- version update to 1.6.44:
* Hardened calculations in chroma handling to prevent overflows, and
relaxed a constraint in cHRM validation to accomodate the standard
ACES AP1 set of color primaries.
(Contributed by John Bowler)
* Removed the ASM implementation of ARM Neon optimizations and updated
the build accordingly. Only the remaining C implementation shall be
used from now on, thus ensuring the support of the PAC/BTI security
features on ARM64.
(Contributed by Ross Burton and John Bowler)
* Fixed the pickup of the PNG_HARDWARE_OPTIMIZATIONS option in the
CMake build on FreeBSD/amd64. This is an important performance fix
on this platform.
* Applied various fixes and improvements to the CMake build.
(Contributed by Eric Riff, Benjamin Buch and Erik Scholz)
* Added fuzzing targets for the simplified read API.
(Contributed by Mikhail Khachayants)
* Fixed a build error involving pngtest.c under a custom config.
This was a regression introduced in a code cleanup in libpng-1.6.43.
(Contributed by Ben Wagner)
* Fixed and improved the config files for AppVeyor CI and Travis CI.
- Drop upstream patch:
* 563.patch (forwarded request 1219518 from Guillaume_G)
OBS-URL: https://build.opensuse.org/request/show/1219523
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libpng16?expand=0&rev=57
* Hardened calculations in chroma handling to prevent overflows, and
relaxed a constraint in cHRM validation to accomodate the standard
ACES AP1 set of color primaries.
(Contributed by John Bowler)
* Removed the ASM implementation of ARM Neon optimizations and updated
the build accordingly. Only the remaining C implementation shall be
used from now on, thus ensuring the support of the PAC/BTI security
features on ARM64.
(Contributed by Ross Burton and John Bowler)
* Fixed the pickup of the PNG_HARDWARE_OPTIMIZATIONS option in the
CMake build on FreeBSD/amd64. This is an important performance fix
on this platform.
* Applied various fixes and improvements to the CMake build.
(Contributed by Eric Riff, Benjamin Buch and Erik Scholz)
* Added fuzzing targets for the simplified read API.
(Contributed by Mikhail Khachayants)
* Fixed a build error involving pngtest.c under a custom config.
This was a regression introduced in a code cleanup in libpng-1.6.43.
(Contributed by Ben Wagner)
* Fixed and improved the config files for AppVeyor CI and Travis CI.
- Drop upstream patch:
* 563.patch
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=150
- version update to 1.6.43
* Fixed the row width check in png_check_IHDR().
This corrected a bug that was specific to the 16-bit platforms,
and removed a spurious compiler warning from the 64-bit builds.
(Reported by Jacek Caban; fixed by John Bowler)
* Added eXIf chunk support to the push-mode reader in pngpread.c.
(Contributed by Chris Blume)
* Added contrib/pngexif for the benefit of the users who would like
to inspect the content of eXIf chunks.
* Added contrib/conftest/basic.dfa, a basic build-time configuration.
(Contributed by John Bowler)
* Fixed a preprocessor condition in pngread.c that broke build-time
configurations like contrib/conftest/pngcp.dfa.
(Contributed by John Bowler)
* Added CMake build support for LoongArch LSX.
(Contributed by GuXiWei)
* Fixed a CMake build error that occurred under a peculiar state of the
dependency tree. This was a regression introduced in libpng-1.6.41.
(Contributed by Dan Rosser)
* Marked the installed libpng headers as system headers in CMake.
(Contributed by Benjamin Buch)
* Updated the build support for RISCOS.
(Contributed by Cameron Cawley)
* Updated the makefiles to allow cross-platform builds to initialize
conventional make variables like AR and ARFLAGS.
* Added various improvements to the CI scripts in areas like version
consistency verification and text linting.
* Added version consistency verification to pngtest.c also.
OBS-URL: https://build.opensuse.org/request/show/1155898
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libpng16?expand=0&rev=54
- Update to version 1.6.40:
* Fixed the eXIf chunk multiplicity checks.
* Fixed a memory leak in pCAL processing.
* Corrected the validity report about tRNS inside png_get_valid().
* Fixed various build issues on *BSD, Mac and Windows.
* Updated the configurations and the scripts for continuous integration.
* Cleaned up the code, the build scripts, and the documentation. (forwarded request 1094720 from pluskalm)
OBS-URL: https://build.opensuse.org/request/show/1094850
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libpng16?expand=0&rev=51
- Update to version 1.6.40:
* Fixed the eXIf chunk multiplicity checks.
* Fixed a memory leak in pCAL processing.
* Corrected the validity report about tRNS inside png_get_valid().
* Fixed various build issues on *BSD, Mac and Windows.
* Updated the configurations and the scripts for continuous integration.
* Cleaned up the code, the build scripts, and the documentation.
OBS-URL: https://build.opensuse.org/request/show/1094720
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=138
- make check actually works under asan
- version update to 1.6.37
Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.
Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette.
Fixed a memory leak in pngtest.c.
Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in
contrib/pngminus; refactor.
Changed the license of contrib/pngminus to MIT; refresh makefile and docs.
(Contributed by Willem van Schaik)
Added makefiles for AddressSanitizer-enabled builds.
- deleted patches
- libpng-arm-free.patch (upstreamed)
OBS-URL: https://build.opensuse.org/request/show/694940
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libpng16?expand=0&rev=42
Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.
Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette.
Fixed a memory leak in pngtest.c.
Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in
contrib/pngminus; refactor.
Changed the license of contrib/pngminus to MIT; refresh makefile and docs.
(Contributed by Willem van Schaik)
Added makefiles for AddressSanitizer-enabled builds.
- deleted patches
- libpng-arm-free.patch (upstreamed)
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=117
- update to 1.6.36:
Replaced the remaining uses of png_size_t with size_t (Cosmin)
Fixed the calculation of row_factor in png_check_chunk_length
(reported by Thuan Pham in SourceForge issue #278)
Added missing parentheses to a macro definition
(suggested by "irwir" in GitHub issue #216)
Optimized png_do_expand_palette for ARM processors.
Improved performance by around 10-22% on a recent ARM Chromebook.
(Contributed by Richard Townsend, ARM Holdings)
Fixed manipulation of machine-specific optimization options.
(Contributed by Vicki Pfau)
Used memcpy instead of manual pointer arithmetic on Intel SSE2.
(Contributed by Samuel Williams)
Fixed build errors with MSVC on ARM64.
(Contributed by Zhijie Liang)
Fixed detection of libm in CMakeLists.
(Contributed by Cameron Cawley)
Fixed incorrect creation of pkg-config file in CMakeLists.
(Contributed by Kyle Bentley)
Fixed the CMake build on Windows MSYS by avoiding symlinks.
Fixed a build warning on OpenBSD.
(Contributed by Theo Buehler)
Fixed various typos in comments.
(Contributed by "luz.paz")
Raised the minimum required CMake version from 3.0.2 to 3.1.
Removed yet more of the vestigial support for pre-ANSI C compilers.
Removed ancient makefiles for ancient systems that have been broken
across all previous libpng-1.6.x versions.
Removed the Y2K compliance statement and the export control
information.
OBS-URL: https://build.opensuse.org/request/show/662196
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libpng16?expand=0&rev=40
Replaced the remaining uses of png_size_t with size_t (Cosmin)
Fixed the calculation of row_factor in png_check_chunk_length
(reported by Thuan Pham in SourceForge issue #278)
Added missing parentheses to a macro definition
(suggested by "irwir" in GitHub issue #216)
Optimized png_do_expand_palette for ARM processors.
Improved performance by around 10-22% on a recent ARM Chromebook.
(Contributed by Richard Townsend, ARM Holdings)
Fixed manipulation of machine-specific optimization options.
(Contributed by Vicki Pfau)
Used memcpy instead of manual pointer arithmetic on Intel SSE2.
(Contributed by Samuel Williams)
Fixed build errors with MSVC on ARM64.
(Contributed by Zhijie Liang)
Fixed detection of libm in CMakeLists.
(Contributed by Cameron Cawley)
Fixed incorrect creation of pkg-config file in CMakeLists.
(Contributed by Kyle Bentley)
Fixed the CMake build on Windows MSYS by avoiding symlinks.
Fixed a build warning on OpenBSD.
(Contributed by Theo Buehler)
Fixed various typos in comments.
(Contributed by "luz.paz")
Raised the minimum required CMake version from 3.0.2 to 3.1.
Removed yet more of the vestigial support for pre-ANSI C compilers.
Removed ancient makefiles for ancient systems that have been broken
across all previous libpng-1.6.x versions.
Removed the Y2K compliance statement and the export control
information.
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=111
- check with -j1
- Fix SRPM group and grammar issues.
- removed obsoleted Obsoletes
- update to 1.6.34:
* Removed contrib/pngsuite/i*.png; some of these were incorrect
and caused test failures.
- includes 1.6.33:
* Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added
missing parenthesis in contrib/pngminus/pnm2png.c
* Fixed off-by-one error in png_do_check_palette_indexes()
* Initialize png_handler.row_ptr in libpng_read_fuzzer.cc
to fix shortlived oss-fuzz issue 3234.
* Compute a larger limit on IDAT because some applications write
a deflate buffer for each row
* Use current date (DATE) instead of release-date (RDATE) in last
changed date of contrib/oss-fuzz files.
* Enabled ARM support in CMakeLists.txt
* Fixed incorrect typecast of some arguments to png_malloc() and
png_calloc() that were png_uint_32 instead of png_alloc_size_t
* Use pnglibconf.h.prebuilt when building for ANDROID with cmake
* Initialize memory allocated by png_inflate to zero, using
memset, to stop an oss-fuzz "use of uninitialized value"
detection in png_set_text_2() due to truncated iTXt or zTXt
chunk.
* Initialize memory allocated by png_read_buffer to zero, using
memset, to stop an oss-fuzz "use of uninitialized value"
detection in png_icc_check_tag_table() due to truncated iCCP
OBS-URL: https://build.opensuse.org/request/show/571330
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libpng16?expand=0&rev=37
- update to 1.6.34:
* Removed contrib/pngsuite/i*.png; some of these were incorrect
and caused test failures.
- includes 1.6.33:
* Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added
missing parenthesis in contrib/pngminus/pnm2png.c
* Fixed off-by-one error in png_do_check_palette_indexes()
* Initialize png_handler.row_ptr in libpng_read_fuzzer.cc
to fix shortlived oss-fuzz issue 3234.
* Compute a larger limit on IDAT because some applications write
a deflate buffer for each row
* Use current date (DATE) instead of release-date (RDATE) in last
changed date of contrib/oss-fuzz files.
* Enabled ARM support in CMakeLists.txt
* Fixed incorrect typecast of some arguments to png_malloc() and
png_calloc() that were png_uint_32 instead of png_alloc_size_t
* Use pnglibconf.h.prebuilt when building for ANDROID with cmake
* Initialize memory allocated by png_inflate to zero, using
memset, to stop an oss-fuzz "use of uninitialized value"
detection in png_set_text_2() due to truncated iTXt or zTXt
chunk.
* Initialize memory allocated by png_read_buffer to zero, using
memset, to stop an oss-fuzz "use of uninitialized value"
detection in png_icc_check_tag_table() due to truncated iCCP
chunk.
* Removed redundant tests
* Added an interlaced version of each file in contrib/pngsuite.
* Relocate new memset() call in pngrutil.c
* Add support for loading images with associated alpha in the
Simplified API
* Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32
state
* Initialize png_handler.row_ptr in libpng_read_fuzzer.cc
* Add end_info structure and png_read_end() to the libpng fuzzer
- includes 1.6.32:
* Avoid possible NULL dereference in png_handle_eXIf when
benign_errors are allowed. Avoid leaking the input buffer
"eXIf_buf".
* Eliminated png_ptr->num_exif member from pngstruct.h and added
num_exif to arguments for png_get_eXIf() and png_set_eXIf().
* Added calls to png_handle_eXIf(() in pngread.c and
png_write_eXIf() in pngwrite.c, and made various other fixes
to png_write_eXIf().
* Changed name of png_get_eXIF and png_set_eXIf() to
png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid
breaking API compatibility with libpng-1.6.31.
* Updated contrib/libtests/pngunknown.c with eXIf chunk.
* Initialized btoa[] in pngstest.c
* Stop memory leak when returning from png_handle_eXIf() with an
error
* Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
* Update libpng.3 and libpng-manual.txt about eXIf functions.
* Restored png_get_eXIf() and png_set_eXIf() to maintain API
compatability.
* Removed png_get_eXIf_1() and png_set_eXIf_1().
* Check length of all chunks except IDAT against user limit to
fix an OSS-fuzz issue (Fixes CVE-2017-12652)
* Check length of IDAT against maximum possible IDAT size,
accounting for height, rowbytes, interlacing and zlib/deflate
overhead.
* Restored png_get_eXIf_1() and png_set_eXIf_1(), because
strlen(eXIf_buf) does not work (the eXIf chunk data can
contain zeroes).
* Revised symlink creation, no longer using deprecated cmake
LOCATION feature
* Fixed five-byte error in the calculation of IDAT maximum
possible size.
* Moved chunk-length check into a png_check_chunk_length()
private function
* Moved bad pngs from tests to contrib/libtests/crashers
* Moved testing of bad pngs into a separate
tests/pngtest-badpngs script
* Added the --xfail (expected FAIL) option to pngtest.c. It
writes XFAIL in the output but PASS for the libpng test.
* Require cmake-3.0.2 in CMakeLists.txt
* Fix "const" declaration info_ptr argument to png_get_eXIf_1()
and the num_exif argument to png_get_eXIf_1()
* Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
* Added huge_IDAT.png and empty_ancillary_chunks.png to
testpngs/crashers.
* Make pngtest --strict, --relax, --xfail options imply -m
(multiple).
* Removed unused chunk_name parameter from png_check_chunk_length().
* Relocated setting free_me for eXIf data, to stop an OSS-fuzz'
leak.
* Initialize profile_header[] in png_handle_iCCP() to fix
OSS-fuzz issue.
* Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix
OSS-fuzz UMR.
* Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.
* Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(),
to account for the minimum 'deflate' stream, and relocate the
test to a point after the keyword has been read.
* Check that the eXIf chunk has at least 2 bytes and begins with
"II" or "MM".
* Added a set of "huge_xxxx_chunk.png" files to
contrib/testpngs/crashers, one for each known chunk type, with
length = 2GB-1.
* Check for 0 return from png_get_rowbytes() and added some
(size_t) typecasts in contrib/pngminus/*.c to stop some Coverity
issues (162705, 162706, and 162707).
* Renamed chunks in contrib/testpngs/crashers to avoid having
files whose names differ only in case; this causes problems with
some platforms
* Added contrib/oss-fuzz directory which contains files used by
the oss-fuzz project
- cleanup with spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/570288
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=102