Release libpng version 1.6.37
diff --git a/ANNOUNCE b/ANNOUNCE
index 9152691..ecf9c70 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -1,13 +1,5 @@
-libpng 1.6.37.git
-=================
-
-This is a development version, not intended to be a public release.
-It will be replaced by a public release, or by another development
-version, at a later time.
-
-
-libpng 1.6.36 - December 1, 2018
-================================
+libpng 1.6.37 - April 14, 2019
+==============================
 
 This is a public release of libpng, intended for use in production code.
 
@@ -17,13 +9,13 @@
 
 Source files with LF line endings (for Unix/Linux):
 
- * libpng-1.6.36.tar.xz (LZMA-compressed, recommended)
- * libpng-1.6.36.tar.gz
+ * libpng-1.6.37.tar.xz (LZMA-compressed, recommended)
+ * libpng-1.6.37.tar.gz
 
 Source files with CRLF line endings (for Windows):
 
- * lp1636.7z (LZMA-compressed, recommended)
- * lp1636.zip
+ * lp1637.7z (LZMA-compressed, recommended)
+ * lp1637.zip
 
 Other information:
 
@@ -33,50 +25,20 @@
  * TRADEMARK.md
 
 
-IMPORTANT licensing update: libpng license v2
----------------------------------------------
-
-The new libpng license comprises the terms and conditions from the zlib
-license, and the disclaimer from the Boost license.
-
-The legacy libpng license, used until libpng-1.6.35, is appended to the
-new license, following the precedent established in the Python Software
-Foundation License version 2.
-
-From now on, the list of contributing authors shall be maintained in a
-separate AUTHORS file.  The lists of previous contributing authors,
-mentioned in the legacy libpng license and considered to be an integral
-part of that license, are kept intact, with no further updates.
-
-
-Changes since the previous public release (version 1.6.35)
+Changes since the previous public release (version 1.6.36)
 ----------------------------------------------------------
 
- * Optimized png_do_expand_palette for ARM processors.
-   Improved performance by around 10-22% on a recent ARM Chromebook.
-   (Contributed by Richard Townsend, ARM Holdings)
- * Fixed manipulation of machine-specific optimization options.
-   (Contributed by Vicki Pfau)
- * Used memcpy instead of manual pointer arithmetic on Intel SSE2.
-   (Contributed by Samuel Williams)
- * Fixed build errors with MSVC on ARM64.
-   (Contributed by Zhijie Liang)
- * Fixed detection of libm in CMakeLists.
-   (Contributed by Cameron Cawley)
- * Fixed incorrect creation of pkg-config file in CMakeLists.
-   (Contributed by Kyle Bentley)
- * Fixed the CMake build on Windows MSYS by avoiding symlinks.
- * Fixed a build warning on OpenBSD.
-   (Contributed by Theo Buehler)
- * Fixed various typos in comments.
-   (Contributed by "luz.paz")
- * Raised the minimum required CMake version from 3.0.2 to 3.1.
- * Removed yet more of the vestigial support for pre-ANSI C compilers.
- * Removed ancient makefiles for ancient systems that have been broken
-   across all previous libpng-1.6.x versions.
- * Removed the Y2K compliance statement and the export control
-   information.
- * Applied various code style and documentation fixes.
+ * Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.
+ * Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette.
+ * Fixed a memory leak in pngtest.c.
+ * Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in
+   contrib/pngminus; refactor.
+ * Changed the license of contrib/pngminus to MIT; refresh makefile and docs.
+   (Contributed by Willem van Schaik)
+ * Fixed a typo in the libpng license v2.
+   (Contributed by Miguel Ojeda)
+ * Added makefiles for AddressSanitizer-enabled builds.
+ * Cleaned up various makefiles.
 
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net.
diff --git a/CHANGES b/CHANGES
index fbb437c..f0b0a93 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6066,33 +6066,44 @@
 Version 1.6.36 [December 1, 2018]
   Optimized png_do_expand_palette for ARM processors.
   Improved performance by around 10-22% on a recent ARM Chromebook.
-  (Contributed by Richard Townsend, ARM Holdings)
+    (Contributed by Richard Townsend, ARM Holdings)
   Fixed manipulation of machine-specific optimization options.
-  (Contributed by Vicki Pfau)
+    (Contributed by Vicki Pfau)
   Used memcpy instead of manual pointer arithmetic on Intel SSE2.
-  (Contributed by Samuel Williams)
+    (Contributed by Samuel Williams)
   Fixed build errors with MSVC on ARM64.
-  (Contributed by Zhijie Liang)
+    (Contributed by Zhijie Liang)
   Fixed detection of libm in CMakeLists.
-  (Contributed by Cameron Cawley)
+    (Contributed by Cameron Cawley)
   Fixed incorrect creation of pkg-config file in CMakeLists.
-  (Contributed by Kyle Bentley)
+    (Contributed by Kyle Bentley)
   Fixed the CMake build on Windows MSYS by avoiding symlinks.
   Fixed a build warning on OpenBSD.
-  (Contributed by Theo Buehler)
+    (Contributed by Theo Buehler)
   Fixed various typos in comments.
-  (Contributed by "luz.paz")
+    (Contributed by "luz.paz")
   Raised the minimum required CMake version from 3.0.2 to 3.1.
   Removed yet more of the vestigial support for pre-ANSI C compilers.
   Removed ancient makefiles for ancient systems that have been broken
-  across all previous libpng-1.6.x versions.
+    across all previous libpng-1.6.x versions.
   Removed the Y2K compliance statement and the export control
-  information.
+    information.
   Applied various code style and documentation fixes.
 
-Version 1.6.37 [TODO]
+Version 1.6.37 [April 14, 2019]
+  Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.
+  Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette.
+  Fixed a memory leak in pngtest.c.
+  Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in
+    contrib/pngminus; refactor.
+  Changed the license of contrib/pngminus to MIT; refresh makefile and docs.
+    (Contributed by Willem van Schaik)
+  Fixed a typo in the libpng license v2.
+    (Contributed by Miguel Ojeda)
+  Added makefiles for AddressSanitizer-enabled builds.
+  Cleaned up various makefiles.
 
-Send comments/corrections/commendations to png-mng-implement at lists.sf.net
-(subscription required; visit
+Send comments/corrections/commendations to png-mng-implement at lists.sf.net.
+Subscription is required; visit
 https://lists.sourceforge.net/lists/listinfo/png-mng-implement
-to subscribe).
+to subscribe.
diff --git a/CMakeLists.txt b/CMakeLists.txt
index ab59eb9..6451fcf 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -838,7 +838,7 @@
 # SET UP LINKS
 if(PNG_SHARED)
   set_target_properties(png PROPERTIES
-#   VERSION 16.${PNGLIB_RELEASE}.1.6.37.git
+#   VERSION 16.${PNGLIB_RELEASE}.1.6.37
     VERSION 16.${PNGLIB_RELEASE}.0
     SOVERSION 16
     CLEAN_DIRECT_OUTPUT 1)
diff --git a/README b/README
index 2bb741c..cfc1f0e 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
-README for libpng version 1.6.37.git
-====================================
+README for libpng version 1.6.37 - April 14, 2019
+=================================================
 
 See the note about version numbers near the top of png.h.
 See INSTALL for instructions on how to install libpng.
diff --git a/configure b/configure
index 06e0b71..1b2c463 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libpng 1.6.37.git.
+# Generated by GNU Autoconf 2.69 for libpng 1.6.37.
 #
 # Report bugs to <png-mng-implement@lists.sourceforge.net>.
 #
@@ -590,8 +590,8 @@
 # Identity of this package.
 PACKAGE_NAME='libpng'
 PACKAGE_TARNAME='libpng'
-PACKAGE_VERSION='1.6.37.git'
-PACKAGE_STRING='libpng 1.6.37.git'
+PACKAGE_VERSION='1.6.37'
+PACKAGE_STRING='libpng 1.6.37'
 PACKAGE_BUGREPORT='png-mng-implement@lists.sourceforge.net'
 PACKAGE_URL=''
 
@@ -1372,7 +1372,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures libpng 1.6.37.git to adapt to many kinds of systems.
+\`configure' configures libpng 1.6.37 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1442,7 +1442,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of libpng 1.6.37.git:";;
+     short | recursive ) echo "Configuration of libpng 1.6.37:";;
    esac
   cat <<\_ACEOF
 
@@ -1622,7 +1622,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-libpng configure 1.6.37.git
+libpng configure 1.6.37
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1954,7 +1954,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by libpng $as_me 1.6.37.git, which was
+It was created by libpng $as_me 1.6.37, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2825,7 +2825,7 @@
 
 # Define the identity of the package.
  PACKAGE='libpng'
- VERSION='1.6.37.git'
+ VERSION='1.6.37'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -2946,7 +2946,7 @@
 
 
 
-PNGLIB_VERSION=1.6.37.git
+PNGLIB_VERSION=1.6.37
 PNGLIB_MAJOR=1
 PNGLIB_MINOR=6
 PNGLIB_RELEASE=37
@@ -14354,7 +14354,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by libpng $as_me 1.6.37.git, which was
+This file was extended by libpng $as_me 1.6.37, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -14420,7 +14420,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-libpng config.status 1.6.37.git
+libpng config.status 1.6.37
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index 86bc0b3..52dba94 100644
--- a/configure.ac
+++ b/configure.ac
@@ -25,7 +25,7 @@
 
 dnl Version number stuff here:
 
-AC_INIT([libpng],[1.6.37.git],[png-mng-implement@lists.sourceforge.net])
+AC_INIT([libpng],[1.6.37],[png-mng-implement@lists.sourceforge.net])
 AC_CONFIG_MACRO_DIR([scripts])
 
 # libpng does not follow GNU file name conventions (hence 'foreign')
@@ -46,7 +46,7 @@
 dnl AM_PREREQ([1.11.2])
 dnl stop configure from automagically running automake
 
-PNGLIB_VERSION=1.6.37.git
+PNGLIB_VERSION=1.6.37
 PNGLIB_MAJOR=1
 PNGLIB_MINOR=6
 PNGLIB_RELEASE=37
diff --git a/libpng-manual.txt b/libpng-manual.txt
index 19cfed2..5dad92f 100644
--- a/libpng-manual.txt
+++ b/libpng-manual.txt
@@ -1,6 +1,6 @@
 libpng-manual.txt - A description on how to use and modify libpng
 
- Copyright (c) 2018 Cosmin Truta
+ Copyright (c) 2018-2019 Cosmin Truta
  Copyright (c) 1998-2018 Glenn Randers-Pehrson
 
  This document is released under the libpng license.
@@ -9,11 +9,11 @@
 
  Based on:
 
- libpng version 1.6.36 - December 1, 2018
+ libpng version 1.6.36, December 2018, through 1.6.37 - April 2019
  Updated and distributed by Cosmin Truta
- Copyright (c) 2018 Cosmin Truta
+ Copyright (c) 2018-2019 Cosmin Truta
 
- libpng versions 0.97, January 1998, through 1.6.35 - July 15, 2018
+ libpng versions 0.97, January 1998, through 1.6.35 - July 2018
  Updated and distributed by Glenn Randers-Pehrson
  Copyright (c) 1998-2018 Glenn Randers-Pehrson
 
diff --git a/libpng.3 b/libpng.3
index 9757deb..f374235 100644
--- a/libpng.3
+++ b/libpng.3
@@ -1,6 +1,6 @@
-.TH LIBPNG 3 "December 1, 2018"
+.TH LIBPNG 3 "April 14, 2019"
 .SH NAME
-libpng \- Portable Network Graphics (PNG) Reference Library 1.6.36
+libpng \- Portable Network Graphics (PNG) Reference Library 1.6.37
 
 .SH SYNOPSIS
 \fB#include <png.h>\fP
@@ -519,7 +519,7 @@
 .SH LIBPNG.TXT
 libpng-manual.txt - A description on how to use and modify libpng
 
- Copyright (c) 2018 Cosmin Truta
+ Copyright (c) 2018-2019 Cosmin Truta
  Copyright (c) 1998-2018 Glenn Randers-Pehrson
 
  This document is released under the libpng license.
@@ -528,11 +528,11 @@
 
  Based on:
 
- libpng version 1.6.36 - December 1, 2018
+ libpng version 1.6.36, December 2018, through 1.6.37 - April 2019
  Updated and distributed by Cosmin Truta
- Copyright (c) 2018 Cosmin Truta
+ Copyright (c) 2018-2019 Cosmin Truta
 
- libpng versions 0.97, January 1998, through 1.6.35 - July 15, 2018
+ libpng versions 0.97, January 1998, through 1.6.35 - July 2018
  Updated and distributed by Glenn Randers-Pehrson
  Copyright (c) 1998-2018 Glenn Randers-Pehrson
 
@@ -6045,8 +6045,6 @@
 
 Supported by the PNG development group
 .br
-png-mng-implement at lists.sf.net
-(subscription required; visit
 png-mng-implement at lists.sourceforge.net (subscription required; visit
 https://lists.sourceforge.net/lists/listinfo/png-mng-implement
 to subscribe).
diff --git a/libpngpf.3 b/libpngpf.3
index b736d82..6909c70 100644
--- a/libpngpf.3
+++ b/libpngpf.3
@@ -1,6 +1,6 @@
-.TH LIBPNGPF 3 "December 1, 2018"
+.TH LIBPNGPF 3 "April 14, 2019"
 .SH NAME
-libpng \- Portable Network Graphics (PNG) Reference Library 1.6.36
+libpng \- Portable Network Graphics (PNG) Reference Library 1.6.37
 (private functions)
 
 .SH SYNOPSIS
diff --git a/png.5 b/png.5
index 2077d1f..c2da95c 100644
--- a/png.5
+++ b/png.5
@@ -1,4 +1,4 @@
-.TH PNG 5 "December 1, 2018"
+.TH PNG 5 "April 14, 2019"
 .SH NAME
 png \- Portable Network Graphics (PNG) format
 
@@ -60,7 +60,7 @@
 .LP
 This man page is
 .br
-Copyright (c) 2018 Cosmin Truta.
+Copyright (c) 2018-2019 Cosmin Truta.
 .br
 Copyright (c) 1998-2006 Glenn Randers-Pehrson.
 .br
diff --git a/png.c b/png.c
index efd1aec..757c755 100644
--- a/png.c
+++ b/png.c
@@ -14,7 +14,7 @@
 #include "pngpriv.h"
 
 /* Generate a compiler error if there is an old png.h in the search path. */
-typedef png_libpng_version_1_6_37_git Your_png_h_is_not_version_1_6_37_git;
+typedef png_libpng_version_1_6_37 Your_png_h_is_not_version_1_6_37;
 
 #ifdef __GNUC__
 /* The version tests may need to be added to, but the problem warning has
@@ -815,7 +815,7 @@
    return PNG_STRING_COPYRIGHT
 #else
    return PNG_STRING_NEWLINE \
-      "libpng version 1.6.37.git" PNG_STRING_NEWLINE \
+      "libpng version 1.6.37" PNG_STRING_NEWLINE \
       "Copyright (c) 2018-2019 Cosmin Truta" PNG_STRING_NEWLINE \
       "Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson" \
       PNG_STRING_NEWLINE \
diff --git a/png.h b/png.h
index 8361274..139eb0d 100644
--- a/png.h
+++ b/png.h
@@ -1,7 +1,7 @@
 
 /* png.h - header file for PNG reference library
  *
- * libpng version 1.6.37.git
+ * libpng version 1.6.37 - April 14, 2019
  *
  * Copyright (c) 2018-2019 Cosmin Truta
  * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson
@@ -14,8 +14,9 @@
  *   libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat
  *   libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger
  *   libpng versions 0.97, January 1998, through 1.6.35, July 2018:
- *     Glenn Randers-Pehrson.
- *   libpng version 1.6.36, December 1, 2018: Cosmin Truta
+ *     Glenn Randers-Pehrson
+ *   libpng versions 1.6.36, December 2018, through 1.6.37, April 2019:
+ *     Cosmin Truta
  *   See also "Contributing Authors", below.
  */
 
@@ -238,7 +239,7 @@
  *    ...
  *    1.5.30                  15    10530  15.so.15.30[.0]
  *    ...
- *    1.6.36                  16    10636  16.so.16.36[.0]
+ *    1.6.37                  16    10637  16.so.16.37[.0]
  *
  *    Henceforth the source version will match the shared-library major and
  *    minor numbers; the shared-library major version number will be used for
@@ -277,8 +278,8 @@
  */
 
 /* Version information for png.h - this should match the version in png.c */
-#define PNG_LIBPNG_VER_STRING "1.6.37.git"
-#define PNG_HEADER_VERSION_STRING " libpng version 1.6.37.git\n"
+#define PNG_LIBPNG_VER_STRING "1.6.37"
+#define PNG_HEADER_VERSION_STRING " libpng version 1.6.37 - April 14, 2019\n"
 
 #define PNG_LIBPNG_VER_SONUM   16
 #define PNG_LIBPNG_VER_DLLNUM  16
@@ -291,7 +292,7 @@
 /* This should be zero for a public release, or non-zero for a
  * development version.  [Deprecated]
  */
-#define PNG_LIBPNG_VER_BUILD  1
+#define PNG_LIBPNG_VER_BUILD  0
 
 /* Release Status */
 #define PNG_LIBPNG_BUILD_ALPHA    1
@@ -308,7 +309,7 @@
 #define PNG_LIBPNG_BUILD_SPECIAL 32 /* Cannot be OR'ed with
                                        PNG_LIBPNG_BUILD_PRIVATE */
 
-#define PNG_LIBPNG_BUILD_BASE_TYPE PNG_LIBPNG_BUILD_BETA
+#define PNG_LIBPNG_BUILD_BASE_TYPE PNG_LIBPNG_BUILD_STABLE
 
 /* Careful here.  At one time, Guy wanted to use 082, but that
  * would be octal.  We must not include leading zeros.
@@ -427,7 +428,7 @@
 /* This triggers a compiler error in png.c, if png.c and png.h
  * do not agree upon the version number.
  */
-typedef char* png_libpng_version_1_6_37_git;
+typedef char* png_libpng_version_1_6_37;
 
 /* Basic control structions.  Read libpng-manual.txt or libpng.3 for more info.
  *
diff --git a/pngconf.h b/pngconf.h
index 35a4ebb..927a769 100644
--- a/pngconf.h
+++ b/pngconf.h
@@ -1,9 +1,9 @@
 
-/* pngconf.h - machine configurable file for libpng
+/* pngconf.h - machine-configurable file for libpng
  *
- * libpng version 1.6.37.git
+ * libpng version 1.6.37
  *
- * Copyright (c) 2018 Cosmin Truta
+ * Copyright (c) 2018-2019 Cosmin Truta
  * Copyright (c) 1998-2002,2004,2006-2016,2018 Glenn Randers-Pehrson
  * Copyright (c) 1996-1997 Andreas Dilger
  * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
diff --git a/pngtest.c b/pngtest.c
index f305d08..a715ae1 100644
--- a/pngtest.c
+++ b/pngtest.c
@@ -2155,4 +2155,4 @@
 #endif
 
 /* Generate a compiler error if there is an old png.h in the search path. */
-typedef png_libpng_version_1_6_37_git Your_png_h_is_not_version_1_6_37_git;
+typedef png_libpng_version_1_6_37 Your_png_h_is_not_version_1_6_37;
diff --git a/scripts/libpng-config-head.in b/scripts/libpng-config-head.in
index acb8144..2a5afb4 100644
--- a/scripts/libpng-config-head.in
+++ b/scripts/libpng-config-head.in
@@ -11,7 +11,7 @@
 
 # Modeled after libxml-config.
 
-version=1.6.37.git
+version=1.6.37
 prefix=""
 libdir=""
 libs=""
diff --git a/scripts/libpng.pc.in b/scripts/libpng.pc.in
index 81ccdb8..416fefe 100644
--- a/scripts/libpng.pc.in
+++ b/scripts/libpng.pc.in
@@ -5,6 +5,6 @@
 
 Name: libpng
 Description: Loads and saves PNG files
-Version: 1.6.37.git
+Version: 1.6.37
 Libs: -L${libdir} -lpng16
 Cflags: -I${includedir}
diff --git a/scripts/makefile.netbsd b/scripts/makefile.netbsd
index 728abaf..9a6b046 100644
--- a/scripts/makefile.netbsd
+++ b/scripts/makefile.netbsd
@@ -14,7 +14,7 @@
 INCSDIR=${LOCALBASE}/include
 
 SHLIB_MAJOR=	16
-SHLIB_MINOR=	1.6.37.git
+SHLIB_MINOR=	1.6.37
 
 LIB=	png
 SRCS=	png.c pngerror.c pngget.c pngmem.c pngpread.c \
diff --git a/scripts/makefile.openbsd b/scripts/makefile.openbsd
index f492aee..ad5ffb3 100644
--- a/scripts/makefile.openbsd
+++ b/scripts/makefile.openbsd
@@ -11,7 +11,7 @@
 MANDIR= ${PREFIX}/man/cat
 
 SHLIB_MAJOR=	16
-SHLIB_MINOR=	1.6.37.git
+SHLIB_MINOR=	1.6.37
 
 LIB=	png
 SRCS=	png.c pngerror.c pngget.c pngmem.c pngpread.c \
diff --git a/scripts/pnglibconf.h.prebuilt b/scripts/pnglibconf.h.prebuilt
index 9f83b7e..e1e27e9 100644
--- a/scripts/pnglibconf.h.prebuilt
+++ b/scripts/pnglibconf.h.prebuilt
@@ -1,6 +1,6 @@
 /* pnglibconf.h - library build configuration */
 
-/* libpng version 1.6.37.git */
+/* libpng version 1.6.37 */
 
 /* Copyright (c) 2018-2019 Cosmin Truta */
 /* Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson */