commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2019-04-18 13:57:46
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new.5536 (New)
Package is "libpng16"
Thu Apr 18 13:57:46 2019 rev:42 rq:694940 version:1.6.37
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2019-02-04
21:24:21.295611170 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new.5536/libpng16.changes
2019-04-18 13:58:13.627991261 +0200
@@ -1,0 +2,20 @@
+Wed Apr 17 06:29:11 UTC 2019 - pgaj...@suse.com
+
+- make check actually works under asan
+
+---
+Mon Apr 15 15:02:33 UTC 2019 - pgaj...@suse.com
+
+- version update to 1.6.37
+ Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.
+ Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette.
+ Fixed a memory leak in pngtest.c.
+ Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in
+contrib/pngminus; refactor.
+ Changed the license of contrib/pngminus to MIT; refresh makefile and docs.
+(Contributed by Willem van Schaik)
+ Added makefiles for AddressSanitizer-enabled builds.
+- deleted patches
+ - libpng-arm-free.patch (upstreamed)
+
+---
Old:
libpng-1.6.36.tar.xz
libpng-arm-free.patch
New:
libpng-1.6.37.tar.xz
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.sRYUi0/_old 2019-04-18 13:58:14.291991482 +0200
+++ /var/tmp/diff_new_pack.sRYUi0/_new 2019-04-18 13:58:14.291991482 +0200
@@ -21,7 +21,7 @@
%define major 1
%define minor 6
-%define micro 36
+%define micro 37
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
%define debug_package_requires %{libname} = %{version}-%{release}
@@ -32,7 +32,6 @@
License:Zlib
Group: Development/Libraries/C and C++
Url:http://www.libpng.org/pub/png/libpng.html
-Patch0: libpng-arm-free.patch
Source0:
http://prdownloads.sourceforge.net/libpng/libpng-%{version}.tar.xz
Source2:libpng16.keyring
Source3:rpm-macros.libpng-tools
@@ -98,7 +97,6 @@
%prep
%setup -q -n libpng-%{version}
-%patch0 -p1
%build
# PNG_SAFE_LIMITS_SUPPORTED:
http://www.openwall.com/lists/oss-security/2015/01/10/1
@@ -116,10 +114,6 @@
make %{?_smp_mflags}
%check
-%if %{asan_build}
-# ASAN needs /proc to be mounted
-exit 0
-%endif
make -j1 check
%install
++ libpng-1.6.36.tar.xz -> libpng-1.6.37.tar.xz ++
3105 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2019-02-04 21:24:19
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new.28833 (New)
Package is "libpng16"
Mon Feb 4 21:24:19 2019 rev:41 rq:669458 version:1.6.36
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2019-01-03
18:05:25.760204290 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new.28833/libpng16.changes
2019-02-04 21:24:21.295611170 +0100
@@ -1,0 +2,12 @@
+Mon Jan 28 11:43:05 UTC 2019 - Petr Gajdos
+
+- fix arm build [bsc#1121829]
+ + libpng-arm-free.patch
+
+---
+Mon Jan 14 13:11:39 UTC 2019 - Petr Gajdos
+
+- asan_build: build ASAN included
+- debug_build: build more suitable for debugging, install pngcp
+
+---
New:
libpng-arm-free.patch
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.s4g5Jz/_old 2019-02-04 21:24:21.919611016 +0100
+++ /var/tmp/diff_new_pack.s4g5Jz/_new 2019-02-04 21:24:21.919611016 +0100
@@ -1,7 +1,7 @@
#
# spec file for package libpng16
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,7 +16,9 @@
#
-#
+%define debug_build 0
+%define asan_build 0
+
%define major 1
%define minor 6
%define micro 36
@@ -30,6 +32,7 @@
License:Zlib
Group: Development/Libraries/C and C++
Url:http://www.libpng.org/pub/png/libpng.html
+Patch0: libpng-arm-free.patch
Source0:
http://prdownloads.sourceforge.net/libpng/libpng-%{version}.tar.xz
Source2:libpng16.keyring
Source3:rpm-macros.libpng-tools
@@ -95,17 +98,28 @@
%prep
%setup -q -n libpng-%{version}
+%patch0 -p1
%build
# PNG_SAFE_LIMITS_SUPPORTED:
http://www.openwall.com/lists/oss-security/2015/01/10/1
export CFLAGS="%{optflags} -O3 -DPNG_SAFE_LIMITS_SUPPORTED
-DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)"
export LDFLAGS="-Wl,-z,relro,-z,now"
-
+%if %{debug_build}
+export CFLAGS="$CFLAGS -Og"
+%endif
%configure \
--disable-static
+%if %{asan_build}
+sed -i -e 's/^\(CFLAGS.*\)$/\1 -fsanitize=address/' \
+ -e 's/\(^LIBS =.*\)/\1 -lasan/' Makefile
+%endif
make %{?_smp_mflags}
%check
+%if %{asan_build}
+# ASAN needs /proc to be mounted
+exit 0
+%endif
make -j1 check
%install
@@ -114,6 +128,9 @@
mkdir -p %{buildroot}%{_sysconfdir}/rpm
cp -a %{SOURCE3} \
%{buildroot}%{_sysconfdir}/rpm/macros.libpng-tools
+%if %{debug_build} ||%{asan_build}
+install -m755 .libs/pngcp %{buildroot}/%{_bindir}
+%endif
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
@@ -140,6 +157,9 @@
%files tools
%{_bindir}/png-fix-itxt
%{_bindir}/pngfix
+%if %{debug_build} || %{asan_build}
+%{_bindir}/pngcp
+%endif
%{_sysconfdir}/rpm/macros.libpng-tools
%changelog
++ libpng-arm-free.patch ++
Index: libpng-1.6.36/pngread.c
===
--- libpng-1.6.36.orig/pngread.c2018-12-01 15:36:00.0 +0100
+++ libpng-1.6.36/pngread.c 2019-01-28 12:41:14.044709070 +0100
@@ -994,6 +994,11 @@ png_read_destroy(png_structrp png_ptr)
png_ptr->chunk_list = NULL;
#endif
+#if PNG_ARM_NEON_IMPLEMENTATION == 1
+ png_free(png_ptr, png_ptr->riffled_palette);
+ png_ptr->riffled_palette = NULL;
+#endif
+
/* NOTE: the 'setjmp' buffer may still be allocated and the memory and error
* callbacks are still set at this point. They are required to complete the
* destruction of the png_struct itself.
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2019-01-03 18:05:24
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new.28833 (New)
Package is "libpng16"
Thu Jan 3 18:05:24 2019 rev:40 rq:662196 version:1.6.36
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2018-08-07
09:39:38.848951417 +0200
+++ /work/SRC/openSUSE:Factory/.libpng16.new.28833/libpng16.changes
2019-01-03 18:05:25.760204290 +0100
@@ -1,0 +2,39 @@
+Mon Dec 31 09:41:53 UTC 2018 - Petr Gajdos
+
+- update to 1.6.36:
+ Replaced the remaining uses of png_size_t with size_t (Cosmin)
+Fixed the calculation of row_factor in png_check_chunk_length
+ (reported by Thuan Pham in SourceForge issue #278)
+Added missing parentheses to a macro definition
+ (suggested by "irwir" in GitHub issue #216)
+Optimized png_do_expand_palette for ARM processors.
+Improved performance by around 10-22% on a recent ARM Chromebook.
+(Contributed by Richard Townsend, ARM Holdings)
+Fixed manipulation of machine-specific optimization options.
+(Contributed by Vicki Pfau)
+Used memcpy instead of manual pointer arithmetic on Intel SSE2.
+(Contributed by Samuel Williams)
+Fixed build errors with MSVC on ARM64.
+(Contributed by Zhijie Liang)
+Fixed detection of libm in CMakeLists.
+(Contributed by Cameron Cawley)
+Fixed incorrect creation of pkg-config file in CMakeLists.
+(Contributed by Kyle Bentley)
+Fixed the CMake build on Windows MSYS by avoiding symlinks.
+Fixed a build warning on OpenBSD.
+(Contributed by Theo Buehler)
+Fixed various typos in comments.
+(Contributed by "luz.paz")
+Raised the minimum required CMake version from 3.0.2 to 3.1.
+Removed yet more of the vestigial support for pre-ANSI C compilers.
+Removed ancient makefiles for ancient systems that have been broken
+across all previous libpng-1.6.x versions.
+Removed the Y2K compliance statement and the export control
+information.
+Applied various code style and documentation fixes.
+- removed patches
+ * libpng16-CVE-2018-13785.patch (upstreamed)
+- cannot find upstream tarball signature, asked upstream for
+ clarification
+
+---
Old:
libpng-1.6.34.tar.xz
libpng-1.6.34.tar.xz.asc
libpng16-CVE-2018-13785.patch
New:
libpng-1.6.36.tar.xz
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.Rj7Bnx/_old 2019-01-03 18:05:26.312203799 +0100
+++ /var/tmp/diff_new_pack.Rj7Bnx/_new 2019-01-03 18:05:26.312203799 +0100
@@ -12,14 +12,14 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
#
%define major 1
%define minor 6
-%define micro 34
+%define micro 36
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
%define debug_package_requires %{libname} = %{version}-%{release}
@@ -30,12 +30,10 @@
License:Zlib
Group: Development/Libraries/C and C++
Url:http://www.libpng.org/pub/png/libpng.html
-Source0:
ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz
-Source1:
ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz.asc
+Source0:
http://prdownloads.sourceforge.net/libpng/libpng-%{version}.tar.xz
Source2:libpng16.keyring
Source3:rpm-macros.libpng-tools
Source4:baselibs.conf
-Patch0: libpng16-CVE-2018-13785.patch
BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: zlib-devel
@@ -97,7 +95,6 @@
%prep
%setup -q -n libpng-%{version}
-%patch0 -p1
%build
# PNG_SAFE_LIMITS_SUPPORTED:
http://www.openwall.com/lists/oss-security/2015/01/10/1
++ libpng-1.6.34.tar.xz -> libpng-1.6.36.tar.xz ++
17721 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2018-08-07 09:39:30
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Tue Aug 7 09:39:30 2018 rev:39 rq:626863 version:1.6.34
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2018-02-09
15:43:22.996359494 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2018-08-07
09:39:38.848951417 +0200
@@ -1,0 +2,7 @@
+Wed Aug 1 08:01:23 UTC 2018 - pgaj...@suse.com
+
+- security update:
+ * CVE-2018-13785 [bsc#1100687]
++ libpng16-CVE-2018-13785.patch
+
+---
New:
libpng16-CVE-2018-13785.patch
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.ZnFKs7/_old 2018-08-07 09:39:40.088953579 +0200
+++ /var/tmp/diff_new_pack.ZnFKs7/_new 2018-08-07 09:39:40.088953579 +0200
@@ -35,6 +35,7 @@
Source2:libpng16.keyring
Source3:rpm-macros.libpng-tools
Source4:baselibs.conf
+Patch0: libpng16-CVE-2018-13785.patch
BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: zlib-devel
@@ -96,6 +97,7 @@
%prep
%setup -q -n libpng-%{version}
+%patch0 -p1
%build
# PNG_SAFE_LIMITS_SUPPORTED:
http://www.openwall.com/lists/oss-security/2015/01/10/1
++ libpng16-CVE-2018-13785.patch ++
Index: libpng-1.6.34/pngrutil.c
===
--- libpng-1.6.34.orig/pngrutil.c 2017-09-29 10:40:57.0 +0200
+++ libpng-1.6.34/pngrutil.c2018-08-01 09:59:02.399741891 +0200
@@ -3149,7 +3149,7 @@ png_check_chunk_length(png_const_structr
{
png_alloc_size_t idat_limit = PNG_UINT_31_MAX;
size_t row_factor =
- (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1)
+ ((size_t)png_ptr->width * (size_t)png_ptr->channels *
(png_ptr->bit_depth > 8? 2: 1)
+ 1 + (png_ptr->interlaced? 6: 0));
if (png_ptr->height > PNG_UINT_32_MAX/row_factor)
idat_limit=PNG_UINT_31_MAX;
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2018-02-09 15:43:21
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Fri Feb 9 15:43:21 2018 rev:38 rq:573091 version:1.6.34
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2018-02-01
21:26:05.706310202 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2018-02-09
15:43:22.996359494 +0100
@@ -1,0 +2,6 @@
+Mon Feb 5 15:35:46 UTC 2018 - pgaj...@suse.com
+
+- %{libname} package provides libpng = %{version} again
+ [bsc#1079342]
+
+---
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.sw0GC0/_old 2018-02-09 15:43:23.768331777 +0100
+++ /var/tmp/diff_new_pack.sw0GC0/_new 2018-02-09 15:43:23.772331633 +0100
@@ -42,6 +42,7 @@
%package -n %{libname}
Summary:Library for the Portable Network Graphics Format (PNG)
Group: System/Libraries
+Provides: libpng = %{version}
%package devel
Summary:Development tools for applications which will use libpng
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2018-02-01 21:26:04 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Thu Feb 1 21:26:04 2018 rev:37 rq:571330 version:1.6.34 Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2017-08-12 19:42:49.729133282 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2018-02-01 21:26:05.706310202 +0100 @@ -1,0 +2,126 @@ +Wed Jan 31 09:57:56 UTC 2018 - pgaj...@suse.com + +- check with -j1 + +--- +Tue Jan 30 21:56:04 UTC 2018 - jeng...@inai.de + +- Fix SRPM group and grammar issues. + +--- +Tue Jan 30 15:32:19 UTC 2018 - pgaj...@suse.com + +- removed obsoleted Obsoletes + +--- +Sun Jan 28 02:00:45 UTC 2018 - avin...@opensuse.org + +- update to 1.6.34: + * Removed contrib/pngsuite/i*.png; some of these were incorrect +and caused test failures. +- includes 1.6.33: + * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added +missing parenthesis in contrib/pngminus/pnm2png.c + * Fixed off-by-one error in png_do_check_palette_indexes() + * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc +to fix shortlived oss-fuzz issue 3234. + * Compute a larger limit on IDAT because some applications write +a deflate buffer for each row + * Use current date (DATE) instead of release-date (RDATE) in last +changed date of contrib/oss-fuzz files. + * Enabled ARM support in CMakeLists.txt + * Fixed incorrect typecast of some arguments to png_malloc() and +png_calloc() that were png_uint_32 instead of png_alloc_size_t + * Use pnglibconf.h.prebuilt when building for ANDROID with cmake + * Initialize memory allocated by png_inflate to zero, using +memset, to stop an oss-fuzz "use of uninitialized value" +detection in png_set_text_2() due to truncated iTXt or zTXt +chunk. + * Initialize memory allocated by png_read_buffer to zero, using +memset, to stop an oss-fuzz "use of uninitialized value" +detection in png_icc_check_tag_table() due to truncated iCCP +chunk. + * Removed redundant tests + * Added an interlaced version of each file in contrib/pngsuite. + * Relocate new memset() call in pngrutil.c + * Add support for loading images with associated alpha in the +Simplified API + * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 +state + * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc + * Add end_info structure and png_read_end() to the libpng fuzzer +- includes 1.6.32: + * Avoid possible NULL dereference in png_handle_eXIf when +benign_errors are allowed. Avoid leaking the input buffer +"eXIf_buf". + * Eliminated png_ptr->num_exif member from pngstruct.h and added +num_exif to arguments for png_get_eXIf() and png_set_eXIf(). + * Added calls to png_handle_eXIf(() in pngread.c and +png_write_eXIf() in pngwrite.c, and made various other fixes +to png_write_eXIf(). + * Changed name of png_get_eXIF and png_set_eXIf() to +png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid +breaking API compatibility with libpng-1.6.31. + * Updated contrib/libtests/pngunknown.c with eXIf chunk. + * Initialized btoa[] in pngstest.c + * Stop memory leak when returning from png_handle_eXIf() with an +error + * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). + * Update libpng.3 and libpng-manual.txt about eXIf functions. + * Restored png_get_eXIf() and png_set_eXIf() to maintain API +compatability. + * Removed png_get_eXIf_1() and png_set_eXIf_1(). + * Check length of all chunks except IDAT against user limit to +fix an OSS-fuzz issue (Fixes CVE-2017-12652) + * Check length of IDAT against maximum possible IDAT size, +accounting for height, rowbytes, interlacing and zlib/deflate +overhead. + * Restored png_get_eXIf_1() and png_set_eXIf_1(), because +strlen(eXIf_buf) does not work (the eXIf chunk data can +contain zeroes). + * Revised symlink creation, no longer using deprecated cmake +LOCATION feature + * Fixed five-byte error in the calculation of IDAT maximum +possible size. + * Moved chunk-length check into a png_check_chunk_length() +private function + * Moved bad pngs from tests to contrib/libtests/crashers + * Moved testing of bad pngs into a separate +tests/pngtest-badpngs script + * Added the --xfail (expected FAIL) option to pngtest.c. It +writes XFAIL in the output but PASS for the libpng test. + * Require cmake-3.0.2 in CMakeLists.txt + * Fix "const" de
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2017-08-12 19:42:48
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Sat Aug 12 19:42:48 2017 rev:36 rq:514898 version:1.6.31
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2017-07-30
11:26:24.945558641 +0200
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2017-08-12
19:42:49.729133282 +0200
@@ -1,0 +2,15 @@
+Mon Aug 7 09:46:11 UTC 2017 - pgaj...@suse.com
+
+- update to 1.6.31:
+ * Guard the definition of _POSIX_SOURCE in pngpriv.h.
+ * Revised pngpriv.h to work around failure to compile
+arm/filter_neon.S.
+ * Added "Requires: zlib" to libpng.pc.in.
+ * Added special case for FreeBSD in arm/filter_neon.S.
+ * Changed "int" to "png_size_t" in intel/filter_sse2.c to prevent
+possible integer overflow.
+ * Added eXIf chunk support.
+- remove upstreamed
+ 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch
+
+---
Old:
0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch
libpng-1.6.30.tar.xz
libpng-1.6.30.tar.xz.asc
New:
libpng-1.6.31.tar.xz
libpng-1.6.31.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.5CKsH7/_old 2017-08-12 19:42:50.533020528 +0200
+++ /var/tmp/diff_new_pack.5CKsH7/_new 2017-08-12 19:42:50.537019967 +0200
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 30
+%define micro 31
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
@@ -35,8 +35,6 @@
Source2:libpng16.keyring
Source3:rpm-macros.libpng-tools
Source4:baselibs.conf
-# PATCH-FIX-UPSTREAM
0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch
stefan.bru...@rwth-aachen.de -- Cherry-pick upstream fix for ARM build, fixed
in 1.6.31
-Patch0: 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch
#BuildRequires: gpg-offline
BuildRequires: libtool
BuildRequires: pkg-config
@@ -111,7 +109,6 @@
%prep
%setup -n libpng-%{version}
-%patch0 -p1
%build
# PNG_SAFE_LIMITS_SUPPORTED:
http://www.openwall.com/lists/oss-security/2015/01/10/1
++ libpng-1.6.30.tar.xz -> libpng-1.6.31.tar.xz ++
2897 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2017-07-30 11:25:32
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Sun Jul 30 11:25:32 2017 rev:35 rq:511589 version:1.6.30
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2017-07-04
11:55:27.962094546 +0200
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2017-07-30
11:26:24.945558641 +0200
@@ -1,0 +2,18 @@
+Wed Jul 19 15:51:28 UTC 2017 - stefan.bru...@rwth-aachen.de
+
+- Drop png-version-info-only.patch, it has no effect after applying
+ 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch
+ Both patches achieve the same, prefer the upstream version
+
+---
+Fri Jul 14 15:57:51 UTC 2017 - stefan.bru...@rwth-aachen.de
+
+- Add 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch
+ Fix build on ARM
+
+---
+Mon Jul 10 15:11:14 UTC 2017 - sch...@suse.de
+
+- png-version-info-only.patch: fix missing PNG_VERSION_INFO_ONLY check
+
+---
New:
0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.aKn9ag/_old 2017-07-30 11:26:25.713450286 +0200
+++ /var/tmp/diff_new_pack.aKn9ag/_new 2017-07-30 11:26:25.717449722 +0200
@@ -35,6 +35,8 @@
Source2:libpng16.keyring
Source3:rpm-macros.libpng-tools
Source4:baselibs.conf
+# PATCH-FIX-UPSTREAM
0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch
stefan.bru...@rwth-aachen.de -- Cherry-pick upstream fix for ARM build, fixed
in 1.6.31
+Patch0: 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch
#BuildRequires: gpg-offline
BuildRequires: libtool
BuildRequires: pkg-config
@@ -109,6 +111,7 @@
%prep
%setup -n libpng-%{version}
+%patch0 -p1
%build
# PNG_SAFE_LIMITS_SUPPORTED:
http://www.openwall.com/lists/oss-security/2015/01/10/1
++ 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch ++
>From 3f67eb68e05ae87ec985f413b97b4cdd2922533d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20Br=C3=83=C2=BCns?=
Date: Fri, 14 Jul 2017 17:53:43 +0200
Subject: [PATCH] [libpng16] Revised pngpriv.h to use PNG_VERSION_INFO_ONLY
instead of
PNG_ARM_NEON_IMPLEMENTATION == 2 to exclude some definitions that assembler
cannot recognize.
[SBruens] Cherry-picked from 54126d5c59653e744ee8af81ba61fd910ce4d295,
removed merge conflicts.
---
pngpriv.h | 29 +++--
1 file changed, 15 insertions(+), 14 deletions(-)
diff --git a/pngpriv.h b/pngpriv.h
index a062a8da1..f50de2b86 100644
--- a/pngpriv.h
+++ b/pngpriv.h
@@ -452,6 +452,21 @@
# define png_fixed_error(s1,s2) png_err(s1)
#endif
+/* Some fixed point APIs are still required even if not exported because
+ * they get used by the corresponding floating point APIs. This magic
+ * deals with this:
+ */
+#ifdef PNG_FIXED_POINT_SUPPORTED
+# define PNGFAPI PNGAPI
+#else
+# define PNGFAPI /* PRIVATE */
+#endif
+
+#ifndef PNG_VERSION_INFO_ONLY
+/* Other defines specific to compilers can go here. Try to keep
+ * them inside an appropriate ifdef/endif pair for portability.
+ */
+
/* C allows up-casts from (void*) to any pointer and (const void*) to any
* pointer to a const object. C++ regards this as a type error and requires an
* explicit, static, cast and provides the static_cast<> rune to ensure that
@@ -480,20 +495,6 @@
# define png_aligncastconst(type, value) ((const void*)(value))
#endif /* __cplusplus */
-/* Some fixed point APIs are still required even if not exported because
- * they get used by the corresponding floating point APIs. This magic
- * deals with this:
- */
-#ifdef PNG_FIXED_POINT_SUPPORTED
-# define PNGFAPI PNGAPI
-#else
-# define PNGFAPI /* PRIVATE */
-#endif
-
-#ifndef PNG_VERSION_INFO_ONLY
-/* Other defines specific to compilers can go here. Try to keep
- * them inside an appropriate ifdef/endif pair for portability.
- */
#if defined(PNG_FLOATING_POINT_SUPPORTED) ||\
defined(PNG_FLOATING_ARITHMETIC_SUPPORTED)
/* png.c requires the following ANSI-C constants if the conversion of
--
2.13.2
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2017-07-04 11:55:09
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Tue Jul 4 11:55:09 2017 rev:34 rq:507405 version:1.6.30
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2017-03-21
22:45:00.537294322 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2017-07-04
11:55:27.962094546 +0200
@@ -1,0 +2,16 @@
+Fri Jun 30 15:48:21 UTC 2017 - pgaj...@suse.com
+
+- update to 1.6.30:
+ Revised documentation of png_get_error_ptr() in the libpng manual.
+ Document need to check for integer overflow when allocating a pixel
+buffer for multiple rows in contrib/gregbook, contrib/pngminus,
+example.c, and in the manual (suggested by Jaeseung Choi). This
+is similar to the bug reported against pngquant in CVE-2016-5735.
+ Check for integer overflow in contrib/visupng and contrib/tools/genpng.
+ Do not double evaluate CMAKE_SYSTEM_PROCESSOR in CMakeLists.txt.
+ Avoid writing an empty IDAT when the last IDAT exactly fills the
+compression buffer (bug report by Brian Baird). This bug was
+introduced in libpng-1.6.0.
+ Add a reference to the libpng.download site in README.
+
+---
Old:
libpng-1.6.29.tar.xz
libpng-1.6.29.tar.xz.asc
New:
libpng-1.6.30.tar.xz
libpng-1.6.30.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.SOfxdO/_old 2017-07-04 11:55:28.649997739 +0200
+++ /var/tmp/diff_new_pack.SOfxdO/_new 2017-07-04 11:55:28.653997176 +0200
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 29
+%define micro 30
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
++ libpng-1.6.29.tar.xz -> libpng-1.6.30.tar.xz ++
2285 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2017-03-21 22:44:49
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Tue Mar 21 22:44:49 2017 rev:33 rq:480726 version:1.6.29
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2017-01-10
10:37:58.525909092 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2017-03-21
22:45:00.537294322 +0100
@@ -1,0 +2,10 @@
+Thu Mar 16 20:21:47 UTC 2017 - pgaj...@suse.com
+
+- update to 1.6.29:
+ Moved SSE2 optimization code into the main libpng source directory.
+Configure libpng with "configure --enable-intel-sse" or compile
+libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it.
+ Added code for PowerPC VSX optimisation (Vadim Barkov).
+ Avoid potential overflow of shift operations in png_do_expand() (Aaron
Boxer).
+
+---
Old:
libpng-1.6.28.tar.xz
libpng-1.6.28.tar.xz.asc
New:
libpng-1.6.29.tar.xz
libpng-1.6.29.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.McQpze/_old 2017-03-21 22:45:01.269190850 +0100
+++ /var/tmp/diff_new_pack.McQpze/_new 2017-03-21 22:45:01.269190850 +0100
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 28
+%define micro 29
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
++ libpng-1.6.28.tar.xz -> libpng-1.6.29.tar.xz ++
4067 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2016-10-23 12:49:58
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2016-09-07
11:40:59.0 +0200
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2016-10-23
12:49:59.0 +0200
@@ -1,0 +2,23 @@
+Thu Oct 20 06:12:20 UTC 2016 - pgaj...@suse.com
+
+- update to 1.6.26:
+ Fixed handling zero length IDAT in pngfix (bug report by Agostino Sarubbo,
+bugfix by John Bowler).
+ Do not issue a png_error() on read in png_set_pCAL() because
+png_handle_pCAL has allocated memory that libpng needs to free.
+ Issue a png_benign_error instead of a png_error on ADLER32 mismatch
+while decoding compressed data chunks.
+ Changed PNG_ZLIB_VERNUM to ZLIB_VERNUM in pngpriv.h, pngstruct.h, and
+pngrutil.c.
+ If CRC handling of critical chunks has been set to PNG_CRC_QUIET_USE,
+ignore the ADLER32 checksum in the IDAT chunk as well as the chunk CRCs.
+ Issue png_benign_error() on ADLER32 checksum mismatch instead of
+png_error().
+ Updated the documentation about CRC and ADLER32 handling.
+ Fixed offsets in contrib/intel/intel_sse.patch
+ Changed integer constant 4294967294 to unsigned 4294967294U in pngconf.h
+to avoid a signed/unsigned compare in the preprocessor.
+ Use zlib-1.2.8.1 inflateValidate() instead of inflateReset2() to
+optionally avoid ADLER32 evaluation.
+
+---
Old:
libpng-1.6.25.tar.xz
libpng-1.6.25.tar.xz.asc
New:
libpng-1.6.26.tar.xz
libpng-1.6.26.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.PwvH0T/_old 2016-10-23 12:50:00.0 +0200
+++ /var/tmp/diff_new_pack.PwvH0T/_new 2016-10-23 12:50:00.0 +0200
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 25
+%define micro 26
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
++ libpng-1.6.25.tar.xz -> libpng-1.6.26.tar.xz ++
3194 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2016-09-07 11:40:56
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2016-08-06
20:36:11.0 +0200
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2016-09-07
11:40:59.0 +0200
@@ -1,0 +2,9 @@
+Thu Sep 1 08:37:41 UTC 2016 - pgaj...@suse.com
+
+- update to 1.6.25:
+ Reject oversized iCCP profile immediately.
+ Conditionally compile png_inflate().
+ Don't install pngcp; it conflicts with pngcp in the pngtools package.
+ Added MIPS support (Mandar Sahastrabuddhe <
+
+---
Old:
libpng-1.6.24.tar.xz
libpng-1.6.24.tar.xz.asc
New:
libpng-1.6.25.tar.xz
libpng-1.6.25.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.8lUVoZ/_old 2016-09-07 11:41:00.0 +0200
+++ /var/tmp/diff_new_pack.8lUVoZ/_new 2016-09-07 11:41:00.0 +0200
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 24
+%define micro 25
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
@@ -159,7 +159,6 @@
%defattr(-,root,root)
%{_bindir}/png-fix-itxt
%{_bindir}/pngfix
-%{_bindir}/pngcp
%{_sysconfdir}/rpm/macros.libpng-tools
%changelog
++ libpng-1.6.24.tar.xz -> libpng-1.6.25.tar.xz ++
2969 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2016-08-06 20:36:09
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2016-05-29
03:06:46.0 +0200
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2016-08-06
20:36:11.0 +0200
@@ -1,0 +2,27 @@
+Thu Aug 4 06:20:53 UTC 2016 - pgaj...@suse.com
+
+- update to 1.6.24:
+ Avoid potential overflow of the PNG_IMAGE_SIZE macro.
+ Correct filter heuristic overflow handling.
+ Use a more efficient absolute value calculation on SSE2.
+ Added pngcp.
+ etc. see ANNOUNCE
+
+---
+Wed Aug 3 22:30:08 UTC 2016 - r...@fthiessen.de
+
+- Update to new upstream release 1.6.23
+ * Fixes a potential memleak in png_set_tRNS.
+ * Fixed the progressive reader to handle empty first IDAT
+chunk properly.
+ * Added tests in pngvalid.c to check zero-length IDAT chunks
+in various positions.
+ * Fixed the sequential reader to handle these more robustly.
+ * Corrected progressive read input buffer in pngvalid.c.
+ * Moved sse2 prototype from pngpriv.h to
+contrib/intel/intel_sse.patch.
+ * Fixed undefined behavior in png_push_save_buffer().
+Do not call memcpy() with a null source, even if count is zero.
+ * Fixed bad link to RFC2083 in png.5.
+
+---
Old:
libpng-1.6.22.tar.xz
libpng-1.6.22.tar.xz.asc
New:
libpng-1.6.24.tar.xz
libpng-1.6.24.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.1sDV58/_old 2016-08-06 20:36:12.0 +0200
+++ /var/tmp/diff_new_pack.1sDV58/_new 2016-08-06 20:36:12.0 +0200
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 22
+%define micro 24
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
@@ -159,6 +159,7 @@
%defattr(-,root,root)
%{_bindir}/png-fix-itxt
%{_bindir}/pngfix
+%{_bindir}/pngcp
%{_sysconfdir}/rpm/macros.libpng-tools
%changelog
++ libpng-1.6.22.tar.xz -> libpng-1.6.24.tar.xz ++
11151 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2016-05-29 03:06:45
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2016-01-23
01:16:02.0 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2016-05-29
03:06:46.0 +0200
@@ -1,0 +2,23 @@
+Thu May 26 14:55:11 UTC 2016 - pgaj...@suse.com
+
+- update to 1.6.22:
+ Added a png_image_write_to_memory() API and a number of assist macros
+to allow an application that uses the simplified API write to bypass
+stdio and write directly to memory.
+ Relaxed limit checks on gamma values in pngrtran.c. As suggested in
+the comments gamma values outside the range currently permitted
+by png_set_alpha_mode are useful for HDR data encoding. These values
+are already permitted by png_set_gamma so it is reasonable caution to
+extend the png_set_alpha_mode range as HDR imaging systems are starting
+to emerge.
+ Restored "& 0xff" in png_save_uint_16() and png_save_uint_32() that
+were accidentally removed from libpng-1.6.17.
+ Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0x to 0xU in png.h
+(Robert C. Seacord).
+ Added INTEL-SSE2 support (Mike Klein and Matt Sarett, Google, Inc.).
+ SSE filter speed improvements for bpp=3:
+memcpy-free implementations of load3() / store3().
+ Added PNG_FAST_FILTERS macro (defined as
+PNG_FILTER_NONE|PNG_FILTER_SUB|PNG_FILTER_UP).
+
+---
Old:
libpng-1.6.21.tar.xz
libpng-1.6.21.tar.xz.asc
New:
libpng-1.6.22.tar.xz
libpng-1.6.22.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.dPzaPW/_old 2016-05-29 03:06:47.0 +0200
+++ /var/tmp/diff_new_pack.dPzaPW/_new 2016-05-29 03:06:47.0 +0200
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 21
+%define micro 22
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
++ libpng-1.6.21.tar.xz -> libpng-1.6.22.tar.xz ++
5537 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2016-01-23 01:16:00
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2015-12-09
19:33:26.0 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2016-01-23
01:16:02.0 +0100
@@ -1,0 +2,13 @@
+Sun Jan 17 14:10:43 UTC 2016 - jeng...@inai.de
+
+- Update to new upstream release 1.6.21
+* Widened the 'limit' check on the internally calculated error limits in
+ the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error
+ checks) and changed the check to only operate in non-release builds
+ (base build type not RC or RELEASE.)
+* Fixed undefined behavior in pngvalid.c, undefined because
+ (png_byte) << shift is undefined if it changes the signed bit
+ (because png_byte is promoted to int). The libpng exported functions
+ png_get_uint_32 and png_get_uint_16 handle this.
+
+---
Old:
libpng-1.6.20.tar.xz
libpng-1.6.20.tar.xz.asc
New:
libpng-1.6.21.tar.xz
libpng-1.6.21.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.E1qewa/_old 2016-01-23 01:16:03.0 +0100
+++ /var/tmp/diff_new_pack.E1qewa/_new 2016-01-23 01:16:03.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package libpng16
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 20
+%define micro 21
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
@@ -43,7 +43,6 @@
%define debug_package_requires %{libname} = %{version}-%{release}
%package -n %{libname}
-
Summary:Library for the Portable Network Graphics Format (PNG)
Group: System/Libraries
# bug437293
++ libpng-1.6.20.tar.xz -> libpng-1.6.21.tar.xz ++
2063 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2015-12-09 19:33:24
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2015-11-17
14:21:26.0 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2015-12-09
19:33:26.0 +0100
@@ -1,0 +2,24 @@
+Thu Dec 3 15:11:03 UTC 2015 - pgaj...@suse.com
+
+- update to 1.6.20:
+ Avoid potential pointer overflow/underflow in png_handle_sPLT() and
+png_handle_pCAL() (Bug report by John Regehr).
+ Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
+not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
+vulnerability.
+ Backported tests from libpng-1.7.0beta69.
+ Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
+American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't
+immediately fault a bad CMINFO field; instead a 'too far back' error
+happens later (at least some times). pngfix failed to limit CMINFO to
+the allowed values but then assumed that window_bits was in range,
+triggering an assert. The bug is mostly harmless; the PNG file cannot
+be fixed.
+ In libpng 1.6 zlib initialization was changed to use the window size
+in the zlib stream, not a fixed value. This causes some invalid images,
+where CINFO is too large, to display 'correctly' if the rest of the
+data is valid. This provides a workaround for zlib versions where the
+error arises (ones that support the API change to use the window size
+in the stream).
+
+---
Old:
libpng-1.6.19.tar.xz
libpng-1.6.19.tar.xz.asc
New:
libpng-1.6.20.tar.xz
libpng-1.6.20.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.AeguT0/_old 2015-12-09 19:33:27.0 +0100
+++ /var/tmp/diff_new_pack.AeguT0/_new 2015-12-09 19:33:27.0 +0100
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 19
+%define micro 20
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
++ libpng-1.6.19.tar.xz -> libpng-1.6.20.tar.xz ++
2680 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2015-11-17 14:21:24
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2015-08-17
17:26:08.0 +0200
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2015-11-17
14:21:26.0 +0100
@@ -1,0 +2,13 @@
+Fri Nov 13 07:25:01 UTC 2015 - pgaj...@suse.com
+
+- update to 1.6.19:
+ Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
+ Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
+ Fixed the recently reported 1's complement security issue.
+ Fixed png_save_int_32 when int is not 2's complement by replacing
+the value that is illegal in the PNG spec, in both signed and
+unsigned values, with 0.
+ etc., see ANNOUNCE and CHANGES for details
+- removed: libpng-rgb_to_gray-checks.patch (upstreamed)
+
+---
Old:
libpng-1.6.17.tar.xz
libpng-1.6.17.tar.xz.asc
libpng-rgb_to_gray-checks.patch
New:
libpng-1.6.19.tar.xz
libpng-1.6.19.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.Le2SC7/_old 2015-11-17 14:21:27.0 +0100
+++ /var/tmp/diff_new_pack.Le2SC7/_new 2015-11-17 14:21:27.0 +0100
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 17
+%define micro 19
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
@@ -35,7 +35,6 @@
Source2:libpng16.keyring
Source3:rpm-macros.libpng-tools
Source4:baselibs.conf
-Patch0: libpng-rgb_to_gray-checks.patch
#BuildRequires: gpg-offline
BuildRequires: libtool
BuildRequires: pkg-config
@@ -111,7 +110,6 @@
%prep
%setup -n libpng-%{version}
-%patch0
%build
# PNG_SAFE_LIMITS_SUPPORTED:
http://www.openwall.com/lists/oss-security/2015/01/10/1
++ libpng-1.6.17.tar.xz -> libpng-1.6.19.tar.xz ++
15684 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2015-08-17 17:26:07
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2015-04-07
09:27:44.0 +0200
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2015-08-17
17:26:08.0 +0200
@@ -1,0 +2,5 @@
+Fri Aug 7 14:19:31 UTC 2015 - pgaj...@suse.com
+
+- drop unknown configure switch
+
+---
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.yr8XhY/_old 2015-08-17 17:26:09.0 +0200
+++ /var/tmp/diff_new_pack.yr8XhY/_new 2015-08-17 17:26:09.0 +0200
@@ -119,8 +119,7 @@
export LDFLAGS="-Wl,-z,relro,-z,now"
%configure \
- --disable-static \
- --with-libpng-compat=no
+ --disable-static
make %{?_smp_mflags}
%check
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2015-04-07 09:27:42
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2015-01-23
16:19:00.0 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2015-04-07
09:27:44.0 +0200
@@ -1,0 +2,37 @@
+Wed Apr 1 11:07:11 UTC 2015 - pgaj...@suse.com
+
+- Fixed rgb_to_gray checks and added tRNS checks to pngvalid.c.
+ + libpng-rgb_to_gray-checks.patch
+
+---
+Mon Mar 30 07:10:35 UTC 2015 - pgaj...@suse.com
+
+- updated to 1.6.17:
+ Corrected the width limit calculation in png_check_IHDR().
+ Removed user limits from pngfix. Also pass NULL pointers to
+png_read_row to skip the unnecessary row de-interlace stuff.
+ Implement previously untested cases of libpng transforms in pngvalid.c
+ Fixed byte order in 2-byte filler, in png_do_read_filler().
+ Made the check for out-of-range values in png_set_tRNS() detect
+values that are exactly 2^bit_depth, and work on 16-bit platforms.
+ Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47.
+ Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and
+pngset.c to avoid warnings about dead code.
+ Do not build png_product2() when it is unused.
+ Display user limits in the output from pngtest.
+ Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column
+and 1-million-row default limits in pnglibconf.dfa, that can be reset
+by the user at build time or run time. This provides a more robust
+defense against DOS and as-yet undiscovered overflows.
+ Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default.
+ Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins).
+ Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block
+of png.h.
+ Free the unknown_chunks structure even when it contains no data.
+ Fixed simplified 8-bit-linear to sRGB alpha. The calculated alpha
+value was wrong. It's not clear if this affected the final stored
+value; in the obvious code path the upper and lower 8-bits of the
+alpha value were identical and the alpha was truncated to 8-bits
+rather than dividing by 257 (John Bowler).
+
+---
Old:
libpng-1.6.16.tar.xz
libpng-1.6.16.tar.xz.asc
New:
libpng-1.6.17.tar.xz
libpng-1.6.17.tar.xz.asc
libpng-rgb_to_gray-checks.patch
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.405p7p/_old 2015-04-07 09:27:44.0 +0200
+++ /var/tmp/diff_new_pack.405p7p/_new 2015-04-07 09:27:44.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package libpng16
#
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 16
+%define micro 17
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
@@ -35,6 +35,7 @@
Source2:libpng16.keyring
Source3:rpm-macros.libpng-tools
Source4:baselibs.conf
+Patch0: libpng-rgb_to_gray-checks.patch
#BuildRequires: gpg-offline
BuildRequires: libtool
BuildRequires: pkg-config
@@ -110,6 +111,7 @@
%prep
%setup -n libpng-%{version}
+%patch0
%build
# PNG_SAFE_LIMITS_SUPPORTED:
http://www.openwall.com/lists/oss-security/2015/01/10/1
++ libpng-1.6.16.tar.xz -> libpng-1.6.17.tar.xz ++
26136 lines of diff (skipped)
++ libpng-rgb_to_gray-checks.patch ++
855 lines (skipped)
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2015-01-23 16:18:57
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2015-01-09
01:11:21.0 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2015-01-23
16:19:00.0 +0100
@@ -1,0 +2,5 @@
+Tue Jan 13 16:53:06 UTC 2015 - pgaj...@suse.com
+
+- build with PNG_SAFE_LIMITS_SUPPORTED [bnc#912076], [bnc#912929]
+
+---
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.e8QHtm/_old 2015-01-23 16:19:01.0 +0100
+++ /var/tmp/diff_new_pack.e8QHtm/_new 2015-01-23 16:19:01.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package libpng16
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -112,7 +112,8 @@
%setup -n libpng-%{version}
%build
-export CFLAGS="%optflags -O3 -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)"
+# PNG_SAFE_LIMITS_SUPPORTED:
http://www.openwall.com/lists/oss-security/2015/01/10/1
+export CFLAGS="%optflags -O3 -DPNG_SAFE_LIMITS_SUPPORTED
-DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)"
export LDFLAGS="-Wl,-z,relro,-z,now"
%configure \
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2015-01-08 23:20:07
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2014-11-24
11:13:25.0 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2015-01-09
01:11:21.0 +0100
@@ -1,0 +2,8 @@
+Mon Dec 29 14:25:02 UTC 2014 - pgaj...@suse.com
+
+- updated to 1.6.16:
+ * Restored a test on width that was removed from png.c at libpng-1.6.9
+(Bug report by Alex Eubanks).
+ * Fixed an overflow in png_combine_row with very wide interlaced images.
+
+---
Old:
libpng-1.6.15.tar.xz
libpng-1.6.15.tar.xz.asc
New:
libpng-1.6.16.tar.xz
libpng-1.6.16.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.9BgWkf/_old 2015-01-09 01:11:22.0 +0100
+++ /var/tmp/diff_new_pack.9BgWkf/_new 2015-01-09 01:11:22.0 +0100
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 15
+%define micro 16
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
++ libpng-1.6.15.tar.xz -> libpng-1.6.16.tar.xz ++
1730 lines of diff (skipped)
retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libpng-1.6.15/ANNOUNCE new/libpng-1.6.16/ANNOUNCE
--- old/libpng-1.6.15/ANNOUNCE 2014-11-20 16:33:23.0 +0100
+++ new/libpng-1.6.16/ANNOUNCE 2014-12-22 04:08:07.0 +0100
@@ -1,4 +1,4 @@
-Libpng 1.6.15 - November 20, 2014
+Libpng 1.6.16 - December 22, 2014
This is a public release of libpng, intended for use in production codes.
@@ -7,55 +7,30 @@
Source files with LF line endings (for Unix/Linux) and with a
"configure" script
- libpng-1.6.15.tar.xz (LZMA-compressed, recommended)
- libpng-1.6.15.tar.gz
+ libpng-1.6.16.tar.xz (LZMA-compressed, recommended)
+ libpng-1.6.16.tar.gz
Source files with CRLF line endings (for Windows), without the
"configure" script
- lpng1615.7z (LZMA-compressed, recommended)
- lpng1615.zip
+ lpng1616.7z (LZMA-compressed, recommended)
+ lpng1616.zip
Other information:
- libpng-1.6.15-README.txt
- libpng-1.6.15-LICENSE.txt
- libpng-1.6.15-*.asc (armored detached GPG signatures)
-
-Changes since the last public release (1.6.14):
- Changed "if (!x)" to "if (x == 0)" and "if (x)" to "if (x != 0)"
- Simplified png_free_data().
- Added missing "ptr = NULL" after some instances of png_free().
- Made a one-line revision to configure.ac to support ARM on aarch64
-(bug report by Marcin Juszkiewicz, fix by John Bowler).
- Avoid out-of-bounds memory access in png_user_version_check().
- Simplified and future-proofed png_user_version_check().
- Fixed GCC unsigned int->float warnings. Various versions of GCC
-seem to generate warnings when an unsigned value is implicitly
-converted to double. This is probably a GCC bug but this change
-avoids the issue by explicitly converting to (int) where safe.
- Free all allocated memory in pngimage. The file buffer cache was left
-allocated at the end of the program, harmless but it causes memory
-leak reports from clang.
- Fixed array size calculations to avoid warnings. At various points
-in the code the number of elements in an array is calculated using
-sizeof. This generates a compile time constant of type (size_t) which
-is then typically assigned to an (unsigned int) or (int). Some versions
-of GCC on 64-bit systems warn about the apparent narrowing, even though
-the same compiler does apparently generate the correct, in-range,
-numeric constant. This adds appropriate, safe, casts to make the
-warnings go away.
- Removed #ifdef PNG_16BIT_SUPPORTED/#endif around png_product2(); it is
-needed by png_reciprocal2().
- Added #ifdef PNG_16BIT_SUPPORTED/#endif around png_log16bit() and
-png_do_swap().
- Changed all "#endif /* PNG_FEATURE_SUPPORTED */" to "#endif /* FEATURE */"
- The macros passed in the command line to Borland make were ignored if
-similarly-named macros were already defined in makefiles. This behavior
-is different from POSIX make and other make programs. Surround the
-macro definitions with ifndef guards (Cosmin).
- Added "-D
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2014-11-24 11:13:17
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2014-08-28
10:01:56.0 +0200
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2014-11-24
11:13:25.0 +0100
@@ -1,0 +2,10 @@
+Thu Nov 20 20:06:41 UTC 2014 - pgaj...@suse.com
+
+- updated to 1.6.15:
+ * Avoid out-of-bounds memory access in png_user_version_check().
+ * Fixed incorrect handling of the iTXt compression.
+ * Free all allocated memory in pngimage.
+ * Fixed array size calculations to avoid warnings.
+ etc. see ANNOUNCE
+
+---
Old:
libpng-1.6.13.tar.xz
libpng-1.6.13.tar.xz.asc
New:
libpng-1.6.15.tar.xz
libpng-1.6.15.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.D9Kx4b/_old 2014-11-24 11:13:26.0 +0100
+++ /var/tmp/diff_new_pack.D9Kx4b/_new 2014-11-24 11:13:26.0 +0100
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 13
+%define micro 15
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
++ libpng-1.6.13.tar.xz -> libpng-1.6.15.tar.xz ++
10470 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2014-08-28 10:01:53
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2014-06-18
07:50:28.0 +0200
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2014-08-28
10:01:56.0 +0200
@@ -1,0 +2,6 @@
+Fri Aug 22 05:55:11 UTC 2014 - pgaj...@suse.com
+
+- updated to 1.6.13: a "cleanup" release that have no security
+ fixes or new features.
+
+---
Old:
libpng-1.6.12.tar.xz
libpng-1.6.12.tar.xz.asc
New:
libpng-1.6.13.tar.xz
libpng-1.6.13.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.rsTGmW/_old 2014-08-28 10:01:57.0 +0200
+++ /var/tmp/diff_new_pack.rsTGmW/_new 2014-08-28 10:01:57.0 +0200
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 12
+%define micro 13
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
++ libpng-1.6.12.tar.xz -> libpng-1.6.13.tar.xz ++
2415 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2014-06-18 07:49:36
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2014-03-05
15:36:32.0 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2014-06-18
07:50:28.0 +0200
@@ -1,0 +2,14 @@
+Thu Jun 12 05:38:48 UTC 2014 - pgaj...@suse.com
+
+- updated to 1.6.12:
+ * bugfixes, almost build-related only
+
+---
+Fri Jun 6 06:19:35 UTC 2014 - pgaj...@suse.com
+
+- updated to 1.6.11:
+ * fixed CVE-2014-0333
+ * other bugfixes
+- removed libpng16-1.6.9-CVE-2014-0333.patch (upstreamed)
+
+---
Old:
libpng-1.6.9.tar.xz
libpng-1.6.9.tar.xz.asc
libpng16-1.6.9-CVE-2014-0333.patch
New:
libpng-1.6.12.tar.xz
libpng-1.6.12.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.idW4A3/_old 2014-06-18 07:50:29.0 +0200
+++ /var/tmp/diff_new_pack.idW4A3/_new 2014-06-18 07:50:29.0 +0200
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 9
+%define micro 12
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
@@ -35,7 +35,6 @@
Source2:libpng16.keyring
Source3:rpm-macros.libpng-tools
Source4:baselibs.conf
-Patch0: libpng16-1.6.9-CVE-2014-0333.patch
#BuildRequires: gpg-offline
BuildRequires: libtool
BuildRequires: pkg-config
@@ -111,7 +110,6 @@
%prep
%setup -n libpng-%{version}
-%patch0
%build
export CFLAGS="%optflags -O3 -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)"
++ libpng-1.6.9.tar.xz -> libpng-1.6.12.tar.xz ++
9462 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2014-03-05 15:36:32
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2014-02-09
13:17:54.0 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2014-03-05
15:36:32.0 +0100
@@ -1,0 +2,8 @@
+Tue Mar 4 09:58:48 UTC 2014 - pgaj...@suse.com
+
+- fixed CVE-2014-0333 [bnc#866298]
+
+- added patches:
+ * libpng16-1.6.6-CVE-2014-0333.patch
+
+---
New:
libpng16-1.6.9-CVE-2014-0333.patch
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.Xmox17/_old 2014-03-05 15:36:33.0 +0100
+++ /var/tmp/diff_new_pack.Xmox17/_new 2014-03-05 15:36:33.0 +0100
@@ -35,6 +35,7 @@
Source2:libpng16.keyring
Source3:rpm-macros.libpng-tools
Source4:baselibs.conf
+Patch0: libpng16-1.6.9-CVE-2014-0333.patch
#BuildRequires: gpg-offline
BuildRequires: libtool
BuildRequires: pkg-config
@@ -110,6 +111,7 @@
%prep
%setup -n libpng-%{version}
+%patch0
%build
export CFLAGS="%optflags -O3 -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)"
++ libpng16-1.6.9-CVE-2014-0333.patch ++
http://sourceforge.net/p/libpng/code/ci/713a20c57d344b558e48ad8be157c2dd751c8815/tree/pngpread.c?diff=4526f546baea7f73097529cb66feb4dbc8da2752
--- pngpread.c
+++ pngpread.c
@@ -234,6 +234,7 @@
png_error(png_ptr, "Missing PLTE before IDAT");
png_ptr->mode |= PNG_HAVE_IDAT;
+ png_ptr->process_mode = PNG_READ_IDAT_MODE;
if (!(png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT))
if (png_ptr->push_length == 0)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2014-02-09 13:17:51
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-12-30
10:08:41.0 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2014-02-09
13:17:54.0 +0100
@@ -1,0 +2,38 @@
+Fri Feb 7 07:32:55 UTC 2014 - pgaj...@suse.com
+
+- updated to 1.6.9:
+ Bookkeeping: Moved functions around (no changes). Moved transform
+function definitions before the place where they are called so that
+they can be masde static. Move the intrapixel functions and the
+grayscale palette builder out of the png?tran.c files. The latter
+isn't a transform function and is no longer used internally, and the
+former MNG specific functions are better placed in pngread/pngwrite.c
+ Made transform implementation functions static. This makes the internal
+functions called by png_do_{read|write}_transformations static. On an
+x86-64 DLL build (Gentoo Linux) this reduces the size of the text
+segment of the DLL by 1208 bytes, about 0.6%. It also simplifies
+maintenance by removing the declarations from pngpriv.h and allowing
+easier changes to the internal interfaces.
+ Rebuilt configure scripts with automake-1.14.1 and autoconf-2.69
+in the tar distributions.
+ Added checks for libpng 1.5 to pngvalid.c. This supports the use of
+this version of pngvalid in libpng 1.5
+ Merged with pngvalid.c from libpng-1.7 changes to create a single
+pngvalid.c
+ Merged pngrio.c, pngtrans.c, pngwio.c, and pngerror.c with libpng-1.7.0
+ Merged libpng-1.7.0 changes to make no-interlace configurations work
+with test programs.
+ Revised pngvalid.c to support libpng 1.5, which does not support the
+PNG_MAXIMUM_INFLATE_WINDOW option, so #define it out when appropriate
+in pngvalid.c
+ Allow unversioned links created on install to be disabled in configure.
+In configure builds 'make install' changes/adds links like png.h
+and libpng.a to point to the newly installed, versioned, files (e.g.
+libpng17/png.h and libpng17.a). Three new configure options and some
+rearrangement of Makefile.am allow creation of these links to be
+disabled.
+ Removed potentially misleading warning from png_check_IHDR().
+ Updated scripts/makefile.* to use CPPFLAGS (Cosmin).
+ Added clang attribute support (Cosmin).
+
+---
Old:
libpng-1.6.8.tar.xz
libpng-1.6.8.tar.xz.asc
New:
libpng-1.6.9.tar.xz
libpng-1.6.9.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.hepDGP/_old 2014-02-09 13:17:56.0 +0100
+++ /var/tmp/diff_new_pack.hepDGP/_new 2014-02-09 13:17:56.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package libpng16
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 8
+%define micro 9
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
@@ -31,7 +31,7 @@
License:Zlib
Group: System/Libraries
Source0:
ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz
-Source1:
ftp://ftp.simplesystems.org/pub/png/src/libpng16/Gnupg/libpng-%{version}.tar.xz.asc
+Source1:
ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz.asc
Source2:libpng16.keyring
Source3:rpm-macros.libpng-tools
Source4:baselibs.conf
++ libpng-1.6.8.tar.xz -> libpng-1.6.9.tar.xz ++
9862 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2013-12-30 10:08:40
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-12-02
15:08:30.0 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-12-30
10:08:41.0 +0100
@@ -1,0 +2,19 @@
+Fri Dec 20 07:08:48 UTC 2013 - pgaj...@suse.com
+
+- updated to 1.6.8:
+ Changed #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED in pngpread.c to
+#ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED to be consistent with
+what is in pngpriv.h.
+ Moved prototype for png_handle_unknown() in pngpriv.h outside of
+the #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED/#endif block.
+ Enabled WRITE_INVERT and WRITE_PACK in contrib/pngminim/encoder.
+ Fixed pngvalid 'fail' function declaration on the Intel C Compiler.
+This reverts to the previous 'static' implementation and works round
+the 'unused static function' warning by using PNG_UNUSED().
+ Handle zero-length PLTE chunk or NULL palette with png_error()
+instead of png_chunk_report(), which by default issues a warning
+rather than an error, leading to later reading from a NULL pointer
+(png_ptr->palette) in png_do_expand_palette(). This is CVE-2013-6954
+and VU#650142.
+
+---
Old:
libpng-1.6.7.tar.xz
libpng-1.6.7.tar.xz.asc
New:
libpng-1.6.8.tar.xz
libpng-1.6.8.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.waCoVU/_old 2013-12-30 10:08:42.0 +0100
+++ /var/tmp/diff_new_pack.waCoVU/_new 2013-12-30 10:08:42.0 +0100
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 7
+%define micro 8
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
++ libpng-1.6.7.tar.xz -> libpng-1.6.8.tar.xz ++
3681 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2013-12-02 15:08:28
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-11-15
13:26:15.0 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-12-02
15:08:30.0 +0100
@@ -1,0 +2,6 @@
+Mon Dec 2 09:35:17 UTC 2013 - pgaj...@suse.com
+
+- png_fix macro doesn't leave *.png.fixed (which happened for correct
+ PNGs) [bnc#852862]
+
+---
Other differences:
--
++ rpm-macros.libpng-tools ++
--- /var/tmp/diff_new_pack.MtwOqc/_old 2013-12-02 15:08:31.0 +0100
+++ /var/tmp/diff_new_pack.MtwOqc/_new 2013-12-02 15:08:31.0 +0100
@@ -12,7 +12,8 @@
echo "Missing argument in call to %%png_fix: path and name of png file." \
exit 1 \
fi \
- /usr/bin/pngfix %{-q: -qq} --suffix='.fixed' "%1" || mv "%1.fixed" "%1" \
+ /usr/bin/pngfix %{-q: -qq} --suffix='.fixed' "%1" || true \
+ mv "%1.fixed" "%1" \
%nil
#
# macro: %png_fix_dir
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2013-11-15 13:26:14
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-09-26
19:35:55.0 +0200
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-11-15
13:26:15.0 +0100
@@ -1,0 +2,15 @@
+Fri Nov 15 07:56:22 UTC 2013 - pgaj...@suse.com
+
+- updated to 1.6.7:
+ * Revised unknown chunk code to correct several bugs in the
+NO_SAVE_/NO_WRITE combination
+ * Check user callback behavior in pngunknown.c. Previous versions
+compiled if SAVE_UNKNOWN was not available but did nothing since the
+callback was never implemented.
+ * Merged pngunknown.c with 1.7 version and back ported 1.7
+improvements/fixes
+ * Revised pngvalid to generate size images with as many filters as
+it can manage, limited by the number of rows.
+ * ARM improvements/fixes
+
+---
Old:
libpng-1.6.6.tar.xz
libpng-1.6.6.tar.xz.asc
New:
libpng-1.6.7.tar.xz
libpng-1.6.7.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.jNGO5u/_old 2013-11-15 13:26:15.0 +0100
+++ /var/tmp/diff_new_pack.jNGO5u/_new 2013-11-15 13:26:15.0 +0100
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 6
+%define micro 7
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
++ libpng-1.6.6.tar.xz -> libpng-1.6.7.tar.xz ++
3186 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2013-09-26 19:35:54
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-09-13
14:43:29.0 +0200
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-09-26
19:35:55.0 +0200
@@ -1,0 +2,6 @@
+Wed Sep 25 08:08:55 UTC 2013 - pgaj...@suse.com
+
+- updated to 1.6.6:
+ * fix arm build
+
+---
Old:
libpng-1.6.4.tar.xz
libpng-1.6.4.tar.xz.asc
New:
libpng-1.6.6.tar.xz
libpng-1.6.6.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.EtsZJx/_old 2013-09-26 19:35:56.0 +0200
+++ /var/tmp/diff_new_pack.EtsZJx/_new 2013-09-26 19:35:56.0 +0200
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 4
+%define micro 6
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
++ libpng-1.6.4.tar.xz -> libpng-1.6.6.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libpng-1.6.4/ANNOUNCE new/libpng-1.6.6/ANNOUNCE
--- old/libpng-1.6.4/ANNOUNCE 2013-09-12 04:28:34.0 +0200
+++ new/libpng-1.6.6/ANNOUNCE 2013-09-16 17:33:45.0 +0200
@@ -1,5 +1,5 @@
-Libpng 1.6.4 - September 12, 2013
+Libpng 1.6.6 - September 16, 2013
This is a public release of libpng, intended for use in production codes.
@@ -8,28 +8,24 @@
Source files with LF line endings (for Unix/Linux) and with a
"configure" script
- libpng-1.6.4.tar.xz (LZMA-compressed, recommended)
- libpng-1.6.4.tar.gz
+ libpng-1.6.6.tar.xz (LZMA-compressed, recommended)
+ libpng-1.6.6.tar.gz
Source files with CRLF line endings (for Windows), without the
"configure" script
- lpng164.7z (LZMA-compressed, recommended)
- lpng164.zip
+ lpng166.7z (LZMA-compressed, recommended)
+ lpng166.zip
Other information:
- libpng-1.6.4-README.txt
- libpng-1.6.4-LICENSE.txt
+ libpng-1.6.6-README.txt
+ libpng-1.6.6-LICENSE.txt
Gnupg/*.asc (PGP armored detached signatures)
-Changes since the last public release (1.6.3):
- Added information about png_set_options() to the manual.
- Delay calling png_init_filter_functions() until a row with nonzero filter
-is found.
- Fixed inconsistent conditional compilation of png_chunk_unknown_handling()
-prototype, definition, and usage. Made it depend on
-PNG_HANDLE_AS_UNKNOWN_SUPPORTED everywhere.
+Changes since the last public release (1.6.5):
+
+ Removed two stray lines of code from arm/arm_init.c, again.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libpng-1.6.4/CHANGES new/libpng-1.6.6/CHANGES
--- old/libpng-1.6.4/CHANGES2013-09-12 04:28:35.0 +0200
+++ new/libpng-1.6.6/CHANGES2013-09-16 17:33:45.0 +0200
@@ -4634,6 +4634,12 @@
Version 1.6.4 [September 12, 2013]
No changes.
+Version 1.6.5 [September 14, 2013]
+ Removed two stray lines of code from arm/arm_init.c.
+
+Version 1.6.6beta01 [September 16, 2013]
+ Removed two stray lines of code from arm/arm_init.c, again.
+
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libpng-1.6.4/CMakeLists.txt
new/libpng-1.6.6/CMakeLists.txt
--- old/libpng-1.6.4/CMakeLists.txt 2013-09-12 04:28:35.0 +0200
+++ new/libpng-1.6.6/CMakeLists.txt 2013-09-16 17:33:45.0 +0200
@@ -16,7 +16,7 @@
set(PNGLIB_MAJOR 1)
set(PNGLIB_MINOR 6)
-set(PNGLIB_RELEASE 4)
+set(PNGLIB_RELEASE 6)
set(PNGLIB_NAME libpng${PNGLIB_MAJOR}${PNGLIB_MINOR})
set(PNGLIB_VERSION ${PNGLIB_MAJOR}.${PNGLIB_MINOR}.${PNGLIB_RELEASE})
@@ -252,7 +252,7 @@
# SET UP LINKS
if(PNG_SHARED)
set_target_properties(${PNG_LIB_NAME} PROPERTIES
-# VERSION 16.${PNGLIB_RELEASE}.1.6.4
+# VERSION 16.${PNGLIB_RELEASE}.1.6.6
VERSION 16.${PNGLIB_RELEASE}.0
SOVERSION 16
CLEAN_DIRECT_OUTPUT 1)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libpng-1.6.4/LICENSE new/libpng-1.6.6/LICENSE
--- old/libpng-1.6.4/LICENSE2013-09-12 04:28:35.0 +0200
+++ new/libpng-1.6.6/LICENSE2013-09-16 17:33:45.0 +0200
@@ -10,7 +10,7 @@
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2013-09-13 14:43:29
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-08-30
16:11:45.0 +0200
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-09-13
14:43:29.0 +0200
@@ -1,0 +2,11 @@
+Thu Sep 12 13:21:53 UTC 2013 - pgaj...@suse.com
+
+- updated to 1.6.4:
+ * Added information about png_set_options() to the manual.
+ * Delay calling png_init_filter_functions() until a row with nonzero
+filter is found.
+ * Fixed inconsistent conditional compilation of
+png_chunk_unknown_handling() prototype, definition, and usage.
+Made it depend on PNG_HANDLE_AS_UNKNOWN_SUPPORTED everywhere.
+
+---
Old:
libpng-1.6.3.tar.xz
libpng-1.6.3.tar.xz.asc
New:
libpng-1.6.4.tar.xz
libpng-1.6.4.tar.xz.asc
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.nB3qxp/_old 2013-09-13 14:43:30.0 +0200
+++ /var/tmp/diff_new_pack.nB3qxp/_new 2013-09-13 14:43:30.0 +0200
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 3
+%define micro 4
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
++ libpng-1.6.3.tar.xz -> libpng-1.6.4.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libpng-1.6.3/ANNOUNCE new/libpng-1.6.4/ANNOUNCE
--- old/libpng-1.6.3/ANNOUNCE 2013-07-18 02:02:59.0 +0200
+++ new/libpng-1.6.4/ANNOUNCE 2013-09-12 04:28:34.0 +0200
@@ -1,5 +1,5 @@
-Libpng 1.6.3 - July 18, 2013
+Libpng 1.6.4 - September 12, 2013
This is a public release of libpng, intended for use in production codes.
@@ -8,106 +8,28 @@
Source files with LF line endings (for Unix/Linux) and with a
"configure" script
- libpng-1.6.3.tar.xz (LZMA-compressed, recommended)
- libpng-1.6.3.tar.gz
+ libpng-1.6.4.tar.xz (LZMA-compressed, recommended)
+ libpng-1.6.4.tar.gz
Source files with CRLF line endings (for Windows), without the
"configure" script
- lpng163.7z (LZMA-compressed, recommended)
- lpng163.zip
+ lpng164.7z (LZMA-compressed, recommended)
+ lpng164.zip
Other information:
- libpng-1.6.3-README.txt
- libpng-1.6.3-LICENSE.txt
-
-Changes since the last public release (1.6.2):
-
- Revised stack marking in arm/filter_neon.S and configure.ac.
- Ensure that NEON filter stuff is completely disabled when switched 'off'.
-Previously the ARM NEON specific files were still built if the option
-was switched 'off' as opposed to being explicitly disabled.
- Test for 'arm*' not just 'arm' in the host_cpu configure variable.
- Rebuilt the configure scripts.
- Expanded manual paragraph about writing private chunks, particularly
-the need to call png_set_keep_unknown_chunks() when writing them.
- Avoid dereferencing NULL pointer possibly returned from
- png_create_write_struct() (Andrew Church).
- Calculate our own zlib windowBits when decoding rather than trusting the
-CMF bytes in the PNG datastream.
- Added an option to force maximum window size for inflating, which was
-the behavior of libpng15 and earlier.
- Added png-fix-itxt and png-fix-too-far-back to the built programs and
-removed warnings from the source code and timepng that are revealed as
-a result.
- Detect wrong libpng versions linked to png-fix-too-far-back, which currently
-only works with libpng versions that can be made to reliably fail when
-the deflate data contains an out-of-window reference. This means only
-1.6 and later.
- Fixed gnu issues: g++ needs a static_cast, gcc 4.4.7 has a broken warning
-message which it is easier to work round than ignore.
- Updated contrib/pngminus/pnm2png.c (Paul Stewart):
-Check for EOF
-Ignore "#" delimited comments in input file to pnm2png.c.
-Fixed whitespace handling
-Added a call to png_set_packing()
-Initialize dimension values so if sscanf fails at least we have known
- invalid values.
- Attempt to detect configuration issues with png-fix-too-far-back, which
-requires both the correct libpng and the correct zlib to function
-correctly.
- Check ZLIB_VERNUM for mismatches, enclose #error in quotes
- Added information in the documentation about problems with and fixes for
-the bad CRC and bad iTXt chunk situations.
- Allow contrib/pngminus/pnm2png.c to compile without WRITE_INVERT and
-WRITE_PACK supported (write
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2013-08-30 16:11:44
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-08-13
11:01:00.0 +0200
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-08-30
16:11:45.0 +0200
@@ -1,0 +2,5 @@
+Fri Aug 30 14:08:02 UTC 2013 - co...@suse.com
+
+- remove gpg-offline usage, libpng16 is too low in the build chain
+
+---
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.ZBevN7/_old 2013-08-30 16:11:46.0 +0200
+++ /var/tmp/diff_new_pack.ZBevN7/_new 2013-08-30 16:11:46.0 +0200
@@ -35,9 +35,7 @@
Source2:libpng16.keyring
Source3:rpm-macros.libpng-tools
Source4:baselibs.conf
-%if 0%{?suse_version} >= 1230
-BuildRequires: gpg-offline
-%endif
+#BuildRequires: gpg-offline
BuildRequires: libtool
BuildRequires: pkg-config
BuildRequires: zlib-devel
@@ -111,7 +109,6 @@
PNG files.
%prep
-%{?gpg_verify: %gpg_verify %{SOURCE1}}
%setup -n libpng-%{version}
%build
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2013-08-13 11:00:59
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-06-24
09:34:11.0 +0200
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-08-13
11:01:00.0 +0200
@@ -1,0 +2,15 @@
+Thu Aug 8 15:19:27 UTC 2013 - pgaj...@suse.com
+
+- png-fix-too-far-back was actually renamed to pngfix. Adjusted rpm
+ macro names accordingly, %png_fix and %png_fix_dir.
+
+---
+Tue Aug 6 08:53:22 UTC 2013 - pgaj...@suse.com
+
+- updated to 1.6.3:
+ * Added png-fix-itxt and png-fix-too-far-back to the built programs and
+ removed warnings from the source code and timepng that are revealed as
+ a result.
+ => new subpackage tools, created rpm macros
+
+---
Old:
libpng-1.6.2.tar.bz2
New:
libpng-1.6.3.tar.xz
libpng-1.6.3.tar.xz.asc
libpng16.keyring
rpm-macros.libpng-tools
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.3z3QSx/_old 2013-08-13 11:01:01.0 +0200
+++ /var/tmp/diff_new_pack.3z3QSx/_new 2013-08-13 11:01:01.0 +0200
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 2
+%define micro 3
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
@@ -30,8 +30,14 @@
Summary:Library for the Portable Network Graphics Format (PNG)
License:Zlib
Group: System/Libraries
-Source: libpng-%{version}.tar.bz2
-Source2:baselibs.conf
+Source0:
ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz
+Source1:
ftp://ftp.simplesystems.org/pub/png/src/libpng16/Gnupg/libpng-%{version}.tar.xz.asc
+Source2:libpng16.keyring
+Source3:rpm-macros.libpng-tools
+Source4:baselibs.conf
+%if 0%{?suse_version} >= 1230
+BuildRequires: gpg-offline
+%endif
BuildRequires: libtool
BuildRequires: pkg-config
BuildRequires: zlib-devel
@@ -72,6 +78,12 @@
Obsoletes: libpng-devel < 1.2.44
Conflicts: otherproviders(libpng-devel)
+%package tools
+Summary:Tools for Manipulating PNG Images
+Group: Productivity/Graphics/Other
+Provides: libpng-tools = %{version}
+Conflicts: otherproviders(libpng-tools)
+
%description
libpng is the official reference library for the Portable Network
Graphics format (PNG).
@@ -94,7 +106,12 @@
tools necessary for compiling and linking programs that don't care
about libpng version.
+%description tools
+Package consists of low level tools for manipulating and fixing particular
+PNG files.
+
%prep
+%{?gpg_verify: %gpg_verify %{SOURCE1}}
%setup -n libpng-%{version}
%build
@@ -112,6 +129,9 @@
%install
make install DESTDIR=$RPM_BUILD_ROOT
rm $RPM_BUILD_ROOT/%{_libdir}/libpng*.la
+mkdir -p %{buildroot}%{_sysconfdir}/rpm
+cp -a %{SOURCE3} \
+ %{buildroot}%{_sysconfdir}/rpm/macros.libpng-tools
%post -n %{libname} -p /sbin/ldconfig
@@ -139,4 +159,10 @@
%doc %{_mandir}/man3/libpngpf.3.gz
%doc %{_mandir}/man5/png.5.gz
+%files tools
+%defattr(-,root,root)
+%{_bindir}/png-fix-itxt
+%{_bindir}/pngfix
+%{_sysconfdir}/rpm/macros.libpng-tools
+
%changelog
++ rpm-macros.libpng-tools ++
# macro: %png_fix path/to/name-of.png
#for given png, fixes 'IDAT: invalid distance too far back', etc.,
#see pngfix --help
#
# -q do not output if macro fixed something or find unrecoverable error
#
# this macro fails only if there is an unrecoverable error in the png
# -- pngfix returns nonzero and $png.fixed doesn't exist; run pngfix
# on that file, see return code and compare with pngfix --help output
%png_fix(q) \
if test "x%1" == "x%%1"; then \
echo "Missing argument in call to %%png_fix: path and name of png file." \
exit 1 \
fi \
/usr/bin/pngfix %{-q: -qq} --suffix='.fixed' "%1" || mv "%1.fixed" "%1" \
%nil
#
# macro: %png_fix_dir
#for given directory, search *.png (recursively) and potentionaly
#fix 'IDAT: invalid distance too far back', etc., see pngfix --help
#
# -q do not output if pngfix fixed something or find unrecoverable error
#
%png_fix_dir(q) \
if test "x%1" == "x%%1"; then \
echo "Missing argument in call to %%png_fix_dir: dir where to search png
files." \
exit 1 \
fi \
for png in `find "%1" -iname '*.png'`; do \
# -q will be propagated \
%png_fix $png \
done \
%nil
--
To unsu
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2013-06-24 09:34:09
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16"
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-04-26
13:27:39.0 +0200
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-06-24
09:34:11.0 +0200
@@ -1,0 +2,10 @@
+Fri Jun 21 18:36:31 UTC 2013 - crrodrig...@opensuse.org
+
+- Build with LFS_CFLAGS in 32 bit archs otherwise calls such
+ as png_image_begin_read_from_file() or png_image_write_to_file()
+ will fail to read/write huge images.
+
+- Build with Full RELRO as this library is a possible consumer
+ of malicuous images/files.
+
+---
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.9SgJck/_old 2013-06-24 09:34:11.0 +0200
+++ /var/tmp/diff_new_pack.9SgJck/_new 2013-06-24 09:34:11.0 +0200
@@ -98,16 +98,13 @@
%setup -n libpng-%{version}
%build
-# We'll never use the old pgcc-2.95.1 with the buggy -O3, so having
-# the -O3 that is originally used should work.
-# Substitute the -O2 to -O3 because I'm not sure if simply appending
-# it will preserve(not override) the detailed opt flags used in RPM_OPT_FLAGS:
-CFLAGS="`echo $RPM_OPT_FLAGS|sed 's/-O2/-O3/'` -DPNG_SKIP_SETJMP_CHECK" \
- ./configure --prefix=/usr \
- --libdir=%{_libdir} \
- --mandir=%{_mandir} \
+export CFLAGS="%optflags -O3 -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)"
+export LDFLAGS="-Wl,-z,relro,-z,now"
+
+%configure \
--disable-static \
--with-libpng-compat=no
+make %{?_smp_mflags}
%check
make check
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2013-04-05 07:34:57
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16", Maintainer is ""
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-03-20
09:53:25.0 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-04-05
07:36:42.0 +0200
@@ -1,0 +2,30 @@
+Tue Apr 2 13:35:08 UTC 2013 - pgaj...@suse.com
+
+- conflict with libpng12-compat-devel-32bit and libpng15-compat-devel-32bit
+
+---
+Thu Mar 28 08:12:03 UTC 2013 - pgaj...@suse.com
+
+- updated to 1.6.1:
+ Made sRGB check numbers consistent.
+ Use parentheses more consistently in "#if defined(MACRO)" tests.
+ Reenabled code to allow zero length PLTE chunks for MNG.
+ Fixed ALIGNED_MEMORY support.
+ Avoid a possible memory leak in contrib/gregbook/readpng.c
+ Better documentation of unknown handling API interactions.
+ Corrected simplified API default gamma for color-mapped output, added
+a flag to change default. In 1.6.0 when the simplified API was used
+to produce color-mapped output from an input image with no gamma
+information the gamma assumed for the input could be different from
+that assumed for non-color-mapped output. In particular 16-bit depth
+input files were assumed to be sRGB encoded, whereas in the 'direct'
+case they were assumed to have linear data. This was an error. The
+fix makes the simplified API treat all input files the same way and
+adds a new flag to the png_image::flags member to allow the
+application/user to specify that 16-bit files contain sRGB data
+rather than the default linear.
+ etc., see ANNOUNCE or CHANGES for details
+- dropped upstreamed
+ 0387-Reenable-code-to-allow-zero-length-PLTE-chunks-for-M.patch
+
+---
Old:
libpng-1.6.0.tar.bz2
libpng16-0387-Reenable-code-to-allow-zero-length-PLTE-chunks-for-M.patch
New:
libpng-1.6.1.tar.bz2
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.TMAte6/_old 2013-04-05 07:36:44.0 +0200
+++ /var/tmp/diff_new_pack.TMAte6/_new 2013-04-05 07:36:44.0 +0200
@@ -19,7 +19,7 @@
#
%define major 1
%define minor 6
-%define micro 0
+%define micro 1
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
@@ -32,8 +32,6 @@
Group: System/Libraries
Source: libpng-%{version}.tar.bz2
Source2:baselibs.conf
-# will be upstreamed in 1.6.1
-Patch0:
libpng16-0387-Reenable-code-to-allow-zero-length-PLTE-chunks-for-M.patch
BuildRequires: libtool
BuildRequires: pkg-config
BuildRequires: zlib-devel
@@ -98,7 +96,6 @@
%prep
%setup -n libpng-%{version}
-%patch0 -p1
%build
# We'll never use the old pgcc-2.95.1 with the buggy -O3, so having
++ baselibs.conf ++
--- /var/tmp/diff_new_pack.TMAte6/_old 2013-04-05 07:36:44.0 +0200
+++ /var/tmp/diff_new_pack.TMAte6/_new 2013-04-05 07:36:44.0 +0200
@@ -7,3 +7,6 @@
libpng16-compat-devel
requires -libpng16-compat-
requires "libpng16-devel- = "
+ conflicts "libpng-devel-"
+ provides "libpng-devel-"
+
++ libpng-1.6.0.tar.bz2 -> libpng-1.6.1.tar.bz2 ++
6838 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2013-03-20 09:53:14
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16", Maintainer is ""
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-03-15
10:41:16.0 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-03-20
09:53:25.0 +0100
@@ -1,0 +2,6 @@
+Mon Mar 18 11:44:21 UTC 2013 - pgaj...@suse.com
+
+- allow zero length PLTE chunks
+ (fixes GraphicsMagick testsuite)
+
+---
New:
libpng16-0387-Reenable-code-to-allow-zero-length-PLTE-chunks-for-M.patch
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.DUiylK/_old 2013-03-20 09:53:26.0 +0100
+++ /var/tmp/diff_new_pack.DUiylK/_new 2013-03-20 09:53:26.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package libpng16
#
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -32,6 +32,8 @@
Group: System/Libraries
Source: libpng-%{version}.tar.bz2
Source2:baselibs.conf
+# will be upstreamed in 1.6.1
+Patch0:
libpng16-0387-Reenable-code-to-allow-zero-length-PLTE-chunks-for-M.patch
BuildRequires: libtool
BuildRequires: pkg-config
BuildRequires: zlib-devel
@@ -53,7 +55,10 @@
%package devel
Summary:Development Tools for applications which will use the Libpng
Group: Development/Libraries/C and C++
-Requires: zlib-devel glibc-devel %{libname} = %{version} pkg-config
+Requires: %{libname} = %{version}
+Requires: glibc-devel
+Requires: pkg-config
+Requires: zlib-devel
Recommends: libpng%{branch}-compat-devel
# bug437293
%ifarch ppc64
@@ -93,6 +98,7 @@
%prep
%setup -n libpng-%{version}
+%patch0 -p1
%build
# We'll never use the old pgcc-2.95.1 with the buggy -O3, so having
++ libpng16-0387-Reenable-code-to-allow-zero-length-PLTE-chunks-for-M.patch
++
http://sourceforge.net/mailarchive/forum.php?thread_name=20130219075910.GK27522%40danbala.tuwien.ac.at&forum_name=png-mng-implement
>From 9ee585718b346d32767015152a728106922b49d1 Mon Sep 17 00:00:00 2001
Message-Id:
<9ee585718b346d32767015152a728106922b49d1.1361241956.git.jbow...@acm.org>
From: John Bowler
Date: Mon, 18 Feb 2013 18:44:14 -0800
Subject: [libpng16] Reenable code to allow zero length PLTE chunks for MNG
support.
Signed-off-by: John Bowler
---
pngset.c | 16 ++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/pngset.c b/pngset.c
index ac39a44..f89861e 100644
--- a/pngset.c
+++ b/pngset.c
@@ -514,7 +514,7 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr,
png_debug1(1, "in %s storage function", "PLTE");
- if (png_ptr == NULL || info_ptr == NULL || palette == NULL)
+ if (png_ptr == NULL || info_ptr == NULL)
return;
if (num_palette < 0 || num_palette > PNG_MAX_PALETTE_LENGTH)
@@ -529,6 +529,17 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr,
}
}
+ if ((num_palette > 0 && palette == NULL) ||
+ (num_palette == 0
+#ifdef PNG_MNG_FEATURES_SUPPORTED
+&& (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0
+#endif
+ ))
+ {
+ png_chunk_report(png_ptr, "Invalid palette", PNG_CHUNK_ERROR);
+ return;
+ }
+
/* It may not actually be necessary to set png_ptr->palette here;
* we do it for backward compatibility with the way the png_handle_tRNS
* function used to do the allocation.
@@ -545,7 +556,8 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr,
png_ptr->palette = png_voidcast(png_colorp, png_calloc(png_ptr,
PNG_MAX_PALETTE_LENGTH * (sizeof (png_color;
- memcpy(png_ptr->palette, palette, num_palette * (sizeof (png_color)));
+ if (num_palette > 0)
+ memcpy(png_ptr->palette, palette, num_palette * (sizeof (png_color)));
info_ptr->palette = png_ptr->palette;
info_ptr->num_palette = png_ptr->num_palette = (png_uint_16)num_palette;
--
1.8.1.2
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community,
here is the log from the commit of package libpng16 for openSUSE:Factory
checked in at 2013-03-15 10:41:14
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
and /work/SRC/openSUSE:Factory/.libpng16.new (New)
Package is "libpng16", Maintainer is ""
Changes:
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-03-11
10:18:24.0 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-03-15
10:41:16.0 +0100
@@ -1,0 +2,5 @@
+Mon Mar 4 07:50:46 UTC 2013 - pgaj...@suse.com
+
+- remove clean section
+
+---
Other differences:
--
++ libpng16.spec ++
--- /var/tmp/diff_new_pack.qXuJgz/_old 2013-03-15 10:41:18.0 +0100
+++ /var/tmp/diff_new_pack.qXuJgz/_new 2013-03-15 10:41:18.0 +0100
@@ -113,9 +113,6 @@
make install DESTDIR=$RPM_BUILD_ROOT
rm $RPM_BUILD_ROOT/%{_libdir}/libpng*.la
-%clean
-rm -rf "$RPM_BUILD_ROOT"
-
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
