Log message:
Pullup ticket #3449 - requested by wiz
graphics/png security update.
Revisions pulled up:
- graphics/png/Makefile 1.132-1.137
- graphics/png/distinfo 1.78-1.84
- graphics/png/patches/patch-pngconf.h 0
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 5 12:47:56 UTC 2011
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Removed Files:
pkgsrc/graphics/png/patches: patch-pngconf.h
Log message:
Update to 1.5.2:
Version 1.5.2beta01 [February 13, 2011]
More -Wshadow fixes for older gcc compilers. Older gcc versions apparently
check formal parameters names in function declarations (as well as
definitions) to see if they match a name in the global namespace.
Revised PNG_EXPORTA macro to not use an empty parameter, to accommodate the
old VisualC++ preprocessor.
Turned on interlace handling in png_read_png().
Fixed gcc pendantic warnings.
Handle longjmp in Cygwin.
Fixed png_get_current_row_number() in the interlaced case.
Cleaned up ALPHA flags and transformations.
Implemented expansion to 16 bits.
Version 1.5.2beta02 [February 19, 2011]
Fixed mistake in the descriptions of user read_transform and write_transform
function prototypes in the manual. The row_info struct is png_row_infop.
Reverted png_get_current_row_number() to previous (1.5.2beta01) behavior.
Corrected png_get_current_row_number documentation
Fixed the read/write row callback documentation.
This documents the current behavior, where the callback is called after
every row with information pertaining to the next row.
Version 1.5.2beta03 [March 3, 2011]
Fixed scripts/makefile.vcwin32
Updated contrib/pngsuite/README to add the word "modify".
Define PNG_ALLOCATED to blank when _MSC_VER<1300.
Version 1.5.2rc01 [March 19, 2011]
Define remaining attributes to blank when MSC_VER<1300.
ifdef out mask arrays in pngread.c when interlacing is not supported.
Version 1.5.2rc02 [March 22, 2011]
Added a hint to try CPP=/bin/cpp if "cpp -E" fails in \
scripts/pnglibconf.mak
and in contrib/pngminim/*/makefile, eg., on SunOS 5.10, and removed \
"strip"
from the makefiles.
Fixed a bug (present since libpng-1.0.7) that makes png_handle_sPLT() fail
to compile when PNG_NO_POINTER_INDEXING is defined (Chubanov Kirill)
Version 1.5.2rc03 [March 24, 2011]
Don't include standard header files in png.h while building the symbol table,
to avoid cpp failure on SunOS (introduced PNG_BUILDING_SYMBOL_TABLE macro).
Version 1.5.2 [March 31, 2011]
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue May 3 09:07:35 UTC 2011
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Log message:
Update to 1.5.3beta04 to fix a regression reported on tech-pkg (see beta03,
last entry).
Version 1.5.3beta01 [April 1, 2011]
Re-initialize the zlib compressor before compressing non-IDAT chunks.
Added API functions to set parameters for zlib compression of non-IDAT
chunks.
Version 1.5.3beta02 [April 3, 2011]
Updated scripts/symbols.def with new API functions.
Only compile the new zlib re-initializing code when text or iCCP is
supported, using PNG_WRITE_COMPRESSED_TEXT_SUPPORTED macro.
Improved the optimization of the zlib CMF byte (see libpng-1.2.6beta03).
Optimize the zlib CMF byte in non-IDAT compressed chunks
Version 1.5.3beta03 [April 16, 2011]
Fixed gcc -ansi -pedantic compile. A strict ANSI system does not have
snprintf, and the "__STRICT_ANSI__" detects that condition more \
reliably
than __STDC__ (John Bowler).
Removed the PNG_PTR_NORETURN attribute because it too dangerous. It tells
the compiler that a user supplied callback (the error handler) does not
return, yet there is no guarantee in practice that the application code
will correctly implement the error handler because the compiler only
issues a warning if there is a mistake (John Bowler).
Removed the no-longer-used PNG_DEPSTRUCT macro.
Updated the zlib version to 1.2.5 in the VStudio project.
Fixed 64-bit builds where png_uint_32 is smaller than png_size_t in
pngwutil.c (John Bowler).
Fixed bug with stripping the filler or alpha channel when writing, that
was introduced in libpng-1.5.2beta01 (bug report by Andrew Church).
Version 1.5.3beta04 [April 27, 2011]
Updated pngtest.png with the new zlib CMF optimization.
Cleaned up conditional compilation code and of background/gamma handling
Internal changes only except a new option to avoid compiling the
png_build_grayscale_palette API (which is not used at all internally.)
The main change is to move the transform tests (READ_TRANSFORMS,
WRITE_TRANSFORMS) up one level to the caller of the APIs. This avoids
calls to spurious functions if all transforms are disabled and slightly
simplifies those functions. Pngvalid modified to handle this.
A minor change is to stop the strip_16 and expand_16 interfaces from
disabling each other; this allows the future alpha premultiplication
code to use 16-bit intermediate values while still producing 8-bit output.
png_do_background and png_do_gamma have been simplified to take a single
pointer to the png_struct rather than pointers to every item required
from the png_struct. This makes no practical difference to the internal
code.
A serious bug in the pngvalid internal routine 'standard_display_init' has
been fixed - this failed to initialize the red channel and accidentally
initialized the alpha channel twice.
Changed png_struct jmp_buf member name from png_jmpbuf to tmp_jmpbuf to
avoid a clash with the png_jmpbuf macro on some platforms.
---
Module Name: pkgsrc
Committed By: adam
Date: Fri May 6 07:19:23 UTC 2011
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Log message:
Changes 1.5.3beta05:
* Added the "_POSIX_SOURCE" feature test macro to ensure libpng sees the
correct API. _POSIX_SOURCE is defined in pngpriv.h, pngtest.c and
pngvalid.c to ensure that POSIX conformant systems disable non-POSIX APIs.
* Removed png_snprintf and added formatted warning messages. This change adds
internal APIs to allow png_warning messages to have parameters without
requiring the host OS to implement snprintf. As a side effect the
dependency of the tIME-supporting RFC1132 code on stdio is removed and
PNG_NO_WARNINGS does actually work now.
* Added PNG_WRITE_OPTIMIZE_CMF_SUPPORTED macro to make the zlib \
"CMF" byte
optimization configureable.
* IDAT compression failed if preceded by a compressed text chunk (bug
introduced in libpng-1.5.3beta01-02). This was because the attempt to
reset the zlib stream in png_write_IDAT happened after the first IDAT
chunk had been deflated - much too late. In this change internal
functions were added to claim/release the z_stream and, hopefully, make
the code more robust. Also deflateEnd checking is added - previously
libpng would ignore an error at the end of the stream.
---
Module Name: pkgsrc
Committed By: obache
Date: Sun May 8 06:02:43 UTC 2011
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Log message:
Switch to use default EXTRACT_SUFX for distfile, .tar.gz is the only long term
provided archive for libpng beta release.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun May 8 09:09:20 UTC 2011
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Log message:
Update to 1.5.3beta06:
Version 1.5.3beta06 [May 8, 2011]
Removed the -D_ALL_SOURCE from definitions for AIX in CMakeLists.txt
Implemented premultiplied alpha support: png_set_alpha_mode API
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun May 8 09:11:08 UTC 2011
Modified Files:
pkgsrc/graphics/png: distinfo
Log message:
regen for targz change
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Jun 8 06:58:59 UTC 2011
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Log message:
Update to 1.5.3rc02 for a security fix.
Version 1.5.3beta07 [May 11, 2011]
Added expand_16 support to the high level interface.
Added named value and 'flag' gamma support to png_set_gamma. Made a minor
change from the previous (unreleased) ABI/API to hide the exact value used
for Macs - it's not a good idea to embed this in the ABI!
Moved macro definitions for PNG_HAVE_IHDR, PNG_HAVE_PLTE, and PNG_AFTER_IDAT
from pngpriv.h to png.h because they must be visible to applications
that call png_set_unknown_chunks().
Check for up->location !PNG_AFTER_IDAT when writing unknown chunks
before IDAT.
Version 1.5.3beta08 [May 16, 2011]
Improved "pngvalid --speed" to exclude more of pngvalid from the time.
Documented png_set_alpha_mode(), other changes in libpng.3/libpng-manual.txt
The cHRM chunk now sets the defaults for png_set_rgb_to_gray() (when negative
parameters are supplied by the caller), while in the absence of cHRM
sRGB/Rec 709 values are still used.
The bKGD chunk no longer overwrites the background value set by
png_set_background(), allowing the latter to be used before the file
header is read. It never performed any useful function to override
the default anyway.
Added memory overwrite and palette image checks to pngvalid.c
Previously palette image code was poorly checked. Since the transformation
code has a special palette path in most cases this was a severe weakness.
Minor cleanup and some extra checking in pngrutil.c and pngrtran.c. When
expanding an indexed image, always expand to RGBA if transparency is
present.
Version 1.5.3beta09 [May 17, 2011]
Reversed earlier 1.5.3 change of transformation order; move png_expand_16
back where it was. The change doesn't work because it requires 16-bit
gamma tables when the code only generates 8-bit ones. This fails
silently; the libpng code just doesn't do any gamma correction. Moving
the tests back leaves the old, inaccurate, 8-bit gamma calculations, but
these are clearly better than none!
Version 1.5.3beta10 [May 20, 2011]
png_set_background() and png_expand_16() did not work together correctly.
This problem is present in 1.5.2; if png_set_background is called with
need_expand false and the matching 16 bit color libpng erroneously just
treats it as an 8-bit color because of where png_do_expand_16 is in the
transform list. This simple fix reduces the supplied colour to 8-bits,
so it gets smashed, but this is better than the current behavior.
Added tests for expand16, more fixes for palette image tests to pngvalid.
Corrects the code for palette image tests and disables attempts to
validate palette colors.
Version 1.5.3rc01 [June 3, 2011]
No changes.
Version 1.5.3rc02 [June 7, 2011]
Fixed 1-byte uninitialized memory reference in png_format_buffer() (Bug
report by Frank Busse, related to CVE-2004-0421).
|