Log message:
Update to 1.5.9rc01, which includes the official patch for CVE-2011-3026.

Version 1.5.9beta01 [February 3, 2012]
  Rebuilt configure scripts in the tar distributions.

Version 1.5.9beta02 [February 16, 2012]
  Removed two unused definitions from scripts/pnglibconf.h.prebuilt
  Removed some unused arrays (with #ifdef) from png_read_push_finish_row().
  Removed tests for no-longer-used *_EMPTY_PLTE_SUPPORTED from pngstruct.h

Version 1.5.9rc01 [February 17, 2012]
  Fixed CVE-2011-3026 buffer overrun bug.  Deal more correctly with the test
    on iCCP chunk length. Also removed spurious casts that may hide problems
    on 16-bit systems.

Log message:
fix possible buffer overflow due to integer overflow in malloc()
size calculation (2011-3026), patch from Chromium via Redhat/Debian
bump PKGREV

Log message:
Update to 1.5.8:

Version 1.5.8beta01 [January 15, 2011]
  Removed '#include config.h"' from contrib/libtests/pngvalid.c.  It's not
    needed and causes trouble for VPATH building.
  Moved AC_MSG_CHECKING([if libraries can be versioned]) later to the proper
    location in configure.ac (Gilles Espinasse).
  Fix bug in pngerror.c: some long warnings were being improperly truncated
    (bug introduced in libpng-1.5.3beta05).

Version 1.5.8rc01 [January 21, 2012]
  No changes.

Version 1.5.8rc02 [January 25, 2012]
  Fixed Min/GW uninstall to remove libpng.dll.a
  Conditionalize the install rules for MINGW and CYGWIN in CMakeLists.txt

Log message:
png uses zlib license, just with very many (co)authors.
Set it, and remove separate png-license file.
Ok troxel

Log message:
Update png to 1.5.7:

Changes since the last public release (1.5.6):
  Added support for ARM processor (Mans Rullgard)
  Fixed bug in pngvalid on early allocation failure; fixed type cast in
    pngmem.c; pngvalid would attempt to call png_error() if the allocation
    of a png_struct or png_info failed. This would probably have led to a
    crash.  The pngmem.c implementation of png_malloc() included a cast
    to png_size_t which would fail on large allocations on 16-bit systems.
  Fix for the preprocessor of the Intel C compiler. The preprocessor
    splits adjacent @ signs with a space; this changes the concatentation
    token from @-@-@ to PNG_JOIN; that should work with all compiler
    preprocessors.
  Paeth filter speed improvements from work by Siarhei Siamashka. This
    changes the 'Paeth' reconstruction function to improve the GCC code
    generation on x86. The changes are only part of the suggested ones;
    just the changes that definitely improve speed and remain simple.
    The changes also slightly increase the clarity of the code.
  Check compression_type parameter in png_get_iCCP and remove spurious
    casts. The compression_type parameter is always assigned to, so must
    be non-NULL. The cast of the profile length potentially truncated the
    value unnecessarily on a 16-bit int system, so the cast of the (byte)
    compression type to (int) is specified by ANSI-C anyway.
  Fixed FP division by zero in pngvalid.c; the 'test_pixel' code left
    the sBIT fields in the test pixel as 0, which resulted in a floating
    point division by zero which was irrelevant but causes systems where
    FP exceptions cause a crash. Added code to pngvalid to turn on FP
    exceptions if the appropriate glibc support is there to ensure this is
    tested in the future.
  Added versioning to pnglibconf.h comments.
  Installed more accurate linear to sRGB conversion tables. The slightly
    modified tables reduce the number of 16-bit values that
    convert to an off-by-one 8-bit value.  The "makesRGB.c" code that \ 
was used
    to generate the tables is now in a contrib/sRGBtables sub-directory.
  Added run-time detection of NEON support.
  Multiple transform bug fixes plus a work-round for double gamma correction.
    libpng does not support more than one transform that requires linear data
    at once - if this is tried typically the results is double gamma
    correction. Since the simplified APIs can need rgb to gray combined with
    a compose operation it is necessary to do one of these outside the main
    libpng transform code. This check-in also contains fixes to various bugs
    in compose and rgb to gray (on palette).
  Fixes for C++ compilation using g++ When libpng source is compiled
    using g++. The compiler imposes C++ rules on the C source; thus it
    is desireable to make the source work with either C or C++ rules
    without throwing away useful error information.  This change adds
    png_voidcast to allow C semantic (void*) cases or the corresponding
    C++ static_cast operation, as appropriate.
  Added --noexecstack to assembler file compilation. GCC does not set
    this on assembler compilation, even though it does on C compilation.
    This creates security issues if assembler code is enabled; the
    work-around is to set it by default in the flags for $(CCAS)
  Removed "zTXt" from warning in generic chunk decompression function.
  Validate time settings passed to pngset() and png_convert_to_rfc1123()
    (Frank Busse).
  Added MINGW support to CMakeLists.txt
  Reject invalid compression flag or method when reading the iTXt chunk.
  Moved pngvalid.c into contrib/libtests
  Rebuilt Makefile.in, configure, etc., with autoconf-2.68
  Replaced an "#if" with "#ifdef" in pngrtran.c
  Revised #if PNG_DO_BC block in png.c (use #ifdef and add #else)
  Revised pngconf.h to use " __declspec(restrict)" only when MSC_VER \ 
>= 1400,
    as in libpng-1.5.4.
  Put CRLF line endings in the owatcom project files.
  Updated CMakeLists.txt to account for the relocation of pngvalid.c
  Minor fixes to pngvalid.c for gcc 4.6.2 compatibility to remove warnings
    reported by earlier versions.

Log message:
Update to 1.5.6, which integrated part of patch-aa (see beta04).

Version 1.5.6beta01 [September 22, 2011]
  Fixed some 64-bit type conversion warnings in pngrtran.c
  Moved row_info from png_struct to a local variable.
  The various interlace mask arrays have been made into arrays of
    bytes and made PNG_CONST and static (previously some arrays were
    marked PNG_CONST and some weren't).
  Additional checks have been added to the transform code to validate the
    pixel depths after the transforms on both read and write.
  Removed some redundant code from pngwrite.c, in png_destroy_write_struct().
  Changed chunk reading/writing code to use png_uint_32 instead of png_byte[4].
    This removes the need to allocate temporary strings for chunk names on
    the stack in the read/write code.  Unknown chunk handling still uses the
    string form because this is exposed in the API.

Version 1.5.6beta02 [September 26, 2011]
  Added a note in the manual the png_read_update_info() must be called only
    once with a particular info_ptr.
  Fixed a typo in the definition of the new PNG_STRING_FROM_CHUNK(s,c) macro.

Version 1.5.6beta03 [September 28, 2011]
  Revised test-pngtest.sh to report FAIL when pngtest fails.
  Added "--strict" option to pngtest, to report FAIL when the failure is
    only because the resulting valid files are different.
  Revised CMakeLists.txt to work with mingw and removed some material from
    CMakeLists.txt that is no longer useful in libpng-1.5.

Version 1.5.6beta04 [October 5, 2011]
  Fixed typo in Makefile.in and Makefile.am ("-M Wl" should be \ 
"-M -Wl")."

Version 1.5.6beta05 [October 12, 2011]
  Speed up png_combine_row() for interlaced images. This reduces the generality
    of the code, allowing it to be optimized for Adam7 interlace.  The masks
    passed to png_combine_row() are now generated internally, avoiding
    some code duplication and localizing the interlace handling somewhat.
  Align png_struct::row_buf - previously it was always unaligned, caused by
    a bug in the code that attempted to align it; the code needs to subtract
    one from the pointer to take account of the filter byte prepended to
    each row.
  Optimized png_combine_row() when rows are aligned. This gains a small
    percentage for 16-bit and 32-bit pixels in the typical case where the
    output row buffers are appropriately aligned. The optimization was not
    previously possible because the png_struct buffer was always misaligned.
  Fixed bug in png_write_chunk_header() debug print, introduced in 1.5.6beta01.

Version 1.5.6beta06 [October 17, 2011]
  Removed two redundant tests for unitialized row.
  Fixed a relatively harmless memory overwrite in compressed text writing
    with a 1 byte zlib buffer.
  Add ability to call png_read_update_info multiple times to pngvalid.c.
  Fixes for multiple calls to png_read_update_info. These fixes attend to
    most of the errors revealed in pngvalid, however doing the gamma work
    twice results in inaccuracies that can't be easily fixed.  There is now
    a warning in the code if this is going to happen.
  Turned on multiple png_read_update_info in pngvalid transform tests.
  Prevent libpng from overwriting unused bits at the end of the image when
    it is not byte aligned, while reading. Prior to libpng-1.5.6 libpng would
    overwrite the partial byte at the end of each row if the row width was not
    an exact multiple of 8 bits and the image is not interlaced.

Version 1.5.6beta07 [October 21, 2011]
  Made png_ptr->prev_row an aligned pointer into png_ptr->big_prev_row
    (Mans Rullgard).

Version 1.5.6rc01 [October 26, 2011]
  Changed misleading "Missing PLTE before cHRM" warning to "Out \ 
of place cHRM"

Version 1.5.6rc02 [October 27, 2011]
  Added LSR() macro to defend against buggy compilers that evaluate non-taken
    code branches and complain about out-of-range shifts.

Version 1.5.6rc03 [October 28, 2011]
  Renamed the LSR() macro to PNG_LSR() and added PNG_LSL() macro.
  Fixed compiler warnings with Intel and MSYS compilers. The logical shift
    fix for Microsoft Visual C is required by other compilers, so this
    enables that fix for all compilers when using compile-time constants.
    Under MSYS 'byte' is a name declared in a system header file, so we
    changed the name of a local variable to avoid the warnings that result.
  Added #define PNG_ALIGN_TYPE PNG_ALIGN_NONE to contrib/pngminim/*/pngusr.h

Version 1.5.6 [November 3, 2011]
  No changes.

Log message:
Fix typo to make this build again on SunOS.

Log message:
Update to 1.5.5 to fix CVE-2011-3328, requested by tron.

Version 1.5.5beta01 [July 13, 2011]
  Fixed some typos and made other minor changes in the manual.
  Updated contrib/pngminus/makefile.std (Samuli Souminen)

Version 1.5.5beta02 [July 14, 2011]
  Revised Makefile.am and Makefile.in to look in the right directory for
    pnglibconf.h.prebuilt

Version 1.5.5beta03 [July 27, 2011]
  Enabled compilation with g++ compiler.  This compiler does not recognize
    the file extension, so it always compiles with C++ rules.  Made minor
    changes to pngrutil.c to cast results where C++ expects it but C does not.
  Minor editing of libpng.3 and libpng-manual.txt.

Version 1.5.5beta04 [July 29, 2011]
  Revised CMakeLists.txt (Clifford Yapp)
  Updated commentary about the png_rgb_to_gray() default coefficients
    in the manual and in pngrtran.c

Version 1.5.5beta05 [August 17, 2011]
  Prevent unexpected API exports from non-libpng DLLs on Windows.  The \ 
"_DLL"
    is removed from the test of whether a DLL is being built (this erroneously
    caused the libpng APIs to be marked as DLL exports in static builds under
    Microsoft Visual Studio).  Almost all of the libpng building configuration
    is moved from pngconf.h to pngpriv.h, but PNG_DLL_EXPORT remains in
    pngconf.h, though, so that it is colocated with the import definition (it
    is no longer used anywhere in the installed headers).  The VStudio project
    definitions have been cleaned up: "_USRDLL" has been removed from the
    static library builds (this was incorrect), and PNG_USE_DLL has been added
    to pngvalid to test the functionality (pngtest does not supply it,
    deliberately).  The spurious "_EXPORTS" has been removed from the
    libpng build (all these errors were a result of copy/paste between project
    configurations.)
  Added new types and internal functions for CIE RGB end point handling to
    pngpriv.h (functions yet to be implemented).

Version 1.5.5beta06 [August 26, 2011]
  Ensure the CMAKE_LIBRARY_OUTPUT_DIRECTORY is set in CMakeLists.txt
    (Clifford Yap)
  Fixes to rgb_to_gray and cHRM XYZ APIs (John Bowler):
    The rgb_to_gray code had errors when combined with gamma correction.
    Some pixels were treated as true grey when they weren't and such pixels
    and true grey ones were not gamma corrected (the original value of the
    red component was used instead).  APIs to get and set cHRM using color
    space end points have been added and the rgb_to_gray code that defaults
    based on cHRM, and the divide-by-zero bug in png_handle_cHRM (CERT
    VU#477046, CVE-2011-3328, introduced in 1.5.4) have been corrected.
  A considerable number of tests has been added to pngvalid for the
    rgb_to_gray transform.
  Arithmetic errors in rgb_to_gray whereby the calculated gray value was
    truncated to the bit depth rather than rounded have been fixed except in
    the 8-bit non-gamma-corrected case (where consistency seems more important
    than correctness.)  The code still has considerable inaccuracies in the
    8-bit case because 8-bit linear arithmetic is used.

Version 1.5.5beta07 [September 7, 2011]
  Added "$(ARCH)" option to makefile.darwin
  Added SunOS support to configure.ac and Makefile.am
  Changed png_chunk_benign_error() to png_warning() in png.c, in
    png_XYZ_from_xy_checked().

Version 1.5.5beta08 [September 10, 2011]
  Fixed 64-bit compilation errors (gcc). The errors fixed relate
    to conditions where types that are 32 bits in the GCC 32-bit
    world (uLong and png_size_t) become 64 bits in the 64-bit
    world.  This produces potential truncation errors that the
    compiler correctly flags.
  Relocated new HAVE_SOLARIS_LD definition in configure.ac
  Constant changes for 64-bit compatibility (removal of L suffixes). The
    16-bit cases still use "L" as we don't have a 16-bit test system.

Version 1.5.5rc01 [September 17, 2011]
  Removed "L" suffixes from constants in pngpriv.h

Version 1.5.5 [September 22, 2011]
  No changes.

Log message:
Update to 1.5.4:

Version 1.5.3beta11 [June 11, 2011]
  Fixed png_handle_sCAL which is broken in 1.5; added sCAL to pngtest.png
  Revised documentation about png_set_user_limits() to say that it also affects
    png writing.
  Revised handling of png_set_user_limits() so that it can increase the
    limit beyond the PNG_USER_WIDTH|HEIGHT_MAX; previously it could only
    reduce it.
  Make the 16-to-8 scaling accurate. Dividing by 256 with no rounding is
    wrong (high by one) 25% of the time. Dividing by 257 with rounding is
    wrong in 128 out of 65536 cases. Getting the right answer all the time
    without division is easy.
  Added "_SUPPORTED" to the PNG_WRITE_CUSTOMIZE_ZTXT_COMPRESSION macro.
  Added projects/owatcom, an IDE project for OpenWatcom to replace
    scripts/makefile.watcom.  This project works with OpenWatcom 1.9. The
    IDE autogenerates appropriate makefiles (libpng.mk) for batch processing.
    The project is configurable, unlike the Visual Studio project, so long
    as the developer has an awk.
  Changed png_set_gAMA to limit the gamma value range so that the inverse
    of the stored value cannot overflow the fixed point representation,
    and changed other things OpenWatcom warns about.
  Revised pngvalid.c to test PNG_ALPHA_MODE_SUPPORTED correctly. This allows
    pngvalid to build when ALPHA_MODE is not supported, which is required if
    it is to build on libpng 1.4.
  Removed string/memory macros that are no longer used and are not
    necessarily fully supportable, particularly png_strncpy and png_snprintf.
  Added log option to pngvalid.c and attempted to improve gamma messages.

Version 1.5.3 [omitted]
  People found the presence of a beta release following an rc release
    to be confusing; therefore we bump the version to libpng-1.5.4beta01
    and there will be no libpng-1.5.3 release.

Version 1.5.4beta01 [June 14, 2011]
  Made it possible to undefine PNG_READ_16_TO_8_ACCURATE_SCALE_SUPPORTED
    to get the same (inaccurate) output as libpng-1.5.2 and earlier.
  Moved definitions of PNG_HAVE_IHDR, PNG_AFTER_IDAT, and PNG_HAVE_PLTE
    outside of an unknown-chunk block in png.h because they are also
    needed for other uses.

Version 1.5.4beta02 [June 14, 2011]
  Fixed and clarified LEGACY 16-to-8 scaling code.
  Added png_set_chop_16() API, to match inaccurate results from previous
    libpng versions.
  Removed the ACCURATE and LEGACY options (they are no longer useable)
  Use the old scaling method for background if png_set_chop_16() was
    called.
  Made png_set_chop_16() API removeable by disabling PNG_CHOP_16_TO_8_SUPPORTED

Version 1.5.4beta03 [June 15, 2011]
  Fixed a problem in png_do_expand_palette() exposed by optimization in
    1.5.3beta06
  Also removed a spurious and confusing "trans" member \ 
("trans") from png_info.
  The palette expand optimization prevented expansion to an intermediate RGBA
    form if tRNS was present but alpha was marked to be stripped; this exposed
    a check for tRNS in png_do_expand_palette() which is inconsistent with the
    code elsewhere in libpng.
  Correction to the expand_16 code; removed extra instance of
    png_set_scale_16_to_8 from pngpriv.h

Version 1.5.4beta04 [June 16, 2011]
  Added a missing "#ifdef PNG_READ_BACKGROUND_SUPPORTED/#endif" in \ 
pngrtran.c
  Added PNG_TRANSFORM_CHOP_16 to the high-level read transforms.
  Made PNG_READ_16_TO_8_ACCURATE_SCALE configurable again.  If this is
    not enabled, png_set_strip_16() and png_do_scale_16_to_8() aren't built.
  Revised contrib/visupng, gregbook, and pngminim to demonstrate chop_16_to_8

Version 1.5.4beta05 [June 16, 2011]
  Renamed png_set_strip_16() to png_set_scale_16() and renamed
    png_set_chop_16() to png_set_strip(16) in an attempt to minimize the
    behavior changes between libpng14 and libpng15.

Version 1.5.4beta06 [June 18, 2011]
  Fixed new bug that was causing both strip_16 and scale_16 to be applied.

Version 1.5.4beta07 [June 19, 2011]
  Fixed pngvalid, simplified macros, added checking for 0 in sCAL.
    The ACCURATE scale macro is no longer defined in 1.5 - call the
    png_scale_16_to_8 API.  Made sure that PNG_READ_16_TO_8 is still defined
    if the png_strip_16_to_8 API is present.  png_check_fp_number now
    maintains some state so that positive, negative and zero values are
    identified.  sCAL uses these to be strictly spec conformant.

Version 1.5.4beta08 [June 23, 2011]
  Fixed pngvalid if ACCURATE_SCALE is defined.
  Updated scripts/pnglibconf.h.prebuilt.

Version 1.5.4rc01 [June 30, 2011]
  Define PNG_ALLOCATED to "restrict" only if MSC_VER >= 1400.

Version 1.5.4 [July 7, 2011]
  no changes.

Log message:
Update to 1.5.3rc02 for a security fix.

Version 1.5.3beta07 [May 11, 2011]
  Added expand_16 support to the high level interface.
  Added named value and 'flag' gamma support to png_set_gamma.  Made a minor
    change from the previous (unreleased) ABI/API to hide the exact value used
    for Macs - it's not a good idea to embed this in the ABI!
  Moved macro definitions for PNG_HAVE_IHDR, PNG_HAVE_PLTE, and PNG_AFTER_IDAT
    from pngpriv.h to png.h because they must be visible to applications
    that call png_set_unknown_chunks().
  Check for up->location !PNG_AFTER_IDAT when writing unknown chunks
    before IDAT.

Version 1.5.3beta08 [May 16, 2011]
  Improved "pngvalid --speed" to exclude more of pngvalid from the time.
  Documented png_set_alpha_mode(), other changes in libpng.3/libpng-manual.txt
  The cHRM chunk now sets the defaults for png_set_rgb_to_gray() (when negative
    parameters are supplied by the caller), while in the absence of cHRM
    sRGB/Rec 709 values are still used.
  The bKGD chunk no longer overwrites the background value set by
    png_set_background(), allowing the latter to be used before the file
    header is read. It never performed any useful function to override
    the default anyway.
  Added memory overwrite and palette image checks to pngvalid.c
    Previously palette image code was poorly checked. Since the transformation
    code has a special palette path in most cases this was a severe weakness.
  Minor cleanup and some extra checking in pngrutil.c and pngrtran.c. When
    expanding an indexed image, always expand to RGBA if transparency is
    present.

Version 1.5.3beta09 [May 17, 2011]
  Reversed earlier 1.5.3 change of transformation order; move png_expand_16
    back where it was.  The change doesn't work because it requires 16-bit
    gamma tables when the code only generates 8-bit ones.  This fails
    silently; the libpng code just doesn't do any gamma correction.  Moving
    the tests back leaves the old, inaccurate, 8-bit gamma calculations, but
    these are clearly better than none!

Version 1.5.3beta10 [May 20, 2011]

  png_set_background() and png_expand_16() did not work together correctly.
    This problem is present in 1.5.2; if png_set_background is called with
    need_expand false and the matching 16 bit color libpng erroneously just
    treats it as an 8-bit color because of where png_do_expand_16 is in the
    transform list.  This simple fix reduces the supplied colour to 8-bits,
    so it gets smashed, but this is better than the current behavior.
  Added tests for expand16, more fixes for palette image tests to pngvalid.
    Corrects the code for palette image tests and disables attempts to
    validate palette colors.

Version 1.5.3rc01 [June 3, 2011]
  No changes.

Version 1.5.3rc02 [June 7, 2011]
  Fixed 1-byte uninitialized memory reference in png_format_buffer() (Bug
    report by Frank Busse, related to CVE-2004-0421).