| |
| Libpng 1.7.0beta87 - March 22, 2017 |
| |
| This is not intended to be a public release. It will be replaced |
| within a few weeks by a public version or by another test version. |
| |
| Files available for download: |
| |
| Source files with LF line endings (for Unix/Linux) and with a |
| "configure" script |
| |
| 1.7.0beta87.tar.xz (LZMA-compressed, recommended) |
| 1.7.0beta87.tar.gz |
| |
| Source files with CRLF line endings (for Windows), without the |
| "configure" script |
| |
| /scratch/glennrp/Libpng17/lp170b87.7z (LZMA-compressed, recommended) |
| /scratch/glennrp/Libpng17/lp170b87.zip |
| |
| Other information: |
| |
| 1.7.0beta87-README.txt |
| 1.7.0beta87-LICENSE.txt |
| libpng-1.7.0beta87-*.asc (armored detached GPG signatures) |
| |
| Changes since the last public release (1.6.0): |
| |
| Version 1.7.0alpha01 [December 15, 2012] |
| Started 1.7.0 branch from libpng-1.6.0beta33. |
| Made 8-bit compose and rgb_to_grayscale accuracy improvements. These |
| changes cause 16-bit arithmetic to be used for 8-bit data in the gamma |
| corrected compose and grayscale operations. The arithmetic errors have |
| three sources all of which are fixed in this commit: |
| 1) 8-bit linear calculations produce massive errors for lower intensity |
| values. |
| 2) The old 16-bit "16 to 8" gamma table code erroneously wrote the lowest |
| output value into a table entry which corresponded to multiple output |
| values (so where the value written should have been the closest to the |
| transformed input value.) |
| 3) In a number of cases the code to access the 16-bit table did not round; |
| it did a simple shift, which was wrong and made the side effects of (2) |
| even worse. |
| The new gamma code does not have the 16-to-8 problem at the cost of slightly |
| more calculations and the algorithm used to minimize the number of |
| calculations has been extended to all the 16-bit tables; it has advantages |
| for any significant gamma correction. |
| Rearranged png_struct, remove unused members, change png_set_filter handling |
| png_struct members rearranged - partly to reorder to avoid packing, partly |
| to put frequently accessed members at the start and partly to make |
| the grouping more clear. png_set_filter code has been rewritten and the |
| code shared with png_write_start_row moved to a common function. Comments |
| in png.h have been made more clear. Minor fixes to |
| contrib/libtests/timepng.c and some of the png_*_tRNS logic, including |
| more error detection in png_set_tRNS. |
| Cleaned up USER_LIMITS feature, removing members from png_struct when not |
| required. |
| Rearranged ARM-NEON optimizations to isolate the machine specific code to |
| the hardware subdirectory, and add comments to pngrutil.c so that |
| implementors of other optimizations will know what to do. |
| Fixed cases of unquoted DESTDIR in Makefile.am. |
| Rebuilt Makefile.in, configure, etc., with autoconf-2.69 and automake-1.12.5. |
| |
| Version 1.7.0alpha02 [December 17, 2012] |
| Removed functions that were deprecated in libpng-1.6.0: |
| png_reset_zstream(), png_info_init_3(), and png_data_freer() and its |
| associated flags. |
| Removed some duplicated lines from contrib/tools/scale.c and png.c. |
| Changed some instances of png_warning() to png_app_error(). |
| Updated some left over "1.6.0beta32" in code sources. |
| Fixed a "png_structp" prototype (should be png_structrp) in arm_init.c |
| Updated the version-number hack in pngvalid.c |
| |
| Version 1.7.0alpha03 [December 19, 2012] |
| Cleaned up and enhanced the configure option; libpng now correctly |
| links and tests against zlib with a prefix; tests have been clarified; and |
| irrelevant or obsolete things (as defined by the autotools man page) have |
| been removed. |
| Documented new PNG_ABORT behavior in the manual and commentary in pngerror.c |
| Cleaned up whitespace in the synopsis portion of the manpage "libpng.3" |
| Fixed previous support for Z_PREFIX in configure builds, corrected sCAL APIs; |
| some of these use floating point arithmetic so they need to be disabled if |
| floating point arithmetic is switched off. This is a quiet API change - |
| previously it appeared that the APIs were supported if fixed point |
| arithmetic was used internally, however they required certain APIs (floor, |
| modf, frexp, atof) that are part of C floating point support. Changed |
| png_fixed and the gamma code specific version of the same to avoid floor(), |
| which may be a library function (not an intrinsic). Removed unused #if 0 |
| code. |
| Disassembled the version number in scripts/options.awk (necessary for |
| building on SunOs). |
| |
| Version 1.7.0alpha04 [December 23, 2012] |
| Added scripts/makefile.msys contributed by Christopher M. Wheeler |
| Made default Zlib compression settings be configurable. This adds #defines to |
| pnglibconf.h to control the defaults. |
| Fixed Windows build issues, enabled ARM compilation. Various warnings issued |
| by earlier versions of GCC fixed for Cygwin and Min/GW (which both use old |
| GCCs.) ARM support is enabled by default in zlib.props (unsupported by |
| Microsoft) and ARM compilation is made possible by deleting the check for |
| x86. The test programs cannot be run because they are not signed. |
| |
| Version 1.7.0alpha05 [December 24, 2012] |
| Discontinued distributing libpng-1.x.x.tar.bz2. |
| Discontinued distributing libpng-1.7.0-1.6.0-diff.txt and similar. |
| |
| Version 1.7.0alpha06 [January 1, 2013] |
| Fixed 'make distcheck' on SUN OS - libpng.so was not being removed |
| |
| Version 1.7.0alpha07 [January 10, 2013] |
| Fixed conceivable but difficult to repro overflow. Also added two test |
| programs to generate and test a PNG which should have the problem. |
| |
| Version 1.7.0alpha08 [January 17, 2013] |
| Corrected previous attempt at overflow detection in png_set_unknown_chunks() |
| (CVE-2013-7353). Added overflow detection in png_set_sPLT() and |
| png_set_text_2() (CVE-2013-7354). |
| |
| Version 1.7.0alpha09 [January 21, 2013] |
| Pulled changes to multi-chunk handling from libpng-1.6.0beta40. |
| |
| Version 1.7.0alpha10 [February 5, 2013] |
| Make symbol prefixing work with the ARM neon optimizations. Also |
| allow pngpriv.h to be included for preprocessor definitions only, so |
| it can be used in non-C/C++ files. |
| Added png_get_palette_max() function. |
| Changed png_size_t to size_t throughout headers, make sRGB check numbers |
| consistent. |
| Fixed ARM support (Mans Rullgard). |
| Removed stray out-of-order #endif and #ifdef (Mans Rullgard). |
| Ported libpng 1.5 options.awk/dfn file handling to 1.7, fixed one bug. |
| Rebuilt Makefile.in, configure, etc., with autoconf-2.69 and automake-1.13. |
| Minor fixes to assembler changes, verified with a dummy .S file |
| Removed cc -E workround, corrected png_get_palette_max API. Tested on |
| SUN OS cc 5.9, which demonstrates the tokenization problem previously |
| avoided by using /lib/cpp. Since all .dfn output is now protected |
| in double quotes unless it is to be macro substituted the fix should work |
| everywhere. |
| |
| Version 1.7.0beta01 [February 15, 2013] |
| Enable parallel tests and rearrange TESTS order to take advantage of |
| the massive speed improvements use a make capable of parallel builds |
| on a multi-CPU machine and pass the right arguments to make (-j10000 |
| for GNU make) to get the build to run in parallel. |
| Fixed previous support for Z_PREFIX in configure builds, corrected |
| sCAL APIs; some of these use floating point arithmetic so need to be |
| disabled if floating point arithmetic is switched off. This is a quiet API |
| change - previously it appeared that the APIs were supported if fixed point |
| arithmetic was used internally, however they required certain APIs (floor, |
| modf, frexp, atof) that are part of C floating point support. Changed |
| png_fixed and the gamma code specific version of the same to avoid floor(), |
| which may be a library function (not an intrinsic). Removed unused #if 0 |
| code. |
| Fixed make distcheck to skip over the test result files. They were |
| being included because the whole of the 'tests' directory is included, |
| fixed to just include the actual test files and tests/pngstest. Also |
| reverted the previous erroneous change to remove the ${srcdir} from the |
| front of contrib, scripts, projects and added an explanation of what is |
| going on to Makefile.am |
| Fixed missing dependency in --prefix builds. The intermediate |
| internal 'prefix.h' file can only be generated correctly after pnglibconf.h, |
| however the dependency was not in Makefile.am. The symptoms are |
| unpredictable depending on the order make chooses to build pngprefix.h and |
| pnglibconf.h, often the error goes unnoticed because there is a system |
| pnglibconf.h to use instead. |
| Accept "," as a separator in pnglibconf.dfa and allow for |
| continuation lines. This adds to the syntax of "option" and "chunk" lines, |
| allowing the elements to be separated by a "," at the end of an element and |
| interpreting a "," at end of line as a continuation - so the following line |
| is read. The new syntax is optional and solely provided for readability. |
| Enclosed the new png_get_palette_max in #ifdef PNG_GET_PALETTE_MAX_SUPPORTED |
| block, and revised pnglibconf.h and pnglibconf.h.prebuilt accordingly. |
| |
| Version 1.7.0beta02 [February 18, 2013] |
| Fixed a race condition in the creation of the build 'scripts' directory |
| while building with a parallel make. |
| Use approved/supported Android method to check for NEON, use Linux/POSIX |
| 1003.1 API to check /proc/self/auxv avoiding buffer allocation and other |
| library calls (ported from libpng15). |
| Use parentheses more consistently in "#if defined(MACRO)" tests. |
| Folded long lines. |
| |
| Version 1.7.0beta03 [February 22, 2013] |
| Reenabled code to allow zero length PLTE chunks for MNG. |
| Fixed ALIGNED_MEMORY support. |
| Allow run-time ARM NEON checking to be disabled. A new configure option: |
| --enable-arm-neon=always will stop the run-time checks. New checks |
| within arm/arm_init.c will cause the code not to be compiled unless |
| __ARM_NEON__ is set. This should make it fail safe (if someone asks |
| for it on then the build will fail if it can't be done.) |
| Updated the INSTALL document. |
| |
| Version 1.7.0beta04 [February 27, 2013] |
| Revised INSTALL to recommend using CPPFLAGS instead of INCLUDES. |
| Revised scripts/makefile.freebsd to respect ZLIBLIB and ZLIBINC. |
| Revised scripts/dfn.awk to work with the buggy MSYS awk that has trouble |
| with CRLF line endings. |
| |
| Version 1.7.0beta05 [March 5, 2013] |
| Avoid a possible memory leak in contrib/gregbook/readpng.c |
| Changed user chunk callback API to respect global and per chunk defaults. |
| Previously a return of 0 from a user chunk callback would result in the |
| chunk being saved (if this was safe, even if the chunk was unsafe-to-copy); |
| this change respects the defaults set by the application, so unknown chunks |
| can be discarded by default and known-safe ones preserved. |
| Corrected Android builds and corrected libpng.vers with symbol |
| prefixing. This adds an API to set optimization options externally, |
| providing an alternative and general solution for the non-portable |
| run-time tests used by the ARM Neon code. It also makes those tests |
| compile and link on Android. The order of settings vs options in |
| pnglibconf.h is reversed to allow settings to depend on options and |
| options can now set (or override) the defaults for settings. |
| |
| Version 1.7.0beta06 [March 13, 2013] |
| Corrected simplified API default gamma for color-mapped output, added |
| a flag to change default. In 1.6.0 when the simplified API was used |
| to produce color-mapped output from an input image with no gamma |
| information the gamma assumed for the input could be different from |
| that assumed for non-color-mapped output. In particular 16-bit depth |
| input files were assumed to be sRGB encoded, whereas in the 'direct' |
| case they were assumed to have linear data. This was an error. The |
| fix makes the simplified API treat all input files the same way and |
| adds a new flag to the png_image::flags member to allow the |
| application/user to specify that 16-bit files contain sRGB data |
| rather than the default linear. |
| Fixed bugs in the pngpixel and makepng test programs. |
| Fixed CMakelists.txt to allow building a single variant of the library |
| (Claudio Bley): |
| Introduced a PNG_LIB_TARGETS variable that lists all activated library |
| targets. It is an error if this variable ends up empty, ie. you have |
| to build at least one library variant. |
| Made the *_COPY targets only depend on library targets actually being build. |
| Use PNG_LIB_TARGETS to unify a code path. |
| Changed the CREATE_SYMLINK macro to expect the full path to a file as the |
| first argument. When symlinking the filename component of that path is |
| determined and used as the link target. |
| Use copy_if_different in the CREATE_SYMLINK macro. |
| Eliminated two warnings from the Intel C compiler. The warnings are |
| technically valid, although a reasonable treatment of division would |
| show it to be incorrect. |
| |
| Version 1.7.0beta07 [April 14, 2013] |
| Updated documentation of 1.5.x to 1.6.x changes in iCCP chunk handling. |
| Fixed incorrect warning of excess deflate data. End condition - the |
| warning would be produced if the end of the deflate stream wasn't read |
| in the last row. The warning is harmless. |
| Corrected the test on user transform changes on read. It was in the |
| png_set of the transform function, but that doesn't matter unless the |
| transform function changes the rowbuf size, and that is only valid if |
| transform_info is called. |
| Corrected a misplaced closing bracket in contrib/libtests/pngvalid.c |
| (Flavio Medeiros). |
| Corrected length written to uncompressed iTXt chunks (Samuli Suominen). |
| |
| Version 1.7.0beta08 [April 18, 2013] |
| Added contrib/tools/fixitxt.c, to repair the erroneous iTXt chunk length |
| written by libpng-1.6.0 and 1.6.1. |
| Disallow storing sRGB information when the sRGB is not supported. |
| |
| Version 1.7.0beta09 [April 24, 2013] |
| Exposed PNG chunk types in png.h |
| Modified png_uint_32 macros/code to make as few assumptions as possible |
| Revised stack marking in arm/filter_neon.S and configure.ac |
| Ensure that NEON filter stuff is completely disabled when switched 'off'. |
| Previously the ARM NEON specific files were still built if the option |
| was switched 'off' as opposed to being explicitly disabled. |
| |
| Version 1.7.0beta10 [April 24, 2013] |
| Attempt to fix the PNG_ARM_NEON configuration mess. |
| |
| Version 1.7.0beta11 [April 26, 2013] |
| Test for 'arm*', not just 'arm' in the host_cpu configure variable. |
| |
| Version 1.7.0beta12 [April 30, 2013] |
| Added png_app_warning for out-of-range unknown chunk index in |
| png_set_unknown_chunk_location(). |
| Expanded manual paragraph about writing private chunks. |
| Avoid dereferencing NULL pointer possibly returned from |
| png_create_write_struct() (Andrew Church). |
| |
| Version 1.7.0beta13 [May 12, 2013] |
| Revised contrib/pngminim/*/makefile to generate pnglibconf.h with the |
| right zlib header files. |
| Separated CPPFLAGS and CFLAGS in contrib/pngminim/*/makefile |
| Updated contrib/pngminus/pnm2png.c (Paul Stewart): |
| Check for EOF |
| Ignore "#" delimited comments in input file to pnm2png.c. |
| Fixed whitespace handling |
| Added a call to png_set_packing() |
| Initialize dimension values so if sscanf fails at least we have known |
| invalid values. |
| Calculate our own zlib windowBits when decoding rather than trusting the |
| CMF bytes in the PNG datastream. |
| Added an option to force maximum window size for inflating, which was |
| the behavior of libpng15 and earlier. |
| Added png-fix-itxt and png-fix-too-far-back to the built programs and |
| removed warnings from the source code and timepng that are revealed as |
| a result. |
| Detect wrong libpng versions linked to png-fix-too-far-back, which currently |
| only works with libpng versions that can be made to reliably fail when |
| the deflate data contains an out-of-window reference. This means only |
| 1.6 and later. |
| Attempt to detect configuration issues with png-fix-too-far-back, which |
| requires both the correct libpng and the correct zlib to function |
| correctly. |
| Check ZLIB_VERNUM for mismatches, enclose #error in quotes |
| Added information in the documentation about problems with and fixes for |
| the bad CRC and bad iTXt chunk situations. |
| |
| Version 1.7.0beta14 [June 8, 2013] |
| Removed a redundant test in png_set_IHDR(). |
| Added set(CMAKE_CONFIGURATION_TYPES ...) to CMakeLists.txt (Andrew Hundt) |
| Deleted set(CMAKE_BUILD_TYPE) block from CMakeLists.txt |
| Enclose the prototypes for the simplified write API in #ifdef STDIO/#endif |
| Make ARM NEON support work at compile time (not just configure time). |
| This moves the test on __ARM_NEON__ into pngconf.h to avoid issues when |
| using a compiler that compiles for multiple architectures at one time. |
| Removed PNG_FILTER_OPTIMIZATIONS and PNG_ARM_NEON_SUPPORTED from |
| pnglibconf.h, allowing more of the decisions to be made internally |
| (pngpriv.h) during the compile. Without this, symbol prefixing is broken |
| under certain circumstances on ARM platforms. Now only the API parts of |
| the optimizations ('check' vs 'api') are exposed in the public header files |
| except that the new setting PNG_ARM_NEON_OPT documents how libpng makes the |
| decision about whether or not to use the optimizations. |
| Protect symbol prefixing against CC/CPPFLAGS/CFLAGS useage. |
| Previous iOS/Xcode fixes for the ARM NEON optimizations moved the test |
| on __ARM_NEON__ from configure time to compile time. This breaks symbol |
| prefixing because the definition of the special png_init_filter_functions |
| call was hidden at configure time if the relevant compiler arguments are |
| passed in CFLAGS as opposed to CC. This change attempts to avoid all |
| the confusion that would result by declaring the init function even when |
| it is not used, so that it will always get prefixed. |
| |
| Version 1.7.0beta15 [June 18, 2013] |
| Revised libpng.3 so that "doclifter" can process it. |
| |
| Version 1.7.0beta16 [July 5, 2013] |
| Revised example.c to illustrate use of PNG_DEFAULT_sRGB and PNG_GAMMA_MAC_18 |
| as parameters for png_set_gamma(). These have been available since |
| libpng-1.5.4. |
| Renamed contrib/tools/png-fix-too-far-back.c to pngfix.c and revised it |
| to check all compressed chunks known to libpng. |
| Updated documentation to show default behavior of benign errors correctly. |
| Added perfect hash code generation for lists of PNG chunks. This is |
| a work in progress; checked in for use in pngfix.c |
| Ported ARM no-read patch from libpng16. |
| Ported pngfix.c patches from libpng16. |
| |
| Version 1.7.0beta17 [August 21, 2013] |
| Revised manual about changes in iTXt chunk handling made in libpng-1.6.0. |
| Added "/* SAFE */" comments in pngrutil.c and pngrtran.c where warnings |
| may be erroneously issued by code-checking applications. |
| Added information about png_set_options() to the manual. |
| Delay calling png_init_filter_functions() until a row with nonzero filter |
| is found. |
| |
| Version 1.7.0beta18 [September 16, 2013] |
| Fixed inconsistent conditional compilation of png_chunk_unknown_handling() |
| prototype, definition, and usage. Made it depend on |
| PNG_HANDLE_AS_UNKNOWN_SUPPORTED everywhere. |
| |
| Version 1.7.0beta19 [September 30, 2013] |
| Reverted the change to unknown handling #defines; the change breaks 'NOREAD' |
| builds. |
| Fixed default behavior of ARM_NEON_API. If the ARM NEON API option is |
| compiled without the CHECK option it defaulted to on, not off. |
| Catch up with recent libpng16 changes; unknown handling and spelling |
| corrections |
| Avoid up-cast warnings in pngvalid.c. On ARM the alignment requirements of |
| png_modifier are greater than that of png_store and as a consequence |
| compilation of pngvalid.c results in a warning about increased alignment |
| requirements because of the bare cast to (png_modifier*). The code is |
| safe, because the pointer is known to point to a stack allocated |
| png_modifier, but this change avoids the warning. |
| Fixed some grammatical changes and updated the png chunks list. |
| |
| Version 1.7.0beta20 [October 13, 2013] |
| Made changes for compatibility with automake 1.14: |
| 1) Added the 'compile' program to the list of programs that must be cleaned |
| in autogen.sh |
| 2) Added 'subdir-objects' which causes .c files in sub-directories to be |
| compiled such that the corresponding .o files are also in the |
| sub-directory. This is because automake 1.14 warns that the |
| current behavior of compiling to the top level directory may be removed |
| in the future. |
| 3) Updated dependencies on pnglibconf.h to match the new .o locations and |
| added all the files in contrib/libtests and contrib/tools that depend |
| on pnglibconf.h |
| 4) Added 'BUILD_SOURCES = pnglibconf.h'; this is the automake recommended |
| way of handling the dependencies of sources that are machine generated; |
| unfortunately it only works if the user does 'make all' or 'make check', |
| so the dependencies (3) are still required. |
| Cleaned up (char*) casts of zlib messages. The latest version of the Intel C |
| compiler complains about casting a string literal as (char*), so copied the |
| treatment of z_const from the library code into pngfix.c |
| Simplified error message code in pngunknown. The simplification has the |
| useful side effect of avoiding a bogus warning generated by the latest |
| version of the Intel C compiler (it objects to |
| condition ? string-literal : string-literal). |
| Make autogen.sh work with automake 1.13 as well as 1.14. Do this by always |
| removing the 1.14 'compile' script but never checking for it. |
| |
| Version 1.7.0beta21 [November 2, 2013] |
| Added ARMv8 support (James Yu <james.yu at linaro.org>). Added file |
| arm/filter_neon_intrinsics.c; enable with -mfpu=neon. |
| Revised pngvalid to generate size images with as many filters as it can |
| manage, limited by the number of rows. |
| Cleaned up ARM NEON compilation handling. The tests are now in pngpriv.h |
| and detect the broken GCC compilers. |
| Allow clang derived from older GCC versions to use ARM intrinsics. This |
| causes all clang builds that use -mfpu=neon to use the intrinsics code, |
| not the assembler code. This has only been tested on iOS 7. It may be |
| necessary to exclude some earlier clang versions but this seems unlikely. |
| Changed NEON implementation selection mechanism. This allows assembler |
| or intrinsics to be turned on at compile time during the build by defining |
| PNG_ARM_NEON_IMPLEMENTATION to the correct value (2 or 1). This macro |
| is undefined by default and the build type is selected in pngpriv.h. |
| |
| Version 1.7.0beta22 [November 7, 2013] |
| Fixed #include in filter_neon_intrinsics.c and ctype macros. The ctype char |
| checking macros take an unsigned char argument, not a signed char. |
| |
| Version 1.7.0beta23 [November 24, 2013] |
| Changed #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED in pngpread.c to |
| #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED to be consistent with |
| what is in pngpriv.h. |
| Moved prototype for png_handle_unknown() in pngpriv.h outside of |
| the #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED/#endif block. |
| Added "-Wall" to CFLAGS in contrib/pngminim/*/makefile |
| Conditionally compile some unused functions reported by -Wall in |
| pngminim. |
| Fixed 'minimal' builds. Various obviously useful minimal configurations |
| don't build because of missing contrib/libtests test programs and |
| overly complex dependencies in scripts/pnglibconf.dfa. This change |
| adds contrib/conftest/*.dfa files that can be used in automatic build |
| scripts to ensure that these configurations continue to build. |
| Enabled WRITE_INVERT and WRITE_PACK in contrib/pngminim/encoder. |
| Fixed pngvalid 'fail' function declaration on the Intel C Compiler. |
| This reverts to the previous 'static' implementation and works round |
| the 'unused static function' warning by using PNG_UNUSED(). |
| |
| Version 1.7.0beta24 [December 15, 2013] |
| Removed or marked PNG_UNUSED some harmless "dead assignments" reported |
| by clang scan-build. |
| Changed tabs to 3 spaces in png_debug macros and changed '"%s"m' |
| to '"%s" m' to improve portability among compilers. |
| Changed png_free_default() to free() in pngtest.c |
| Tidied up pngfix inits and fixed pngtest no-write builds. |
| Bookkeeping: Moved functions around (no changes). Moved transform |
| function definitions before the place where they are called so that |
| they can be made static. Move the intrapixel functions and the |
| grayscale palette builder out of the png?tran.c files. The latter |
| isn't a transform function and is no longer used internally, and the |
| former MNG specific functions are better placed in pngread/pngwrite.c |
| Made transform implementation functions static. This makes the internal |
| functions called by png_do_{read|write}_transformations static. On an |
| x86-64 DLL build (Gentoo Linux) this reduces the size of the text |
| segment of the DLL by 1208 bytes, about 0.6%. It also simplifies |
| maintenance by removing the declarations from pngpriv.h and allowing |
| easier changes to the internal interfaces. |
| Handle zero-length PLTE chunk or NULL palette with png_error() |
| instead of png_chunk_report(), which by default issues a warning |
| rather than an error, leading to later reading from a NULL pointer |
| (png_ptr->palette) in png_do_expand_palette(). This is CVE-2013-6954 |
| and VU#650142. Libpng-1.6.1 through 1.6.7 and libpng-1.7.0beta03 |
| through 1.7.0beta23 are vulnerable. Libpng-1.6.0 and earlier do not |
| have the bug. |
| |
| Version 1.7.0beta25 [December 26, 2013] |
| Merged files with version 1.6.8 that have not changed since then. |
| Rebuilt configure scripts with automake-1.14.1 and autoconf-2.69 |
| |
| Version 1.7.0beta26 [January 1, 2014] |
| Added libpng 1.5 checks to pngvalid.c |
| Merged with 1.5 and 1.6 changes to create a single pngvalid.c |
| Added dSIG to chunk list in png.h |
| Removed #error macro from contrib/tools/pngfix.c (Thomas Klausner). |
| Merged pngrio.c, pngtrans.c, and pngwio.c with libpng-1.6.9 |
| Fixed test programs for interlace options. Made pngvalid.c and |
| pngtest.c work correctly when READ_INTERLACING and/or WRITE_INTERLACING |
| are switched off. |
| Changed pngvalid.c to support libpng 1.5, which does not support |
| the PNG_MAXIMUM_INFLATE_WINDOW option, so #define it out when |
| appropriate in pngvalid.c |
| Allow unversioned links created on install to be disabled in configure. |
| In configure builds 'make install' changes/adds links like png.h |
| and libpng.a to point to the newly installed, versioned, files (e.g. |
| libpng17/png.h and libpng17.a). Three new configure options and some |
| rearrangement of Makefile.am allow creation of these links to be disabled. |
| |
| Version 1.7.0beta27 [January 10, 2014] |
| Removed potentially misleading warning from png_check_IHDR(). |
| |
| Version 1.7.0beta28 [January 20, 2014] |
| Updated scripts/makefile.* to use CPPFLAGS (Cosmin). |
| Added clang attribute support (Cosmin). |
| |
| Version 1.7.0beta29 [January 30, 2014] |
| Quiet an uninitialized memory warning from VS2013 in png_get_png(). |
| |
| Version 1.7.0beta30 [February 2, 2014] |
| Fixed a large number of instances where PNGCBAPI was omitted from |
| function definitions. |
| Added pngimage test program for png_read_png and png_write_png. This |
| is a work-in-progress; no tests are run automatically at present and |
| the program by virtue of exhaustively testing all the transforms is |
| very slow. |
| |
| Version 1.7.0beta31 [February 6, 2014] |
| Make png_read_png() and png_write_png() prototypes in png.h depend |
| upon PNG_READ_SUPPORTED and PNG_WRITE_SUPPORTED. |
| Removed dependence on !PNG_READ_EXPAND_SUPPORTED for calling |
| png_set_packing() in png_read_png(). |
| Completed full working pngimage test program and added two test scripts. |
| Fixed combination of ~alpha with shift. On read invert alpha, processing |
| occurred after shift processing, which causes the final values to be |
| outside the range that should be produced by the shift. Reversing the |
| order on read makes the two transforms work together correctly and mirrors |
| the order used on write. |
| Do not read invalid sBIT chunks. Previously libpng only checked sBIT |
| values on write, so a malicious PNG writer could therefore cause |
| the read code to return an invalid sBIT chunk, which might lead to |
| application errors or crashes. Such chunks are now skipped (with |
| chunk_benign_error). |
| Restored a line, "c = b;", that was inadvertently deleted from the |
| PAETH filtering code from libpng-1.7.0beta24/pngrutil.c. Deleted |
| the other instance of "c = b;" which is the one that triggered a |
| scan-build warning. |
| Support builds with unsupported PNG_TRANSFORM_* values. All of the |
| PNG_TRANSFORM_* values are always defined in png.h and, because they |
| are used for both read and write in some cases, it is not reliable |
| to #if out ones that are totally unsupported. This change adds error |
| detection in png_read_image() and png_write_image() to do a |
| png_app_error() if the app requests something that cannot be done |
| and it adds corresponding code to pngimage.c to handle such options |
| by not attempting to test them. |
| |
| Version 1.7.0beta32 [February 26, 2014] |
| Moved redefines of png_error(), png_warning(), png_chunk_error(), |
| and png_chunk_warning() from pngpriv.h to png.h to make them visible |
| to libpng-calling applications. |
| Moved OS dependent code from arm/arm_init.c, to allow the included |
| implementation of the ARM NEON discovery function to be set at |
| build-time and provide sample implementations from the current code in the |
| contrib/arm-neon subdirectory. The __linux__ code has also been changed to |
| compile and link on Android by using /proc/cpuinfo, and the old linux code |
| is in contrib/arm-neon/linux-auxv.c. The new code avoids POSIX and Linux |
| dependencies apart from opening /proc/cpuinfo and is C90 compliant. |
| Check for info_ptr == NULL early in png_read_end() so we don't need to |
| run all the png_handle_*() and depend on them to return if info_ptr == NULL. |
| This improves the performance of png_read_end(png_ptr, NULL) and makes |
| it more robust against future programming errors. |
| Check for __has_extension before using it in pngconf.h, to |
| support older Clang versions (Jeremy Sequoia). |
| Use a user warning handler in contrib/gregbook/readpng2.c instead of default, |
| so warnings will be put on stderr even if libpng has CONSOLE_IO disabled. |
| Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk |
| after recognizing the IDAT chunk, which avoids an infinite loop while |
| reading a datastream whose first IDAT chunk is of zero-length. |
| This fixes CERT VU#684412 and CVE-2014-0333. |
| Don't recognize known sRGB profiles as sRGB if they have been hacked, |
| but don't reject them and don't issue a copyright violation warning. |
| Minor editing of contrib/arm-neon/README and contrib/examples/*.c |
| Moved some documentation from png.h to libpng.3 and libpng-manual.txt |
| |
| Version 1.7.0beta33 [February 27, 2014] |
| Fixed typos in the manual and in scripts/pnglibconf.dfa (CFLAGS -> CPPFLAGS |
| and PNG_USR_CONFIG -> PNG_USER_CONFIG). |
| |
| Version 1.7.0beta34 [March 17, 2014] |
| Treat CRC error handling with png_set_crc_action(), instead of with |
| png_set_benign_errors(), which has been the case since libpng-1.6.0beta18. |
| Use "if (value != 0)" instead of "if (value)" consistently. |
| Changed ZlibSrcDir from 1.2.5 to 1.2.8 in projects/vstudio. |
| Moved configuration information from the manual to the INSTALL file. |
| |
| Version 1.7.0beta35 [August 6, 2014] |
| Removed #if/#else/#endif from inside two pow() calls in pngvalid.c because |
| they were handled improperly by Portland Group's PGI-14.1 - PGI-14.3 |
| when using its "__builtin_pow()" function. |
| Silence 'unused parameter' build warnings (Cosmin). |
| $(CP) is now used alongside $(RM_F). Also, use 'copy' instead |
| of 'cp' where applicable, and applied other minor makefile changes. |
| Don't warn about invalid dimensions exceeding user limits. |
| Allow an easy replacement of the default pre-built configuration |
| header with a custom header, via the make PNGLIBCONF_H_PREBUILT |
| macro. |
| Fixed a typo in pngrutil.c, introduced in libpng-1.5.6, that interferes |
| with "blocky" expansion of sub-8-bit interlaced PNG files (Eric Huss). |
| Removed scripts/makefile.elf. It has not worked since libpng-1.5.0beta14 |
| due to elimination of the PNG_FUNCTION_EXPORT and PNG_DATA_EXPORT |
| definitions from pngconf.h. |
| Ensure that CMakeLists.txt makes the target "lib" directory before making |
| symbolic link into it (SourceForge bug report #226 by Rolf Timmermans). |
| Added opinion that the ECCN (Export Control Classification Number) for |
| libpng is EAR99 to the README file. |
| |
| Version 1.7.0beta36 [September 27, 2014] |
| Updated scripts/makefiles from libpng-1.6.13beta04. |
| Minor updates to the manual from libpng-1.6.14beta04. |
| Fixed incorrect handling of the iTXt compression flag in pngrutil.c |
| (bug report by Shunsaku Hirata). Bug was introduced in libpng-1.6.0. |
| |
| Version 1.7.0beta37 [September 28, 2014] |
| Merged scripts/*, pngvalid.c and pngfix.c with libpng-1.6.14beta04. |
| |
| Version 1.7.0beta38 [October 17, 2014] |
| Added "option READ_iCCP enables READ_COMPRESSED_TEXT" to pnglibconf.dfa |
| Removed unused "text_len" parameter from private function png_write_zTXt(). |
| Conditionally compile some code in png_deflate_claim(), when |
| PNG_WARNINGS_SUPPORTED and PNG_ERROR_TEXT_SUPPORTED are disabled. |
| Replaced repeated code in pngpread.c with PNG_PUSH_SAVE_BUFFER_IF_FULL. |
| Added "chunk iTXt enables TEXT" and "chunk zTXt enables TEXT" |
| to pnglibconf.dfa. |
| Removed "option READ_COMPRESSED_TEXT enables READ_TEXT" from pnglibconf.dfa, |
| to make it possible to configure a libpng that supports iCCP but not TEXT. |
| Removed "option WRITE_COMPRESSED_TEXT enables WRITE_TEXT" from pnglibconf.dfa |
| Only mark text chunks as written after successfully writing them. |
| |
| Version 1.7.0beta39 [November 1, 2014] |
| Ported cosmetic changes from libpng-1.6.15beta02. |
| |
| Version 1.7.0beta40 [November 6, 2014] |
| Made a one-line revision to configure.ac to support ARM on aarch64 |
| (bug report by Marcin Juszkiewicz, fix by John Bowler). |
| Use png_get_libpng_ver(NULL) instead of PNG_LIBPNG_VER_STRING in |
| example.c, pngtest.c, and applications in the contrib directory. |
| Avoid out-of-bounds memory access in png_user_version_check(). |
| Simplified and future-proofed png_user_version_check(). |
| Fixed GCC unsigned int->float warnings. Various versions of GCC |
| seem to generate warnings when an unsigned value is implicitly |
| converted to double. This is probably a GCC bug but this change |
| avoids the issue by explicitly converting to (int) where safe. |
| Free all allocated memory in pngimage. The file buffer cache was left |
| allocated at the end of the program, harmless but it causes memory |
| leak reports from clang. |
| Fixed array size calculations to avoid warnings. At various points |
| in the code the number of elements in an array is calculated using |
| sizeof. This generates a compile time constant of type (size_t) which |
| is then typically assigned to an (unsigned int) or (int). Some versions |
| of GCC on 64-bit systems warn about the apparent narrowing, even though |
| the same compiler does apparently generate the correct, in-range, |
| numeric constant. This adds appropriate, safe, casts to make the |
| warnings go away. |
| |
| Version 1.7.0beta41 [November 7, 2014] |
| Added #ifdef PNG_16BIT_SUPPORTED/#endif around png_log16bit() and |
| png_do_swap(). |
| Changed all "#endif /* PNG_FEATURE_SUPPORTED */" to "#endif /* FEATURE */" |
| |
| Version 1.7.0beta42 [November 20, 2014] |
| The macros passed in the command line to Borland make were ignored if |
| similarly-named macros were already defined in makefiles. This behavior |
| is different from POSIX make and other make programs. Surround the |
| macro definitions with ifndef guards (Cosmin). |
| Added "-D_CRT_SECURE_NO_WARNINGS" to CFLAGS in scripts/makefile.vcwin32. |
| Removed the obsolete $ARCH variable from scripts/makefile.darwin. |
| Merged clang no-warning fix from libpng-1.6.13: png_digit was defined |
| but never used in pngerror.c. |
| |
| Version 1.7.0beta43 [December 18, 2014] |
| Added ".align 2" to arm/filter_neon.S to support old GAS assemblers that |
| don't do alignment correctly. |
| Revised Makefile.am and scripts/*.dfn to work with MinGW/MSYS; |
| renamed scripts/*.dfn to scripts/*.c (Bob Friesenhahn and John Bowler). |
| Quiet a "comparison always true" warning in pngstest.c (John Bowler). |
| |
| Version 1.7.0beta44 [December 23, 2014] |
| Restored a test on width that was removed from png.c at libpng-1.6.9 |
| (Bug report by Alex Eubanks, CVE-2015-0973). |
| Fixed an overflow in png_combine_row() with very wide interlaced images |
| (Bug report and fix by John Bowler, CVE-2014-9495). |
| Corrected the width limit calculation in png_check_IHDR(). |
| Removed extraneous handling of PNG_SAFE_LIMITS_SUPPORTED from pngconf.h |
| |
| Version 1.7.0beta45 [December 28, 2014] |
| Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column |
| and 1-million-row default limits in pnglibconf.dfa, that can be reset |
| by the user at build time or run time. This provides a more robust |
| defense against DOS and as-yet undiscovered overflows. |
| Removed user limits from pngfix. Also pass NULL pointers to |
| png_read_row to skip the unnecessary row de-interlace stuff. |
| Added testing of png_set_packing() to pngvalid.c |
| |
| Version 1.7.0beta46 [January 2, 2015] |
| Regenerated configure scripts in the tar distributions with libtool-2.4.4 |
| Implement previously untested cases of libpng transforms in pngvalid.c |
| Fixed byte order in 2-byte filler, in png_do_read_filler(). |
| Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins). |
| |
| Version 1.7.0beta47 [January 29, 2015] |
| Made the check for out-of-range values in png_set_tRNS() detect |
| values that are exactly 2^bit_depth, and work on 16-bit platforms. |
| Added PNG_SKIP_sRGB_CHECK_PROFILE choice for png_set_option(). |
| Report all IHDR errors before exiting png_check_IHDR(). |
| Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47. |
| Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and |
| pngset.c to avoid warnings about dead code. |
| |
| Version 1.7.0beta48 [February 7, 2015] |
| Work around one more Coverity-scan dead-code warning. |
| Do not build png_product2() when it is unused. |
| |
| Version 1.7.0beta49 [February 11, 2015] |
| Combined sub_row, up_row, avg_row, and paeth_row buffers into a |
| single try_row buffer. |
| Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default. |
| Consolidated redundant code in pngwutil.c |
| Deal with integer overflow of sum in pngwutil.c |
| |
| Version 1.7.0beta50 [February 15, 2015] |
| Combined sub_row, up_row, avg_row, and paeth_row buffers into a |
| single try_row buffer and in cases where two or more of those are |
| being tested, a second tst_row buffer. This improves CPU speed |
| over that achieved by libpng-1.7.0beta49. |
| |
| Version 1.7.0beta51 [February 17, 2015] |
| Combined similar parts of png_write_find_filter() into a png_increase_lmins() |
| function. |
| Display user limits in the output from pngtest. |
| Replaced test for harmless integer overflow (wraparound) in pngwutil.c |
| with a method that prevents overflow and does not increase cpu usage |
| significantly. |
| |
| Version 1.7.0beta52 [February 21, 2015] |
| Added information about setjmp/simplified API interaction in the |
| manual page and INSTALL file. Added information about using |
| row_pointers with a single height*width*bpp allocated block |
| Rebuilt configure scripts with automake-1.15 and libtool-2.4.6 |
| |
| Version 1.7.0beta53 [February 23, 2015] |
| Restored compiling of png_reciprocal2 with PNG_NO_16BIT. |
| |
| Version 1.7.0beta54 [March 4, 2015] |
| Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block |
| of png.h. |
| Conditionally compile a small amount of code in pngwutil.c |
| Avoid runtime checks when converting integer to png_byte with |
| Visual Studio (Sergey Kosarevsky) |
| Merged pngwrite.c with libpng-1.6.17beta06/pngwrite.c |
| |
| Version 1.7.0beta55 [March 9, 2015] |
| Removed some comments that the configure script did not handle |
| properly from scripts/pnglibconf.dfa and pnglibconf.h.prebuilt. |
| Spelling fixes ("then", "occured") reported by Lauri Nurmi. |
| Added more error reporting in png_default_read_data(). |
| Merged png_free_data() with libpng-1.6.17rc02. |
| |
| Version 1.7.0beta56 [March 11, 2015] |
| Updated CMakeLists.txt to add OSX framework, change YES/NO to ON/OFF |
| for consistency, and remove some useless tests (Alexey Petruchik). |
| |
| Version 1.7.0beta57 [March 16, 2015] |
| Remove pnglibconf.h, pnglibconf.c, and pnglibconf.out instead of |
| pnglibconf.* in "make clean" (Cosmin). |
| Fix bug in calculation of maxbits, in png_write_sBIT, introduced |
| in libpng-1.6.17beta01 (John Bowler). |
| Revert change to png_default_read_data() made in libpng-1.7.0beta55. |
| |
| Version 1.7.0beta58 [March 25, 2015] |
| Implemented affirm() support and usage. |
| Remove pnglibconf.dfn and pnglibconf.pre with "make clean". |
| Added byte, short and other overflow checking |
| Added 'affirm' based overflow checking for debug builds for char |
| and short assignments. Simply ignore the error in release builds |
| (a truncated value will be used without warning). Controlled by |
| PNG_RANGE_CHECK_SUPPORTED. |
| Improved some overflow handling. PNG_RELEASE_BUILD replaces tests |
| where the code depended on the build base type and can be defined on |
| the command line, allowing testing in beta builds. Overflows previously |
| handled by png_warning in png.c have been changed to use new |
| macros/affirm functions so that beta builds will abort on overflow and |
| release builds will quietly ignore it. This avoids release builds |
| producing warnings that are of no use to end users. |
| Check (png_uint_16) casts for overflow. Also removed png_muldiv_warn, |
| added RELEASE/!RELEASE convenience macros. png_muldiv_warn was used in |
| only one place, and the overflow condition is a genuine warning not |
| an internal error. Four macros allow code or function parameters to be |
| condition on RELEASE (or not) builds and tidy up the #ifdef handling of |
| functions. |
| |
| Version 1.7.0beta59 [April 19, 2015] |
| Transformed rewrite: changed row_info, added checks. This introduces an |
| internal struct (png_transform_control) to replace row_info and uses |
| that to implement affirms correctly. The change also adds checks on |
| the rowbytes calculation and additional checks on most transform |
| implementations. |
| Added png_uint_16 range checking, pngvalid tRNS, fixed png_uint_16: |
| review of previous checks, removal of some where SAFE. pngvalid: add |
| testing of tRNS for better code coverage pngvalid: correct rgb-to-gray |
| error calculations. Code coverage is still incomplete: see /*UNTESTED*/ |
| in pngrtran.c. This fixes some arithmetic errors that caused some tests |
| to fail on some 32-bit platforms (Bug reports by Peter Breitenlohner [i686] |
| and Petr Gajdos [i586]). |
| Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler |
| (Bug report by Viktor Szaka'ts). |
| |
| Version 1.7.0beta60 [May 6, 2015] |
| Replaced "unexpected" with an integer (0xabadca11) in pngset.c |
| where a long was expected, to avoid a compiler warning when PNG_DEBUG > 1. |
| |
| Version 1.7.0beta61 [May 31, 2015] |
| Avoid Coverity issue 80858 (REVERSE NULL) in pngtest.c |
| Avoid a harmless potential integer overflow in png_XYZ_from_xy() (Bug |
| report from Christopher Ferris). |
| Changed png_voidcast(), etc., to voidcast(), etc., in contrib/tools/pngfix.c |
| to avoid confusion with the libpng private macros. |
| Fixed old cut&paste bug in the weighted filter selection code in |
| pngwutil.c, introduced in libpng-0.95, March 1997. |
| |
| Version 1.7.0beta62 [June 1, 2015] |
| Removed the experimental WRITE_WEIGHTED_FILTERED code, to save a few |
| kbytes of the compiled library size. It never worked properly and as |
| far as we can tell, no one uses it. The png_set_filter_heuristics() and |
| png_set_filter_heuristics_fixed() APIs are retained but deprecated. |
| |
| Version 1.7.0beta63 [June 6, 2015] |
| Quieted some Coverity issues in pngfix.c, png-fix-itxt.c, pngvalid.c, |
| pngstest.c, and pngimage.c. Most seem harmless, but png-fix-itxt |
| would only work with iTXt chunks with length 255 or less. |
| Fixed cexcept.h in which GCC 5 reported that one of the auto |
| variables in the Try macro needs to be volatile to prevent value |
| being lost over the setjmp, and fixed g++ build breaks (John Bowler). |
| Moved READ_GAMMA to pngrtran.c. This makes everything in pngrtrans.c |
| depend on READ_TRANSFORMS and moves all the transform gamma (READ_GAMMA) |
| code from elsewhere to png_tran.c. There are no code changes. |
| There is one remaining use of the gamma (16-bit) code in the simplified |
| API in pngread.c but that is because of a long-standing libpng bug, |
| namely that the gamma corrected palette is no produced by |
| png_read_update_info (John Bowler). |
| Completed AArch64 support. The previous change to recognize __ARM_NEON |
| didn't touch all the required preprocessor lines. This change removes |
| support for __ARM_NEON__ completely and makes this consistent. |
| Added #ifdef's to contrib/examples programs so people don't try |
| to compile them without the minimum required support enabled |
| (suggested by Flavio Medeiros). |
| |
| Version 1.7.0beta64 [July 26, 2015] |
| Removed non-working progressive reader 'skip' function. This |
| function has apparently never been used. It was implemented |
| to support back-door modification of png_struct in libpng-1.4.x |
| but (because it does nothing and cannot do anything) was apparently |
| never tested (John Bowler). |
| Eliminated the final two Coverity defects (insecure temporary file |
| handling in contrib/libtests/pngstest.c; possible overflow of |
| unsigned char in contrib/tools/png-fix-itxt.c). To use the "secure" |
| file handling, define PNG_USE_MKSTEMP, otherwise "tmpfile()" will |
| be used. |
| Removed some unused WEIGHTED_FILTER macros from png.h and pngstruct.h |
| Rearranged png.h to put the major sections in the same order as |
| in libpng16. |
| Belatedly added Mans Rullgard and James Yu to the list of Contributing |
| Authors. |
| |
| Version 1.7.0beta65 [September 16, 2015] |
| Use nanosleep() instead of usleep() in contrib/gregbook/rpng2-x.c |
| because usleep() is deprecated (port from libpng16). |
| Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c |
| Fixed uninitialized variable in contrib/gregbook/rpng2-x.c |
| Moved config.h.in~ from the "libpng_autotools_files" list to the |
| "libpng_autotools_extra" list in autogen.sh because it was causing a |
| false positive for missing files (bug report by Robert C. Seacord). |
| Fixed some bad links in the man page. |
| Renamed the arm subdirectory to contrib/neon. |
| Made minor fixes to the test scripts: |
| pngimage: add --list-combos pngunknown: add --strict to catch warnings |
| pngvalid-standard: remove the spurious --progressive read (compare with |
| pngvalid-progressive-standard!) (John Bowler). |
| Implemented a new chunk parse implementation that can be shared. It |
| is currently shared by the progressive reader and the sequential one |
| (but not yet by the writer) (John Bowler). |
| Implemented shared transform handling that is used throughout (John Bowler). |
| |
| Version 1.7.0beta66 [October 2, 2015] |
| Enabled the low-bit-depth gray tests that were disabled in prior versions |
| of libpng because of problems that should have been fixed by the recent |
| changes to libpng17. Enabling the tests revealed bugs in those changes |
| which are now corrected. |
| Replaced the memcpy of png_transform_background with a structure copy |
| which is safer since it doesn't depend on knowing the first member to |
| be copied, also the copies are improved to copy the transform args too; |
| not required at present but it may prevent a bug being introduced in |
| the future. |
| Fixed some new Coverity defects that were introduced in 1.7.0beta65. |
| Fixed makepng.c so that it compiles with GCC 5.1.0. |
| Added contrib/testspngs/: a directory for additional test png files |
| generated by makepng. |
| Fixed dead code reported by Coverity (John Bowler). |
| Limit the calls to crc32 to ZLIB_IO_MAX, although it is not clear that |
| this is optimal (John Bowler). |
| Make pngstest error limits version specific. Splitting the machine |
| generated error structs out to a file allows the values to be updated |
| without changing pngstest.c itself. Since libpng 1.6 and 1.7 have |
| slightly different error limits this simplifies maintenance. The |
| makepngs.sh script has also been updated to more accurately reflect |
| current problems in libpng 1.7 (John Bowler). |
| Fixed gamma-handling issues. One serious bug is that 8 was forced |
| as a bit depth when caching a palette, even though the palette had been |
| expanded. One less serious bug, the optimization for avoiding gamma |
| correction introduced significant errors if the app subsequently |
| did further corrections, only shown by using files with gAMA 1/1.52 in |
| pngstest (John Bowler). |
| Suppressed bogus Coverity issues in pngrutil.c and pngwutil.c. |
| Corrected sRGB gamma handling in the Simplified API (John Bowler). |
| If a gamma encoded file that has a gamma not matching that of sRGB is |
| passed to the simplified API the previous code simply interpreted it as |
| a power law encoding. However old Mac files had a power law correction |
| of 1.45 built in to the encoding, even though the display devices were |
| consistent with sRGB. Assuming a power law encoding results in |
| substantial differences in the interpretation of low 8-bit values; |
| below 10. For example an Apple '5' which is equivalent to an sRGB '17' |
| ends up as the value '8'. This patch provides some measure of correction |
| for this by making the gamma correction done within the simplified API |
| assume that any encoded data is encoded relative to an sRGB-like transfer |
| function; the data is corrected back to the PNG-nominal 2.2 value then |
| decoded to linear (if required) using the sRGB transfer function. |
| This reduces the errors reported by pngstest for such files (colormapped |
| ones) but still leaves the issue with files where the standard libpng |
| code does the gamma decoding. To cope with the latter cases there is a |
| new pngstest-errors which allows the result; however, this is still a |
| work-in-progress; a better solution is possible. |
| Added a '--small' option to 'makepng' to allow the generation of smaller |
| images that also give better test case coverage. Also added copyright |
| and licence to the generated images, reflecting the fact that they are |
| original works of the author of the code. The licence used is the |
| Creative Commons Public Domain (CC0-1.0) one, which is appropriate |
| for non-source-code works. The resultant images were used to generate |
| the recently-updated pngstest-errors.h file (John Bowler). |
| Added test files generated by "contrib/testpngs/makepngs.sh --small" |
| with MAKEPNG set to the makepng compiled from the current |
| contrib/libtests/makepngs.sh, to the "contrib/testpngs" directory. |
| Made png_rgb_to_gray() optimization fixes. This fixes the code |
| that optimizes RGB to Gray transformations that only selected on |
| channel and clarifies the handling of max_depth in the transform |
| code (John Bowler). |
| Incorporated new test PNG files into make check. tests/pngstest-* |
| are changed so that the new test files are divided into 8 groups by |
| gamma and alpha channel. These tests have considerably better code |
| and pixel-value coverage than contrib/pngsuite; however,coverage is |
| still incomplete (John Bowler). |
| Fixed png_set_tRNS_to_alpha for low-bit-depth gray and enabled |
| low-bit-depth gray tests in pngvalid (John Bowler). |
| Fixed sBIT handling in the low-bit-depth gray and pngstest cases, |
| extended sBIT handling to the colormap code in the simplified API |
| which is separately implemented in pngread.c (John Bowler). |
| |
| Version 1.7.0beta67 [November 3, 2015] |
| Fixed 'pow' macros in pngvalid.c. It is legal for 'pow' to be a |
| macro, therefore the argument list cannot contain preprocessing |
| directives. Make sure pow is a function where this happens. This is |
| a minimal safe fix, the issue only arises in non-performance-critical |
| code (bug report by Curtis Leach, fix by John Bowler). |
| Added sPLT chunk support to pngtest.c |
| Prevent setting or writing over-length PLTE chunk (bug report by |
| Cosmin Truta) (CVE-2015-8126). |
| Silently truncate over-length PLTE chunk while reading. |
| Fixed some inconsequential cut-and-paste typos in png_set_cHRM_XYZ_fixed(). |
| Clarified COPYRIGHT information to state explicitly that versions |
| are derived from previous versions. |
| Removed much of the long list of previous versions from png.h and |
| libpng.3. |
| |
| Version 1.7.0beta68 [November 12, 2015] |
| Fixed new bug with CRC error after reading an over-length palette |
| (bug report by Cosmin Truta). |
| Cleaned up coding style in png_handle_PLTE(). |
| |
| Version 1.7.0beta69 [November 24, 2015] |
| Avoid potential pointer overflow/underflow in png_handle_sPLT() and |
| png_handle_pCAL() (Bug report by John Regehr). |
| Avoid conditionally compiling parts of statements in png.c (suggested |
| by flaviommedeiros). |
| Fixed incorrect implementation of png_set_PLTE() that uses png_ptr |
| not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126 |
| vulnerability. |
| Added pngvalid --transform --interlace test. This increases code |
| coverage by generating test cases with smaller length rows as a |
| result of the interlacing. Without this packswap handling was |
| incompletely tested. |
| Fixed NO_WRITE_INTERLACE in pngvalid.c. The support for writing |
| interlaced images directly from libpng 1.7 was unintentionally |
| disabled (INTERLACE_LAST was defined incorrectly, excluding the |
| interlaced images). This obscured the fact that the transform and |
| error test case generators lacked the support for writing interlaced |
| images from libpng. |
| Transform rewrite: perform transforms in small chunks. The intent |
| of this change is to reduce the memory footprint during transform |
| sequences by performing transforms in fixed (small) sized blocks of |
| pixels. The change is incomplete; the filter code still works |
| row-by-row, so the whole tranform also works row-by-row. The intent |
| is to fix this so that everything works in small(ish) chunks. |
| At present the change has no discernable effect on pngvalid --speed |
| or pngstest with (e.g.) rgb-8-1.8.png; user time and (minor) page |
| faults are the same in old and new versions. The same applies to |
| real-world 15MP PNG images; even on these the presence of the filter |
| code causes a cyclical progress through memory which will interfere |
| with any caching otherwise possible (useful word, 'otherwise'.) |
| Read row buffer changes. The read code now allocates one row buffer |
| of the size of the input PNG row and, only if required, one buffer of |
| the size of the output. The output buffer is required for the |
| progressive reader (always) and for the sequential reader if libpng |
| is de-interlacing an image (because the output row is used multiple |
| times if png_read_row is called with a display row parameter.) This |
| should reduce memory utilization by libpng significantly, but it has no |
| detectable effect on overall performance figures of the test programs; |
| these are probably dominated by memory allocations for the whole image |
| within the test programs. |
| Now that the code works consistently so that these just switch off |
| the support for having libpng do the interlace/deinterlace, the old |
| names make more sense. Restoring them avoids cruft in the configuration |
| file and avoids an unnecessary version specific change. |
| The reliance of png_read_png on interlace handling and some minor |
| issues in the test programs where they failed to correctly check for |
| interlace handling were exposed by the ability to write interlaced |
| images even if WRITE_INTERLACING is turned off. This is fixed here. |
| Changed the detection of invalid application behavior (too many |
| calls to png_read_row) from an affirm to a png_app_error. |
| Fixed the PNG_MAX_GAMMA_8 handling and png_set_rgb_to_gray, which |
| had bugs which were likely to expose end cases of rgb-to-gray conversion |
| errors. This might possibly explain some of the machine math dependencies |
| we are seeing. |
| Temporarily disabled filter selection while writing, and temporarily |
| replaced pngtest.png accordingly. |
| |
| Version 1.7.0beta70 [December 3, 2015] |
| Fixed a simple bracket problem that prevented reading non-interlaced |
| PNG files with height == 1. |
| The code failed to zero out the row buffer at the start of a pass where |
| the AVG filter is used because 'row_number' is not always zero (on |
| interlaced images) and, apparently, the assertion that the buffer had |
| been zeroed when allocated was not always correct for non-interlaced |
| images. Revealed by pngvalid --size with a hack to make it always |
| use AVG. |
| Fixed an error in handling of bad zlib CMINFO field in pngfix, found by |
| American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't |
| immediately fault a bad CMINFO field; instead a 'too far back' error |
| happens later (at least some times). pngfix failed to limit CMINFO to |
| the allowed values but then assumed that window_bits was in range, |
| triggering an assert. The bug is mostly harmless; the PNG file cannot |
| be fixed. |
| Test the 'size' images in the sequential reader. The existing test |
| case only uses the progressive reader which means that important parts of |
| the filter code never got tested. |
| Improved pngvalid coverage of filter combinations, remove the (new in 1.7) |
| code which disabled previous-row filters on the first row of an image in |
| some cases. |
| Removed all trailing spaces from source files in contrib |
| Moved code round and changed the filter write interfaces that took |
| png_uint_32 buffer pixel counts to unsigned int. Also moved compression |
| code and definitions into pngwutil.c so that the compression code is |
| isolated from other definitions. |
| Unified the compression code so that inflate calls are localized to a common |
| routine. Ground work for filter selection support. Minor API changes to |
| use void* not byte* for data parameters. Unification of some of the |
| compression code with the decompression code; IDAT_size replaces |
| IDAT_read_size and zbuffer_size, IDAT reading and writing is no longer |
| controlled by the size of the compression buffer. |
| Separated png_compress_IDAT into write/compress, removed some |
| trailing spaces and cleaned up pnglibconf. |
| Removed the side-effect on the png_struct palette of calling png_set_PLTE() |
| or png_set_tRNS(). This is a quiet API change; it was previously possible |
| to alter the palette on a PNG image by using png_set_PLTE, but this was |
| unintended and inconsistent with the other png_set APIs. This fixes |
| CVE-2015-8472. |
| Fixed a bug in palette index checking; png_struct::num_palette could, in |
| principle, get changed by the transformations (e.g. png_set_quantize) |
| and this would invalidate the check. The palette checking init function |
| now makes a copy of png_struct::num_palette. |
| Fixed a bug in pngvalid error handling. A png_error in png_write_info is |
| not continuable (a valid image cannot necessarily be written afterward) |
| because the png_error aborts the write of subsequent pre-IDAT chunks. |
| In particular an abort as a result of a bogus colorspace information |
| (gAMA, cHRM, sBIT etc) prevents the write of the PLTE chunk. |
| |
| Version 1.7.0beta71 [omitted] |
| Version 1.7.0beta72 [December 7, 2015] |
| Implemented new filter selection heuristic. |
| Attempted to make the selection options more intuitive. |
| Fixed a build break in no-write-filters cases. |
| Re-applied some recent patches to libpng-1.7.0beta70 that were |
| accidentally lost while publishing the beta70 tar distribution. |
| Fixed g++ builds, where enums (int), G++ objects (int) and (unsigned) |
| were being used together in ?: |
| Fixed stack smashing problem in write png_copy_row that was introduced |
| in libpng-1.7.0beta70. This also resulted in PNG data with random |
| row bytes. |
| |
| Version 1.7.0beta73 [December 11, 2015] |
| Fixed syntax "$(command)" in tests/pngstest that some shells other than |
| bash could not parse (Bug report by Nelson Beebe). Use `command` instead. |
| Combined some redundant checks on info_ptr==NULL in png_handle_PLTE() |
| Changed png_struct->options from png_byte to png_uint_32, to hold |
| up to 16 2-bit options. |
| |
| Version 1.7.0beta74 [December 19, 2015] |
| Fixed copyright years in source files. |
| Removed LE/BE dependencies in pngvalid, to 'fix' the current problem |
| in the BigEndian tests by not testing it, making the BE code the same |
| as the LE version. |
| Fixes to pngvalid for various reduced build configurations (eliminate unused |
| statics) and a fix for the case in rgb_to_gray when the digitize option |
| reduces graylo to 0, producing a large error. |
| Widened the 'limit' check on the internally calculated error limits in |
| the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error |
| checks) and changed the check to only operate in non-release builds |
| (base build type not RC or RELEASE.) |
| Fixed undefined behavior in pngvalid.c, undefined because |
| (png_byte) << shift is undefined if it changes the signed bit |
| (because png_byte is promoted to int). The libpng exported functions |
| png_get_uint_32 and png_get_uint_16 handle this. (Bug reported by |
| David Drysdale as a result of reports from UBSAN in clang 3.8). |
| This changes pngvalid to use BE random numbers; this used to produce |
| errors but these should not be fixed as a result of the previous changes. |
| Implemented a prototype of filter selection. This rewrites the code |
| used previously in the heuristics to make it easier to debug and |
| introduces the 'methodical' method, which is intended to be an |
| expensive but reliable way of reducing image size. The code in this |
| commit does not work; the 'methodical' test for success does not take |
| account of data buffered inside zlib and, anyway, it changes the |
| results of pngtest so that the test fails. This is just a checkpoint |
| of the current state |
| Disabled 'methodical' filter selection code. It is incomplete; it works |
| but does not do anything useful except, maybe, on really enormous images. |
| Added .travis.yml configuration file to control Travis continuous |
| integration testing (David Drysdale). |
| |
| Version 1.7.0beta75 [December 21, 2015] |
| Fixed duplicate tIME chunk from png_write_png. |
| Added an example program, pngcp.c, that illustrates the problem when |
| used to copy pngtest.png (the result is an invalid PNG because the |
| tIME chunk is duplicated.) |
| Re-enabled 'methodical' filter selection code. |
| Added an accurate 'methodical' measure. |
| Fixed incorrect references to 'pngimage' in pngcp. |
| Fixed incorrect debug macro in release builds. |
| Reversed the order of tests in png_zlib_compress_validate((). |
| Undefined behaviour sanitizer currently fires for this test |
| with an error about member access within null pointer to |
| struct; put the check that relies on pz->list being non-NULL |
| second (David Drysdale). |
| |
| Version 1.7.0beta76 [January 7, 2016] |
| Corrected the options handling. Setting the new, higher, option |
| bits triggered the byte check (which is no longer necessary). |
| Added NULL pz->list test to png_zlib_compress_validate(). This seems |
| safer; in fact, a NULL dereference never happens because the test |
| ends up just doing arithmetic on NULL but it seems possible that the |
| undefined arithmetic can still happen if there is a bug elsewhere. |
| Added code to pngcp.c to iterate through the command line options when |
| non-list options have the 'all' parameter. This is used to rapidly |
| test the effect of different zlib options. |
| Revised the handling of tIME and text chunks on read to record the |
| location of the chunks relative to PLTE and IDAT. Behavior on write |
| is unchanged except that if the position was recorded on read it will |
| be re-used. This involves an ABI change to the png_text_struct; a |
| one byte location field is added (with the same meaning as the one |
| used to record unknown chunk location.) Because this field is only |
| used on read there is no API change unless a png_info from a libpng |
| read is passed to a subsequent libpng write (this did not work very |
| well before 1.7; the tIME chunk could get duplicated.) The new field |
| is ignored by png_set_text(), resetting it to the current position |
| in the read or write stream. On write the position is set to the |
| next location to be written unless the write has not started (the |
| position is before the signature) in which case the location is set |
| to PNG_HAVE_PLTE|PNG_AFTER_IDAT. When the chunk is written the |
| position is set to the actual write location (effectively the position |
| is frozen.) |
| Relocated assert() in contrib/tools/pngfix.c, bug found by American |
| Fuzzy Lop, reported by Brian Carpenter. |
| Marked 'limit' UNUSED in transform_range_check(). This only affects |
| release builds. |
| Fixed new Coverity defect, potential NULL dereference of "ps" in pngwutil.c |
| Added temporary workaround for Coverity "Dead code" defect. |
| |
| Version 1.7.0beta77 [January 16, 2016] |
| Fixed new Coverity defect, another NULL dereference of "ps" in pngwutil.c |
| Prevent the CMINFO optimization code from running twice on any PNG IDAT |
| stream longer than 2048 bytes; the second time could overwrite bytes |
| 2048,2049, invalidating the output. |
| Fixed a (debug) checks that was slightly wrong (< when <= should have been |
| used) and this caused write to abort maybe 1 out of 2048 times. |
| Improved the contrib/examples/pngcp search mode. This is still a |
| work-in-progress, but it seems fairly stable (if not exactly 100% |
| optimal). pngcp now allows 'all' for some options which iterates |
| through all possible settings (this reliably produces the smallest |
| IDAT that libpng can produce with those settings.) It also contains |
| a "--search" command line option that attempts to optimize this by |
| skipping pointless tests; it is close, most of the time, but not perfect. |
| Fixed write problem with reduced size IDAT chunks. |
| png_set_compression_buffer_size would result in a spurious debug assert |
| if the compression buffer size was set to something other than a multiple |
| of PNG_ROW_BUFFER_SIZE; the debug test failed to add the buffer 'start' |
| The sequential read code failed to read to the end of the IDAT stream in |
| about 1 of 820 cases, resulting in a spurious warning. The |
| png_set_compression_buffer_size API also would not work (or do bad things) |
| if the size of a zlib uInt was less than 32 bits. |
| Added pngcp IDAT size test and changed the order of the 'level' |
| and 'windowBits' searches to seach windowBits first; this favors |
| windowBits optimizations over compression level ones on the basis |
| that the latter should only affect the write code. This includes a |
| quiet API change to alter png_set_compression_buffer_size to use |
| a png_alloc_size_t, not png_size_t and implement the correct checks. |
| Fixed recently introduced palette sharing bug. The internal read |
| code change to stop sharing the palette was incompletely implemented. |
| The result is that unless palette index checking is turned off and |
| there are no read transformations the png_info palette gets deleted |
| when the png_struct is deleted. This is normally harmless (png_info |
| gets deleted first) but in the case of pngcp it results in |
| use-after-free of the palette and, therefore, palette corruption and |
| maybe on some operating systems and access violation. |
| Updated the pngcp 'search' mode to check a restricted range of memLevels; |
| there is an unrelated bug which means that lower zlib memLevels result |
| in memory corruption under some circumstances, probably less often |
| than 1:1000. |
| Attempted to work around a false-positive Coverity issue in pngvalid.c. |
| |
| Version 1.7.0beta78 [January 23, 2016] |
| Changed PNG_USE_MKSTEMP to __COVERITY__ to select alternate |
| "tmpfile()" implementation in contrib/libtests/pngstest.c |
| Fixed NO_STDIO build of pngunknown.c to skip calling png_init_io() |
| if there is no stdio.h support. |
| Added a png_image_write_to_memory() API and a number of assist macros |
| to allow an application that uses the simplified API write to bypass |
| stdio and write directly to memory. |
| Added some warnings (png.h) and some check code to detect *possible* |
| overflow in the ROW_STRIDE and simplified image SIZE macros. This |
| disallows image width/height/format that *might* overflow. This is |
| a quiet API change that limits in-memory image size (uncompressed) to |
| less than 4GByte and image row size (stride) to less than 2GByte. |
| Revised Simplified API to use system appropriate types. This is |
| an API change for 1.7, albeit a quiet one; it may produce compiler |
| warnings but should not result in errors, unless warnings are treated |
| as errors. On 64-bit systems it widens the results of the various |
| PNG_IMAGE_ macros that return size values (component counts, byte sizes) |
| to 64 bits. It also changes the row_stride parameter, which is the |
| pointer difference between adjacent rows of the image buffer, to |
| the ANSI-C90 defined type ptrdiff_t. The existing (1.6.22) checks for |
| overflow are preserved but now accomodate images that require more than |
| 32 bits of address space when size_t/ptrdiff_t are 64 bit types. |
| Revised workaround for false-positive Coverity issue in pngvalid.c. |
| |
| Version 1.7.0beta79 [March 9, 2016] |
| Only use exit(77) in configure builds. |
| Corrected error in PNG_IMAGE_PNG_SIZE_MAX. This new macro underreported |
| the palette size because it failed to take into account that the memory |
| palette has to be expanded to full RGB when it is written to PNG. |
| Updated CMakeLists.txt, added supporting scripts/gen*.cmake.in |
| and test.cmake.in (Roger Leigh). |
| Revised pngstest to (by default) make random backgrounds on a per-file, |
| not per-session, basis. |
| Refined pngcp with better (more consistent) reporting of the "--search" |
| results plus changes so that when compiled against libpng 1.6 the program |
| correctly copies text chunks; previously when a search option caused |
| multiple copies of the same file the copies after the first would not |
| have the text chunks. |
| Expanded search logging in pngcp to output results during the search; |
| sufficient for basic tests on zlib parameters. |
| More sophisticated default write compression options, which helps |
| significantly for some files along with code to make it easier to control |
| the compression defaults and to make the settings honor the API calls |
| the application makes (previously low windowBits settings would get reset |
| to higher values.) |
| Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0xnnnn to 0xnnnnU in png.h |
| (Robert C. Seacord). Various other flags in png.h made unsigned as well. |
| Fixed some misleading indentation (Krishnaraj Bhat). |
| |
| Version 1.7.0beta80 [May 6, 2016] |
| Fixed typo (missing underscore) in #define PNG_READ_16_TO_8_SUPPORTED |
| Bug report by (Y.Ohashik). |
| Quieted two Coverity issues in contrib/libtests/timepng.c. |
| Write code update (John Bowler): |
| Implemented better defaulting of zlib settings based on image properties. |
| Replaced pngtest.png with one compressed with the new zlib settings. |
| Implemented pass-through of png_write_rows when the rows can be used |
| directly (a common case) optimizing the handling of previous-row |
| buffering. |
| Removed the METHODICAL filter selection method and disabled the HEURISTIC |
| one. The first was ridiculously slow (though useful for experiments), |
| and the second didn't work. Filter selection is temporarily disabled (it |
| defaults to the lowest numbered filter in the list; typically 'none'). |
| New handling of compression settings (incomplete), new PNG compression level |
| (not yet visible in an API). |
| Back ported 'PNG_FAST_FILTERS' from 1.6 (in png.h). |
| There are minimal API changes beyond removal of the selection options. |
| Work is still to be done to investigate a filter selection mechanism that |
| is at least as good as the previous one. |
| Minor write bug-fixes, remove unimplemented code. A debug() assert |
| fired if windowBits was set to 8 for the Huffman only and no-compression |
| cases. This commit changes it to do some extra checking. Removed |
| unreachable code in pz_default_settings and eliminated a spurious |
| warning in pngcp for small files. |
| |
| Version 1.7.0beta81 [June 11, 2016] |
| Check for CLOCK_PROCESS_CPUTIME_ID when building /contrib/libtests/timepng. |
| Otherwise it does not build on platforms that don't supply clock_gettime(). |
| Add check for clock_gettime() in Makefile.am and configure.ac |
| Reenabled filter selection (dummy). This implements the code for |
| row-by-row filter selection but does not provide an actual implementation; |
| the selection function just chooses the lowest set filter bit. |
| Fixed a signed/unsigned warning (GCC 4.8.5) in pngwutil.c |
| Implemented base filter selection with row buffering and a crude code-count |
| algorithm. |
| Added filter selection, palette index checks. Palette index checking: |
| checking on read was erroneously skipped. pngcp can now turn off the |
| palette index checking or fix the errors (mainly to allow comparison with |
| libpng 1.6, which defaulted to ignoring it). The API now documents how |
| the 'enabled' parameter works. On read the check is on by default (it |
| was apparently off in libpng 1.6) however now if explicitly turned on the |
| warning message is stopped; this provides better interaction with |
| get_palette_max at the cost of a small API change (may need to be reviewed.) |
| Palette size errors: invalid entries in the palette are now set to #beaded to |
| make the errors more obvious and allow easy detection in memory. |
| Read transform pipeline caching: changes to fix the palette index check |
| (which are erroneously cached), the pipeline can now contain multiple |
| caches, e.g., caching of packing of palette indices can be combined with |
| caching of palette RGB transforms. |
| Read code now checks for callbacks to read 0 data (and faults them). |
| Fixed the reading of PNGs with multiple 0 length IDATs that failed as a |
| result plus the handling of zero length unknown (which occurs, validly; |
| the spurious warning has been removed). |
| Filter selection: the 1.6 and earlier sum of absolute differences algorithm |
| has been reintroduced with an option to disfavor some filters over others |
| where the sums are close (not yet exposed). The selection code also logs |
| the last known occurence of each possible byte code across multiple lines. |
| This allows detection of PNG images with lower bit depth than the format |
| implies and, therefore, allows the filtering to be turned off in those |
| cases as well. |
| The default write zlib settings are still lower than libpng16. The |
| selection algorithm is being refined (the overall results are worse than |
| not doing any filtering). |
| Port contrib/libtests/pngvalid.c from libpng16. |
| PNG compression level setting API: this allows the various compression |
| settings controlling deflate, fitlering, and so on to be set via a single |
| setting with six values. This is currently documented in png.h ("Write |
| compression settings"). |
| Internally the compression settings have been tuned both for the overall |
| setting and for any specific settings made by the original APIs. |
| APIs to control iCCP chunk compression separately have been added. |
| contrib/examples/pngcp.c has been modified to accomodate the new compression |
| setting and to include options for separate control of iCCP chunk |
| compression. |
| The new "png_setting" ABI has been modified to accomodate a wider range of |
| settings and most of the old compression control ABIs have been replaced by |
| function-like macros with the same API which call png_setting. This is an |
| API check in 1.7.0 for png_setting (alone). png_setting now handles all |
| of png_set_option. This eliminates 19 ABIs at the cost of adding 1 |
| (png_setting). |
| CRC and benign error checking has been updated internally to use bit-fields |
| and the CRC calculation skip when the CRC is not used has been improved |
| slightly to avoid the initialization of the CRC. A new png_setting based |
| API allows more detailed control of benign error/warning messages (this |
| may change, the internal error handling seems too complex.) The |
| ERROR_NUMBERS support has been removed with the intent of implementing |
| proper i18n. |
| The memcpy-size-0 issue in png_push_fill_buffer has been fixed, with an |
| appropriate debug() assert if a fill for 0 bytes occurs. |
| Most PNG_FLAG_ values for png_struct::flags have been eliminated (as a |
| result of the benign error handling changes). Only one remains. |
| The LOW_MEMORY PNG_COMPRESSION option should not be setting HUFFMAN_ONLY or |
| using a low deflate 'level'; according to the comments in zconf.h only |
| windowBits and memLevel affect the memory. pngwutil.c has been changed |
| to use the same values as HIGH compression. |
| The COMPAT option turned on the old optimize_cmf code (now in fix_cinfo), |
| however there was a serious bug in that code; it put the wrong value in |
| z_cmf. The setting was also not handled correctly in |
| pz_compression_settings. |
| pngtest now verifies the operation of COMPAT and, as a result, pngtest.png |
| has been reverted to the libpng 1.6 (etc) version. |
| IDAT size handling has been improved; if not explicitly set values |
| appropriate to png_level are now chosen (in addition to the handling for |
| the COMPAT setting). HIGH and HIGH_READ_SPEED now create unlimited |
| (up to the PNG chunk-size limit of 2^31-1 bytes) size IDAT chunks, |
| which requires buffering the whole of the IDAT data in memory but |
| reflects what other programs and optimizers do. |
| Changed handling of PNG_IMAGE_FLAG_FAST in the simplified API to use |
| PNG_COMPRESSION_HIGH_SPEED, and PNG_COMPRESSION_HIGH otherwise. |
| Removed png_struct::flags which is no longer used. |
| Fixed implementations of png_app_error() and png_app_warning() which |
| previously were swapped. |
| Avoid potential overflow of the PNG_IMAGE_SIZE macro. This macro |
| is not used within libpng, but is used in some of the examples. |
| |
| Version 1.7.0beta82 [July 4, 2016] |
| Put the SKIP definition in the correct place. It needs to come after the |
| png.h include (see all the other .c files in contrib/libtests) because it |
| depends on PNG_LIBPNG_VER. |
| Moved pngcp to contrib/tools and added pngcp to the build together |
| with a pngcp.dfa configuration test (John Bowler) |
| Added a "Common linking failures" section to the INSTALL document. |
| Relocated misplaced #endif in png.c sRGB profile checking. |
| Fixed two Coverity issues in pngcp.c. |
| |
| Version 1.7.0beta83 [July 23, 2016] |
| Fixed some indentation to comply with our coding style. |
| Removed/rearranged certain png_struct fields that are only used |
| in reading. |
| Fixed debug test of output gamma. |
| |
| Version 1.7.0beta84 [September 26, 2016] |
| Minor editing of INSTALL, (whitespace, added copyright line) |
| Don't install pngcp; it conflicts with pngcp in the pngtools package. |
| Fixed handling zero length IDAT in pngfix (bug report by Agostino Sarubbo, |
| bugfix by John Bowler). |
| Conditionally compile png_set_benign_errors() in pngread.c and pngtest.c |
| Changed PNG_ZLIB_VERNUM to ZLIB_VERNUM in pngrutil.c. |
| If CRC handling of critical chunks has been set to PNG_CRC_QUIET_USE, |
| ignore the ADLER32 checksum in the IDAT chunk as well as the chunk CRCs. |
| Issue png_benign_error() on ADLER32 checksum mismatch instead of png_error(). |
| Add tests/badcrc.png and tests/badadler.png to tests/pngtest. |
| |
| Version 1.7.0beta85 [December 27, 2016] |
| Updated the documentation about CRC and ADLER32 handling. |
| Quieted warnings from clang-3.8 in pngunknown.c and pngvalid.c. |
| Removed the use of a macro containing the pre-processor 'defined' |
| operator. It is unclear whether this is valid; a macro that |
| "generates" 'defined' is not permitted, but the use of the word |
| "generates" within the C90 standard seems to imply more than simple |
| substitution of an expression itself containing a well-formed defined |
| operation. |
| |
| Version 1.7.0beta86 [December 29, 2016] |
| Ported CMakeLists.txt from libpng-1.6.27rc01. |
| Fixed a potential null pointer dereference in png_set_text_2() (bug report |
| and patch by Patrick Keshishian, CVE-2016-10087). |
| |
| Version 1.7.0beta87 [March 22, 2017] |
| Fixed arm/aarch64 detection in CMakeLists.txt (Gianfranco Costamagna). |
| The contrib/examples/pngtopng.c recovery code was in the wrong "if" |
| branches; the comments were correct. |
| Added missing "$(CPPFLAGS)" to the compile line for c.pic.o in |
| makefile.linux and makefile.solaris-x86 (Cosmin). |
| |
| Send comments/corrections/commendations to png-mng-implement at lists.sf.net |
| (subscription required; visit |
| https://lists.sourceforge.net/lists/listinfo/png-mng-implement |
| to subscribe) |
| or to glennrp at users.sourceforge.net |
| |
| Glenn R-P |