Subject: CVS commit: pkgsrc/graphics/png
From: Thomas Klausner
Date: 2011-06-08 08:58:59
Message id: 20110608065900.63718175DD@cvs.netbsd.org

Log Message:
Update to 1.5.3rc02 for a security fix.

Version 1.5.3beta07 [May 11, 2011]
  Added expand_16 support to the high level interface.
  Added named value and 'flag' gamma support to png_set_gamma.  Made a minor
    change from the previous (unreleased) ABI/API to hide the exact value used
    for Macs - it's not a good idea to embed this in the ABI!
  Moved macro definitions for PNG_HAVE_IHDR, PNG_HAVE_PLTE, and PNG_AFTER_IDAT
    from pngpriv.h to png.h because they must be visible to applications
    that call png_set_unknown_chunks().
  Check for up->location !PNG_AFTER_IDAT when writing unknown chunks
    before IDAT.

Version 1.5.3beta08 [May 16, 2011]
  Improved "pngvalid --speed" to exclude more of pngvalid from the time.
  Documented png_set_alpha_mode(), other changes in libpng.3/libpng-manual.txt
  The cHRM chunk now sets the defaults for png_set_rgb_to_gray() (when negative
    parameters are supplied by the caller), while in the absence of cHRM
    sRGB/Rec 709 values are still used.
  The bKGD chunk no longer overwrites the background value set by
    png_set_background(), allowing the latter to be used before the file
    header is read. It never performed any useful function to override
    the default anyway.
  Added memory overwrite and palette image checks to pngvalid.c
    Previously palette image code was poorly checked. Since the transformation
    code has a special palette path in most cases this was a severe weakness.
  Minor cleanup and some extra checking in pngrutil.c and pngrtran.c. When
    expanding an indexed image, always expand to RGBA if transparency is
    present.

Version 1.5.3beta09 [May 17, 2011]
  Reversed earlier 1.5.3 change of transformation order; move png_expand_16
    back where it was.  The change doesn't work because it requires 16-bit
    gamma tables when the code only generates 8-bit ones.  This fails
    silently; the libpng code just doesn't do any gamma correction.  Moving
    the tests back leaves the old, inaccurate, 8-bit gamma calculations, but
    these are clearly better than none!

Version 1.5.3beta10 [May 20, 2011]

  png_set_background() and png_expand_16() did not work together correctly.
    This problem is present in 1.5.2; if png_set_background is called with
    need_expand false and the matching 16 bit color libpng erroneously just
    treats it as an 8-bit color because of where png_do_expand_16 is in the
    transform list.  This simple fix reduces the supplied colour to 8-bits,
    so it gets smashed, but this is better than the current behavior.
  Added tests for expand16, more fixes for palette image tests to pngvalid.
    Corrects the code for palette image tests and disables attempts to
    validate palette colors.

Version 1.5.3rc01 [June 3, 2011]
  No changes.

Version 1.5.3rc02 [June 7, 2011]
  Fixed 1-byte uninitialized memory reference in png_format_buffer() (Bug
    report by Frank Busse, related to CVE-2004-0421).

Files:
RevisionActionfile
1.137modifypkgsrc/graphics/png/Makefile
1.84modifypkgsrc/graphics/png/distinfo