dd92d2f6ca118f728e900110ee2c96981.6.0coololibpng 1.6.01568510f490615afd254e8d932c4efc7bea4781.6.0cooloAutomatic submission by obs-autosubmit158541e75ced4fa2648006dddaf7d0b73febe51.6.0coolo- allow zero length PLTE chunks
(fixes GraphicsMagick testsuite) (forwarded request 159787 from pgajdos)159789bd69b2209e2ff05ce9aa4c2efd4e35e21.6.1coolo- conflict with libpng12-compat-devel-32bit and libpng15-compat-devel-32bit
- updated to 1.6.1:
Made sRGB check numbers consistent.
Use parentheses more consistently in "#if defined(MACRO)" tests.
Reenabled code to allow zero length PLTE chunks for MNG.
Fixed ALIGNED_MEMORY support.
Avoid a possible memory leak in contrib/gregbook/readpng.c
Better documentation of unknown handling API interactions.
Corrected simplified API default gamma for color-mapped output, added
a flag to change default. In 1.6.0 when the simplified API was used
to produce color-mapped output from an input image with no gamma
information the gamma assumed for the input could be different from
that assumed for non-color-mapped output. In particular 16-bit depth
input files were assumed to be sRGB encoded, whereas in the 'direct'
case they were assumed to have linear data. This was an error. The
fix makes the simplified API treat all input files the same way and
adds a new flag to the png_image::flags member to allow the
application/user to specify that 16-bit files contain sRGB data
rather than the default linear.
etc., see ANNOUNCE or CHANGES for details
- dropped upstreamed
0387-Reenable-code-to-allow-zero-length-PLTE-chunks-for-M.patch162341b7e5275adb2ab3a3e00e9d47246600191.6.2coolo- updated to 1.6.2:
Updated documentation of 1.5.x to 1.6.x changes in iCCP chunk handling.
Fixed incorrect warning of excess deflate data. End condition - the
warning would be produced if the end of the deflate stream wasn't read
in the last row. The warning is harmless.
Corrected the test on user transform changes on read. It was in the
png_set of the transform function, but that doesn't matter unless the
transform function changes the rowbuf size, and that is only valid if
transform_info is called.
Corrected a misplaced closing bracket in contrib/libtests/pngvalid.c
(Flavio Medeiros).
Corrected length written to uncompressed iTXt chunks (Samuli Suominen).
Added contrib/tools/fixitxt.c, to repair the erroneous iTXt chunk length
written by libpng-1.6.0 and 1.6.1.
Disallow storing sRGB information when the sRGB is not supported.
Merge pngtest.c with libpng-1.7.0173433e222ba25363859f5b3aa9ed69f1579431.6.2coolo- Build with LFS_CFLAGS in 32 bit archs otherwise calls such
as png_image_begin_read_from_file() or png_image_write_to_file()
will fail to read/write huge images.
- Build with Full RELRO as this library is a possible consumer
of malicuous images/files. (forwarded request 180468 from elvigia)1806158dd811d553788fe8f721a6c3e6a1dcb91.6.3scarabeus_factory- png-fix-too-far-back was actually renamed to pngfix. Adjusted rpm
macro names accordingly, %png_fix and %png_fix_dir.
- updated to 1.6.3:
* Added png-fix-itxt and png-fix-too-far-back to the built programs and
removed warnings from the source code and timepng that are revealed as
a result.
=> new subpackage tools, created rpm macros18642277a8bb3e02b821c9c47bdfe31ba2b3dc1.6.3coolo- remove gpg-offline usage, libpng16 is too low in the build chain1968929ee92b9f22b4eefd9fee5651cc72db101.6.4scarabeus_factory- updated to 1.6.4:
* Added information about png_set_options() to the manual.
* Delay calling png_init_filter_functions() until a row with nonzero
filter is found.
* Fixed inconsistent conditional compilation of
png_chunk_unknown_handling() prototype, definition, and usage.
Made it depend on PNG_HANDLE_AS_UNKNOWN_SUPPORTED everywhere.1986929ee92b9f22b4eefd9fee5651cc72db101.6.4adrianSuSESplit 13.1 from Factory18ad67c41db48b1fb91581107fa5cd0a1.6.6coolo- updated to 1.6.6:
* fix arm build200515539d8b406cdc6dc2b891beb3e6e9868b1.6.7coolo- updated to 1.6.7:
* Revised unknown chunk code to correct several bugs in the
NO_SAVE_/NO_WRITE combination
* Check user callback behavior in pngunknown.c. Previous versions
compiled if SAVE_UNKNOWN was not available but did nothing since the
callback was never implemented.
* Merged pngunknown.c with 1.7 version and back ported 1.7
improvements/fixes
* Revised pngvalid to generate size images with as many filters as
it can manage, limited by the number of rows.
* ARM improvements/fixes20697228d62dc14f2002f03ebed7e5cb93fc001.6.7coolo- png_fix macro doesn't leave *.png.fixed (which happened for correct
PNGs) [bnc#852862] (forwarded request 209136 from pgajdos)209137f2ba3dfd5efaa1f479b98e9763ec890b1.6.8cooloAutomatic submission by obs-autosubmit212321e1d175e328ad42db3c95705eefda2eaa1.6.9scarabeus_factory- updated to 1.6.9:
Bookkeeping: Moved functions around (no changes). Moved transform
function definitions before the place where they are called so that
they can be masde static. Move the intrapixel functions and the
grayscale palette builder out of the png?tran.c files. The latter
isn't a transform function and is no longer used internally, and the
former MNG specific functions are better placed in pngread/pngwrite.c
Made transform implementation functions static. This makes the internal
functions called by png_do_{read|write}_transformations static. On an
x86-64 DLL build (Gentoo Linux) this reduces the size of the text
segment of the DLL by 1208 bytes, about 0.6%. It also simplifies
maintenance by removing the declarations from pngpriv.h and allowing
easier changes to the internal interfaces.
Rebuilt configure scripts with automake-1.14.1 and autoconf-2.69
in the tar distributions.
Added checks for libpng 1.5 to pngvalid.c. This supports the use of
this version of pngvalid in libpng 1.5
Merged with pngvalid.c from libpng-1.7 changes to create a single
pngvalid.c
Merged pngrio.c, pngtrans.c, pngwio.c, and pngerror.c with libpng-1.7.0
Merged libpng-1.7.0 changes to make no-interlace configurations work
with test programs.
Revised pngvalid.c to support libpng 1.5, which does not support the
PNG_MAXIMUM_INFLATE_WINDOW option, so #define it out when appropriate
in pngvalid.c
Allow unversioned links created on install to be disabled in configure.
In configure builds 'make install' changes/adds links like png.h
and libpng.a to point to the newly installed, versioned, files (e.g.
libpng17/png.h and libpng17.a). Three new configure options and some
rearrangement of Makefile.am allow creation of these links to be2212072573977b846ff3e10d58bd74bf96f6ae1.6.9scarabeus_factory- fixed CVE-2014-0333 [bnc#866298]
- added patches:
* libpng16-1.6.6-CVE-2014-0333.patch224574144c899de7d983b1b4c024ffba266cc61.6.12coolo- updated to 1.6.12:
* bugfixes, almost build-related only
- updated to 1.6.11:
* fixed CVE-2014-0333
* other bugfixes
- removed libpng16-1.6.9-CVE-2014-0333.patch (upstreamed)2369831e4563630f39ee07a12e3be5bbf69a1d1.6.13coolo- updated to 1.6.13: a "cleanup" release that have no security
fixes or new features.2457101e4563630f39ee07a12e3be5bbf69a1d1.6.13adrianSuSESplit 13.2 from Factory14509f6c0f8b3068627efde80de5f8ae1.6.15dimstar_suse- updated to 1.6.15:
* Avoid out-of-bounds memory access in png_user_version_check().
* Fixed incorrect handling of the iTXt compression.
* Free all allocated memory in pngimage.
* Fixed array size calculations to avoid warnings.
etc. see ANNOUNCE262526afe443b7ff6c87e549fc641e396848091.6.16dimstar_suseAutomatic submission by obs-autosubmit2799464630574fdc83c618932565fe5c8cd53d1.6.16dimstar_suseAutomatic submission by obs-autosubmit282344f38ab0e7efb65cf4c81617887a1d08791.6.17dimstar_suse- Fixed rgb_to_gray checks and added tRNS checks to pngvalid.c.
+ libpng-rgb_to_gray-checks.patch
- updated to 1.6.17:
Corrected the width limit calculation in png_check_IHDR().
Removed user limits from pngfix. Also pass NULL pointers to
png_read_row to skip the unnecessary row de-interlace stuff.
Implement previously untested cases of libpng transforms in pngvalid.c
Fixed byte order in 2-byte filler, in png_do_read_filler().
Made the check for out-of-range values in png_set_tRNS() detect
values that are exactly 2^bit_depth, and work on 16-bit platforms.
Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47.
Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and
pngset.c to avoid warnings about dead code.
Do not build png_product2() when it is unused.
Display user limits in the output from pngtest.
Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column
and 1-million-row default limits in pnglibconf.dfa, that can be reset
by the user at build time or run time. This provides a more robust
defense against DOS and as-yet undiscovered overflows.
Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default.
Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins).
Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block
of png.h.
Free the unknown_chunks structure even when it contains no data.
Fixed simplified 8-bit-linear to sRGB alpha. The calculated alpha
value was wrong. It's not clear if this affected the final stored
value; in the obvious code path the upper and lower 8-bits of the
alpha value were identical and the alpha was truncated to 8-bits
rather than dividing by 257 (John Bowler).29390554baaeebe324ef274e02930dfa92cfeb1.6.17dimstar_suseAutomatic submission by obs-autosubmit323168df4d68bb5a65ee31e1556578b20fe4b51.6.19dimstar_suse- update to 1.6.19:
Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
Fixed the recently reported 1's complement security issue.
Fixed png_save_int_32 when int is not 2's complement by replacing
the value that is illegal in the PNG spec, in both signed and
unsigned values, with 0.
etc., see ANNOUNCE and CHANGES for details
- removed: libpng-rgb_to_gray-checks.patch (upstreamed)3441579898a8b615bae7ed6ee42bac2bc64c6a1.6.20dimstar_suse- update to 1.6.20:
Avoid potential pointer overflow/underflow in png_handle_sPLT() and
png_handle_pCAL() (Bug report by John Regehr).
Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
vulnerability.
Backported tests from libpng-1.7.0beta69.
Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't
immediately fault a bad CMINFO field; instead a 'too far back' error
happens later (at least some times). pngfix failed to limit CMINFO to
the allowed values but then assumed that window_bits was in range,
triggering an assert. The bug is mostly harmless; the PNG file cannot
be fixed.
In libpng 1.6 zlib initialization was changed to use the window size
in the zlib stream, not a fixed value. This causes some invalid images,
where CINFO is too large, to display 'correctly' if the rest of the
data is valid. This provides a workaround for zlib versions where the
error arises (ones that support the API change to use the window size
in the stream).34733530065955819c05d4da7c9043092c21741.6.21dimstar_suse135439285b7c8db291c899e06e624c997fcb10d1.6.22dimstar_suse- update to 1.6.22:
Added a png_image_write_to_memory() API and a number of assist macros
to allow an application that uses the simplified API write to bypass
stdio and write directly to memory.
Relaxed limit checks on gamma values in pngrtran.c. As suggested in
the comments gamma values outside the range currently permitted
by png_set_alpha_mode are useful for HDR data encoding. These values
are already permitted by png_set_gamma so it is reasonable caution to
extend the png_set_alpha_mode range as HDR imaging systems are starting
to emerge.
Restored "& 0xff" in png_save_uint_16() and png_save_uint_32() that
were accidentally removed from libpng-1.6.17.
Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0xnnnn to 0xnnnnU in png.h
(Robert C. Seacord).
Added INTEL-SSE2 support (Mike Klein and Matt Sarett, Google, Inc.).
SSE filter speed improvements for bpp=3:
memcpy-free implementations of load3() / store3().
Added PNG_FAST_FILTERS macro (defined as
PNG_FILTER_NONE|PNG_FILTER_SUB|PNG_FILTER_UP).398278f5b10b66694943764ace17e2e0f538551.6.24dimstar_suse- update to 1.6.24:
Avoid potential overflow of the PNG_IMAGE_SIZE macro.
Correct filter heuristic overflow handling.
Use a more efficient absolute value calculation on SSE2.
Added pngcp.
etc. see ANNOUNCE
- Update to new upstream release 1.6.23
* Fixes a potential memleak in png_set_tRNS.
* Fixed the progressive reader to handle empty first IDAT
chunk properly.
* Added tests in pngvalid.c to check zero-length IDAT chunks
in various positions.
* Fixed the sequential reader to handle these more robustly.
* Corrected progressive read input buffer in pngvalid.c.
* Moved sse2 prototype from pngpriv.h to
contrib/intel/intel_sse.patch.
* Fixed undefined behavior in png_push_save_buffer().
Do not call memcpy() with a null source, even if count is zero.
* Fixed bad link to RFC2083 in png.5.41686306ef6d36ee6145c597fe8f89eab1588f1.6.25dimstar_suse- update to 1.6.25:
Reject oversized iCCP profile immediately.
Conditionally compile png_inflate().
Don't install pngcp; it conflicts with pngcp in the pngtools package.
Added MIPS support (Mandar Sahastrabuddhe <4241608bfd25b352344129f3f083a8bd027fe81.6.26dimstar_suse- update to 1.6.26:
Fixed handling zero length IDAT in pngfix (bug report by Agostino Sarubbo,
bugfix by John Bowler).
Do not issue a png_error() on read in png_set_pCAL() because
png_handle_pCAL has allocated memory that libpng needs to free.
Issue a png_benign_error instead of a png_error on ADLER32 mismatch
while decoding compressed data chunks.
Changed PNG_ZLIB_VERNUM to ZLIB_VERNUM in pngpriv.h, pngstruct.h, and
pngrutil.c.
If CRC handling of critical chunks has been set to PNG_CRC_QUIET_USE,
ignore the ADLER32 checksum in the IDAT chunk as well as the chunk CRCs.
Issue png_benign_error() on ADLER32 checksum mismatch instead of
png_error().
Updated the documentation about CRC and ADLER32 handling.
Fixed offsets in contrib/intel/intel_sse.patch
Changed integer constant 4294967294 to unsigned 4294967294U in pngconf.h
to avoid a signed/unsigned compare in the preprocessor.
Use zlib-1.2.8.1 inflateValidate() instead of inflateReset2() to
optionally avoid ADLER32 evaluation.436633e86ef71dc23dcdec75e66c77965bb1981.6.28dimstar_suse- update to 1.6.28: fix build issues
- update to 1.6.27: fixes CVE-2016-10087448961ac3c4f26269cd0fbe476e5c50527a6141.6.29dimstar_suse- update to 1.6.29:
Moved SSE2 optimization code into the main libpng source directory.
Configure libpng with "configure --enable-intel-sse" or compile
libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it.
Added code for PowerPC VSX optimisation (Vadim Barkov).
Avoid potential overflow of shift operations in png_do_expand() (Aaron Boxer).4807260924de0af2dbd9d97e272472be6c9f261.6.30dimstar_suse- update to 1.6.30:
Revised documentation of png_get_error_ptr() in the libpng manual.
Document need to check for integer overflow when allocating a pixel
buffer for multiple rows in contrib/gregbook, contrib/pngminus,
example.c, and in the manual (suggested by Jaeseung Choi). This
is similar to the bug reported against pngquant in CVE-2016-5735.
Check for integer overflow in contrib/visupng and contrib/tools/genpng.
Do not double evaluate CMAKE_SYSTEM_PROCESSOR in CMakeLists.txt.
Avoid writing an empty IDAT when the last IDAT exactly fills the
compression buffer (bug report by Brian Baird). This bug was
introduced in libpng-1.6.0.
Add a reference to the libpng.download site in README.5074058e20f413ae07a5a32805e69d3416b0b11.6.30dimstar_suse1511589c00b492a1ecdfb714a22cb2e4cd69e4b1.6.31maxlin_factory- update to 1.6.31:
* Guard the definition of _POSIX_SOURCE in pngpriv.h.
* Revised pngpriv.h to work around failure to compile
arm/filter_neon.S.
* Added "Requires: zlib" to libpng.pc.in.
* Added special case for FreeBSD in arm/filter_neon.S.
* Changed "int" to "png_size_t" in intel/filter_sse2.c to prevent
possible integer overflow.
* Added eXIf chunk support.
- remove upstreamed
0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch514898236ebeceb666f8567f464b99219242cd1.6.34dimstar_suse- check with -j1
- Fix SRPM group and grammar issues.
- removed obsoleted Obsoletes
- update to 1.6.34:
* Removed contrib/pngsuite/i*.png; some of these were incorrect
and caused test failures.
- includes 1.6.33:
* Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added
missing parenthesis in contrib/pngminus/pnm2png.c
* Fixed off-by-one error in png_do_check_palette_indexes()
* Initialize png_handler.row_ptr in libpng_read_fuzzer.cc
to fix shortlived oss-fuzz issue 3234.
* Compute a larger limit on IDAT because some applications write
a deflate buffer for each row
* Use current date (DATE) instead of release-date (RDATE) in last
changed date of contrib/oss-fuzz files.
* Enabled ARM support in CMakeLists.txt
* Fixed incorrect typecast of some arguments to png_malloc() and
png_calloc() that were png_uint_32 instead of png_alloc_size_t
* Use pnglibconf.h.prebuilt when building for ANDROID with cmake
* Initialize memory allocated by png_inflate to zero, using
memset, to stop an oss-fuzz "use of uninitialized value"
detection in png_set_text_2() due to truncated iTXt or zTXt
chunk.
* Initialize memory allocated by png_read_buffer to zero, using
memset, to stop an oss-fuzz "use of uninitialized value"
detection in png_icc_check_tag_table() due to truncated iCCP571330e2eea77289e377f61ee099438ec30d981.6.34dimstar_suse- %{libname} package provides libpng = %{version} again
[bsc#1079342]57309151ca894d3ad39893a623c110035850641.6.34dimstar_suse- security update:
* CVE-2018-13785 [bsc#1100687]
+ libpng16-CVE-2018-13785.patch626863164c882c6360929fda07b6e56290ac481.6.36dimstar_suse- update to 1.6.36:
Replaced the remaining uses of png_size_t with size_t (Cosmin)
Fixed the calculation of row_factor in png_check_chunk_length
(reported by Thuan Pham in SourceForge issue #278)
Added missing parentheses to a macro definition
(suggested by "irwir" in GitHub issue #216)
Optimized png_do_expand_palette for ARM processors.
Improved performance by around 10-22% on a recent ARM Chromebook.
(Contributed by Richard Townsend, ARM Holdings)
Fixed manipulation of machine-specific optimization options.
(Contributed by Vicki Pfau)
Used memcpy instead of manual pointer arithmetic on Intel SSE2.
(Contributed by Samuel Williams)
Fixed build errors with MSVC on ARM64.
(Contributed by Zhijie Liang)
Fixed detection of libm in CMakeLists.
(Contributed by Cameron Cawley)
Fixed incorrect creation of pkg-config file in CMakeLists.
(Contributed by Kyle Bentley)
Fixed the CMake build on Windows MSYS by avoiding symlinks.
Fixed a build warning on OpenBSD.
(Contributed by Theo Buehler)
Fixed various typos in comments.
(Contributed by "luz.paz")
Raised the minimum required CMake version from 3.0.2 to 3.1.
Removed yet more of the vestigial support for pre-ANSI C compilers.
Removed ancient makefiles for ancient systems that have been broken
across all previous libpng-1.6.x versions.
Removed the Y2K compliance statement and the export control
information.662196704d64ae623cdb2fc0c09c80229901f11.6.36coolo- fix arm build [bsc#1121829]
+ libpng-arm-free.patch
- asan_build: build ASAN included
- debug_build: build more suitable for debugging, install pngcp669458316534d20a19a185e93f8eef5224bec91.6.37dimstar_suse- make check actually works under asan
- version update to 1.6.37
Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.
Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette.
Fixed a memory leak in pngtest.c.
Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in
contrib/pngminus; refactor.
Changed the license of contrib/pngminus to MIT; refresh makefile and docs.
(Contributed by Willem van Schaik)
Added makefiles for AddressSanitizer-enabled builds.
- deleted patches
- libpng-arm-free.patch (upstreamed)694940cde8976af811ef14940b8474fdd42e7e1.6.37RBrownSUSEEnable SSE optimizations. They are not enabled by default in configure-based builds (see the INSTALL file). (forwarded request 878383 from llunak)8784736c43f475d8a3d8d8a041ee8091e33ec31.6.37dimstar_suse- install rpm macros in %{_rpmmacrodir} [bsc#1185661]
- call spec-cleaner890905fa0e5f721ba9ac18f694462c00281e551.6.37dimstar_suseAutomatic submission by obs-autosubmit9762724176d4d0c83d2799d19f1f9279885d531.6.38dimstar_suse10071696a414eb2a7ac94b2cca7a3d317916bfc1.6.39dimstar_suse- Update to version 1.6.39:
* cmake: Default to PNG_ARM_NEON=off for arm targets.
+ Turn large PNG chunks into benign errors.
+ Update, rename and clean up various scripts.
+ tools: Fix a buffer overflow involving a file name in pngfix.
+ tools: Fix a memory leak in pngcp. (forwarded request 1038184 from dimstar)1038197a298ada5d7057d9da1964c09a1eb05121.6.39dimstar_suse- Fix build: some*.la files are symlinks. Adjust spec to use
find -type f,l (forwarded request 1062444 from dimstar)1062455