libpng/ANNOUNCE
Glenn Randers-Pehrson 4690b89eaa [libpng16] Added PNG_SAFE_LIMITS feature to pnglibconf.dfa, pngpriv.h, and new pngusr.dfa
to reset the user limits to safe ones if PNG_SAFE_LIMITS is defined.
To enable, use CPPFLAGS=-DPNG_SAFE_LIMITS on the configure command
or put #define PNG_SAFE_LIMITS_SUPPORTED in pnglibconf.h.prebuilt.
(Reverted previous implementation of PNG_SECURE.)
2012-02-24 11:43:31 -06:00

239 lines
13 KiB
Plaintext

Libpng 1.6.0beta13 - February 24, 2012
This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version.
Files available for download:
Source files with LF line endings (for Unix/Linux) and with a
"configure" script
1.6.0beta13.tar.xz (LZMA-compressed, recommended)
1.6.0beta13.tar.gz
1.6.0beta13.tar.bz2
Source files with CRLF line endings (for Windows), without the
"configure" script
lp160b13.7z (LZMA-compressed, recommended)
lp160b13.zip
Other information:
1.6.0beta13-README.txt
1.6.0beta13-LICENSE.txt
Changes since the last public release (1.5.7):
Version 1.6.0beta01 [December 15, 2011]
Removed machine-generated configure files from the GIT repository (they will
continue to appear in the tarball distributions).
Restored the new 'simplified' API, which was started in libpng-1.5.7beta02
but later deleted from libpng-1.5.7beta05.
Added example programs for the new 'simplified' API.
Added ANSI-C (C90) headers and require them, and take advantage of the
change. Also fixed some of the projects/* and contrib/* files that needed
updates for libpng16 and the move of pngvalid.c.
With this change the required ANSI-C header files are assumed to exist: the
implementation must provide float.h, limits.h, stdarg.h and stddef.h and
libpng relies on limits.h and stddef.h existing and behaving as defined
(the other two required headers aren't used). Non-ANSI systems that don't
have stddef.h or limits.h will have to provide an appropriate fake
containing the relevant types and #defines.
The use of FAR/far has been eliminated and the definition of png_alloc_size_t
is now controlled by a flag so that 'small size_t' systems can select it
if necessary. Libpng 1.6 may not currently work on such systems -- it
seems likely that it will ask 'malloc' for more than 65535 bytes with any
image that has a sufficiently large row size (rather than simply failing
to read such images).
New tools directory containing tools used to generate libpng code.
Fixed race conditions in parallel make builds. With higher degrees of
parallelism during 'make' the use of the same temporary file names such
as 'dfn*' can result in a race where a temporary file from one arm of the
build is deleted or overwritten in another arm. This changes the
temporary files for suffix rules to always use $* and ensures that the
non-suffix rules use unique file names.
Version 1.6.0beta02 [December 21, 2011]
Correct configure builds where build and source directories are separate.
The include path of 'config.h' was erroneously made relative in pngvalid.c
in libpng 1.5.7.
Version 1.6.0beta03 [December 22, 2011]
Start-up code size improvements, error handler flexibility. These changes
alter how the tricky allocation of the initial png_struct and png_info
structures are handled. png_info is now handled in pretty much the same
way as everything else, except that the allocations handle NULL return
silently. png_struct is changed in a similar way on allocation and on
deallocation a 'safety' error handler is put in place (which should never
be required). The error handler itself is changed to permit mismatches
in the application and libpng error buffer size; however, this means a
silent change to the API to return the jmp_buf if the size doesn't match
the size from the libpng compilation; libpng now allocates the memory and
this may fail. Overall these changes result in slight code size
reductions; however, this is a reduction in code that is always executed
so is particularly valuable. Overall on a 64-bit system the libpng DLL
decreases in code size by 1733 bytes. pngerror.o increases in size by
about 465 bytes because of the new functionality.
Version 1.6.0beta04 [December 30, 2011]
Regenerated configure scripts with automake-1.11.2
Eliminated png_info_destroy(). It is now used only in png.c and only calls
one other internal function and memset().
Enabled png_get_sCAL_fixed() if floating point APIs are enabled. Previously
it was disabled whenever internal fixed point arithmetic was selected,
which meant it didn't exist even on systems where FP was available but not
preferred.
Added pngvalid.c compile time checks for const APIs.
Implemented 'restrict' for png_info and png_struct. Because of the way
libpng works both png_info and png_struct are always accessed via a
single pointer. This means adding C99 'restrict' to the pointer gives
the compiler some opportunity to optimize the code. This change allows
that.
Moved AC_MSG_CHECKING([if libraries can be versioned]) later to the proper
location in configure.ac (Gilles Espinasse).
Changed png_memcpy to C assignment where appropriate. Changed all those
uses of png_memcpy that were doing a simple assignment to assignments
(all those cases where the thing being copied is a non-array C L-value).
Added some error checking to png_set_*() routines.
Removed the reference to the non-exported function png_memcpy() from
example.c.
Fixed the Visual C 64-bit build - it requires jmp_buf to be aligned, but
it had become misaligned.
Revised contrib/pngminus/pnm2png.c to avoid warnings when png_uint_32
and unsigned long are of different sizes.
Version 1.6.0beta05 [January 15, 2012]
Updated manual with description of the simplified API (copied from png.h)
Fix bug in pngerror.c: some long warnings were being improperly truncated
(CVE-2011-3464, bug introduced in libpng-1.5.3beta05).
Version 1.6.0beta06 [January 24, 2012]
Added palette support to the simplified APIs. This commit
changes some of the macro definitions in png.h, app code
may need corresponding changes.
Increased the formatted warning buffer to 192 bytes.
Added color-map support to simplified API. This is an initial version for
review; the documentation has not yet been updated.
Fixed Min/GW uninstall to remove libpng.dll.a
Version 1.6.0beta07 [January 28, 2012]
Eliminated Intel icc/icl compiler warnings. The Intel (GCC derived)
compiler issues slightly different warnings from those issued by the
current vesions of GCC. This eliminates those warnings by
adding/removing casts and small code rewrites.
Updated configure.ac from autoupdate: added --enable-werror option.
Also some layout regularization and removal of introduced tab characters
(replaced with 3-character indentation). Obsolete macros identified by
autoupdate have been removed; the replacements are all in 2.59 so
the pre-req hasn't been changed. --enable-werror checks for support
for -Werror (or the given argument) in the compiler. This mimics the
gcc configure option by allowing -Werror to be turned on safely; without
the option the tests written in configure itself fail compilation because
they cause compiler warnings.
Rewrote autogen.sh to run autoreconf instead of running tools one-by-one.
Conditionalize the install rules for MINGW and CYGWIN in CMakeLists.txt and
set CMAKE_LIBRARY_OUTPUT_DIRECTORY to "lib" on all platforms (C. Yapp).
Freeze libtool files in the 'scripts' directory. This version of autogen.sh
attempts to dissuade people from running it when it is not, or should not,
be necessary. In fact, autogen.sh does not work when run in a libpng
directory extracted from atar distribution anymore. You must run it in
a GIT clone instead.
Added two images to contrib/pngsuite (1-bit and 2-bit transparent grayscale),
and renamed three whose names were inconsistent with those in
pngsuite/README.txt.
Version 1.6.0beta08 [February 1, 2012]
Fixed Image::colormap misalignment in pngstest.c
Check libtool/libtoolize version number (2.4.2) in configure.ac
Divide test-pngstest.sh into separate pngstest runs for basic and
transparent images.
Moved automake options to AM_INIT_AUTOMAKE in configure.ac
Added color-tests, silent-rules (Not yet implemented in Makefile.am) and
version checking to configure.ac
Improved pngstest speed by not doing redundant tests and add const to
the background parameter of png_image_finish_read. The --background
option is now done automagically only when required, so that commandline
option no longer exists.
Cleaned up pngpriv.h to consistently declare all functions and data.
Also eliminated PNG_CONST_DATA, which is apparently not needed but we
can't be sure until it is gone.
Added symbol prefixing that allows all the libpng external symbols
to be prefixed (suggested by Reuben Hawkins).
Updated "ftbb*.png" list in the owatcom and vstudio projects.
Fixed 'prefix' builds on clean systems. The generation of pngprefix.h
should not require itself.
Updated INSTALL to explain that autogen.sh must be run in a GIT clone,
not in a libpng directory extracted from a tar distribution.
Version 1.6.0beta09 [February 1, 2012]
Reverted the prebuilt configure files to libpng-1.6.0beta05 condition.
Version 1.6.0beta10 [February 3, 2012]
Added Z_SOLO for zlib-1.2.6+ and correct pngstest tests
Updated list of test images in CMakeLists.txt
Updated the prebuilt configure files to current condition.
Revised INSTALL information about autogen.sh; it works in tar distributions.
Version 1.6.0beta11 [February 16, 2012]
Fix character count in pngstest command in projects/owatcom/pngstest.tgt
Revised test-pngstest.sh to report PASS/FAIL for each image.
Updated documentation about the simplified API.
Corrected estimate of error in libpng png_set_rgb_to_gray API. The API is
extremely inaccurate for sRGB conversions because it uses an 8-bit
intermediate linear value and it does not use the sRGB transform, so it
suffers from the known instability in gamma transforms for values close
to 0 (see Poynton). The net result is that the calculation has a maximum
error of 14.99/255; 0.5/255^(1/2.2). pngstest now uses 15 for the
permitted 8-bit error. This may still not be enough because of arithmetic
error.
Removed some unused arrays (with #ifdef) from png_read_push_finish_row().
Fixed a memory overwrite bug in simplified read of RGB PNG with
non-linear gamma Also bugs in the error checking in pngread.c and changed
quite a lot of the checks in pngstest.c to be correct; either correctly
written or not over-optimistic. The pngstest changes are insufficient to
allow all possible RGB transforms to be passed; pngstest cmppixel needs
to be rewritten to make it clearer which errors it allows and then changed
to permit known inaccuracies.
Removed tests for no-longer-used *_EMPTY_PLTE_SUPPORTED from pngstruct.h
Fixed fixed/float API export conditionals. 1) If FIXED_POINT or
FLOATING_POINT options were switched off, png.h ended up with lone ';'
characters. This is not valid ANSI-C outside a function. The ';'
characters have been moved inside the definition of PNG_FP_EXPORT and
PNG_FIXED_EXPORT. 2) If either option was switched off, the declaration
of the corresponding functions were completely omitted, even though some
of them are still used internally. The result is still valid, but
produces warnings from gcc with some warning options (including -Wall). The
fix is to cause png.h to declare the functions with PNG_INTERNAL_FUNCTION
when png.h is included from pngpriv.h.
Check for invalid palette index while reading paletted PNG. When one is
found, issue a warning and increase png_ptr->num_palette accordingly.
Apps are responsible for checking to see if that happened.
Version 1.6.0beta12 [February 18, 2012]
Do not increase num_palette on invalid_index.
Relocated check for invalid palette index to pngrtran.c, after unpacking
the sub-8-bit pixels.
Fixed CVE-2011-3026 buffer overrun bug. Deal more correctly with the test
on iCCP chunk length. Also removed spurious casts that may hide problems
on 16-bit systems.
Version 1.6.0beta13 [February 24, 2012]
Eliminated redundant png_push_read_tEXt|zTXt|iTXt|unknown code from
pngpread.c and use the sequential png_handle_tEXt, etc., in pngrutil.c;
now that png_ptr->buffer is inaccessible to applications, the special
handling is no longer useful.
Added PNG_SAFE_LIMITS feature to pnglibconf.dfa, pngpriv.h, and new pngusr.dfa
to reset the user limits to safe ones if PNG_SAFE_LIMITS is defined.
To enable, use CPPFLAGS=-DPNG_SAFE_LIMITS on the configure command
or put #define PNG_SAFE_LIMITS_SUPPORTED in pnglibconf.h.prebuilt.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
to subscribe)
or to glennrp at users.sourceforge.net
Glenn R-P