libpng16/libpng-1.6.34.tar.xz.asc
Petr Gajdos e4eeecccf9 Accepting request 570288 from home:avindra
- update to 1.6.34:
  * Removed contrib/pngsuite/i*.png; some of these were incorrect
    and caused test failures.
- includes 1.6.33:
  * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added
    missing parenthesis in contrib/pngminus/pnm2png.c
  * Fixed off-by-one error in png_do_check_palette_indexes()
  * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc
    to fix shortlived oss-fuzz issue 3234.
  * Compute a larger limit on IDAT because some applications write
    a deflate buffer for each row
  * Use current date (DATE) instead of release-date (RDATE) in last
    changed date of contrib/oss-fuzz files.
  * Enabled ARM support in CMakeLists.txt
  * Fixed incorrect typecast of some arguments to png_malloc() and
    png_calloc() that were png_uint_32 instead of png_alloc_size_t
  * Use pnglibconf.h.prebuilt when building for ANDROID with cmake
  * Initialize memory allocated by png_inflate to zero, using
    memset, to stop an oss-fuzz "use of uninitialized value"
    detection in png_set_text_2() due to truncated iTXt or zTXt
    chunk.
  * Initialize memory allocated by png_read_buffer to zero, using
    memset, to stop an oss-fuzz "use of uninitialized value"
    detection in png_icc_check_tag_table() due to truncated iCCP
    chunk.
  * Removed redundant tests
  * Added an interlaced version of each file in contrib/pngsuite.
  * Relocate new memset() call in pngrutil.c
  * Add support for loading images with associated alpha in the
    Simplified API
  * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32
    state
  * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc
  * Add end_info structure and png_read_end() to the libpng fuzzer
- includes 1.6.32:
  * Avoid possible NULL dereference in png_handle_eXIf when
    benign_errors are allowed. Avoid leaking the input buffer
    "eXIf_buf".
  * Eliminated png_ptr->num_exif member from pngstruct.h and added
    num_exif to arguments for png_get_eXIf() and png_set_eXIf().
  * Added calls to png_handle_eXIf(() in pngread.c and
    png_write_eXIf() in pngwrite.c, and made various other fixes
    to png_write_eXIf().
  * Changed name of png_get_eXIF and png_set_eXIf() to
    png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid
    breaking API compatibility with libpng-1.6.31.
  * Updated contrib/libtests/pngunknown.c with eXIf chunk.
  * Initialized btoa[] in pngstest.c
  * Stop memory leak when returning from png_handle_eXIf() with an
    error
  * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
  * Update libpng.3 and libpng-manual.txt about eXIf functions.
  * Restored png_get_eXIf() and png_set_eXIf() to maintain API
    compatability.
  * Removed png_get_eXIf_1() and png_set_eXIf_1().
  * Check length of all chunks except IDAT against user limit to
    fix an OSS-fuzz issue (Fixes CVE-2017-12652)
  * Check length of IDAT against maximum possible IDAT size,
    accounting for height, rowbytes, interlacing and zlib/deflate
    overhead.
  * Restored png_get_eXIf_1() and png_set_eXIf_1(), because
    strlen(eXIf_buf) does not work (the eXIf chunk data can
    contain zeroes).
  * Revised symlink creation, no longer using deprecated cmake
    LOCATION feature
  * Fixed five-byte error in the calculation of IDAT maximum
    possible size.
  * Moved chunk-length check into a png_check_chunk_length()
    private function
  * Moved bad pngs from tests to contrib/libtests/crashers
  * Moved testing of bad pngs into a separate
    tests/pngtest-badpngs script
  * Added the --xfail (expected FAIL) option to pngtest.c. It
    writes XFAIL in the output but PASS for the libpng test.
  * Require cmake-3.0.2 in CMakeLists.txt
  * Fix "const" declaration info_ptr argument to png_get_eXIf_1()
    and the num_exif argument to png_get_eXIf_1()
  * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
  * Added huge_IDAT.png and empty_ancillary_chunks.png to
    testpngs/crashers.
  * Make pngtest --strict, --relax, --xfail options imply -m
    (multiple).
  * Removed unused chunk_name parameter from png_check_chunk_length().
  * Relocated setting free_me for eXIf data, to stop an OSS-fuzz'
    leak.
  * Initialize profile_header[] in png_handle_iCCP() to fix
    OSS-fuzz issue.
  * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix
    OSS-fuzz UMR.
  * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.
  * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(),
    to account for the minimum 'deflate' stream, and relocate the
    test to a point after the keyword has been read.
  * Check that the eXIf chunk has at least 2 bytes and begins with
    "II" or "MM".
  * Added a set of "huge_xxxx_chunk.png" files to
    contrib/testpngs/crashers, one for each known chunk type, with
    length = 2GB-1.
  * Check for 0 return from png_get_rowbytes() and added some
    (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity
    issues (162705, 162706, and 162707).
  * Renamed chunks in contrib/testpngs/crashers to avoid having
    files whose names differ only in case; this causes problems with
    some platforms
  * Added contrib/oss-fuzz directory which contains files used by
    the oss-fuzz project
- cleanup with spec-cleaner

OBS-URL: https://build.opensuse.org/request/show/570288
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=102
2018-01-29 06:59:18 +00:00

18 lines
819 B
Plaintext

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJZzghsAAoJEPVJhL+hbGQPxfAP/iNKJV+UC3f6zNE62jPCjNVg
Gx3pOhWHMw2+mkN8NxlI7L5qPRj/zJ2G0iso2CVXBRzcb21aNMZ+Jx4/mQ1p2qPT
olupBl3mug/zucdUVSxsN0g2i7/atvxHX3fjkCjoNsNpkcBWPGZFhE5yZZTYU5Oz
qNrfluwkV+jC2XWqMw/B40Mahw4LwmbvzXeduaBxxNXDM7nund0vsEdoGYeI/NZx
G106dg+hmalJq1084M+SHyOiDa4xh1CAdpeJnwaL1IMjsbzyALZezUxx2PqrwwVg
WgLuSfPRZjNBFLZJxCBM1Y49QiON90NQzdZqeCA+0nNDQZtQAKPEI/zGadWZHBKd
4H5d19VvmYo2dPsvBoK5t8QSXeSEreTGsryQcKRbNvbzxMSBNdHN/C6zg13Kuteg
1xyx9jTtS59Ir+oOkE9EhXSAhEp4baPzFqjIwK2NON6/+gv9BYywVwc6cTfCz2rR
NgXaxe5/8qCZCb1DM6ZmgbhlLtXUrOLED49zX5ndcHpGBAQx5HVj7GRNn6VcSw1U
Ljk+S9r2A7g/mEzNqzeHcqpMSCjSt59RpQXvDfTI7vF1lxRqmNGMG1W9Sjk0DKe7
nPI7a/wAf6S8gU+VhPOHhj3I/B4e4IrBuwWj4NGaUO0RBbDwWYPXLrrDoMC7FBW7
Z+dSb9Tb6/Ihc3NXkJFI
=qQuX
-----END PGP SIGNATURE-----