| |
| Libpng 1.5.24beta01 - August 19, 2015 |
| |
| This is not intended to be a public release. It will be replaced |
| within a few weeks by a public version or by another test version. |
| |
| Files available for download: |
| |
| Source files with LF line endings (for Unix/Linux) and with a |
| "configure" script |
| |
| 1.5.24beta01.tar.xz (LZMA-compressed, recommended) |
| 1.5.24beta01.tar.gz |
| 1.5.24beta01.tar.bz2 |
| |
| Source files with CRLF line endings (for Windows), without the |
| "configure" script |
| |
| lp1524b01.7z (LZMA-compressed, recommended) |
| lp1524b01.zip |
| |
| Other information: |
| |
| 1.5.24beta01-README.txt |
| 1.5.24beta01-LICENSE.txt |
| libpng-1.5.24beta01-*.asc (armored detached GPG signatures) |
| |
| Changes since the last public release (1.5.23): |
| |
| Version 1.5.24beta01 [August 19, 2015] |
| Avoid potentially dereferencing NULL info_ptr in png_info_init_3(). |
| Eliminated unused PNG_COST_SHIFT, PNG_WEIGHT_SHIFT, PNG_COST_FACTOR, and |
| PNG_WEIGHT_FACTOR macros. |
| Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c |
| Fixed uninitialized variable in contrib/gregbook/rpng2-x.c |
| Fixed some bad links in the man page. |
| Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert |
| Seacord). |
| Fixed the recently reported 1's complement security issue by replacing |
| the value that is illegal in the PNG spec, in both signed and unsigned |
| values, with 0. Illegal unsigned values (anything greater than or equal |
| to 0x80000000) can still pass through, but since these are not illegal |
| in ANSI-C (unlike 0x80000000 in the signed case) the checking that |
| occurs later can catch them (John Bowler). |
| |
| Send comments/corrections/commendations to png-mng-implement at lists.sf.net |
| (subscription required; visit |
| https://lists.sourceforge.net/lists/listinfo/png-mng-implement |
| to subscribe) |
| or to glennrp at users.sourceforge.net |
| |
| Glenn R-P |
