diff options
Diffstat (limited to 'src/3rdparty/libpng/ANNOUNCE')
-rw-r--r-- | src/3rdparty/libpng/ANNOUNCE | 83 |
1 files changed, 67 insertions, 16 deletions
diff --git a/src/3rdparty/libpng/ANNOUNCE b/src/3rdparty/libpng/ANNOUNCE index 70a71e3b0e..3cbe5a926e 100644 --- a/src/3rdparty/libpng/ANNOUNCE +++ b/src/3rdparty/libpng/ANNOUNCE @@ -1,4 +1,4 @@ -Libpng 1.6.28 - January 5, 2017 +Libpng 1.6.32 - August 24, 2017 This is a public release of libpng, intended for use in production codes. @@ -7,28 +7,79 @@ Files available for download: Source files with LF line endings (for Unix/Linux) and with a "configure" script - libpng-1.6.28.tar.xz (LZMA-compressed, recommended) - libpng-1.6.28.tar.gz + libpng-1.6.32.tar.xz (LZMA-compressed, recommended) + libpng-1.6.32.tar.gz Source files with CRLF line endings (for Windows), without the "configure" script - lpng1628.7z (LZMA-compressed, recommended) - lpng1628.zip + lpng1632.7z (LZMA-compressed, recommended) + lpng1632.zip Other information: - libpng-1.6.28-README.txt - libpng-1.6.28-LICENSE.txt - libpng-1.6.28-*.asc (armored detached GPG signatures) - -Changes since the last public release (1.6.27): - Fixed arm/aarch64 detection in CMakeLists.txt (Gianfranco Costamagna). - Added option to Cmake build allowing a custom location of zlib to be - specified in a scenario where libpng is being built as a subproject - alongside zlib by another project (Sam Serrels). - Changed png_ptr->options from a png_byte to png_uint_32, to accomodate - up to 16 options. + libpng-1.6.32-README.txt + libpng-1.6.32-LICENSE.txt + libpng-1.6.32-*.asc (armored detached GPG signatures) + +Changes since the last public release (1.6.31): + Avoid possible NULL dereference in png_handle_eXIf when benign_errors + are allowed. Avoid leaking the input buffer "eXIf_buf". + Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif + to arguments for png_get_eXIf() and png_set_eXIf(). + Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in + pngwrite.c, and made various other fixes to png_write_eXIf(). + Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and + png_set_eXIf_1(), respectively, to avoid breaking API compatibility + with libpng-1.6.31. + Updated contrib/libtests/pngunknown.c with eXIf chunk. + Initialized btoa[] in pngstest.c + Stop memory leak when returning from png_handle_eXIf() with an error + (Bug report from the OSS-fuzz project). + Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). + Update libpng.3 and libpng-manual.txt about eXIf functions. + Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. + Removed png_get_eXIf_1() and png_set_eXIf_1(). + Check length of all chunks except IDAT against user limit to fix an + OSS-fuzz issue. + Check length of IDAT against maximum possible IDAT size, accounting + for height, rowbytes, interlacing and zlib/deflate overhead. + Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) + does not work (the eXIf chunk data can contain zeroes). + Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation, + no longer using deprecated cmake LOCATION feature (Clifford Yapp). + Fixed five-byte error in the calculation of IDAT maximum possible size. + Moved chunk-length check into a png_check_chunk_length() private + function (Suggested by Max Stepin). + Moved bad pngs from tests to contrib/libtests/crashers + Moved testing of bad pngs into a separate tests/pngtest-badpngs script + Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL + in the output but PASS for the libpng test. + Require cmake-3.0.2 in CMakeLists.txt (Clifford Yapp). + Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the + num_exif argument to png_get_eXIf_1() (Github Issue 171). + Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). + Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. + Make pngtest --strict, --relax, --xfail options imply -m (multiple). + Removed unused chunk_name parameter from png_check_chunk_length(). + Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak. + Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. + Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. + Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. + Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account + for the minimum 'deflate' stream, and relocate the test to a point + after the keyword has been read. + Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". + Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, + one for each known chunk type, with length = 2GB-1. + Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts + in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, + and 162707). + Renamed chunks in contrib/testpngs/crashers to avoid having files whose + names differ only in case; this causes problems with some platforms + (github issue #172). + Added contrib/oss-fuzz directory which contains files used by the oss-fuzz + project (https://github.com/google/oss-fuzz/tree/master/projects/libpng). Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit |