diff options
| author | Glenn Randers-Pehrson <glennrp at users.sourceforge.net> | 2012-02-16 21:25:58 -0600 |
|---|---|---|
| committer | Glenn Randers-Pehrson <glennrp at users.sourceforge.net> | 2012-02-18 23:43:23 -0600 |
| commit | 3ef6c2439c016abfb212d6201df792b08df2cb15 (patch) | |
| tree | ba5244ebf904200e8e5d3a5715378d9eca265353 | |
| parent | 59d3ef11ed5db47eabc3e4ed8c10ff5889d526d7 (diff) | |
| download | libpng-3ef6c2439c016abfb212d6201df792b08df2cb15.tar.gz | |
[libpng14] Imported from libpng-1.4.9beta01.tarv1.4.9beta01
| -rw-r--r-- | ANNOUNCE | 7 | ||||
| -rw-r--r-- | CHANGES | 5 | ||||
| -rw-r--r-- | INSTALL | 2 | ||||
| -rw-r--r-- | LICENSE | 4 | ||||
| -rw-r--r-- | README | 2 | ||||
| -rw-r--r-- | libpng-1.4.9beta01.txt | 6 | ||||
| -rw-r--r-- | libpng.3 | 14 | ||||
| -rw-r--r-- | libpngpf.3 | 2 | ||||
| -rw-r--r-- | png.5 | 2 | ||||
| -rw-r--r-- | png.c | 4 | ||||
| -rw-r--r-- | png.h | 10 | ||||
| -rw-r--r-- | pngconf.h | 2 | ||||
| -rw-r--r-- | pngpread.c | 12 | ||||
| -rw-r--r-- | pngpriv.h | 2 | ||||
| -rw-r--r-- | pngrutil.c | 9 | ||||
| -rw-r--r-- | projects/vstudio/readme.txt | 2 | ||||
| -rw-r--r-- | projects/vstudio/zlib.props | 2 | ||||
| -rw-r--r-- | scripts/README.txt | 2 | ||||
| -rw-r--r-- | sunfix-makefile.patch | 16 | ||||
| -rw-r--r-- | sunfix.patch | 45 |
20 files changed, 110 insertions, 40 deletions
@@ -1,5 +1,5 @@ -Libpng 1.4.9beta01 - September 2, 2011 +Libpng 1.4.9beta01 - February 17, 2012 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -26,11 +26,14 @@ Other information: Changes since the last public release (1.4.8): -version 1.4.9beta01 [September 2, 2011] +version 1.4.9beta01 [February 17, 2012] Added vstudio/* and CMakeLists to EXTRA_DIST in Makefile.in and Makefile.am Updated contrib/pngminus/makefile.std (Samuli Souminen) Added SunOS support to configure.ac and Makefile.am (but configure and Makefile.in were not updated) + Fixed CVE-2011-3026 buffer overrun bug. Deal more correctly with the test + on iCCP chunk length. Also removed spurious casts that may hide problems + on 16-bit systems. Send comments/corrections/commendations to glennrp at users.sourceforge.net or to png-mng-implement at lists.sf.net (subscription required; visit @@ -2825,11 +2825,14 @@ version 1.4.8rc01 [June 30, 2011] version 1.4.8 [July 7, 2011] No changes. -version 1.4.9beta01 [September 2, 2011] +version 1.4.9beta01 [February 17, 2012] Added vstudio/* and CMakeLists to EXTRA_DIST in Makefile.in and Makefile.am Updated contrib/pngminus/makefile.std (Samuli Souminen) Added SunOS support to configure.ac and Makefile.am (but configure and Makefile.in were not updated) + Fixed CVE-2011-3026 buffer overrun bug. Deal more correctly with the test + on iCCP chunk length. Also removed spurious casts that may hide problems + on 16-bit systems. Send comments/corrections/commendations to glennrp at users.sourceforge.net or to png-mng-implement at lists.sf.net (subscription required; visit @@ -1,5 +1,5 @@ -Installing libpng version 1.4.9beta01 - July 8, 2011 +Installing libpng version 1.4.9beta01 - February 17, 2012 On Unix/Linux and similar systems, you can simply type @@ -10,7 +10,7 @@ this sentence. This code is released under the libpng license. -libpng versions 1.2.6, August 15, 2004, through 1.4.9beta01, July 8, 2011, are +libpng versions 1.2.6, August 15, 2004, through 1.4.9beta01, February 17, 2012, are Copyright (c) 2004, 2006-2010 Glenn Randers-Pehrson, and are distributed according to the same disclaimer and license as libpng-1.2.5 with the following individual added to the list of Contributing Authors @@ -108,4 +108,4 @@ certification mark of the Open Source Initiative. Glenn Randers-Pehrson glennrp at users.sourceforge.net -July 8, 2011 +February 17, 2012 @@ -1,4 +1,4 @@ -README for libpng version 1.4.9beta01 - July 8, 2011 (shared library 14.0) +README for libpng version 1.4.9beta01 - February 17, 2012 (shared library 14.0) See the note about version numbers near the top of png.h See INSTALL for instructions on how to install libpng. diff --git a/libpng-1.4.9beta01.txt b/libpng-1.4.9beta01.txt index 80e22ad16..98fa4282a 100644 --- a/libpng-1.4.9beta01.txt +++ b/libpng-1.4.9beta01.txt @@ -1,6 +1,6 @@ libpng.txt - A description on how to use and modify libpng - libpng version 1.4.9beta01 - July 13, 2011 + libpng version 1.4.9beta01 - February 17, 2012 Updated and distributed by Glenn Randers-Pehrson <glennrp at users.sourceforge.net> Copyright (c) 1998-2010 Glenn Randers-Pehrson @@ -11,7 +11,7 @@ libpng.txt - A description on how to use and modify libpng Based on: - libpng versions 0.97, January 1998, through 1.4.9beta01 - July 13, 2011 + libpng versions 0.97, January 1998, through 1.4.9beta01 - February 17, 2012 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2010 Glenn Randers-Pehrson @@ -3312,7 +3312,7 @@ Other rules can be inferred by inspecting the libpng source. XIII. Y2K Compliance in libpng -July 13, 2011 +February 17, 2012 Since the PNG Development group is an ad-hoc body, we can't make an official declaration. @@ -1,4 +1,4 @@ -.TH LIBPNG 3 "July 13, 2011" +.TH LIBPNG 3 "February 17, 2012" .SH NAME libpng \- Portable Network Graphics (PNG) Reference Library 1.4.9beta01 .SH SYNOPSIS @@ -895,7 +895,7 @@ Following is a copy of the libpng-manual.txt file that accompanies libpng. .SH LIBPNG.TXT libpng.txt - A description on how to use and modify libpng - libpng version 1.4.9beta01 - July 13, 2011 + libpng version 1.4.9beta01 - February 17, 2012 Updated and distributed by Glenn Randers-Pehrson <glennrp at users.sourceforge.net> Copyright (c) 1998-2010 Glenn Randers-Pehrson @@ -906,7 +906,7 @@ libpng.txt - A description on how to use and modify libpng Based on: - libpng versions 0.97, January 1998, through 1.4.9beta01 - July 13, 2011 + libpng versions 0.97, January 1998, through 1.4.9beta01 - February 17, 2012 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2010 Glenn Randers-Pehrson @@ -4207,7 +4207,7 @@ Other rules can be inferred by inspecting the libpng source. .SH XIII. Y2K Compliance in libpng -July 13, 2011 +February 17, 2012 Since the PNG Development group is an ad-hoc body, we can't make an official declaration. @@ -4469,7 +4469,7 @@ possible without all of you. Thanks to Frank J. T. Wojcik for helping with the documentation. -Libpng version 1.4.9beta01 - July 13, 2011: +Libpng version 1.4.9beta01 - February 17, 2012: Initially created in 1995 by Guy Eric Schalnat, then of Group 42, Inc. Currently maintained by Glenn Randers-Pehrson (glennrp at users.sourceforge.net). @@ -4492,7 +4492,7 @@ this sentence. This code is released under the libpng license. -libpng versions 1.2.6, August 15, 2004, through 1.4.9beta01, July 13, 2011, are +libpng versions 1.2.6, August 15, 2004, through 1.4.9beta01, February 17, 2012, are Copyright (c) 2004,2006-2007 Glenn Randers-Pehrson, and are distributed according to the same disclaimer and license as libpng-1.2.5 with the following individual added to the list of Contributing Authors @@ -4591,7 +4591,7 @@ certification mark of the Open Source Initiative. Glenn Randers-Pehrson glennrp at users.sourceforge.net -July 13, 2011 +February 17, 2012 .\" end of man page diff --git a/libpngpf.3 b/libpngpf.3 index c6fa8281d..48549fe4e 100644 --- a/libpngpf.3 +++ b/libpngpf.3 @@ -1,4 +1,4 @@ -.TH LIBPNGPF 3 "July 8, 2011" +.TH LIBPNGPF 3 "February 17, 2012" .SH NAME libpng \- Portable Network Graphics (PNG) Reference Library 1.4.9beta01 (private functions) @@ -1,4 +1,4 @@ -.TH PNG 5 "July 8, 2011" +.TH PNG 5 "February 17, 2012" .SH NAME png \- Portable Network Graphics (PNG) format .SH DESCRIPTION @@ -547,13 +547,13 @@ png_get_copyright(png_const_structp png_ptr) #else #ifdef __STDC__ return ((png_charp) PNG_STRING_NEWLINE \ - "libpng version 1.4.9beta01 - July 8, 2011" PNG_STRING_NEWLINE \ + "libpng version 1.4.9beta01 - February 17, 2012" PNG_STRING_NEWLINE \ "Copyright (c) 1998-2010 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \ PNG_STRING_NEWLINE); #else - return ((png_charp) "libpng version 1.4.9beta01 - July 8, 2011\ + return ((png_charp) "libpng version 1.4.9beta01 - February 17, 2012\ Copyright (c) 1998-2010 Glenn Randers-Pehrson\ Copyright (c) 1996-1997 Andreas Dilger\ Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."); @@ -1,7 +1,7 @@ /* png.h - header file for PNG reference library * - * libpng version 1.4.9beta01 - July 8, 2011 + * libpng version 1.4.9beta01 - February 17, 2012 * Copyright (c) 1998-2011 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -11,7 +11,7 @@ * Authors and maintainers: * libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat * libpng versions 0.89c, June 1996, through 0.96, May 1997: Andreas Dilger - * libpng versions 0.97, January 1998, through 1.4.9beta01 - July 8, 2011: Glenn + * libpng versions 0.97, January 1998, through 1.4.9beta01 - February 17, 2012: Glenn * See also "Contributing Authors", below. * * Note about libpng version numbers: @@ -193,7 +193,7 @@ * * This code is released under the libpng license. * - * libpng versions 1.2.6, August 15, 2004, through 1.4.9beta01, July 8, 2011, are + * libpng versions 1.2.6, August 15, 2004, through 1.4.9beta01, February 17, 2012, are * Copyright (c) 2004, 2006-2010 Glenn Randers-Pehrson, and are * distributed according to the same disclaimer and license as libpng-1.2.5 * with the following individual added to the list of Contributing Authors: @@ -305,7 +305,7 @@ * Y2K compliance in libpng: * ========================= * - * July 8, 2011 + * February 17, 2012 * * Since the PNG Development group is an ad-hoc body, we can't make * an official declaration. @@ -369,7 +369,7 @@ /* Version information for png.h - this should match the version in png.c */ #define PNG_LIBPNG_VER_STRING "1.4.9beta01" #define PNG_HEADER_VERSION_STRING \ - " libpng version 1.4.9beta01 - July 8, 2011\n" + " libpng version 1.4.9beta01 - February 17, 2012\n" #define PNG_LIBPNG_VER_SONUM 14 #define PNG_LIBPNG_VER_DLLNUM 14 @@ -1,7 +1,7 @@ /* pngconf.h - machine configurable file for libpng * - * libpng version 1.4.9beta01 - July 8, 2011 + * libpng version 1.4.9beta01 - February 17, 2012 * For conditions of distribution and use, see copyright notice in png.h * Copyright (c) 1998-2011 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) diff --git a/pngpread.c b/pngpread.c index a2d8dbf6e..47dc1ec28 100644 --- a/pngpread.c +++ b/pngpread.c @@ -701,7 +701,7 @@ png_push_save_buffer(png_structp png_ptr) new_max = png_ptr->save_buffer_size + png_ptr->current_buffer_size + 256; old_buffer = png_ptr->save_buffer; png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr, - (png_size_t)new_max); + new_max); if (png_ptr->save_buffer == NULL) { png_free(png_ptr, old_buffer); @@ -1219,7 +1219,7 @@ png_push_handle_tEXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 #endif png_ptr->current_text = (png_charp)png_malloc(png_ptr, - (png_size_t)(length + 1)); + length + 1); png_ptr->current_text[length] = '\0'; png_ptr->current_text_ptr = png_ptr->current_text; png_ptr->current_text_size = (png_size_t)length; @@ -1319,7 +1319,7 @@ png_push_handle_zTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 #endif png_ptr->current_text = (png_charp)png_malloc(png_ptr, - (png_size_t)(length + 1)); + length + 1); png_ptr->current_text[length] = '\0'; png_ptr->current_text_ptr = png_ptr->current_text; png_ptr->current_text_size = (png_size_t)length; @@ -1518,7 +1518,7 @@ png_push_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 #endif png_ptr->current_text = (png_charp)png_malloc(png_ptr, - (png_size_t)(length + 1)); + length + 1); png_ptr->current_text[length] = '\0'; png_ptr->current_text_ptr = png_ptr->current_text; png_ptr->current_text_size = (png_size_t)length; @@ -1657,7 +1657,7 @@ png_push_handle_unknown(png_structp png_ptr, png_infop info_ptr, png_uint_32 png_ptr->unknown_chunk.name[png_sizeof(png_ptr->unknown_chunk.name) - 1] = '\0'; - png_ptr->unknown_chunk.size = (png_size_t)length; + png_ptr->unknown_chunk.size = length; if (length == 0) png_ptr->unknown_chunk.data = NULL; @@ -1665,7 +1665,7 @@ png_push_handle_unknown(png_structp png_ptr, png_infop info_ptr, png_uint_32 else { png_ptr->unknown_chunk.data = (png_bytep)png_malloc(png_ptr, - (png_size_t)length); + length); png_crc_read(png_ptr, (png_bytep)png_ptr->unknown_chunk.data, length); } @@ -1,7 +1,7 @@ /* pngpriv.h - private declarations for use inside libpng * - * libpng version 1.4.9beta01 - July 8, 2011 + * libpng version 1.4.9beta01 - February 17, 2012 * For conditions of distribution and use, see copyright notice in png.h * Copyright (c) 1998-2011 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) diff --git a/pngrutil.c b/pngrutil.c index ac3101bfb..d8f11f03d 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -377,15 +377,18 @@ png_decompress_chunk(png_structp png_ptr, int comp_type, /* Now check the limits on this chunk - if the limit fails the * compressed data will be removed, the prefix will remain. */ + if (prefix_size >= (~(png_size_t)0) - 1 || + expanded_size >= (~(png_size_t)0) - 1 - prefix_size #ifdef PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED - if (png_ptr->user_chunk_malloc_max && + || (png_ptr->user_chunk_malloc_max && (prefix_size + expanded_size >= png_ptr->user_chunk_malloc_max - 1)) #else # ifdef PNG_USER_CHUNK_MALLOC_MAX - if ((PNG_USER_CHUNK_MALLOC_MAX > 0) && + || ((PNG_USER_CHUNK_MALLOC_MAX > 0) && prefix_size + expanded_size >= PNG_USER_CHUNK_MALLOC_MAX - 1) # endif #endif + ) png_warning(png_ptr, "Exceeded size limit while expanding chunk"); /* If the size is zero either there was an error and a message @@ -1261,7 +1264,7 @@ png_handle_sPLT(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) png_free(png_ptr, png_ptr->chunkdata); png_ptr->chunkdata = (png_charp)png_malloc(png_ptr, length + 1); - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, skip)) diff --git a/projects/vstudio/readme.txt b/projects/vstudio/readme.txt index 66c4e6789..e192c4242 100644 --- a/projects/vstudio/readme.txt +++ b/projects/vstudio/readme.txt @@ -1,7 +1,7 @@ VisualStudio instructions -libpng version 1.4.9beta01 - July 8, 2011 +libpng version 1.4.9beta01 - February 17, 2012 Copyright (c) 1998-2010 Glenn Randers-Pehrson diff --git a/projects/vstudio/zlib.props b/projects/vstudio/zlib.props index 1233ea737..18670e604 100644 --- a/projects/vstudio/zlib.props +++ b/projects/vstudio/zlib.props @@ -2,7 +2,7 @@ <!-- * zlib.props - location of zlib source and build * - * libpng version 1.4.9beta01 - July 8, 2011 + * libpng version 1.4.9beta01 - February 17, 2012 * * Copyright (c) 1998-2011 Glenn Randers-Pehrson * diff --git a/scripts/README.txt b/scripts/README.txt index a446cd622..cd9217026 100644 --- a/scripts/README.txt +++ b/scripts/README.txt @@ -1,5 +1,5 @@ -Makefiles for libpng version 1.4.9beta01 - July 8, 2011 +Makefiles for libpng version 1.4.9beta01 - February 17, 2012 makefile.linux => Linux/ELF makefile (gcc, creates libpng14.so.14.1.4.9beta01) diff --git a/sunfix-makefile.patch b/sunfix-makefile.patch new file mode 100644 index 000000000..70ea403f6 --- /dev/null +++ b/sunfix-makefile.patch @@ -0,0 +1,16 @@ +Index: libpng-1.2.46/Makefile.am +=================================================================== +--- libpng-1.2.46.orig/Makefile.am 2011-08-30 14:48:43.039223476 +0400 ++++ libpng-1.2.46/Makefile.am 2011-08-30 15:02:18.775861919 +0400 +@@ -49,7 +49,11 @@ + + if HAVE_LD_VERSION_SCRIPT + # Versioned symbols and restricted exports ++if HAVE_SOLARIS_LD ++ libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_LDFLAGS += -Wl,-M Wl,libpng.vers ++else ++ libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_LDFLAGS += -Wl,--version-script=libpng.vers ++endif + libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_DEPENDENCIES = libpng.vers + else + # Only restricted exports when possible diff --git a/sunfix.patch b/sunfix.patch new file mode 100644 index 000000000..8b281cd0d --- /dev/null +++ b/sunfix.patch @@ -0,0 +1,45 @@ +Index: libpng-1.2.46/configure.ac +=================================================================== +--- libpng-1.2.46.orig/configure.ac 2011-08-30 14:48:43.039028289 +0400 ++++ libpng-1.2.46/configure.ac 2011-08-30 14:56:09.680021389 +0400 +@@ -78,8 +78,23 @@ + AC_SUBST(LIBPNG_DEFINES) + AC_SUBST(LIBPNG_NO_MMX) + ++AC_MSG_CHECKING([if using Solaris linker]) ++SLD=`$LD --version 2>&1 | grep Solaris` ++if test "$SLD"; then ++ have_solaris_ld=yes ++ AC_MSG_RESULT(yes) ++else ++ have_solaris_ld=no ++ AC_MSG_RESULT(no) ++fi ++AM_CONDITIONAL(HAVE_SOLARIS_LD, test "$have_solaris_ld" = "yes") ++ + AC_MSG_CHECKING([if libraries can be versioned]) +-GLD=`$LD --help < /dev/null 2>/dev/null | grep version-script` ++if test "$have_solaris_ld" = "yes"; then ++ GLD=`$LD --help < /dev/null 2>&1 | grep 'M mapfile'` ++else ++ GLD=`$LD --help < /dev/null 2>/dev/null | grep version-script` ++fi + if test "$GLD"; then + have_ld_version_script=yes + AC_MSG_RESULT(yes) +Index: libpng-1.2.46/Makefile.am +=================================================================== +--- libpng-1.2.46.orig/Makefile.am 2011-08-30 14:48:43.039223476 +0400 ++++ libpng-1.2.46/Makefile.am 2011-08-30 15:02:18.775861919 +0400 +@@ -49,7 +49,11 @@ + + if HAVE_LD_VERSION_SCRIPT + # Versioned symbols and restricted exports ++if HAVE_SOLARIS_LD ++ libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_LDFLAGS += -Wl,-M Wl,libpng.vers ++else ++ libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_LDFLAGS += -Wl,--version-script=libpng.vers ++endif + libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_DEPENDENCIES = libpng.vers + else + # Only restricted exports when possible |