Commit Graph

50 Commits

Author SHA256 Message Date
ad752ef1e0 - update to 1.6.28: fix build issues
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=90
2017-01-06 08:12:51 +00:00
101773fe9a - update to 1.6.27: fixes CVE-2016-10087
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=89
2017-01-02 11:10:07 +00:00
3e860acfee - update to 1.6.26:
Fixed handling zero length IDAT in pngfix (bug report by Agostino Sarubbo,
    bugfix by John Bowler).
  Do not issue a png_error() on read in png_set_pCAL() because
    png_handle_pCAL has allocated memory that libpng needs to free.
  Issue a png_benign_error instead of a png_error on ADLER32 mismatch
    while decoding compressed data chunks.
  Changed PNG_ZLIB_VERNUM to ZLIB_VERNUM in pngpriv.h, pngstruct.h, and
    pngrutil.c.
  If CRC handling of critical chunks has been set to PNG_CRC_QUIET_USE,
    ignore the ADLER32 checksum in the IDAT chunk as well as the chunk CRCs.
  Issue png_benign_error() on ADLER32 checksum mismatch instead of
    png_error().
  Updated the documentation about CRC and ADLER32 handling.
  Fixed offsets in contrib/intel/intel_sse.patch
  Changed integer constant 4294967294 to unsigned 4294967294U in pngconf.h
    to avoid a signed/unsigned compare in the preprocessor.
  Use zlib-1.2.8.1 inflateValidate() instead of inflateReset2() to
    optionally avoid ADLER32 evaluation.

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=86
2016-10-20 06:18:51 +00:00
48cdb19075 - update to 1.6.25:
Reject oversized iCCP profile immediately.
  Conditionally compile png_inflate().
  Don't install pngcp; it conflicts with pngcp in the pngtools package.
  Added MIPS support (Mandar Sahastrabuddhe <

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=84
2016-09-01 08:48:31 +00:00
6bc0cde88a - update to 1.6.24:
Avoid potential overflow of the PNG_IMAGE_SIZE macro.
  Correct filter heuristic overflow handling.
  Use a more efficient absolute value calculation on SSE2.
  Added pngcp.
  etc. see ANNOUNCE

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=82
2016-08-04 06:31:09 +00:00
a6a00192a4 Accepting request 416808 from home:susnux:branches:graphics
Update to 1.6.23
Some possible security fixes.

OBS-URL: https://build.opensuse.org/request/show/416808
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=81
2016-08-04 06:18:33 +00:00
32b40ffb9f - update to 1.6.22:
Added a png_image_write_to_memory() API and a number of assist macros
    to allow an application that uses the simplified API write to bypass
    stdio and write directly to memory.
  Relaxed limit checks on gamma values in pngrtran.c. As suggested in
    the comments gamma values outside the range currently permitted
    by png_set_alpha_mode are useful for HDR data encoding.  These values
    are already permitted by png_set_gamma so it is reasonable caution to
    extend the png_set_alpha_mode range as HDR imaging systems are starting
    to emerge.
  Restored "& 0xff" in png_save_uint_16() and png_save_uint_32() that
    were accidentally removed from libpng-1.6.17.
  Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0xnnnn to 0xnnnnU in png.h
    (Robert C. Seacord).
  Added INTEL-SSE2 support (Mike Klein and Matt Sarett, Google, Inc.).
  SSE filter speed improvements for bpp=3:
    memcpy-free implementations of load3() / store3().
  Added PNG_FAST_FILTERS macro (defined as
    PNG_FILTER_NONE|PNG_FILTER_SUB|PNG_FILTER_UP).

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=79
2016-05-26 15:01:34 +00:00
Ismail Dönmez
e08ba90d0f Accepting request 354391 from home:jengelh:branches:graphics
- Update to new upstream release 1.6.21

OBS-URL: https://build.opensuse.org/request/show/354391
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=77
2016-01-17 14:57:18 +00:00
5646b27ba7 - update to 1.6.20:
Avoid potential pointer overflow/underflow in png_handle_sPLT() and
    png_handle_pCAL() (Bug report by John Regehr).
  Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
    not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
    vulnerability.
  Backported tests from libpng-1.7.0beta69.
  Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
    American Fuzzy Lop, reported by Brian Carpenter.  inflate() doesn't
    immediately fault a bad CMINFO field; instead a 'too far back' error
    happens later (at least some times).  pngfix failed to limit CMINFO to
    the allowed values but then assumed that window_bits was in range,
    triggering an assert. The bug is mostly harmless; the PNG file cannot
    be fixed.
  In libpng 1.6 zlib initialization was changed to use the window size
    in the zlib stream, not a fixed value. This causes some invalid images,
    where CINFO is too large, to display 'correctly' if the rest of the
    data is valid.  This provides a workaround for zlib versions where the
    error arises (ones that support the API change to use the window size
    in the stream).

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=75
2015-12-03 15:14:24 +00:00
35368c612d - update to 1.6.19:
Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
  Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
  Fixed the recently reported 1's complement security issue.
  Fixed png_save_int_32 when int is not 2's complement by replacing
    the value that is illegal in the PNG spec, in both signed and 
    unsigned values, with 0.
 etc., see ANNOUNCE and CHANGES for details
- removed: libpng-rgb_to_gray-checks.patch (upstreamed)

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=73
2015-11-13 07:46:48 +00:00
2d78fea3f9 - drop unknown configure switch
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=71
2015-08-07 14:20:27 +00:00
2941154e3c - updated to 1.6.17:
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=69
2015-04-01 11:11:37 +00:00
eaa7188047 - Fixed rgb_to_gray checks and added tRNS checks to pngvalid.c.
+ libpng-rgb_to_gray-checks.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=68
2015-04-01 11:08:39 +00:00
e5bea13bdb - updated to 1.6.27:
Corrected the width limit calculation in png_check_IHDR().
  Removed user limits from pngfix. Also pass NULL pointers to
    png_read_row to skip the unnecessary row de-interlace stuff.
  Implement previously untested cases of libpng transforms in pngvalid.c
  Fixed byte order in 2-byte filler, in png_do_read_filler().
  Made the check for out-of-range values in png_set_tRNS() detect
    values that are exactly 2^bit_depth, and work on 16-bit platforms.
  Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47.
  Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and
    pngset.c to avoid warnings about dead code.
  Do not build png_product2() when it is unused.
  Display user limits in the output from pngtest.
  Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column
    and 1-million-row default limits in pnglibconf.dfa, that can be reset
    by the user at build time or run time.  This provides a more robust
    defense against DOS and as-yet undiscovered overflows.
  Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default.
  Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins).
  Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block
    of png.h.
  Free the unknown_chunks structure even when it contains no data.
  Fixed simplified 8-bit-linear to sRGB alpha. The calculated alpha
    value was wrong.  It's not clear if this affected the final stored
    value; in the obvious code path the upper and lower 8-bits of the
    alpha value were identical and the alpha was truncated to 8-bits
    rather than dividing by 257 (John Bowler).

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=67
2015-03-30 07:13:45 +00:00
356d4a7869 - build with PNG_SAFE_LIMITS_SUPPORTED [bnc#912076], [bnc#912929]
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=65
2015-01-13 16:59:41 +00:00
3d6e3910bf - updated to 1.6.16:
* Restored a test on width that was removed from png.c at libpng-1.6.9
    (Bug report by Alex Eubanks).
  * Fixed an overflow in png_combine_row with very wide interlaced images.

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=63
2014-12-29 14:30:26 +00:00
58e3f7658d - updated to 1.6.15:
* Avoid out-of-bounds memory access in png_user_version_check().
  * Fixed incorrect handling of the iTXt compression.
  * Free all allocated memory in pngimage.
  * Fixed array size calculations to avoid warnings.
  etc. see ANNOUNCE

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=61
2014-11-20 20:12:18 +00:00
8bbae2fc89 - updated to 1.6.13: a "cleanup" release that have no security
fixes or new features.

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=59
2014-08-22 05:56:30 +00:00
2c87a7b9e0 - removed libpng16-1.6.9-CVE-2014-0333.patch (upstreamed)
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=57
2014-06-12 13:58:55 +00:00
d80e3bc45a - updated to 1.6.12:
* bugfixes, almost build-related only

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=56
2014-06-12 05:44:17 +00:00
4dca59897d - updated to 1.6.11:
* fixed CVE-2014-0333 
  * other bugfixes
- removed libpng16-1.6.6-CVE-2014-0333.patch (upstreamed)

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=55
2014-06-06 06:24:33 +00:00
8f70075f41 - fixed CVE-2014-0333 [bnc#866298]
- added patches:
  * libpng16-1.6.6-CVE-2014-0333.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=53
2014-03-04 10:07:50 +00:00
1adff63cda - updated to 1.6.9:
Bookkeeping: Moved functions around (no changes). Moved transform
    function definitions before the place where they are called so that
    they can be masde static. Move the intrapixel functions and the
    grayscale palette builder out of the png?tran.c files. The latter
    isn't a transform function and is no longer used internally, and the
    former MNG specific functions are better placed in pngread/pngwrite.c
  Made transform implementation functions static. This makes the internal
    functions called by png_do_{read|write}_transformations static. On an
    x86-64 DLL build (Gentoo Linux) this reduces the size of the text
    segment of the DLL by 1208 bytes, about 0.6%. It also simplifies
    maintenance by removing the declarations from pngpriv.h and allowing
    easier changes to the internal interfaces.
  Rebuilt configure scripts with automake-1.14.1 and autoconf-2.69
    in the tar distributions.
  Added checks for libpng 1.5 to pngvalid.c.  This supports the use of
    this version of pngvalid in libpng 1.5
  Merged with pngvalid.c from libpng-1.7 changes to create a single
    pngvalid.c
  Merged pngrio.c, pngtrans.c, pngwio.c, and pngerror.c with libpng-1.7.0
  Merged libpng-1.7.0 changes to make no-interlace configurations work
    with test programs.
  Revised pngvalid.c to support libpng 1.5, which does not support the
    PNG_MAXIMUM_INFLATE_WINDOW option, so #define it out when appropriate
    in pngvalid.c
  Allow unversioned links created on install to be disabled in configure.
    In configure builds 'make install' changes/adds links like png.h
    and libpng.a to point to the newly installed, versioned, files (e.g.
    libpng17/png.h and libpng17.a). Three new configure options and some
    rearrangement of Makefile.am allow creation of these links to be

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=51
2014-02-07 07:38:42 +00:00
2c0f5fd121 - updated to 1.6.8:
Changed #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED in pngpread.c to
    #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED to be consistent with
    what is in pngpriv.h.
  Moved prototype for png_handle_unknown() in pngpriv.h outside of
    the #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED/#endif block.
  Enabled WRITE_INVERT and WRITE_PACK in contrib/pngminim/encoder.
  Fixed pngvalid 'fail' function declaration on the Intel C Compiler.
    This reverts to the previous 'static' implementation and works round
    the 'unused static function' warning by using PNG_UNUSED().
  Handle zero-length PLTE chunk or NULL palette with png_error()
    instead of png_chunk_report(), which by default issues a warning
    rather than an error, leading to later reading from a NULL pointer
    (png_ptr->palette) in png_do_expand_palette(). This is CVE-2013-6954
    and VU#650142.

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=49
2013-12-20 07:19:05 +00:00
e8380fa090 Accepting request 209136 from home:pgajdos
- png_fix macro doesn't leave *.png.fixed (which happened for correct
  PNGs) [bnc#852862]

OBS-URL: https://build.opensuse.org/request/show/209136
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=47
2013-12-02 10:30:13 +00:00
1b7e4e9fb9 - updated to 1.6.7:
* Revised unknown chunk code to correct several bugs in the 
    NO_SAVE_/NO_WRITE combination
  * Check user callback behavior in pngunknown.c. Previous versions 
    compiled if SAVE_UNKNOWN was not available but did nothing since the 
    callback was never implemented.
  * Merged pngunknown.c with 1.7 version and back ported 1.7 
    improvements/fixes
  * Revised pngvalid to generate size images with as many filters as 
    it can manage, limited by the number of rows.
  * ARM improvements/fixes

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=45
2013-11-15 08:08:26 +00:00
4fbe20120f - updated to 1.6.6:
* fix arm build

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=43
2013-09-25 08:09:16 +00:00
acbce60e57 - updated to 1.6.4:
* Added information about png_set_options() to the manual.
  * Delay calling png_init_filter_functions() until a row with nonzero 
    filter is found.
  * Fixed inconsistent conditional compilation of 
    png_chunk_unknown_handling() prototype, definition, and usage.  
    Made it depend on PNG_HANDLE_AS_UNKNOWN_SUPPORTED everywhere.

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=41
2013-09-12 13:30:38 +00:00
Stephan Kulow
ee19a4e88e - remove gpg-offline usage, libpng16 is too low in the build chain
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=38
2013-08-30 15:20:56 +00:00
Stephan Kulow
7b286b7b5c just for testing
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=37
2013-08-30 14:24:02 +00:00
Stephan Kulow
37397dfd58 - remove gpg-offline usage, libpng16 is too low in the build chain
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=36
2013-08-30 14:11:27 +00:00
f73866b052 - png-fix-too-far-back was actually renamed to pngfix. Adjusted rpm
macro names accordingly, %png_fix and %png_fix_dir.

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=33
2013-08-08 15:21:08 +00:00
5b397eb2af - updated to 1.6.3:
* Added png-fix-itxt and png-fix-too-far-back to the built programs and
      removed warnings from the source code and timepng that are revealed as
      a result.
  => new subpackage tools, created rpm macros

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=32
2013-08-06 08:57:14 +00:00
Dr. Werner Fink
a1dab95854 Accepting request 180468 from home:elvigia:branches:graphics
- Build with LFS_CFLAGS in 32 bit archs otherwise calls such 
 as png_image_begin_read_from_file() or png_image_write_to_file()
 will fail to read/write huge images.
- Build with Full RELRO as this library is a possible consumer
  of malicuous images/files.

OBS-URL: https://build.opensuse.org/request/show/180468
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=29
2013-06-22 21:47:51 +00:00
5f57c77f76 - updated to 1.6.2:
Updated documentation of 1.5.x to 1.6.x changes in iCCP chunk handling.
  Fixed incorrect warning of excess deflate data. End condition - the
    warning would be produced if the end of the deflate stream wasn't read
    in the last row.  The warning is harmless.
  Corrected the test on user transform changes on read. It was in the
    png_set of the transform function, but that doesn't matter unless the
    transform function changes the rowbuf size, and that is only valid if
    transform_info is called.
  Corrected a misplaced closing bracket in contrib/libtests/pngvalid.c
    (Flavio Medeiros).
  Corrected length written to uncompressed iTXt chunks (Samuli Suominen).
  Added contrib/tools/fixitxt.c, to repair the erroneous iTXt chunk length
    written by libpng-1.6.0 and 1.6.1.
  Disallow storing sRGB information when the sRGB is not supported.
  Merge pngtest.c with libpng-1.7.0

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=27
2013-04-26 07:19:24 +00:00
36eb8d4222 - conflict with libpng12-compat-devel-32bit and libpng15-compat-devel-32bit
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=24
2013-04-02 13:36:34 +00:00
6c0fa4064a - updated to 1.6.1:
Made sRGB check numbers consistent.
  Use parentheses more consistently in "#if defined(MACRO)" tests.
  Reenabled code to allow zero length PLTE chunks for MNG.
  Fixed ALIGNED_MEMORY support.
  Avoid a possible memory leak in contrib/gregbook/readpng.c
  Better documentation of unknown handling API interactions.
  Corrected simplified API default gamma for color-mapped output, added
    a flag to change default. In 1.6.0 when the simplified API was used
    to produce color-mapped output from an input image with no gamma
    information the gamma assumed for the input could be different from
    that assumed for non-color-mapped output.  In particular 16-bit depth
    input files were assumed to be sRGB encoded, whereas in the 'direct'
    case they were assumed to have linear data.  This was an error.  The
    fix makes the simplified API treat all input files the same way and
    adds a new flag to the png_image::flags member to allow the
    application/user to specify that 16-bit files contain sRGB data
    rather than the default linear.
  etc., see ANNOUNCE or CHANGES for details
- dropped upstreamed 
  0387-Reenable-code-to-allow-zero-length-PLTE-chunks-for-M.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=23
2013-03-28 08:19:25 +00:00
b47f310c18 Accepting request 159787 from home:pgajdos:libpng16
- allow zero length PLTE chunks
  (fixes GraphicsMagick testsuite)

OBS-URL: https://build.opensuse.org/request/show/159787
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=21
2013-03-18 11:54:03 +00:00
1ea63dd29f - remove clean section
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=18
2013-03-04 07:50:59 +00:00
6f57a42e3a - updated to 1.6.0
- changes from 1.5.x to 1.6.x:
  * new simplified api added:
    macros:
     PNG_FORMAT_*
     PNG_IMAGE_*
    structures:
     png_control
     png_image
    read functions
     png_image_begin_read_from_file()
     png_image_begin_read_from_stdio()
     png_image_begin_read_from_memory()
     png_image_finish_read()
     png_image_free()
    write functions
     png_image_write_to_file()
     png_image_write_to_stdio()
  * possibility to configure libpng to prefix all exported symbols
    (PNG_PREFIX macro)
  * no longer include string.h in png.h
  * deprecated api:
    png_info_init_3()
    png_convert_to_rfc1123() which has been replaced
      with png_convert_to_rfc1123_buffer()
    png_data_freer()
    png_malloc_default()
    png_free_default()
    png_reset_zstream()
  * removed api:

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=16
2013-02-14 08:04:57 +00:00
5eba2ad7bb - updated to 1.6.0beta37
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=15
2013-01-14 09:53:02 +00:00
9ae76ed887 - updated to 1.6.0beta31
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=14
2012-11-20 12:47:12 +00:00
OBS User mrdocs
48993c25c5 Accepting request 139208 from home:jengelh:branches:graphics
- Add missing baselib requires for compat-devel-32bit

OBS-URL: https://build.opensuse.org/request/show/139208
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=13
2012-10-25 21:13:09 +00:00
a3f606ea43 - updated to 1.6.0beta29
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=12
2012-10-15 12:01:48 +00:00
8c5e18c218 - updated to 1.6.0beta26
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=11
2012-07-11 09:33:22 +00:00
04782455b3 - updated to 1.6.0beta24
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=10
2012-06-15 10:57:13 +00:00
038fca5a81 - updated to 1.6.0beta20
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=9
2012-03-29 13:16:43 +00:00
53280609b5 - updated to 1.6.0beta17
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=7
2012-03-14 11:29:43 +00:00
3b0d1f4212 - updated to 1.6.0beta12
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=4
2012-02-20 09:57:32 +00:00
93ba65dce2 OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=3 2012-02-20 09:52:44 +00:00