ANNOUNCE - third_party/libpng - Git at Google

 Libpng 1.6.32rc01 - August 18, 2017

 This is not intended to be a public release. It will be replaced
 within a few weeks by a public version or by another test version.

 Files available for download:

 Source files with LF line endings (for Unix/Linux) and with a
 "configure" script

    1.6.32rc01.tar.xz (LZMA-compressed, recommended)
    1.6.32rc01.tar.gz

 Source files with CRLF line endings (for Windows), without the
 "configure" script

    lp1632r01.7z  (LZMA-compressed, recommended)
    lp1632r01.zip

 Other information:

    1.6.32rc01-README.txt
    1.6.32rc01-LICENSE.txt
    libpng-1.6.32rc01-*.asc (armored detached GPG signatures)

 Changes since the last public release (1.6.31):

 Version 1.6.32beta01 [July 31, 2017]
   Avoid possible NULL dereference in png_handle_eXIf when benign_errors
     are allowed. Avoid leaking the input buffer "eXIf_buf".
   Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif
     to arguments for png_get_eXIf() and png_set_eXIf().
   Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in
     pngwrite.c, and made various other fixes to png_write_eXIf().
   Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and
     png_set_eXIf_1(), respectively, to avoid breaking API compatibility
     with libpng-1.6.31.

 Version 1.6.32beta02 [August 1, 2017]
   Updated contrib/libtests/pngunknown.c with eXIf chunk.

 Version 1.6.32beta03 [August 2, 2017]
   Initialized btoa[] in pngstest.c
   Stop memory leak when returning from png_handle_eXIf() with an error
     (Bug report from the OSS-fuzz project).

 Version 1.6.32beta04 [August 2, 2017]
   Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
   Update libpng.3 and libpng-manual.txt about eXIf functions.

 Version 1.6.32beta05 [August 2, 2017]
   Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability.

 Version 1.6.32beta06 [August 2, 2017]
   Removed png_get_eXIf_1() and png_set_eXIf_1().

 Version 1.6.32beta07 [August 3, 2017]
   Check length of all chunks except IDAT against user limit to fix an
     OSS-fuzz issue.

 Version 1.6.32beta08 [August 3, 2017]
   Check length of IDAT against maximum possible IDAT size, accounting
     for height, rowbytes, interlacing and zlib/deflate overhead.
   Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf)
     does not work (the eXIf chunk data can contain zeroes).

 Version 1.6.32beta09 [August 3, 2017]
   Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation,
     no longer using deprecated cmake LOCATION feature (Clifford Yapp).
   Fixed five-byte error in the calculation of IDAT maximum possible size.

 Version 1.6.32beta10 [August 5, 2017]
   Moved chunk-length check into a png_check_chunk_length() private
     function (Suggested by Max Stepin).
   Moved bad pngs from tests to contrib/libtests/crashers
   Moved testing of bad pngs into a separate tests/pngtest-badpngs script
   Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL
     in the output but PASS for the libpng test.
   Require cmake-3.0.2 in CMakeLists.txt (Clifford Yapp).
   Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the
     num_exif argument to png_get_eXIf_1() (Github Issue 171).

 Version 1.6.32beta11 [August 7, 2017]
   Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
   Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers.
   Make pngtest --strict, --relax, --xfail options imply -m (multiple).
   Removed unused chunk_name parameter from png_check_chunk_length().
   Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak.
   Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue.
   Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR.
   Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.
   Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account
     for the minimum 'deflate' stream, and relocate the test to a point
     after the keyword has been read.
   Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM".

 Version 1.6.32rc01 [August 18, 2017]
   Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers,
     one for each known chunk type, with length = 2GB-1.
   Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts
     in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706,
     and 162707).
   Renamed chunks in contrib/testpngs/crashers to avoid having files whose
     names differ only in case; this causes problems with some platforms
     (github issue #172).

 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
 https://lists.sourceforge.net/lists/listinfo/png-mng-implement
 to subscribe)
 or to glennrp at users.sourceforge.net

 Glenn R-P
	Libpng 1.6.32rc01 - August 18, 2017

	This is not intended to be a public release. It will be replaced
	within a few weeks by a public version or by another test version.

	Files available for download:

	Source files with LF line endings (for Unix/Linux) and with a
	"configure" script

	1.6.32rc01.tar.xz (LZMA-compressed, recommended)
	1.6.32rc01.tar.gz

	Source files with CRLF line endings (for Windows), without the
	"configure" script

	lp1632r01.7z (LZMA-compressed, recommended)
	lp1632r01.zip

	Other information:

	1.6.32rc01-README.txt
	1.6.32rc01-LICENSE.txt
	libpng-1.6.32rc01-*.asc (armored detached GPG signatures)

	Changes since the last public release (1.6.31):

	Version 1.6.32beta01 [July 31, 2017]
	Avoid possible NULL dereference in png_handle_eXIf when benign_errors
	are allowed. Avoid leaking the input buffer "eXIf_buf".
	Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif
	to arguments for png_get_eXIf() and png_set_eXIf().
	Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in
	pngwrite.c, and made various other fixes to png_write_eXIf().
	Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and
	png_set_eXIf_1(), respectively, to avoid breaking API compatibility
	with libpng-1.6.31.

	Version 1.6.32beta02 [August 1, 2017]
	Updated contrib/libtests/pngunknown.c with eXIf chunk.

	Version 1.6.32beta03 [August 2, 2017]
	Initialized btoa[] in pngstest.c
	Stop memory leak when returning from png_handle_eXIf() with an error
	(Bug report from the OSS-fuzz project).

	Version 1.6.32beta04 [August 2, 2017]
	Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
	Update libpng.3 and libpng-manual.txt about eXIf functions.

	Version 1.6.32beta05 [August 2, 2017]
	Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability.

	Version 1.6.32beta06 [August 2, 2017]
	Removed png_get_eXIf_1() and png_set_eXIf_1().

	Version 1.6.32beta07 [August 3, 2017]
	Check length of all chunks except IDAT against user limit to fix an
	OSS-fuzz issue.

	Version 1.6.32beta08 [August 3, 2017]
	Check length of IDAT against maximum possible IDAT size, accounting
	for height, rowbytes, interlacing and zlib/deflate overhead.
	Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf)
	does not work (the eXIf chunk data can contain zeroes).

	Version 1.6.32beta09 [August 3, 2017]
	Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation,
	no longer using deprecated cmake LOCATION feature (Clifford Yapp).
	Fixed five-byte error in the calculation of IDAT maximum possible size.

	Version 1.6.32beta10 [August 5, 2017]
	Moved chunk-length check into a png_check_chunk_length() private
	function (Suggested by Max Stepin).
	Moved bad pngs from tests to contrib/libtests/crashers
	Moved testing of bad pngs into a separate tests/pngtest-badpngs script
	Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL
	in the output but PASS for the libpng test.
	Require cmake-3.0.2 in CMakeLists.txt (Clifford Yapp).
	Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the
	num_exif argument to png_get_eXIf_1() (Github Issue 171).

	Version 1.6.32beta11 [August 7, 2017]
	Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
	Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers.
	Make pngtest --strict, --relax, --xfail options imply -m (multiple).
	Removed unused chunk_name parameter from png_check_chunk_length().
	Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak.
	Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue.
	Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR.
	Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.
	Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account
	for the minimum 'deflate' stream, and relocate the test to a point
	after the keyword has been read.
	Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM".

	Version 1.6.32rc01 [August 18, 2017]
	Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers,
	one for each known chunk type, with length = 2GB-1.
	Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts
	in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706,
	and 162707).
	Renamed chunks in contrib/testpngs/crashers to avoid having files whose
	names differ only in case; this causes problems with some platforms
	(github issue #172).

	Send comments/corrections/commendations to png-mng-implement at lists.sf.net
	(subscription required; visit
	https://lists.sourceforge.net/lists/listinfo/png-mng-implement
	to subscribe)
	or to glennrp at users.sourceforge.net

	Glenn R-P