#9682: libpng-1.6.32
-------------------------+-----------------------
Reporter: bdubbs@… | Owner: bdubbs@…
Type: enhancement | Status: assigned
Priority: normal | Milestone: 8.2
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+-----------------------
Comment (by bdubbs@…):
{{{
Version 1.6.32beta01 [July 31, 2017]
- Avoid possible NULL dereference in png_handle_eXIf when benign_errors
are allowed. Avoid leaking the input buffer "eXIf_buf".
- Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif
to arguments for png_get_eXIf() and png_set_eXIf().
- Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in
pngwrite.c, and made various other fixes to png_write_eXIf().
- Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and
png_set_eXIf_1(), respectively, to avoid breaking API compatibility
with libpng-1.6.31.
Version 1.6.32beta02 [August 1, 2017]
- Updated contrib/libtests/pngunknown.c with eXIf chunk.
Version 1.6.32beta03 [August 2, 2017]
- Initialized btoa[] in pngstest.c
- Stop memory leak when returning from png_handle_eXIf() with an error
(Bug report from the OSS-fuzz project).
Version 1.6.32beta04 [August 2, 2017]
- Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
- Update libpng.3 and libpng-manual.txt about eXIf functions.
Version 1.6.32beta05 [August 2, 2017]
- Restored png_get_eXIf() and png_set_eXIf() to maintain API
compatability.
Version 1.6.32beta06 [August 2, 2017]
- Removed png_get_eXIf_1() and png_set_eXIf_1().
Version 1.6.32beta07 [August 3, 2017]
- Check length of all chunks except IDAT against user limit to fix an
OSS-fuzz issue.
Version 1.6.32beta08 [August 3, 2017]
- Check length of IDAT against maximum possible IDAT size, accounting
for height, rowbytes, interlacing and zlib/deflate overhead.
- Restored png_get_eXIf_1() and png_set_eXIf_1(), because
strlen(eXIf_buf)
does not work (the eXIf chunk data can contain zeroes).
Version 1.6.32beta09 [August 3, 2017]
- Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation,
no longer using deprecated cmake LOCATION feature (Clifford Yapp).
- Fixed five-byte error in the calculation of IDAT maximum possible size.
Version 1.6.32beta10 [August 5, 2017]
- Moved chunk-length check into a png_check_chunk_length() private
function (Suggested by Max Stepin).
- Moved bad pngs from tests to contrib/libtests/crashers
- Moved testing of bad pngs into a separate tests/pngtest-badpngs script
- Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL
in the output but PASS for the libpng test.
- Require cmake-3.0.2 in CMakeLists.txt (Clifford Yapp).
- Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the
num_exif argument to png_get_eXIf_1() (Github Issue 171).
Version 1.6.32beta11 [August 7, 2017]
- Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
- Added huge_IDAT.png and empty_ancillary_chunks.png to
testpngs/crashers.
- Make pngtest --strict, --relax, --xfail options imply -m (multiple).
- Removed unused chunk_name parameter from png_check_chunk_length().
- Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak.
- Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue.
- Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz
UMR.
- Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.
- Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to
account
for the minimum 'deflate' stream, and relocate the test to a point
after the keyword has been read.
- Check that the eXIf chunk has at least 2 bytes and begins with "II" or
"MM".
Version 1.6.32rc01 [August 18, 2017]
- Added a set of "huge_xxxx_chunk.png" files to
contrib/testpngs/crashers,
one for each known chunk type, with length = 2GB-1.
- Check for 0 return from png_get_rowbytes() and added some (size_t)
typecasts
in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706,
and 162707).
- Renamed chunks in contrib/testpngs/crashers to avoid having files whose
names differ only in case; this causes problems with some platforms
(github issue #172).
Version 1.6.32rc02 [August 22, 2017]
- Added contrib/oss-fuzz directory which contains files used by the oss-
fuzz
project (https://github.com/google/oss-
fuzz/tree/master/projects/libpng).
Version 1.6.32 [August 24, 2017]
- No changes.
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/9682#comment:2>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
