishian, CVE-2016-10087).
+
+Version 1.6.28rc01 [January 3, 2017]
+ Fixed arm/aarch64 detection in CMakeLists.txt (Gianfranco Costamagna).
+ Added option to Cmake build allowing a custom location of zlib to be
+ specified in a scenario where libpng is being built as a subproject
+ alongside zlib by another project (Sam Serrels).
+ Changed png_ptr->options from a png_byte to png_uint_32, to accomodate
+ up to 16 options.
+
+Version 1.6.28rc02 [January 4, 2017]
+ Added "include(GNUInstallDirs)" to CMakeLists.txt (Gianfranco Costamagna).
+ Moved SSE2 optimization code into the main libpng source directory.
+ Configure libpng with "configure --enable-intel-sse" or compile
+ libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it.
+
+Version 1.6.28rc03 [January 4, 2017]
+ Backed out the SSE optimization and last CMakeLists.txt to allow time for QA.
+
+Version 1.6.28 [January 5, 2017]
+ No changes.
+
+Version 1.6.29beta01 [January 12, 2017]
+ Readded "include(GNUInstallDirs)" to CMakeLists.txt (Gianfranco Costamagna).
+ Moved SSE2 optimization code into the main libpng source directory.
+ Configure libpng with "configure --enable-intel-sse" or compile
+ libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it.
+ Simplified conditional compilation in pngvalid.c, for AIX (Michael Felt).
+
+Version 1.6.29beta02 [February 22, 2017]
+ Avoid conditional directives that break statements in pngrutil.c (Romero
+ Malaquias)
+ The contrib/examples/pngtopng.c recovery code was in the wrong "if"
+ branches; the comments were correct.
+ Added code for PowerPC VSX optimisation (Vadim Barkov).
+
+Version 1.6.29beta03 [March 1, 2017]
+ Avoid potential overflow of shift operations in png_do_expand() (Aaron Boxer).
+ Change test ZLIB_VERNUM >= 0x1281 to ZLIB_VERNUM >= 0x1290 in pngrutil.c
+ because Solaris 11 distributes zlib-1.2.8.f that is older than 1.2.8.1.
+ Suppress clang warnings about implicit sign changes in png.c
+
+Version 1.6.29 [March 16, 2017]
+ No changes.
+
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
@@ -5212,3 +5824,4 @@ to subscribe)
or to glennrp at users.sourceforge.net
Glenn R-P
+#endif