-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-9633 2008-11-13 02:40:16 --------------------------------------------------------------------------------
Name : optipng Product : Fedora 9 Version : 0.6.2 Release : 1.fc9 URL : http://optipng.sourceforge.net/ Summary : PNG optimizer and converter Description : OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. This program also converts external formats (BMP, GIF, PNM and TIFF) to optimized PNG, and performs PNG integrity checks and corrections. -------------------------------------------------------------------------------- Update Information: The main reason for this update is a buffer overflow that is removed in this version, that could be triggered by processing specially crafted bitmap images (*.bmp). Aggregated upstream changelog: ============================== ++ Put back a speed optimization, accidentally removed in version 0.6, allowing singleton trials (-o1) to be bypassed in certain conditions. !! Fixed an array overflow in the BMP reader. !! Fixed the loss of private chunks under the -snip option. + Produced a more concise on-screen output in the non-verbose mode. (Thanks to Vincent Lefevre for the suggestion.) * Added a programming interface to the optimization engine, in order to facilitate the development of PNG-optimizing GUI apps and plugins. ! Fixed processing when image reduction yields an output larger than the original. (Thanks to Michael Krishtopa for the report.) ! Fixed behavior of -preserve. (Thanks to Bill Koch for the report.) - Removed displaying of partial progress when abandoning IDATs under the -v option. The percentages displayed were not very accurate. ++ Implemented grayscale(alpha)-to-palette reductions. ++ Improved conversion of bKGD info during RGB-to-palette reductions. (Thanks to Matthew Fearnley for the contribution.) !! Fixed conversion of bKGD and tRNS during 16-to-8-bit reductions. (Thanks to Matthew Fearnley for the report.) + Added support for compressed BMP (incl. PNG-compressed BMP, you bet!) + Improved the speed of reading raw PNM files. + Recognized PNG digital signatures (dSIG) and disabled optimization in their presence, to preserve their integrity. + Allowed the user to enforce the optimization of dSIG'ed files. + Recognized APNG animation files and disabled reductions to preserve their integrity. + Added the -snip option, to allow the user to "snip" one image out of a multi-image file, such as animated GIF, multi-page TIFF, or APNG. (Thanks to [LaughingMan] for the suggestion.) + Improved recovery of PNG files with incomplete IDAT. ! Fixed behavior of -out and -dir when the input is already optimized. (Thanks to Christian Davideck for the report.) * Provided more detailed image information at the start of processing. * Provided a more detailed summary at the end of processing, under the presence of the -v option and/or the occurence of exceptional events. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 12 2008 Till Maas <[EMAIL PROTECTED]> - 0.6.2-1 - Update to new release to fix buffer overflow - Red Hat Bugzilla #471206 * Thu Aug 28 2008 Ville Skyttä <ville.skytta at iki.fi> - 0.6.1-1 - 0.6.1. -------------------------------------------------------------------------------- References: [ 1 ] Bug #471206 - OptiPNG: Buffer overflow in BMP image handling reader https://bugzilla.redhat.com/show_bug.cgi?id=471206 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update optipng' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce