91 lines
4.4 KiB
Plaintext
91 lines
4.4 KiB
Plaintext
Libpng 1.6.32 - August 24, 2017
|
|
|
|
This is a public release of libpng, intended for use in production codes.
|
|
|
|
Files available for download:
|
|
|
|
Source files with LF line endings (for Unix/Linux) and with a
|
|
"configure" script
|
|
|
|
libpng-1.6.32.tar.xz (LZMA-compressed, recommended)
|
|
libpng-1.6.32.tar.gz
|
|
|
|
Source files with CRLF line endings (for Windows), without the
|
|
"configure" script
|
|
|
|
lpng1632.7z (LZMA-compressed, recommended)
|
|
lpng1632.zip
|
|
|
|
Other information:
|
|
|
|
libpng-1.6.32-README.txt
|
|
libpng-1.6.32-LICENSE.txt
|
|
libpng-1.6.32-*.asc (armored detached GPG signatures)
|
|
|
|
Changes since the last public release (1.6.31):
|
|
Avoid possible NULL dereference in png_handle_eXIf when benign_errors
|
|
are allowed. Avoid leaking the input buffer "eXIf_buf".
|
|
Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif
|
|
to arguments for png_get_eXIf() and png_set_eXIf().
|
|
Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in
|
|
pngwrite.c, and made various other fixes to png_write_eXIf().
|
|
Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and
|
|
png_set_eXIf_1(), respectively, to avoid breaking API compatibility
|
|
with libpng-1.6.31.
|
|
Updated contrib/libtests/pngunknown.c with eXIf chunk.
|
|
Initialized btoa[] in pngstest.c
|
|
Stop memory leak when returning from png_handle_eXIf() with an error
|
|
(Bug report from the OSS-fuzz project).
|
|
Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
|
|
Update libpng.3 and libpng-manual.txt about eXIf functions.
|
|
Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability.
|
|
Removed png_get_eXIf_1() and png_set_eXIf_1().
|
|
Check length of all chunks except IDAT against user limit to fix an
|
|
OSS-fuzz issue.
|
|
Check length of IDAT against maximum possible IDAT size, accounting
|
|
for height, rowbytes, interlacing and zlib/deflate overhead.
|
|
Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf)
|
|
does not work (the eXIf chunk data can contain zeroes).
|
|
Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation,
|
|
no longer using deprecated cmake LOCATION feature (Clifford Yapp).
|
|
Fixed five-byte error in the calculation of IDAT maximum possible size.
|
|
Moved chunk-length check into a png_check_chunk_length() private
|
|
function (Suggested by Max Stepin).
|
|
Moved bad pngs from tests to contrib/libtests/crashers
|
|
Moved testing of bad pngs into a separate tests/pngtest-badpngs script
|
|
Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL
|
|
in the output but PASS for the libpng test.
|
|
Require cmake-3.0.2 in CMakeLists.txt (Clifford Yapp).
|
|
Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the
|
|
num_exif argument to png_get_eXIf_1() (Github Issue 171).
|
|
Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
|
|
Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers.
|
|
Make pngtest --strict, --relax, --xfail options imply -m (multiple).
|
|
Removed unused chunk_name parameter from png_check_chunk_length().
|
|
Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak.
|
|
Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue.
|
|
Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR.
|
|
Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.
|
|
Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account
|
|
for the minimum 'deflate' stream, and relocate the test to a point
|
|
after the keyword has been read.
|
|
Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM".
|
|
Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers,
|
|
one for each known chunk type, with length = 2GB-1.
|
|
Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts
|
|
in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706,
|
|
and 162707).
|
|
Renamed chunks in contrib/testpngs/crashers to avoid having files whose
|
|
names differ only in case; this causes problems with some platforms
|
|
(github issue #172).
|
|
Added contrib/oss-fuzz directory which contains files used by the oss-fuzz
|
|
project (https://github.com/google/oss-fuzz/tree/master/projects/libpng).
|
|
|
|
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
|
(subscription required; visit
|
|
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
|
|
to subscribe)
|
|
or to glennrp at users.sourceforge.net
|
|
|
|
Glenn R-P
|