411 lines
22 KiB
Plaintext
411 lines
22 KiB
Plaintext
|
|
Libpng 1.6.0beta27 - July 14, 2012
|
|
|
|
This is not intended to be a public release. It will be replaced
|
|
within a few weeks by a public version or by another test version.
|
|
|
|
Files available for download:
|
|
|
|
Source files with LF line endings (for Unix/Linux) and with a
|
|
"configure" script
|
|
|
|
1.6.0beta27.tar.xz (LZMA-compressed, recommended)
|
|
1.6.0beta27.tar.gz
|
|
1.6.0beta27.tar.bz2
|
|
|
|
Source files with CRLF line endings (for Windows), without the
|
|
"configure" script
|
|
|
|
lp160b27.7z (LZMA-compressed, recommended)
|
|
lp160b27.zip
|
|
|
|
Other information:
|
|
|
|
1.6.0beta27-README.txt
|
|
1.6.0beta27-LICENSE.txt
|
|
|
|
Changes since the last public release (1.5.7):
|
|
|
|
Version 1.6.0beta01 [December 15, 2011]
|
|
Removed machine-generated configure files from the GIT repository (they will
|
|
continue to appear in the tarball distributions).
|
|
Restored the new 'simplified' API, which was started in libpng-1.5.7beta02
|
|
but later deleted from libpng-1.5.7beta05.
|
|
Added example programs for the new 'simplified' API.
|
|
Added ANSI-C (C90) headers and require them, and take advantage of the
|
|
change. Also fixed some of the projects/* and contrib/* files that needed
|
|
updates for libpng16 and the move of pngvalid.c.
|
|
With this change the required ANSI-C header files are assumed to exist: the
|
|
implementation must provide float.h, limits.h, stdarg.h and stddef.h and
|
|
libpng relies on limits.h and stddef.h existing and behaving as defined
|
|
(the other two required headers aren't used). Non-ANSI systems that don't
|
|
have stddef.h or limits.h will have to provide an appropriate fake
|
|
containing the relevant types and #defines.
|
|
The use of FAR/far has been eliminated and the definition of png_alloc_size_t
|
|
is now controlled by a flag so that 'small size_t' systems can select it
|
|
if necessary. Libpng 1.6 may not currently work on such systems -- it
|
|
seems likely that it will ask 'malloc' for more than 65535 bytes with any
|
|
image that has a sufficiently large row size (rather than simply failing
|
|
to read such images).
|
|
New tools directory containing tools used to generate libpng code.
|
|
Fixed race conditions in parallel make builds. With higher degrees of
|
|
parallelism during 'make' the use of the same temporary file names such
|
|
as 'dfn*' can result in a race where a temporary file from one arm of the
|
|
build is deleted or overwritten in another arm. This changes the
|
|
temporary files for suffix rules to always use $* and ensures that the
|
|
non-suffix rules use unique file names.
|
|
|
|
Version 1.6.0beta02 [December 21, 2011]
|
|
Correct configure builds where build and source directories are separate.
|
|
The include path of 'config.h' was erroneously made relative in pngvalid.c
|
|
in libpng 1.5.7.
|
|
|
|
Version 1.6.0beta03 [December 22, 2011]
|
|
Start-up code size improvements, error handler flexibility. These changes
|
|
alter how the tricky allocation of the initial png_struct and png_info
|
|
structures are handled. png_info is now handled in pretty much the same
|
|
way as everything else, except that the allocations handle NULL return
|
|
silently. png_struct is changed in a similar way on allocation and on
|
|
deallocation a 'safety' error handler is put in place (which should never
|
|
be required). The error handler itself is changed to permit mismatches
|
|
in the application and libpng error buffer size; however, this means a
|
|
silent change to the API to return the jmp_buf if the size doesn't match
|
|
the size from the libpng compilation; libpng now allocates the memory and
|
|
this may fail. Overall these changes result in slight code size
|
|
reductions; however, this is a reduction in code that is always executed
|
|
so is particularly valuable. Overall on a 64-bit system the libpng DLL
|
|
decreases in code size by 1733 bytes. pngerror.o increases in size by
|
|
about 465 bytes because of the new functionality.
|
|
Added png_convert_to_rfc1123_buffer() and deprecated png_convert_to_rfc1123()
|
|
to avoid including a spurious buffer in the png_struct.
|
|
|
|
Version 1.6.0beta04 [December 30, 2011]
|
|
Regenerated configure scripts with automake-1.11.2
|
|
Eliminated png_info_destroy(). It is now used only in png.c and only calls
|
|
one other internal function and memset().
|
|
Enabled png_get_sCAL_fixed() if floating point APIs are enabled. Previously
|
|
it was disabled whenever internal fixed point arithmetic was selected,
|
|
which meant it didn't exist even on systems where FP was available but not
|
|
preferred.
|
|
Added pngvalid.c compile time checks for const APIs.
|
|
Implemented 'restrict' for png_info and png_struct. Because of the way
|
|
libpng works both png_info and png_struct are always accessed via a
|
|
single pointer. This means adding C99 'restrict' to the pointer gives
|
|
the compiler some opportunity to optimize the code. This change allows
|
|
that.
|
|
Moved AC_MSG_CHECKING([if libraries can be versioned]) later to the proper
|
|
location in configure.ac (Gilles Espinasse).
|
|
Changed png_memcpy to C assignment where appropriate. Changed all those
|
|
uses of png_memcpy that were doing a simple assignment to assignments
|
|
(all those cases where the thing being copied is a non-array C L-value).
|
|
Added some error checking to png_set_*() routines.
|
|
Removed the reference to the non-exported function png_memcpy() from
|
|
example.c.
|
|
Fixed the Visual C 64-bit build - it requires jmp_buf to be aligned, but
|
|
it had become misaligned.
|
|
Revised contrib/pngminus/pnm2png.c to avoid warnings when png_uint_32
|
|
and unsigned long are of different sizes.
|
|
|
|
Version 1.6.0beta05 [January 15, 2012]
|
|
Updated manual with description of the simplified API (copied from png.h)
|
|
Fix bug in pngerror.c: some long warnings were being improperly truncated
|
|
(CVE-2011-3464, bug introduced in libpng-1.5.3beta05).
|
|
|
|
Version 1.6.0beta06 [January 24, 2012]
|
|
Added palette support to the simplified APIs. This commit
|
|
changes some of the macro definitions in png.h, app code
|
|
may need corresponding changes.
|
|
Increased the formatted warning buffer to 192 bytes.
|
|
Added color-map support to simplified API. This is an initial version for
|
|
review; the documentation has not yet been updated.
|
|
Fixed Min/GW uninstall to remove libpng.dll.a
|
|
|
|
Version 1.6.0beta07 [January 28, 2012]
|
|
Eliminated Intel icc/icl compiler warnings. The Intel (GCC derived)
|
|
compiler issues slightly different warnings from those issued by the
|
|
current vesions of GCC. This eliminates those warnings by
|
|
adding/removing casts and small code rewrites.
|
|
Updated configure.ac from autoupdate: added --enable-werror option.
|
|
Also some layout regularization and removal of introduced tab characters
|
|
(replaced with 3-character indentation). Obsolete macros identified by
|
|
autoupdate have been removed; the replacements are all in 2.59 so
|
|
the pre-req hasn't been changed. --enable-werror checks for support
|
|
for -Werror (or the given argument) in the compiler. This mimics the
|
|
gcc configure option by allowing -Werror to be turned on safely; without
|
|
the option the tests written in configure itself fail compilation because
|
|
they cause compiler warnings.
|
|
Rewrote autogen.sh to run autoreconf instead of running tools one-by-one.
|
|
Conditionalize the install rules for MINGW and CYGWIN in CMakeLists.txt and
|
|
set CMAKE_LIBRARY_OUTPUT_DIRECTORY to "lib" on all platforms (C. Yapp).
|
|
Freeze libtool files in the 'scripts' directory. This version of autogen.sh
|
|
attempts to dissuade people from running it when it is not, or should not,
|
|
be necessary. In fact, autogen.sh does not work when run in a libpng
|
|
directory extracted from atar distribution anymore. You must run it in
|
|
a GIT clone instead.
|
|
Added two images to contrib/pngsuite (1-bit and 2-bit transparent grayscale),
|
|
and renamed three whose names were inconsistent with those in
|
|
pngsuite/README.txt.
|
|
|
|
Version 1.6.0beta08 [February 1, 2012]
|
|
Fixed Image::colormap misalignment in pngstest.c
|
|
Check libtool/libtoolize version number (2.4.2) in configure.ac
|
|
Divide test-pngstest.sh into separate pngstest runs for basic and
|
|
transparent images.
|
|
Moved automake options to AM_INIT_AUTOMAKE in configure.ac
|
|
Added color-tests, silent-rules (Not yet implemented in Makefile.am) and
|
|
version checking to configure.ac
|
|
Improved pngstest speed by not doing redundant tests and add const to
|
|
the background parameter of png_image_finish_read. The --background
|
|
option is now done automagically only when required, so that commandline
|
|
option no longer exists.
|
|
Cleaned up pngpriv.h to consistently declare all functions and data.
|
|
Also eliminated PNG_CONST_DATA, which is apparently not needed but we
|
|
can't be sure until it is gone.
|
|
Added symbol prefixing that allows all the libpng external symbols
|
|
to be prefixed (suggested by Reuben Hawkins).
|
|
Updated "ftbb*.png" list in the owatcom and vstudio projects.
|
|
Fixed 'prefix' builds on clean systems. The generation of pngprefix.h
|
|
should not require itself.
|
|
Updated INSTALL to explain that autogen.sh must be run in a GIT clone,
|
|
not in a libpng directory extracted from a tar distribution.
|
|
|
|
Version 1.6.0beta09 [February 1, 2012]
|
|
Reverted the prebuilt configure files to libpng-1.6.0beta05 condition.
|
|
|
|
Version 1.6.0beta10 [February 3, 2012]
|
|
Added Z_SOLO for zlib-1.2.6+ and correct pngstest tests
|
|
Updated list of test images in CMakeLists.txt
|
|
Updated the prebuilt configure files to current condition.
|
|
Revised INSTALL information about autogen.sh; it works in tar distributions.
|
|
|
|
Version 1.6.0beta11 [February 16, 2012]
|
|
Fix character count in pngstest command in projects/owatcom/pngstest.tgt
|
|
Revised test-pngstest.sh to report PASS/FAIL for each image.
|
|
Updated documentation about the simplified API.
|
|
Corrected estimate of error in libpng png_set_rgb_to_gray API. The API is
|
|
extremely inaccurate for sRGB conversions because it uses an 8-bit
|
|
intermediate linear value and it does not use the sRGB transform, so it
|
|
suffers from the known instability in gamma transforms for values close
|
|
to 0 (see Poynton). The net result is that the calculation has a maximum
|
|
error of 14.99/255; 0.5/255^(1/2.2). pngstest now uses 15 for the
|
|
permitted 8-bit error. This may still not be enough because of arithmetic
|
|
error.
|
|
Removed some unused arrays (with #ifdef) from png_read_push_finish_row().
|
|
Fixed a memory overwrite bug in simplified read of RGB PNG with
|
|
non-linear gamma Also bugs in the error checking in pngread.c and changed
|
|
quite a lot of the checks in pngstest.c to be correct; either correctly
|
|
written or not over-optimistic. The pngstest changes are insufficient to
|
|
allow all possible RGB transforms to be passed; pngstest cmppixel needs
|
|
to be rewritten to make it clearer which errors it allows and then changed
|
|
to permit known inaccuracies.
|
|
Removed tests for no-longer-used *_EMPTY_PLTE_SUPPORTED from pngstruct.h
|
|
Fixed fixed/float API export conditionals. 1) If FIXED_POINT or
|
|
FLOATING_POINT options were switched off, png.h ended up with lone ';'
|
|
characters. This is not valid ANSI-C outside a function. The ';'
|
|
characters have been moved inside the definition of PNG_FP_EXPORT and
|
|
PNG_FIXED_EXPORT. 2) If either option was switched off, the declaration
|
|
of the corresponding functions were completely omitted, even though some
|
|
of them are still used internally. The result is still valid, but
|
|
produces warnings from gcc with some warning options (including -Wall). The
|
|
fix is to cause png.h to declare the functions with PNG_INTERNAL_FUNCTION
|
|
when png.h is included from pngpriv.h.
|
|
Check for invalid palette index while reading paletted PNG. When one is
|
|
found, issue a warning and increase png_ptr->num_palette accordingly.
|
|
Apps are responsible for checking to see if that happened.
|
|
|
|
Version 1.6.0beta12 [February 18, 2012]
|
|
Do not increase num_palette on invalid_index.
|
|
Relocated check for invalid palette index to pngrtran.c, after unpacking
|
|
the sub-8-bit pixels.
|
|
Fixed CVE-2011-3026 buffer overrun bug. Deal more correctly with the test
|
|
on iCCP chunk length. Also removed spurious casts that may hide problems
|
|
on 16-bit systems.
|
|
|
|
Version 1.6.0beta13 [February 24, 2012]
|
|
Eliminated redundant png_push_read_tEXt|zTXt|iTXt|unknown code from
|
|
pngpread.c and use the sequential png_handle_tEXt, etc., in pngrutil.c;
|
|
now that png_ptr->buffer is inaccessible to applications, the special
|
|
handling is no longer useful.
|
|
Added PNG_SAFE_LIMITS feature to pnglibconf.dfa, pngpriv.h, and new
|
|
pngusr.dfa to reset the user limits to safe ones if PNG_SAFE_LIMITS is
|
|
defined. To enable, use "CPPFLAGS=-DPNG_SAFE_LIMITS_SUPPORTED=1" on the
|
|
configure command or put #define PNG_SAFE_LIMITS_SUPPORTED in
|
|
pnglibconf.h.prebuilt and pnglibconf.h.
|
|
|
|
Version 1.6.0beta14 [February 27, 2012]
|
|
Added information about the new limits in the manual.
|
|
Updated Makefile.in
|
|
|
|
Version 1.6.0beta15 [March 2, 2012]
|
|
Removed unused "current_text" members of png_struct and the png_free()
|
|
of png_ptr->current_text from pngread.c
|
|
Rewrote pngstest.c for substantial speed improvement.
|
|
Fixed transparent pixel and 16-bit rgb tests in pngstest and removed a
|
|
spurious check in pngwrite.c
|
|
Added PNG_IMAGE_FLAG_FAST for the benefit of applications that store
|
|
intermediate files, or intermediate in-memory data, while processing
|
|
image data with the simplified API. The option makes the files larger
|
|
but faster to write and read. pngstest now uses this by default; this
|
|
can be disabled with the --slow option.
|
|
Improved pngstest fine tuning of error numbers, new test file generator.
|
|
The generator generates images that test the full range of sample values,
|
|
allow the error numbers in pngstest to be tuned and checked. makepng
|
|
also allows generation of images with extra chunks, although this is
|
|
still work-in-progress.
|
|
Added tests for invalid palette index while reading and writing (work in
|
|
progress, the latter isn't finished).
|
|
Fixed some bugs in ICC profile writing. The code should now accept
|
|
all potentially valid ICC profiles and reject obviously invalid ones.
|
|
It now uses png_error() to do so rather than casually writing a PNG
|
|
without the necessary color data.
|
|
Removed whitespace from the end of lines in all source files and scripts.
|
|
|
|
Version 1.6.0beta16 [March 6, 2012]
|
|
Relocated palette-index checking function from pngrutil.c to pngtrans.c
|
|
Added palette-index checking while writing.
|
|
Changed png_inflate() and calling routines to avoid overflow problems.
|
|
This is an intermediate check-in that solves the immediate problems and
|
|
introduces one performance improvement (avoiding a copy via png_ptr->zbuf.)
|
|
Further changes will be made to make ICC profile handling more secure.
|
|
Fixed build warnings (MSVC, GCC, GCC v3). Cygwin GCC with default options
|
|
declares 'index' as a global, causing a warning if it is used as a local
|
|
variable. GCC 64-bit warns about assigning a (size_t) (unsigned 64-bit)
|
|
to an (int) (signed 32-bit). MSVC, however, warns about using the
|
|
unary '-' operator on an unsigned value (even though it is well defined
|
|
by ANSI-C to be ~x+1). The padding calculation was changed to use a
|
|
different method. Removed the tests on png_ptr->pass.
|
|
Added contrib/libtests/tarith.c to test internal arithmetic functions from
|
|
png.c. This is a libpng maintainer program used to validate changes to the
|
|
internal arithmetic functions.
|
|
Made read 'inflate' handling like write 'deflate' handling. The read
|
|
code now claims and releases png_ptr->zstream, like the write code.
|
|
The bug whereby the progressive reader failed to release the zstream
|
|
is now fixed, all initialization is delayed, and the code checks for
|
|
changed parameters on deflate rather than always calling
|
|
deflatedEnd/deflateInit.
|
|
Validate the zTXt strings in pngvalid.
|
|
Added code to validate the windowBits value passed to deflateInit2().
|
|
If the call to deflateInit2() is wrong a png_warning will be issued
|
|
(in fact this is harmless, but the PNG data produced may be sub-optimal).
|
|
|
|
Version 1.6.0beta17 [March 10, 2012]
|
|
Fixed PNG_LIBPNG_BUILD_BASE_TYPE definition.
|
|
Reject all iCCP chunks after the first, even if the first one is invalid.
|
|
Deflate/inflate was reworked to move common zlib calls into single
|
|
functions [rw]util.c. A new shared keyword check routine was also added
|
|
and the 'zbuf' is no longer allocated on progressive read. It is now
|
|
possible to call png_inflate() incrementally.
|
|
If benign errors are disabled use maximum window on ancilliary inflate.
|
|
This works round a bug introduced in 1.5.4 where compressed ancillary
|
|
chunks could end up with a too-small windowBits value in the deflate
|
|
header.
|
|
|
|
Version 1.6.0beta18 [March 16, 2012]
|
|
Issue a png_benign_error() instead of png_warning() about bad palette index.
|
|
In pngtest, treat benign errors as errors if "-strict" is present.
|
|
Fixed an off-by-one error in the palette index checking function.
|
|
Fixed a compiler warning under Cygwin (Windows-7, 32-bit system)
|
|
Revised example.c to put text strings in a temporary character array
|
|
instead of directly assigning string constants to png_textp members.
|
|
This avoids compiler warnings when -Wwrite-strings is enabled.
|
|
Added output flushing to aid debugging under Visual Studio. Unfortunately
|
|
this is necessary because the VS2010 output window otherwise simply loses
|
|
the error messages on error (they weren't flushed to the window before
|
|
the process exited, apparently!)
|
|
Added configuration support for benign errors and changed the read
|
|
default. Also changed some warnings in the iCCP and sRGB handling
|
|
from to benign errors. Configuration now makes read benign
|
|
errors warnings and write benign errors to errors by default (thus
|
|
changing the behavior on read). The simplified API always forces
|
|
read benign errors to warnings (regardless of the system default, unless
|
|
this is disabled in which case the simplified API can't be built.)
|
|
|
|
Version 1.6.0beta19 [March 18,2012]
|
|
Work around for duplicate row start calls; added warning messages.
|
|
This turns on PNG_FLAG_DETECT_UNINITIALIZED to detect app code that
|
|
fails to call one of the 'start' routines (not enabled in libpng-1.5
|
|
because it is technically an API change, since it did normally work
|
|
before.) It also makes duplicate calls to png_read_start_row (an
|
|
internal function called at the start of the image read) benign, as
|
|
they were before changes to use png_inflate_claim. Somehow webkit is
|
|
causing this to happen; this is probably a mis-feature in the zlib
|
|
changes so this commit is only a work-round.
|
|
Removed erroneous setting of DETECT_UNINITIALIZED and added more
|
|
checks. The code now does a png_error if an attempt is made to do the
|
|
row initialization twice; this is an application error and it has
|
|
serious consequences because the transform data in png_struct is
|
|
changed by each call.
|
|
Added application error reporting and added chunk names to read
|
|
benign errors; also added --strict to pngstest - not enabled
|
|
yet because a warning is produced.
|
|
Avoid the double gamma correction warning in the simplified API.
|
|
This allows the --strict option to pass in the pngstest checks
|
|
|
|
Version 1.6.0beta20 [March 29, 2012]
|
|
Changed chunk handler warnings into benign errors, incrementally load iCCP
|
|
Added checksum-icc.c to contrib/tools
|
|
Prevent PNG_EXPAND+PNG_SHIFT doing the shift twice.
|
|
Recognize known sRGB ICC profiles while reading; prefer writing the
|
|
iCCP profile over writing the sRGB chunk, controlled by the
|
|
PNG_sRGB_PROFILE_CHECKS option.
|
|
Revised png_set_text_2() to avoid potential memory corruption (fixes
|
|
CVE-2011-3048).
|
|
|
|
Version 1.6.0beta21 [April 27, 2012]
|
|
Revised scripts/makefile.darwin: use system zlib; remove quotes around
|
|
architecture list; add missing ppc architecture; add architecture options
|
|
to shared library link; don't try to create a shared lib based on missing
|
|
RELEASE variable.
|
|
Enable png_set_check_for_invalid_index() for both read and write.
|
|
Removed #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED in pngpriv.h around
|
|
declaration of png_handle_unknown().
|
|
Added -lssp_nonshared in a comment in scripts/makefile.freebsd
|
|
and changed deprecated NOOBJ and NOPROFILE to NO_OBJ and NO_PROFILE.
|
|
|
|
Version 1.6.0beta22 [May 23, 2012]
|
|
Removed need for -Wno-cast-align with clang. clang correctly warns on
|
|
alignment increasing pointer casts when -Wcast-align is passed. This
|
|
fixes the cases that clang warns about either by eliminating the
|
|
casts from png_bytep to png_uint_16p (pngread.c), or, for pngrutil.c
|
|
where the cast is previously verified or pngstest.c where it is OK, by
|
|
introducing new png_aligncast macros to do the cast in a way that clang
|
|
accepts.
|
|
|
|
Version 1.6.0beta23 [June 6, 2012]
|
|
Revised CMakeLists.txt to not attempt to make a symlink under mingw.
|
|
Made fixes for new optimization warnings from gcc 4.7.0. The compiler
|
|
performs an optimization which is safe; however it then warns about it.
|
|
Changing the type of 'palette_number' in pngvalid.c removes the warning.
|
|
Do not depend upon a GCC feature macro being available for use in generating
|
|
the linker mapfile symbol prefix.
|
|
Improved performance of new do_check_palette_indexes() function (only
|
|
update the value when it actually increases, move test for whether
|
|
the check is wanted out of the function.
|
|
|
|
Version 1.6.0beta24 [June 7, 2012]
|
|
Don't check palette indexes if num_palette is 0 (as it can be in MNG files).
|
|
|
|
Version 1.6.0beta25 [June 16, 2012]
|
|
Revised png_set_keep_unknown_chunks() so num_chunks < 0 means ignore all
|
|
unknown chunks and all known chunks except for IHDR, PLTE, tRNS, IDAT,
|
|
and IEND. Previously it only meant ignore all unknown chunks, the
|
|
same as num_chunks == 0. Revised png_image_skip_unused_chunks() to
|
|
provide a list of chunks to be processed instead of a list of chunks to
|
|
ignore. Revised contrib/gregbook/readpng2.c accordingly.
|
|
|
|
Version 1.6.0beta26 [July 10, 2012]
|
|
Removed scripts/makefile.cegcc from the *.zip and *.7z distributions; it
|
|
depends on configure, which is not included in those archives.
|
|
Moved scripts/chkfmt to contrib/tools.
|
|
Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386.
|
|
|
|
Version 1.6.0beta27 [July 14, 2012]
|
|
|
|
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
|
(subscription required; visit
|
|
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
|
|
to subscribe)
|
|
or to glennrp at users.sourceforge.net
|
|
|
|
Glenn R-P
|