2020-04-14 14:35:05 by Thomas Klausner | Files touched by this commit (1) |
Log message:
png: drop maintainership
|
2019-11-02 23:38:06 by Roland Illig | Files touched by this commit (114) |
Log message:
graphics: align variable assignments
pkglint -Wall -F --only aligned --only indent -r
No manual corrections.
|
2019-04-17 09:05:21 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
png: update to 1.6.37.
This is largely a bugfix-only release. Most importantly, it contains
a fix for a use-after-free vulnerability (CVE-2019-7317) affecting
the simplified libpng API, and a fix for a memory leak affecting the
ARM NEON implementation of the palette-to-RGB(A) expansion.
|
2018-12-02 13:43:23 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
png: update to 1.6.36.
Version 1.6.36 [December 1, 2018]
Optimized png_do_expand_palette for ARM processors.
Improved performance by around 10-22% on a recent ARM Chromebook.
(Contributed by Richard Townsend, ARM Holdings)
Fixed manipulation of machine-specific optimization options.
(Contributed by Vicki Pfau)
Used memcpy instead of manual pointer arithmetic on Intel SSE2.
(Contributed by Samuel Williams)
Fixed build errors with MSVC on ARM64.
(Contributed by Zhijie Liang)
Fixed detection of libm in CMakeLists.
(Contributed by Cameron Cawley)
Fixed incorrect creation of pkg-config file in CMakeLists.
(Contributed by Kyle Bentley)
Fixed the CMake build on Windows MSYS by avoiding symlinks.
Fixed a build warning on OpenBSD.
(Contributed by Theo Buehler)
Fixed various typos in comments.
(Contributed by "luz.paz")
Raised the minimum required CMake version from 3.0.2 to 3.1.
Removed yet more of the vestigial support for pre-ANSI C compilers.
Removed ancient makefiles for ancient systems that have been broken
across all previous libpng-1.6.x versions.
Removed the Y2K compliance statement and the export control
information.
Applied various code style and documentation fixes.
|
2018-08-02 17:01:12 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
png: updated to 1.6.35
Version 1.6.35:
* Replaced the remaining uses of png_size_t with size_t (Cosmin)
* Fixed the calculation of row_factor in png_check_chunk_length
* Added missing parentheses to a macro definition
|
2017-10-02 11:24:30 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
png: update to 1.6.34.
Version 1.6.33beta01 [August 28, 2017]
Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing
parenthesis in contrib/pngminus/pnm2png.c (bug report by Christian Hesse).
Fixed off-by-one error in png_do_check_palette_indexes() (Bug report
by Mick P., Source Forge Issue #269).
Version 1.6.33beta02 [September 3, 2017]
Initialize png_handler.row_ptr in contrib/oss-fuzz/libpng_read_fuzzer.cc
to fix shortlived oss-fuzz issue 3234.
Compute a larger limit on IDAT because some applications write a deflate
buffer for each row (Bug report by Andrew Church).
Use current date (DATE) instead of release-date (RDATE) in last
changed date of contrib/oss-fuzz files.
Enabled ARM support in CMakeLists.txt (Bernd Kuhls).
Version 1.6.33beta03 [September 14, 2017]
Fixed incorrect typecast of some arguments to png_malloc() and
png_calloc() that were png_uint_32 instead of png_alloc_size_t
(Bug report by "irwir" in Github libpng issue #175).
Use pnglibconf.h.prebuilt when building for ANDROID with cmake (Github
issue 162, by rcdailey).
Version 1.6.33rc01 [September 20, 2017]
Initialize memory allocated by png_inflate to zero, using memset, to
stop an oss-fuzz "use of uninitialized value" detection in \
png_set_text_2()
due to truncated iTXt or zTXt chunk.
Initialize memory allocated by png_read_buffer to zero, using memset, to
stop an oss-fuzz "use of uninitialized value" detection in
png_icc_check_tag_table() due to truncated iCCP chunk.
Removed a redundant test (suggested by "irwir" in Github issue #180).
Version 1.6.33rc02 [September 23, 2017]
Added an interlaced version of each file in contrib/pngsuite.
Relocate new memset() call in pngrutil.c.
Removed more redundant tests (suggested by "irwir" in Github issue #180).
Add support for loading images with associated alpha in the Simplified
API (Samuel Williams).
Version 1.6.33 [September 28, 2017]
Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state.
Initialize png_handler.row_ptr in contrib/oss-fuzz/libpng_read_fuzzer.cc
Add end_info structure and png_read_end() to the libpng fuzzer.
Version 1.6.34 [September 29, 2017]
Removed contrib/pngsuite/i*.png; some of these were incorrect and caused
test failures.
|
2017-08-26 07:50:01 by Thomas Klausner | Files touched by this commit (2) |
Log message:
Updated png to 1.6.32.
Version 1.6.32beta01 [July 31, 2017]
Avoid possible NULL dereference in png_handle_eXIf when benign_errors
are allowed. Avoid leaking the input buffer "eXIf_buf".
Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif
to arguments for png_get_eXIf() and png_set_eXIf().
Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in
pngwrite.c, and made various other fixes to png_write_eXIf().
Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and
png_set_eXIf_1(), respectively, to avoid breaking API compatibility
with libpng-1.6.31.
Version 1.6.32beta02 [August 1, 2017]
Updated contrib/libtests/pngunknown.c with eXIf chunk.
Version 1.6.32beta03 [August 2, 2017]
Initialized btoa[] in pngstest.c
Stop memory leak when returning from png_handle_eXIf() with an error
(Bug report from the OSS-fuzz project).
Version 1.6.32beta04 [August 2, 2017]
Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
Update libpng.3 and libpng-manual.txt about eXIf functions.
Version 1.6.32beta05 [August 2, 2017]
Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability.
Version 1.6.32beta06 [August 2, 2017]
Removed png_get_eXIf_1() and png_set_eXIf_1().
Version 1.6.32beta07 [August 3, 2017]
Check length of all chunks except IDAT against user limit to fix an
OSS-fuzz issue.
Version 1.6.32beta08 [August 3, 2017]
Check length of IDAT against maximum possible IDAT size, accounting
for height, rowbytes, interlacing and zlib/deflate overhead.
Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf)
does not work (the eXIf chunk data can contain zeroes).
Version 1.6.32beta09 [August 3, 2017]
Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation,
no longer using deprecated cmake LOCATION feature (Clifford Yapp).
Fixed five-byte error in the calculation of IDAT maximum possible size.
Version 1.6.32beta10 [August 5, 2017]
Moved chunk-length check into a png_check_chunk_length() private
function (Suggested by Max Stepin).
Moved bad pngs from tests to contrib/libtests/crashers
Moved testing of bad pngs into a separate tests/pngtest-badpngs script
Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL
in the output but PASS for the libpng test.
Require cmake-3.0.2 in CMakeLists.txt (Clifford Yapp).
Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the
num_exif argument to png_get_eXIf_1() (Github Issue 171).
Version 1.6.32beta11 [August 7, 2017]
Added "eXIf" to "chunks_to_ignore[]" in \
png_set_keep_unknown_chunks().
Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers.
Make pngtest --strict, --relax, --xfail options imply -m (multiple).
Removed unused chunk_name parameter from png_check_chunk_length().
Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak.
Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue.
Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR.
Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.
Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account
for the minimum 'deflate' stream, and relocate the test to a point
after the keyword has been read.
Check that the eXIf chunk has at least 2 bytes and begins with "II" \
or "MM".
Version 1.6.32rc01 [August 18, 2017]
Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers,
one for each known chunk type, with length = 2GB-1.
Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts
in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706,
and 162707).
Renamed chunks in contrib/testpngs/crashers to avoid having files whose
names differ only in case; this causes problems with some platforms
(github issue #172).
Version 1.6.32rc02 [August 22, 2017]
Added contrib/oss-fuzz directory which contains files used by the oss-fuzz
project (https://github.com/google/oss-fuzz/tree/master/projects/libpng).
Version 1.6.32 [August 24, 2017]
No changes.
|
2017-07-28 00:07:07 by Thomas Klausner | Files touched by this commit (2) |
Log message:
Updated png to 1.6.31.
Changes since the last public release (1.6.30):
Guard the definition of _POSIX_SOURCE in pngpriv.h (AIX already defines it;
bug report by Michael Felt).
Revised pngpriv.h to work around failure to compile arm/filter_neon.S
("typedef" directive is unrecognized by the assembler). The problem
was introduced in libpng-1.6.30beta01.
Added "Requires: zlib" to libpng.pc.in (Pieter Neerincx).
Added special case for FreeBSD in arm/filter_neon.S (Maya Rashish).
Added instructions for disabling hardware optimizations in INSTALL.
Added "--enable-hardware-optimizations" configuration flag to enable
or disable all hardware optimizations with one flag.
Updated CMakeLists.txt to add INTEL_SSE and MIPS_MSA platforms.
Changed "int" to "png_size_t" in intel/filter_sse2.c to prevent
possible integer overflow (Bug report by John Bowler).
Quieted "declaration after statement" warnings in intel/filter_sse2.c.
Added scripts/makefile-linux-opt, which has hardware optimizations enabled.
Removed one of the GCC-7.1.0 'strict-overflow' warnings that result when
integers appear on both sides of a compare. Worked around the others by
forcing the strict-overflow setting in the relevant functions to a level
where they are not reported (John Bowler).
Changed "FALL THROUGH" comments to "FALLTHROUGH" because \
GCC doesn't like
the space.
Worked around some C-style casts from (void*) because g++ 5.4.0 objects
to them.
Increased the buffer size for 'sprint' to pass the gcc 7.1.0 'sprint
overflow' check that is on by default with -Wall -Wextra.
Added eXIf chunk support.
Added a minimal eXIf chunk (with Orientation and FocalLengthIn35mmFilm
tags) to pngtest.png.
|
2017-07-05 06:59:16 by Maya Rashish | Files touched by this commit (2) |
Log message:
png: don't typedef things when included by assembler code.
the current change is somewhat overkill and excludes some extra function
declarations, but there's only one assembler file for which it applies and
it was tested to build.
Fixes compilation on ARM reported by John Klos in PR pkg/52367
|
2017-07-03 13:07:00 by Thomas Klausner | Files touched by this commit (2) |
Log message:
Updated png to 1.6.30.
Changes since the last public release (1.6.29):
Added missing "$(CPPFLAGS)" to the compile line for c.pic.o in
makefile.linux and makefile.solaris-x86 (Cosmin).
Revised documentation of png_get_error_ptr() in the libpng manual.
Silence clang -Wcomma and const drop warnings (Viktor Szakats).
Update Sourceforge URLs in documentation (https instead of http).
Document need to check for integer overflow when allocating a pixel
buffer for multiple rows in contrib/gregbook, contrib/pngminus,
example.c, and in the manual (suggested by Jaeseung Choi). This
is similar to the bug reported against pngquant in CVE-2016-5735.
Removed reference to the obsolete PNG_SAFE_LIMITS macro in the documentation.
Check for integer overflow in contrib/visupng and contrib/tools/genpng.
Do not double evaluate CMAKE_SYSTEM_PROCESSOR in CMakeLists.txt.
Test CMAKE_HOST_WIN32 instead of WIN32 in CMakeLists.txt.
Fix some URL in documentation.
Avoid writing an empty IDAT when the last IDAT exactly fills the
compression buffer (bug report by Brian Baird). This bug was
introduced in libpng-1.6.0.
Update copyright year in pnglibconf.h, make ltmain.sh executable.
Add a reference to the libpng.download site in README.
|