From 2e8005765d6513c4743a939aea97c68427f6ab2c Mon Sep 17 00:00:00 2001 From: Eirik Aavitsland Date: Wed, 24 Apr 2019 09:00:07 +0200 Subject: Update bundled libpng to version 1.6.37 The remaining diff to clean 1.6.37 is archived in the qtpatches.diff file. [ChangeLog][Third-Party Code] libpng was updated to version 1.6.37 Change-Id: I589bff09beec1977be8c6ca2a60aadf05f337f38 Reviewed-by: Liang Qi --- src/3rdparty/libpng/ANNOUNCE | 66 ++++++++++++-------------------------------- 1 file changed, 18 insertions(+), 48 deletions(-) (limited to 'src/3rdparty/libpng/ANNOUNCE') diff --git a/src/3rdparty/libpng/ANNOUNCE b/src/3rdparty/libpng/ANNOUNCE index f1724c0d0d..ecf9c7043b 100644 --- a/src/3rdparty/libpng/ANNOUNCE +++ b/src/3rdparty/libpng/ANNOUNCE @@ -1,5 +1,5 @@ -libpng 1.6.36 - December 1, 2018 -================================ +libpng 1.6.37 - April 14, 2019 +============================== This is a public release of libpng, intended for use in production code. @@ -9,13 +9,13 @@ Files available for download Source files with LF line endings (for Unix/Linux): - * libpng-1.6.36.tar.xz (LZMA-compressed, recommended) - * libpng-1.6.36.tar.gz + * libpng-1.6.37.tar.xz (LZMA-compressed, recommended) + * libpng-1.6.37.tar.gz Source files with CRLF line endings (for Windows): - * lp1636.7z (LZMA-compressed, recommended) - * lp1636.zip + * lp1637.7z (LZMA-compressed, recommended) + * lp1637.zip Other information: @@ -25,50 +25,20 @@ Other information: * TRADEMARK.md -IMPORTANT licensing update: libpng license v2 ---------------------------------------------- - -The new libpng license comprises the terms and conditions from the zlib -license, and the disclaimer from the Boost license. - -The legacy libpng license, used until libpng-1.6.35, is appended to the -new license, following the precedent established in the Python Software -Foundation License version 2. - -From now on, the list of contributing authors shall be maintained in a -separate AUTHORS file. The lists of previous contributing authors, -mentioned in the legacy libpng license and considered to be an integral -part of that license, are kept intact, with no further updates. - - -Changes since the previous public release (version 1.6.35) +Changes since the previous public release (version 1.6.36) ---------------------------------------------------------- - * Optimized png_do_expand_palette for ARM processors. - Improved performance by around 10-22% on a recent ARM Chromebook. - (Contributed by Richard Townsend, ARM Holdings) - * Fixed manipulation of machine-specific optimization options. - (Contributed by Vicki Pfau) - * Used memcpy instead of manual pointer arithmetic on Intel SSE2. - (Contributed by Samuel Williams) - * Fixed build errors with MSVC on ARM64. - (Contributed by Zhijie Liang) - * Fixed detection of libm in CMakeLists. - (Contributed by Cameron Cawley) - * Fixed incorrect creation of pkg-config file in CMakeLists. - (Contributed by Kyle Bentley) - * Fixed the CMake build on Windows MSYS by avoiding symlinks. - * Fixed a build warning on OpenBSD. - (Contributed by Theo Buehler) - * Fixed various typos in comments. - (Contributed by "luz.paz") - * Raised the minimum required CMake version from 3.0.2 to 3.1. - * Removed yet more of the vestigial support for pre-ANSI C compilers. - * Removed ancient makefiles for ancient systems that have been broken - across all previous libpng-1.6.x versions. - * Removed the Y2K compliance statement and the export control - information. - * Applied various code style and documentation fixes. + * Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free. + * Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette. + * Fixed a memory leak in pngtest.c. + * Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in + contrib/pngminus; refactor. + * Changed the license of contrib/pngminus to MIT; refresh makefile and docs. + (Contributed by Willem van Schaik) + * Fixed a typo in the libpng license v2. + (Contributed by Miguel Ojeda) + * Added makefiles for AddressSanitizer-enabled builds. + * Cleaned up various makefiles. Send comments/corrections/commendations to png-mng-implement at lists.sf.net. -- cgit v1.2.3