diff options
Diffstat (limited to 'ANNOUNCE')
-rw-r--r-- | ANNOUNCE | 56 |
1 files changed, 24 insertions, 32 deletions
@@ -1,5 +1,5 @@ -Libpng 1.0.63 - February 6, 2014 +Libpng 1.0.65 - December 3, 2015 This is a public release of libpng, intended for use in production codes. @@ -8,51 +8,43 @@ Files available for download: Source files with LF line endings (for Unix/Linux) and with a "configure" script - libpng-1.0.63.tar.xz (LZMA-compressed, recommended) - libpng-1.0.63.tar.gz - libpng-1.0.63.tar.bz2 + libpng-1.0.65.tar.xz (LZMA-compressed, recommended) + libpng-1.0.65.tar.gz Source files with LF line endings (for Unix/Linux) without the "configure" script - libpng-1.0.63-no-config.tar.xz (LZMA-compressed, recommended) - libpng-1.0.63-no-config.tar.gz - libpng-1.0.63-no-config.tar.bz2 + libpng-1.0.65-no-config.tar.xz (LZMA-compressed, recommended) + libpng-1.0.65-no-config.tar.gz Source files with CRLF line endings (for Windows), without the "configure" script - lpng1063.zip - lpng1063.7z - lpng1063.tar.bz2 + lpng1065.zip + lpng1065.7z Project files - libpng-1.0.63-project-netware.zip - libpng-1.0.63-project-wince.zip + libpng-1.0.65-project-netware.zip + libpng-1.0.65-project-wince.zip Other information: - libpng-1.0.63-README.txt - libpng-1.0.63-KNOWNBUGS.txt - libpng-1.0.63-LICENSE.txt - libpng-1.0.63-Y2K-compliance.txt - libpng-1.0.63-*.asc (armored detached GPG signatures) - -Changes since the last public release (1.0.62): - - Issue a png_error() instead of a png_warning() when width is - potentially too large for the architecture, in case the calling - application has overridden the default 1,000,000-column limit - (fixes CVE-2014-9495 and CVE-2015-0973). - Quieted some harmless warnings from Coverity-scan. - Display user limits in the output from pngtest. - Changed PNG_USER_CHUNK_MALLOC_MAX from unlimited to 8,000,000. - This can only be changed at library-build time. It only - affects the maximum memory that can be allocated to an - ancillary chunk; it does not limit the size of IDAT - data, which is instead limited by PNG_USER_WIDTH_MAX. - Rebuilt configure scripts with automake-1.15 and libtool-2.4.6 + libpng-1.0.65-README.txt + libpng-1.0.65-KNOWNBUGS.txt + libpng-1.0.65-LICENSE.txt + libpng-1.0.65-Y2K-compliance.txt + libpng-1.0.65-*.asc (armored detached GPG signatures) + +Changes since the last public release (1.0.64): + + Avoid potential pointer overflow in png_handle_iTXt(), png_handle_zTXt(), + png_handle_sPLT(), and png_handle_pCAL() (Bug report by John Regehr). + Fixed incorrect implementation of png_set_PLTE() that uses png_ptr + not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126 + vulnerability. + Discontinued distributing tar.bz2 archives. + Discontinued distributing libpng-oldversion-newversion-diff.txt Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit |