0ae4f7b705
problems. This is an intermediate check-in that solves the immediate problems and introduces one performance improvement (avoiding a copy via png_ptr->zbuf.) Further changes will be made to make ICC profile handling more secure.
283 lines
15 KiB
Plaintext
283 lines
15 KiB
Plaintext
|
|
Libpng 1.6.0beta16 - March 4, 2012
|
|
|
|
This is not intended to be a public release. It will be replaced
|
|
within a few weeks by a public version or by another test version.
|
|
|
|
Files available for download:
|
|
|
|
Source files with LF line endings (for Unix/Linux) and with a
|
|
"configure" script
|
|
|
|
1.6.0beta16.tar.xz (LZMA-compressed, recommended)
|
|
1.6.0beta16.tar.gz
|
|
1.6.0beta16.tar.bz2
|
|
|
|
Source files with CRLF line endings (for Windows), without the
|
|
"configure" script
|
|
|
|
lp160b16.7z (LZMA-compressed, recommended)
|
|
lp160b16.zip
|
|
|
|
Other information:
|
|
|
|
1.6.0beta16-README.txt
|
|
1.6.0beta16-LICENSE.txt
|
|
|
|
Changes since the last public release (1.5.7):
|
|
|
|
Version 1.6.0beta01 [December 15, 2011]
|
|
Removed machine-generated configure files from the GIT repository (they will
|
|
continue to appear in the tarball distributions).
|
|
Restored the new 'simplified' API, which was started in libpng-1.5.7beta02
|
|
but later deleted from libpng-1.5.7beta05.
|
|
Added example programs for the new 'simplified' API.
|
|
Added ANSI-C (C90) headers and require them, and take advantage of the
|
|
change. Also fixed some of the projects/* and contrib/* files that needed
|
|
updates for libpng16 and the move of pngvalid.c.
|
|
With this change the required ANSI-C header files are assumed to exist: the
|
|
implementation must provide float.h, limits.h, stdarg.h and stddef.h and
|
|
libpng relies on limits.h and stddef.h existing and behaving as defined
|
|
(the other two required headers aren't used). Non-ANSI systems that don't
|
|
have stddef.h or limits.h will have to provide an appropriate fake
|
|
containing the relevant types and #defines.
|
|
The use of FAR/far has been eliminated and the definition of png_alloc_size_t
|
|
is now controlled by a flag so that 'small size_t' systems can select it
|
|
if necessary. Libpng 1.6 may not currently work on such systems -- it
|
|
seems likely that it will ask 'malloc' for more than 65535 bytes with any
|
|
image that has a sufficiently large row size (rather than simply failing
|
|
to read such images).
|
|
New tools directory containing tools used to generate libpng code.
|
|
Fixed race conditions in parallel make builds. With higher degrees of
|
|
parallelism during 'make' the use of the same temporary file names such
|
|
as 'dfn*' can result in a race where a temporary file from one arm of the
|
|
build is deleted or overwritten in another arm. This changes the
|
|
temporary files for suffix rules to always use $* and ensures that the
|
|
non-suffix rules use unique file names.
|
|
|
|
Version 1.6.0beta02 [December 21, 2011]
|
|
Correct configure builds where build and source directories are separate.
|
|
The include path of 'config.h' was erroneously made relative in pngvalid.c
|
|
in libpng 1.5.7.
|
|
|
|
Version 1.6.0beta03 [December 22, 2011]
|
|
Start-up code size improvements, error handler flexibility. These changes
|
|
alter how the tricky allocation of the initial png_struct and png_info
|
|
structures are handled. png_info is now handled in pretty much the same
|
|
way as everything else, except that the allocations handle NULL return
|
|
silently. png_struct is changed in a similar way on allocation and on
|
|
deallocation a 'safety' error handler is put in place (which should never
|
|
be required). The error handler itself is changed to permit mismatches
|
|
in the application and libpng error buffer size; however, this means a
|
|
silent change to the API to return the jmp_buf if the size doesn't match
|
|
the size from the libpng compilation; libpng now allocates the memory and
|
|
this may fail. Overall these changes result in slight code size
|
|
reductions; however, this is a reduction in code that is always executed
|
|
so is particularly valuable. Overall on a 64-bit system the libpng DLL
|
|
decreases in code size by 1733 bytes. pngerror.o increases in size by
|
|
about 465 bytes because of the new functionality.
|
|
|
|
Version 1.6.0beta04 [December 30, 2011]
|
|
Regenerated configure scripts with automake-1.11.2
|
|
Eliminated png_info_destroy(). It is now used only in png.c and only calls
|
|
one other internal function and memset().
|
|
Enabled png_get_sCAL_fixed() if floating point APIs are enabled. Previously
|
|
it was disabled whenever internal fixed point arithmetic was selected,
|
|
which meant it didn't exist even on systems where FP was available but not
|
|
preferred.
|
|
Added pngvalid.c compile time checks for const APIs.
|
|
Implemented 'restrict' for png_info and png_struct. Because of the way
|
|
libpng works both png_info and png_struct are always accessed via a
|
|
single pointer. This means adding C99 'restrict' to the pointer gives
|
|
the compiler some opportunity to optimize the code. This change allows
|
|
that.
|
|
Moved AC_MSG_CHECKING([if libraries can be versioned]) later to the proper
|
|
location in configure.ac (Gilles Espinasse).
|
|
Changed png_memcpy to C assignment where appropriate. Changed all those
|
|
uses of png_memcpy that were doing a simple assignment to assignments
|
|
(all those cases where the thing being copied is a non-array C L-value).
|
|
Added some error checking to png_set_*() routines.
|
|
Removed the reference to the non-exported function png_memcpy() from
|
|
example.c.
|
|
Fixed the Visual C 64-bit build - it requires jmp_buf to be aligned, but
|
|
it had become misaligned.
|
|
Revised contrib/pngminus/pnm2png.c to avoid warnings when png_uint_32
|
|
and unsigned long are of different sizes.
|
|
|
|
Version 1.6.0beta05 [January 15, 2012]
|
|
Updated manual with description of the simplified API (copied from png.h)
|
|
Fix bug in pngerror.c: some long warnings were being improperly truncated
|
|
(CVE-2011-3464, bug introduced in libpng-1.5.3beta05).
|
|
|
|
Version 1.6.0beta06 [January 24, 2012]
|
|
Added palette support to the simplified APIs. This commit
|
|
changes some of the macro definitions in png.h, app code
|
|
may need corresponding changes.
|
|
Increased the formatted warning buffer to 192 bytes.
|
|
Added color-map support to simplified API. This is an initial version for
|
|
review; the documentation has not yet been updated.
|
|
Fixed Min/GW uninstall to remove libpng.dll.a
|
|
|
|
Version 1.6.0beta07 [January 28, 2012]
|
|
Eliminated Intel icc/icl compiler warnings. The Intel (GCC derived)
|
|
compiler issues slightly different warnings from those issued by the
|
|
current vesions of GCC. This eliminates those warnings by
|
|
adding/removing casts and small code rewrites.
|
|
Updated configure.ac from autoupdate: added --enable-werror option.
|
|
Also some layout regularization and removal of introduced tab characters
|
|
(replaced with 3-character indentation). Obsolete macros identified by
|
|
autoupdate have been removed; the replacements are all in 2.59 so
|
|
the pre-req hasn't been changed. --enable-werror checks for support
|
|
for -Werror (or the given argument) in the compiler. This mimics the
|
|
gcc configure option by allowing -Werror to be turned on safely; without
|
|
the option the tests written in configure itself fail compilation because
|
|
they cause compiler warnings.
|
|
Rewrote autogen.sh to run autoreconf instead of running tools one-by-one.
|
|
Conditionalize the install rules for MINGW and CYGWIN in CMakeLists.txt and
|
|
set CMAKE_LIBRARY_OUTPUT_DIRECTORY to "lib" on all platforms (C. Yapp).
|
|
Freeze libtool files in the 'scripts' directory. This version of autogen.sh
|
|
attempts to dissuade people from running it when it is not, or should not,
|
|
be necessary. In fact, autogen.sh does not work when run in a libpng
|
|
directory extracted from atar distribution anymore. You must run it in
|
|
a GIT clone instead.
|
|
Added two images to contrib/pngsuite (1-bit and 2-bit transparent grayscale),
|
|
and renamed three whose names were inconsistent with those in
|
|
pngsuite/README.txt.
|
|
|
|
Version 1.6.0beta08 [February 1, 2012]
|
|
Fixed Image::colormap misalignment in pngstest.c
|
|
Check libtool/libtoolize version number (2.4.2) in configure.ac
|
|
Divide test-pngstest.sh into separate pngstest runs for basic and
|
|
transparent images.
|
|
Moved automake options to AM_INIT_AUTOMAKE in configure.ac
|
|
Added color-tests, silent-rules (Not yet implemented in Makefile.am) and
|
|
version checking to configure.ac
|
|
Improved pngstest speed by not doing redundant tests and add const to
|
|
the background parameter of png_image_finish_read. The --background
|
|
option is now done automagically only when required, so that commandline
|
|
option no longer exists.
|
|
Cleaned up pngpriv.h to consistently declare all functions and data.
|
|
Also eliminated PNG_CONST_DATA, which is apparently not needed but we
|
|
can't be sure until it is gone.
|
|
Added symbol prefixing that allows all the libpng external symbols
|
|
to be prefixed (suggested by Reuben Hawkins).
|
|
Updated "ftbb*.png" list in the owatcom and vstudio projects.
|
|
Fixed 'prefix' builds on clean systems. The generation of pngprefix.h
|
|
should not require itself.
|
|
Updated INSTALL to explain that autogen.sh must be run in a GIT clone,
|
|
not in a libpng directory extracted from a tar distribution.
|
|
|
|
Version 1.6.0beta09 [February 1, 2012]
|
|
Reverted the prebuilt configure files to libpng-1.6.0beta05 condition.
|
|
|
|
Version 1.6.0beta10 [February 3, 2012]
|
|
Added Z_SOLO for zlib-1.2.6+ and correct pngstest tests
|
|
Updated list of test images in CMakeLists.txt
|
|
Updated the prebuilt configure files to current condition.
|
|
Revised INSTALL information about autogen.sh; it works in tar distributions.
|
|
|
|
Version 1.6.0beta11 [February 16, 2012]
|
|
Fix character count in pngstest command in projects/owatcom/pngstest.tgt
|
|
Revised test-pngstest.sh to report PASS/FAIL for each image.
|
|
Updated documentation about the simplified API.
|
|
Corrected estimate of error in libpng png_set_rgb_to_gray API. The API is
|
|
extremely inaccurate for sRGB conversions because it uses an 8-bit
|
|
intermediate linear value and it does not use the sRGB transform, so it
|
|
suffers from the known instability in gamma transforms for values close
|
|
to 0 (see Poynton). The net result is that the calculation has a maximum
|
|
error of 14.99/255; 0.5/255^(1/2.2). pngstest now uses 15 for the
|
|
permitted 8-bit error. This may still not be enough because of arithmetic
|
|
error.
|
|
Removed some unused arrays (with #ifdef) from png_read_push_finish_row().
|
|
Fixed a memory overwrite bug in simplified read of RGB PNG with
|
|
non-linear gamma Also bugs in the error checking in pngread.c and changed
|
|
quite a lot of the checks in pngstest.c to be correct; either correctly
|
|
written or not over-optimistic. The pngstest changes are insufficient to
|
|
allow all possible RGB transforms to be passed; pngstest cmppixel needs
|
|
to be rewritten to make it clearer which errors it allows and then changed
|
|
to permit known inaccuracies.
|
|
Removed tests for no-longer-used *_EMPTY_PLTE_SUPPORTED from pngstruct.h
|
|
Fixed fixed/float API export conditionals. 1) If FIXED_POINT or
|
|
FLOATING_POINT options were switched off, png.h ended up with lone ';'
|
|
characters. This is not valid ANSI-C outside a function. The ';'
|
|
characters have been moved inside the definition of PNG_FP_EXPORT and
|
|
PNG_FIXED_EXPORT. 2) If either option was switched off, the declaration
|
|
of the corresponding functions were completely omitted, even though some
|
|
of them are still used internally. The result is still valid, but
|
|
produces warnings from gcc with some warning options (including -Wall). The
|
|
fix is to cause png.h to declare the functions with PNG_INTERNAL_FUNCTION
|
|
when png.h is included from pngpriv.h.
|
|
Check for invalid palette index while reading paletted PNG. When one is
|
|
found, issue a warning and increase png_ptr->num_palette accordingly.
|
|
Apps are responsible for checking to see if that happened.
|
|
|
|
Version 1.6.0beta12 [February 18, 2012]
|
|
Do not increase num_palette on invalid_index.
|
|
Relocated check for invalid palette index to pngrtran.c, after unpacking
|
|
the sub-8-bit pixels.
|
|
Fixed CVE-2011-3026 buffer overrun bug. Deal more correctly with the test
|
|
on iCCP chunk length. Also removed spurious casts that may hide problems
|
|
on 16-bit systems.
|
|
|
|
Version 1.6.0beta13 [February 24, 2012]
|
|
Eliminated redundant png_push_read_tEXt|zTXt|iTXt|unknown code from
|
|
pngpread.c and use the sequential png_handle_tEXt, etc., in pngrutil.c;
|
|
now that png_ptr->buffer is inaccessible to applications, the special
|
|
handling is no longer useful.
|
|
Added PNG_SAFE_LIMITS feature to pnglibconf.dfa, pngpriv.h, and new
|
|
pngusr.dfa to reset the user limits to safe ones if PNG_SAFE_LIMITS is
|
|
defined. To enable, use "CPPFLAGS=-DPNG_SAFE_LIMITS_SUPPORTED=1" on the
|
|
configure command or put #define PNG_SAFE_LIMITS_SUPPORTED in
|
|
pnglibconf.h.prebuilt and pnglibconf.h.
|
|
|
|
Version 1.6.0beta14 [February 27, 2012]
|
|
Added information about the new limits in the manual.
|
|
Updated Makefile.in
|
|
|
|
Version 1.6.0beta15 [March 2, 2012]
|
|
Removed unused "current_text" members of png_struct and the png_free()
|
|
of png_ptr->current_text from pngread.c
|
|
Rewrote pngstest.c for substantial speed improvement.
|
|
Fixed transparent pixel and 16-bit rgb tests in pngstest and removed a
|
|
spurious check in pngwrite.c
|
|
Added PNG_IMAGE_FLAG_FAST for the benefit of applications that store
|
|
intermediate files, or intermediate in-memory data, while processing
|
|
image data with the simplified API. The option makes the files larger
|
|
but faster to write and read. pngstest now uses this by default; this
|
|
can be disabled with the --slow option.
|
|
Improved pngstest fine tuning of error numbers, new test file generator.
|
|
The generator generates images that test the full range of sample values,
|
|
allow the error numbers in pngstest to be tuned and checked. makepng
|
|
also allows generation of images with extra chunks, although this is
|
|
still work-in-progress.
|
|
Added tests for invalid palette index while reading and writing (work in
|
|
progress, the latter isn't finished).
|
|
Fixed some bugs in ICC profile writing. The code should now accept
|
|
all potentially valid ICC profiles and reject obviously invalid ones.
|
|
It now uses png_error() to do so rather than casually writing a PNG
|
|
without the necessary color data.
|
|
Removed whitespace from the end of lines in all source files and scripts.
|
|
|
|
Version 1.6.0beta16 [March 4, 2012]
|
|
Relocated palette-index checking function from pngrutil.c to pngtrans.c
|
|
Added palette-index checking while writing.
|
|
Changed png_inflate() and calling routines to avoid overflow problems.
|
|
This is an intermediate check-in that solves the immediate problems and
|
|
introduces one performance improvement (avoiding a copy via png_ptr->zbuf.)
|
|
Further changes will be made to make ICC profile handling more secure.
|
|
Fixed build warnings (MSVC, GCC, GCC v3). Cygwin GCC with default options
|
|
declares 'index' as a global, causing a warning if it is used as a local
|
|
variable. GCC 64-bit warns about assigning a (size_t) (unsigned 64-bit)
|
|
to an (int) (signed 32-bit). MSVC, however, warns about using the
|
|
unary '-' operator on an unsigned value (even though it is well defined
|
|
by ANSI-C to be ~x+1). The padding calculation was changed to use a
|
|
different method. Removed the tests on png_ptr->pass.
|
|
|
|
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
|
(subscription required; visit
|
|
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
|
|
to subscribe)
|
|
or to glennrp at users.sourceforge.net
|
|
|
|
Glenn R-P
|