[libpng14] Imported from libpng-1.4.9beta01.tar
diff --git a/ANNOUNCE b/ANNOUNCE
index 7138a18..785d3ca 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -1,5 +1,5 @@
-Libpng 1.4.9beta01 - September 2, 2011
+Libpng 1.4.9beta01 - February 17, 2012
This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version.
@@ -26,11 +26,14 @@
Changes since the last public release (1.4.8):
-version 1.4.9beta01 [September 2, 2011]
+version 1.4.9beta01 [February 17, 2012]
Added vstudio/* and CMakeLists to EXTRA_DIST in Makefile.in and Makefile.am
Updated contrib/pngminus/makefile.std (Samuli Souminen)
Added SunOS support to configure.ac and Makefile.am (but configure and
Makefile.in were not updated)
+ Fixed CVE-2011-3026 buffer overrun bug. Deal more correctly with the test
+ on iCCP chunk length. Also removed spurious casts that may hide problems
+ on 16-bit systems.
Send comments/corrections/commendations to glennrp at users.sourceforge.net
or to png-mng-implement at lists.sf.net (subscription required; visit
diff --git a/CHANGES b/CHANGES
index 5c30c35..6c53af0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2825,11 +2825,14 @@
version 1.4.8 [July 7, 2011]
No changes.
-version 1.4.9beta01 [September 2, 2011]
+version 1.4.9beta01 [February 17, 2012]
Added vstudio/* and CMakeLists to EXTRA_DIST in Makefile.in and Makefile.am
Updated contrib/pngminus/makefile.std (Samuli Souminen)
Added SunOS support to configure.ac and Makefile.am (but configure and
Makefile.in were not updated)
+ Fixed CVE-2011-3026 buffer overrun bug. Deal more correctly with the test
+ on iCCP chunk length. Also removed spurious casts that may hide problems
+ on 16-bit systems.
Send comments/corrections/commendations to glennrp at users.sourceforge.net
or to png-mng-implement at lists.sf.net (subscription required; visit
diff --git a/INSTALL b/INSTALL
index 7144f73..7ab81a9 100644
--- a/INSTALL
+++ b/INSTALL
@@ -1,5 +1,5 @@
-Installing libpng version 1.4.9beta01 - July 8, 2011
+Installing libpng version 1.4.9beta01 - February 17, 2012
On Unix/Linux and similar systems, you can simply type
diff --git a/LICENSE b/LICENSE
index fdc1aa2..485200a 100644
--- a/LICENSE
+++ b/LICENSE
@@ -10,7 +10,7 @@
This code is released under the libpng license.
-libpng versions 1.2.6, August 15, 2004, through 1.4.9beta01, July 8, 2011, are
+libpng versions 1.2.6, August 15, 2004, through 1.4.9beta01, February 17, 2012, are
Copyright (c) 2004, 2006-2010 Glenn Randers-Pehrson, and are
distributed according to the same disclaimer and license as libpng-1.2.5
with the following individual added to the list of Contributing Authors
@@ -108,4 +108,4 @@
Glenn Randers-Pehrson
glennrp at users.sourceforge.net
-July 8, 2011
+February 17, 2012
diff --git a/README b/README
index 35d06f1..df6b413 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-README for libpng version 1.4.9beta01 - July 8, 2011 (shared library 14.0)
+README for libpng version 1.4.9beta01 - February 17, 2012 (shared library 14.0)
See the note about version numbers near the top of png.h
See INSTALL for instructions on how to install libpng.
diff --git a/libpng-1.4.9beta01.txt b/libpng-1.4.9beta01.txt
index 80e22ad..98fa428 100644
--- a/libpng-1.4.9beta01.txt
+++ b/libpng-1.4.9beta01.txt
@@ -1,6 +1,6 @@
libpng.txt - A description on how to use and modify libpng
- libpng version 1.4.9beta01 - July 13, 2011
+ libpng version 1.4.9beta01 - February 17, 2012
Updated and distributed by Glenn Randers-Pehrson
<glennrp at users.sourceforge.net>
Copyright (c) 1998-2010 Glenn Randers-Pehrson
@@ -11,7 +11,7 @@
Based on:
- libpng versions 0.97, January 1998, through 1.4.9beta01 - July 13, 2011
+ libpng versions 0.97, January 1998, through 1.4.9beta01 - February 17, 2012
Updated and distributed by Glenn Randers-Pehrson
Copyright (c) 1998-2010 Glenn Randers-Pehrson
@@ -3312,7 +3312,7 @@
XIII. Y2K Compliance in libpng
-July 13, 2011
+February 17, 2012
Since the PNG Development group is an ad-hoc body, we can't make
an official declaration.
diff --git a/libpng.3 b/libpng.3
index 86ca620..f647206 100644
--- a/libpng.3
+++ b/libpng.3
@@ -1,4 +1,4 @@
-.TH LIBPNG 3 "July 13, 2011"
+.TH LIBPNG 3 "February 17, 2012"
.SH NAME
libpng \- Portable Network Graphics (PNG) Reference Library 1.4.9beta01
.SH SYNOPSIS
@@ -895,7 +895,7 @@
.SH LIBPNG.TXT
libpng.txt - A description on how to use and modify libpng
- libpng version 1.4.9beta01 - July 13, 2011
+ libpng version 1.4.9beta01 - February 17, 2012
Updated and distributed by Glenn Randers-Pehrson
<glennrp at users.sourceforge.net>
Copyright (c) 1998-2010 Glenn Randers-Pehrson
@@ -906,7 +906,7 @@
Based on:
- libpng versions 0.97, January 1998, through 1.4.9beta01 - July 13, 2011
+ libpng versions 0.97, January 1998, through 1.4.9beta01 - February 17, 2012
Updated and distributed by Glenn Randers-Pehrson
Copyright (c) 1998-2010 Glenn Randers-Pehrson
@@ -4207,7 +4207,7 @@
.SH XIII. Y2K Compliance in libpng
-July 13, 2011
+February 17, 2012
Since the PNG Development group is an ad-hoc body, we can't make
an official declaration.
@@ -4469,7 +4469,7 @@
Thanks to Frank J. T. Wojcik for helping with the documentation.
-Libpng version 1.4.9beta01 - July 13, 2011:
+Libpng version 1.4.9beta01 - February 17, 2012:
Initially created in 1995 by Guy Eric Schalnat, then of Group 42, Inc.
Currently maintained by Glenn Randers-Pehrson (glennrp at users.sourceforge.net).
@@ -4492,7 +4492,7 @@
This code is released under the libpng license.
-libpng versions 1.2.6, August 15, 2004, through 1.4.9beta01, July 13, 2011, are
+libpng versions 1.2.6, August 15, 2004, through 1.4.9beta01, February 17, 2012, are
Copyright (c) 2004,2006-2007 Glenn Randers-Pehrson, and are
distributed according to the same disclaimer and license as libpng-1.2.5
with the following individual added to the list of Contributing Authors
@@ -4591,7 +4591,7 @@
Glenn Randers-Pehrson
glennrp at users.sourceforge.net
-July 13, 2011
+February 17, 2012
.\" end of man page
diff --git a/libpngpf.3 b/libpngpf.3
index c6fa828..48549fe 100644
--- a/libpngpf.3
+++ b/libpngpf.3
@@ -1,4 +1,4 @@
-.TH LIBPNGPF 3 "July 8, 2011"
+.TH LIBPNGPF 3 "February 17, 2012"
.SH NAME
libpng \- Portable Network Graphics (PNG) Reference Library 1.4.9beta01
(private functions)
diff --git a/png.5 b/png.5
index c21a296..8d8c6a1 100644
--- a/png.5
+++ b/png.5
@@ -1,4 +1,4 @@
-.TH PNG 5 "July 8, 2011"
+.TH PNG 5 "February 17, 2012"
.SH NAME
png \- Portable Network Graphics (PNG) format
.SH DESCRIPTION
diff --git a/png.c b/png.c
index 2defd78..1d860cb 100644
--- a/png.c
+++ b/png.c
@@ -547,13 +547,13 @@
#else
#ifdef __STDC__
return ((png_charp) PNG_STRING_NEWLINE \
- "libpng version 1.4.9beta01 - July 8, 2011" PNG_STRING_NEWLINE \
+ "libpng version 1.4.9beta01 - February 17, 2012" PNG_STRING_NEWLINE \
"Copyright (c) 1998-2010 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \
"Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \
"Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \
PNG_STRING_NEWLINE);
#else
- return ((png_charp) "libpng version 1.4.9beta01 - July 8, 2011\
+ return ((png_charp) "libpng version 1.4.9beta01 - February 17, 2012\
Copyright (c) 1998-2010 Glenn Randers-Pehrson\
Copyright (c) 1996-1997 Andreas Dilger\
Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.");
diff --git a/png.h b/png.h
index bdbe588..314f512 100644
--- a/png.h
+++ b/png.h
@@ -1,7 +1,7 @@
/* png.h - header file for PNG reference library
*
- * libpng version 1.4.9beta01 - July 8, 2011
+ * libpng version 1.4.9beta01 - February 17, 2012
* Copyright (c) 1998-2011 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@@ -11,7 +11,7 @@
* Authors and maintainers:
* libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat
* libpng versions 0.89c, June 1996, through 0.96, May 1997: Andreas Dilger
- * libpng versions 0.97, January 1998, through 1.4.9beta01 - July 8, 2011: Glenn
+ * libpng versions 0.97, January 1998, through 1.4.9beta01 - February 17, 2012: Glenn
* See also "Contributing Authors", below.
*
* Note about libpng version numbers:
@@ -193,7 +193,7 @@
*
* This code is released under the libpng license.
*
- * libpng versions 1.2.6, August 15, 2004, through 1.4.9beta01, July 8, 2011, are
+ * libpng versions 1.2.6, August 15, 2004, through 1.4.9beta01, February 17, 2012, are
* Copyright (c) 2004, 2006-2010 Glenn Randers-Pehrson, and are
* distributed according to the same disclaimer and license as libpng-1.2.5
* with the following individual added to the list of Contributing Authors:
@@ -305,7 +305,7 @@
* Y2K compliance in libpng:
* =========================
*
- * July 8, 2011
+ * February 17, 2012
*
* Since the PNG Development group is an ad-hoc body, we can't make
* an official declaration.
@@ -369,7 +369,7 @@
/* Version information for png.h - this should match the version in png.c */
#define PNG_LIBPNG_VER_STRING "1.4.9beta01"
#define PNG_HEADER_VERSION_STRING \
- " libpng version 1.4.9beta01 - July 8, 2011\n"
+ " libpng version 1.4.9beta01 - February 17, 2012\n"
#define PNG_LIBPNG_VER_SONUM 14
#define PNG_LIBPNG_VER_DLLNUM 14
diff --git a/pngconf.h b/pngconf.h
index 5453cfd..9bb15d2 100644
--- a/pngconf.h
+++ b/pngconf.h
@@ -1,7 +1,7 @@
/* pngconf.h - machine configurable file for libpng
*
- * libpng version 1.4.9beta01 - July 8, 2011
+ * libpng version 1.4.9beta01 - February 17, 2012
* For conditions of distribution and use, see copyright notice in png.h
* Copyright (c) 1998-2011 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
diff --git a/pngpread.c b/pngpread.c
index a2d8dbf..47dc1ec 100644
--- a/pngpread.c
+++ b/pngpread.c
@@ -701,7 +701,7 @@
new_max = png_ptr->save_buffer_size + png_ptr->current_buffer_size + 256;
old_buffer = png_ptr->save_buffer;
png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr,
- (png_size_t)new_max);
+ new_max);
if (png_ptr->save_buffer == NULL)
{
png_free(png_ptr, old_buffer);
@@ -1219,7 +1219,7 @@
#endif
png_ptr->current_text = (png_charp)png_malloc(png_ptr,
- (png_size_t)(length + 1));
+ length + 1);
png_ptr->current_text[length] = '\0';
png_ptr->current_text_ptr = png_ptr->current_text;
png_ptr->current_text_size = (png_size_t)length;
@@ -1319,7 +1319,7 @@
#endif
png_ptr->current_text = (png_charp)png_malloc(png_ptr,
- (png_size_t)(length + 1));
+ length + 1);
png_ptr->current_text[length] = '\0';
png_ptr->current_text_ptr = png_ptr->current_text;
png_ptr->current_text_size = (png_size_t)length;
@@ -1518,7 +1518,7 @@
#endif
png_ptr->current_text = (png_charp)png_malloc(png_ptr,
- (png_size_t)(length + 1));
+ length + 1);
png_ptr->current_text[length] = '\0';
png_ptr->current_text_ptr = png_ptr->current_text;
png_ptr->current_text_size = (png_size_t)length;
@@ -1657,7 +1657,7 @@
png_ptr->unknown_chunk.name[png_sizeof(png_ptr->unknown_chunk.name) - 1]
= '\0';
- png_ptr->unknown_chunk.size = (png_size_t)length;
+ png_ptr->unknown_chunk.size = length;
if (length == 0)
png_ptr->unknown_chunk.data = NULL;
@@ -1665,7 +1665,7 @@
else
{
png_ptr->unknown_chunk.data = (png_bytep)png_malloc(png_ptr,
- (png_size_t)length);
+ length);
png_crc_read(png_ptr, (png_bytep)png_ptr->unknown_chunk.data, length);
}
diff --git a/pngpriv.h b/pngpriv.h
index e798dfe..1a7ad0b 100644
--- a/pngpriv.h
+++ b/pngpriv.h
@@ -1,7 +1,7 @@
/* pngpriv.h - private declarations for use inside libpng
*
- * libpng version 1.4.9beta01 - July 8, 2011
+ * libpng version 1.4.9beta01 - February 17, 2012
* For conditions of distribution and use, see copyright notice in png.h
* Copyright (c) 1998-2011 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
diff --git a/pngrutil.c b/pngrutil.c
index ac3101b..d8f11f0 100644
--- a/pngrutil.c
+++ b/pngrutil.c
@@ -377,15 +377,18 @@
/* Now check the limits on this chunk - if the limit fails the
* compressed data will be removed, the prefix will remain.
*/
+ if (prefix_size >= (~(png_size_t)0) - 1 ||
+ expanded_size >= (~(png_size_t)0) - 1 - prefix_size
#ifdef PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED
- if (png_ptr->user_chunk_malloc_max &&
+ || (png_ptr->user_chunk_malloc_max &&
(prefix_size + expanded_size >= png_ptr->user_chunk_malloc_max - 1))
#else
# ifdef PNG_USER_CHUNK_MALLOC_MAX
- if ((PNG_USER_CHUNK_MALLOC_MAX > 0) &&
+ || ((PNG_USER_CHUNK_MALLOC_MAX > 0) &&
prefix_size + expanded_size >= PNG_USER_CHUNK_MALLOC_MAX - 1)
# endif
#endif
+ )
png_warning(png_ptr, "Exceeded size limit while expanding chunk");
/* If the size is zero either there was an error and a message
@@ -1261,7 +1264,7 @@
png_free(png_ptr, png_ptr->chunkdata);
png_ptr->chunkdata = (png_charp)png_malloc(png_ptr, length + 1);
- slength = (png_size_t)length;
+ slength = length;
png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength);
if (png_crc_finish(png_ptr, skip))
diff --git a/projects/vstudio/readme.txt b/projects/vstudio/readme.txt
index 66c4e67..e192c42 100644
--- a/projects/vstudio/readme.txt
+++ b/projects/vstudio/readme.txt
@@ -1,7 +1,7 @@
VisualStudio instructions
-libpng version 1.4.9beta01 - July 8, 2011
+libpng version 1.4.9beta01 - February 17, 2012
Copyright (c) 1998-2010 Glenn Randers-Pehrson
diff --git a/projects/vstudio/zlib.props b/projects/vstudio/zlib.props
index 1233ea7..18670e6 100644
--- a/projects/vstudio/zlib.props
+++ b/projects/vstudio/zlib.props
@@ -2,7 +2,7 @@
<!--
* zlib.props - location of zlib source and build
*
- * libpng version 1.4.9beta01 - July 8, 2011
+ * libpng version 1.4.9beta01 - February 17, 2012
*
* Copyright (c) 1998-2011 Glenn Randers-Pehrson
*
diff --git a/scripts/README.txt b/scripts/README.txt
index a446cd6..cd92170 100644
--- a/scripts/README.txt
+++ b/scripts/README.txt
@@ -1,5 +1,5 @@
-Makefiles for libpng version 1.4.9beta01 - July 8, 2011
+Makefiles for libpng version 1.4.9beta01 - February 17, 2012
makefile.linux => Linux/ELF makefile
(gcc, creates libpng14.so.14.1.4.9beta01)
diff --git a/sunfix-makefile.patch b/sunfix-makefile.patch
new file mode 100644
index 0000000..70ea403
--- /dev/null
+++ b/sunfix-makefile.patch
@@ -0,0 +1,16 @@
+Index: libpng-1.2.46/Makefile.am
+===================================================================
+--- libpng-1.2.46.orig/Makefile.am 2011-08-30 14:48:43.039223476 +0400
++++ libpng-1.2.46/Makefile.am 2011-08-30 15:02:18.775861919 +0400
+@@ -49,7 +49,11 @@
+
+ if HAVE_LD_VERSION_SCRIPT
+ # Versioned symbols and restricted exports
++if HAVE_SOLARIS_LD
++ libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_LDFLAGS += -Wl,-M Wl,libpng.vers
++else
++ libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_LDFLAGS += -Wl,--version-script=libpng.vers
++endif
+ libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_DEPENDENCIES = libpng.vers
+ else
+ # Only restricted exports when possible
diff --git a/sunfix.patch b/sunfix.patch
new file mode 100644
index 0000000..8b281cd
--- /dev/null
+++ b/sunfix.patch
@@ -0,0 +1,45 @@
+Index: libpng-1.2.46/configure.ac
+===================================================================
+--- libpng-1.2.46.orig/configure.ac 2011-08-30 14:48:43.039028289 +0400
++++ libpng-1.2.46/configure.ac 2011-08-30 14:56:09.680021389 +0400
+@@ -78,8 +78,23 @@
+ AC_SUBST(LIBPNG_DEFINES)
+ AC_SUBST(LIBPNG_NO_MMX)
+
++AC_MSG_CHECKING([if using Solaris linker])
++SLD=`$LD --version 2>&1 | grep Solaris`
++if test "$SLD"; then
++ have_solaris_ld=yes
++ AC_MSG_RESULT(yes)
++else
++ have_solaris_ld=no
++ AC_MSG_RESULT(no)
++fi
++AM_CONDITIONAL(HAVE_SOLARIS_LD, test "$have_solaris_ld" = "yes")
++
+ AC_MSG_CHECKING([if libraries can be versioned])
+-GLD=`$LD --help < /dev/null 2>/dev/null | grep version-script`
++if test "$have_solaris_ld" = "yes"; then
++ GLD=`$LD --help < /dev/null 2>&1 | grep 'M mapfile'`
++else
++ GLD=`$LD --help < /dev/null 2>/dev/null | grep version-script`
++fi
+ if test "$GLD"; then
+ have_ld_version_script=yes
+ AC_MSG_RESULT(yes)
+Index: libpng-1.2.46/Makefile.am
+===================================================================
+--- libpng-1.2.46.orig/Makefile.am 2011-08-30 14:48:43.039223476 +0400
++++ libpng-1.2.46/Makefile.am 2011-08-30 15:02:18.775861919 +0400
+@@ -49,7 +49,11 @@
+
+ if HAVE_LD_VERSION_SCRIPT
+ # Versioned symbols and restricted exports
++if HAVE_SOLARIS_LD
++ libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_LDFLAGS += -Wl,-M Wl,libpng.vers
++else
++ libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_LDFLAGS += -Wl,--version-script=libpng.vers
++endif
+ libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_DEPENDENCIES = libpng.vers
+ else
+ # Only restricted exports when possible
