commit e70993bde5522fae5f80791c5220dbe87c562261eb3d2f92c424b8b11e47f61d Author: Adrian Schröter Date: Fri May 3 15:29:54 2024 +0200 Sync from SUSE:SLFO:Main libpng16 revision f33a464f9aedfa07417dd3d272532d9e diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..7f289f9 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,12 @@ +libpng16-16 + obsoletes "libpng- < " + provides "libpng- = " +libpng16-devel + requires -libpng16- + requires "libpng16-16- = " +libpng16-compat-devel + requires -libpng16-compat- + requires "libpng16-devel- = " + conflicts "libpng-devel-" + provides "libpng-devel-" + diff --git a/libpng-1.6.43.tar.xz b/libpng-1.6.43.tar.xz new file mode 100644 index 0000000..253b3fd --- /dev/null +++ b/libpng-1.6.43.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6a5ca0652392a2d7c9db2ae5b40210843c0bbc081cbd410825ab00cc59f14a6c +size 1044076 diff --git a/libpng16.changes b/libpng16.changes new file mode 100644 index 0000000..c7bb895 --- /dev/null +++ b/libpng16.changes @@ -0,0 +1,1564 @@ +------------------------------------------------------------------- +Thu Mar 7 12:31:25 UTC 2024 - pgajdos@suse.com + +- version update to 1.6.43 + * Fixed the row width check in png_check_IHDR(). + This corrected a bug that was specific to the 16-bit platforms, + and removed a spurious compiler warning from the 64-bit builds. + (Reported by Jacek Caban; fixed by John Bowler) + * Added eXIf chunk support to the push-mode reader in pngpread.c. + (Contributed by Chris Blume) + * Added contrib/pngexif for the benefit of the users who would like + to inspect the content of eXIf chunks. + * Added contrib/conftest/basic.dfa, a basic build-time configuration. + (Contributed by John Bowler) + * Fixed a preprocessor condition in pngread.c that broke build-time + configurations like contrib/conftest/pngcp.dfa. + (Contributed by John Bowler) + * Added CMake build support for LoongArch LSX. + (Contributed by GuXiWei) + * Fixed a CMake build error that occurred under a peculiar state of the + dependency tree. This was a regression introduced in libpng-1.6.41. + (Contributed by Dan Rosser) + * Marked the installed libpng headers as system headers in CMake. + (Contributed by Benjamin Buch) + * Updated the build support for RISCOS. + (Contributed by Cameron Cawley) + * Updated the makefiles to allow cross-platform builds to initialize + conventional make variables like AR and ARFLAGS. + * Added various improvements to the CI scripts in areas like version + consistency verification and text linting. + * Added version consistency verification to pngtest.c also. + +------------------------------------------------------------------ +Sat Feb 17 04:39:45 UTC 2024 - Yann BOYER + +- Update to version 1.6.42: + * Fixed the implementation of the macro function "png_check_sig". + This was an API regression, introduced in libpng-1.6.41. + (Reported by Matthieu Darbois) + +------------------------------------------------------------------- +Thu Jun 22 18:04:49 UTC 2023 - Martin Pluskal + +- Update to version 1.6.40: + * Fixed the eXIf chunk multiplicity checks. + * Fixed a memory leak in pCAL processing. + * Corrected the validity report about tRNS inside png_get_valid(). + * Fixed various build issues on *BSD, Mac and Windows. + * Updated the configurations and the scripts for continuous integration. + * Cleaned up the code, the build scripts, and the documentation. + +------------------------------------------------------------------- +Mon May 15 07:30:04 UTC 2023 - pgajdos@suse.com + +- do not use NEON instructions [bsc#1211176] + +------------------------------------------------------------------- +Thu Apr 20 07:09:39 UTC 2023 - Frederic Crozat + +- Fix license tag to libpng-2.0. + +------------------------------------------------------------------- +Wed Feb 1 12:18:06 UTC 2023 - Dominique Leuenberger + +- Fix build: some*.la files are symlinks. Adjust spec to use + find -type f,l + +------------------------------------------------------------------- +Wed Feb 1 09:24:14 UTC 2023 - Dirk Müller + +- switch to pkgconfig(zlib) to allow alternative providers as well +- build with glibc hwcaps optimized libs + +------------------------------------------------------------------- +Fri Nov 25 11:49:52 UTC 2022 - Dominique Leuenberger + +- Update to version 1.6.39: + * cmake: Default to PNG_ARM_NEON=off for arm targets. + + Turn large PNG chunks into benign errors. + + Update, rename and clean up various scripts. + + tools: Fix a buffer overflow involving a file name in pngfix. + + tools: Fix a memory leak in pngcp. + +------------------------------------------------------------------- +Fri Sep 16 16:59:32 UTC 2022 - Dirk Müller + +- update to 1.6.38: + * Added configurations and scripts for continuous integration. + * Fixed various errors in the handling of tRNS, hIST and eXIf. + * Implemented many stability improvements across all platforms. + * Updated the internal documentation. + +------------------------------------------------------------------- +Wed May 4 09:10:44 UTC 2022 - Marcus Meissner + +- switch source url to https + +------------------------------------------------------------------- +Thu May 6 06:43:17 UTC 2021 - pgajdos@suse.com + +- install rpm macros in %{_rpmmacrodir} [bsc#1185661] +- call spec-cleaner + +------------------------------------------------------------------- +Thu Mar 11 13:26:15 UTC 2021 - Lubos Lunak + +- enable hardware optimizations (such as SSE) + +------------------------------------------------------------------- +Wed Apr 17 06:29:11 UTC 2019 - pgajdos@suse.com + +- make check actually works under asan + +------------------------------------------------------------------- +Mon Apr 15 15:02:33 UTC 2019 - pgajdos@suse.com + +- version update to 1.6.37 + Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free. + Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette. + Fixed a memory leak in pngtest.c. + Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in + contrib/pngminus; refactor. + Changed the license of contrib/pngminus to MIT; refresh makefile and docs. + (Contributed by Willem van Schaik) + Added makefiles for AddressSanitizer-enabled builds. +- deleted patches + - libpng-arm-free.patch (upstreamed) +- fixes [bsc#1121624] CVE-2019-6129 and [bsc#1124211] CVE-2019-7317 + +------------------------------------------------------------------- +Mon Jan 28 11:43:05 UTC 2019 - Petr Gajdos + +- fix arm build [bsc#1121829] + + libpng-arm-free.patch + +------------------------------------------------------------------- +Mon Jan 14 13:11:39 UTC 2019 - Petr Gajdos + +- asan_build: build ASAN included +- debug_build: build more suitable for debugging, install pngcp + +------------------------------------------------------------------- +Mon Dec 31 09:41:53 UTC 2018 - Petr Gajdos + +- update to 1.6.36: + Replaced the remaining uses of png_size_t with size_t (Cosmin) + Fixed the calculation of row_factor in png_check_chunk_length + (reported by Thuan Pham in SourceForge issue #278) + Added missing parentheses to a macro definition + (suggested by "irwir" in GitHub issue #216) + Optimized png_do_expand_palette for ARM processors. + Improved performance by around 10-22% on a recent ARM Chromebook. + (Contributed by Richard Townsend, ARM Holdings) + Fixed manipulation of machine-specific optimization options. + (Contributed by Vicki Pfau) + Used memcpy instead of manual pointer arithmetic on Intel SSE2. + (Contributed by Samuel Williams) + Fixed build errors with MSVC on ARM64. + (Contributed by Zhijie Liang) + Fixed detection of libm in CMakeLists. + (Contributed by Cameron Cawley) + Fixed incorrect creation of pkg-config file in CMakeLists. + (Contributed by Kyle Bentley) + Fixed the CMake build on Windows MSYS by avoiding symlinks. + Fixed a build warning on OpenBSD. + (Contributed by Theo Buehler) + Fixed various typos in comments. + (Contributed by "luz.paz") + Raised the minimum required CMake version from 3.0.2 to 3.1. + Removed yet more of the vestigial support for pre-ANSI C compilers. + Removed ancient makefiles for ancient systems that have been broken + across all previous libpng-1.6.x versions. + Removed the Y2K compliance statement and the export control + information. + Applied various code style and documentation fixes. +- removed patches + * libpng16-CVE-2018-13785.patch (upstreamed) +- cannot find upstream tarball signature, asked upstream for + clarification + +------------------------------------------------------------------- +Wed Aug 1 08:01:23 UTC 2018 - pgajdos@suse.com + +- security update: + * CVE-2018-13785 [bsc#1100687] + + libpng16-CVE-2018-13785.patch + +------------------------------------------------------------------- +Mon Feb 5 15:35:46 UTC 2018 - pgajdos@suse.com + +- %{libname} package provides libpng = %{version} again + [bsc#1079342] + +------------------------------------------------------------------- +Wed Jan 31 09:57:56 UTC 2018 - pgajdos@suse.com + +- check with -j1 + +------------------------------------------------------------------- +Tue Jan 30 21:56:04 UTC 2018 - jengelh@inai.de + +- Fix SRPM group and grammar issues. + +------------------------------------------------------------------- +Tue Jan 30 15:32:19 UTC 2018 - pgajdos@suse.com + +- removed obsoleted Obsoletes + +------------------------------------------------------------------- +Sun Jan 28 02:00:45 UTC 2018 - avindra@opensuse.org + +- update to 1.6.34: + * Removed contrib/pngsuite/i*.png; some of these were incorrect + and caused test failures. +- includes 1.6.33: + * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added + missing parenthesis in contrib/pngminus/pnm2png.c + * Fixed off-by-one error in png_do_check_palette_indexes() + * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc + to fix shortlived oss-fuzz issue 3234. + * Compute a larger limit on IDAT because some applications write + a deflate buffer for each row + * Use current date (DATE) instead of release-date (RDATE) in last + changed date of contrib/oss-fuzz files. + * Enabled ARM support in CMakeLists.txt + * Fixed incorrect typecast of some arguments to png_malloc() and + png_calloc() that were png_uint_32 instead of png_alloc_size_t + * Use pnglibconf.h.prebuilt when building for ANDROID with cmake + * Initialize memory allocated by png_inflate to zero, using + memset, to stop an oss-fuzz "use of uninitialized value" + detection in png_set_text_2() due to truncated iTXt or zTXt + chunk. + * Initialize memory allocated by png_read_buffer to zero, using + memset, to stop an oss-fuzz "use of uninitialized value" + detection in png_icc_check_tag_table() due to truncated iCCP + chunk. + * Removed redundant tests + * Added an interlaced version of each file in contrib/pngsuite. + * Relocate new memset() call in pngrutil.c + * Add support for loading images with associated alpha in the + Simplified API + * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 + state + * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc + * Add end_info structure and png_read_end() to the libpng fuzzer +- includes 1.6.32: + * Avoid possible NULL dereference in png_handle_eXIf when + benign_errors are allowed. Avoid leaking the input buffer + "eXIf_buf". + * Eliminated png_ptr->num_exif member from pngstruct.h and added + num_exif to arguments for png_get_eXIf() and png_set_eXIf(). + * Added calls to png_handle_eXIf(() in pngread.c and + png_write_eXIf() in pngwrite.c, and made various other fixes + to png_write_eXIf(). + * Changed name of png_get_eXIF and png_set_eXIf() to + png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid + breaking API compatibility with libpng-1.6.31. + * Updated contrib/libtests/pngunknown.c with eXIf chunk. + * Initialized btoa[] in pngstest.c + * Stop memory leak when returning from png_handle_eXIf() with an + error + * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). + * Update libpng.3 and libpng-manual.txt about eXIf functions. + * Restored png_get_eXIf() and png_set_eXIf() to maintain API + compatability. + * Removed png_get_eXIf_1() and png_set_eXIf_1(). + * Check length of all chunks except IDAT against user limit to + fix an OSS-fuzz issue (Fixes CVE-2017-12652) + * Check length of IDAT against maximum possible IDAT size, + accounting for height, rowbytes, interlacing and zlib/deflate + overhead. + * Restored png_get_eXIf_1() and png_set_eXIf_1(), because + strlen(eXIf_buf) does not work (the eXIf chunk data can + contain zeroes). + * Revised symlink creation, no longer using deprecated cmake + LOCATION feature + * Fixed five-byte error in the calculation of IDAT maximum + possible size. + * Moved chunk-length check into a png_check_chunk_length() + private function + * Moved bad pngs from tests to contrib/libtests/crashers + * Moved testing of bad pngs into a separate + tests/pngtest-badpngs script + * Added the --xfail (expected FAIL) option to pngtest.c. It + writes XFAIL in the output but PASS for the libpng test. + * Require cmake-3.0.2 in CMakeLists.txt + * Fix "const" declaration info_ptr argument to png_get_eXIf_1() + and the num_exif argument to png_get_eXIf_1() + * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). + * Added huge_IDAT.png and empty_ancillary_chunks.png to + testpngs/crashers. + * Make pngtest --strict, --relax, --xfail options imply -m + (multiple). + * Removed unused chunk_name parameter from png_check_chunk_length(). + * Relocated setting free_me for eXIf data, to stop an OSS-fuzz' + leak. + * Initialize profile_header[] in png_handle_iCCP() to fix + OSS-fuzz issue. + * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix + OSS-fuzz UMR. + * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. + * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), + to account for the minimum 'deflate' stream, and relocate the + test to a point after the keyword has been read. + * Check that the eXIf chunk has at least 2 bytes and begins with + "II" or "MM". + * Added a set of "huge_xxxx_chunk.png" files to + contrib/testpngs/crashers, one for each known chunk type, with + length = 2GB-1. + * Check for 0 return from png_get_rowbytes() and added some + (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity + issues (162705, 162706, and 162707). + * Renamed chunks in contrib/testpngs/crashers to avoid having + files whose names differ only in case; this causes problems with + some platforms + * Added contrib/oss-fuzz directory which contains files used by + the oss-fuzz project +- cleanup with spec-cleaner + +------------------------------------------------------------------- +Mon Aug 7 09:46:11 UTC 2017 - pgajdos@suse.com + +- update to 1.6.31: + * Guard the definition of _POSIX_SOURCE in pngpriv.h. + * Revised pngpriv.h to work around failure to compile + arm/filter_neon.S. + * Added "Requires: zlib" to libpng.pc.in. + * Added special case for FreeBSD in arm/filter_neon.S. + * Changed "int" to "png_size_t" in intel/filter_sse2.c to prevent + possible integer overflow. + * Added eXIf chunk support. +- remove upstreamed + 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch + +------------------------------------------------------------------- +Wed Jul 19 15:51:28 UTC 2017 - stefan.bruens@rwth-aachen.de + +- Drop png-version-info-only.patch, it has no effect after applying + 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch + Both patches achieve the same, prefer the upstream version + +------------------------------------------------------------------- +Fri Jul 14 15:57:51 UTC 2017 - stefan.bruens@rwth-aachen.de + +- Add 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch + Fix build on ARM + +------------------------------------------------------------------- +Mon Jul 10 15:11:14 UTC 2017 - schwab@suse.de + +- png-version-info-only.patch: fix missing PNG_VERSION_INFO_ONLY check + +------------------------------------------------------------------- +Fri Jun 30 15:48:21 UTC 2017 - pgajdos@suse.com + +- update to 1.6.30: + Revised documentation of png_get_error_ptr() in the libpng manual. + Document need to check for integer overflow when allocating a pixel + buffer for multiple rows in contrib/gregbook, contrib/pngminus, + example.c, and in the manual (suggested by Jaeseung Choi). This + is similar to the bug reported against pngquant in CVE-2016-5735. + Check for integer overflow in contrib/visupng and contrib/tools/genpng. + Do not double evaluate CMAKE_SYSTEM_PROCESSOR in CMakeLists.txt. + Avoid writing an empty IDAT when the last IDAT exactly fills the + compression buffer (bug report by Brian Baird). This bug was + introduced in libpng-1.6.0. + Add a reference to the libpng.download site in README. + +------------------------------------------------------------------- +Thu Mar 16 20:21:47 UTC 2017 - pgajdos@suse.com + +- update to 1.6.29: + Moved SSE2 optimization code into the main libpng source directory. + Configure libpng with "configure --enable-intel-sse" or compile + libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it. + Added code for PowerPC VSX optimisation (Vadim Barkov). + Avoid potential overflow of shift operations in png_do_expand() (Aaron Boxer). + +------------------------------------------------------------------- +Fri Jan 6 08:09:23 UTC 2017 - pgajdos@suse.com + +- update to 1.6.28: fix build issues + +------------------------------------------------------------------- +Mon Jan 2 11:09:08 UTC 2017 - pgajdos@suse.com + +- update to 1.6.27: fixes CVE-2016-10087 + +------------------------------------------------------------------- +Thu Oct 20 06:12:20 UTC 2016 - pgajdos@suse.com + +- update to 1.6.26: + Fixed handling zero length IDAT in pngfix (bug report by Agostino Sarubbo, + bugfix by John Bowler). + Do not issue a png_error() on read in png_set_pCAL() because + png_handle_pCAL has allocated memory that libpng needs to free. + Issue a png_benign_error instead of a png_error on ADLER32 mismatch + while decoding compressed data chunks. + Changed PNG_ZLIB_VERNUM to ZLIB_VERNUM in pngpriv.h, pngstruct.h, and + pngrutil.c. + If CRC handling of critical chunks has been set to PNG_CRC_QUIET_USE, + ignore the ADLER32 checksum in the IDAT chunk as well as the chunk CRCs. + Issue png_benign_error() on ADLER32 checksum mismatch instead of + png_error(). + Updated the documentation about CRC and ADLER32 handling. + Fixed offsets in contrib/intel/intel_sse.patch + Changed integer constant 4294967294 to unsigned 4294967294U in pngconf.h + to avoid a signed/unsigned compare in the preprocessor. + Use zlib-1.2.8.1 inflateValidate() instead of inflateReset2() to + optionally avoid ADLER32 evaluation. + +------------------------------------------------------------------- +Thu Sep 1 08:37:41 UTC 2016 - pgajdos@suse.com + +- update to 1.6.25: + Reject oversized iCCP profile immediately. + Conditionally compile png_inflate(). + Don't install pngcp; it conflicts with pngcp in the pngtools package. + Added MIPS support (Mandar Sahastrabuddhe < + +------------------------------------------------------------------- +Thu Aug 4 06:20:53 UTC 2016 - pgajdos@suse.com + +- update to 1.6.24: + Avoid potential overflow of the PNG_IMAGE_SIZE macro. + Correct filter heuristic overflow handling. + Use a more efficient absolute value calculation on SSE2. + Added pngcp. + etc. see ANNOUNCE + +------------------------------------------------------------------- +Wed Aug 3 22:30:08 UTC 2016 - rpm@fthiessen.de + +- Update to new upstream release 1.6.23 + * Fixes a potential memleak in png_set_tRNS. + * Fixed the progressive reader to handle empty first IDAT + chunk properly. + * Added tests in pngvalid.c to check zero-length IDAT chunks + in various positions. + * Fixed the sequential reader to handle these more robustly. + * Corrected progressive read input buffer in pngvalid.c. + * Moved sse2 prototype from pngpriv.h to + contrib/intel/intel_sse.patch. + * Fixed undefined behavior in png_push_save_buffer(). + Do not call memcpy() with a null source, even if count is zero. + * Fixed bad link to RFC2083 in png.5. + +------------------------------------------------------------------- +Thu May 26 14:55:11 UTC 2016 - pgajdos@suse.com + +- update to 1.6.22: + Added a png_image_write_to_memory() API and a number of assist macros + to allow an application that uses the simplified API write to bypass + stdio and write directly to memory. + Relaxed limit checks on gamma values in pngrtran.c. As suggested in + the comments gamma values outside the range currently permitted + by png_set_alpha_mode are useful for HDR data encoding. These values + are already permitted by png_set_gamma so it is reasonable caution to + extend the png_set_alpha_mode range as HDR imaging systems are starting + to emerge. + Restored "& 0xff" in png_save_uint_16() and png_save_uint_32() that + were accidentally removed from libpng-1.6.17. + Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0xnnnn to 0xnnnnU in png.h + (Robert C. Seacord). + Added INTEL-SSE2 support (Mike Klein and Matt Sarett, Google, Inc.). + SSE filter speed improvements for bpp=3: + memcpy-free implementations of load3() / store3(). + Added PNG_FAST_FILTERS macro (defined as + PNG_FILTER_NONE|PNG_FILTER_SUB|PNG_FILTER_UP). + +------------------------------------------------------------------- +Sun Jan 17 14:10:43 UTC 2016 - jengelh@inai.de + +- Update to new upstream release 1.6.21 +* Widened the 'limit' check on the internally calculated error limits in + the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error + checks) and changed the check to only operate in non-release builds + (base build type not RC or RELEASE.) +* Fixed undefined behavior in pngvalid.c, undefined because + (png_byte) << shift is undefined if it changes the signed bit + (because png_byte is promoted to int). The libpng exported functions + png_get_uint_32 and png_get_uint_16 handle this. + +------------------------------------------------------------------- +Thu Dec 3 15:11:03 UTC 2015 - pgajdos@suse.com + +- update to 1.6.20: + Avoid potential pointer overflow/underflow in png_handle_sPLT() and + png_handle_pCAL() (Bug report by John Regehr). + Fixed incorrect implementation of png_set_PLTE() that uses png_ptr + not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126 + vulnerability. + Backported tests from libpng-1.7.0beta69. + Fixed an error in handling of bad zlib CMINFO field in pngfix, found by + American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't + immediately fault a bad CMINFO field; instead a 'too far back' error + happens later (at least some times). pngfix failed to limit CMINFO to + the allowed values but then assumed that window_bits was in range, + triggering an assert. The bug is mostly harmless; the PNG file cannot + be fixed. + In libpng 1.6 zlib initialization was changed to use the window size + in the zlib stream, not a fixed value. This causes some invalid images, + where CINFO is too large, to display 'correctly' if the rest of the + data is valid. This provides a workaround for zlib versions where the + error arises (ones that support the API change to use the window size + in the stream). + +------------------------------------------------------------------- +Fri Nov 13 07:25:01 UTC 2015 - pgajdos@suse.com + +- update to 1.6.19: + Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c + Fixed uninitialized variable in contrib/gregbook/rpng2-x.c + Fixed the recently reported 1's complement security issue. + Fixed png_save_int_32 when int is not 2's complement by replacing + the value that is illegal in the PNG spec, in both signed and + unsigned values, with 0. + etc., see ANNOUNCE and CHANGES for details +- removed: libpng-rgb_to_gray-checks.patch (upstreamed) + +------------------------------------------------------------------- +Fri Aug 7 14:19:31 UTC 2015 - pgajdos@suse.com + +- drop unknown configure switch + +------------------------------------------------------------------- +Wed Apr 1 11:07:11 UTC 2015 - pgajdos@suse.com + +- Fixed rgb_to_gray checks and added tRNS checks to pngvalid.c. + + libpng-rgb_to_gray-checks.patch + +------------------------------------------------------------------- +Mon Mar 30 07:10:35 UTC 2015 - pgajdos@suse.com + +- updated to 1.6.17: + Corrected the width limit calculation in png_check_IHDR(). + Removed user limits from pngfix. Also pass NULL pointers to + png_read_row to skip the unnecessary row de-interlace stuff. + Implement previously untested cases of libpng transforms in pngvalid.c + Fixed byte order in 2-byte filler, in png_do_read_filler(). + Made the check for out-of-range values in png_set_tRNS() detect + values that are exactly 2^bit_depth, and work on 16-bit platforms. + Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47. + Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and + pngset.c to avoid warnings about dead code. + Do not build png_product2() when it is unused. + Display user limits in the output from pngtest. + Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column + and 1-million-row default limits in pnglibconf.dfa, that can be reset + by the user at build time or run time. This provides a more robust + defense against DOS and as-yet undiscovered overflows. + Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default. + Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins). + Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block + of png.h. + Free the unknown_chunks structure even when it contains no data. + Fixed simplified 8-bit-linear to sRGB alpha. The calculated alpha + value was wrong. It's not clear if this affected the final stored + value; in the obvious code path the upper and lower 8-bits of the + alpha value were identical and the alpha was truncated to 8-bits + rather than dividing by 257 (John Bowler). + +------------------------------------------------------------------- +Tue Jan 13 16:53:06 UTC 2015 - pgajdos@suse.com + +- build with PNG_SAFE_LIMITS_SUPPORTED [bnc#912076], [bnc#912929] + +------------------------------------------------------------------- +Mon Dec 29 14:25:02 UTC 2014 - pgajdos@suse.com + +- updated to 1.6.16: + * Restored a test on width that was removed from png.c at libpng-1.6.9 + (Bug report by Alex Eubanks). + * Fixed an overflow in png_combine_row with very wide interlaced images. + +------------------------------------------------------------------- +Thu Nov 20 20:06:41 UTC 2014 - pgajdos@suse.com + +- updated to 1.6.15: + * Avoid out-of-bounds memory access in png_user_version_check(). + * Fixed incorrect handling of the iTXt compression. + * Free all allocated memory in pngimage. + * Fixed array size calculations to avoid warnings. + etc. see ANNOUNCE + +------------------------------------------------------------------- +Fri Aug 22 05:55:11 UTC 2014 - pgajdos@suse.com + +- updated to 1.6.13: a "cleanup" release that have no security + fixes or new features. + +------------------------------------------------------------------- +Thu Jun 12 05:38:48 UTC 2014 - pgajdos@suse.com + +- updated to 1.6.12: + * bugfixes, almost build-related only + +------------------------------------------------------------------- +Fri Jun 6 06:19:35 UTC 2014 - pgajdos@suse.com + +- updated to 1.6.11: + * fixed CVE-2014-0333 + * other bugfixes +- removed libpng16-1.6.9-CVE-2014-0333.patch (upstreamed) + +------------------------------------------------------------------- +Tue Mar 4 09:58:48 UTC 2014 - pgajdos@suse.com + +- fixed CVE-2014-0333 [bnc#866298] + +- added patches: + * libpng16-1.6.6-CVE-2014-0333.patch + +------------------------------------------------------------------- +Fri Feb 7 07:32:55 UTC 2014 - pgajdos@suse.com + +- updated to 1.6.9: + Bookkeeping: Moved functions around (no changes). Moved transform + function definitions before the place where they are called so that + they can be masde static. Move the intrapixel functions and the + grayscale palette builder out of the png?tran.c files. The latter + isn't a transform function and is no longer used internally, and the + former MNG specific functions are better placed in pngread/pngwrite.c + Made transform implementation functions static. This makes the internal + functions called by png_do_{read|write}_transformations static. On an + x86-64 DLL build (Gentoo Linux) this reduces the size of the text + segment of the DLL by 1208 bytes, about 0.6%. It also simplifies + maintenance by removing the declarations from pngpriv.h and allowing + easier changes to the internal interfaces. + Rebuilt configure scripts with automake-1.14.1 and autoconf-2.69 + in the tar distributions. + Added checks for libpng 1.5 to pngvalid.c. This supports the use of + this version of pngvalid in libpng 1.5 + Merged with pngvalid.c from libpng-1.7 changes to create a single + pngvalid.c + Merged pngrio.c, pngtrans.c, pngwio.c, and pngerror.c with libpng-1.7.0 + Merged libpng-1.7.0 changes to make no-interlace configurations work + with test programs. + Revised pngvalid.c to support libpng 1.5, which does not support the + PNG_MAXIMUM_INFLATE_WINDOW option, so #define it out when appropriate + in pngvalid.c + Allow unversioned links created on install to be disabled in configure. + In configure builds 'make install' changes/adds links like png.h + and libpng.a to point to the newly installed, versioned, files (e.g. + libpng17/png.h and libpng17.a). Three new configure options and some + rearrangement of Makefile.am allow creation of these links to be + disabled. + Removed potentially misleading warning from png_check_IHDR(). + Updated scripts/makefile.* to use CPPFLAGS (Cosmin). + Added clang attribute support (Cosmin). + +------------------------------------------------------------------- +Fri Dec 20 07:08:48 UTC 2013 - pgajdos@suse.com + +- updated to 1.6.8: + Changed #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED in pngpread.c to + #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED to be consistent with + what is in pngpriv.h. + Moved prototype for png_handle_unknown() in pngpriv.h outside of + the #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED/#endif block. + Enabled WRITE_INVERT and WRITE_PACK in contrib/pngminim/encoder. + Fixed pngvalid 'fail' function declaration on the Intel C Compiler. + This reverts to the previous 'static' implementation and works round + the 'unused static function' warning by using PNG_UNUSED(). + Handle zero-length PLTE chunk or NULL palette with png_error() + instead of png_chunk_report(), which by default issues a warning + rather than an error, leading to later reading from a NULL pointer + (png_ptr->palette) in png_do_expand_palette(). This is CVE-2013-6954 + and VU#650142. + +------------------------------------------------------------------- +Mon Dec 2 09:35:17 UTC 2013 - pgajdos@suse.com + +- png_fix macro doesn't leave *.png.fixed (which happened for correct + PNGs) [bnc#852862] + +------------------------------------------------------------------- +Fri Nov 15 07:56:22 UTC 2013 - pgajdos@suse.com + +- updated to 1.6.7: + * Revised unknown chunk code to correct several bugs in the + NO_SAVE_/NO_WRITE combination + * Check user callback behavior in pngunknown.c. Previous versions + compiled if SAVE_UNKNOWN was not available but did nothing since the + callback was never implemented. + * Merged pngunknown.c with 1.7 version and back ported 1.7 + improvements/fixes + * Revised pngvalid to generate size images with as many filters as + it can manage, limited by the number of rows. + * ARM improvements/fixes + +------------------------------------------------------------------- +Wed Sep 25 08:08:55 UTC 2013 - pgajdos@suse.com + +- updated to 1.6.6: + * fix arm build + +------------------------------------------------------------------- +Thu Sep 12 13:21:53 UTC 2013 - pgajdos@suse.com + +- updated to 1.6.4: + * Added information about png_set_options() to the manual. + * Delay calling png_init_filter_functions() until a row with nonzero + filter is found. + * Fixed inconsistent conditional compilation of + png_chunk_unknown_handling() prototype, definition, and usage. + Made it depend on PNG_HANDLE_AS_UNKNOWN_SUPPORTED everywhere. + +------------------------------------------------------------------- +Fri Aug 30 14:08:02 UTC 2013 - coolo@suse.com + +- remove gpg-offline usage, libpng16 is too low in the build chain + +------------------------------------------------------------------- +Thu Aug 8 15:19:27 UTC 2013 - pgajdos@suse.com + +- png-fix-too-far-back was actually renamed to pngfix. Adjusted rpm + macro names accordingly, %png_fix and %png_fix_dir. + +------------------------------------------------------------------- +Tue Aug 6 08:53:22 UTC 2013 - pgajdos@suse.com + +- updated to 1.6.3: + * Added png-fix-itxt and png-fix-too-far-back to the built programs and + removed warnings from the source code and timepng that are revealed as + a result. + => new subpackage tools, created rpm macros + +------------------------------------------------------------------- +Fri Jun 21 18:36:31 UTC 2013 - crrodriguez@opensuse.org + +- Build with LFS_CFLAGS in 32 bit archs otherwise calls such + as png_image_begin_read_from_file() or png_image_write_to_file() + will fail to read/write huge images. + +- Build with Full RELRO as this library is a possible consumer + of malicuous images/files. + +------------------------------------------------------------------- +Fri Apr 26 07:15:01 UTC 2013 - pgajdos@suse.com + +- updated to 1.6.2: + Updated documentation of 1.5.x to 1.6.x changes in iCCP chunk handling. + Fixed incorrect warning of excess deflate data. End condition - the + warning would be produced if the end of the deflate stream wasn't read + in the last row. The warning is harmless. + Corrected the test on user transform changes on read. It was in the + png_set of the transform function, but that doesn't matter unless the + transform function changes the rowbuf size, and that is only valid if + transform_info is called. + Corrected a misplaced closing bracket in contrib/libtests/pngvalid.c + (Flavio Medeiros). + Corrected length written to uncompressed iTXt chunks (Samuli Suominen). + Added contrib/tools/fixitxt.c, to repair the erroneous iTXt chunk length + written by libpng-1.6.0 and 1.6.1. + Disallow storing sRGB information when the sRGB is not supported. + Merge pngtest.c with libpng-1.7.0 + +------------------------------------------------------------------- +Tue Apr 2 13:35:08 UTC 2013 - pgajdos@suse.com + +- conflict with libpng12-compat-devel-32bit and libpng15-compat-devel-32bit + +------------------------------------------------------------------- +Thu Mar 28 08:12:03 UTC 2013 - pgajdos@suse.com + +- updated to 1.6.1: + Made sRGB check numbers consistent. + Use parentheses more consistently in "#if defined(MACRO)" tests. + Reenabled code to allow zero length PLTE chunks for MNG. + Fixed ALIGNED_MEMORY support. + Avoid a possible memory leak in contrib/gregbook/readpng.c + Better documentation of unknown handling API interactions. + Corrected simplified API default gamma for color-mapped output, added + a flag to change default. In 1.6.0 when the simplified API was used + to produce color-mapped output from an input image with no gamma + information the gamma assumed for the input could be different from + that assumed for non-color-mapped output. In particular 16-bit depth + input files were assumed to be sRGB encoded, whereas in the 'direct' + case they were assumed to have linear data. This was an error. The + fix makes the simplified API treat all input files the same way and + adds a new flag to the png_image::flags member to allow the + application/user to specify that 16-bit files contain sRGB data + rather than the default linear. + etc., see ANNOUNCE or CHANGES for details +- dropped upstreamed + 0387-Reenable-code-to-allow-zero-length-PLTE-chunks-for-M.patch + +------------------------------------------------------------------- +Mon Mar 18 11:44:21 UTC 2013 - pgajdos@suse.com + +- allow zero length PLTE chunks + (fixes GraphicsMagick testsuite) + +------------------------------------------------------------------- +Mon Mar 4 07:50:46 UTC 2013 - pgajdos@suse.com + +- remove clean section + +------------------------------------------------------------------- +Thu Feb 14 07:52:36 UTC 2013 - pgajdos@suse.com + +- updated to 1.6.0 +- changes from 1.5.x to 1.6.x: + * new simplified api added: + macros: + PNG_FORMAT_* + PNG_IMAGE_* + structures: + png_control + png_image + read functions + png_image_begin_read_from_file() + png_image_begin_read_from_stdio() + png_image_begin_read_from_memory() + png_image_finish_read() + png_image_free() + write functions + png_image_write_to_file() + png_image_write_to_stdio() + * possibility to configure libpng to prefix all exported symbols + (PNG_PREFIX macro) + * no longer include string.h in png.h + * deprecated api: + png_info_init_3() + png_convert_to_rfc1123() which has been replaced + with png_convert_to_rfc1123_buffer() + png_data_freer() + png_malloc_default() + png_free_default() + png_reset_zstream() + * removed api: + png_get_io_chunk_name() + * signatures of many exported functions were changed, such that + png_structp became png_structrp or png_const_structrp + png_infop became png_inforp or png_const_inforp + where "rp" indicates a "restricted pointer". +- for more details see section XII of libpng-manual.txt or ANNOUNCE + +------------------------------------------------------------------- +Mon Jan 14 09:52:44 UTC 2013 - pgajdos@suse.com + +- updated to 1.6.0beta37 + +------------------------------------------------------------------- +Tue Nov 20 12:46:56 UTC 2012 - pgajdos@suse.com + +- updated to 1.6.0beta31 + +------------------------------------------------------------------- +Wed Oct 24 19:02:37 UTC 2012 - jengelh@inai.de + +- Add missing baselib requires for compat-devel-32bit + +------------------------------------------------------------------- +Mon Oct 15 12:01:18 UTC 2012 - pgajdos@suse.com + +- updated to 1.6.0beta29 + +------------------------------------------------------------------- +Wed Jul 11 09:32:57 UTC 2012 - pgajdos@suse.com + +- updated to 1.6.0beta26 + +------------------------------------------------------------------- +Fri Jun 15 10:42:53 UTC 2012 - pgajdos@suse.com + +- updated to 1.6.0beta24 + +------------------------------------------------------------------- +Thu Mar 29 13:15:43 UTC 2012 - pgajdos@suse.com + +- updated to 1.6.0beta20 + +------------------------------------------------------------------- +Wed Mar 14 11:28:57 UTC 2012 - pgajdos@suse.com + +- updated to 1.6.0beta17 + +------------------------------------------------------------------- +Mon Feb 20 09:56:15 UTC 2012 - pgajdos@suse.com + +- updated to 1.6.0beta12 + +------------------------------------------------------------------- +Mon Jan 9 08:57:38 UTC 2012 - pgajdos@suse.com + +- updated to 1.6.0beta04 + +------------------------------------------------------------------- +Mon Dec 19 08:24:37 UTC 2011 - pgajdos@suse.com + +- updated to 1.5.7: + Added support for ARM processor (Mans Rullgard) + Fixed bug in pngvalid on early allocation failure; fixed type cast in + pngmem.c; pngvalid would attempt to call png_error() if the allocation + of a png_struct or png_info failed. This would probably have led to a + crash. The pngmem.c implementation of png_malloc() included a cast + to png_size_t which would fail on large allocations on 16-bit systems. + Fix for the preprocessor of the Intel C compiler. The preprocessor + splits adjacent @ signs with a space; this changes the concatentation + token from @-@-@ to PNG_JOIN; that should work with all compiler + preprocessors. + Paeth filter speed improvements from work by Siarhei Siamashka. This + changes the 'Paeth' reconstruction function to improve the GCC code + generation on x86. The changes are only part of the suggested ones; + just the changes that definitely improve speed and remain simple. + The changes also slightly increase the clarity of the code. + Check compression_type parameter in png_get_iCCP and remove spurious + casts. The compression_type parameter is always assigned to, so must + be non-NULL. The cast of the profile length potentially truncated the + value unnecessarily on a 16-bit int system, so the cast of the (byte) + compression type to (int) is specified by ANSI-C anyway. + Fixed FP division by zero in pngvalid.c; the 'test_pixel' code left + the sBIT fields in the test pixel as 0, which resulted in a floating + point division by zero which was irrelevant but causes systems where + FP exceptions cause a crash. Added code to pngvalid to turn on FP + exceptions if the appropriate glibc support is there to ensure this is + tested in the future. + Updated scripts/pnglibconf.mak and scripts/makefile.std to handle the + new PNG_JOIN macro. + Added versioning to pnglibconf.h comments. + Simplified read/write API initial version; basic read/write tested on + a variety of images, limited documentation (in the header file.) + Installed more accurate linear to sRGB conversion tables. The slightly + modified tables reduce the number of 16-bit values that + convert to an off-by-one 8-bit value. The "makesRGB.c" code that was used + to generate the tables is now in a contrib/sRGBtables sub-directory. + etc. see CHANGES + +------------------------------------------------------------------- +Thu Dec 1 10:48:53 UTC 2011 - idoenmez@suse.de + +- Name field shouldn't contain a macro + +------------------------------------------------------------------- +Thu Dec 1 10:26:43 UTC 2011 - coolo@suse.com + +- add libtool as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 3 09:10:05 UTC 2011 - pgajdos@suse.com + +- updated to 1.5.6: + Fixed some 64-bit type conversion warnings in pngrtran.c + Moved row_info from png_struct to a local variable. + The various interlace mask arrays have been made into arrays of + bytes and made PNG_CONST and static (previously some arrays were + marked PNG_CONST and some weren't). + Additional checks have been added to the transform code to validate the + pixel depths after the transforms on both read and write. + Removed some redundant code from pngwrite.c, in png_desgtroy_write_struct(). + Changed chunk reading/writing code to use png_uint_32 instead of png_byte[4]. + This removes the need to allocate temporary strings for chunk names on + the stack in the read/write code. Unknown chunk handling still uses the + string form because this is exposed in the API. + Added a note in the manual the png_read_update_info() must be called only + once with a particular info_ptr. + Revised test-pngtest.sh to report FAIL when pngtest fails. + Added "--strict" option to pngtest, to report FAIL when the failure is + only because the resulting valid files are different. + Revised CMakeLists.txt to work with mingw and removed some material from + CMakeLists.txt that is no longer useful in libpng-1.5. + Fixed typo in Makefile.in and Makefile.am ("-M Wl" should be "-M -Wl")." + Speed up png_combine_row() for interlaced images. This reduces the generality + of the code, allowing it to be optimized for Adam7 interlace. The masks + passed to png_combine_row() are now generated internally, avoiding + some code duplication and localizing the interlace handling somewhat. + Align png_struct::row_buf - previously it was always unaligned, caused by + a bug in the code that attempted to align it; the code needs to subtract + one from the pointer to take account of the filter byte prepended to + each row. + Optimized png_combine_row() when rows are aligned. This gains a small + percentage for 16-bit and 32-bit pixels in the typical case where the + output row buffers are appropriately aligned. The optimization was not + previously possible because the png_struct buffer was always misaligned. + Removed two redundant tests for unitialized row. + Fixed a relatively harmless memory overwrite in compressed text writing + with a 1 byte zlib buffer. + Add ability to call png_read_update_info multiple times to pngvalid.c + Fixes for multiple calls to png_read_update_info. These fixes attend to + most of the errors revealed in pngvalid, however doing the gamma work + twice results in inaccuracies that can't be easily fixed. There is now + a warning in the code if this is going to happen. + Turned on multiple png_read_update_info in pngvalid transform tests. + Prevent libpng from overwriting unused bits at the end of the image when + it is not byte aligned, while reading. Prior to libpng-1.5.6 libpng would + overwrite the partial byte at the end of each row if the row width was not + an exact multiple of 8 bits and the image is not interlaced. + Made png_ptr->prev_row an aligned pointer into png_ptr->big_prev_row + (Mans Rullgard). + Changed misleading "Missing PLTE before cHRM" warning to "Out of place cHRM" + Added PNG_LSR() and PNG_LSL() macros to defend against buggy compilers that + evaluate non-taken code branches and complain about out-of-range shifts. + Renamed the local variable 'byte' because it appears in a MSYS header + file. + Added #define PNG_ALIGN_TYPE PNG_ALIGN_NONE to contrib/pngminim/*/pngusr.h + + +------------------------------------------------------------------- +Mon Sep 26 09:10:06 UTC 2011 - pgajdos@suse.com + +- updated to 1.5.5, fixes: + * CVE-2011-3328 [bnc#720017] + +------------------------------------------------------------------- +Tue Jul 26 13:15:52 UTC 2011 - pgajdos@novell.com + +- updated to 1.5.4, fixes: + * CVE-2011-2501 [bnc#702578] + * CVE-2011-2690 [bnc#706387] + * CVE-2011-2691 [bnc#706388] + * CVE-2011-2692 [bnc#706389] + +------------------------------------------------------------------- +Thu Mar 31 20:41:23 CEST 2011 - pgajdos@suse.cz + +- updated to 1.5.2: + * Turned on interlace handling in png_read_png(). + * Fixed gcc pendantic warnings. + * Fixed png_get_current_row_number() in the interlaced case. + * Cleaned up ALPHA flags and transformations. + * Implemented expansion to 16 bits. + * etc, see + http://sourceforge.net/projects/libpng/files/libpng15/1.5.2/ + +------------------------------------------------------------------- +Thu Feb 3 11:19:46 CET 2011 - pgajdos@suse.cz + +- updated to 1.5.1: new branch shortly after 1.4, many structural + changes, see CHANGELOG or + http://sourceforge.net/projects/libpng/files/libpng15/1.5.0/ + and + http://sourceforge.net/projects/libpng/files/libpng15/1.5.1/ + + +------------------------------------------------------------------- +Thu Sep 30 09:51:05 UTC 2010 - pgajdos@novell.com + +- updated to 1.4.4: + * Eliminated another deprecated reference to png_ptr->io_ptr in pngtest.c + * Updated the xcode project to work with libpng-1.4.x and added iOS targets + for simulator and device (Philippe Hausler). + * Eliminated a deprecated reference to png_ptr->io_ptr in pngtest.c + * Removed unused png_mem_* defines from pngconf.h. + * Updated the read macros and functions from 1.5.0beta38. + +------------------------------------------------------------------- +Mon Aug 30 14:22:24 UTC 2010 - coolo@novell.com + +- fix baselibs.conf after previous change + +------------------------------------------------------------------- +Thu Jul 29 15:14:31 CEST 2010 - pgajdos@suse.cz + +- add devel packages to baselbis.conf [bnc#625883] + +------------------------------------------------------------------- +Mon Jun 28 18:34:55 CEST 2010 - pgajdos@suse.cz + +- updated to 1.4.3: fixed libpng overflow (CVE-2010-1205) + and memory leak [bnc#617866] + +------------------------------------------------------------------- +Fri Jun 4 13:12:17 UTC 2010 - coolo@novell.com + +- remove devel packages from baselibs.conf, not convinced of + their usefulness + +------------------------------------------------------------------- +Mon May 3 11:31:11 CEST 2010 - dmueller@suse.de + +- also obsolete libpng-devel-1.2.43 (previous factory version) + +------------------------------------------------------------------- +Sat Apr 24 11:38:21 UTC 2010 - coolo@novell.com + +- buildrequire pkg-config to fix provides + +------------------------------------------------------------------- +Thu Apr 15 16:07:53 CEST 2010 - pgajdos@suse.cz + +- support png_read_dither() for xfig and transfig + * read-dither.patch + +------------------------------------------------------------------- +Tue Apr 6 18:24:43 CEST 2010 - ro@suse.de + +- fix baselibs.conf + +------------------------------------------------------------------- +Thu Mar 25 18:58:26 CET 2010 - pgajdos@suse.cz + +- updated to 1.4.1 -- new branch + +------------------------------------------------------------------- +Thu Feb 25 09:55:15 CET 2010 - pgajdos@suse.cz + +- updated to 1.2.43 (fixes [bnc#585403]): + * Removed "#define PNG_NO_ERROR_NUMBERS" that was inadvertently added + to pngconf.h in version 1.2.41. + * Removed leftover "-DPNG_CONFIGURE_LIBPNG" from scripts/makefile.darwin + and contrib/pngminim/*/makefile + * Relocated png_do_chop() to its original position in pngrtran.c; the + change in version 1.2.41beta08 caused transparency to be handled wrong + in some 16-bit datastreams (Yusaku Sugai). + * Renamed libpng-pc.in back to libpng.pc.in and revised CMakeLists.txt + (revising changes made in 1.2.41) + * Swapped PNG_UNKNOWN_CHUNKS_SUPPORTED and PNG_HANDLE_AS_UNKNOWN_SUPPORTED + in pngset.c to be consistent with other changes in version 1.2.38. + * Avoid deprecated references to png_ptr-io_ptr and png_ptr->error_ptr + in pngtest.c + +------------------------------------------------------------------- +Mon Dec 14 20:31:24 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Mon Dec 7 09:43:11 CET 2009 - pgajdos@suse.cz + +- updated to 1.2.41: + contains numerous cleanups, some new compile-time warnings about + direct struct access (define PNG_NO_PEDANTIC_WARNINGS to enable), + a new xcode build project, and a minor performance improvement + (avoid building 16-bit gamma tables when not needed) + +------------------------------------------------------------------- +Tue Nov 24 14:16:32 CET 2009 - pgajdos@suse.cz + +- updated to 1.2.40: + Removed an extra png_debug() recently added to png_write_find_filter(). + Fixed incorrect #ifdef in pngset.c regarding unknown chunk support. + Various bugfixes and improvements to CMakeLists.txt (Philip Lowman) + +------------------------------------------------------------------- +Tue Nov 3 19:09:28 UTC 2009 - coolo@novell.com + +- updated patches to apply with fuzz=0 + +------------------------------------------------------------------- +Thu Aug 13 15:56:07 CEST 2009 - pgajdos@suse.cz + +- updated to 1.2.39: + * Added a prototype for png_64bit_product() in png.c + * Avoid a possible NULL dereference in debug build, + in png_set_text_2() + * Relocated new png_64_bit_product() prototype into png.h + * Replaced *.tar.lzma with *.txz in distribution. + * Reject attempt to write iCCP chunk with negative embedded + profile length. + +------------------------------------------------------------------- +Mon Jul 20 13:59:43 CEST 2009 - pgajdos@suse.cz + +- updated to 1.2.38: + * Revised libpng*.txt and libpng.3 to mention calling png_set_IHDR() + multiple times and to specify the sample order in the tRNS chunk, + because the ISO PNG specification has a typo in the tRNS table. + * Changed several PNG_UNKNOWN_CHUNK_SUPPORTED to + PNG_HANDLE_AS_UNKNOWN_SUPPORTED, to make the png_set_keep mechanism + available for ignoring known chunks even when not saving unknown chunks. + * Adopted preference for consistent use of "#ifdef" and "#ifndef" versus + "#if defined()" and "if !defined()" where possible. + * Added PNG_NO_HANDLE_AS_UNKNOWN in the PNG_LEGACY_SUPPORTED block of + pngconf.h, and moved the various unknown chunk macro definitions + outside of the PNG_READ|WRITE_ANCILLARY_CHUNK_SUPPORTED blocks. + +------------------------------------------------------------------- +Thu Jun 4 15:16:17 CEST 2009 - pgajdos@suse.cz + +- updated to 1.2.37: + * fixed bug with new png_memset() of the big_row_buffer + +------------------------------------------------------------------- +Tue May 12 17:38:21 CEST 2009 - pgajdos@suse.cz + +- updated to 1.2.36 (see CHANGES) + +------------------------------------------------------------------- +Mon Feb 23 11:20:10 CET 2009 - pgajdos@suse.cz + +- fixes possible double free [bnc#472745] + (CVE-2009-0040) + +------------------------------------------------------------------- +Mon Jan 19 09:18:12 CET 2009 - pgajdos@suse.cz + +- updated to 1.2.34: + * fixes CVE-2008-3964 (removed CVE-2008-3964.patch) + +------------------------------------------------------------------- +Tue Jan 13 12:34:56 CET 2009 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Mon Sep 15 17:46:06 CEST 2008 - pgajdos@suse.cz + +- fixed CVE-2008-3964 [bnc#424739] + * CVE-2008-3964.patch + +------------------------------------------------------------------- +Thu Sep 11 14:23:49 CEST 2008 - pgajdos@suse.cz + +- updated to version 1.2.31: + * coding bugfixes and enhancements + +------------------------------------------------------------------- +Mon Sep 1 14:08:17 CEST 2008 - aj@suse.de + +- Do not package la files. + +------------------------------------------------------------------- +Mon Jun 23 19:17:51 CEST 2008 - pgajdos@suse.cz + +- updated to 1.2.29: + * fixes to the configure-related build-scripts + * security fix that affects programs that attempt to do + special handling of unknown PNG chunks (presumably very + few such programs), along with a reversion to previous + behavior for handling of images with out-of-range tRNS-chunk + values [bnc#378634] + * fix for unintentional gray-to-RGB conversion in + png_set_expand_gray_1_2_4_to_8() + * various other minor fixes +- removed makefile-am.patch, issue fixed upstream + +------------------------------------------------------------------- +Sun May 11 12:16:53 CEST 2008 - coolo@suse.de + +- fix rename of xxbit packages + +------------------------------------------------------------------- +Tue Apr 22 15:17:41 CEST 2008 - pgajdos@suse.cz + +- $(ECHO) substituted by echo in Makefile.in -- fixes package + build in beta (makefile-am.patch) + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Thu Apr 3 13:05:17 CEST 2008 - pgajdos@suse.cz + +- updated to 1.2.26: + * fixed minor coding errors that could lead to crashes in + exceptional cases + +------------------------------------------------------------------- +Thu Dec 6 02:20:12 CET 2007 - mrueckert@suse.de + +- added provides/obsoletes for the old package + +------------------------------------------------------------------- +Fri Nov 30 13:13:50 CET 2007 - nadvornik@suse.cz + +- updated to 1.2.23: + * more sanity checks, fixes [#332249] +- adjusted to Shared Library Policy: + * renamed package libpng to libpng12-0 + * created compatibility package libpng3 + +------------------------------------------------------------------- +Wed Jul 11 15:27:52 CEST 2007 - nadvornik@suse.cz + +- updated to 1.2.18: + * security fixes merged upstream + +------------------------------------------------------------------- +Thu Mar 29 09:20:57 CEST 2007 - aj@suse.de + +- Add zlib-devel to BuildRequires. + +------------------------------------------------------------------- +Thu Nov 23 18:47:29 CET 2006 - nadvornik@suse.cz + +- fixed crash on malformed sPLT chunks CVE-2006-5793 [#219007] + +------------------------------------------------------------------- +Mon Jul 17 17:30:52 CEST 2006 - nadvornik@suse.cz + +- make sure PNG_NO_ASSEMBLER_CODE is used consistently + +------------------------------------------------------------------- +Thu Jun 29 19:30:05 CEST 2006 - nadvornik@suse.cz + +- updated to 1.2.12: + * fixed possible buffer overflow [#189241] + +------------------------------------------------------------------- +Wed Jun 21 18:21:29 CEST 2006 - nadvornik@suse.cz + +- updated to 1.2.10: + * use autoconf + * many bugfixes +- libpng12-config no longer gives -Wl,-rpath,/usr/lib [#168627] +- spec file cleanup + +------------------------------------------------------------------- +Fri Feb 24 10:53:43 CET 2006 - nadvornik@suse.cz + +- removed libpng-64bit.diff [#153106] + +------------------------------------------------------------------- +Wed Jan 25 21:30:25 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Thu Jan 12 16:30:10 CET 2006 - nadvornik@suse.cz + +- compile with -fstack-protector + +------------------------------------------------------------------- +Mon Oct 10 14:59:41 CEST 2005 - nadvornik@suse.cz + +- fixed incorrect inline asm usage + +------------------------------------------------------------------- +Thu May 19 03:14:59 CEST 2005 - ro@suse.de + +- fix libdir in pkgconfig file libpng.pc + +------------------------------------------------------------------- +Thu Jan 20 17:34:57 CET 2005 - nadvornik@suse.cz + +- updated to 1.2.8: + * fixed crash of applications that strip the alpha channel + * fixed invalid zlib header within the PNG datastream + +------------------------------------------------------------------- +Mon Sep 27 10:45:21 CEST 2004 - sf@suse.de + +- fixed problem with wrong assumption for long on 64bit archs + which prevents khunphan from working (#45738) + + +------------------------------------------------------------------- +Wed Aug 25 11:11:53 CEST 2004 - kukuk@suse.de + +- Avoid /bin/sh PreRequires + +------------------------------------------------------------------- +Mon Aug 16 12:19:02 CEST 2004 - nadvornik@suse.cz + +- updated to 1.2.6: included security fixes + +------------------------------------------------------------------- +Mon Jul 19 14:15:38 CEST 2004 - nadvornik@suse.cz + +- fixed several buffer overflows [#43008] + +------------------------------------------------------------------- +Wed Jun 16 18:31:10 CEST 2004 - nadvornik@suse.cz + +- added missing part of pngtran overflow patch [#42043] + +------------------------------------------------------------------- +Fri Apr 23 16:39:48 CEST 2004 - nadvornik@suse.cz + +- fixed reading behind end of string [#39180] + +------------------------------------------------------------------- +Sat Jan 10 22:28:23 CET 2004 - adrian@suse.de + +- build as user + +------------------------------------------------------------------- +Fri Oct 10 16:58:23 CEST 2003 - adrian@suse.de + +- add %run_ldconfig + +------------------------------------------------------------------- +Tue Apr 8 01:34:48 CEST 2003 - ro@suse.de + +- fix tail calling syntax + +------------------------------------------------------------------- +Mon Feb 10 11:52:13 CET 2003 - nadvornik@suse.cz + +- link the shared library with -lz -lm -lc again + +------------------------------------------------------------------- +Wed Jan 29 10:04:20 CET 2003 - kukuk@suse.de + +- Fix libpng-devel requires (add zlib-devel) [Bug #23154] + +------------------------------------------------------------------- +Fri Jan 24 14:21:07 CET 2003 - sbrabec@suse.cz + +- Added missing pkgconfig files to %files. + +------------------------------------------------------------------- +Tue Jan 07 11:29:11 CET 2003 - nadvornik@suse.cz + +- updated to 1.2.5 +- fixed buffer overflow + +------------------------------------------------------------------- +Wed Jul 31 11:05:50 CEST 2002 - coolo@suse.de + +- fix libz dependency, so the resulting libpng is self containing + +------------------------------------------------------------------- +Fri Jul 26 21:21:24 CEST 2002 - adrian@suse.de + +- fix neededforbuild + +------------------------------------------------------------------- +Wed Jul 24 17:32:50 CEST 2002 - nadvornik@suse.cz + +- updated to 1.2.4: + - fixed buffer overflow in pngpread.c when IDAT is + corrupted with extra data + +------------------------------------------------------------------- +Fri Jul 12 16:20:53 CEST 2002 - schwab@suse.de + +- Fix makefile. + +------------------------------------------------------------------- +Fri Jul 5 10:41:39 CEST 2002 - kukuk@suse.de + +- Use %ix86 macro + +------------------------------------------------------------------- +Tue Jul 2 09:44:15 CEST 2002 - nadvornik@suse.cz + +- updated to 1.2.3 +- changed package version to match the version of source tarball + +------------------------------------------------------------------- +Tue Mar 5 10:38:31 CET 2002 - nadvornik@suse.cz + +- fixed permissions for man pages + +------------------------------------------------------------------- +Tue Feb 5 11:47:48 CET 2002 - nadvornik@suse.cz + +- added Provides: libpng:/usr/include/png.h to libpng-devel + +------------------------------------------------------------------- +Thu Jan 31 14:10:01 CET 2002 - nadvornik@suse.cz + +- back to 1.0.12, libpng 1.2.x will be packed in separate package +- created devel subpackage to allow parallel instalation of + shared libraries + +------------------------------------------------------------------- +Wed Jan 9 11:33:09 CET 2002 - nadvornik@suse.cz + +- update to 1.2.1 +- used macros %{_lib} and %{_libdir} + +------------------------------------------------------------------- +Tue Dec 4 15:23:50 CET 2001 - nadvornik@suse.cz + +- update to 1.2.0 + - shared library version changed to 3.1.2.0 + - new API for dynamically enabling and disabling certain optimizations +- added Provides: libpng-devel for compatibility [bug #11978] + +------------------------------------------------------------------- +Tue Jul 17 12:29:40 CEST 2001 - nadvornik@suse.cz + +- update to 1.0.12 + +------------------------------------------------------------------- +Tue Apr 3 10:11:24 CEST 2001 - nadvornik@suse.cz + +- update to 1.0.10 +- used pnggccrd.c - MMX support on intel + +------------------------------------------------------------------- +Tue Feb 13 14:26:47 CET 2001 - nadvornik@suse.cz + +- update to 1.0.9 + +------------------------------------------------------------------- +Fri Jan 19 17:13:11 CET 2001 - bk@suse.de + +- call pngtest program to have some tests that libpng works. +- don't remove -O3 when adding RPM_OPT_FLAGS(still do -O3 optimisations) + +------------------------------------------------------------------- +Thu Jan 4 09:23:32 CET 2001 - nadvornik@suse.cz + +- changed rpm version to 2.1.0.8 (bug #5062) +- changed shared library name to libpng.so.2.1.0.8 + +------------------------------------------------------------------- +Wed Aug 23 12:01:11 CEST 2000 - nadvornik@suse.cz + +- update to 1.0.8 + +------------------------------------------------------------------- +Tue Jul 11 15:40:08 CEST 2000 - adrian@suse.de + +- seg fault fix in pngrutil.c + +------------------------------------------------------------------- +Mon May 22 10:06:19 CEST 2000 - nadvornik@suse.cz + +- changed group +- changed URL + +------------------------------------------------------------------- +Sat Apr 29 22:31:13 CEST 2000 - kukuk@suse.de + +- Make sure libpng.so.2 is linked against libz to avoid problems + with missing dependencies. + +------------------------------------------------------------------- +Mon Apr 10 16:35:05 CEST 2000 - nadvornik@suse.cz + +- added URL + +------------------------------------------------------------------- +Tue Apr 4 15:16:50 CEST 2000 - nadvornik@suse.cz + +- update to 1.0.6 +- added BuildRoot + +------------------------------------------------------------------- +Tue Jan 25 16:59:36 CET 2000 - ro@suse.de + +- update to 1.0.5 +- manpages to /usr/share using macro + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Tue Jun 29 12:25:16 MEST 1999 - ro@suse.de + +- moved from /usr/X11R6 to /usr + +------------------------------------------------------------------- +Mon Jun 28 16:09:53 MEST 1999 - ro@suse.de + +- update to 1.0.3 + +------------------------------------------------------------------- +Wed Feb 17 10:33:29 MET 1999 - ro@suse.de + +- added .so.2 link + +------------------------------------------------------------------- +Fri Jan 22 20:08:44 MET 1999 - ro@suse.de + +- bump version to 2.1.0 (the version of the installed library) + +------------------------------------------------------------------- +Fri Mar 20 14:32:55 MET 1998 - ro@suse.de + +- extracted package from libgr tree + update to version 1.0.1 + diff --git a/libpng16.keyring b/libpng16.keyring new file mode 100644 index 0000000..f27199a --- /dev/null +++ b/libpng16.keyring @@ -0,0 +1,91 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.20 (GNU/Linux) + +mQINBFGn+ogBEAD6cK4C1MRIOUPToIxBZA1mwkiUYTimGEhmgHFle9h20GQWuuJ3 +sU34ptoljsmgeWChuC1PRtYm1mb/nrIC98Osu1MKwj1QQbHgGa/oK57LBx05bVZr +GI36tkZXi9VC4aiilJ08c1bVYDh0WKx9ohH7VKlNiDiS5g5Fsk8fe3hj+nCBbRN1 +6VZjcVhWwhYYygTnTu/4KxkjgbE2QUP1CsE8UbeubFcInlSFmXAyoc3hXLbe0NqI +Jxri1dQAwg/J/GtEqLfTDE9f+xuHgVVwUpGNDhf2Md4STW/5m0lzfOQXxN0AUwml +wTNS6YNkb8WK0ab63wnVwP+4wAwVp3QjDYhrkApTdv3W5V/7oGL0Iw6o1XGbXLp2 +qLwgAhcWFeZWU6RbfT33ipeoYPmt4Cw8tGW6Zh1CEW4lj33hJoOTfrogtMFqPRSa +sbz2tTGha3ZA3FKg84tfg1UaS7ZJ6MmrO2lXr7VcjR75xmeqjjQyQlhZ67Ew4mbw +J456mG0fM9a7PPgCIJPAluNQvgUjoSfDFb/0klhnZeUULZqhBNQP05wisWjLinGB +3QW4WKJlBpugSR8ymIgn0aU9gsbBppDHrF9Vzl/1oQAbcuiRM/GIiVvY8q5a8x1I +KnSNH0/SXSdaHdhcfzOx1JG2wM5S5dS5LDkCchxbReD82DDr90dxBlxfnwARAQAB +tDdHbGVubiBSYW5kZXJzLVBlaHJzb24gKG1vemlsbGEpIDxnbGVubnJwK2Jtb0Bn +bWFpbC5jb20+iQI+BBMBAgAoBQJRr4XlAhsDBQkJbUKdBgsJCAcDAgYVCAIJCgsE +FgIDAQIeAQIXgAAKCRD1SYS/oWxkD+AfEACgCTqUYZC4LvwPnaK0Y/Cjgwt6ToaJ +t3dpziKibYR3fL0F8vzX153Ry++K7yRe6C+1oNgNwEtT3NcJ/LOESrQEv0VGMKNK +IgETWGUoPL96X7huX5SJvWWzqjMwqiuGnxhh5zINKFdYEDemzclFgCld9NqMPObJ +K9qnQY2VNl1enn6omXuX6uL9CkYxvAgEWeROLfFqaKv3pqERAegKPSMsLCVvBgOv +LVKbt+Du/sRd2NfmfSBNhubCwegPNw6PW/G/w/IFu28L5FAessIqcPL5fqx0qIpm +Eb+LWOTPb9UrlzVYJmyLZP11I4dTo7RUGcWyP4Pr+LAkYmfjjXMSvVXia3rsy7R6 +uhkiq1Ar6o4WHuDqbWfyM8FRT0IQaeJ2RgMxXx82bG7TYg+3jj/auR1cu77PDcp1 +kZbKS0TTmXnOVk8R3HmM4Nu7JzEgagyvGNZm43yPMk1Z6GyrW7vyF4rV+yC3C4FF +yqL061DOgm/jA8JhRs0CxPpYgBeYKkfbk86cH/42ecCVCOqf59YkIRacQ/BZe8gL +Na/9o9mhL36IXfkr7Y4zwLPeSzwQNewDobqjqxZx24hwXJDgw61khxWmZLc4TaSD +ztYpUiwhzEApPpNPfiyKgemXW3AZas72t4sKcopsubildANMQCLeqnJnOwzA45Dj +gM4isVqLMX0m9bQ+R2xlbm4gUmFuZGVycy1QZWhyc29uIChsaWJwbmcpIDxnbGVu +bnJwQHVzZXJzLnNvdXJjZWZvcmdlLm5ldD6JAj4EEwECACgCGwMGCwkIBwMCBhUI +AgkKCwQWAgMBAh4BAheABQJRrzusBQkJbUKdAAoJEPVJhL+hbGQP65AP/0v4qqp9 +yrwJI1xc56iaB12sUVTUa1LKdFer6rN56Z757dRPrksbR4pQrpU9pjEETg7gn3TL +kMusGeNWWPr86X4kVuAUhw9/SCZiT/MsRvYHNKyNzZBNpw5pPjn/AeQhuHoMER25 +M0e1/hExiwBrpNhyRyywO1NYDbuHFlPA9vlcb7vYF4EYimKyjPg0r1Qbq2rrwPGz +KI6k+Zlhp3NfdAJKdXA50TL48nqCYu1uH18eYP9V4qRaXPto4rzNzlMPn0IILFl4 +zmrC+vrBqtDfcg1fYupDBupKdb54D9xExfx5w+eX7/VhzBesnBEkhOZJRpABW8NE +P9/9ryraPiKyHyfpy1D/LzJXGcNDOwziv0R7LdmLECB714v9tSjie6EdZJYc9E1s +VUG7iJ4te+B0iKohqQIpvuDwjmsJsViu/tHYYndoJd5DYt4QxewN17Vl/P48bV6E +cTZWTnK2hI6/n0u0vfnQ6Zy2Hmkl9PRaDK/EQPaEJ68uk9bx8jiZ2quIDZkdMHZ0 +5hkQk2E4VdCOBPsmeH/kSXhUrhJLcP8wHInBV7Twtv3PR6MVv71Zvccydrqrz0W5 +JtbSA1pMKeDLh8zTL8ZwbvGPwB7qbeaD82babXQErAVkX6N5TX9pbPQU8EHnD/C4 +o8YYtMJ/TSSJQBFo0O3RNTroosHiWtzGQtH7iQI+BBMBAgAoBQJRp/qIAhsDBQkJ +ZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRD1SYS/oWxkD0eUEAC2nqdB +wpzGdUl4HlbdUTSgMSbCO+96rgVQCp5WvQniPaUB4DkHL2V4VDQW4oeDvTWxKC8t +rG4MSgC6Oyjg4qQe9+p9UqxhWWxqajJxMUlBMS/Xn+cHO+FbDfSCOMmHkbmuMOkJ +Z/4g8u4PgKOjnV+Hnmvo49CWkw549NmK4G3GOsoOVVNjz4IjJC1HJkLje662n1SV +q2CqggjflqN90hE0x4n55ihQWsqC0dMYeYLzJXqWkDMavx6oJTVgSGHPSdKx3LPG +UiuDytU1A93K8Ki97NuVOdvC+U3iEnUf1uMBasbDxaGSlIBrMDS3saVqMNDXpfXl +XPyc5dxMz23vayjlWyQI6OO7Im4wpfdHsSQP5uvkkkyLWOz+ZZsASFstF52jfJLm +53Q3agQS8lL1OCvy3rsgVl5OjEpfBwj9L4XF+Meu6EPv5Yk7WUV6+Uabt+KxvIuQ +KqnZ0hlZ4R7ALOloe9yebmWpjW2WtBJS6RJHtJdsym2oVhUjk5NX/on0hAAJDAls +udkFEw+pqtjdiWeyhNvWpTaVLxwwEv0+lHOEVwzC4eU2XOYPS1mzMYaNRjDU1Nf3 +vYV54tnomtr3WvmI9QHlXYU3xpg6F70PdfKoju9JUKoDYi3fwldwLacPEG83XGbf +2r/g6viS5y2k4sOkx23O7L23OFcmoKhx9hibxLRAR2xlbm4gUmFuZGVycy1QZWhy +c29uIChwbmdjcnVzaCkgPGdsZW5ucnBAdXNlcnMuc291cmNlZm9yZ2UubmV0PokC +PgQTAQIAKAUCUa8+fAIbAwUJCW1CnQYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA +CgkQ9UmEv6FsZA/1lRAAmPj6tlVpbr9Nm7tENuWw18r/EkWqf485MMktMvC+ZNOh +SUGTKVX/Snq2AsEvTHhuLv3YvLFRZ4to9veLA1vjXvBVYvdirfIznxfYjdmzLOZ7 +8CWRiRk8aC1j7K1czBUNhRgrTl4YN3GZNxnrmtSDm9A/uHE+RewcbXZsRv8PS9Bn +LCkb2bGbHAJvfjkjDFKstjN0qCMFxFKiQm2QjY1Q8pkD0DtsJgtqirCxkyZvzmqZ +mSIeGURL5l7WJnLiMOckk4V0z3/6BsO4WXJYWe0G1vnPZFJjBvauhKVZMZ75FaKe ++O80dXIiQBblbxV6O/P+2D/V4HnSiENDowltFx2CGhvrf8QY9vvZIApa/qu9FTuF +zMkpKTvODWTMXKKN8V4CAX8YvGJ4P7TU3iicRDG7ElE0v5ewH2DbcJyf9MTtCk+R +zHpxElbkz5WWKEmHQZaVm95W9EWjOM19mvWNCZdgW7u8nGjnfJ+IwZCCYa+VycSg +9sucH7YC9yEKWW2YpdrqbqnjBSEGnjq0MtyXUU5cQIHBgit61sPSBc2nbEsyP4a1 +2o/wF341HzwRQOyU4BSLRgLsnMSwfneOveoC6bFqKebZuMcMuYgzV81vDdGW2JEv +qXsTuAWmiUyJbdVp0ofvAc1ZVCQjbPI5jgWAGSFA/IEES/VrXWwB1Beimk1EW5a5 +Ag0EUaf6iAEQAKx8uIVati92dJrTR1dQLDjcpvnjXdU59gbHZ7u2vC6o4lvNcjBn +9sbS+20PE/bMcfJnYWirJSMSxYGvgfiDRz+LjAMNPtbde/5saqRRFmNOa9i1Kl5M +HxC4LzM8TZOHqpay02GvhB3Uz+o4o4vm148N9dJRNhBiGO0Tmf0RL145FUr2OTDb +Q/RVMIxx1xCqbQCabGKlL6g1ByM65S2s+3wYCqOJfdIAQJ01ohzEiLDToX06wqgI +/zUG9J96Hxwy8GYOG3d5EXKlpZI9y8MdYIKgiTc7wjbrUvsW4H9KQBxm4CMfn24r +/mdnpcDYRKPd7YZBhW7LpDrYXbAqH5OoQZwNXAvLq+iLzZNfgVlQNPup67JD0efO +A9uCwVlSg145EVWBzwbhtd8K5NaEYqbbrK1IYlfsVVk9N1cs6zw/yh/P5TmHvkpH +u2zyYhNaH8CKAmj+cR04eDqqn/ECQ14dA7qoUyADLm199ytpxzjOx1uAz153JnAg +jnZz0cfGpg8oKptQ1j+PQcoy6PEYAE3zUz5PRPWEQr+8S4QSi/HUQQ87d0ysgLzU +uMLHuV+0lOiZ/Jk8N7SOyNnpgkJaE+0NOPuPqH2YUAB3VuoJTxmLq5z49N8+rx0A +P3F8W49dJ7RuA8w5QAGT9UpG3jRvBNkOqCpXyZKfUvSC7H/66HGy7x6rABEBAAGJ +AiUEGAECAA8FAlGn+ogCGwwFCQlmAYAACgkQ9UmEv6FsZA8sehAAw1AAbcjRO6Zs +ivgr3oBMxUcQRwCqhK4JrCXnA2j2LdPmNxVwabjuk/T95gEx/JaPrEN3aNyV6Psb +ajBJ9OChvBjBZ3dib7HmUmKn/q3UDt/ZtOR2Y11rfFcd1WOD6xOzu+GH0Bq9/eN0 +YYZswppy0+s7uKKd2vPxKoCuCt0b0Aze/LpLn7+Az01xsLfHJ8tmwVklkNdT6g9u +Xoxj27ibjOP7XsB/xugCcItxvIPu0kYLohqpSxcOrtAFuGyUm/pqYGFPKvs+4x8+ +oTomn68w2nyI4m3slHdbUfeRNq6uSxzw7a8VqwV4NeGBQLOwq0RCVgvyDKF3vVLR +NkNXkNxRQ8WCOw31qFsAAuBtO2QPxj8KuUzOkMF5nTtyJravAOaSGkjMtBGlUbxS +TSpIeiy8o1SOmj3Fd5fG8k8MlZ+LCzRoAjDREGgk9NZSCpA/kQB3lkv0RSYqgMB8 +nkcBOaCbXRBQ66iPg9KhkMwadUxLAK/i6jFir1HGzgjeSufk/8BJPzHWb5IQna4G +VgGy5MP5iCup2WVyeEREw8p9IGZU+UAOdziD8OicCrMdkw24TqEKOCCREByiRgIf +scWcJdpHlqFYCQhjKPXM79PWYCP600VFW/m1/gblHu3pB3n40NjMOC7Fi1gl96+q +jbyUPEKA6rvduCBJHehOpTSTScWnA3U= +=Rum9 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libpng16.spec b/libpng16.spec new file mode 100644 index 0000000..345ff55 --- /dev/null +++ b/libpng16.spec @@ -0,0 +1,158 @@ +# +# spec file for package libpng16 +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define debug_build 0 +%define asan_build 0 +%define major 1 +%define minor 6 +%define micro 43 +%define branch %{major}%{minor} +%define libname libpng%{branch}-%{branch} +%define debug_package_requires %{libname} = %{version}-%{release} +Name: libpng16 +Version: %{major}.%{minor}.%{micro} +Release: 0 +Summary: Library for the Portable Network Graphics Format (PNG) +License: libpng-2.0 +URL: http://www.libpng.org/pub/png/libpng.html +Source0: https://prdownloads.sourceforge.net/libpng/libpng-%{version}.tar.xz +Source2: libpng16.keyring +Source3: rpm-macros.libpng-tools +Source4: baselibs.conf +BuildRequires: libtool +BuildRequires: pkgconfig +BuildRequires: pkgconfig(zlib) +%{?suse_build_hwcaps_libs} + +%package -n %{libname} +Summary: Library for the Portable Network Graphics Format (PNG) +Provides: libpng = %{version} + +%package devel +Summary: Development tools for applications which will use libpng +Requires: %{libname} = %{version} +Requires: glibc-devel +Requires: pkgconfig +Requires: pkgconfig(zlib) +Recommends: libpng%{branch}-compat-devel +# + +%package compat-devel +Summary: Development tools for applications which will use libpng +Requires: libpng%{branch}-devel = %{version} +Conflicts: libpng-devel +Provides: libpng-devel = %{version} +Obsoletes: libpng-devel < 1.2.44 + +%package tools +Summary: Tools for Manipulating PNG Images +Conflicts: libpng-tools +Provides: libpng-tools = %{version} + +%description +libpng is the official reference library for the Portable Network +Graphics format (PNG). + +%description -n %{libname} +libpng is the official reference library for the Portable Network +Graphics format (PNG). + +%description devel +The libpng%{branch}-devel package includes the header files, libraries, +configuration files and development tools necessary for compiling and +linking programs which will manipulate PNG files using libpng%{branch}. + +libpng is the official reference library for the Portable Network +Graphics (PNG) format. + +%description compat-devel +The libpng%{branch}-compat-devel package contains unversioned symlinks +to the header files, libraries, configuration files and development +tools necessary for compiling and linking programs that don't care +about libpng version. + +%description tools +Package consists of low level tools for manipulating and fixing particular +PNG files. + +%prep +%autosetup -n libpng-%{version} + +%build +# PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1 +export CFLAGS="%{optflags} -O3 -DPNG_SAFE_LIMITS_SUPPORTED -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)" +export LDFLAGS="-Wl,-z,relro,-z,now" +%if %{debug_build} +export CFLAGS="$CFLAGS -Og" +%endif +%configure \ + --enable-hardware-optimizations=yes \ +%ifarch armv6l armv6hl + --enable-arm-neon=no +%endif + --disable-static +%if %{asan_build} +sed -i -e 's/^\(CFLAGS.*\)$/\1 -fsanitize=address/' \ + -e 's/\(^LIBS =.*\)/\1 -lasan/' Makefile +%endif +%make_build + +%check +%make_build -j1 check + +%install +%make_install +find %{buildroot} -type f,l -name "*.la" -delete -print +mkdir -p %{buildroot}%{_sysconfdir}/rpm +install -D -m644 %{SOURCE3} %{buildroot}%{_rpmmacrodir}/macros.libpng-tools +%if %{debug_build} ||%{asan_build} +install -m755 .libs/pngcp %{buildroot}/%{_bindir} +%endif + +%post -n %{libname} -p /sbin/ldconfig +%postun -n %{libname} -p /sbin/ldconfig + +%files -n %{libname} +%{_libdir}/libpng%{branch}.so.* + +%files devel +%{_bindir}/libpng%{branch}-config +%{_includedir}/libpng%{branch} +%{_libdir}/libpng%{branch}.so +%{_libdir}/pkgconfig/libpng%{branch}.pc +%license LICENSE +%doc CHANGES README TODO ANNOUNCE libpng-*.txt + +%files compat-devel +%{_bindir}/libpng-config +%{_includedir}/*.h +%{_libdir}/libpng.so +%{_libdir}/pkgconfig/libpng.pc +%{_mandir}/man3/libpng.3%{?ext_man} +%{_mandir}/man3/libpngpf.3%{?ext_man} +%{_mandir}/man5/png.5%{?ext_man} + +%files tools +%{_bindir}/png-fix-itxt +%{_bindir}/pngfix +%if %{debug_build} || %{asan_build} +%{_bindir}/pngcp +%endif +%{_rpmmacrodir}/macros.libpng-tools + +%changelog diff --git a/rpm-macros.libpng-tools b/rpm-macros.libpng-tools new file mode 100644 index 0000000..fc316a6 --- /dev/null +++ b/rpm-macros.libpng-tools @@ -0,0 +1,35 @@ +# macro: %png_fix path/to/name-of.png +# for given png, fixes 'IDAT: invalid distance too far back', etc., +# see pngfix --help +# +# -q do not output if macro fixed something or find unrecoverable error +# +# this macro fails only if there is an unrecoverable error in the png +# -- pngfix returns nonzero and $png.fixed doesn't exist; run pngfix +# on that file, see return code and compare with pngfix --help output +%png_fix(q) \ + if test "x%1" == "x%%1"; then \ + echo "Missing argument in call to %%png_fix: path and name of png file." \ + exit 1 \ + fi \ + /usr/bin/pngfix %{-q: -qq} --suffix='.fixed' "%1" || true \ + mv "%1.fixed" "%1" \ + %nil +# +# macro: %png_fix_dir +# for given directory, search *.png (recursively) and potentionaly +# fix 'IDAT: invalid distance too far back', etc., see pngfix --help +# +# -q do not output if pngfix fixed something or find unrecoverable error +# +%png_fix_dir(q) \ + if test "x%1" == "x%%1"; then \ + echo "Missing argument in call to %%png_fix_dir: dir where to search png files." \ + exit 1 \ + fi \ + for png in `find "%1" -iname '*.png'`; do \ + # -q will be propagated \ + %png_fix $png \ + done \ + %nil +