-
CHANGES - changes for libpng
-Version 0.2
+version 0.1 [March 29, 1995]
+ initial work-in-progress release
+
+version 0.2 [April 1, 1995]
added reader into png.h
fixed small problems in stub file
-Version 0.3
+version 0.3 [April 8, 1995]
added pull reader
split up pngwrite.c to several files
added pnglib.txt
fixed some bugs in writer
interfaced with zlib 0.5
added K&R support
- added check for 64 KB blocks for 16-bit machines
+ added check for 64 KB blocks for 16 bit machines
-Version 0.4
+version 0.4 [April 26, 1995]
cleaned up code and commented code
simplified time handling into png_time
created png_color_16 and png_color_8 to handle color needs
cleaned up zTXt reader and writer (using zlib's Reset functions)
split transformations into pngrtran.c and pngwtran.c
-Version 0.5
+version 0.5 [April 30, 1995]
interfaced with zlib 0.8
fixed many reading and writing bugs
saved using 3 spaces instead of tabs
-Version 0.6
+version 0.6 [May 1, 1995]
+ first beta release
added png_large_malloc() and png_large_free()
added png_size_t
cleaned up some compiler warnings
added png_start_read_image()
-Version 0.7
+version 0.7 [June 24, 1995]
cleaned up lots of bugs
finished dithering and other stuff
added test program
changed name from pnglib to libpng
-Version 0.71 [June, 1995]
+version 0.71 [June 26, 1995]
changed pngtest.png for zlib 0.93
fixed error in libpng.txt and example.c
-Version 0.8
+version 0.8 [August 20, 1995]
cleaned up some bugs
added png_set_filler()
split up pngstub.c into pngmem.c, pngio.c, and pngerror.c
cleaned up documentation
added callbacks for read/write and warning/error functions
-Version 0.89 [July, 1996]
+Version 0.89 [June 5, 1996]
Added new initialization API to make libpng work better with shared libs
we now have png_create_read_struct(), png_create_write_struct(),
png_create_info_struct(), png_destroy_read_struct(), and
New pngtest image also has interlacing and zTXt
Updated documentation to reflect new API
+Version 0.89c [June 17, 1996]
+ Bug fixes.
+
Version 0.90 [January, 1997]
Made CRC errors/warnings on critical and ancillary chunks configurable
libpng will use the zlib CRC routines by (compile-time) default
Added new pCAL chunk read/write support
Added experimental filter selection weighting (Greg Roelofs)
Removed old png_set_rgbx() and png_set_xrgb() functions that have been
- obsolete for about 2 years now (use png_set_filler() instead)
+ obsolete for about 2 years now (use png_set_filler() instead)
Added macros to read 16- and 32-bit ints directly from buffer, to be
used only on those systems that support it (namely PowerPC and 680x0)
With some testing, this may become the default for MACOS/PPC systems.
Version 1.0.3a [August 12, 1999]
Added check for PNG_READ_INTERLACE_SUPPORTED in pngread.c; issue a warning
- if an attempt is made to read an interlaced image when it's not supported.
+ if an attempt is made to read an interlaced image when it's not supported.
Added check if png_ptr->trans is defined before freeing it in pngread.c
Modified the Y2K statement to include versions back to version 0.71
Fixed a bug in the check for valid IHDR bit_depth/color_types in pngrutil.c
Replaced leading blanks with tab characters in makefile.hux
Changed "dworkin.wustl.edu" to "ccrc.wustl.edu" in various documents.
Changed (float)red and (float)green to (double)red, (double)green
- in png_set_rgb_to_gray() to avoid "promotion" problems in AIX.
+ in png_set_rgb_to_gray() to avoid "promotion" problems in AIX.
Fixed a bug in pngconf.h that omitted <stdio.h> when PNG_DEBUG==0 (K Bracey).
Reformatted libpng.3 and libpngpf.3 with proper fonts (script by J. vanZandt).
Updated documentation to refer to the PNG-1.2 specification.
Added new png_expand functions to scripts/pngdef.pas and pngos2.def
Added a demo read_user_transform_fn that examines the row filters in pngtest.c
-Version 1.0.4 [September 24, 1999]
+Version 1.0.4 [September 24, 1999, not distributed publicly]
Define PNG_ALWAYS_EXTERN in pngconf.h if __STDC__ is defined
Delete #define PNG_INTERNAL and include "png.h" from pngasmrd.h
Made several minor corrections to pngtest.c
Added a "png_check_version" function in png.c and pngtest.c that will generate
a helpful compiler error if an old png.h is found in the search path.
Changed type of png_user_transform_depth|channels from int to png_byte.
+ Added "Libpng is OSI Certified Open Source Software" statement to png.h
Version 1.0.4d [October 6, 1999]
Changed 0.45 to 0.45455 in png_set_sRGB()
with trailing compressed parts easier in the future, and added new functions
png_free_iCCP, png_free_pCAL, png_free_sPLT, png_free_text, png_get_iCCP,
png_get_spalettes, png_set_iCCP, png_set_spalettes (Eric S. Raymond).
- NOTE: Applications that write text chunks MUST define png_text->lang
+ NOTE: Applications that write text chunks MUST define png_text->lang
before calling png_set_text(). It must be set to NULL if you want to
write tEXt or zTXt chunks. If you want your application to be able to
run with older versions of libpng, use
Removed the new PNG_CREATED_READ_STRUCT and PNG_CREATED_WRITE_STRUCT modes
which are no longer used.
Eliminated the three new members of png_text when PNG_LEGACY_SUPPORTED is
- defined or when neither PNG_READ_iTXt_SUPPORTED nor PNG_WRITE_iTXT_SUPPORTED
+ defined or when neither PNG_READ_iTXt_SUPPORTED nor PNG_WRITE_iTXt_SUPPORTED
is defined.
Made PNG_NO_READ|WRITE_iTXt the default setting, to avoid memory
overrun when old applications fill the info_ptr->text structure directly.
Version 1.0.8beta1 [July 8, 2000]
Added png_free(png_ptr, key) two places in pngpread.c to stop memory leaks.
Changed PNG_NO_STDIO to PNG_NO_CONSOLE_IO, several places in pngrutil.c and
- pngwutil.c.
+ pngwutil.c.
Changed PNG_EXPORT_VAR to use PNG_IMPEXP, in pngconf.h.
Removed unused "#include <assert.h>" from png.c
Added WindowsCE support.
Version 1.0.8beta2 [July 10, 2000]
Added project files to the wince directory and made further revisions
- of pngtest.c, pngrio.c, and pngwio.c in support of WindowsCE.
+ of pngtest.c, pngrio.c, and pngwio.c in support of WindowsCE.
Version 1.0.8beta3 [July 11, 2000]
Only set the PNG_FLAG_FREE_TRNS or PNG_FREE_TRNS flag in png_handle_tRNS()
- for indexed-color input files to avoid potential double-freeing trans array
- under some unusual conditions; problem was introduced in version 1.0.6f.
+ for indexed-color input files to avoid potential double-freeing trans array
+ under some unusual conditions; problem was introduced in version 1.0.6f.
Further revisions to pngtest.c and files in the wince subdirectory.
Version 1.0.8beta4 [July 14, 2000]
Version 1.2.0beta4 [June 23, 2001]
Check for missing profile length field in iCCP chunk and free chunk_data
- in case of truncated iCCP chunk.
+ in case of truncated iCCP chunk.
Bumped shared-library number to 3 in makefile.sgi and makefile.sggcc
Bumped dll-number from 2 to 3 in makefile.cygwin
Revised contrib/gregbook/rpng*-x.c to avoid a memory leak and to exit cleanly
- if user attempts to run it on an 8-bit display.
+ if user attempts to run it on an 8-bit display.
Updated contrib/gregbook
Use png_malloc instead of png_zalloc to allocate palette in pngset.c
Updated makefile.ibmc
Added some typecasts to eliminate gcc 3.0 warnings. Changed prototypes
- of png_write_oFFS width and height from png_uint_32 to png_int_32.
+ of png_write_oFFS width and height from png_uint_32 to png_int_32.
Updated example.c
Revised prototypes for png_debug_malloc and png_debug_free in pngtest.c
Revised contrib/gregbook
Revised makefile.gcmmx
Revised pnggccrd.c to conditionally compile some thread-unsafe code only
- when PNG_THREAD_UNSAFE_OK is defined.
+ when PNG_THREAD_UNSAFE_OK is defined.
Added tests to prevent pngwutil.c from writing a bKGD or tRNS chunk with
- value exceeding 2^bit_depth-1
+ value exceeding 2^bit_depth-1
Revised makefile.sgi and makefile.sggcc
Replaced calls to fprintf(stderr,...) with png_warning() in pnggccrd.c
Removed restriction that do_invert_mono only operate on 1-bit opaque files
sequential read support.
Added some "#if PNG_WRITE_SUPPORTED" blocks.
Added #ifdef to remove some redundancy in png_malloc_default().
- Use png_malloc instead of png_zalloc to allocate the pallete.
+ Use png_malloc instead of png_zalloc to allocate the palette.
Version 1.0.16rc1 and 1.2.6rc1 [August 4, 2004]
- Fixed buffer overflow vulnerability in png_handle_tRNS()
- Fixed integer arithmetic overflow vulnerability in png_read_png().
+ Fixed buffer overflow vulnerability (CVE-2004-0597) in png_handle_tRNS().
+ Fixed NULL dereference vulnerability (CVE-2004-0598) in png_handle_iCCP().
+ Fixed integer overflow vulnerability (CVE-2004-0599) in png_read_png().
Fixed some harmless bugs in png_handle_sBIT, etc, that would cause
duplicate chunk types to go undetected.
Fixed some timestamps in the -config version
Version 1.0.16rc5 and 1.2.6rc5 [August 10, 2004]
Moved "PNG_HANDLE_CHUNK_*" macros out of PNG_ASSEMBLER_CODE_SUPPORTED
- section of png.h where they were inadvertently placed in version rc3.
+ section of png.h where they were inadvertently placed in version rc3.
Version 1.2.6 and 1.0.16 [August 15, 2004]
Revised pngtest so memory allocation testing is only done when PNG_DEBUG==1.
png_decompress_chunk(), and remove "chunkdata" from parameter list.
Put a call to png_check_chunk_name() in png_read_chunk_header().
Revised png_check_chunk_name() to reject a name with a lowercase 3rd byte.
- Removed two calls to png_check_chunk_name() occuring later in the process.
+ Removed two calls to png_check_chunk_name() occurring later in the process.
Define PNG_NO_ERROR_NUMBERS by default in pngconf.h
Version 1.4.0beta25 [July 30, 2008]
Clarified usage of sig_bit versus sig_bit_p in example.c (Vincent Torri)
Version 1.4.0beta59 [May 15, 2009]
- Reformated sources in libpng style (3-space intentation, comment format)
+ Reformated sources in libpng style (3-space indentation, comment format)
Fixed typo in libpng docs (PNG_FILTER_AVE should be PNG_FILTER_AVG)
Added sections about the git repository and our coding style to the
documentation
Version 1.4.0beta64 [June 24, 2009]
Eliminated PNG_LEGACY_SUPPORTED code.
Moved the various unknown chunk macro definitions outside of the
- PNG_READ|WRITE_ANCILLARY_CHUNK_SUPPORTED blocks.
+ PNG_READ|WRITE_ANCILLARY_CHUNK_SUPPORTED blocks.
Version 1.4.0beta65 [June 26, 2009]
Added a reference to the libpng license in each file.
Revised PNG_EXPORTA macro to not use an empty parameter, to accommodate the
old VisualC++ preprocessor.
Turned on interlace handling in png_read_png().
- Fixed gcc pendantic warnings.
+ Fixed gcc pedantic warnings.
Handle longjmp in Cygwin.
Fixed png_get_current_row_number() in the interlaced case.
Cleaned up ALPHA flags and transformations.
Pass "" instead of '\0' to png_default_error() in png_err(). This mistake
was introduced in libpng-1.2.20beta01. This fixes CVE-2011-2691.
Added PNG_WRITE_OPTIMIZE_CMF_SUPPORTED macro to make the zlib "CMF" byte
- optimization configureable.
+ optimization configurable.
IDAT compression failed if preceded by a compressed text chunk (bug
introduced in libpng-1.5.3beta01-02). This was because the attempt to
reset the zlib stream in png_write_IDAT happened after the first IDAT
Fixed bug in png_write_chunk_header() debug print, introduced in 1.5.6beta01.
Version 1.5.6beta06 [October 17, 2011]
- Removed two redundant tests for unitialized row.
+ Removed two redundant tests for uninitialized row.
Fixed a relatively harmless memory overwrite in compressed text writing
with a 1 byte zlib buffer.
Add ability to call png_read_update_info multiple times to pngvalid.c.
crash. The pngmem.c implementation of png_malloc() included a cast
to png_size_t which would fail on large allocations on 16-bit systems.
Fix for the preprocessor of the Intel C compiler. The preprocessor
- splits adjacent @ signs with a space; this changes the concatentation
+ splits adjacent @ signs with a space; this changes the concatenation
token from @-@-@ to PNG_JOIN; that should work with all compiler
preprocessors.
Paeth filter speed improvements from work by Siarhei Siamashka. This
gray (on palette) itself.
Fixes for C++ compilation using g++ When libpng source is compiled
using g++. The compiler imposes C++ rules on the C source; thus it
- is desireable to make the source work with either C or C++ rules
+ is desirable to make the source work with either C or C++ rules
without throwing away useful error information. This change adds
png_voidcast to allow C semantic (void*) cases or the corresponding
C++ static_cast operation, as appropriate.
Version 1.5.7beta05 [November 25, 2011]
Removed "zTXt" from warning in generic chunk decompression function.
- Validate time settings passed to pngset() and png_convert_to_rfc1123()
- (Frank Busse).
+ Validate time settings passed to png_set_tIME() and png_convert_to_rfc1123()
+ (Frank Busse). Note: This prevented CVE-2015-7981 from affecting
+ libpng-1.5.7 and later.
Added MINGW support to CMakeLists.txt
Reject invalid compression flag or method when reading the iTXt chunk.
Backed out 'simplified' API changes. The API seems too complex and there
(the other two required headers aren't used). Non-ANSI systems that don't
have stddef.h or limits.h will have to provide an appropriate fake
containing the relevant types and #defines.
- The use of FAR/far has been eliminated and the definition of png_alloc_size_t
- is now controlled by a flag so that 'small size_t' systems can select it
- if necessary. Libpng 1.6 may not currently work on such systems -- it
- seems likely that it will ask 'malloc' for more than 65535 bytes with any
- image that has a sufficiently large row size (rather than simply failing
- to read such images).
+ Dropped support for 16-bit platforms. The use of FAR/far has been eliminated
+ and the definition of png_alloc_size_t is now controlled by a flag so
+ that 'small size_t' systems can select it if necessary. Libpng 1.6 may
+ not currently work on such systems -- it seems likely that it will
+ ask 'malloc' for more than 65535 bytes with any image that has a
+ sufficiently large row size (rather than simply failing to read such
+ images).
New tools directory containing tools used to generate libpng code.
Fixed race conditions in parallel make builds. With higher degrees of
parallelism during 'make' the use of the same temporary file names such
Version 1.6.0beta07 [January 28, 2012]
Eliminated Intel icc/icl compiler warnings. The Intel (GCC derived)
compiler issues slightly different warnings from those issued by the
- current vesions of GCC. This eliminates those warnings by
+ current versions of GCC. This eliminates those warnings by
adding/removing casts and small code rewrites.
Updated configure.ac from autoupdate: added --enable-werror option.
Also some layout regularization and removal of introduced tab characters
(in fact this is harmless, but the PNG data produced may be sub-optimal).
Version 1.6.0beta17 [March 10, 2012]
- Fixed PNG_LIBPNG_BUILD_BASE_TYPE definition.
+ Fixed PNG_LIBPNG_BUILD_BASE_TYPE definition.
Reject all iCCP chunks after the first, even if the first one is invalid.
Deflate/inflate was reworked to move common zlib calls into single
functions [rw]util.c. A new shared keyword check routine was also added
possible to call png_inflate() incrementally. A warning is no longer
issued if the language tag or translated keyword in the iTXt chunk
has zero length.
- If benign errors are disabled use maximum window on ancilliary inflate.
+ If benign errors are disabled use maximum window on ancillary inflate.
This works round a bug introduced in 1.5.4 where compressed ancillary
chunks could end up with a too-small windowBits value in the deflate
header.
declared even though the functions are never actually defined. This
change provides a dummy definition so that the declarations work, yet any
implementation will fail to compile because of an incomplete type.
- Re-eliminated the use of strcpy() in pngtest.c. An unncessary use of
+ Re-eliminated the use of strcpy() in pngtest.c. An unnecessary use of
strcpy() was accidentally re-introduced in libpng16; this change replaces
it with strncpy().
Eliminated use of png_sizeof(); use sizeof() instead.
resulting in VS2010 having to update the files.
Removed non-working ICC profile support code that was mostly added to
libpng-1.6.0beta29 and beta30. There was too much code for too little
- gain; implementing full ICC color correction may be desireable but is left
+ gain; implementing full ICC color correction may be desirable but is left
up to applications.
Version 1.6.0beta32 [November 25, 2012]
Version 1.6.1beta03 [February 22, 2013]
Fixed ALIGNED_MEMORY support.
- Allow run-time ARM NEON checking to be disabled. A new configure option:
+ Added a new configure option:
--enable-arm-neon=always will stop the run-time checks. New checks
within arm/arm_init.c will cause the code not to be compiled unless
__ARM_NEON__ is set. This should make it fail safe (if someone asks
Version 1.6.1beta06 [March 4, 2013]
Better documentation of unknown handling API interactions.
Corrected Android builds and corrected libpng.vers with symbol
- prefixing This adds an API to set optimization options externally,
+ prefixing. It also makes those tests compile and link on Android.
+ Added an API png_set_option() to set optimization options externally,
providing an alternative and general solution for the non-portable
- run-time tests used by the ARM Neon code. It also makes those tests
- compile and link on Android.
+ run-time tests used by the ARM Neon code, using the PNG_ARM_NEON option.
The order of settings vs options in pnglibconf.h is reversed to allow
settings to depend on options and options can now set (or override) the
defaults for settings.
Expanded manual paragraph about writing private chunks, particularly
the need to call png_set_keep_unknown_chunks() when writing them.
Avoid dereferencing NULL pointer possibly returned from
- png_create_write_struct() (Andrew Church).
+ png_create_write_struct() (Andrew Church).
Version 1.6.3beta05 [May 9, 2013]
Calculate our own zlib windowBits when decoding rather than trusting the
CMF bytes in the PNG datastream.
Added an option to force maximum window size for inflating, which was
- the behavior of libpng15 and earlier.
+ the behavior of libpng15 and earlier, via a new PNG_MAXIMUM_INFLATE_WINDOW
+ option for png_set_options().
Added png-fix-itxt and png-fix-too-far-back to the built programs and
removed warnings from the source code and timepng that are revealed as
a result.
the optimizations ('check' vs 'api') are exposed in the public header files
except that the new setting PNG_ARM_NEON_OPT documents how libpng makes the
decision about whether or not to use the optimizations.
- Protect symbol prefixing against CC/CPPFLAGS/CFLAGS useage.
+ Protect symbol prefixing against CC/CPPFLAGS/CFLAGS usage.
Previous iOS/Xcode fixes for the ARM NEON optimizations moved the test
on __ARM_NEON__ from configure time to compile time. This breaks symbol
prefixing because the definition of the special png_init_filter_functions
Changed "if defined(__ARM_NEON__)" to
"if (defined(__ARM_NEON__) || defined(__ARM_NEON))" (James Wu).
Fixed clang no-warning builds: png_digit was defined but never used.
-
+
Version 1.6.13beta02 [July 21, 2014]
Fixed an incorrect separator ("/" should be "\") in scripts/makefile.vcwin32
(bug report from Wolfgang S. Kechel). Bug was introduced in libpng-1.6.11.
Version 1.6.13 [August 21, 2014]
No changes.
-Send comments/corrections/commendations to png-mng-implement at lists.sf.net
-(subscription required; visit
-https://lists.sourceforge.net/lists/listinfo/png-mng-implement
-to subscribe)
-or to glennrp at users.sourceforge.net
+Version 1.6.14beta01 [September 14, 2014]
+ Guard usage of png_ptr->options with #ifdef PNG_SET_OPTION_SUPPORTED.
+ Do not build contrib/tools/pngfix.c when PNG_SETJMP_NOT_SUPPORTED,
+ to allow "make" to complete without setjmp support (bug report by
+ Claudio Fontana)
+ Add "#include <setjmp.h>" to contrib/tools/pngfix.c (John Bowler)
+
+Version 1.6.14beta02 [September 18, 2014]
+ Use nanosleep() instead of usleep() in contrib/gregbook/rpng2-x.c
+ because usleep() is deprecated.
+ Define usleep() in contrib/gregbook/rpng2-x.c if not already defined
+ in unistd.h and nanosleep() is not available; fixes error introduced
+ in libpng-1.6.13.
+ Disable floating point exception handling in pngvalid.c when
+ PNG_FLOATING_ARITHMETIC is not supported (bug report by "zootus
+ at users.sourceforge.net").
+
+Version 1.6.14beta03 [September 19, 2014]
+ Define FE_DIVBYZERO, FE_INVALID, and FE_OVERFLOW in pngvalid.c if not
+ already defined. Revert floating point exception handling in pngvalid.c
+ to version 1.6.14beta01 behavior.
+
+Version 1.6.14beta04 [September 27, 2014]
+ Fixed incorrect handling of the iTXt compression flag in pngrutil.c
+ (bug report by Shunsaku Hirata). Bug was introduced in libpng-1.6.0.
+
+Version 1.6.14beta05 [October 1, 2014]
+ Added "option READ_iCCP enables READ_COMPRESSED_TEXT" to pnglibconf.dfa
+
+Version 1.6.14beta06 [October 5, 2014]
+ Removed unused "text_len" parameter from private function png_write_zTXt().
+ Conditionally compile some code in png_deflate_claim(), when
+ PNG_WARNINGS_SUPPORTED and PNG_ERROR_TEXT_SUPPORTED are disabled.
+ Replaced repeated code in pngpread.c with PNG_PUSH_SAVE_BUFFER_IF_FULL.
+ Added "chunk iTXt enables TEXT" and "chunk zTXt enables TEXT"
+ to pnglibconf.dfa.
+ Removed "option READ_COMPRESSED_TEXT enables READ_TEXT" from pnglibconf.dfa,
+ to make it possible to configure a libpng that supports iCCP but not TEXT.
+
+Version 1.6.14beta07 [October 7, 2014]
+ Removed "option WRITE_COMPRESSED_TEXT enables WRITE_TEXT" from pnglibconf.dfa
+ Only mark text chunks as written after successfully writing them.
+
+Version 1.6.14rc01 [October 15, 2014]
+ Fixed some typos in comments.
+
+Version 1.6.14rc02 [October 17, 2014]
+ Changed png_convert_to_rfc_1123() to png_convert_to_rfc_1123_buffer()
+ in the manual, to reflect the change made in libpng-1.6.0.
+ Updated README file to explain that direct access to the png_struct
+ and info_struct members has not been permitted since libpng-1.5.0.
+
+Version 1.6.14 [October 23, 2014]
+ No changes.
+
+Version 1.6.15beta01 [October 29, 2014]
+ Changed "if (!x)" to "if (x == 0)" and "if (x)" to "if (x != 0)"
+ Simplified png_free_data().
+ Added missing "ptr = NULL" after some instances of png_free().
+
+Version 1.6.15beta02 [November 1, 2014]
+ Changed remaining "if (!x)" to "if (x == 0)" and "if (x)" to "if (x != 0)"
+
+Version 1.6.15beta03 [November 3, 2014]
+ Added PNG_USE_ARM_NEON configuration flag (Marcin Juszkiewicz).
+
+Version 1.6.15beta04 [November 4, 2014]
+ Removed new PNG_USE_ARM_NEON configuration flag and made a one-line
+ revision to configure.ac to support ARM on aarch64 instead (John Bowler).
+
+Version 1.6.15beta05 [November 5, 2014]
+ Use png_get_libpng_ver(NULL) instead of PNG_LIBPNG_VER_STRING in
+ example.c, pngtest.c, and applications in the contrib directory.
+ Fixed an out-of-range read in png_user_version_check() (Bug report from
+ Qixue Xiao, CVE-2015-8540).
+ Simplified and future-proofed png_user_version_check().
+ Fixed GCC unsigned int->float warnings. Various versions of GCC
+ seem to generate warnings when an unsigned value is implicitly
+ converted to double. This is probably a GCC bug but this change
+ avoids the issue by explicitly converting to (int) where safe.
+ Free all allocated memory in pngimage. The file buffer cache was left
+ allocated at the end of the program, harmless but it causes memory
+ leak reports from clang.
+ Fixed array size calculations to avoid warnings. At various points
+ in the code the number of elements in an array is calculated using
+ sizeof. This generates a compile time constant of type (size_t) which
+ is then typically assigned to an (unsigned int) or (int). Some versions
+ of GCC on 64-bit systems warn about the apparent narrowing, even though
+ the same compiler does apparently generate the correct, in-range,
+ numeric constant. This adds appropriate, safe, casts to make the
+ warnings go away.
+
+Version 1.6.15beta06 [November 6, 2014]
+ Reverted use png_get_libpng_ver(NULL) instead of PNG_LIBPNG_VER_STRING
+ in the manual, example.c, pngtest.c, and applications in the contrib
+ directory. It was incorrect advice.
+
+Version 1.6.15beta07 [November 7, 2014]
+ Removed #ifdef PNG_16BIT_SUPPORTED/#endif around png_product2(); it is
+ needed by png_reciprocal2().
+ Added #ifdef PNG_16BIT_SUPPORTED/#endif around png_log16bit() and
+ png_do_swap().
+ Changed all "#endif /* PNG_FEATURE_SUPPORTED */" to "#endif /* FEATURE */"
+
+Version 1.6.15beta08 [November 8, 2014]
+ More housecleaning in *.h
+
+Version 1.6.15rc01 [November 13, 2014]
+
+Version 1.6.15rc02 [November 14, 2014]
+ The macros passed in the command line to Borland make were ignored if
+ similarly-named macros were already defined in makefiles. This behavior
+ is different from POSIX make and other make programs. Surround the
+ macro definitions with ifndef guards (Cosmin).
+
+Version 1.6.15rc03 [November 16, 2014]
+ Added "-D_CRT_SECURE_NO_WARNINGS" to CFLAGS in scripts/makefile.vcwin32.
+ Removed the obsolete $ARCH variable from scripts/makefile.darwin.
+
+Version 1.6.15 [November 20, 2014]
+ No changes.
+
+Version 1.6.16beta01 [December 14, 2014]
+ Added ".align 2" to arm/filter_neon.S to support old GAS assemblers that
+ don't do alignment correctly.
+ Revised Makefile.am and scripts/symbols.dfn to work with MinGW/MSYS
+ (Bob Friesenhahn).
+
+Version 1.6.16beta02 [December 15, 2014]
+ Revised Makefile.am and scripts/*.dfn again to work with MinGW/MSYS;
+ renamed scripts/*.dfn to scripts/*.c (John Bowler).
+
+Version 1.6.16beta03 [December 21, 2014]
+ Quiet a "comparison always true" warning in pngstest.c (John Bowler).
+
+Version 1.6.16rc01 [December 21, 2014]
+ Restored a test on width that was removed from png.c at libpng-1.6.9
+ (Bug report by Alex Eubanks, CVE-2015-0973).
+
+Version 1.6.16rc02 [December 21, 2014]
+ Undid the update to pngrutil.c in 1.6.16rc01.
+
+Version 1.6.16rc03 [December 21, 2014]
+ Fixed an overflow in png_combine_row() with very wide interlaced images
+ (Bug report and fix by John Bowler, CVE-2014-9495).
+
+Version 1.6.16 [December 22, 2014]
+ No changes.
+
+Version 1.6.17beta01 [January 29, 2015]
+ Removed duplicate PNG_SAFE_LIMITS_SUPPORTED handling from pngconf.h
+ Corrected the width limit calculation in png_check_IHDR().
+ Removed user limits from pngfix. Also pass NULL pointers to
+ png_read_row to skip the unnecessary row de-interlace stuff.
+ Added testing of png_set_packing() to pngvalid.c
+ Regenerated configure scripts in the *.tar distributions with libtool-2.4.4
+ Implement previously untested cases of libpng transforms in pngvalid.c
+ Fixed byte order in png_do_read_filler() with 16-bit input. Previously
+ the high and low bytes of the filler, from png_set_filler() or from
+ png_set_add_alpha(), were read in the wrong order.
+ Made the check for out-of-range values in png_set_tRNS() detect
+ values that are exactly 2^bit_depth, and work on 16-bit platforms.
+ Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47.
+ Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and
+ pngset.c to avoid warnings about dead code.
+ Added "& 0xff" to many instances of expressions that are typecast
+ to (png_byte), to avoid Coverity warnings.
+
+Version 1.6.17beta02 [February 7, 2015]
+ Work around one more Coverity-scan dead-code warning.
+ Do not build png_product2() when it is unused.
+
+Version 1.6.17beta03 [February 17, 2015]
+ Display user limits in the output from pngtest.
+ Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column
+ and 1-million-row default limits in pnglibconf.dfa, that can be reset
+ by the user at build time or run time. This provides a more robust
+ defense against DOS and as-yet undiscovered overflows.
+
+Version 1.6.17beta04 [February 21, 2015]
+ Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default.
+ Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins).
+ Rebuilt configure scripts with automake-1.15 and libtool-2.4.6
+
+Version 1.6.17beta05 [February 25, 2015]
+ Restored compiling of png_reciprocal2 with PNG_NO_16BIT.
+
+Version 1.6.17beta06 [February 27, 2015]
+ Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block
+ of png.h.
+ Avoid runtime checks when converting integer to png_byte with
+ Visual Studio (Sergey Kosarevsky)
+
+Version 1.6.17rc01 [March 4, 2015]
+ No changes.
+
+Version 1.6.17rc02 [March 9, 2015]
+ Removed some comments that the configure script did not handle
+ properly from scripts/pnglibconf.dfa and pnglibconf.h.prebuilt.
+ Free the unknown_chunks structure even when it contains no data.
+
+Version 1.6.17rc03 [March 12, 2015]
+ Updated CMakeLists.txt to add OSX framework, change YES/NO to ON/OFF
+ for consistency, and remove some useless tests (Alexey Petruchik).
+
+Version 1.6.17rc04 [March 16, 2015]
+ Remove pnglibconf.h, pnglibconf.c, and pnglibconf.out instead of
+ pnglibconf.* in "make clean" (Cosmin).
+ Fix bug in calculation of maxbits, in png_write_sBIT, introduced
+ in libpng-1.6.17beta01 (John Bowler).
+
+Version 1.6.17rc05 [March 21, 2015]
+ Define PNG_FILTER_* and PNG_FILTER_VALUE_* in png.h even when WRITE
+ is not supported (John Bowler). This fixes an error introduced in
+ libpng-1.6.17beta06.
+ Reverted "& 0xff" additions of version 1.6.17beta01. Libpng passes
+ the Coverity scan without them.
+
+Version 1.6.17rc06 [March 23, 2015]
+ Remove pnglibconf.dfn and pnglibconf.pre with "make clean".
+ Reformatted some "&0xff" instances to "& 0xff".
+ Fixed simplified 8-bit-linear to sRGB alpha. The calculated alpha
+ value was wrong. It's not clear if this affected the final stored
+ value; in the obvious code path the upper and lower 8-bits of the
+ alpha value were identical and the alpha was truncated to 8-bits
+ rather than dividing by 257 (John Bowler).
+
+Version 1.6.17 [March 26, 2015]
+ No changes.
+
+Version 1.6.18beta01 [April 1, 2015]
+ Removed PNG_SET_CHUNK_[CACHE|MALLOC]_LIMIT_SUPPORTED macros. They
+ have been combined with PNG_SET_USER_LIMITS_SUPPORTED (resolves
+ bug report by Andrew Church).
+ Fixed rgb_to_gray checks and added tRNS checks to pngvalid.c. This
+ fixes some arithmetic errors that caused some tests to fail on
+ some 32-bit platforms (Bug reports by Peter Breitenlohner [i686]
+ and Petr Gajdos [i586]).
+
+Version 1.6.18beta02 [April 26, 2015]
+ Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler
+ (Bug report by Viktor Szakats).
+
+Version 1.6.18beta03 [May 6, 2015]
+ Replaced "unexpected" with an integer (0xabadca11) in pngset.c
+ where a long was expected, to avoid a compiler warning when PNG_DEBUG > 1.
+ Added contrib/examples/simpleover.c, to demonstrate how to handle
+ alpha compositing of multiple images, using the "simplified API"
+ and an example PNG generation tool, contrib/examples/genpng.c
+ (John Bowler).
+
+Version 1.6.18beta04 [May 20, 2015]
+ PNG_RELEASE_BUILD replaces tests where the code depended on the build base
+ type and can be defined on the command line, allowing testing in beta
+ builds (John Bowler).
+ Avoid Coverity issue 80858 (REVERSE NULL) in pngtest.c PNG_DEBUG builds.
+ Avoid a harmless potential integer overflow in png_XYZ_from_xy() (Bug
+ report from Christopher Ferris).
+
+Version 1.6.18beta05 [May 31, 2015]
+ Backport filter selection code from libpng-1.7.0beta51, to combine
+ sub_row, up_row, avg_row, and paeth_row into try_row and tst_row.
+ Changed png_voidcast(), etc., to voidcast(), etc., in contrib/tools/pngfix.c
+ to avoid confusion with the libpng private macros.
+ Fixed old cut&paste bug in the weighted filter selection code in
+ pngwutil.c, introduced in libpng-0.95, March 1997.
+
+Version 1.6.18beta06 [June 1, 2015]
+ Removed WRITE_WEIGHTED_FILTERED code, to save a few kbytes of the
+ compiled library size. It never worked properly and as far as we can
+ tell, no one uses it. The png_set_filter_heuristics() and
+ png_set_filter_heuristics_fixed() APIs are retained but deprecated
+ and do nothing.
+
+Version 1.6.18beta07 [June 6, 2015]
+ Removed non-working progressive reader 'skip' function. This
+ function has apparently never been used. It was implemented
+ to support back-door modification of png_struct in libpng-1.4.x
+ but (because it does nothing and cannot do anything) was apparently
+ never tested (John Bowler).
+ Fixed cexcept.h in which GCC 5 now reports that one of the auto
+ variables in the Try macro needs to be volatile to prevent value
+ being lost over the setjmp (John Bowler).
+ Fixed NO_WRITE_FILTER and -Wconversion build breaks (John Bowler).
+ Fix g++ build breaks (John Bowler).
+ Quieted some Coverity issues in pngfix.c, png-fix-itxt.c, pngvalid.c,
+ pngstest.c, and pngimage.c. Most seem harmless, but png-fix-itxt
+ would only work with iTXt chunks with length 255 or less.
+ Added #ifdef's to contrib/examples programs so people don't try
+ to compile them without the minimum required support enabled
+ (suggested by Flavio Medeiros).
+
+Version 1.6.18beta08 [June 30, 2015]
+ Eliminated the final two Coverity defects (insecure temporary file
+ handling in contrib/libtests/pngstest.c; possible overflow of
+ unsigned char in contrib/tools/png-fix-itxt.c). To use the "secure"
+ file handling, define PNG_USE_MKSTEMP, otherwise "tmpfile()" will
+ be used.
+ Removed some unused WEIGHTED_FILTER macros from png.h and pngstruct.h
+
+Version 1.6.18beta09 [July 5, 2015]
+ Removed some useless typecasts from contrib/tools/png-fix-itxt.c
+ Fixed a new signed-unsigned comparison in pngrtran.c (Max Stepin).
+ Replaced arbitrary use of 'extern' with #define PNG_LINKAGE_*. To
+ preserve API compatibility, the new defines all default to "extern"
+ (requested by Jan Nijtmans).
+
+Version 1.6.18rc01 [July 9, 2015]
+ Belatedly added Mans Rullgard and James Yu to the list of Contributing
+ Authors.
+
+Version 1.6.18rc02 [July 12, 2015]
+ Restored unused FILTER_HEURISTIC macros removed at libpng-1.6.18beta08
+ to png.h to avoid compatibility warnings.
+
+Version 1.6.18rc03 [July 15, 2015]
+ Minor changes to the man page
+
+Version 1.6.18 [July 23, 2015]
+ No changes.
+
+Version 1.6.19beta01 [July 30, 2015]
+ Updated obsolete information about the simplified API macros in the
+ manual pages (Bug report by Arc Riley).
+ Avoid potentially dereferencing NULL info_ptr in png_info_init_3().
+ Rearranged png.h to put the major sections in the same order as
+ in libpng17.
+ Eliminated unused PNG_COST_SHIFT, PNG_WEIGHT_SHIFT, PNG_COST_FACTOR, and
+ PNG_WEIGHT_FACTOR macros.
+ Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler
+ (Bug report by Viktor Szakats). Several warnings remain and are
+ unavoidable, where we test for overflow.
+ Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
+ Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
+
+Version 1.6.19beta02 [August 19, 2015]
+ Moved config.h.in~ from the "libpng_autotools_files" list to the
+ "libpng_autotools_extra" list in autogen.sh because it was causing a
+ false positive for missing files (bug report by Robert C. Seacord).
+ Removed unreachable "break" statements in png.c, pngread.c, and pngrtran.c
+ to suppress clang warnings (Bug report by Viktor Szakats).
+ Fixed some bad links in the man page.
+ Changed "n bit" to "n-bit" in comments.
+ Added signed/unsigned 16-bit safety net. This removes the dubious
+ 0x8000 flag definitions on 16-bit systems. They aren't supported
+ yet the defs *probably* work, however it seems much safer to do this
+ and be advised if anyone, contrary to advice, is building libpng 1.6
+ on a 16-bit system. It also adds back various switch default clauses
+ for GCC; GCC errors out if they are not present (with an appropriately
+ high level of warnings).
+ Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert
+ Seacord).
+ Fixed the recently reported 1's complement security issue by replacing
+ the value that is illegal in the PNG spec, in both signed and unsigned
+ values, with 0. Illegal unsigned values (anything greater than or equal
+ to 0x80000000) can still pass through, but since these are not illegal
+ in ANSI-C (unlike 0x80000000 in the signed case) the checking that
+ occurs later can catch them (John Bowler).
+
+Version 1.6.19beta03 [September 26, 2015]
+ Fixed png_save_int_32 when int is not 2's complement (John Bowler).
+ Updated libpng16 with all the recent test changes from libpng17,
+ including changes to pngvalid.c to ensure that the original,
+ distributed, version of contrib/visupng/cexcept.h can be used
+ (John Bowler).
+ pngvalid contains the correction to the use of SAVE/STORE_
+ UNKNOWN_CHUNKS; a bug revealed by changes in libpng 1.7. More
+ tests contain the --strict option to detect warnings and the
+ pngvalid-standard test has been corrected so that it does not
+ turn on progressive-read. There is a separate test which does
+ that. (John Bowler)
+ Also made some signed/unsigned fixes.
+ Make pngstest error limits version specific. Splitting the machine
+ generated error structs out to a file allows the values to be updated
+ without changing pngstest.c itself. Since libpng 1.6 and 1.7 have
+ slightly different error limits this simplifies maintenance. The
+ makepngs.sh script has also been updated to more accurately reflect
+ current problems in libpng 1.7 (John Bowler).
+ Incorporated new test PNG files into make check. tests/pngstest-*
+ are changed so that the new test files are divided into 8 groups by
+ gamma and alpha channel. These tests have considerably better code
+ and pixel-value coverage than contrib/pngsuite; however,coverage is
+ still incomplete (John Bowler).
+ Removed the '--strict' in 1.6 because of the double-gamma-correction
+ warning, updated pngstest-errors.h for the errors detected with the
+ new contrib/testspngs PNG test files (John Bowler).
+
+Version 1.6.19beta04 [October 15, 2015]
+ Worked around rgb-to-gray issues in libpng 1.6. The previous
+ attempts to ignore the errors in the code aren't quite enough to
+ deal with the 'channel selection' encoding added to libpng 1.7; abort.
+ pngvalid.c is changed to drop this encoding in prior versions.
+ Fixed 'pow' macros in pngvalid.c. It is legal for 'pow' to be a
+ macro, therefore the argument list cannot contain preprocessing
+ directives. Make sure pow is a function where this happens. This is
+ a minimal safe fix, the issue only arises in non-performance-critical
+ code (bug report by Curtis Leach, fix by John Bowler).
+ Added sPLT support to pngtest.c
+
+Version 1.6.19rc01 [October 23, 2015]
+ No changes.
+
+Version 1.6.19rc02 [October 31, 2015]
+ Prevent setting or writing over-length PLTE chunk (Cosmin Truta).
+ Silently truncate over-length PLTE chunk while reading.
+ Libpng incorrectly calculated the output rowbytes when the application
+ decreased either the number of channels or the bit depth (or both) in
+ a user transform. This was safe; libpng overallocated buffer space
+ (potentially by quite a lot; up to 4 times the amount required) but,
+ from 1.5.4 on, resulted in a png_error (John Bowler).
+
+Version 1.6.19rc03 [November 3, 2015]
+ Fixed some inconsequential cut-and-paste typos in png_set_cHRM_XYZ_fixed().
+ Clarified COPYRIGHT information to state explicitly that versions
+ are derived from previous versions.
+ Removed much of the long list of previous versions from png.h and
+ libpng.3.
+
+Version 1.6.19rc04 [November 5, 2015]
+ Fixed new bug with CRC error after reading an over-length palette
+ (bug report by Cosmin Truta) (CVE-2015-8126).
+
+Version 1.6.19 [November 12, 2015]
+ Cleaned up coding style in png_handle_PLTE().
+
+Version 1.6.20beta01 [November 20, 2015]
+ Avoid potential pointer overflow/underflow in png_handle_sPLT() and
+ png_handle_pCAL() (Bug report by John Regehr).
+
+Version 1.6.20beta02 [November 23, 2015]
+ Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
+ not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
+ vulnerability. Fixes CVE-2015-8472.
+
+Version 1.6.20beta03 [November 24, 2015]
+ Backported tests from libpng-1.7.0beta69.
+
+Version 1.6.20rc01 [November 26, 2015]
+ Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
+ American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't
+ immediately fault a bad CMINFO field; instead a 'too far back' error
+ happens later (at least some times). pngfix failed to limit CMINFO to
+ the allowed values but then assumed that window_bits was in range,
+ triggering an assert. The bug is mostly harmless; the PNG file cannot
+ be fixed.
+
+Version 1.6.20rc02 [November 29, 2015]
+ In libpng 1.6 zlib initialization was changed to use the window size
+ in the zlib stream, not a fixed value. This causes some invalid images,
+ where CINFO is too large, to display 'correctly' if the rest of the
+ data is valid. This provides a workaround for zlib versions where the
+ error arises (ones that support the API change to use the window size
+ in the stream).
+
+Version 1.6.20 [December 3, 2015]
+ No changes.
+
+Version 1.6.21beta01 [December 11, 2015]
+ Fixed syntax "$(command)" in tests/pngstest that some shells other than
+ bash could not parse (Bug report by Nelson Beebe). Use `command` instead.
+
+Version 1.6.21beta02 [December 14, 2015]
+ Moved png_check_keyword() from pngwutil.c to pngset.c
+ Removed LE/BE dependencies in pngvalid, to 'fix' the current problem
+ in the BigEndian tests by not testing it, making the BE code the same
+ as the LE version.
+ Fixes to pngvalid for various reduced build configurations (eliminate unused
+ statics) and a fix for the case in rgb_to_gray when the digitize option
+ reduces graylo to 0, producing a large error.
+
+Version 1.6.21beta03 [December 18, 2015]
+ Widened the 'limit' check on the internally calculated error limits in
+ the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error
+ checks) and changed the check to only operate in non-release builds
+ (base build type not RC or RELEASE.)
+ Fixed undefined behavior in pngvalid.c, undefined because
+ (png_byte) << shift is undefined if it changes the signed bit
+ (because png_byte is promoted to int). The libpng exported functions
+ png_get_uint_32 and png_get_uint_16 handle this. (Bug reported by
+ David Drysdale as a result of reports from UBSAN in clang 3.8).
+ This changes pngvalid to use BE random numbers; this used to produce
+ errors but these should not be fixed as a result of the previous changes.
+
+Version 1.6.21rc01 [January 4, 2016]
+ In projects/vstudio, combined readme.txt and WARNING into README.txt
+
+Version 1.6.21rc02 [January 7, 2016]
+ Relocated assert() in contrib/tools/pngfix.c, bug found by American
+ Fuzzy Lop, reported by Brian Carpenter.
+ Marked 'limit' UNUSED in transform_range_check(). This only affects
+ release builds.
+
+Version 1.6.21 [January 15, 2016]
+ Worked around a false-positive Coverity issue in pngvalid.c.
+
+Version 1.6.22beta01 [January 23, 2016]
+ Changed PNG_USE_MKSTEMP to __COVERITY__ to select alternate
+ "tmpfile()" implementation in contrib/libtests/pngstest.c
+ Fixed NO_STDIO build of pngunknown.c to skip calling png_init_io()
+ if there is no stdio.h support.
+ Added a png_image_write_to_memory() API and a number of assist macros
+ to allow an application that uses the simplified API write to bypass
+ stdio and write directly to memory.
+ Added some warnings (png.h) and some check code to detect *possible*
+ overflow in the ROW_STRIDE and simplified image SIZE macros. This
+ disallows image width/height/format that *might* overflow. This is
+ a quiet API change that limits in-memory image size (uncompressed) to
+ less than 4GByte and image row size (stride) to less than 2GByte.
+ Revised workaround for false-positive Coverity issue in pngvalid.c.
+
+Version 1.6.22beta02 [February 8, 2016]
+ Only use exit(77) in configure builds.
+ Corrected error in PNG_IMAGE_PNG_SIZE_MAX. This new macro underreported
+ the palette size because it failed to take into account that the memory
+ palette has to be expanded to full RGB when it is written to PNG.
+ Updated CMakeLists.txt, added supporting scripts/gen*.cmake.in
+ and test.cmake.in (Roger Leigh).
+ Relaxed limit checks on gamma values in pngrtran.c. As suggested in
+ the comments gamma values outside the range currently permitted
+ by png_set_alpha_mode are useful for HDR data encoding. These values
+ are already permitted by png_set_gamma so it is reasonable caution to
+ extend the png_set_alpha_mode range as HDR imaging systems are starting
+ to emerge.
+
+Version 1.6.22beta03 [March 9, 2016]
+ Added a common-law trademark notice and export control information
+ to the LICENSE file, png.h, and the man page.
+ Restored "& 0xff" in png_save_uint_16() and png_save_uint_32() that
+ were accidentally removed from libpng-1.6.17.
+ Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0xnnnn to 0xnnnnU in png.h
+ (Robert C. Seacord).
+ Removed dubious "#if INT_MAX" test from png.h that was added to
+ libpng-1.6.19beta02 (John Bowler).
+ Add ${INCLUDES} in scripts/genout.cmake.in (Bug report by Nixon Kwok).
+ Updated LICENSE to say files in the contrib directory are not
+ necessarily under the libpng license, and that some makefiles have
+ other copyright owners.
+ Added INTEL-SSE2 support (Mike Klein and Matt Sarett, Google, Inc.).
+ Made contrib/libtests/timepng more robust. The code no longer gives
+ up/fails on invalid PNG data, it just skips it (with error messages).
+ The code no longer fails on PNG files with data beyond IEND. Options
+ exist to use png_read_png (reading the whole image, not by row) and, in
+ that case, to apply any of the supported transforms. This makes for
+ more realistic testing; the decoded data actually gets used in a
+ meaningful fashion (John Bowler).
+ Fixed some misleading indentation (Krishnaraj Bhat).
+
+Version 1.6.22beta04 [April 5, 2016]
+ Force GCC compilation to C89 if needed (Dagobert Michelsen).
+ SSE filter speed improvements for bpp=3:
+ memcpy-free implementations of load3() / store3().
+ call load3() only when needed at the end of a scanline.
+
+Version 1.6.22beta05 [April 27, 2016]
+ Added PNG_FAST_FILTERS macro (defined as
+ PNG_FILTER_NONE|PNG_FILTER_SUB|PNG_FILTER_UP).
+ Various fixes for contrib/libtests/timepng.c
+ Moved INTEL-SSE code from pngpriv.h into contrib/intel/intel_sse.patch.
+ Fixed typo (missing underscore) in #define PNG_READ_16_TO_8_SUPPORTED
+ (Bug report by Y.Ohashik).
+
+Version 1.6.22beta06 [May 5, 2016]
+ Rebased contrib/intel_sse.patch.
+ Quieted two Coverity issues in contrib/libtests/timepng.c.
+ Fixed issues with scripts/genout.cmake.in (David Capello, Nixon Kwok):
+ Added support to use multiple directories in ZLIBINCDIR variable,
+ Fixed CMAKE_C_FLAGS with multiple values when genout is compiled on MSVC,
+ Fixed pnglibconf.c compilation on OS X including the sysroot path.
+
+Version 1.6.22rc01 [May 14, 2016]
+ No changes.
+
+Version 1.6.22rc02 [May 16, 2016]
+ Removed contrib/timepng from default build; it does not build on platforms
+ that don't supply clock_gettime().
+
+Version 1.6.22rc03 [May 17, 2016]
+ Restored contrib/timepng to default build but check for the presence
+ of clock_gettime() in configure.ac and Makefile.am.
+
+Version 1.6.22 [May 26, 2016]
+ No changes.
+
+Version 1.6.23beta01 [May 29, 2016]
+ Stop a potential memory leak in png_set_tRNS() (Bug report by Ted Ying).
+ Fixed the progressive reader to handle empty first IDAT chunk properly
+ (patch by Timothy Nikkel). This bug was introduced in libpng-1.6.0 and
+ only affected the libpng16 branch.
+ Added tests in pngvalid.c to check zero-length IDAT chunks in various
+ positions. Fixed the sequential reader to handle these more robustly
+ (John Bowler).
+
+Version 1.6.23rc01 [June 2, 2016]
+ Corrected progressive read input buffer in pngvalid.c. The previous version
+ the code invariably passed just one byte at a time to libpng. The intent
+ was to pass a random number of bytes in the range 0..511.
+ Moved sse2 prototype from pngpriv.h to contrib/intel/intel_sse.patch.
+ Added missing ")" in pngerror.c (Matt Sarrett).
+
+Version 1.6.23rc02 [June 4, 2016]
+ Fixed undefined behavior in png_push_save_buffer(). Do not call
+ memcpy() with a null source, even if count is zero (Leon Scroggins III).
+
+Version 1.6.23 [June 9, 2016]
+ Fixed bad link to RFC2083 in png.5 (Nikola Forro).
+
+Version 1.6.24beta01 [June 11, 2016]
+ Avoid potential overflow of the PNG_IMAGE_SIZE macro. This macro
+ is not used within libpng, but is used in some of the examples.
+
+Version 1.6.24beta02 [June 23, 2016]
+ Correct filter heuristic overflow handling. This was broken when the
+ write filter code was moved out-of-line; if there is a single filter and
+ the heuristic sum overflows the calculation of the filtered line is not
+ completed. In versions prior to 1.6 the code was duplicated in-line
+ and the check not performed, so the filter operation completed; however,
+ in the multi-filter case where the sum is performed the 'none' filter would
+ be selected if all the sums overflowed, even if it wasn't in the filter
+ list. The fix to the first problem is simply to provide PNG_SIZE_MAX as
+ the current lmins sum value; this means the sum can never exceed it and
+ overflows silently. A reasonable compiler that does choose to inline
+ the code will simply eliminate the sum check.
+ The fix to the second problem is to use high precision arithmetic (this is
+ implemented in 1.7), however a simple safe fix here is to chose the lowest
+ numbered filter in the list from png_set_filter (this only works if the
+ first problem is also fixed) (John Bowler).
+ Use a more efficient absolute value calculation on SSE2 (Matthieu Darbois).
+ Fixed the case where PNG_IMAGE_BUFFER_SIZE can overflow in the application
+ as a result of the application using an increased 'row_stride'; previously
+ png_image_finish_read only checked for overflow on the base calculation of
+ components. (I.e. it checked for overflow of a 32-bit number on the total
+ number of pixel components in the output format, not the possibly padded row
+ length and not the number of bytes, which for linear formats is twice the
+ number of components.)
+ MSVC does not like '-(unsigned)', so replaced it with 0U-(unsigned)
+ MSVC does not like (uInt) = -(unsigned) (i.e. as an initializer), unless
+ the conversion is explicitly invoked by a cast.
+ Put the SKIP definition in the correct place. It needs to come after the
+ png.h include (see all the other .c files in contrib/libtests) because it
+ depends on PNG_LIBPNG_VER.
+ Removed the three compile warning options from the individual project
+ files into the zlib.props globals. It increases the warning level from 4
+ to All and adds a list of the warnings that need to be turned off. This is
+ semi-documentary; the intent is to tell libpng users which warnings have
+ been examined and judged non-fixable at present. The warning about
+ structure padding is fixable, but it would be a significant change (moving
+ structure members around).
+
+Version 1.6.24beta03 [July 4, 2016]
+ Optimized absolute value calculation in filter selection, similar to
+ code in the PAETH decoder in pngrutil.c. Build with PNG_USE_ABS to
+ use this.
+ Added pngcp to the build together with a pngcp.dfa configuration test.
+ Added high resolution timing to pngcp.
+ Added "Common linking failures" section to INSTALL.
+ Relocated misplaced #endif in png.c sRGB profile checking.
+ Fixed two Coverity issues in pngcp.c.
+
+Version 1.6.24beta04 [July 8, 2016]
+ Avoid filter-selection heuristic sum calculations in cases where only one
+ filter is a candidate for selection. This trades off code size (added
+ private png_setup_*_row_only() functions) for speed.
+
+Version 1.6.24beta05 [July 13, 2016]
+ Fixed some indentation to comply with our coding style.
+ Added contrib/tools/reindent.
+
+Version 1.6.24beta06 [July 18, 2016]
+ Fixed more indentation to comply with our coding style.
+ Eliminated unnecessary tests of boolean png_isaligned() vs 0.
+
+Version 1.6.24rc01 [July 25, 2016]
+ No changes.
-Glenn R-P
+Version 1.6.24rc02 [August 1, 2016]
+ Conditionally compile SSE2 headers in contrib/intel/intel_sse.patch
+ Conditionally compile png_decompress_chunk().
+
+Version 1.6.24rc03 [August 2, 2016]
+ Conditionally compile ARM_NEON headers in pngpriv.h
+ Updated contrib/intel/intel_sse.patch
+
+Version 1.6.24[August 4, 2016]
+ No changes.
+
+Version 1.6.25beta01 [August 12, 2016]
+ Reject oversized iCCP profile immediately.
+ Cleaned up PNG_DEBUG compile of pngtest.c.
+ Conditionally compile png_inflate().
+
+Version 1.6.25beta02 [August 18, 2016]
+ Don't install pngcp; it conflicts with pngcp in the pngtools package.
+ Minor editing of INSTALL, (whitespace, added copyright line)
+
+Version 1.6.25rc01 [August 24, 2016]
+ No changes.
+
+Version 1.6.25rc02 [August 29, 2016]
+ Added MIPS support (Mandar Sahastrabuddhe <Mandar.Sahastrabuddhe@imgtec.com>).
+ Only the UP filter is currently implemented.
+
+Version 1.6.25rc03 [August 29, 2016]
+ Rebased contrib/intel/intel_sse.patch after the MIPS implementation.
+
+Version 1.6.25rc04 [August 30, 2016]
+ Added MIPS support for SUB, AVG, and PAETH filters (Mandar Sahastrabuddhe).
+
+Version 1.6.25rc05 [August 30, 2016]
+ Rebased contrib/intel/intel_sse.patch after the MIPS implementation update..
+
+Version 1.6.25 [September 1, 2016]
+ No changes.
+
+Version 1.6.26beta01 [September 26, 2016]
+ Fixed handling zero length IDAT in pngfix (bug report by Agostino Sarubbo,
+ bugfix by John Bowler).
+ Do not issue a png_error() on read in png_set_pCAL() because png_handle_pCAL
+ has allocated memory that libpng needs to free.
+ Conditionally compile png_set_benign_errors() in pngread.c and pngtest.c
+ Issue a png_benign_error instead of a png_error on ADLER32 mismatch
+ while decoding compressed data chunks.
+ Changed PNG_ZLIB_VERNUM to ZLIB_VERNUM in pngpriv.h, pngstruct.h, and
+ pngrutil.c.
+ If CRC handling of critical chunks has been set to PNG_CRC_QUIET_USE,
+ ignore the ADLER32 checksum in the IDAT chunk as well as the chunk CRCs.
+ Issue png_benign_error() on ADLER32 checksum mismatch instead of png_error().
+ Add tests/badcrc.png and tests/badadler.png to tests/pngtest.
+ Merged pngtest.c with libpng-1.7.0beta84/pngtest.c
+
+Version 1.6.26beta02 [October 1, 2016]
+ Updated the documentation about CRC and ADLER32 handling.
+ Quieted 117 warnings from clang-3.8 in pngtrans.c, pngread.c,
+ pngwrite.c, pngunknown.c, and pngvalid.c.
+ Quieted 58 (out of 144) -Wconversion compiler warnings by changing
+ flag definitions in pngpriv.h from 0xnnnn to 0xnnnnU and trivial changes
+ in png.c, pngread.c, and pngwutil.c.
+
+Version 1.6.26beta03 [October 2, 2016]
+ Removed contrib/libtests/*.orig and *.rej that slipped into the tarballs.
+ Quieted the 86 remaining -Wconversion compiler warnings by
+ revising the png_isaligned() macro and trivial changes in png.c,
+ pngerror.c, pngget.c, pngmem.c, pngset.c, pngrtran.c, pngrutil.c,
+ pngwtran.c, pngwrite.c, and pngwutil.c.
+
+Version 1.6.26beta04 [October 3, 2016]
+ Quieted (bogus?) clang warnings about "absolute value has no effect"
+ when PNG_USE_ABS is defined.
+ Fixed offsets in contrib/intel/intel_sse.patch
+
+Version 1.6.26beta05 [October 6, 2016]
+ Changed integer constant 4294967294 to unsigned 4294967294U in pngconf.h
+ to avoid a signed/unsigned compare in the preprocessor.
+
+Version 1.6.26beta06 [October 7, 2016]
+ Use zlib-1.2.8.1 inflateValidate() instead of inflateReset2() to
+ optionally avoid ADLER32 evaluation.
+
+Version 1.6.26rc01 [October 12, 2016]
+ No changes.
+
+Version 1.6.26 [October 20, 2016]
+ Cosmetic change, "ptr != 0" to "ptr != NULL" in png.c and pngrutil.c
+ Despammed email addresses (replaced "@" with " at ").
+
+Version 1.6.27beta01 [November 2, 2016]
+ Restrict the new ADLER32-skipping to IDAT chunks. It broke iCCP chunk
+ handling: an erroneous iCCP chunk would throw a png_error and reject the
+ entire PNG image instead of rejecting just the iCCP chunk with a warning,
+ if built with zlib-1.2.8.1.
+
+Version 1.6.27rc01 [December 27, 2016]
+ Control ADLER32 checking with new PNG_IGNORE_ADLER32 option. Fixes
+ an endless loop when handling erroneous ADLER32 checksums; bug
+ introduced in libpng-1.6.26.
+ Removed the use of a macro containing the pre-processor 'defined'
+ operator. It is unclear whether this is valid; a macro that
+ "generates" 'defined' is not permitted, but the use of the word
+ "generates" within the C90 standard seems to imply more than simple
+ substitution of an expression itself containing a well-formed defined
+ operation.
+ Added ARM support to CMakeLists.txt (Andreas Franek).
+
+Version 1.6.27 [December 29, 2016]
+ Fixed a potential null pointer dereference in png_set_text_2() (bug report
+ and patch by Patrick Keshishian, CVE-2016-10087).
+
+Version 1.6.28rc01 [January 3, 2017]
+ Fixed arm/aarch64 detection in CMakeLists.txt (Gianfranco Costamagna).
+ Added option to Cmake build allowing a custom location of zlib to be
+ specified in a scenario where libpng is being built as a subproject
+ alongside zlib by another project (Sam Serrels).
+ Changed png_ptr->options from a png_byte to png_uint_32, to accommodate
+ up to 16 options.
+
+Version 1.6.28rc02 [January 4, 2017]
+ Added "include(GNUInstallDirs)" to CMakeLists.txt (Gianfranco Costamagna).
+ Moved SSE2 optimization code into the main libpng source directory.
+ Configure libpng with "configure --enable-intel-sse" or compile
+ libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it.
+
+Version 1.6.28rc03 [January 4, 2017]
+ Backed out the SSE optimization and last CMakeLists.txt to allow time for QA.
+
+Version 1.6.28 [January 5, 2017]
+ No changes.
+
+Version 1.6.29beta01 [January 12, 2017]
+ Readded "include(GNUInstallDirs)" to CMakeLists.txt (Gianfranco Costamagna).
+ Moved SSE2 optimization code into the main libpng source directory.
+ Configure libpng with "configure --enable-intel-sse" or compile
+ libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it.
+ Simplified conditional compilation in pngvalid.c, for AIX (Michael Felt).
+
+Version 1.6.29beta02 [February 22, 2017]
+ Avoid conditional directives that break statements in pngrutil.c (Romero
+ Malaquias)
+ The contrib/examples/pngtopng.c recovery code was in the wrong "if"
+ branches; the comments were correct.
+ Added code for PowerPC VSX optimisation (Vadim Barkov).
+
+Version 1.6.29beta03 [March 1, 2017]
+ Avoid potential overflow of shift operations in png_do_expand() (Aaron Boxer).
+ Change test ZLIB_VERNUM >= 0x1281 to ZLIB_VERNUM >= 0x1290 in pngrutil.c
+ because Solaris 11 distributes zlib-1.2.8.f that is older than 1.2.8.1,
+ as suggested in zlib FAQ, item 24.
+ Suppress clang warnings about implicit sign changes in png.c
+
+Version 1.6.29 [March 16, 2017]
+ No changes.
+
+Version 1.6.30beta01 [April 1, 2017]
+ Added missing "$(CPPFLAGS)" to the compile line for c.pic.o in
+ makefile.linux and makefile.solaris-x86 (Cosmin).
+ Revised documentation of png_get_error_ptr() in the libpng manual.
+ Silence clang -Wcomma and const drop warnings (Viktor Szakats).
+ Update Sourceforge URLs in documentation (https instead of http).
+
+Version 1.6.30beta02 [April 22, 2017]
+ Document need to check for integer overflow when allocating a pixel
+ buffer for multiple rows in contrib/gregbook, contrib/pngminus,
+ example.c, and in the manual (suggested by Jaeseung Choi). This
+ is similar to the bug reported against pngquant in CVE-2016-5735.
+ Removed reference to the obsolete PNG_SAFE_LIMITS macro in the documentation.
+
+Version 1.6.30beta03 [May 22, 2017]
+ Check for integer overflow in contrib/visupng and contrib/tools/genpng.
+ Do not double evaluate CMAKE_SYSTEM_PROCESSOR in CMakeLists.txt.
+ Test CMAKE_HOST_WIN32 instead of WIN32 in CMakeLists.txt.
+ Fix some URL in documentation.
+
+Version 1.6.30beta04 [June 7, 2017]
+ Avoid writing an empty IDAT when the last IDAT exactly fills the
+ compression buffer (bug report by Brian Baird). This bug was
+ introduced in libpng-1.6.0.
+
+Version 1.6.30rc01 [June 14, 2017]
+ No changes.
+
+Version 1.6.30rc02 [June 25, 2017]
+ Update copyright year in pnglibconf.h, make ltmain.sh executable.
+ Add a reference to the libpng.download site in README.
+
+Version 1.6.30 [June 28, 2017]
+ No changes.
+
+Version 1.6.31beta01 [July 5, 2017]
+ Guard the definition of _POSIX_SOURCE in pngpriv.h (AIX already defines it;
+ bug report by Michael Felt).
+ Revised pngpriv.h to work around failure to compile arm/filter_neon.S
+ ("typedef" directive is unrecognized by the assembler). The problem
+ was introduced in libpng-1.6.30beta01.
+ Added "Requires: zlib" to libpng.pc.in (Pieter Neerincx).
+ Added special case for FreeBSD in arm/filter_neon.S (Maya Rashish).
+
+Version 1.6.31beta02 [July 8, 2017]
+ Added instructions for disabling hardware optimizations in INSTALL.
+ Added "--enable-hardware-optimizations" configuration flag to enable
+ or disable all hardware optimizations with one flag.
+
+Version 1.6.31beta03 [July 9, 2017]
+ Updated CMakeLists.txt to add INTEL_SSE and MIPS_MSA platforms.
+ Changed "int" to "png_size_t" in intel/filter_sse2.c to prevent
+ possible integer overflow (Bug report by John Bowler).
+ Quieted "declaration after statement" warnings in intel/filter_sse2.c.
+ Added scripts/makefile-linux-opt, which has hardware optimizations enabled.
+
+Version 1.6.31beta04 [July 11, 2017]
+ Removed one of the GCC-7.1.0 'strict-overflow' warnings that result when
+ integers appear on both sides of a compare. Worked around the others by
+ forcing the strict-overflow setting in the relevant functions to a level
+ where they are not reported (John Bowler).
+ Changed "FALL THROUGH" comments to "FALLTHROUGH" because GCC doesn't like
+ the space.
+ Worked around some C-style casts from (void*) because g++ 5.4.0 objects
+ to them.
+ Increased the buffer size for 'sprint' to pass the gcc 7.1.0 'sprint
+ overflow' check that is on by default with -Wall -Wextra.
+
+Version 1.6.31beta05 [July 13, 2017]
+ Added eXIf chunk support.
+
+Version 1.6.31beta06 [July 17, 2017]
+ Added a minimal eXIf chunk (with Orientation and FocalLengthIn35mmFilm
+ tags) to pngtest.png.
+
+Version 1.6.31beta07 [July 18, 2017]
+ Revised the eXIf chunk in pngtest.png to fix "Bad IFD1 Directory" warning.
+
+Version 1.6.31rc01 [July 19, 2017]
+ No changes.
+
+Version 1.6.31rc02 [July 25, 2017]
+ Fixed typo in example.c (png_free_image should be png_image_free) (Bug
+ report by John Smith)
+
+Version 1.6.31 [July 27, 2017]
+ No changes.
+
+Version 1.6.32beta01 [July 31, 2017]
+ Avoid possible NULL dereference in png_handle_eXIf when benign_errors
+ are allowed. Avoid leaking the input buffer "eXIf_buf".
+ Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif
+ to arguments for png_get_eXIf() and png_set_eXIf().
+ Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in
+ pngwrite.c, and made various other fixes to png_write_eXIf().
+ Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and
+ png_set_eXIf_1(), respectively, to avoid breaking API compatibility
+ with libpng-1.6.31.
+
+Version 1.6.32beta02 [August 1, 2017]
+ Updated contrib/libtests/pngunknown.c with eXIf chunk.
+
+Version 1.6.32beta03 [August 2, 2017]
+ Initialized btoa[] in pngstest.c
+ Stop memory leak when returning from png_handle_eXIf() with an error
+ (Bug report from the OSS-fuzz project).
+
+Version 1.6.32beta04 [August 2, 2017]
+ Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
+ Update libpng.3 and libpng-manual.txt about eXIf functions.
+
+Version 1.6.32beta05 [August 2, 2017]
+ Restored png_get_eXIf() and png_set_eXIf() to maintain API compatibility.
+
+Version 1.6.32beta06 [August 2, 2017]
+ Removed png_get_eXIf_1() and png_set_eXIf_1().
+
+Version 1.6.32beta07 [August 3, 2017]
+ Check length of all chunks except IDAT against user limit to fix an
+ OSS-fuzz issue (Fixes CVE-2017-12652).
+
+Version 1.6.32beta08 [August 3, 2017]
+ Check length of IDAT against maximum possible IDAT size, accounting
+ for height, rowbytes, interlacing and zlib/deflate overhead.
+ Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf)
+ does not work (the eXIf chunk data can contain zeroes).
+
+Version 1.6.32beta09 [August 3, 2017]
+ Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation,
+ no longer using deprecated cmake LOCATION feature (Clifford Yapp).
+ Fixed five-byte error in the calculation of IDAT maximum possible size.
+
+Version 1.6.32beta10 [August 5, 2017]
+ Moved chunk-length check into a png_check_chunk_length() private
+ function (Suggested by Max Stepin).
+ Moved bad pngs from tests to contrib/libtests/crashers
+ Moved testing of bad pngs into a separate tests/pngtest-badpngs script
+ Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL
+ in the output but PASS for the libpng test.
+ Require cmake-3.0.2 in CMakeLists.txt (Clifford Yapp).
+ Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the
+ num_exif argument to png_get_eXIf_1() (Github Issue 171).
+
+Version 1.6.32beta11 [August 7, 2017]
+ Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
+ Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers.
+ Make pngtest --strict, --relax, --xfail options imply -m (multiple).
+ Removed unused chunk_name parameter from png_check_chunk_length().
+ Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak.
+ Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue.
+ Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR.
+ Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.
+ Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account
+ for the minimum 'deflate' stream, and relocate the test to a point
+ after the keyword has been read.
+ Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM".
+
+Version 1.6.32rc01 [August 18, 2017]
+ Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers,
+ one for each known chunk type, with length = 2GB-1.
+ Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts
+ in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706,
+ and 162707).
+ Renamed chunks in contrib/testpngs/crashers to avoid having files whose
+ names differ only in case; this causes problems with some platforms
+ (github issue #172).
+
+Version 1.6.32rc02 [August 22, 2017]
+ Added contrib/oss-fuzz directory which contains files used by the oss-fuzz
+ project (https://github.com/google/oss-fuzz/tree/master/projects/libpng).
+
+Version 1.6.32 [August 24, 2017]
+ No changes.
+
+Version 1.6.33beta01 [August 28, 2017]
+ Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing
+ parenthesis in contrib/pngminus/pnm2png.c (bug report by Christian Hesse).
+ Fixed off-by-one error in png_do_check_palette_indexes() (Bug report
+ by Mick P., Source Forge Issue #269).
+
+Version 1.6.33beta02 [September 3, 2017]
+ Initialize png_handler.row_ptr in contrib/oss-fuzz/libpng_read_fuzzer.cc
+ to fix shortlived oss-fuzz issue 3234.
+ Compute a larger limit on IDAT because some applications write a deflate
+ buffer for each row (Bug report by Andrew Church).
+ Use current date (DATE) instead of release-date (RDATE) in last
+ changed date of contrib/oss-fuzz files.
+ Enabled ARM support in CMakeLists.txt (Bernd Kuhls).
+
+Version 1.6.33beta03 [September 14, 2017]
+ Fixed incorrect typecast of some arguments to png_malloc() and
+ png_calloc() that were png_uint_32 instead of png_alloc_size_t
+ (Bug report by "irwir" in Github libpng issue #175).
+ Use pnglibconf.h.prebuilt when building for ANDROID with cmake (Github
+ issue 162, by rcdailey).
+
+Version 1.6.33rc01 [September 20, 2017]
+ Initialize memory allocated by png_inflate to zero, using memset, to
+ stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2()
+ due to truncated iTXt or zTXt chunk.
+ Initialize memory allocated by png_read_buffer to zero, using memset, to
+ stop an oss-fuzz "use of uninitialized value" detection in
+ png_icc_check_tag_table() due to truncated iCCP chunk.
+ Removed a redundant test (suggested by "irwir" in Github issue #180).
+
+Version 1.6.33rc02 [September 23, 2017]
+ Added an interlaced version of each file in contrib/pngsuite.
+ Relocate new memset() call in pngrutil.c.
+ Removed more redundant tests (suggested by "irwir" in Github issue #180).
+ Add support for loading images with associated alpha in the Simplified
+ API (Samuel Williams).
+
+Version 1.6.33 [September 28, 2017]
+ Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state.
+ Initialize png_handler.row_ptr in contrib/oss-fuzz/libpng_read_fuzzer.cc
+ Add end_info structure and png_read_end() to the libpng fuzzer.
+
+Version 1.6.34 [September 29, 2017]
+ Removed contrib/pngsuite/i*.png; some of them caused test failures.
+
+Version 1.6.35beta01 [March 6, 2018]
+ Restored 21 of the contrib/pngsuite/i*.png, which do not cause test
+ failures. Placed the remainder in contrib/pngsuite/interlaced/i*.png.
+ Added calls to png_set_*() transforms commonly used by browsers to
+ the fuzzer.
+ Removed some unnecessary brackets in pngrtran.c
+ Fixed miscellaneous typos (Patch by github user "luzpaz").
+ Change "ASM C" to "C ASM" in CMakeLists.txt
+ Fixed incorrect handling of bKGD chunk in sub-8-bit files (Cosmin)
+ Added hardware optimization directories to zip and 7z distributions.
+ Fixed incorrect bitmask for options.
+ Fixed many spelling typos.
+
+Version 1.6.35beta02 [March 28, 2018]
+ Make png_get_iCCP consistent with man page (allow compression-type argument
+ to be NULL, bug report by Lenard Szolnoki).
+
+Version 1.6.35 [July 15, 2018]
+ Replaced the remaining uses of png_size_t with size_t (Cosmin)
+ Fixed the calculation of row_factor in png_check_chunk_length
+ (reported by Thuan Pham in SourceForge issue #278)
+ Added missing parentheses to a macro definition
+ (suggested by "irwir" in GitHub issue #216)
+
+Version 1.6.36 [December 1, 2018]
+ Optimized png_do_expand_palette for ARM processors.
+ Improved performance by around 10-22% on a recent ARM Chromebook.
+ (Contributed by Richard Townsend, ARM Holdings)
+ Fixed manipulation of machine-specific optimization options.
+ (Contributed by Vicki Pfau)
+ Used memcpy instead of manual pointer arithmetic on Intel SSE2.
+ (Contributed by Samuel Williams)
+ Fixed build errors with MSVC on ARM64.
+ (Contributed by Zhijie Liang)
+ Fixed detection of libm in CMakeLists.
+ (Contributed by Cameron Cawley)
+ Fixed incorrect creation of pkg-config file in CMakeLists.
+ (Contributed by Kyle Bentley)
+ Fixed the CMake build on Windows MSYS by avoiding symlinks.
+ Fixed a build warning on OpenBSD.
+ (Contributed by Theo Buehler)
+ Fixed various typos in comments.
+ (Contributed by "luz.paz")
+ Raised the minimum required CMake version from 3.0.2 to 3.1.
+ Removed yet more of the vestigial support for pre-ANSI C compilers.
+ Removed ancient makefiles for ancient systems that have been broken
+ across all previous libpng-1.6.x versions.
+ Removed the Y2K compliance statement and the export control
+ information.
+ Applied various code style and documentation fixes.
+
+Version 1.6.37 [April 14, 2019]
+ Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.
+ Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette.
+ Fixed a memory leak in pngtest.c.
+ Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in
+ contrib/pngminus; refactor.
+ Changed the license of contrib/pngminus to MIT; refresh makefile and docs.
+ (Contributed by Willem van Schaik)
+ Fixed a typo in the libpng license v2.
+ (Contributed by Miguel Ojeda)
+ Added makefiles for AddressSanitizer-enabled builds.
+ Cleaned up various makefiles.
+
+Version 1.6.38 [September 14, 2022]
+ Added configurations and scripts for continuous integration.
+ Fixed various errors in the handling of tRNS, hIST and eXIf.
+ Implemented many stability improvements across all platforms.
+ Updated the internal documentation.
+
+Version 1.6.39 [November 20, 2022]
+ Changed the error handler of oversized chunks (i.e. larger than
+ PNG_USER_CHUNK_MALLOC_MAX) from png_chunk_error to png_benign_error.
+ Fixed a buffer overflow error in contrib/tools/pngfix.
+ Fixed a memory leak (CVE-2019-6129) in contrib/tools/pngcp.
+ Disabled the ARM Neon optimizations by default in the CMake file,
+ following the default behavior of the configure script.
+ Allowed configure.ac to work with the trunk version of autoconf.
+ Removed the support for "install" targets from the legacy makefiles;
+ removed the obsolete makefile.cegcc.
+ Cleaned up the code and updated the internal documentation.
+
+Send comments/corrections/commendations to png-mng-implement at lists.sf.net.
+Subscription is required; visit
+https://lists.sourceforge.net/lists/listinfo/png-mng-implement
+to subscribe.
projects / platform / upstream / libpng.git / blobdiff