Changelog for
libpng12-devel-1.2.56-65.1.i586.rpm :
Thu Dec 17 13:00:00 2015 pgajdosAATTsuse.com
- updated to 1.2.56:
Fixed an out-of-range read in png_check_keyword() (Bug report from
Qixue Xiao, CVE-2015-8540).
Added keyword checks to pngset.c
Thu Dec 3 13:00:00 2015 pgajdosAATTsuse.com
- updated to 1.2.55:
Avoid potential pointer overflow in png_handle_iTXt(), png_handle_zTXt(),
png_handle_sPLT(), and png_handle_pCAL() (Bug report by John Regehr).
Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
vulnerability.
Fri Nov 13 13:00:00 2015 pgajdosAATTsuse.com
- updated to 1.2.54
Fri Aug 7 14:00:00 2015 pgajdosAATTsuse.com
- build in build section
Fri Feb 27 13:00:00 2015 pgajdosAATTsuse.com
- updated to 1.2.53:
Issue a png_error() instead of a png_warning() when width is
potentially too large for the architecture, in case the calling
application has overridden the default 1,000,000-column limit
(fixes CVE-2014-9495 and CVE-2015-0973).
Display user limits in the output from pngtest.
Changed PNG_USER_CHUNK_MALLOC_MAX from unlimited to 8,000,000.
This can only be changed at library-build time. It only
affects the maximum memory that can be allocated to an
ancillary chunk; it does not limit the size of IDAT
data, which is instead limited by PNG_USER_WIDTH_MAX.
Mon Jan 19 13:00:00 2015 olafAATTaepfle.de
- Fix CVE-2013-7354.patch, include limits.h for INT_MAX
Thu Nov 20 13:00:00 2014 pgajdosAATTsuse.com
- updated to 1.2.52:
* Avoid out-of-bounds memory access while checking version string.
Tue Apr 22 14:00:00 2014 pgajdosAATTsuse.com
- security update:
* CVE-2013-7353.patch [bnc#873124]
* CVE-2013-7354.patch [bnc#873123]
Fri Feb 7 13:00:00 2014 pgajdosAATTsuse.com
- updated to 1.2.51:
Ignore, with a warning, out-of-range value of num_trans in png_set_tRNS().
Replaced AM_CONFIG_HEADER(config.h) with
AC_CONFIG_HEADERS([config.h]) in configure.ac
Changed default value of PNG_USER_CACHE_MAX from 0 to 32767 in pngconf.h.
Avoid a possible memory leak in contrib/gregbook/readpng.c
Revised libpng.3 so that \"doclifter\" can process it.
Changed \'\"%s\"m\' to \'\"%s\" m\' in png_debug macros to improve portability
among compilers.
Rebuilt the configure scripts with autoconf-2.69 and automake-1.14.1
Removed potentially misleading warning from png_check_IHDR().
Quiet set-but-not-used warnings in pngset.c
Quiet an uninitialized memory warning from VC2013 in png_get_png().
Quiet unused variable warnings from clang by porting PNG_UNUSED() from
libpng-1.4.6.
Added -DZ_SOLO to CFLAGS in contrib/pngminim/
*/makefile
Added an #ifdef PNG_FIXED_POINT_SUPPORTED/#endif in pngset.c
Wed Apr 17 14:00:00 2013 cooloAATTsuse.com
- add conflicts in -32bit package
Mon Apr 15 14:00:00 2013 mmeisterAATTsuse.com
- Added url as source.
Please see http://en.opensuse.org/SourceUrls
Wed Oct 24 14:00:00 2012 jengelhAATTinai.de
- Add missing baselib requires for compat-devel-32bit
Wed Jul 11 14:00:00 2012 pgajdosAATTsuse.com
- updated to 1.2.50:
Changed \"a+w\" to \"u+w\" in Makefile.in to fix CVE-2012-3386.
Thu Mar 29 14:00:00 2012 pgajdosAATTsuse.com
- updated to 1.2.49: [bnc#754745]
Revised png_set_text_2() to avoid potential memory corruption (fixes
CVE-2011-3048).
Prevent PNG_EXPAND+PNG_SHIFT doing the shift twice.
Wed Mar 14 13:00:00 2012 pgajdosAATTsuse.com
- updated to 1.2.48:
* fixed CVE-2011-3045 [bnc#752008]
Mon Feb 20 13:00:00 2012 pgajdosAATTsuse.com
- updated to 1.2.47:
* fixed CVE-2011-3026 [bnc#747311]
Thu Dec 1 13:00:00 2011 idoenmezAATTsuse.de
- Name field shouldn\'t contain a macro
Thu Dec 1 13:00:00 2011 cooloAATTsuse.com
- add libtool as buildrequire to avoid implicit dependency
Wed Oct 5 14:00:00 2011 uliAATTsuse.com
- cross-build fix: use %configure macro
Tue Jul 12 14:00:00 2011 pgajdosAATTnovell.com
- updated to 1.2.46:
* fixed CVE-2011-2501 [bnc#702578]
Mon Aug 30 14:00:00 2010 cooloAATTnovell.com
- fix baselibs.conf after previous change
Thu Jul 29 14:00:00 2010 pgajdosAATTsuse.cz
- add devel packages to baselibs.conf [bnc#625883]
Mon Jun 28 14:00:00 2010 pgajdosAATTsuse.cz
- updated to 1.2.44: fixed libpng overflow (CVE-2010-1205)
and memory leak [bnc#617866]
Fri Jun 4 14:00:00 2010 cooloAATTnovell.com
- remove the devel packages from baselibs.conf, not convinced of
their usefulness
Sat Apr 24 14:00:00 2010 cooloAATTnovell.com
- buildrequire pkg-config to fix provides
Thu Feb 25 13:00:00 2010 pgajdosAATTsuse.cz
- updated to 1.2.43 (fixes [bnc#585403]):
* Removed \"#define PNG_NO_ERROR_NUMBERS\" that was inadvertently added
to pngconf.h in version 1.2.41.
* Removed leftover \"-DPNG_CONFIGURE_LIBPNG\" from scripts/makefile.darwin
and contrib/pngminim/
*/makefile
* Relocated png_do_chop() to its original position in pngrtran.c; the
change in version 1.2.41beta08 caused transparency to be handled wrong
in some 16-bit datastreams (Yusaku Sugai).
* Renamed libpng-pc.in back to libpng.pc.in and revised CMakeLists.txt
(revising changes made in 1.2.41)
* Swapped PNG_UNKNOWN_CHUNKS_SUPPORTED and PNG_HANDLE_AS_UNKNOWN_SUPPORTED
in pngset.c to be consistent with other changes in version 1.2.38.
* Avoid deprecated references to png_ptr-io_ptr and png_ptr->error_ptr
in pngtest.c
Mon Dec 14 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as a source
Mon Dec 7 13:00:00 2009 pgajdosAATTsuse.cz
- updated to 1.2.41:
contains numerous cleanups, some new compile-time warnings about
direct struct access (define PNG_NO_PEDANTIC_WARNINGS to enable),
a new xcode build project, and a minor performance improvement
(avoid building 16-bit gamma tables when not needed)
Tue Nov 24 13:00:00 2009 pgajdosAATTsuse.cz
- updated to 1.2.40:
Removed an extra png_debug() recently added to png_write_find_filter().
Fixed incorrect #ifdef in pngset.c regarding unknown chunk support.
Various bugfixes and improvements to CMakeLists.txt (Philip Lowman)
Tue Nov 3 13:00:00 2009 cooloAATTnovell.com
- updated patches to apply with fuzz=0
Thu Aug 13 14:00:00 2009 pgajdosAATTsuse.cz
- updated to 1.2.39:
* Added a prototype for png_64bit_product() in png.c
* Avoid a possible NULL dereference in debug build,
in png_set_text_2()
* Relocated new png_64_bit_product() prototype into png.h
* Replaced
*.tar.lzma with
*.txz in distribution.
* Reject attempt to write iCCP chunk with negative embedded
profile length.
Mon Jul 20 14:00:00 2009 pgajdosAATTsuse.cz
- updated to 1.2.38:
* Revised libpng
*.txt and libpng.3 to mention calling png_set_IHDR()
multiple times and to specify the sample order in the tRNS chunk,
because the ISO PNG specification has a typo in the tRNS table.
* Changed several PNG_UNKNOWN_CHUNK_SUPPORTED to
PNG_HANDLE_AS_UNKNOWN_SUPPORTED, to make the png_set_keep mechanism
available for ignoring known chunks even when not saving unknown chunks.
* Adopted preference for consistent use of \"#ifdef\" and \"#ifndef\" versus
\"#if defined()\" and \"if !defined()\" where possible.
* Added PNG_NO_HANDLE_AS_UNKNOWN in the PNG_LEGACY_SUPPORTED block of
pngconf.h, and moved the various unknown chunk macro definitions
outside of the PNG_READ|WRITE_ANCILLARY_CHUNK_SUPPORTED blocks.
Thu Jun 4 14:00:00 2009 pgajdosAATTsuse.cz
- updated to 1.2.37:
* fixed bug with new png_memset() of the big_row_buffer
Tue May 12 14:00:00 2009 pgajdosAATTsuse.cz
- updated to 1.2.36 (see CHANGES)
Mon Feb 23 13:00:00 2009 pgajdosAATTsuse.cz
- fixes possible double free [bnc#472745]
(CVE-2009-0040)
Mon Jan 19 13:00:00 2009 pgajdosAATTsuse.cz
- updated to 1.2.34:
* fixes CVE-2008-3964 (removed CVE-2008-3964.patch)
Tue Jan 13 13:00:00 2009 olhAATTsuse.de
- obsolete old -XXbit packages (bnc#437293)
Mon Sep 15 14:00:00 2008 pgajdosAATTsuse.cz
- fixed CVE-2008-3964 [bnc#424739]
* CVE-2008-3964.patch
Thu Sep 11 14:00:00 2008 pgajdosAATTsuse.cz
- updated to version 1.2.31:
* coding bugfixes and enhancements
Mon Sep 1 14:00:00 2008 ajAATTsuse.de
- Do not package la files.
Mon Jun 23 14:00:00 2008 pgajdosAATTsuse.cz
- updated to 1.2.29:
* fixes to the configure-related build-scripts
* security fix that affects programs that attempt to do
special handling of unknown PNG chunks (presumably very
few such programs), along with a reversion to previous
behavior for handling of images with out-of-range tRNS-chunk
values [bnc#378634]
* fix for unintentional gray-to-RGB conversion in
png_set_expand_gray_1_2_4_to_8()
* various other minor fixes
- removed makefile-am.patch, issue fixed upstream
Sun May 11 14:00:00 2008 cooloAATTsuse.de
- fix rename of xxbit packages
Tue Apr 22 14:00:00 2008 pgajdosAATTsuse.cz
- $(ECHO) substituted by echo in Makefile.in -- fixes package
build in beta (makefile-am.patch)
Thu Apr 10 14:00:00 2008 roAATTsuse.de
- added baselibs.conf file to build xxbit packages
for multilib support
Thu Apr 3 14:00:00 2008 pgajdosAATTsuse.cz
- updated to 1.2.26:
* fixed minor coding errors that could lead to crashes in
exceptional cases
Thu Dec 6 13:00:00 2007 mrueckertAATTsuse.de
- added provides/obsoletes for the old package
Fri Nov 30 13:00:00 2007 nadvornikAATTsuse.cz
- updated to 1.2.23:
* more sanity checks, fixes [#332249]
- adjusted to Shared Library Policy:
* renamed package libpng to libpng12-0
* created compatibility package libpng3
Wed Jul 11 14:00:00 2007 nadvornikAATTsuse.cz
- updated to 1.2.18:
* security fixes merged upstream
Thu Mar 29 14:00:00 2007 ajAATTsuse.de
- Add zlib-devel to BuildRequires.
Thu Nov 23 13:00:00 2006 nadvornikAATTsuse.cz
- fixed crash on malformed sPLT chunks CVE-2006-5793 [#219007]
Mon Jul 17 14:00:00 2006 nadvornikAATTsuse.cz
- make sure PNG_NO_ASSEMBLER_CODE is used consistently