SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libpng10-devel-1.0.66-1.fc22.x86_64.rpm :
Fri Dec 18 13:00:00 2015 Paul Howarth - 1.0.66-1
- Update to 1.0.66
- Fixed an out-of-range read in png_check_keyword() (CVE-2015-8540)
- Corrected copyright dates in source files
- Moved png_check_keyword() from pngwutil.c to pngset.c

Fri Dec 4 13:00:00 2015 Paul Howarth - 1.0.65-1
- Update to 1.0.65
- Avoid potential pointer overflow in png_handle_iTXt(), png_handle_zTXt(),
png_handle_sPLT(), and png_handle_pCAL()
- Fixed incorrect implementation of png_set_PLTE() that uses png_ptr, not
info_ptr, which left png_set_PLTE() open to the CVE-2015-8126 vulnerability
(CVE-2015-8472)
- Discontinued distributing tar.bz2 archives
- Discontinued distributing libpng-oldversion-newversion-diff.txt
- Switch back to gzipped tarball as upstream is no longer providing the bzipped
version

Thu Nov 12 13:00:00 2015 Paul Howarth - 1.0.64-1
- Update to 1.0.64
- Fix typecast in a png_debug2() statement in png_set_text_2() to avoid a
compiler warning in PNG_DEBUG builds
- Fixed printf formats in pngtest.c to avoid compiler warnings and a Coverity
warning in PNG_DEBUG builds
- Avoid Coverity issue 80858 (REVERSE NULL) in pngtest.c PNG_DEBUG builds
- Removed WRITE_WEIGHTED_FILTERED code
- Avoid potentially dereferencing NULL info_ptr in png_info_init_3()
- Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
- Use nanosleep() instead of usleep() in contrib/gregbook/rpng2-x.c because
usleep() is deprecated (port from libpng16)
- Fixed some bad links in the man page
- Added a safety check in png_set_tIME() (CVE-2015-7981)
- Prevent writing over-length PLTE chunk (CVE-2015-8126)
- Silently truncate over-length PLTE chunk while reading (CVE-2015-8126)
- Clarified COPYRIGHT information to state explicitly that versions are
derived from previous versions
- Removed much of the long list of previous versions from png.h and libpng.3

Wed Jun 17 14:00:00 2015 Fedora Release Engineering - 1.0.63-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

Fri Feb 27 13:00:00 2015 Paul Howarth - 1.0.63-1
- Update to 1.0.63
- Issue a png_error() instead of a png_warning() when width is potentially
too large for the architecture, in case the calling application has
overridden the default 1,000,000-column limit (fixes CVE-2014-9495 and
CVE-2015-0973)
- Quieted some harmless warnings from Coverity-scan
- Display user limits in the output from pngtest (not packaged)
- Changed PNG_USER_CHUNK_MALLOC_MAX from unlimited to 8,000,000; it only
affects the maximum memory that can be allocated to an ancillary chunk,
and does not limit the size of IDAT data, which is instead limited by
PNG_USER_WIDTH_MAX
- Rebuilt configure scripts with automake-1.15 and libtool-2.4.6
- Update soname patch

Fri Nov 21 13:00:00 2014 Paul Howarth 1.0.62-1
- update to 1.0.62
- avoid out-of-bounds memory access while checking version string in
pngread.c and pngwrite.c
- build fix for Windows
- use %license where possible

Sun Aug 17 14:00:00 2014 Fedora Release Engineering 1.0.61-3
- rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

Sat Jun 7 14:00:00 2014 Fedora Release Engineering 1.0.61-2
- rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

Fri Feb 7 13:00:00 2014 Paul Howarth 1.0.61-1
- update to 1.0.61
- ignore, with a warning, out-of-range value of num_trans in png_set_tRNS()
- replaced AM_CONFIG_HEADER(config.h) with AC_CONFIG_HEADERS([config.h]) in
configure.ac
- changed default value of PNG_USER_CACHE_MAX from 0 to 32767 in pngconf.h
- avoid a possible memory leak in contrib/gregbook/readpng.c
- revised libpng.3 so that \"doclifter\" can process it
- changed \'\"%s\"m\' to \'\"%s\" m\' in png_debug macros to improve portability
among compilers
- rebuilt the configure scripts with autoconf-2.69 and automake-1.14.1
- removed potentially misleading warning from png_check_IHDR()
- quiet set-but-not-used warnings in pngset.c
- quiet an uninitialized memory warning from VC2013 in png_get_png()
- quiet unused variable warnings from clang by porting PNG_UNUSED() from
libpng-1.4.6
- added -DZ_SOLO to CFLAGS in contrib/pngminim/
*/makefile
- added an #ifdef PNG_FIXED_POINT_SUPPORTED/#endif in pngset.c
- drop upstreamed aarch64 patch
- drop patch for CVE-2013-6954, which only actually affected libpng versions
1.6.1 to 1.6.7

Thu Jan 23 13:00:00 2014 Paul Howarth 1.0.60-6
- handle zero-length PLTE chunk or NULL palette with png_error(), to avoid
later reading from a NULL pointer (png_ptr->palette) in
png_do_expand_palette() (CVE-2013-6954)

Sat Jul 27 14:00:00 2013 Paul Howarth 1.0.60-5
- install docs to %{_pkgdocdir} where available

Sun Mar 24 13:00:00 2013 Paul Howarth 1.0.60-4
- tweak config.guess and config.sub to add aarch64 support (#925862)
- update source URL, moved upstream

Thu Feb 14 13:00:00 2013 Fedora Release Engineering 1.0.60-3
- rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

Thu Jul 19 14:00:00 2012 Fedora Release Engineering 1.0.60-2
- rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

Wed Jul 11 14:00:00 2012 Paul Howarth 1.0.60-1
- update to 1.0.60
- changed \"a+w\" to \"u+w\" in Makefile.in to fix CVE-2012-3386

Thu Mar 29 14:00:00 2012 Paul Howarth 1.0.59-1
- update to 1.0.59
- revised png_set_text_2() to avoid potential memory corruption
(CVE-2011-3048)
- prevent PNG_EXPAND+PNG_SHIFT doing the shift twice

Fri Mar 9 13:00:00 2012 Paul Howarth 1.0.58-1
- update to 1.0.58
- fix bug with png_handle_hIST with odd chunk length
- fix incorrect type (int copy should be png_size_t copy) in png_inflate()
(CVE-2011-3045)
- fix off-by-one bug in png_handle_sCAL() when using fixed point arithmetic,
causing out-of-bounds read in png_set_sCAL() because of failure to copy
the string terminators
- remove the png_free() of unused png_ptr->current_text from pngread.c
- remove all of the assembler code from pnggccrd.c and just \"return 2;\"

Sun Feb 19 13:00:00 2012 Paul Howarth 1.0.57-1
- update to 1.0.57 (fixed CVE-2011-3026 buffer overrun bug)

Thu Jan 5 13:00:00 2012 Paul Howarth 1.0.56-2
- rebuilt for gcc 4.7

Sat Jul 9 14:00:00 2011 Paul Howarth 1.0.56-1
- update to 1.0.56
- fix regression in Makefile.am/Makefile.in
- fix \"make distcheck\"
- drop upstreamed fix for libpng.sym build failure

Thu Jul 7 14:00:00 2011 Paul Howarth 1.0.55-1
- update to 1.0.55
- fixed uninitialized memory read in png_format_buffer()
(CVE-2011-2501, related to CVE-2004-0421)
- pass \"\" instead of \'\\0\' to png_default_error() in png_err() (CVE-2011-2691)
- check for up->location !PNG_AFTER_IDAT when writing unknown chunks before
IDAT
- ported bugfix in pngrtran.c from 1.5.3: when expanding a paletted image,
always expand to RGBA if transparency is present
- check for integer overflow in png_set_rgb_to_gray() (CVE-2011-2690)
- check for sCAL chunk too short (CVE-2011-2692)
- drop upstreamed patch for CVE-2011-2501
- add patch to fix build failure due to regression in libpng.sym creation

Wed Jun 29 14:00:00 2011 Paul Howarth 1.0.54-3
- fix 1-byte uninitialized memory reference in png_format_buffer()
(CVE-2011-2501, related to CVE-2004-0421)
- nobody else likes macros for commands

Tue Feb 8 13:00:00 2011 Fedora Release Engineering 1.0.54-2
- rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

Fri Jul 2 14:00:00 2010 Paul Howarth 1.0.54-1
- update to 1.0.54
- fixes CVE-2010-1205 (out-of-bounds write to memory)
- fixes CVE-2010-2249 (memory leak with images having malformed sCAL chunks)

Thu Feb 25 13:00:00 2010 Paul Howarth 1.0.53-1
- update to 1.0.53
- fixes CVE-2010-0205 (libpng stalls on highly compressed ancillary chunks)
- drop patch for #555485, included upstream

Fri Jan 15 13:00:00 2010 Paul Howarth 1.0.52-2
- add upstream fix reinstating PNG_READ_16_TO_8_SUPPORTED and
PNG_READ_GRAY_TO_RGB_SUPPORTED (not defined in 1.0.51 and 1.0.52),
causing API/ABI regressions (#555485)

Mon Jan 4 13:00:00 2010 Paul Howarth 1.0.52-1
- update to 1.0.52 (minor changes, see ANNOUNCE for details)

Thu Dec 3 13:00:00 2009 Paul Howarth 1.0.51-1
- update to 1.0.51 (see ANNOUNCE for details)
- update soname patch to apply to 1.0.51

Fri Sep 11 14:00:00 2009 Paul Howarth 1.0.50-1
- update to 1.0.50 (garbage removal patch upstreamed)

Thu Sep 10 14:00:00 2009 Paul Howarth 1.0.49-1
- update to 1.0.49 (minor bugfixes)
- patch out garbage in source files left over from edit gone wrong

Thu Aug 13 14:00:00 2009 Paul Howarth 1.0.48-1
- update to 1.0.48
- avoid a possible NULL dereference in debug build, in png_set_text_2()
- reject attempt to write iCCP chunk with negative embedded profile length
- rebase soname patch to remove fuzz

Fri Jul 24 14:00:00 2009 Fedora Release Engineering 1.0.47-2
- rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

Fri Jul 17 14:00:00 2009 Paul Howarth 1.0.47-1
- update to 1.0.47 (changes to unknown chunk handling and documentation)

Thu Jun 18 14:00:00 2009 Paul Howarth 1.0.46-1
- garbage removal patch upstreamed

Thu Jun 18 14:00:00 2009 Paul Howarth 1.0.45-2
- patch out garbage in devel config files left over from edit gone wrong

Thu Jun 4 14:00:00 2009 Paul Howarth 1.0.45-1
- update to 1.0.45 (mainly cosmetic code changes)

Fri May 8 14:00:00 2009 Paul Howarth 1.0.44-1
- update to 1.0.44 (fix possible UMR/memory leak issues, revise fflush() usage)

Wed Feb 25 13:00:00 2009 Fedora Release Engineering 1.0.43-2
- rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

Thu Feb 19 13:00:00 2009 Paul Howarth 1.0.43-1
- update to 1.0.43 (#486355, CVE-2009-0040 - clear pointer arrays created using
png_malloc())

Fri Dec 19 13:00:00 2008 Paul Howarth 1.0.42-1
- update to 1.0.42 (#480321, CVE-2008-5907 - various minor bugfixes and code
cleanups, not really a security issue)

Fri Oct 31 13:00:00 2008 Paul Howarth 1.0.41-1
- update to 1.0.41 (#468990, CVE-2008-6218 - memory leak after reading a
malformed tEXt chunk)

Fri Sep 19 14:00:00 2008 Paul Howarth 1.0.40-1
- update to 1.0.40 (#461599, CVE-2008-3964 - multiple off-by-one errors
allowing context-dependent attackers to cause a denial of service (crash) or
have unspecified other impact via a PNG image with crafted zTXt chunks)

Thu Aug 21 14:00:00 2008 Paul Howarth 1.0.39-1
- update to 1.0.39

Sun Aug 17 14:00:00 2008 Paul Howarth 1.0.38-1
- update to 1.0.38
- update soname patch to apply without fuzz

Fri May 9 14:00:00 2008 Paul Howarth 1.0.37-1
- update to 1.0.37
- autotools patch no longer needed
- explicitly specify the library filename in %files as a consistency check

Wed Apr 30 14:00:00 2008 Paul Howarth 1.0.34-1
- update to 1.0.34
- update autotools patch

Wed Apr 30 14:00:00 2008 Paul Howarth 1.0.33-1
- update to 1.0.33 (CVE-2008-1382, #441839)
- add patch to fix broken autotools build scripts

Thu Apr 3 14:00:00 2008 Paul Howarth 1.0.32-1
- update to 1.0.32

Tue Feb 19 13:00:00 2008 Paul Howarth 1.0.31-1
- update to 1.0.31

Wed Feb 13 13:00:00 2008 Paul Howarth 1.0.30-2
- rebuild with gcc 4.3.0 for Fedora 9

Tue Oct 16 14:00:00 2007 Paul Howarth 1.0.30-1
- update to 1.0.30

Fri Oct 5 14:00:00 2007 Paul Howarth 1.0.29-1
- update to 1.0.29 (fixes DoS issue, #327791, CVE-2007-5269)

Tue Sep 11 14:00:00 2007 Paul Howarth 1.0.28-1
- update to 1.0.28

Mon Aug 20 14:00:00 2007 Paul Howarth 1.0.27-1
- update to 1.0.27
- add new file ANNOUNCE, which lists changes since last release
- use shortname \"zlib\" for the license tag (package is zlib/libpng licensed)
- drop pkgconf patch, which should no longer be needed

Sun May 20 14:00:00 2007 Paul Howarth 1.0.26-1
- update to 1.0.26 to address DoS issue (#240398, CVE-2007-2445)
- update soname patch
- libpng.txt now has a versioned filename

Sun Mar 25 14:00:00 2007 Paul Howarth 1.0.21-2
- Own directory %{_docdir}/%{name}-%{version} (#233869)
- Describe license as \"zlib/libpng\" rather than just \"zlib\"

Sat Nov 18 13:00:00 2006 Paul Howarth 1.0.21-1
- update to 1.0.21 to address DoS issue (#216263, CVE-2006-5793)
- update soname patch

Sun Oct 1 14:00:00 2006 Paul Howarth 1.0.20-4
- rebuild with latest toolchain

Tue Aug 1 14:00:00 2006 Paul Howarth 1.0.20-3
- reenable %{_smp_mflags}
- use patched configure script rather than old Makefiles

Thu Jul 20 14:00:00 2006 Paul Howarth 1.0.20-2
- don\'t use %{_smp_mflags}

Thu Jul 6 14:00:00 2006 Paul Howarth 1.0.20-1
- update to 1.0.20
- use Fedora Extras standard buildroot
- update URL
- include release in fully versioned dependency between devel and main pkgs
- wrap description text at 80 columns
- don\'t build static libraries
- devel package requires pkgconfig
- unpack tarball quietly
- update rhconf patch
- move doc files libpng.txt and example.c to devel package
- add doc Y2KINFO
- changed license tag from \"OSI Certified\" to \"zlib License\"
(see http://www.opensource.org/licenses/zlib-license.php)
- minor cosmetic spec file changes

Fri Feb 10 13:00:00 2006 Jesse Keating - 1.0.18-3.2.1
- bump again for double-long bug on ppc(64)

Tue Feb 7 13:00:00 2006 Jesse Keating - 1.0.18-3.2
- rebuilt for new gcc4.1 snapshot and glibc changes

Fri Dec 9 13:00:00 2005 Jesse Keating
- rebuilt

Sun Jul 31 14:00:00 2005 Florian La Roche
- build with newest rpm, rm -f libpng.so

Wed Mar 2 13:00:00 2005 Matthias Clasen - 1.0.18-2
- Rebuild with gcc4

Mon Dec 6 13:00:00 2004 Matthias Clasen - 1.0.18-1
- Update to 1.0.18

Tue Aug 17 14:00:00 2004 Matthias Clasen - 1.0.16-1
- Update to 1.0.16
- Combine rhconf patches
- Include LICENSE

Wed Aug 4 14:00:00 2004 Matthias Clasen 1.0.15-9
- Build for FC3

Fri Jul 23 14:00:00 2004 Matthias Clasen 1.0.15-8
- Build for FC2

Fri Jul 23 14:00:00 2004 Matthias Clasen 1.0.15-7
- Replace the patches for individual security problems with the
cumulative patch issued by the png developers.
- Build for FC1

Tue Jun 15 14:00:00 2004 Elliot Lee
- rebuilt

Mon Jun 14 14:00:00 2004 Matthias Clasen - 1.0.15-5
- Rebuilt for FC2

Mon Jun 14 14:00:00 2004 Matthias Clasen - 1.0.15-4
- Rebuilt for FC1

Mon Jun 14 14:00:00 2004 Matthias Clasen - 1.0.15-3
- Reinstate and improve the transfix patch which got lost sometime ago,
but is still needed for CAN-2002-1363 (#125934)

Wed May 19 14:00:00 2004 Matthias Clasen 1.0.15-2
- Don\'t provide libpng-devel (#110161)

Wed May 19 14:00:00 2004 Matthias Clasen 1.0.15-1
- 1.0.15
- Update rhconf2 patch
- Remove bogus badchunks patch (#89854)

Mon May 3 14:00:00 2004 Matthias Clasen 1.0.13-13
- Redo the out-of-bounds fix in a slightly better way.

Wed Apr 21 14:00:00 2004 Matthias Clasen 1.0.13-12
- Bump release number to disambiguate n-v-rs.

Mon Apr 19 14:00:00 2004 Matthias Clasen
- fix a possible out-of-bounds read in the error message
handler. #121229

Tue Mar 2 13:00:00 2004 Elliot Lee
- rebuilt

Fri Feb 13 13:00:00 2004 Elliot Lee
- rebuilt

Mon Jun 9 14:00:00 2003 Elliot Lee
- This package has no epochs! remove usage thereof

Wed Jun 4 14:00:00 2003 Elliot Lee
- rebuilt

Tue Jun 3 14:00:00 2003 Jeff Johnson
- add explicit epoch\'s where needed.

Wed Jan 22 13:00:00 2003 Tim Powers
- rebuilt

Wed Jan 15 13:00:00 2003 Elliot Lee 1.0.13-7
- Bump & rebuild

Fri Dec 13 13:00:00 2002 Elliot Lee 1.0.13-6
- Rebuild, merging in multilib change

Fri Jun 21 14:00:00 2002 Tim Powers
- automated rebuild

Sun May 26 14:00:00 2002 Tim Powers
- automated rebuild

Thu May 23 14:00:00 2002 Elliot Lee 1.0.13-3
- The package totally broke the backwards compatibility that it was intended to provide.
Fixed by setting soname to libpng.so.2, and only tweaking the build (libpng
*.{so,a}) files.
- Use _smp_mflags
- Fix rhconf patch because it was patching a symlink instead of the actual file.
- Don\'t provide libpng = {version}, because then the package conflicts with itself

Thu May 9 14:00:00 2002 Jeremy Katz 1.0.13-2
- rebuild

Thu May 2 14:00:00 2002 Havoc Pennington 1.0.13-1
- upgrade to 1.0.13, plus patch tarball from libpng web site
- update rhconf patch to work with new makefiles

Mon Mar 4 13:00:00 2002 Bernhard Rosenkraenzer 1.0.12-6
- Revert fix for #59988 as it introduces a worse problem, #60410

Tue Feb 26 13:00:00 2002 Bernhard Rosenkraenzer 1.0.12-5
- Conflict with libpng < 1.2.0 (#59988)

Wed Jan 30 13:00:00 2002 Bill Nottingham 1.0.12-4
- provide libpng = %{version}, libpng-devel = %{version}

Wed Jan 9 13:00:00 2002 Tim Powers
- automated rebuild

Fri Jan 4 13:00:00 2002 Bill Nottingham 1.0.12-2
- add devel stuff (we may change this around later)

Wed Sep 19 14:00:00 2001 Bernhard Rosenkraenzer 1.0.12-1
- initial compat package


  
ICM