Hello community, here is the log from the commit of package libpng15 for openSUSE:Factory checked in at 2012-02-21 07:32:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libpng15 (Old) and /work/SRC/openSUSE:Factory/.libpng15.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libpng15", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/libpng15/libpng15.changes 2012-02-03 10:23:43.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libpng15.new/libpng15.changes 2012-02-21 07:32:31.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Feb 20 10:02:51 UTC 2012 - pgajdos@suse.com + +- updated to 1.5.9: + * fixed CVE-2011-3026 [bnc#747311] + +------------------------------------------------------------------- Old: ---- libpng-1.5.8.tar.bz2 New: ---- libpng-1.5.9.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libpng15.spec ++++++ --- /var/tmp/diff_new_pack.FUUZsO/_old 2012-02-21 07:32:36.000000000 +0100 +++ /var/tmp/diff_new_pack.FUUZsO/_new 2012-02-21 07:32:36.000000000 +0100 @@ -19,7 +19,7 @@ # %define major 1 %define minor 5 -%define micro 8 +%define micro 9 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} @@ -94,7 +94,6 @@ %setup -n libpng-%{version} %build -./autogen.sh # We'll never use the old pgcc-2.95.1 with the buggy -O3, so having # the -O3 that is originally used should work. # Substitute the -O2 to -O3 because I'm not sure if simply appending ++++++ libpng-1.5.8.tar.bz2 -> libpng-1.5.9.tar.bz2 ++++++ ++++ 4281 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/ANNOUNCE new/libpng-1.5.9/ANNOUNCE --- old/libpng-1.5.8/ANNOUNCE 2012-02-01 06:00:33.000000000 +0100 +++ new/libpng-1.5.9/ANNOUNCE 2012-02-18 21:31:13.000000000 +0100 @@ -1,5 +1,5 @@ -Libpng 1.5.8 - February 1, 2012 +Libpng 1.5.9 - February 18, 2012 This is a public release of libpng, intended for use in production codes. @@ -8,30 +8,30 @@ Source files with LF line endings (for Unix/Linux) and with a "configure" script - libpng-1.5.8.tar.xz (LZMA-compressed, recommended) - libpng-1.5.8.tar.gz - libpng-1.5.8.tar.bz2 + libpng-1.5.9.tar.xz (LZMA-compressed, recommended) + libpng-1.5.9.tar.gz + libpng-1.5.9.tar.bz2 Source files with CRLF line endings (for Windows), without the "configure" script - lpng158.7z (LZMA-compressed, recommended) - lpng158.zip + lpng159.7z (LZMA-compressed, recommended) + lpng159.zip Other information: - libpng-1.5.8-README.txt - libpng-1.5.8-LICENSE.txt + libpng-1.5.9-README.txt + libpng-1.5.9-LICENSE.txt -Changes since the last public release (1.5.7): - Removed '#include config.h"' from contrib/libtests/pngvalid.c. It's not - needed and causes trouble for VPATH building. - Moved AC_MSG_CHECKING([if libraries can be versioned]) later to the proper - location in configure.ac (Gilles Espinasse). - Fix bug in pngerror.c: some long warnings were being improperly truncated - (bug introduced in libpng-1.5.4). - Fixed Min/GW uninstall to remove libpng.dll.a - Conditionalize the install rules for MINGW and CYGWIN in CMakeLists.txt +Changes since the last public release (1.5.8): + + Rebuilt configure scripts in the tar distributions. + Removed two unused definitions from scripts/pnglibconf.h.prebuilt + Removed some unused arrays (with #ifdef) from png_read_push_finish_row(). + Removed tests for no-longer-used *_EMPTY_PLTE_SUPPORTED from pngstruct.h + Fixed CVE-2011-3026 buffer overrun bug. Deal more correctly with the test + on iCCP chunk length. Also removed spurious casts that may hide problems + on 16-bit systems. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/CHANGES new/libpng-1.5.9/CHANGES --- old/libpng-1.5.8/CHANGES 2012-02-01 06:00:34.000000000 +0100 +++ new/libpng-1.5.9/CHANGES 2012-02-18 21:31:13.000000000 +0100 @@ -3782,7 +3782,7 @@ Moved AC_MSG_CHECKING([if libraries can be versioned]) later to the proper location in configure.ac (Gilles Espinasse). Fix bug in pngerror.c: some long warnings were being improperly truncated - (bug introduced in libpng-1.5.3beta05). + (CVE-2011-3464, bug introduced in libpng-1.5.3beta05). Version 1.5.8rc01 [January 21, 2012] No changes. @@ -3791,6 +3791,24 @@ Fixed Min/GW uninstall to remove libpng.dll.a Conditionalize the install rules for MINGW and CYGWIN in CMakeLists.txt +Version 1.5.8 [February 1, 2012] + No changes. + +Version 1.5.9beta01 [February 3, 2012] + Rebuilt configure scripts in the tar distributions. + +Version 1.5.9beta02 [February 16, 2012] + Removed two unused definitions from scripts/pnglibconf.h.prebuilt + Removed some unused arrays (with #ifdef) from png_read_push_finish_row(). + Removed tests for no-longer-used *_EMPTY_PLTE_SUPPORTED from pngstruct.h + +Version 1.5.9rc01 [February 17, 2012] + Fixed CVE-2011-3026 buffer overrun bug. Deal more correctly with the test + on iCCP chunk length. Also removed spurious casts that may hide problems + on 16-bit systems. + +Version 1.5.9 [February 18, 2012] + No changes. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/CMakeLists.txt new/libpng-1.5.9/CMakeLists.txt --- old/libpng-1.5.8/CMakeLists.txt 2012-02-01 06:00:34.000000000 +0100 +++ new/libpng-1.5.9/CMakeLists.txt 2012-02-18 21:31:14.000000000 +0100 @@ -35,7 +35,7 @@ set(PNGLIB_MAJOR 1) set(PNGLIB_MINOR 5) -set(PNGLIB_RELEASE 8) +set(PNGLIB_RELEASE 9) set(PNGLIB_NAME libpng${PNGLIB_MAJOR}${PNGLIB_MINOR}) set(PNGLIB_VERSION ${PNGLIB_MAJOR}.${PNGLIB_MINOR}.${PNGLIB_RELEASE}) @@ -229,7 +229,7 @@ # SET UP LINKS if(PNG_SHARED) set_target_properties(${PNG_LIB_NAME} PROPERTIES -# VERSION 15.${PNGLIB_RELEASE}.1.5.8 +# VERSION 15.${PNGLIB_RELEASE}.1.5.9 VERSION 15.${PNGLIB_RELEASE}.0 SOVERSION 15 CLEAN_DIRECT_OUTPUT 1) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/LICENSE new/libpng-1.5.9/LICENSE --- old/libpng-1.5.8/LICENSE 2012-02-01 06:00:34.000000000 +0100 +++ new/libpng-1.5.9/LICENSE 2012-02-18 21:31:13.000000000 +0100 @@ -10,7 +10,7 @@ This code is released under the libpng license. -libpng versions 1.2.6, August 15, 2004, through 1.5.8, February 1, 2012, are +libpng versions 1.2.6, August 15, 2004, through 1.5.9, February 18, 2012, are Copyright (c) 2004, 2006-2011 Glenn Randers-Pehrson, and are distributed according to the same disclaimer and license as libpng-1.2.5 with the following individual added to the list of Contributing Authors @@ -108,4 +108,4 @@ Glenn Randers-Pehrson glennrp at users.sourceforge.net -February 1, 2012 +February 18, 2012 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/README new/libpng-1.5.9/README --- old/libpng-1.5.8/README 2012-02-01 06:00:34.000000000 +0100 +++ new/libpng-1.5.9/README 2012-02-18 21:31:13.000000000 +0100 @@ -1,4 +1,4 @@ -README for libpng version 1.5.8 - February 1, 2012 (shared library 15.0) +README for libpng version 1.5.9 - February 18, 2012 (shared library 15.0) See the note about version numbers near the top of png.h See INSTALL for instructions on how to install libpng. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/configure.ac new/libpng-1.5.9/configure.ac --- old/libpng-1.5.8/configure.ac 2012-02-01 06:00:37.000000000 +0100 +++ new/libpng-1.5.9/configure.ac 2012-02-18 21:31:17.000000000 +0100 @@ -18,15 +18,15 @@ dnl Version number stuff here: -AC_INIT([libpng], [1.5.8], [png-mng-implement@lists.sourceforge.net]) +AC_INIT([libpng], [1.5.9], [png-mng-implement@lists.sourceforge.net]) AM_INIT_AUTOMAKE dnl stop configure from automagically running automake AM_MAINTAINER_MODE -PNGLIB_VERSION=1.5.8 +PNGLIB_VERSION=1.5.9 PNGLIB_MAJOR=1 PNGLIB_MINOR=5 -PNGLIB_RELEASE=8 +PNGLIB_RELEASE=9 dnl End of version number stuff diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/libpng-manual.txt new/libpng-1.5.9/libpng-manual.txt --- old/libpng-1.5.8/libpng-manual.txt 2012-02-01 06:00:34.000000000 +0100 +++ new/libpng-1.5.9/libpng-manual.txt 2012-02-18 21:31:13.000000000 +0100 @@ -1,6 +1,6 @@ libpng-manual.txt - A description on how to use and modify libpng - libpng version 1.5.8 - February 1, 2012 + libpng version 1.5.9 - February 18, 2012 Updated and distributed by Glenn Randers-Pehrson <glennrp at users.sourceforge.net> Copyright (c) 1998-2011 Glenn Randers-Pehrson @@ -11,7 +11,7 @@ Based on: - libpng versions 0.97, January 1998, through 1.5.8 - February 1, 2012 + libpng versions 0.97, January 1998, through 1.5.9 - February 18, 2012 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2011 Glenn Randers-Pehrson @@ -4573,13 +4573,13 @@ XIV. Y2K Compliance in libpng -February 1, 2012 +February 18, 2012 Since the PNG Development group is an ad-hoc body, we can't make an official declaration. This is your unofficial assurance that libpng from version 0.71 and -upward through 1.5.8 are Y2K compliant. It is my belief that earlier +upward through 1.5.9 are Y2K compliant. It is my belief that earlier versions were also Y2K compliant. Libpng only has three year fields. One is a 2-byte unsigned integer that diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/libpng.3 new/libpng-1.5.9/libpng.3 --- old/libpng-1.5.8/libpng.3 2012-02-01 06:00:33.000000000 +0100 +++ new/libpng-1.5.9/libpng.3 2012-02-18 21:31:13.000000000 +0100 @@ -1,6 +1,6 @@ -.TH LIBPNG 3 "February 1, 2012" +.TH LIBPNG 3 "February 18, 2012" .SH NAME -libpng \- Portable Network Graphics (PNG) Reference Library 1.5.8 +libpng \- Portable Network Graphics (PNG) Reference Library 1.5.9 .SH SYNOPSIS \fI\fB @@ -977,7 +977,7 @@ .SH LIBPNG.TXT libpng-manual.txt - A description on how to use and modify libpng - libpng version 1.5.8 - February 1, 2012 + libpng version 1.5.9 - February 18, 2012 Updated and distributed by Glenn Randers-Pehrson <glennrp at users.sourceforge.net> Copyright (c) 1998-2011 Glenn Randers-Pehrson @@ -988,7 +988,7 @@ Based on: - libpng versions 0.97, January 1998, through 1.5.8 - February 1, 2012 + libpng versions 0.97, January 1998, through 1.5.9 - February 18, 2012 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2011 Glenn Randers-Pehrson @@ -5551,13 +5551,13 @@ .SH XIV. Y2K Compliance in libpng -February 1, 2012 +February 18, 2012 Since the PNG Development group is an ad-hoc body, we can't make an official declaration. This is your unofficial assurance that libpng from version 0.71 and -upward through 1.5.8 are Y2K compliant. It is my belief that earlier +upward through 1.5.9 are Y2K compliant. It is my belief that earlier versions were also Y2K compliant. Libpng only has three year fields. One is a 2-byte unsigned integer that @@ -5764,6 +5764,10 @@ 1.5.7 15 10507 15.so.15.7[.0] 1.5.8beta01 15 10508 15.so.15.8[.0] 1.5.8rc01 15 10508 15.so.15.8[.0] + 1.5.8 15 10508 15.so.15.8[.0] + 1.5.9beta01-02 15 10509 15.so.15.9[.0] + 1.5.9rc01 15 10509 15.so.15.9[.0] + 1.5.9 15 10509 15.so.15.9[.0] Henceforth the source version will match the shared-library minor and patch numbers; the shared-library major version number will be @@ -5820,7 +5824,7 @@ Thanks to Frank J. T. Wojcik for helping with the documentation. -Libpng version 1.5.8 - February 1, 2012: +Libpng version 1.5.9 - February 18, 2012: Initially created in 1995 by Guy Eric Schalnat, then of Group 42, Inc. Currently maintained by Glenn Randers-Pehrson (glennrp at users.sourceforge.net). @@ -5843,7 +5847,7 @@ This code is released under the libpng license. -libpng versions 1.2.6, August 15, 2004, through 1.5.8, February 1, 2012, are +libpng versions 1.2.6, August 15, 2004, through 1.5.9, February 18, 2012, are Copyright (c) 2004,2006-2007 Glenn Randers-Pehrson, and are distributed according to the same disclaimer and license as libpng-1.2.5 with the following individual added to the list of Contributing Authors @@ -5942,7 +5946,7 @@ Glenn Randers-Pehrson glennrp at users.sourceforge.net -February 1, 2012 +February 18, 2012 .\" end of man page diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/libpngpf.3 new/libpng-1.5.9/libpngpf.3 --- old/libpng-1.5.8/libpngpf.3 2012-02-01 06:00:34.000000000 +0100 +++ new/libpng-1.5.9/libpngpf.3 2012-02-18 21:31:13.000000000 +0100 @@ -1,6 +1,6 @@ -.TH LIBPNGPF 3 "February 1, 2012" +.TH LIBPNGPF 3 "February 18, 2012" .SH NAME -libpng \- Portable Network Graphics (PNG) Reference Library 1.5.8 +libpng \- Portable Network Graphics (PNG) Reference Library 1.5.9 (private functions) .SH SYNOPSIS \fB#include \fI"pngpriv.h" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/png.5 new/libpng-1.5.9/png.5 --- old/libpng-1.5.8/png.5 2012-02-01 06:00:34.000000000 +0100 +++ new/libpng-1.5.9/png.5 2012-02-18 21:31:14.000000000 +0100 @@ -1,4 +1,4 @@ -.TH PNG 5 "February 1, 2012" +.TH PNG 5 "February 18, 2012" .SH NAME png \- Portable Network Graphics (PNG) format .SH DESCRIPTION diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/png.c new/libpng-1.5.9/png.c --- old/libpng-1.5.8/png.c 2012-02-01 06:00:34.000000000 +0100 +++ new/libpng-1.5.9/png.c 2012-02-18 21:31:14.000000000 +0100 @@ -14,7 +14,7 @@ #include "pngpriv.h" /* Generate a compiler error if there is an old png.h in the search path. */ -typedef png_libpng_version_1_5_8 Your_png_h_is_not_version_1_5_8; +typedef png_libpng_version_1_5_9 Your_png_h_is_not_version_1_5_9; /* Tells libpng that we have already handled the first "num_bytes" bytes * of the PNG file signature. If the PNG data is embedded into another @@ -655,13 +655,13 @@ #else # ifdef __STDC__ return PNG_STRING_NEWLINE \ - "libpng version 1.5.8 - February 1, 2012" PNG_STRING_NEWLINE \ + "libpng version 1.5.9 - February 18, 2012" PNG_STRING_NEWLINE \ "Copyright (c) 1998-2011 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \ PNG_STRING_NEWLINE; # else - return "libpng version 1.5.8 - February 1, 2012\ + return "libpng version 1.5.9 - February 18, 2012\ Copyright (c) 1998-2011 Glenn Randers-Pehrson\ Copyright (c) 1996-1997 Andreas Dilger\ Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/png.h new/libpng-1.5.9/png.h --- old/libpng-1.5.8/png.h 2012-02-01 06:00:34.000000000 +0100 +++ new/libpng-1.5.9/png.h 2012-02-18 21:31:13.000000000 +0100 @@ -1,7 +1,7 @@ /* png.h - header file for PNG reference library * - * libpng version 1.5.8 - February 1, 2012 + * libpng version 1.5.9 - February 18, 2012 * Copyright (c) 1998-2012 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -11,7 +11,7 @@ * Authors and maintainers: * libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat * libpng versions 0.89c, June 1996, through 0.96, May 1997: Andreas Dilger - * libpng versions 0.97, January 1998, through 1.5.8 - February 1, 2012: Glenn + * libpng versions 0.97, January 1998, through 1.5.9 - February 18, 2012: Glenn * See also "Contributing Authors", below. * * Note about libpng version numbers: @@ -168,6 +168,10 @@ * 1.5.7 15 10507 15.so.15.7[.0] * 1.5.8beta01 15 10508 15.so.15.8[.0] * 1.5.8rc01 15 10508 15.so.15.8[.0] + * 1.5.8 15 10508 15.so.15.8[.0] + * 1.5.9beta01-02 15 10509 15.so.15.9[.0] + * 1.5.9rc01 15 10509 15.so.15.9[.0] + * 1.5.9 15 10509 15.so.15.9[.0] * * Henceforth the source version will match the shared-library major * and minor numbers; the shared-library major version number will be @@ -199,7 +203,7 @@ * * This code is released under the libpng license. * - * libpng versions 1.2.6, August 15, 2004, through 1.5.8, February 1, 2012, are + * libpng versions 1.2.6, August 15, 2004, through 1.5.9, February 18, 2012, are * Copyright (c) 2004, 2006-2012 Glenn Randers-Pehrson, and are * distributed according to the same disclaimer and license as libpng-1.2.5 * with the following individual added to the list of Contributing Authors: @@ -311,13 +315,13 @@ * Y2K compliance in libpng: * ========================= * - * February 1, 2012 + * February 18, 2012 * * Since the PNG Development group is an ad-hoc body, we can't make * an official declaration. * * This is your unofficial assurance that libpng from version 0.71 and - * upward through 1.5.8 are Y2K compliant. It is my belief that + * upward through 1.5.9 are Y2K compliant. It is my belief that * earlier versions were also Y2K compliant. * * Libpng only has two year fields. One is a 2-byte unsigned integer @@ -375,9 +379,9 @@ */ /* Version information for png.h - this should match the version in png.c */ -#define PNG_LIBPNG_VER_STRING "1.5.8" +#define PNG_LIBPNG_VER_STRING "1.5.9" #define PNG_HEADER_VERSION_STRING \ - " libpng version 1.5.8 - February 1, 2012\n" + " libpng version 1.5.9 - February 18, 2012\n" #define PNG_LIBPNG_VER_SONUM 15 #define PNG_LIBPNG_VER_DLLNUM 15 @@ -385,7 +389,7 @@ /* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */ #define PNG_LIBPNG_VER_MAJOR 1 #define PNG_LIBPNG_VER_MINOR 5 -#define PNG_LIBPNG_VER_RELEASE 8 +#define PNG_LIBPNG_VER_RELEASE 9 /* This should match the numeric part of the final component of * PNG_LIBPNG_VER_STRING, omitting any leading zero: @@ -416,7 +420,7 @@ * version 1.0.0 was mis-numbered 100 instead of 10000). From * version 1.0.1 it's xxyyzz, where x=major, y=minor, z=release */ -#define PNG_LIBPNG_VER 10508 /* 1.5.8 */ +#define PNG_LIBPNG_VER 10509 /* 1.5.9 */ /* Library configuration: these options cannot be changed after * the library has been built. @@ -538,7 +542,7 @@ /* This triggers a compiler error in png.c, if png.c and png.h * do not agree upon the version number. */ -typedef char* png_libpng_version_1_5_8; +typedef char* png_libpng_version_1_5_9; /* Three color definitions. The order of the red, green, and blue, (and the * exact size) is not important, although the size of the fields need to diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/pngconf.h new/libpng-1.5.9/pngconf.h --- old/libpng-1.5.8/pngconf.h 2012-02-01 06:00:34.000000000 +0100 +++ new/libpng-1.5.9/pngconf.h 2012-02-18 21:31:13.000000000 +0100 @@ -1,7 +1,7 @@ /* pngconf.h - machine configurable file for libpng * - * libpng version 1.5.8 - February 1, 2012 + * libpng version 1.5.9 - February 18, 2012 * * Copyright (c) 1998-2012 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/pngerror.c new/libpng-1.5.9/pngerror.c --- old/libpng-1.5.8/pngerror.c 2012-02-01 06:00:34.000000000 +0100 +++ new/libpng-1.5.9/pngerror.c 2012-02-18 21:31:14.000000000 +0100 @@ -1,7 +1,7 @@ /* pngerror.c - stub functions for i/o and memory allocation * - * Last changed in libpng 1.5.7 [February 1, 2012] + * Last changed in libpng 1.5.8 [February 1, 2011] * Copyright (c) 1998-2012 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/pngpread.c new/libpng-1.5.9/pngpread.c --- old/libpng-1.5.8/pngpread.c 2012-02-01 06:00:34.000000000 +0100 +++ new/libpng-1.5.9/pngpread.c 2012-02-18 21:31:14.000000000 +0100 @@ -1,7 +1,7 @@ /* pngpread.c - read a png file in push mode * - * Last changed in libpng 1.5.7 [December 15, 2011] + * Last changed in libpng 1.5.9 [February 18, 2012] * Copyright (c) 1998-2011 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -730,8 +730,7 @@ new_max = png_ptr->save_buffer_size + png_ptr->current_buffer_size + 256; old_buffer = png_ptr->save_buffer; - png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr, - (png_size_t)new_max); + png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr, new_max); if (png_ptr->save_buffer == NULL) { @@ -1201,6 +1200,7 @@ void /* PRIVATE */ png_read_push_finish_row(png_structp png_ptr) { +#ifdef PNG_READ_INTERLACING_SUPPORTED /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */ /* Start of interlace block */ @@ -1219,6 +1219,7 @@ * it, uncomment it here and in png.h static PNG_CONST png_byte FARDATA png_pass_height[] = {8, 8, 4, 4, 2, 2, 1}; */ +#endif png_ptr->row_number++; if (png_ptr->row_number < png_ptr->num_rows) @@ -1285,8 +1286,7 @@ } #endif - png_ptr->current_text = (png_charp)png_malloc(png_ptr, - (png_size_t)(length + 1)); + png_ptr->current_text = (png_charp)png_malloc(png_ptr, length + 1); png_ptr->current_text[length] = '\0'; png_ptr->current_text_ptr = png_ptr->current_text; png_ptr->current_text_size = (png_size_t)length; @@ -1384,8 +1384,7 @@ } #endif - png_ptr->current_text = (png_charp)png_malloc(png_ptr, - (png_size_t)(length + 1)); + png_ptr->current_text = (png_charp)png_malloc(png_ptr, length + 1); png_ptr->current_text[length] = '\0'; png_ptr->current_text_ptr = png_ptr->current_text; png_ptr->current_text_size = (png_size_t)length; @@ -1586,8 +1585,7 @@ } #endif - png_ptr->current_text = (png_charp)png_malloc(png_ptr, - (png_size_t)(length + 1)); + png_ptr->current_text = (png_charp)png_malloc(png_ptr, length + 1); png_ptr->current_text[length] = '\0'; png_ptr->current_text_ptr = png_ptr->current_text; png_ptr->current_text_size = (png_size_t)length; @@ -1732,8 +1730,7 @@ */ PNG_CSTRING_FROM_CHUNK(png_ptr->unknown_chunk.name, png_ptr->chunk_name); - /* The following cast should be safe because of the check above. */ - png_ptr->unknown_chunk.size = (png_size_t)length; + png_ptr->unknown_chunk.size = length; if (length == 0) png_ptr->unknown_chunk.data = NULL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/pngrutil.c new/libpng-1.5.9/pngrutil.c --- old/libpng-1.5.8/pngrutil.c 2012-02-01 06:00:34.000000000 +0100 +++ new/libpng-1.5.9/pngrutil.c 2012-02-18 21:31:14.000000000 +0100 @@ -1,8 +1,8 @@ /* pngrutil.c - utilities to read a PNG file * - * Last changed in libpng 1.5.7 [December 15, 2011] - * Copyright (c) 1998-2011 Glenn Randers-Pehrson + * Last changed in libpng 1.5.9 [February 18, 2012] + * Copyright (c) 1998-2012 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -432,15 +432,18 @@ /* Now check the limits on this chunk - if the limit fails the * compressed data will be removed, the prefix will remain. */ + if (prefix_size >= (~(png_size_t)0) - 1 || + expanded_size >= (~(png_size_t)0) - 1 - prefix_size #ifdef PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED - if (png_ptr->user_chunk_malloc_max && + || (png_ptr->user_chunk_malloc_max && (prefix_size + expanded_size >= png_ptr->user_chunk_malloc_max - 1)) #else # ifdef PNG_USER_CHUNK_MALLOC_MAX - if ((PNG_USER_CHUNK_MALLOC_MAX > 0) && + || ((PNG_USER_CHUNK_MALLOC_MAX > 0) && prefix_size + expanded_size >= PNG_USER_CHUNK_MALLOC_MAX - 1) # endif #endif + ) png_warning(png_ptr, "Exceeded size limit while expanding chunk"); /* If the size is zero either there was an error and a message @@ -448,12 +451,7 @@ * and we have nothing to do - the code will exit through the * error case below. */ -#if defined(PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED) || \ - defined(PNG_USER_CHUNK_MALLOC_MAX) else if (expanded_size > 0) -#else - if (expanded_size > 0) -#endif { /* Success (maybe) - really uncompress the chunk. */ png_size_t new_size = 0; @@ -1279,7 +1277,7 @@ png_free(png_ptr, png_ptr->chunkdata); png_ptr->chunkdata = (png_charp)png_malloc(png_ptr, length + 1); - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, skip)) @@ -1429,7 +1427,7 @@ * that the PNG_MAX_MALLOC_64K test is enabled in this case, but this is a * potential breakage point if the types in pngconf.h aren't exactly right. */ - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, skip)) @@ -1956,7 +1954,7 @@ return; } - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, 0)) @@ -2105,7 +2103,7 @@ return; } - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); png_ptr->chunkdata[slength] = 0x00; /* Null terminate the last string */ @@ -2265,7 +2263,7 @@ return; } - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, skip)) @@ -2373,7 +2371,7 @@ return; } - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, 0)) @@ -2504,7 +2502,7 @@ return; } - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, 0)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/pngstruct.h new/libpng-1.5.9/pngstruct.h --- old/libpng-1.5.8/pngstruct.h 2012-02-01 06:00:34.000000000 +0100 +++ new/libpng-1.5.9/pngstruct.h 2012-02-18 21:31:13.000000000 +0100 @@ -5,7 +5,7 @@ * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * - * Last changed in libpng 1.5.5 [September 22, 2011] + * Last changed in libpng 1.5.9 [February 18, 2012] * * This code is released under the libpng license. * For conditions of distribution and use, see the disclaimer @@ -283,9 +283,7 @@ #endif /* New member added in libpng-1.0.4 (renamed in 1.0.9) */ -#if defined(PNG_MNG_FEATURES_SUPPORTED) || \ - defined(PNG_READ_EMPTY_PLTE_SUPPORTED) || \ - defined(PNG_WRITE_EMPTY_PLTE_SUPPORTED) +#if defined(PNG_MNG_FEATURES_SUPPORTED) /* Changed from png_byte to png_uint_32 at version 1.2.0 */ png_uint_32 mng_features_permitted; #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/pngtest.c new/libpng-1.5.9/pngtest.c --- old/libpng-1.5.8/pngtest.c 2012-02-01 06:00:34.000000000 +0100 +++ new/libpng-1.5.9/pngtest.c 2012-02-18 21:31:14.000000000 +0100 @@ -1165,7 +1165,7 @@ pngtest_debug1("Handling %d iTXt/tEXt/zTXt chunks", num_text); if (verbose) - printf("\nText compression=%d\n", text_ptr->compression); + printf("\n Text compression=%d\n", text_ptr->compression); png_set_text(write_ptr, write_info_ptr, text_ptr, num_text); } @@ -1817,4 +1817,4 @@ } /* Generate a compiler error if there is an old png.h in the search path. */ -typedef png_libpng_version_1_5_8 Your_png_h_is_not_version_1_5_8; +typedef png_libpng_version_1_5_9 Your_png_h_is_not_version_1_5_9; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/projects/vstudio/readme.txt new/libpng-1.5.9/projects/vstudio/readme.txt --- old/libpng-1.5.8/projects/vstudio/readme.txt 2012-02-01 06:00:36.000000000 +0100 +++ new/libpng-1.5.9/projects/vstudio/readme.txt 2012-02-18 21:31:16.000000000 +0100 @@ -1,7 +1,7 @@ VisualStudio instructions -libpng version 1.5.8 - February 1, 2012 +libpng version 1.5.9 - February 18, 2012 Copyright (c) 1998-2010 Glenn Randers-Pehrson diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.5.8/projects/vstudio/zlib.props new/libpng-1.5.9/projects/vstudio/zlib.props --- old/libpng-1.5.8/projects/vstudio/zlib.props 2012-02-01 06:00:36.000000000 +0100 +++ new/libpng-1.5.9/projects/vstudio/zlib.props 2012-02-18 21:31:16.000000000 +0100 @@ -2,7 +2,7 @@ Reply