Changelog for
libpng16-devel-1.6.8-13.1.x86_64.rpm :
Fri Mar 24 13:00:00 2017 pgajdosAATTsuse.com
- security update:
* CVE-2016-10087 [bsc#1017646]
+ libpng16-CVE-2016-10087.patch
Thu Dec 3 13:00:00 2015 pgajdosAATTsuse.com
- security update:
* CVE-2015-8126 fixed incompletely [bsc#954980]
+ libpng15-CVE-2015-8126-complete.patch
Mon Nov 16 13:00:00 2015 pgajdosAATTsuse.com
- security update:
* CVE-2015-8126 [bsc#954980]
Thu Jan 8 13:00:00 2015 pgajdosAATTsuse.com
- security update:
* CVE-2014-9495 [bnc#912076]
+ libpng16-CVE-2014-9495.patch
* CVE-2015-0973 [bnc#912929]
+ libpng16-CVE-2015-0973.patch
* build with -DPNG_SAFE_LIMITS_SUPPORTED
Tue Mar 4 13:00:00 2014 pgajdosAATTsuse.com
- fixed CVE-2014-0333 [bnc#866298]
- added patches:
* libpng16-1.6.8-CVE-2014-0333.patch
Fri Dec 20 13:00:00 2013 pgajdosAATTsuse.com
- updated to 1.6.8:
Changed #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED in pngpread.c to
[#]ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED to be consistent with
what is in pngpriv.h.
Moved prototype for png_handle_unknown() in pngpriv.h outside of
the #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED/#endif block.
Enabled WRITE_INVERT and WRITE_PACK in contrib/pngminim/encoder.
Fixed pngvalid \'fail\' function declaration on the Intel C Compiler.
This reverts to the previous \'static\' implementation and works round
the \'unused static function\' warning by using PNG_UNUSED().
Handle zero-length PLTE chunk or NULL palette with png_error()
instead of png_chunk_report(), which by default issues a warning
rather than an error, leading to later reading from a NULL pointer
(png_ptr->palette) in png_do_expand_palette(). This is CVE-2013-6954
and VU#650142.
Mon Dec 2 13:00:00 2013 pgajdosAATTsuse.com
- png_fix macro doesn\'t leave
*.png.fixed (which happened for correct
PNGs) [bnc#852862]
Fri Nov 15 13:00:00 2013 pgajdosAATTsuse.com
- updated to 1.6.7:
* Revised unknown chunk code to correct several bugs in the
NO_SAVE_/NO_WRITE combination
* Check user callback behavior in pngunknown.c. Previous versions
compiled if SAVE_UNKNOWN was not available but did nothing since the
callback was never implemented.
* Merged pngunknown.c with 1.7 version and back ported 1.7
improvements/fixes
* Revised pngvalid to generate size images with as many filters as
it can manage, limited by the number of rows.
* ARM improvements/fixes
Wed Sep 25 14:00:00 2013 pgajdosAATTsuse.com
- updated to 1.6.6:
* fix arm build
Thu Sep 12 14:00:00 2013 pgajdosAATTsuse.com
- updated to 1.6.4:
* Added information about png_set_options() to the manual.
* Delay calling png_init_filter_functions() until a row with nonzero
filter is found.
* Fixed inconsistent conditional compilation of
png_chunk_unknown_handling() prototype, definition, and usage.
Made it depend on PNG_HANDLE_AS_UNKNOWN_SUPPORTED everywhere.
Fri Aug 30 14:00:00 2013 cooloAATTsuse.com
- remove gpg-offline usage, libpng16 is too low in the build chain
Thu Aug 8 14:00:00 2013 pgajdosAATTsuse.com
- png-fix-too-far-back was actually renamed to pngfix. Adjusted rpm
macro names accordingly, %png_fix and %png_fix_dir.
Tue Aug 6 14:00:00 2013 pgajdosAATTsuse.com
- updated to 1.6.3:
* Added png-fix-itxt and png-fix-too-far-back to the built programs and
removed warnings from the source code and timepng that are revealed as
a result.
=> new subpackage tools, created rpm macros
Fri Jun 21 14:00:00 2013 crrodriguezAATTopensuse.org
- Build with LFS_CFLAGS in 32 bit archs otherwise calls such
as png_image_begin_read_from_file() or png_image_write_to_file()
will fail to read/write huge images.
- Build with Full RELRO as this library is a possible consumer
of malicuous images/files.
Fri Apr 26 14:00:00 2013 pgajdosAATTsuse.com
- updated to 1.6.2:
Updated documentation of 1.5.x to 1.6.x changes in iCCP chunk handling.
Fixed incorrect warning of excess deflate data. End condition - the
warning would be produced if the end of the deflate stream wasn\'t read
in the last row. The warning is harmless.
Corrected the test on user transform changes on read. It was in the
png_set of the transform function, but that doesn\'t matter unless the
transform function changes the rowbuf size, and that is only valid if
transform_info is called.
Corrected a misplaced closing bracket in contrib/libtests/pngvalid.c
(Flavio Medeiros).
Corrected length written to uncompressed iTXt chunks (Samuli Suominen).
Added contrib/tools/fixitxt.c, to repair the erroneous iTXt chunk length
written by libpng-1.6.0 and 1.6.1.
Disallow storing sRGB information when the sRGB is not supported.
Merge pngtest.c with libpng-1.7.0
Tue Apr 2 14:00:00 2013 pgajdosAATTsuse.com
- conflict with libpng12-compat-devel-32bit and libpng15-compat-devel-32bit
Thu Mar 28 13:00:00 2013 pgajdosAATTsuse.com
- updated to 1.6.1:
Made sRGB check numbers consistent.
Use parentheses more consistently in \"#if defined(MACRO)\" tests.
Reenabled code to allow zero length PLTE chunks for MNG.
Fixed ALIGNED_MEMORY support.
Avoid a possible memory leak in contrib/gregbook/readpng.c
Better documentation of unknown handling API interactions.
Corrected simplified API default gamma for color-mapped output, added
a flag to change default. In 1.6.0 when the simplified API was used
to produce color-mapped output from an input image with no gamma
information the gamma assumed for the input could be different from
that assumed for non-color-mapped output. In particular 16-bit depth
input files were assumed to be sRGB encoded, whereas in the \'direct\'
case they were assumed to have linear data. This was an error. The
fix makes the simplified API treat all input files the same way and
adds a new flag to the png_image::flags member to allow the
application/user to specify that 16-bit files contain sRGB data
rather than the default linear.
etc., see ANNOUNCE or CHANGES for details
- dropped upstreamed
0387-Reenable-code-to-allow-zero-length-PLTE-chunks-for-M.patch
Mon Mar 18 13:00:00 2013 pgajdosAATTsuse.com
- allow zero length PLTE chunks
(fixes GraphicsMagick testsuite)
Mon Mar 4 13:00:00 2013 pgajdosAATTsuse.com
- remove clean section
Thu Feb 14 13:00:00 2013 pgajdosAATTsuse.com
- updated to 1.6.0
- changes from 1.5.x to 1.6.x:
* new simplified api added:
macros:
PNG_FORMAT_
*
PNG_IMAGE_
*
structures:
png_control
png_image
read functions
png_image_begin_read_from_file()
png_image_begin_read_from_stdio()
png_image_begin_read_from_memory()
png_image_finish_read()
png_image_free()
write functions
png_image_write_to_file()
png_image_write_to_stdio()
* possibility to configure libpng to prefix all exported symbols
(PNG_PREFIX macro)
* no longer include string.h in png.h
* deprecated api:
png_info_init_3()
png_convert_to_rfc1123() which has been replaced
with png_convert_to_rfc1123_buffer()
png_data_freer()
png_malloc_default()
png_free_default()
png_reset_zstream()
* removed api:
png_get_io_chunk_name()
* signatures of many exported functions were changed, such that
png_structp became png_structrp or png_const_structrp
png_infop became png_inforp or png_const_inforp
where \"rp\" indicates a \"restricted pointer\".
- for more details see section XII of libpng-manual.txt or ANNOUNCE
Mon Jan 14 13:00:00 2013 pgajdosAATTsuse.com
- updated to 1.6.0beta37
Tue Nov 20 13:00:00 2012 pgajdosAATTsuse.com
- updated to 1.6.0beta31
Wed Oct 24 14:00:00 2012 jengelhAATTinai.de
- Add missing baselib requires for compat-devel-32bit
Mon Oct 15 14:00:00 2012 pgajdosAATTsuse.com
- updated to 1.6.0beta29
Wed Jul 11 14:00:00 2012 pgajdosAATTsuse.com
- updated to 1.6.0beta26
Fri Jun 15 14:00:00 2012 pgajdosAATTsuse.com
- updated to 1.6.0beta24
Thu Mar 29 14:00:00 2012 pgajdosAATTsuse.com
- updated to 1.6.0beta20
Wed Mar 14 13:00:00 2012 pgajdosAATTsuse.com
- updated to 1.6.0beta17
Mon Feb 20 13:00:00 2012 pgajdosAATTsuse.com
- updated to 1.6.0beta12
Mon Jan 9 13:00:00 2012 pgajdosAATTsuse.com
- updated to 1.6.0beta04
Mon Dec 19 13:00:00 2011 pgajdosAATTsuse.com
- updated to 1.5.7:
Added support for ARM processor (Mans Rullgard)
Fixed bug in pngvalid on early allocation failure; fixed type cast in
pngmem.c; pngvalid would attempt to call png_error() if the allocation
of a png_struct or png_info failed. This would probably have led to a
crash. The pngmem.c implementation of png_malloc() included a cast
to png_size_t which would fail on large allocations on 16-bit systems.
Fix for the preprocessor of the Intel C compiler. The preprocessor
splits adjacent AATT signs with a space; this changes the concatentation
token from AATT-AATT-AATT to PNG_JOIN; that should work with all compiler
preprocessors.
Paeth filter speed improvements from work by Siarhei Siamashka. This
changes the \'Paeth\' reconstruction function to improve the GCC code
generation on x86. The changes are only part of the suggested ones;
just the changes that definitely improve speed and remain simple.
The changes also slightly increase the clarity of the code.
Check compression_type parameter in png_get_iCCP and remove spurious
casts. The compression_type parameter is always assigned to, so must
be non-NULL. The cast of the profile length potentially truncated the
value unnecessarily on a 16-bit int system, so the cast of the (byte)
compression type to (int) is specified by ANSI-C anyway.
Fixed FP division by zero in pngvalid.c; the \'test_pixel\' code left
the sBIT fields in the test pixel as 0, which resulted in a floating
point division by zero which was irrelevant but causes systems where
FP exceptions cause a crash. Added code to pngvalid to turn on FP
exceptions if the appropriate glibc support is there to ensure this is
tested in the future.
Updated scripts/pnglibconf.mak and scripts/makefile.std to handle the
new PNG_JOIN macro.
Added versioning to pnglibconf.h comments.
Simplified read/write API initial version; basic read/write tested on
a variety of images, limited documentation (in the header file.)
Installed more accurate linear to sRGB conversion tables. The slightly
modified tables reduce the number of 16-bit values that
convert to an off-by-one 8-bit value. The \"makesRGB.c\" code that was used
to generate the tables is now in a contrib/sRGBtables sub-directory.
etc. see CHANGES
Thu Dec 1 13:00:00 2011 idoenmezAATTsuse.de
- Name field shouldn\'t contain a macro
Thu Dec 1 13:00:00 2011 cooloAATTsuse.com
- add libtool as buildrequire to avoid implicit dependency
Thu Nov 3 13:00:00 2011 pgajdosAATTsuse.com
- updated to 1.5.6:
Fixed some 64-bit type conversion warnings in pngrtran.c
Moved row_info from png_struct to a local variable.
The various interlace mask arrays have been made into arrays of
bytes and made PNG_CONST and static (previously some arrays were
marked PNG_CONST and some weren\'t).
Additional checks have been added to the transform code to validate the
pixel depths after the transforms on both read and write.
Removed some redundant code from pngwrite.c, in png_desgtroy_write_struct().
Changed chunk reading/writing code to use png_uint_32 instead of png_byte[4].
This removes the need to allocate temporary strings for chunk names on
the stack in the read/write code. Unknown chunk handling still uses the
string form because this is exposed in the API.
Added a note in the manual the png_read_update_info() must be called only
once with a particular info_ptr.
Revised test-pngtest.sh to report FAIL when pngtest fails.
Added \"--strict\" option to pngtest, to report FAIL when the failure is
only because the resulting valid files are different.
Revised CMakeLists.txt to work with mingw and removed some material from
CMakeLists.txt that is no longer useful in libpng-1.5.
Fixed typo in Makefile.in and Makefile.am (\"-M Wl\" should be \"-M -Wl\").\"
Speed up png_combine_row() for interlaced images. This reduces the generality
of the code, allowing it to be optimized for Adam7 interlace. The masks
passed to png_combine_row() are now generated internally, avoiding
some code duplication and localizing the interlace handling somewhat.
Align png_struct::row_buf - previously it was always unaligned, caused by
a bug in the code that attempted to align it; the code needs to subtract
one from the pointer to take account of the filter byte prepended to
each row.
Optimized png_combine_row() when rows are aligned. This gains a small
percentage for 16-bit and 32-bit pixels in the typical case where the
output row buffers are appropriately aligned. The optimization was not
previously possible because the png_struct buffer was always misaligned.
Removed two redundant tests for unitialized row.
Fixed a relatively harmless memory overwrite in compressed text writing
with a 1 byte zlib buffer.
Add ability to call png_read_update_info multiple times to pngvalid.c
Fixes for multiple calls to png_read_update_info. These fixes attend to
most of the errors revealed in pngvalid, however doing the gamma work
twice results in inaccuracies that can\'t be easily fixed. There is now
a warning in the code if this is going to happen.
Turned on multiple png_read_update_info in pngvalid transform tests.
Prevent libpng from overwriting unused bits at the end of the image when
it is not byte aligned, while reading. Prior to libpng-1.5.6 libpng would
overwrite the partial byte at the end of each row if the row width was not
an exact multiple of 8 bits and the image is not interlaced.
Made png_ptr->prev_row an aligned pointer into png_ptr->big_prev_row
(Mans Rullgard).
Changed misleading \"Missing PLTE before cHRM\" warning to \"Out of place cHRM\"
Added PNG_LSR() and PNG_LSL() macros to defend against buggy compilers that
evaluate non-taken code branches and complain about out-of-range shifts.
Renamed the local variable \'byte\' because it appears in a MSYS header
file.
Added #define PNG_ALIGN_TYPE PNG_ALIGN_NONE to contrib/pngminim/
*/pngusr.h
Mon Sep 26 14:00:00 2011 pgajdosAATTsuse.com
- updated to 1.5.5, fixes:
* CVE-2011-3328 [bnc#720017]
Tue Jul 26 14:00:00 2011 pgajdosAATTnovell.com
- updated to 1.5.4, fixes:
* CVE-2011-2501 [bnc#702578]
* CVE-2011-2690 [bnc#706387]
* CVE-2011-2691 [bnc#706388]
* CVE-2011-2692 [bnc#706389]
Thu Mar 31 14:00:00 2011 pgajdosAATTsuse.cz
- updated to 1.5.2:
* Turned on interlace handling in png_read_png().
* Fixed gcc pendantic warnings.
* Fixed png_get_current_row_number() in the interlaced case.
* Cleaned up ALPHA flags and transformations.
* Implemented expansion to 16 bits.
* etc, see
http://sourceforge.net/projects/libpng/files/libpng15/1.5.2/
Thu Feb 3 13:00:00 2011 pgajdosAATTsuse.cz
- updated to 1.5.1: new branch shortly after 1.4, many structural
changes, see CHANGELOG or
http://sourceforge.net/projects/libpng/files/libpng15/1.5.0/
and
http://sourceforge.net/projects/libpng/files/libpng15/1.5.1/
Thu Sep 30 14:00:00 2010 pgajdosAATTnovell.com
- updated to 1.4.4:
* Eliminated another deprecated reference to png_ptr->io_ptr in pngtest.c
* Updated the xcode project to work with libpng-1.4.x and added iOS targets
for simulator and device (Philippe Hausler).
* Eliminated a deprecated reference to png_ptr->io_ptr in pngtest.c
* Removed unused png_mem_
* defines from pngconf.h.
* Updated the read macros and functions from 1.5.0beta38.
Mon Aug 30 14:00:00 2010 cooloAATTnovell.com
- fix baselibs.conf after previous change
Thu Jul 29 14:00:00 2010 pgajdosAATTsuse.cz
- add devel packages to baselbis.conf [bnc#625883]
Mon Jun 28 14:00:00 2010 pgajdosAATTsuse.cz
- updated to 1.4.3: fixed libpng overflow (CVE-2010-1205)
and memory leak [bnc#617866]
Fri Jun 4 14:00:00 2010 cooloAATTnovell.com
- remove devel packages from baselibs.conf, not convinced of
their usefulness
Mon May 3 14:00:00 2010 dmuellerAATTsuse.de
- also obsolete libpng-devel-1.2.43 (previous factory version)
Sat Apr 24 14:00:00 2010 cooloAATTnovell.com
- buildrequire pkg-config to fix provides
Thu Apr 15 14:00:00 2010 pgajdosAATTsuse.cz
- support png_read_dither() for xfig and transfig
* read-dither.patch
Tue Apr 6 14:00:00 2010 roAATTsuse.de
- fix baselibs.conf
Thu Mar 25 13:00:00 2010 pgajdosAATTsuse.cz
- updated to 1.4.1 -- new branch
Thu Feb 25 13:00:00 2010 pgajdosAATTsuse.cz
- updated to 1.2.43 (fixes [bnc#585403]):
* Removed \"#define PNG_NO_ERROR_NUMBERS\" that was inadvertently added
to pngconf.h in version 1.2.41.
* Removed leftover \"-DPNG_CONFIGURE_LIBPNG\" from scripts/makefile.darwin
and contrib/pngminim/
*/makefile
* Relocated png_do_chop() to its original position in pngrtran.c; the
change in version 1.2.41beta08 caused transparency to be handled wrong
in some 16-bit datastreams (Yusaku Sugai).
* Renamed libpng-pc.in back to libpng.pc.in and revised CMakeLists.txt
(revising changes made in 1.2.41)
* Swapped PNG_UNKNOWN_CHUNKS_SUPPORTED and PNG_HANDLE_AS_UNKNOWN_SUPPORTED
in pngset.c to be consistent with other changes in version 1.2.38.
* Avoid deprecated references to png_ptr-io_ptr and png_ptr->error_ptr
in pngtest.c
Mon Dec 14 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as a source
Mon Dec 7 13:00:00 2009 pgajdosAATTsuse.cz
- updated to 1.2.41:
contains numerous cleanups, some new compile-time warnings about
direct struct access (define PNG_NO_PEDANTIC_WARNINGS to enable),
a new xcode build project, and a minor performance improvement
(avoid building 16-bit gamma tables when not needed)
Tue Nov 24 13:00:00 2009 pgajdosAATTsuse.cz
- updated to 1.2.40:
Removed an extra png_debug() recently added to png_write_find_filter().
Fixed incorrect #ifdef in pngset.c regarding unknown chunk support.
Various bugfixes and improvements to CMakeLists.txt (Philip Lowman)
Tue Nov 3 13:00:00 2009 cooloAATTnovell.com
- updated patches to apply with fuzz=0
Thu Aug 13 14:00:00 2009 pgajdosAATTsuse.cz
- updated to 1.2.39:
* Added a prototype for png_64bit_product() in png.c
* Avoid a possible NULL dereference in debug build,
in png_set_text_2()
* Relocated new png_64_bit_product() prototype into png.h
* Replaced
*.tar.lzma with
*.txz in distribution.
* Reject attempt to write iCCP chunk with negative embedded
profile length.
Mon Jul 20 14:00:00 2009 pgajdosAATTsuse.cz
- updated to 1.2.38:
* Revised libpng
*.txt and libpng.3 to mention calling png_set_IHDR()
multiple times and to specify the sample order in the tRNS chunk,
because the ISO PNG specification has a typo in the tRNS table.
* Changed several PNG_UNKNOWN_CHUNK_SUPPORTED to
PNG_HANDLE_AS_UNKNOWN_SUPPORTED, to make the png_set_keep mechanism
available for ignoring known chunks even when not saving unknown chunks.
* Adopted preference for consistent use of \"#ifdef\" and \"#ifndef\" versus
\"#if defined()\" and \"if !defined()\" where possible.
* Added PNG_NO_HANDLE_AS_UNKNOWN in the PNG_LEGACY_SUPPORTED block of
pngconf.h, and moved the various unknown chunk macro definitions
outside of the PNG_READ|WRITE_ANCILLARY_CHUNK_SUPPORTED blocks.
Thu Jun 4 14:00:00 2009 pgajdosAATTsuse.cz
- updated to 1.2.37:
* fixed bug with new png_memset() of the big_row_buffer
Tue May 12 14:00:00 2009 pgajdosAATTsuse.cz
- updated to 1.2.36 (see CHANGES)