| Libpng 1.6.32rc01 - August 18, 2017 |
| |
| This is not intended to be a public release. It will be replaced |
| within a few weeks by a public version or by another test version. |
| |
| Files available for download: |
| |
| Source files with LF line endings (for Unix/Linux) and with a |
| "configure" script |
| |
| 1.6.32rc01.tar.xz (LZMA-compressed, recommended) |
| 1.6.32rc01.tar.gz |
| |
| Source files with CRLF line endings (for Windows), without the |
| "configure" script |
| |
| lp1632r01.7z (LZMA-compressed, recommended) |
| lp1632r01.zip |
| |
| Other information: |
| |
| 1.6.32rc01-README.txt |
| 1.6.32rc01-LICENSE.txt |
| libpng-1.6.32rc01-*.asc (armored detached GPG signatures) |
| |
| Changes since the last public release (1.6.31): |
| |
| Version 1.6.32beta01 [July 31, 2017] |
| Avoid possible NULL dereference in png_handle_eXIf when benign_errors |
| are allowed. Avoid leaking the input buffer "eXIf_buf". |
| Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif |
| to arguments for png_get_eXIf() and png_set_eXIf(). |
| Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in |
| pngwrite.c, and made various other fixes to png_write_eXIf(). |
| Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and |
| png_set_eXIf_1(), respectively, to avoid breaking API compatibility |
| with libpng-1.6.31. |
| |
| Version 1.6.32beta02 [August 1, 2017] |
| Updated contrib/libtests/pngunknown.c with eXIf chunk. |
| |
| Version 1.6.32beta03 [August 2, 2017] |
| Initialized btoa[] in pngstest.c |
| Stop memory leak when returning from png_handle_eXIf() with an error |
| (Bug report from the OSS-fuzz project). |
| |
| Version 1.6.32beta04 [August 2, 2017] |
| Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). |
| Update libpng.3 and libpng-manual.txt about eXIf functions. |
| |
| Version 1.6.32beta05 [August 2, 2017] |
| Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. |
| |
| Version 1.6.32beta06 [August 2, 2017] |
| Removed png_get_eXIf_1() and png_set_eXIf_1(). |
| |
| Version 1.6.32beta07 [August 3, 2017] |
| Check length of all chunks except IDAT against user limit to fix an |
| OSS-fuzz issue. |
| |
| Version 1.6.32beta08 [August 3, 2017] |
| Check length of IDAT against maximum possible IDAT size, accounting |
| for height, rowbytes, interlacing and zlib/deflate overhead. |
| Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) |
| does not work (the eXIf chunk data can contain zeroes). |
| |
| Version 1.6.32beta09 [August 3, 2017] |
| Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation, |
| no longer using deprecated cmake LOCATION feature (Clifford Yapp). |
| Fixed five-byte error in the calculation of IDAT maximum possible size. |
| |
| Version 1.6.32beta10 [August 5, 2017] |
| Moved chunk-length check into a png_check_chunk_length() private |
| function (Suggested by Max Stepin). |
| Moved bad pngs from tests to contrib/libtests/crashers |
| Moved testing of bad pngs into a separate tests/pngtest-badpngs script |
| Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL |
| in the output but PASS for the libpng test. |
| Require cmake-3.0.2 in CMakeLists.txt (Clifford Yapp). |
| Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the |
| num_exif argument to png_get_eXIf_1() (Github Issue 171). |
| |
| Version 1.6.32beta11 [August 7, 2017] |
| Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). |
| Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. |
| Make pngtest --strict, --relax, --xfail options imply -m (multiple). |
| Removed unused chunk_name parameter from png_check_chunk_length(). |
| Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak. |
| Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. |
| Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. |
| Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. |
| Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account |
| for the minimum 'deflate' stream, and relocate the test to a point |
| after the keyword has been read. |
| Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". |
| |
| Version 1.6.32rc01 [August 18, 2017] |
| Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, |
| one for each known chunk type, with length = 2GB-1. |
| Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts |
| in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, |
| and 162707). |
| Renamed chunks in contrib/testpngs/crashers to avoid having files whose |
| names differ only in case; this causes problems with some platforms |
| (github issue #172). |
| |
| Send comments/corrections/commendations to png-mng-implement at lists.sf.net |
| (subscription required; visit |
| https://lists.sourceforge.net/lists/listinfo/png-mng-implement |
| to subscribe) |
| or to glennrp at users.sourceforge.net |
| |
| Glenn R-P |