2d62f7406f
replacing the value that is illegal in the PNG spec, in both signed and unsigned values, with 0. Illegal unsigned values (anything greater than or equal to 0x80000000) can still pass through, but since these are not illegal in ANSI-C (unlike 0x80000000 in the signed case) the checking that occurs later can catch them (John Bowler).
74 lines
3.0 KiB
Plaintext
74 lines
3.0 KiB
Plaintext
Libpng 1.6.19beta02 - August 19, 2015
|
|
|
|
This is not intended to be a public release. It will be replaced
|
|
within a few weeks by a public version or by another test version.
|
|
|
|
Files available for download:
|
|
|
|
Source files with LF line endings (for Unix/Linux) and with a
|
|
"configure" script
|
|
|
|
1.6.19beta02.tar.xz (LZMA-compressed, recommended)
|
|
1.6.19beta02.tar.gz
|
|
|
|
Source files with CRLF line endings (for Windows), without the
|
|
"configure" script
|
|
|
|
lp1619b02.7z (LZMA-compressed, recommended)
|
|
lp1619b02.zip
|
|
|
|
Other information:
|
|
|
|
1.6.19beta02-README.txt
|
|
1.6.19beta02-LICENSE.txt
|
|
libpng-1.6.19beta02-*.asc (armored detached GPG signatures)
|
|
|
|
Changes since the last public release (1.6.18):
|
|
|
|
Version 1.6.19beta01 [July 30, 2015]
|
|
|
|
Updated obsolete information about the simplified API macros in the
|
|
manual pages (Bug report by Arc Riley).
|
|
Avoid potentially dereferencing NULL info_ptr in png_info_init_3().
|
|
Rearranged png.h to put the major sections in the same order as
|
|
in libpng17.
|
|
Eliminated unused PNG_COST_SHIFT, PNG_WEIGHT_SHIFT, PNG_COST_FACTOR, and
|
|
PNG_WEIGHT_FACTOR macros.
|
|
Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler
|
|
(Bug report by Viktor Szakats). Several warnings remain and are
|
|
unavoidable, where we test for overflow.
|
|
Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
|
|
Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
|
|
|
|
Version 1.6.19beta02 [August 19, 2015]
|
|
Moved config.h.in~ from the "libpng_autotools_files" list to the
|
|
"libpng_autotools_extra" list in autogen.sh because it was causing a
|
|
false positive for missing files (bug report by Robert C. Seacord).
|
|
Removed unreachable "break" statements in png.c, pngread.c, and pngrtran.c
|
|
to suppress clang warnings (Bug report by Viktor Szakats).
|
|
Fixed some bad links in the man page.
|
|
Changed "n bit" to "n-bit" in comments.
|
|
Added signed/unsigned 16-bit safety net. This removes the dubious
|
|
0x8000 flag definitions on 16-bit systems. They aren't supported
|
|
yet the defs *probably* work, however it seems much safer to do this
|
|
and be advised if anyone, contrary to advice, is building libpng 1.6
|
|
on a 16-bit system. It also adds back various switch default clauses
|
|
for GCC; GCC errors out if they are not present (with an appropriately
|
|
high level of warnings).
|
|
Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert
|
|
Seacord).
|
|
Fixed the recently reported 1's complement security issue by replacing
|
|
the value that is illegal in the PNG spec, in both signed and unsigned
|
|
values, with 0. Illegal unsigned values (anything greater than or equal
|
|
to 0x80000000) can still pass through, but since these are not illegal
|
|
in ANSI-C (unlike 0x80000000 in the signed case) the checking that
|
|
occurs later can catch them (John Bowler).
|
|
|
|
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
|
(subscription required; visit
|
|
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
|
|
to subscribe)
|
|
or to glennrp at users.sourceforge.net
|
|
|
|
Glenn R-P
|