5071 No changes.
5072
5073 Version 1.6.15beta01 [October 29, 2014]
5074 Changed "if (!x)" to "if (x == 0)" and "if (x)" to "if (x != 0)"
5075 Simplified png_free_data().
5076 Added missing "ptr = NULL" after some instances of png_free().
5077
5078 Version 1.6.15beta02 [November 1, 2014]
5079 Changed remaining "if (!x)" to "if (x == 0)" and "if (x)" to "if (x != 0)"
5080
5081 Version 1.6.15beta03 [November 3, 2014]
5082 Added PNG_USE_ARM_NEON configuration flag (Marcin Juszkiewicz).
5083
5084 Version 1.6.15beta04 [November 4, 2014]
5085 Removed new PNG_USE_ARM_NEON configuration flag and made a one-line
5086 revision to configure.ac to support ARM on aarch64 instead (John Bowler).
5087
5088 Version 1.6.15beta05 [November 5, 2014]
5089 Use png_get_libpng_ver(NULL) instead of PNG_LIBPNG_VER_STRING in
5090 example.c, pngtest.c, and applications in the contrib directory.
5091 Avoid out-of-bounds memory access in png_user_version_check().
5092 Simplified and future-proofed png_user_version_check().
5093 Fixed GCC unsigned int->float warnings. Various versions of GCC
5094 seem to generate warnings when an unsigned value is implicitly
5095 converted to double. This is probably a GCC bug but this change
5096 avoids the issue by explicitly converting to (int) where safe.
5097 Free all allocated memory in pngimage. The file buffer cache was left
5098 allocated at the end of the program, harmless but it causes memory
5099 leak reports from clang.
5100 Fixed array size calculations to avoid warnings. At various points
5101 in the code the number of elements in an array is calculated using
5102 sizeof. This generates a compile time constant of type (size_t) which
5103 is then typically assigned to an (unsigned int) or (int). Some versions
5104 of GCC on 64-bit systems warn about the apparent narrowing, even though
5105 the same compiler does apparently generate the correct, in-range,
5106 numeric constant. This adds appropriate, safe, casts to make the
5107 warnings go away.
5108
5109 Version 1.6.15beta06 [November 6, 2014]
5110 Reverted use png_get_libpng_ver(NULL) instead of PNG_LIBPNG_VER_STRING
5111 in the manual, example.c, pngtest.c, and applications in the contrib
5429 Fixed some inconsequential cut-and-paste typos in png_set_cHRM_XYZ_fixed().
5430 Clarified COPYRIGHT information to state explicitly that versions
5431 are derived from previous versions.
5432 Removed much of the long list of previous versions from png.h and
5433 libpng.3.
5434
5435 Version 1.6.19rc04 [November 5, 2015]
5436 Fixed new bug with CRC error after reading an over-length palette
5437 (bug report by Cosmin Truta) (CVE-2015-8126).
5438
5439 Version 1.6.19 [November 12, 2015]
5440 Cleaned up coding style in png_handle_PLTE().
5441
5442 Version 1.6.20beta01 [November 20, 2015]
5443 Avoid potential pointer overflow/underflow in png_handle_sPLT() and
5444 png_handle_pCAL() (Bug report by John Regehr).
5445
5446 Version 1.6.20beta02 [November 23, 2015]
5447 Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
5448 not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
5449 vulnerability.
5450
5451 Version 1.6.20beta03 [November 24, 2015]
5452 Backported tests from libpng-1.7.0beta69.
5453
5454 Version 1.6.20rc01 [November 26, 2015]
5455 Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
5456 American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't
5457 immediately fault a bad CMINFO field; instead a 'too far back' error
5458 happens later (at least some times). pngfix failed to limit CMINFO to
5459 the allowed values but then assumed that window_bits was in range,
5460 triggering an assert. The bug is mostly harmless; the PNG file cannot
5461 be fixed.
5462
5463 Version 1.6.20rc02 [November 29, 2015]
5464 In libpng 1.6 zlib initialization was changed to use the window size
5465 in the zlib stream, not a fixed value. This causes some invalid images,
5466 where CINFO is too large, to display 'correctly' if the rest of the
5467 data is valid. This provides a workaround for zlib versions where the
5468 error arises (ones that support the API change to use the window size
5469 in the stream).
5470
5471 Version 1.6.20 [December 3, 2015]
5472 No changes.
5473
5474 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
5475 (subscription required; visit
5476 https://lists.sourceforge.net/lists/listinfo/png-mng-implement
5477 to subscribe)
5478 or to glennrp at users.sourceforge.net
5479
5480 Glenn R-P
5481 #endif
|
5071 No changes.
5072
5073 Version 1.6.15beta01 [October 29, 2014]
5074 Changed "if (!x)" to "if (x == 0)" and "if (x)" to "if (x != 0)"
5075 Simplified png_free_data().
5076 Added missing "ptr = NULL" after some instances of png_free().
5077
5078 Version 1.6.15beta02 [November 1, 2014]
5079 Changed remaining "if (!x)" to "if (x == 0)" and "if (x)" to "if (x != 0)"
5080
5081 Version 1.6.15beta03 [November 3, 2014]
5082 Added PNG_USE_ARM_NEON configuration flag (Marcin Juszkiewicz).
5083
5084 Version 1.6.15beta04 [November 4, 2014]
5085 Removed new PNG_USE_ARM_NEON configuration flag and made a one-line
5086 revision to configure.ac to support ARM on aarch64 instead (John Bowler).
5087
5088 Version 1.6.15beta05 [November 5, 2014]
5089 Use png_get_libpng_ver(NULL) instead of PNG_LIBPNG_VER_STRING in
5090 example.c, pngtest.c, and applications in the contrib directory.
5091 Fixed an out-of-range read in png_user_version_check() (Bug report from
5092 Qixue Xiao, CVE-2015-8540).
5093 Simplified and future-proofed png_user_version_check().
5094 Fixed GCC unsigned int->float warnings. Various versions of GCC
5095 seem to generate warnings when an unsigned value is implicitly
5096 converted to double. This is probably a GCC bug but this change
5097 avoids the issue by explicitly converting to (int) where safe.
5098 Free all allocated memory in pngimage. The file buffer cache was left
5099 allocated at the end of the program, harmless but it causes memory
5100 leak reports from clang.
5101 Fixed array size calculations to avoid warnings. At various points
5102 in the code the number of elements in an array is calculated using
5103 sizeof. This generates a compile time constant of type (size_t) which
5104 is then typically assigned to an (unsigned int) or (int). Some versions
5105 of GCC on 64-bit systems warn about the apparent narrowing, even though
5106 the same compiler does apparently generate the correct, in-range,
5107 numeric constant. This adds appropriate, safe, casts to make the
5108 warnings go away.
5109
5110 Version 1.6.15beta06 [November 6, 2014]
5111 Reverted use png_get_libpng_ver(NULL) instead of PNG_LIBPNG_VER_STRING
5112 in the manual, example.c, pngtest.c, and applications in the contrib
5430 Fixed some inconsequential cut-and-paste typos in png_set_cHRM_XYZ_fixed().
5431 Clarified COPYRIGHT information to state explicitly that versions
5432 are derived from previous versions.
5433 Removed much of the long list of previous versions from png.h and
5434 libpng.3.
5435
5436 Version 1.6.19rc04 [November 5, 2015]
5437 Fixed new bug with CRC error after reading an over-length palette
5438 (bug report by Cosmin Truta) (CVE-2015-8126).
5439
5440 Version 1.6.19 [November 12, 2015]
5441 Cleaned up coding style in png_handle_PLTE().
5442
5443 Version 1.6.20beta01 [November 20, 2015]
5444 Avoid potential pointer overflow/underflow in png_handle_sPLT() and
5445 png_handle_pCAL() (Bug report by John Regehr).
5446
5447 Version 1.6.20beta02 [November 23, 2015]
5448 Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
5449 not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
5450 vulnerability. Fixes CVE-2015-8472.
5451
5452 Version 1.6.20beta03 [November 24, 2015]
5453 Backported tests from libpng-1.7.0beta69.
5454
5455 Version 1.6.20rc01 [November 26, 2015]
5456 Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
5457 American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't
5458 immediately fault a bad CMINFO field; instead a 'too far back' error
5459 happens later (at least some times). pngfix failed to limit CMINFO to
5460 the allowed values but then assumed that window_bits was in range,
5461 triggering an assert. The bug is mostly harmless; the PNG file cannot
5462 be fixed.
5463
5464 Version 1.6.20rc02 [November 29, 2015]
5465 In libpng 1.6 zlib initialization was changed to use the window size
5466 in the zlib stream, not a fixed value. This causes some invalid images,
5467 where CINFO is too large, to display 'correctly' if the rest of the
5468 data is valid. This provides a workaround for zlib versions where the
5469 error arises (ones that support the API change to use the window size
5470 in the stream).
5471
5472 Version 1.6.20 [December 3, 2015]
5473 No changes.
5474
5475 Version 1.6.21beta01 [December 11, 2015]
5476 Fixed syntax "$(command)" in tests/pngstest that some shells other than
5477 bash could not parse (Bug report by Nelson Beebe). Use `command` instead.
5478
5479 Version 1.6.21beta02 [December 14, 2015]
5480 Moved png_check_keyword() from pngwutil.c to pngset.c
5481 Removed LE/BE dependencies in pngvalid, to 'fix' the current problem
5482 in the BigEndian tests by not testing it, making the BE code the same
5483 as the LE version.
5484 Fixes to pngvalid for various reduced build configurations (eliminate unused
5485 statics) and a fix for the case in rgb_to_gray when the digitize option
5486 reduces graylo to 0, producing a large error.
5487
5488 Version 1.6.21beta03 [December 18, 2015]
5489 Widened the 'limit' check on the internally calculated error limits in
5490 the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error
5491 checks) and changed the check to only operate in non-release builds
5492 (base build type not RC or RELEASE.)
5493 Fixed undefined behavior in pngvalid.c, undefined because
5494 (png_byte) << shift is undefined if it changes the signed bit
5495 (because png_byte is promoted to int). The libpng exported functions
5496 png_get_uint_32 and png_get_uint_16 handle this. (Bug reported by
5497 David Drysdale as a result of reports from UBSAN in clang 3.8).
5498 This changes pngvalid to use BE random numbers; this used to produce
5499 errors but these should not be fixed as a result of the previous changes.
5500
5501 Version 1.6.21rc01 [January 4, 2016]
5502 In projects/vstudio, combined readme.txt and WARNING into README.txt
5503
5504 Version 1.6.21rc02 [January 7, 2016]
5505 Relocated assert() in contrib/tools/pngfix.c, bug found by American
5506 Fuzzy Lop, reported by Brian Carpenter.
5507 Marked 'limit' UNUSED in transform_range_check(). This only affects
5508 release builds.
5509
5510 Version 1.6.21 [January 15, 2016]
5511 Worked around a false-positive Coverity issue in pngvalid.c.
5512
5513 Version 1.6.22beta01 [January 23, 2016]
5514 Changed PNG_USE_MKSTEMP to __COVERITY__ to select alternate
5515 "tmpfile()" implementation in contrib/libtests/pngstest.c
5516 Fixed NO_STDIO build of pngunknown.c to skip calling png_init_io()
5517 if there is no stdio.h support.
5518 Added a png_image_write_to_memory() API and a number of assist macros
5519 to allow an application that uses the simplified API write to bypass
5520 stdio and write directly to memory.
5521 Added some warnings (png.h) and some check code to detect *possible*
5522 overflow in the ROW_STRIDE and simplified image SIZE macros. This
5523 disallows image width/height/format that *might* overflow. This is
5524 a quiet API change that limits in-memory image size (uncompressed) to
5525 less than 4GByte and image row size (stride) to less than 2GByte.
5526 Revised workaround for false-positive Coverity issue in pngvalid.c.
5527
5528 Version 1.6.22beta02 [February 8, 2016]
5529 Only use exit(77) in configure builds.
5530 Corrected error in PNG_IMAGE_PNG_SIZE_MAX. This new macro underreported
5531 the palette size because it failed to take into account that the memory
5532 palette has to be expanded to full RGB when it is written to PNG.
5533 Updated CMakeLists.txt, added supporting scripts/gen*.cmake.in
5534 and test.cmake.in (Roger Leigh).
5535 Relaxed limit checks on gamma values in pngrtran.c. As suggested in
5536 the comments gamma values outside the range currently permitted
5537 by png_set_alpha_mode are useful for HDR data encoding. These values
5538 are already permitted by png_set_gamma so it is reasonable caution to
5539 extend the png_set_alpha_mode range as HDR imaging systems are starting
5540 to emerge.
5541
5542 Version 1.6.22beta03 [March 9, 2016]
5543 Added a common-law trademark notice and export control information
5544 to the LICENSE file, png.h, and the man page.
5545 Restored "& 0xff" in png_save_uint_16() and png_save_uint_32() that
5546 were accidentally removed from libpng-1.6.17.
5547 Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0xnnnn to 0xnnnnU in png.h
5548 (Robert C. Seacord).
5549 Removed dubious "#if INT_MAX" test from png.h that was added to
5550 libpng-1.6.19beta02 (John Bowler).
5551 Add ${INCLUDES} in scripts/genout.cmake.in (Bug report by Nixon Kwok).
5552 Updated LICENSE to say files in the contrib directory are not
5553 necessarily under the libpng license, and that some makefiles have
5554 other copyright owners.
5555 Added INTEL-SSE2 support (Mike Klein and Matt Sarett, Google, Inc.).
5556 Made contrib/libtests/timepng more robust. The code no longer gives
5557 up/fails on invalid PNG data, it just skips it (with error messages).
5558 The code no longer fails on PNG files with data beyond IEND. Options
5559 exist to use png_read_png (reading the whole image, not by row) and, in
5560 that case, to apply any of the supported transforms. This makes for
5561 more realistic testing; the decoded data actually gets used in a
5562 meaningful fashion (John Bowler).
5563 Fixed some misleading indentation (Krishnaraj Bhat).
5564
5565 Version 1.6.22beta04 [April 5, 2016]
5566 Force GCC compilation to C89 if needed (Dagobert Michelsen).
5567 SSE filter speed improvements for bpp=3:
5568 memcpy-free implementations of load3() / store3().
5569 call load3() only when needed at the end of a scanline.
5570
5571 Version 1.6.22beta05 [April 27, 2016]
5572 Added PNG_FAST_FILTERS macro (defined as
5573 PNG_FILTER_NONE|PNG_FILTER_SUB|PNG_FILTER_UP).
5574 Various fixes for contrib/libtests/timepng.c
5575 Moved INTEL-SSE code from pngpriv.h into contrib/intel/intel_sse.patch.
5576 Fixed typo (missing underscore) in #define PNG_READ_16_TO_8_SUPPORTED
5577 (Bug report by Y.Ohashik).
5578
5579 Version 1.6.22beta06 [May 5, 2016]
5580 Rebased contrib/intel_sse.patch.
5581 Quieted two Coverity issues in contrib/libtests/timepng.c.
5582 Fixed issues with scripts/genout.cmake.in (David Capello, Nixon Kwok):
5583 Added support to use multiple directories in ZLIBINCDIR variable,
5584 Fixed CMAKE_C_FLAGS with multiple values when genout is compiled on MSVC,
5585 Fixed pnglibconf.c compilation on OS X including the sysroot path.
5586
5587 Version 1.6.22rc01 [May 14, 2016]
5588 No changes.
5589
5590 Version 1.6.22rc02 [May 16, 2016]
5591 Removed contrib/timepng from default build; it does not build on platforms
5592 that don't supply clock_gettime().
5593
5594 Version 1.6.22rc03 [May 17, 2016]
5595 Restored contrib/timepng to default build but check for the presence
5596 of clock_gettime() in configure.ac and Makefile.am.
5597
5598 Version 1.6.22 [May 26, 2016]
5599 No changes.
5600
5601 Version 1.6.23beta01 [May 29, 2016]
5602 Stop a potential memory leak in png_set_tRNS() (Bug report by Ted Ying).
5603 Fixed the progressive reader to handle empty first IDAT chunk properly
5604 (patch by Timothy Nikkel). This bug was introduced in libpng-1.6.0 and
5605 only affected the libpng16 branch.
5606 Added tests in pngvalid.c to check zero-length IDAT chunks in various
5607 positions. Fixed the sequential reader to handle these more robustly
5608 (John Bowler).
5609
5610 Version 1.6.23rc01 [June 2, 2016]
5611 Corrected progressive read input buffer in pngvalid.c. The previous version
5612 the code invariably passed just one byte at a time to libpng. The intent
5613 was to pass a random number of bytes in the range 0..511.
5614 Moved sse2 prototype from pngpriv.h to contrib/intel/intel_sse.patch.
5615 Added missing ")" in pngerror.c (Matt Sarrett).
5616
5617 Version 1.6.23rc02 [June 4, 2016]
5618 Fixed undefined behavior in png_push_save_buffer(). Do not call
5619 memcpy() with a null source, even if count is zero (Leon Scroggins III).
5620
5621 Version 1.6.23 [June 9, 2016]
5622 Fixed bad link to RFC2083 in png.5 (Nikola Forro).
5623
5624 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
5625 (subscription required; visit
5626 https://lists.sourceforge.net/lists/listinfo/png-mng-implement
5627 to subscribe)
5628 or to glennrp at users.sourceforge.net
5629
5630 Glenn R-P
5631 #endif
|