Changelog for
libpng12-devel-1.2.59-lp156.81.1.x86_64.rpm :
* Fri Mar 01 2024 pgajdosAATTsuse.com- Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN
* Wed May 04 2022 Marcus Meissner
- switched to https url
* Wed Jul 17 2019 pgajdosAATTsuse.com- version update to 1.2.59 Added png_check_chunk_length() function, and check all chunks except IDAT against the default 8MB limit; check IDAT against the maximum size computed from IHDR parameters (Fixes CVE-2017-12652). Initialize memory allocated by png_inflate to zero, using memset, to stop an oss-fuzz \"use of uninitialized value\" detection in png_set_text_2() due to truncated iTXt or zTXt chunk.
* Wed Jan 31 2018 pgajdosAATTsuse.com- check with -j1, be explicit
* Tue Jan 30 2018 jengelhAATTinai.de- Fix SRPM group and grammar issues.
* Mon Jan 02 2017 pgajdosAATTsuse.com- updated to 1.2.57: fixes CVE-2016-10087
* Thu Dec 17 2015 pgajdosAATTsuse.com- updated to 1.2.56: Fixed an out-of-range read in png_check_keyword() (Bug report from Qixue Xiao, CVE-2015-8540). Added keyword checks to pngset.c
* Thu Dec 03 2015 pgajdosAATTsuse.com- updated to 1.2.55: Avoid potential pointer overflow in png_handle_iTXt(), png_handle_zTXt(), png_handle_sPLT(), and png_handle_pCAL() (Bug report by John Regehr). Fixed incorrect implementation of png_set_PLTE() that uses png_ptr not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126 vulnerability.
* Fri Nov 13 2015 pgajdosAATTsuse.com- updated to 1.2.54
* Fri Aug 07 2015 pgajdosAATTsuse.com- build in build section
* Fri Feb 27 2015 pgajdosAATTsuse.com- updated to 1.2.53: Issue a png_error() instead of a png_warning() when width is potentially too large for the architecture, in case the calling application has overridden the default 1,000,000-column limit (fixes CVE-2014-9495 and CVE-2015-0973). Display user limits in the output from pngtest. Changed PNG_USER_CHUNK_MALLOC_MAX from unlimited to 8,000,000. This can only be changed at library-build time. It only affects the maximum memory that can be allocated to an ancillary chunk; it does not limit the size of IDAT data, which is instead limited by PNG_USER_WIDTH_MAX.
* Mon Jan 19 2015 olafAATTaepfle.de- Fix CVE-2013-7354.patch, include limits.h for INT_MAX
* Thu Nov 20 2014 pgajdosAATTsuse.com- updated to 1.2.52:
* Avoid out-of-bounds memory access while checking version string.