commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2019-04-18 13:57:46 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new.5536 (New) Package is "libpng16" Thu Apr 18 13:57:46 2019 rev:42 rq:694940 version:1.6.37 Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2019-02-04 21:24:21.295611170 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new.5536/libpng16.changes 2019-04-18 13:58:13.627991261 +0200 @@ -1,0 +2,20 @@ +Wed Apr 17 06:29:11 UTC 2019 - pgaj...@suse.com + +- make check actually works under asan + +--- +Mon Apr 15 15:02:33 UTC 2019 - pgaj...@suse.com + +- version update to 1.6.37 + Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free. + Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette. + Fixed a memory leak in pngtest.c. + Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in +contrib/pngminus; refactor. + Changed the license of contrib/pngminus to MIT; refresh makefile and docs. +(Contributed by Willem van Schaik) + Added makefiles for AddressSanitizer-enabled builds. +- deleted patches + - libpng-arm-free.patch (upstreamed) + +--- Old: libpng-1.6.36.tar.xz libpng-arm-free.patch New: libpng-1.6.37.tar.xz Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.sRYUi0/_old 2019-04-18 13:58:14.291991482 +0200 +++ /var/tmp/diff_new_pack.sRYUi0/_new 2019-04-18 13:58:14.291991482 +0200 @@ -21,7 +21,7 @@ %define major 1 %define minor 6 -%define micro 36 +%define micro 37 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} %define debug_package_requires %{libname} = %{version}-%{release} @@ -32,7 +32,6 @@ License:Zlib Group: Development/Libraries/C and C++ Url:http://www.libpng.org/pub/png/libpng.html -Patch0: libpng-arm-free.patch Source0: http://prdownloads.sourceforge.net/libpng/libpng-%{version}.tar.xz Source2:libpng16.keyring Source3:rpm-macros.libpng-tools @@ -98,7 +97,6 @@ %prep %setup -q -n libpng-%{version} -%patch0 -p1 %build # PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1 @@ -116,10 +114,6 @@ make %{?_smp_mflags} %check -%if %{asan_build} -# ASAN needs /proc to be mounted -exit 0 -%endif make -j1 check %install ++ libpng-1.6.36.tar.xz -> libpng-1.6.37.tar.xz ++ 3105 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2019-02-04 21:24:19 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new.28833 (New) Package is "libpng16" Mon Feb 4 21:24:19 2019 rev:41 rq:669458 version:1.6.36 Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2019-01-03 18:05:25.760204290 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new.28833/libpng16.changes 2019-02-04 21:24:21.295611170 +0100 @@ -1,0 +2,12 @@ +Mon Jan 28 11:43:05 UTC 2019 - Petr Gajdos + +- fix arm build [bsc#1121829] + + libpng-arm-free.patch + +--- +Mon Jan 14 13:11:39 UTC 2019 - Petr Gajdos + +- asan_build: build ASAN included +- debug_build: build more suitable for debugging, install pngcp + +--- New: libpng-arm-free.patch Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.s4g5Jz/_old 2019-02-04 21:24:21.919611016 +0100 +++ /var/tmp/diff_new_pack.s4g5Jz/_new 2019-02-04 21:24:21.919611016 +0100 @@ -1,7 +1,7 @@ # # spec file for package libpng16 # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,7 +16,9 @@ # -# +%define debug_build 0 +%define asan_build 0 + %define major 1 %define minor 6 %define micro 36 @@ -30,6 +32,7 @@ License:Zlib Group: Development/Libraries/C and C++ Url:http://www.libpng.org/pub/png/libpng.html +Patch0: libpng-arm-free.patch Source0: http://prdownloads.sourceforge.net/libpng/libpng-%{version}.tar.xz Source2:libpng16.keyring Source3:rpm-macros.libpng-tools @@ -95,17 +98,28 @@ %prep %setup -q -n libpng-%{version} +%patch0 -p1 %build # PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1 export CFLAGS="%{optflags} -O3 -DPNG_SAFE_LIMITS_SUPPORTED -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)" export LDFLAGS="-Wl,-z,relro,-z,now" - +%if %{debug_build} +export CFLAGS="$CFLAGS -Og" +%endif %configure \ --disable-static +%if %{asan_build} +sed -i -e 's/^\(CFLAGS.*\)$/\1 -fsanitize=address/' \ + -e 's/\(^LIBS =.*\)/\1 -lasan/' Makefile +%endif make %{?_smp_mflags} %check +%if %{asan_build} +# ASAN needs /proc to be mounted +exit 0 +%endif make -j1 check %install @@ -114,6 +128,9 @@ mkdir -p %{buildroot}%{_sysconfdir}/rpm cp -a %{SOURCE3} \ %{buildroot}%{_sysconfdir}/rpm/macros.libpng-tools +%if %{debug_build} ||%{asan_build} +install -m755 .libs/pngcp %{buildroot}/%{_bindir} +%endif %post -n %{libname} -p /sbin/ldconfig %postun -n %{libname} -p /sbin/ldconfig @@ -140,6 +157,9 @@ %files tools %{_bindir}/png-fix-itxt %{_bindir}/pngfix +%if %{debug_build} || %{asan_build} +%{_bindir}/pngcp +%endif %{_sysconfdir}/rpm/macros.libpng-tools %changelog ++ libpng-arm-free.patch ++ Index: libpng-1.6.36/pngread.c === --- libpng-1.6.36.orig/pngread.c2018-12-01 15:36:00.0 +0100 +++ libpng-1.6.36/pngread.c 2019-01-28 12:41:14.044709070 +0100 @@ -994,6 +994,11 @@ png_read_destroy(png_structrp png_ptr) png_ptr->chunk_list = NULL; #endif +#if PNG_ARM_NEON_IMPLEMENTATION == 1 + png_free(png_ptr, png_ptr->riffled_palette); + png_ptr->riffled_palette = NULL; +#endif + /* NOTE: the 'setjmp' buffer may still be allocated and the memory and error * callbacks are still set at this point. They are required to complete the * destruction of the png_struct itself.
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2019-01-03 18:05:24 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new.28833 (New) Package is "libpng16" Thu Jan 3 18:05:24 2019 rev:40 rq:662196 version:1.6.36 Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2018-08-07 09:39:38.848951417 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new.28833/libpng16.changes 2019-01-03 18:05:25.760204290 +0100 @@ -1,0 +2,39 @@ +Mon Dec 31 09:41:53 UTC 2018 - Petr Gajdos + +- update to 1.6.36: + Replaced the remaining uses of png_size_t with size_t (Cosmin) +Fixed the calculation of row_factor in png_check_chunk_length + (reported by Thuan Pham in SourceForge issue #278) +Added missing parentheses to a macro definition + (suggested by "irwir" in GitHub issue #216) +Optimized png_do_expand_palette for ARM processors. +Improved performance by around 10-22% on a recent ARM Chromebook. +(Contributed by Richard Townsend, ARM Holdings) +Fixed manipulation of machine-specific optimization options. +(Contributed by Vicki Pfau) +Used memcpy instead of manual pointer arithmetic on Intel SSE2. +(Contributed by Samuel Williams) +Fixed build errors with MSVC on ARM64. +(Contributed by Zhijie Liang) +Fixed detection of libm in CMakeLists. +(Contributed by Cameron Cawley) +Fixed incorrect creation of pkg-config file in CMakeLists. +(Contributed by Kyle Bentley) +Fixed the CMake build on Windows MSYS by avoiding symlinks. +Fixed a build warning on OpenBSD. +(Contributed by Theo Buehler) +Fixed various typos in comments. +(Contributed by "luz.paz") +Raised the minimum required CMake version from 3.0.2 to 3.1. +Removed yet more of the vestigial support for pre-ANSI C compilers. +Removed ancient makefiles for ancient systems that have been broken +across all previous libpng-1.6.x versions. +Removed the Y2K compliance statement and the export control +information. +Applied various code style and documentation fixes. +- removed patches + * libpng16-CVE-2018-13785.patch (upstreamed) +- cannot find upstream tarball signature, asked upstream for + clarification + +--- Old: libpng-1.6.34.tar.xz libpng-1.6.34.tar.xz.asc libpng16-CVE-2018-13785.patch New: libpng-1.6.36.tar.xz Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.Rj7Bnx/_old 2019-01-03 18:05:26.312203799 +0100 +++ /var/tmp/diff_new_pack.Rj7Bnx/_new 2019-01-03 18:05:26.312203799 +0100 @@ -12,14 +12,14 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # # %define major 1 %define minor 6 -%define micro 34 +%define micro 36 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} %define debug_package_requires %{libname} = %{version}-%{release} @@ -30,12 +30,10 @@ License:Zlib Group: Development/Libraries/C and C++ Url:http://www.libpng.org/pub/png/libpng.html -Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz -Source1: ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz.asc +Source0: http://prdownloads.sourceforge.net/libpng/libpng-%{version}.tar.xz Source2:libpng16.keyring Source3:rpm-macros.libpng-tools Source4:baselibs.conf -Patch0: libpng16-CVE-2018-13785.patch BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: zlib-devel @@ -97,7 +95,6 @@ %prep %setup -q -n libpng-%{version} -%patch0 -p1 %build # PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1 ++ libpng-1.6.34.tar.xz -> libpng-1.6.36.tar.xz ++ 17721 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2018-08-07 09:39:30 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Tue Aug 7 09:39:30 2018 rev:39 rq:626863 version:1.6.34 Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2018-02-09 15:43:22.996359494 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2018-08-07 09:39:38.848951417 +0200 @@ -1,0 +2,7 @@ +Wed Aug 1 08:01:23 UTC 2018 - pgaj...@suse.com + +- security update: + * CVE-2018-13785 [bsc#1100687] ++ libpng16-CVE-2018-13785.patch + +--- New: libpng16-CVE-2018-13785.patch Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.ZnFKs7/_old 2018-08-07 09:39:40.088953579 +0200 +++ /var/tmp/diff_new_pack.ZnFKs7/_new 2018-08-07 09:39:40.088953579 +0200 @@ -35,6 +35,7 @@ Source2:libpng16.keyring Source3:rpm-macros.libpng-tools Source4:baselibs.conf +Patch0: libpng16-CVE-2018-13785.patch BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: zlib-devel @@ -96,6 +97,7 @@ %prep %setup -q -n libpng-%{version} +%patch0 -p1 %build # PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1 ++ libpng16-CVE-2018-13785.patch ++ Index: libpng-1.6.34/pngrutil.c === --- libpng-1.6.34.orig/pngrutil.c 2017-09-29 10:40:57.0 +0200 +++ libpng-1.6.34/pngrutil.c2018-08-01 09:59:02.399741891 +0200 @@ -3149,7 +3149,7 @@ png_check_chunk_length(png_const_structr { png_alloc_size_t idat_limit = PNG_UINT_31_MAX; size_t row_factor = - (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1) + ((size_t)png_ptr->width * (size_t)png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1) + 1 + (png_ptr->interlaced? 6: 0)); if (png_ptr->height > PNG_UINT_32_MAX/row_factor) idat_limit=PNG_UINT_31_MAX;
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2018-02-09 15:43:21 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Fri Feb 9 15:43:21 2018 rev:38 rq:573091 version:1.6.34 Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2018-02-01 21:26:05.706310202 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2018-02-09 15:43:22.996359494 +0100 @@ -1,0 +2,6 @@ +Mon Feb 5 15:35:46 UTC 2018 - pgaj...@suse.com + +- %{libname} package provides libpng = %{version} again + [bsc#1079342] + +--- Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.sw0GC0/_old 2018-02-09 15:43:23.768331777 +0100 +++ /var/tmp/diff_new_pack.sw0GC0/_new 2018-02-09 15:43:23.772331633 +0100 @@ -42,6 +42,7 @@ %package -n %{libname} Summary:Library for the Portable Network Graphics Format (PNG) Group: System/Libraries +Provides: libpng = %{version} %package devel Summary:Development tools for applications which will use libpng
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2018-02-01 21:26:04 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Thu Feb 1 21:26:04 2018 rev:37 rq:571330 version:1.6.34 Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2017-08-12 19:42:49.729133282 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2018-02-01 21:26:05.706310202 +0100 @@ -1,0 +2,126 @@ +Wed Jan 31 09:57:56 UTC 2018 - pgaj...@suse.com + +- check with -j1 + +--- +Tue Jan 30 21:56:04 UTC 2018 - jeng...@inai.de + +- Fix SRPM group and grammar issues. + +--- +Tue Jan 30 15:32:19 UTC 2018 - pgaj...@suse.com + +- removed obsoleted Obsoletes + +--- +Sun Jan 28 02:00:45 UTC 2018 - avin...@opensuse.org + +- update to 1.6.34: + * Removed contrib/pngsuite/i*.png; some of these were incorrect +and caused test failures. +- includes 1.6.33: + * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added +missing parenthesis in contrib/pngminus/pnm2png.c + * Fixed off-by-one error in png_do_check_palette_indexes() + * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc +to fix shortlived oss-fuzz issue 3234. + * Compute a larger limit on IDAT because some applications write +a deflate buffer for each row + * Use current date (DATE) instead of release-date (RDATE) in last +changed date of contrib/oss-fuzz files. + * Enabled ARM support in CMakeLists.txt + * Fixed incorrect typecast of some arguments to png_malloc() and +png_calloc() that were png_uint_32 instead of png_alloc_size_t + * Use pnglibconf.h.prebuilt when building for ANDROID with cmake + * Initialize memory allocated by png_inflate to zero, using +memset, to stop an oss-fuzz "use of uninitialized value" +detection in png_set_text_2() due to truncated iTXt or zTXt +chunk. + * Initialize memory allocated by png_read_buffer to zero, using +memset, to stop an oss-fuzz "use of uninitialized value" +detection in png_icc_check_tag_table() due to truncated iCCP +chunk. + * Removed redundant tests + * Added an interlaced version of each file in contrib/pngsuite. + * Relocate new memset() call in pngrutil.c + * Add support for loading images with associated alpha in the +Simplified API + * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 +state + * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc + * Add end_info structure and png_read_end() to the libpng fuzzer +- includes 1.6.32: + * Avoid possible NULL dereference in png_handle_eXIf when +benign_errors are allowed. Avoid leaking the input buffer +"eXIf_buf". + * Eliminated png_ptr->num_exif member from pngstruct.h and added +num_exif to arguments for png_get_eXIf() and png_set_eXIf(). + * Added calls to png_handle_eXIf(() in pngread.c and +png_write_eXIf() in pngwrite.c, and made various other fixes +to png_write_eXIf(). + * Changed name of png_get_eXIF and png_set_eXIf() to +png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid +breaking API compatibility with libpng-1.6.31. + * Updated contrib/libtests/pngunknown.c with eXIf chunk. + * Initialized btoa[] in pngstest.c + * Stop memory leak when returning from png_handle_eXIf() with an +error + * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). + * Update libpng.3 and libpng-manual.txt about eXIf functions. + * Restored png_get_eXIf() and png_set_eXIf() to maintain API +compatability. + * Removed png_get_eXIf_1() and png_set_eXIf_1(). + * Check length of all chunks except IDAT against user limit to +fix an OSS-fuzz issue (Fixes CVE-2017-12652) + * Check length of IDAT against maximum possible IDAT size, +accounting for height, rowbytes, interlacing and zlib/deflate +overhead. + * Restored png_get_eXIf_1() and png_set_eXIf_1(), because +strlen(eXIf_buf) does not work (the eXIf chunk data can +contain zeroes). + * Revised symlink creation, no longer using deprecated cmake +LOCATION feature + * Fixed five-byte error in the calculation of IDAT maximum +possible size. + * Moved chunk-length check into a png_check_chunk_length() +private function + * Moved bad pngs from tests to contrib/libtests/crashers + * Moved testing of bad pngs into a separate +tests/pngtest-badpngs script + * Added the --xfail (expected FAIL) option to pngtest.c. It +writes XFAIL in the output but PASS for the libpng test. + * Require cmake-3.0.2 in CMakeLists.txt + * Fix "const" de
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2017-08-12 19:42:48 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Sat Aug 12 19:42:48 2017 rev:36 rq:514898 version:1.6.31 Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2017-07-30 11:26:24.945558641 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2017-08-12 19:42:49.729133282 +0200 @@ -1,0 +2,15 @@ +Mon Aug 7 09:46:11 UTC 2017 - pgaj...@suse.com + +- update to 1.6.31: + * Guard the definition of _POSIX_SOURCE in pngpriv.h. + * Revised pngpriv.h to work around failure to compile +arm/filter_neon.S. + * Added "Requires: zlib" to libpng.pc.in. + * Added special case for FreeBSD in arm/filter_neon.S. + * Changed "int" to "png_size_t" in intel/filter_sse2.c to prevent +possible integer overflow. + * Added eXIf chunk support. +- remove upstreamed + 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch + +--- Old: 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch libpng-1.6.30.tar.xz libpng-1.6.30.tar.xz.asc New: libpng-1.6.31.tar.xz libpng-1.6.31.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.5CKsH7/_old 2017-08-12 19:42:50.533020528 +0200 +++ /var/tmp/diff_new_pack.5CKsH7/_new 2017-08-12 19:42:50.537019967 +0200 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 30 +%define micro 31 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} @@ -35,8 +35,6 @@ Source2:libpng16.keyring Source3:rpm-macros.libpng-tools Source4:baselibs.conf -# PATCH-FIX-UPSTREAM 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch stefan.bru...@rwth-aachen.de -- Cherry-pick upstream fix for ARM build, fixed in 1.6.31 -Patch0: 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch #BuildRequires: gpg-offline BuildRequires: libtool BuildRequires: pkg-config @@ -111,7 +109,6 @@ %prep %setup -n libpng-%{version} -%patch0 -p1 %build # PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1 ++ libpng-1.6.30.tar.xz -> libpng-1.6.31.tar.xz ++ 2897 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2017-07-30 11:25:32 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Sun Jul 30 11:25:32 2017 rev:35 rq:511589 version:1.6.30 Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2017-07-04 11:55:27.962094546 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2017-07-30 11:26:24.945558641 +0200 @@ -1,0 +2,18 @@ +Wed Jul 19 15:51:28 UTC 2017 - stefan.bru...@rwth-aachen.de + +- Drop png-version-info-only.patch, it has no effect after applying + 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch + Both patches achieve the same, prefer the upstream version + +--- +Fri Jul 14 15:57:51 UTC 2017 - stefan.bru...@rwth-aachen.de + +- Add 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch + Fix build on ARM + +--- +Mon Jul 10 15:11:14 UTC 2017 - sch...@suse.de + +- png-version-info-only.patch: fix missing PNG_VERSION_INFO_ONLY check + +--- New: 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.aKn9ag/_old 2017-07-30 11:26:25.713450286 +0200 +++ /var/tmp/diff_new_pack.aKn9ag/_new 2017-07-30 11:26:25.717449722 +0200 @@ -35,6 +35,8 @@ Source2:libpng16.keyring Source3:rpm-macros.libpng-tools Source4:baselibs.conf +# PATCH-FIX-UPSTREAM 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch stefan.bru...@rwth-aachen.de -- Cherry-pick upstream fix for ARM build, fixed in 1.6.31 +Patch0: 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch #BuildRequires: gpg-offline BuildRequires: libtool BuildRequires: pkg-config @@ -109,6 +111,7 @@ %prep %setup -n libpng-%{version} +%patch0 -p1 %build # PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1 ++ 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch ++ >From 3f67eb68e05ae87ec985f413b97b4cdd2922533d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20Br=C3=83=C2=BCns?= Date: Fri, 14 Jul 2017 17:53:43 +0200 Subject: [PATCH] [libpng16] Revised pngpriv.h to use PNG_VERSION_INFO_ONLY instead of PNG_ARM_NEON_IMPLEMENTATION == 2 to exclude some definitions that assembler cannot recognize. [SBruens] Cherry-picked from 54126d5c59653e744ee8af81ba61fd910ce4d295, removed merge conflicts. --- pngpriv.h | 29 +++-- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/pngpriv.h b/pngpriv.h index a062a8da1..f50de2b86 100644 --- a/pngpriv.h +++ b/pngpriv.h @@ -452,6 +452,21 @@ # define png_fixed_error(s1,s2) png_err(s1) #endif +/* Some fixed point APIs are still required even if not exported because + * they get used by the corresponding floating point APIs. This magic + * deals with this: + */ +#ifdef PNG_FIXED_POINT_SUPPORTED +# define PNGFAPI PNGAPI +#else +# define PNGFAPI /* PRIVATE */ +#endif + +#ifndef PNG_VERSION_INFO_ONLY +/* Other defines specific to compilers can go here. Try to keep + * them inside an appropriate ifdef/endif pair for portability. + */ + /* C allows up-casts from (void*) to any pointer and (const void*) to any * pointer to a const object. C++ regards this as a type error and requires an * explicit, static, cast and provides the static_cast<> rune to ensure that @@ -480,20 +495,6 @@ # define png_aligncastconst(type, value) ((const void*)(value)) #endif /* __cplusplus */ -/* Some fixed point APIs are still required even if not exported because - * they get used by the corresponding floating point APIs. This magic - * deals with this: - */ -#ifdef PNG_FIXED_POINT_SUPPORTED -# define PNGFAPI PNGAPI -#else -# define PNGFAPI /* PRIVATE */ -#endif - -#ifndef PNG_VERSION_INFO_ONLY -/* Other defines specific to compilers can go here. Try to keep - * them inside an appropriate ifdef/endif pair for portability. - */ #if defined(PNG_FLOATING_POINT_SUPPORTED) ||\ defined(PNG_FLOATING_ARITHMETIC_SUPPORTED) /* png.c requires the following ANSI-C constants if the conversion of -- 2.13.2
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2017-07-04 11:55:09 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Tue Jul 4 11:55:09 2017 rev:34 rq:507405 version:1.6.30 Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2017-03-21 22:45:00.537294322 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2017-07-04 11:55:27.962094546 +0200 @@ -1,0 +2,16 @@ +Fri Jun 30 15:48:21 UTC 2017 - pgaj...@suse.com + +- update to 1.6.30: + Revised documentation of png_get_error_ptr() in the libpng manual. + Document need to check for integer overflow when allocating a pixel +buffer for multiple rows in contrib/gregbook, contrib/pngminus, +example.c, and in the manual (suggested by Jaeseung Choi). This +is similar to the bug reported against pngquant in CVE-2016-5735. + Check for integer overflow in contrib/visupng and contrib/tools/genpng. + Do not double evaluate CMAKE_SYSTEM_PROCESSOR in CMakeLists.txt. + Avoid writing an empty IDAT when the last IDAT exactly fills the +compression buffer (bug report by Brian Baird). This bug was +introduced in libpng-1.6.0. + Add a reference to the libpng.download site in README. + +--- Old: libpng-1.6.29.tar.xz libpng-1.6.29.tar.xz.asc New: libpng-1.6.30.tar.xz libpng-1.6.30.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.SOfxdO/_old 2017-07-04 11:55:28.649997739 +0200 +++ /var/tmp/diff_new_pack.SOfxdO/_new 2017-07-04 11:55:28.653997176 +0200 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 29 +%define micro 30 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} ++ libpng-1.6.29.tar.xz -> libpng-1.6.30.tar.xz ++ 2285 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2017-03-21 22:44:49 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Tue Mar 21 22:44:49 2017 rev:33 rq:480726 version:1.6.29 Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2017-01-10 10:37:58.525909092 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2017-03-21 22:45:00.537294322 +0100 @@ -1,0 +2,10 @@ +Thu Mar 16 20:21:47 UTC 2017 - pgaj...@suse.com + +- update to 1.6.29: + Moved SSE2 optimization code into the main libpng source directory. +Configure libpng with "configure --enable-intel-sse" or compile +libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it. + Added code for PowerPC VSX optimisation (Vadim Barkov). + Avoid potential overflow of shift operations in png_do_expand() (Aaron Boxer). + +--- Old: libpng-1.6.28.tar.xz libpng-1.6.28.tar.xz.asc New: libpng-1.6.29.tar.xz libpng-1.6.29.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.McQpze/_old 2017-03-21 22:45:01.269190850 +0100 +++ /var/tmp/diff_new_pack.McQpze/_new 2017-03-21 22:45:01.269190850 +0100 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 28 +%define micro 29 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} ++ libpng-1.6.28.tar.xz -> libpng-1.6.29.tar.xz ++ 4067 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2016-10-23 12:49:58 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2016-09-07 11:40:59.0 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2016-10-23 12:49:59.0 +0200 @@ -1,0 +2,23 @@ +Thu Oct 20 06:12:20 UTC 2016 - pgaj...@suse.com + +- update to 1.6.26: + Fixed handling zero length IDAT in pngfix (bug report by Agostino Sarubbo, +bugfix by John Bowler). + Do not issue a png_error() on read in png_set_pCAL() because +png_handle_pCAL has allocated memory that libpng needs to free. + Issue a png_benign_error instead of a png_error on ADLER32 mismatch +while decoding compressed data chunks. + Changed PNG_ZLIB_VERNUM to ZLIB_VERNUM in pngpriv.h, pngstruct.h, and +pngrutil.c. + If CRC handling of critical chunks has been set to PNG_CRC_QUIET_USE, +ignore the ADLER32 checksum in the IDAT chunk as well as the chunk CRCs. + Issue png_benign_error() on ADLER32 checksum mismatch instead of +png_error(). + Updated the documentation about CRC and ADLER32 handling. + Fixed offsets in contrib/intel/intel_sse.patch + Changed integer constant 4294967294 to unsigned 4294967294U in pngconf.h +to avoid a signed/unsigned compare in the preprocessor. + Use zlib-1.2.8.1 inflateValidate() instead of inflateReset2() to +optionally avoid ADLER32 evaluation. + +--- Old: libpng-1.6.25.tar.xz libpng-1.6.25.tar.xz.asc New: libpng-1.6.26.tar.xz libpng-1.6.26.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.PwvH0T/_old 2016-10-23 12:50:00.0 +0200 +++ /var/tmp/diff_new_pack.PwvH0T/_new 2016-10-23 12:50:00.0 +0200 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 25 +%define micro 26 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} ++ libpng-1.6.25.tar.xz -> libpng-1.6.26.tar.xz ++ 3194 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2016-09-07 11:40:56 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2016-08-06 20:36:11.0 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2016-09-07 11:40:59.0 +0200 @@ -1,0 +2,9 @@ +Thu Sep 1 08:37:41 UTC 2016 - pgaj...@suse.com + +- update to 1.6.25: + Reject oversized iCCP profile immediately. + Conditionally compile png_inflate(). + Don't install pngcp; it conflicts with pngcp in the pngtools package. + Added MIPS support (Mandar Sahastrabuddhe < + +--- Old: libpng-1.6.24.tar.xz libpng-1.6.24.tar.xz.asc New: libpng-1.6.25.tar.xz libpng-1.6.25.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.8lUVoZ/_old 2016-09-07 11:41:00.0 +0200 +++ /var/tmp/diff_new_pack.8lUVoZ/_new 2016-09-07 11:41:00.0 +0200 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 24 +%define micro 25 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} @@ -159,7 +159,6 @@ %defattr(-,root,root) %{_bindir}/png-fix-itxt %{_bindir}/pngfix -%{_bindir}/pngcp %{_sysconfdir}/rpm/macros.libpng-tools %changelog ++ libpng-1.6.24.tar.xz -> libpng-1.6.25.tar.xz ++ 2969 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2016-08-06 20:36:09 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2016-05-29 03:06:46.0 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2016-08-06 20:36:11.0 +0200 @@ -1,0 +2,27 @@ +Thu Aug 4 06:20:53 UTC 2016 - pgaj...@suse.com + +- update to 1.6.24: + Avoid potential overflow of the PNG_IMAGE_SIZE macro. + Correct filter heuristic overflow handling. + Use a more efficient absolute value calculation on SSE2. + Added pngcp. + etc. see ANNOUNCE + +--- +Wed Aug 3 22:30:08 UTC 2016 - r...@fthiessen.de + +- Update to new upstream release 1.6.23 + * Fixes a potential memleak in png_set_tRNS. + * Fixed the progressive reader to handle empty first IDAT +chunk properly. + * Added tests in pngvalid.c to check zero-length IDAT chunks +in various positions. + * Fixed the sequential reader to handle these more robustly. + * Corrected progressive read input buffer in pngvalid.c. + * Moved sse2 prototype from pngpriv.h to +contrib/intel/intel_sse.patch. + * Fixed undefined behavior in png_push_save_buffer(). +Do not call memcpy() with a null source, even if count is zero. + * Fixed bad link to RFC2083 in png.5. + +--- Old: libpng-1.6.22.tar.xz libpng-1.6.22.tar.xz.asc New: libpng-1.6.24.tar.xz libpng-1.6.24.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.1sDV58/_old 2016-08-06 20:36:12.0 +0200 +++ /var/tmp/diff_new_pack.1sDV58/_new 2016-08-06 20:36:12.0 +0200 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 22 +%define micro 24 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} @@ -159,6 +159,7 @@ %defattr(-,root,root) %{_bindir}/png-fix-itxt %{_bindir}/pngfix +%{_bindir}/pngcp %{_sysconfdir}/rpm/macros.libpng-tools %changelog ++ libpng-1.6.22.tar.xz -> libpng-1.6.24.tar.xz ++ 11151 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2016-05-29 03:06:45 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2016-01-23 01:16:02.0 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2016-05-29 03:06:46.0 +0200 @@ -1,0 +2,23 @@ +Thu May 26 14:55:11 UTC 2016 - pgaj...@suse.com + +- update to 1.6.22: + Added a png_image_write_to_memory() API and a number of assist macros +to allow an application that uses the simplified API write to bypass +stdio and write directly to memory. + Relaxed limit checks on gamma values in pngrtran.c. As suggested in +the comments gamma values outside the range currently permitted +by png_set_alpha_mode are useful for HDR data encoding. These values +are already permitted by png_set_gamma so it is reasonable caution to +extend the png_set_alpha_mode range as HDR imaging systems are starting +to emerge. + Restored "& 0xff" in png_save_uint_16() and png_save_uint_32() that +were accidentally removed from libpng-1.6.17. + Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0x to 0xU in png.h +(Robert C. Seacord). + Added INTEL-SSE2 support (Mike Klein and Matt Sarett, Google, Inc.). + SSE filter speed improvements for bpp=3: +memcpy-free implementations of load3() / store3(). + Added PNG_FAST_FILTERS macro (defined as +PNG_FILTER_NONE|PNG_FILTER_SUB|PNG_FILTER_UP). + +--- Old: libpng-1.6.21.tar.xz libpng-1.6.21.tar.xz.asc New: libpng-1.6.22.tar.xz libpng-1.6.22.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.dPzaPW/_old 2016-05-29 03:06:47.0 +0200 +++ /var/tmp/diff_new_pack.dPzaPW/_new 2016-05-29 03:06:47.0 +0200 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 21 +%define micro 22 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} ++ libpng-1.6.21.tar.xz -> libpng-1.6.22.tar.xz ++ 5537 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2016-01-23 01:16:00 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2015-12-09 19:33:26.0 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2016-01-23 01:16:02.0 +0100 @@ -1,0 +2,13 @@ +Sun Jan 17 14:10:43 UTC 2016 - jeng...@inai.de + +- Update to new upstream release 1.6.21 +* Widened the 'limit' check on the internally calculated error limits in + the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error + checks) and changed the check to only operate in non-release builds + (base build type not RC or RELEASE.) +* Fixed undefined behavior in pngvalid.c, undefined because + (png_byte) << shift is undefined if it changes the signed bit + (because png_byte is promoted to int). The libpng exported functions + png_get_uint_32 and png_get_uint_16 handle this. + +--- Old: libpng-1.6.20.tar.xz libpng-1.6.20.tar.xz.asc New: libpng-1.6.21.tar.xz libpng-1.6.21.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.E1qewa/_old 2016-01-23 01:16:03.0 +0100 +++ /var/tmp/diff_new_pack.E1qewa/_new 2016-01-23 01:16:03.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package libpng16 # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 20 +%define micro 21 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} @@ -43,7 +43,6 @@ %define debug_package_requires %{libname} = %{version}-%{release} %package -n %{libname} - Summary:Library for the Portable Network Graphics Format (PNG) Group: System/Libraries # bug437293 ++ libpng-1.6.20.tar.xz -> libpng-1.6.21.tar.xz ++ 2063 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2015-12-09 19:33:24 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2015-11-17 14:21:26.0 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2015-12-09 19:33:26.0 +0100 @@ -1,0 +2,24 @@ +Thu Dec 3 15:11:03 UTC 2015 - pgaj...@suse.com + +- update to 1.6.20: + Avoid potential pointer overflow/underflow in png_handle_sPLT() and +png_handle_pCAL() (Bug report by John Regehr). + Fixed incorrect implementation of png_set_PLTE() that uses png_ptr +not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126 +vulnerability. + Backported tests from libpng-1.7.0beta69. + Fixed an error in handling of bad zlib CMINFO field in pngfix, found by +American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't +immediately fault a bad CMINFO field; instead a 'too far back' error +happens later (at least some times). pngfix failed to limit CMINFO to +the allowed values but then assumed that window_bits was in range, +triggering an assert. The bug is mostly harmless; the PNG file cannot +be fixed. + In libpng 1.6 zlib initialization was changed to use the window size +in the zlib stream, not a fixed value. This causes some invalid images, +where CINFO is too large, to display 'correctly' if the rest of the +data is valid. This provides a workaround for zlib versions where the +error arises (ones that support the API change to use the window size +in the stream). + +--- Old: libpng-1.6.19.tar.xz libpng-1.6.19.tar.xz.asc New: libpng-1.6.20.tar.xz libpng-1.6.20.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.AeguT0/_old 2015-12-09 19:33:27.0 +0100 +++ /var/tmp/diff_new_pack.AeguT0/_new 2015-12-09 19:33:27.0 +0100 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 19 +%define micro 20 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} ++ libpng-1.6.19.tar.xz -> libpng-1.6.20.tar.xz ++ 2680 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2015-11-17 14:21:24 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2015-08-17 17:26:08.0 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2015-11-17 14:21:26.0 +0100 @@ -1,0 +2,13 @@ +Fri Nov 13 07:25:01 UTC 2015 - pgaj...@suse.com + +- update to 1.6.19: + Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c + Fixed uninitialized variable in contrib/gregbook/rpng2-x.c + Fixed the recently reported 1's complement security issue. + Fixed png_save_int_32 when int is not 2's complement by replacing +the value that is illegal in the PNG spec, in both signed and +unsigned values, with 0. + etc., see ANNOUNCE and CHANGES for details +- removed: libpng-rgb_to_gray-checks.patch (upstreamed) + +--- Old: libpng-1.6.17.tar.xz libpng-1.6.17.tar.xz.asc libpng-rgb_to_gray-checks.patch New: libpng-1.6.19.tar.xz libpng-1.6.19.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.Le2SC7/_old 2015-11-17 14:21:27.0 +0100 +++ /var/tmp/diff_new_pack.Le2SC7/_new 2015-11-17 14:21:27.0 +0100 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 17 +%define micro 19 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} @@ -35,7 +35,6 @@ Source2:libpng16.keyring Source3:rpm-macros.libpng-tools Source4:baselibs.conf -Patch0: libpng-rgb_to_gray-checks.patch #BuildRequires: gpg-offline BuildRequires: libtool BuildRequires: pkg-config @@ -111,7 +110,6 @@ %prep %setup -n libpng-%{version} -%patch0 %build # PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1 ++ libpng-1.6.17.tar.xz -> libpng-1.6.19.tar.xz ++ 15684 lines of diff (skipped)
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2015-08-17 17:26:07 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2015-04-07 09:27:44.0 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2015-08-17 17:26:08.0 +0200 @@ -1,0 +2,5 @@ +Fri Aug 7 14:19:31 UTC 2015 - pgaj...@suse.com + +- drop unknown configure switch + +--- Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.yr8XhY/_old 2015-08-17 17:26:09.0 +0200 +++ /var/tmp/diff_new_pack.yr8XhY/_new 2015-08-17 17:26:09.0 +0200 @@ -119,8 +119,7 @@ export LDFLAGS="-Wl,-z,relro,-z,now" %configure \ - --disable-static \ - --with-libpng-compat=no + --disable-static make %{?_smp_mflags} %check
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2015-04-07 09:27:42 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2015-01-23 16:19:00.0 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2015-04-07 09:27:44.0 +0200 @@ -1,0 +2,37 @@ +Wed Apr 1 11:07:11 UTC 2015 - pgaj...@suse.com + +- Fixed rgb_to_gray checks and added tRNS checks to pngvalid.c. + + libpng-rgb_to_gray-checks.patch + +--- +Mon Mar 30 07:10:35 UTC 2015 - pgaj...@suse.com + +- updated to 1.6.17: + Corrected the width limit calculation in png_check_IHDR(). + Removed user limits from pngfix. Also pass NULL pointers to +png_read_row to skip the unnecessary row de-interlace stuff. + Implement previously untested cases of libpng transforms in pngvalid.c + Fixed byte order in 2-byte filler, in png_do_read_filler(). + Made the check for out-of-range values in png_set_tRNS() detect +values that are exactly 2^bit_depth, and work on 16-bit platforms. + Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47. + Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and +pngset.c to avoid warnings about dead code. + Do not build png_product2() when it is unused. + Display user limits in the output from pngtest. + Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column +and 1-million-row default limits in pnglibconf.dfa, that can be reset +by the user at build time or run time. This provides a more robust +defense against DOS and as-yet undiscovered overflows. + Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default. + Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins). + Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block +of png.h. + Free the unknown_chunks structure even when it contains no data. + Fixed simplified 8-bit-linear to sRGB alpha. The calculated alpha +value was wrong. It's not clear if this affected the final stored +value; in the obvious code path the upper and lower 8-bits of the +alpha value were identical and the alpha was truncated to 8-bits +rather than dividing by 257 (John Bowler). + +--- Old: libpng-1.6.16.tar.xz libpng-1.6.16.tar.xz.asc New: libpng-1.6.17.tar.xz libpng-1.6.17.tar.xz.asc libpng-rgb_to_gray-checks.patch Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.405p7p/_old 2015-04-07 09:27:44.0 +0200 +++ /var/tmp/diff_new_pack.405p7p/_new 2015-04-07 09:27:44.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package libpng16 # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 16 +%define micro 17 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} @@ -35,6 +35,7 @@ Source2:libpng16.keyring Source3:rpm-macros.libpng-tools Source4:baselibs.conf +Patch0: libpng-rgb_to_gray-checks.patch #BuildRequires: gpg-offline BuildRequires: libtool BuildRequires: pkg-config @@ -110,6 +111,7 @@ %prep %setup -n libpng-%{version} +%patch0 %build # PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1 ++ libpng-1.6.16.tar.xz -> libpng-1.6.17.tar.xz ++ 26136 lines of diff (skipped) ++ libpng-rgb_to_gray-checks.patch ++ 855 lines (skipped)
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2015-01-23 16:18:57 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2015-01-09 01:11:21.0 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2015-01-23 16:19:00.0 +0100 @@ -1,0 +2,5 @@ +Tue Jan 13 16:53:06 UTC 2015 - pgaj...@suse.com + +- build with PNG_SAFE_LIMITS_SUPPORTED [bnc#912076], [bnc#912929] + +--- Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.e8QHtm/_old 2015-01-23 16:19:01.0 +0100 +++ /var/tmp/diff_new_pack.e8QHtm/_new 2015-01-23 16:19:01.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package libpng16 # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -112,7 +112,8 @@ %setup -n libpng-%{version} %build -export CFLAGS="%optflags -O3 -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)" +# PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1 +export CFLAGS="%optflags -O3 -DPNG_SAFE_LIMITS_SUPPORTED -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)" export LDFLAGS="-Wl,-z,relro,-z,now" %configure \ -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2015-01-08 23:20:07 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2014-11-24 11:13:25.0 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2015-01-09 01:11:21.0 +0100 @@ -1,0 +2,8 @@ +Mon Dec 29 14:25:02 UTC 2014 - pgaj...@suse.com + +- updated to 1.6.16: + * Restored a test on width that was removed from png.c at libpng-1.6.9 +(Bug report by Alex Eubanks). + * Fixed an overflow in png_combine_row with very wide interlaced images. + +--- Old: libpng-1.6.15.tar.xz libpng-1.6.15.tar.xz.asc New: libpng-1.6.16.tar.xz libpng-1.6.16.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.9BgWkf/_old 2015-01-09 01:11:22.0 +0100 +++ /var/tmp/diff_new_pack.9BgWkf/_new 2015-01-09 01:11:22.0 +0100 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 15 +%define micro 16 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} ++ libpng-1.6.15.tar.xz -> libpng-1.6.16.tar.xz ++ 1730 lines of diff (skipped) retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libpng-1.6.15/ANNOUNCE new/libpng-1.6.16/ANNOUNCE --- old/libpng-1.6.15/ANNOUNCE 2014-11-20 16:33:23.0 +0100 +++ new/libpng-1.6.16/ANNOUNCE 2014-12-22 04:08:07.0 +0100 @@ -1,4 +1,4 @@ -Libpng 1.6.15 - November 20, 2014 +Libpng 1.6.16 - December 22, 2014 This is a public release of libpng, intended for use in production codes. @@ -7,55 +7,30 @@ Source files with LF line endings (for Unix/Linux) and with a "configure" script - libpng-1.6.15.tar.xz (LZMA-compressed, recommended) - libpng-1.6.15.tar.gz + libpng-1.6.16.tar.xz (LZMA-compressed, recommended) + libpng-1.6.16.tar.gz Source files with CRLF line endings (for Windows), without the "configure" script - lpng1615.7z (LZMA-compressed, recommended) - lpng1615.zip + lpng1616.7z (LZMA-compressed, recommended) + lpng1616.zip Other information: - libpng-1.6.15-README.txt - libpng-1.6.15-LICENSE.txt - libpng-1.6.15-*.asc (armored detached GPG signatures) - -Changes since the last public release (1.6.14): - Changed "if (!x)" to "if (x == 0)" and "if (x)" to "if (x != 0)" - Simplified png_free_data(). - Added missing "ptr = NULL" after some instances of png_free(). - Made a one-line revision to configure.ac to support ARM on aarch64 -(bug report by Marcin Juszkiewicz, fix by John Bowler). - Avoid out-of-bounds memory access in png_user_version_check(). - Simplified and future-proofed png_user_version_check(). - Fixed GCC unsigned int->float warnings. Various versions of GCC -seem to generate warnings when an unsigned value is implicitly -converted to double. This is probably a GCC bug but this change -avoids the issue by explicitly converting to (int) where safe. - Free all allocated memory in pngimage. The file buffer cache was left -allocated at the end of the program, harmless but it causes memory -leak reports from clang. - Fixed array size calculations to avoid warnings. At various points -in the code the number of elements in an array is calculated using -sizeof. This generates a compile time constant of type (size_t) which -is then typically assigned to an (unsigned int) or (int). Some versions -of GCC on 64-bit systems warn about the apparent narrowing, even though -the same compiler does apparently generate the correct, in-range, -numeric constant. This adds appropriate, safe, casts to make the -warnings go away. - Removed #ifdef PNG_16BIT_SUPPORTED/#endif around png_product2(); it is -needed by png_reciprocal2(). - Added #ifdef PNG_16BIT_SUPPORTED/#endif around png_log16bit() and -png_do_swap(). - Changed all "#endif /* PNG_FEATURE_SUPPORTED */" to "#endif /* FEATURE */" - The macros passed in the command line to Borland make were ignored if -similarly-named macros were already defined in makefiles. This behavior -is different from POSIX make and other make programs. Surround the -macro definitions with ifndef guards (Cosmin). - Added "-D
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2014-11-24 11:13:17 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2014-08-28 10:01:56.0 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2014-11-24 11:13:25.0 +0100 @@ -1,0 +2,10 @@ +Thu Nov 20 20:06:41 UTC 2014 - pgaj...@suse.com + +- updated to 1.6.15: + * Avoid out-of-bounds memory access in png_user_version_check(). + * Fixed incorrect handling of the iTXt compression. + * Free all allocated memory in pngimage. + * Fixed array size calculations to avoid warnings. + etc. see ANNOUNCE + +--- Old: libpng-1.6.13.tar.xz libpng-1.6.13.tar.xz.asc New: libpng-1.6.15.tar.xz libpng-1.6.15.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.D9Kx4b/_old 2014-11-24 11:13:26.0 +0100 +++ /var/tmp/diff_new_pack.D9Kx4b/_new 2014-11-24 11:13:26.0 +0100 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 13 +%define micro 15 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} ++ libpng-1.6.13.tar.xz -> libpng-1.6.15.tar.xz ++ 10470 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2014-08-28 10:01:53 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2014-06-18 07:50:28.0 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2014-08-28 10:01:56.0 +0200 @@ -1,0 +2,6 @@ +Fri Aug 22 05:55:11 UTC 2014 - pgaj...@suse.com + +- updated to 1.6.13: a "cleanup" release that have no security + fixes or new features. + +--- Old: libpng-1.6.12.tar.xz libpng-1.6.12.tar.xz.asc New: libpng-1.6.13.tar.xz libpng-1.6.13.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.rsTGmW/_old 2014-08-28 10:01:57.0 +0200 +++ /var/tmp/diff_new_pack.rsTGmW/_new 2014-08-28 10:01:57.0 +0200 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 12 +%define micro 13 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} ++ libpng-1.6.12.tar.xz -> libpng-1.6.13.tar.xz ++ 2415 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2014-06-18 07:49:36 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2014-03-05 15:36:32.0 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2014-06-18 07:50:28.0 +0200 @@ -1,0 +2,14 @@ +Thu Jun 12 05:38:48 UTC 2014 - pgaj...@suse.com + +- updated to 1.6.12: + * bugfixes, almost build-related only + +--- +Fri Jun 6 06:19:35 UTC 2014 - pgaj...@suse.com + +- updated to 1.6.11: + * fixed CVE-2014-0333 + * other bugfixes +- removed libpng16-1.6.9-CVE-2014-0333.patch (upstreamed) + +--- Old: libpng-1.6.9.tar.xz libpng-1.6.9.tar.xz.asc libpng16-1.6.9-CVE-2014-0333.patch New: libpng-1.6.12.tar.xz libpng-1.6.12.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.idW4A3/_old 2014-06-18 07:50:29.0 +0200 +++ /var/tmp/diff_new_pack.idW4A3/_new 2014-06-18 07:50:29.0 +0200 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 9 +%define micro 12 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} @@ -35,7 +35,6 @@ Source2:libpng16.keyring Source3:rpm-macros.libpng-tools Source4:baselibs.conf -Patch0: libpng16-1.6.9-CVE-2014-0333.patch #BuildRequires: gpg-offline BuildRequires: libtool BuildRequires: pkg-config @@ -111,7 +110,6 @@ %prep %setup -n libpng-%{version} -%patch0 %build export CFLAGS="%optflags -O3 -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)" ++ libpng-1.6.9.tar.xz -> libpng-1.6.12.tar.xz ++ 9462 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2014-03-05 15:36:32 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2014-02-09 13:17:54.0 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2014-03-05 15:36:32.0 +0100 @@ -1,0 +2,8 @@ +Tue Mar 4 09:58:48 UTC 2014 - pgaj...@suse.com + +- fixed CVE-2014-0333 [bnc#866298] + +- added patches: + * libpng16-1.6.6-CVE-2014-0333.patch + +--- New: libpng16-1.6.9-CVE-2014-0333.patch Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.Xmox17/_old 2014-03-05 15:36:33.0 +0100 +++ /var/tmp/diff_new_pack.Xmox17/_new 2014-03-05 15:36:33.0 +0100 @@ -35,6 +35,7 @@ Source2:libpng16.keyring Source3:rpm-macros.libpng-tools Source4:baselibs.conf +Patch0: libpng16-1.6.9-CVE-2014-0333.patch #BuildRequires: gpg-offline BuildRequires: libtool BuildRequires: pkg-config @@ -110,6 +111,7 @@ %prep %setup -n libpng-%{version} +%patch0 %build export CFLAGS="%optflags -O3 -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)" ++ libpng16-1.6.9-CVE-2014-0333.patch ++ http://sourceforge.net/p/libpng/code/ci/713a20c57d344b558e48ad8be157c2dd751c8815/tree/pngpread.c?diff=4526f546baea7f73097529cb66feb4dbc8da2752 --- pngpread.c +++ pngpread.c @@ -234,6 +234,7 @@ png_error(png_ptr, "Missing PLTE before IDAT"); png_ptr->mode |= PNG_HAVE_IDAT; + png_ptr->process_mode = PNG_READ_IDAT_MODE; if (!(png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT)) if (png_ptr->push_length == 0) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2014-02-09 13:17:51 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-12-30 10:08:41.0 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2014-02-09 13:17:54.0 +0100 @@ -1,0 +2,38 @@ +Fri Feb 7 07:32:55 UTC 2014 - pgaj...@suse.com + +- updated to 1.6.9: + Bookkeeping: Moved functions around (no changes). Moved transform +function definitions before the place where they are called so that +they can be masde static. Move the intrapixel functions and the +grayscale palette builder out of the png?tran.c files. The latter +isn't a transform function and is no longer used internally, and the +former MNG specific functions are better placed in pngread/pngwrite.c + Made transform implementation functions static. This makes the internal +functions called by png_do_{read|write}_transformations static. On an +x86-64 DLL build (Gentoo Linux) this reduces the size of the text +segment of the DLL by 1208 bytes, about 0.6%. It also simplifies +maintenance by removing the declarations from pngpriv.h and allowing +easier changes to the internal interfaces. + Rebuilt configure scripts with automake-1.14.1 and autoconf-2.69 +in the tar distributions. + Added checks for libpng 1.5 to pngvalid.c. This supports the use of +this version of pngvalid in libpng 1.5 + Merged with pngvalid.c from libpng-1.7 changes to create a single +pngvalid.c + Merged pngrio.c, pngtrans.c, pngwio.c, and pngerror.c with libpng-1.7.0 + Merged libpng-1.7.0 changes to make no-interlace configurations work +with test programs. + Revised pngvalid.c to support libpng 1.5, which does not support the +PNG_MAXIMUM_INFLATE_WINDOW option, so #define it out when appropriate +in pngvalid.c + Allow unversioned links created on install to be disabled in configure. +In configure builds 'make install' changes/adds links like png.h +and libpng.a to point to the newly installed, versioned, files (e.g. +libpng17/png.h and libpng17.a). Three new configure options and some +rearrangement of Makefile.am allow creation of these links to be +disabled. + Removed potentially misleading warning from png_check_IHDR(). + Updated scripts/makefile.* to use CPPFLAGS (Cosmin). + Added clang attribute support (Cosmin). + +--- Old: libpng-1.6.8.tar.xz libpng-1.6.8.tar.xz.asc New: libpng-1.6.9.tar.xz libpng-1.6.9.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.hepDGP/_old 2014-02-09 13:17:56.0 +0100 +++ /var/tmp/diff_new_pack.hepDGP/_new 2014-02-09 13:17:56.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package libpng16 # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 8 +%define micro 9 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} @@ -31,7 +31,7 @@ License:Zlib Group: System/Libraries Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz -Source1: ftp://ftp.simplesystems.org/pub/png/src/libpng16/Gnupg/libpng-%{version}.tar.xz.asc +Source1: ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz.asc Source2:libpng16.keyring Source3:rpm-macros.libpng-tools Source4:baselibs.conf ++ libpng-1.6.8.tar.xz -> libpng-1.6.9.tar.xz ++ 9862 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2013-12-30 10:08:40 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-12-02 15:08:30.0 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-12-30 10:08:41.0 +0100 @@ -1,0 +2,19 @@ +Fri Dec 20 07:08:48 UTC 2013 - pgaj...@suse.com + +- updated to 1.6.8: + Changed #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED in pngpread.c to +#ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED to be consistent with +what is in pngpriv.h. + Moved prototype for png_handle_unknown() in pngpriv.h outside of +the #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED/#endif block. + Enabled WRITE_INVERT and WRITE_PACK in contrib/pngminim/encoder. + Fixed pngvalid 'fail' function declaration on the Intel C Compiler. +This reverts to the previous 'static' implementation and works round +the 'unused static function' warning by using PNG_UNUSED(). + Handle zero-length PLTE chunk or NULL palette with png_error() +instead of png_chunk_report(), which by default issues a warning +rather than an error, leading to later reading from a NULL pointer +(png_ptr->palette) in png_do_expand_palette(). This is CVE-2013-6954 +and VU#650142. + +--- Old: libpng-1.6.7.tar.xz libpng-1.6.7.tar.xz.asc New: libpng-1.6.8.tar.xz libpng-1.6.8.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.waCoVU/_old 2013-12-30 10:08:42.0 +0100 +++ /var/tmp/diff_new_pack.waCoVU/_new 2013-12-30 10:08:42.0 +0100 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 7 +%define micro 8 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} ++ libpng-1.6.7.tar.xz -> libpng-1.6.8.tar.xz ++ 3681 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2013-12-02 15:08:28 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-11-15 13:26:15.0 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-12-02 15:08:30.0 +0100 @@ -1,0 +2,6 @@ +Mon Dec 2 09:35:17 UTC 2013 - pgaj...@suse.com + +- png_fix macro doesn't leave *.png.fixed (which happened for correct + PNGs) [bnc#852862] + +--- Other differences: -- ++ rpm-macros.libpng-tools ++ --- /var/tmp/diff_new_pack.MtwOqc/_old 2013-12-02 15:08:31.0 +0100 +++ /var/tmp/diff_new_pack.MtwOqc/_new 2013-12-02 15:08:31.0 +0100 @@ -12,7 +12,8 @@ echo "Missing argument in call to %%png_fix: path and name of png file." \ exit 1 \ fi \ - /usr/bin/pngfix %{-q: -qq} --suffix='.fixed' "%1" || mv "%1.fixed" "%1" \ + /usr/bin/pngfix %{-q: -qq} --suffix='.fixed' "%1" || true \ + mv "%1.fixed" "%1" \ %nil # # macro: %png_fix_dir -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2013-11-15 13:26:14 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-09-26 19:35:55.0 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-11-15 13:26:15.0 +0100 @@ -1,0 +2,15 @@ +Fri Nov 15 07:56:22 UTC 2013 - pgaj...@suse.com + +- updated to 1.6.7: + * Revised unknown chunk code to correct several bugs in the +NO_SAVE_/NO_WRITE combination + * Check user callback behavior in pngunknown.c. Previous versions +compiled if SAVE_UNKNOWN was not available but did nothing since the +callback was never implemented. + * Merged pngunknown.c with 1.7 version and back ported 1.7 +improvements/fixes + * Revised pngvalid to generate size images with as many filters as +it can manage, limited by the number of rows. + * ARM improvements/fixes + +--- Old: libpng-1.6.6.tar.xz libpng-1.6.6.tar.xz.asc New: libpng-1.6.7.tar.xz libpng-1.6.7.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.jNGO5u/_old 2013-11-15 13:26:15.0 +0100 +++ /var/tmp/diff_new_pack.jNGO5u/_new 2013-11-15 13:26:15.0 +0100 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 6 +%define micro 7 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} ++ libpng-1.6.6.tar.xz -> libpng-1.6.7.tar.xz ++ 3186 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2013-09-26 19:35:54 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-09-13 14:43:29.0 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-09-26 19:35:55.0 +0200 @@ -1,0 +2,6 @@ +Wed Sep 25 08:08:55 UTC 2013 - pgaj...@suse.com + +- updated to 1.6.6: + * fix arm build + +--- Old: libpng-1.6.4.tar.xz libpng-1.6.4.tar.xz.asc New: libpng-1.6.6.tar.xz libpng-1.6.6.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.EtsZJx/_old 2013-09-26 19:35:56.0 +0200 +++ /var/tmp/diff_new_pack.EtsZJx/_new 2013-09-26 19:35:56.0 +0200 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 4 +%define micro 6 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} ++ libpng-1.6.4.tar.xz -> libpng-1.6.6.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libpng-1.6.4/ANNOUNCE new/libpng-1.6.6/ANNOUNCE --- old/libpng-1.6.4/ANNOUNCE 2013-09-12 04:28:34.0 +0200 +++ new/libpng-1.6.6/ANNOUNCE 2013-09-16 17:33:45.0 +0200 @@ -1,5 +1,5 @@ -Libpng 1.6.4 - September 12, 2013 +Libpng 1.6.6 - September 16, 2013 This is a public release of libpng, intended for use in production codes. @@ -8,28 +8,24 @@ Source files with LF line endings (for Unix/Linux) and with a "configure" script - libpng-1.6.4.tar.xz (LZMA-compressed, recommended) - libpng-1.6.4.tar.gz + libpng-1.6.6.tar.xz (LZMA-compressed, recommended) + libpng-1.6.6.tar.gz Source files with CRLF line endings (for Windows), without the "configure" script - lpng164.7z (LZMA-compressed, recommended) - lpng164.zip + lpng166.7z (LZMA-compressed, recommended) + lpng166.zip Other information: - libpng-1.6.4-README.txt - libpng-1.6.4-LICENSE.txt + libpng-1.6.6-README.txt + libpng-1.6.6-LICENSE.txt Gnupg/*.asc (PGP armored detached signatures) -Changes since the last public release (1.6.3): - Added information about png_set_options() to the manual. - Delay calling png_init_filter_functions() until a row with nonzero filter -is found. - Fixed inconsistent conditional compilation of png_chunk_unknown_handling() -prototype, definition, and usage. Made it depend on -PNG_HANDLE_AS_UNKNOWN_SUPPORTED everywhere. +Changes since the last public release (1.6.5): + + Removed two stray lines of code from arm/arm_init.c, again. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libpng-1.6.4/CHANGES new/libpng-1.6.6/CHANGES --- old/libpng-1.6.4/CHANGES2013-09-12 04:28:35.0 +0200 +++ new/libpng-1.6.6/CHANGES2013-09-16 17:33:45.0 +0200 @@ -4634,6 +4634,12 @@ Version 1.6.4 [September 12, 2013] No changes. +Version 1.6.5 [September 14, 2013] + Removed two stray lines of code from arm/arm_init.c. + +Version 1.6.6beta01 [September 16, 2013] + Removed two stray lines of code from arm/arm_init.c, again. + Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit https://lists.sourceforge.net/lists/listinfo/png-mng-implement diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libpng-1.6.4/CMakeLists.txt new/libpng-1.6.6/CMakeLists.txt --- old/libpng-1.6.4/CMakeLists.txt 2013-09-12 04:28:35.0 +0200 +++ new/libpng-1.6.6/CMakeLists.txt 2013-09-16 17:33:45.0 +0200 @@ -16,7 +16,7 @@ set(PNGLIB_MAJOR 1) set(PNGLIB_MINOR 6) -set(PNGLIB_RELEASE 4) +set(PNGLIB_RELEASE 6) set(PNGLIB_NAME libpng${PNGLIB_MAJOR}${PNGLIB_MINOR}) set(PNGLIB_VERSION ${PNGLIB_MAJOR}.${PNGLIB_MINOR}.${PNGLIB_RELEASE}) @@ -252,7 +252,7 @@ # SET UP LINKS if(PNG_SHARED) set_target_properties(${PNG_LIB_NAME} PROPERTIES -# VERSION 16.${PNGLIB_RELEASE}.1.6.4 +# VERSION 16.${PNGLIB_RELEASE}.1.6.6 VERSION 16.${PNGLIB_RELEASE}.0 SOVERSION 16 CLEAN_DIRECT_OUTPUT 1) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libpng-1.6.4/LICENSE new/libpng-1.6.6/LICENSE --- old/libpng-1.6.4/LICENSE2013-09-12 04:28:35.0 +0200 +++ new/libpng-1.6.6/LICENSE2013-09-16 17:33:45.0 +0200 @@ -10,7 +10,7 @@
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2013-09-13 14:43:29 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-08-30 16:11:45.0 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-09-13 14:43:29.0 +0200 @@ -1,0 +2,11 @@ +Thu Sep 12 13:21:53 UTC 2013 - pgaj...@suse.com + +- updated to 1.6.4: + * Added information about png_set_options() to the manual. + * Delay calling png_init_filter_functions() until a row with nonzero +filter is found. + * Fixed inconsistent conditional compilation of +png_chunk_unknown_handling() prototype, definition, and usage. +Made it depend on PNG_HANDLE_AS_UNKNOWN_SUPPORTED everywhere. + +--- Old: libpng-1.6.3.tar.xz libpng-1.6.3.tar.xz.asc New: libpng-1.6.4.tar.xz libpng-1.6.4.tar.xz.asc Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.nB3qxp/_old 2013-09-13 14:43:30.0 +0200 +++ /var/tmp/diff_new_pack.nB3qxp/_new 2013-09-13 14:43:30.0 +0200 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 3 +%define micro 4 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} ++ libpng-1.6.3.tar.xz -> libpng-1.6.4.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libpng-1.6.3/ANNOUNCE new/libpng-1.6.4/ANNOUNCE --- old/libpng-1.6.3/ANNOUNCE 2013-07-18 02:02:59.0 +0200 +++ new/libpng-1.6.4/ANNOUNCE 2013-09-12 04:28:34.0 +0200 @@ -1,5 +1,5 @@ -Libpng 1.6.3 - July 18, 2013 +Libpng 1.6.4 - September 12, 2013 This is a public release of libpng, intended for use in production codes. @@ -8,106 +8,28 @@ Source files with LF line endings (for Unix/Linux) and with a "configure" script - libpng-1.6.3.tar.xz (LZMA-compressed, recommended) - libpng-1.6.3.tar.gz + libpng-1.6.4.tar.xz (LZMA-compressed, recommended) + libpng-1.6.4.tar.gz Source files with CRLF line endings (for Windows), without the "configure" script - lpng163.7z (LZMA-compressed, recommended) - lpng163.zip + lpng164.7z (LZMA-compressed, recommended) + lpng164.zip Other information: - libpng-1.6.3-README.txt - libpng-1.6.3-LICENSE.txt - -Changes since the last public release (1.6.2): - - Revised stack marking in arm/filter_neon.S and configure.ac. - Ensure that NEON filter stuff is completely disabled when switched 'off'. -Previously the ARM NEON specific files were still built if the option -was switched 'off' as opposed to being explicitly disabled. - Test for 'arm*' not just 'arm' in the host_cpu configure variable. - Rebuilt the configure scripts. - Expanded manual paragraph about writing private chunks, particularly -the need to call png_set_keep_unknown_chunks() when writing them. - Avoid dereferencing NULL pointer possibly returned from - png_create_write_struct() (Andrew Church). - Calculate our own zlib windowBits when decoding rather than trusting the -CMF bytes in the PNG datastream. - Added an option to force maximum window size for inflating, which was -the behavior of libpng15 and earlier. - Added png-fix-itxt and png-fix-too-far-back to the built programs and -removed warnings from the source code and timepng that are revealed as -a result. - Detect wrong libpng versions linked to png-fix-too-far-back, which currently -only works with libpng versions that can be made to reliably fail when -the deflate data contains an out-of-window reference. This means only -1.6 and later. - Fixed gnu issues: g++ needs a static_cast, gcc 4.4.7 has a broken warning -message which it is easier to work round than ignore. - Updated contrib/pngminus/pnm2png.c (Paul Stewart): -Check for EOF -Ignore "#" delimited comments in input file to pnm2png.c. -Fixed whitespace handling -Added a call to png_set_packing() -Initialize dimension values so if sscanf fails at least we have known - invalid values. - Attempt to detect configuration issues with png-fix-too-far-back, which -requires both the correct libpng and the correct zlib to function -correctly. - Check ZLIB_VERNUM for mismatches, enclose #error in quotes - Added information in the documentation about problems with and fixes for -the bad CRC and bad iTXt chunk situations. - Allow contrib/pngminus/pnm2png.c to compile without WRITE_INVERT and -WRITE_PACK supported (write
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2013-08-30 16:11:44 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-08-13 11:01:00.0 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-08-30 16:11:45.0 +0200 @@ -1,0 +2,5 @@ +Fri Aug 30 14:08:02 UTC 2013 - co...@suse.com + +- remove gpg-offline usage, libpng16 is too low in the build chain + +--- Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.ZBevN7/_old 2013-08-30 16:11:46.0 +0200 +++ /var/tmp/diff_new_pack.ZBevN7/_new 2013-08-30 16:11:46.0 +0200 @@ -35,9 +35,7 @@ Source2:libpng16.keyring Source3:rpm-macros.libpng-tools Source4:baselibs.conf -%if 0%{?suse_version} >= 1230 -BuildRequires: gpg-offline -%endif +#BuildRequires: gpg-offline BuildRequires: libtool BuildRequires: pkg-config BuildRequires: zlib-devel @@ -111,7 +109,6 @@ PNG files. %prep -%{?gpg_verify: %gpg_verify %{SOURCE1}} %setup -n libpng-%{version} %build -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2013-08-13 11:00:59 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-06-24 09:34:11.0 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-08-13 11:01:00.0 +0200 @@ -1,0 +2,15 @@ +Thu Aug 8 15:19:27 UTC 2013 - pgaj...@suse.com + +- png-fix-too-far-back was actually renamed to pngfix. Adjusted rpm + macro names accordingly, %png_fix and %png_fix_dir. + +--- +Tue Aug 6 08:53:22 UTC 2013 - pgaj...@suse.com + +- updated to 1.6.3: + * Added png-fix-itxt and png-fix-too-far-back to the built programs and + removed warnings from the source code and timepng that are revealed as + a result. + => new subpackage tools, created rpm macros + +--- Old: libpng-1.6.2.tar.bz2 New: libpng-1.6.3.tar.xz libpng-1.6.3.tar.xz.asc libpng16.keyring rpm-macros.libpng-tools Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.3z3QSx/_old 2013-08-13 11:01:01.0 +0200 +++ /var/tmp/diff_new_pack.3z3QSx/_new 2013-08-13 11:01:01.0 +0200 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 2 +%define micro 3 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} @@ -30,8 +30,14 @@ Summary:Library for the Portable Network Graphics Format (PNG) License:Zlib Group: System/Libraries -Source: libpng-%{version}.tar.bz2 -Source2:baselibs.conf +Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz +Source1: ftp://ftp.simplesystems.org/pub/png/src/libpng16/Gnupg/libpng-%{version}.tar.xz.asc +Source2:libpng16.keyring +Source3:rpm-macros.libpng-tools +Source4:baselibs.conf +%if 0%{?suse_version} >= 1230 +BuildRequires: gpg-offline +%endif BuildRequires: libtool BuildRequires: pkg-config BuildRequires: zlib-devel @@ -72,6 +78,12 @@ Obsoletes: libpng-devel < 1.2.44 Conflicts: otherproviders(libpng-devel) +%package tools +Summary:Tools for Manipulating PNG Images +Group: Productivity/Graphics/Other +Provides: libpng-tools = %{version} +Conflicts: otherproviders(libpng-tools) + %description libpng is the official reference library for the Portable Network Graphics format (PNG). @@ -94,7 +106,12 @@ tools necessary for compiling and linking programs that don't care about libpng version. +%description tools +Package consists of low level tools for manipulating and fixing particular +PNG files. + %prep +%{?gpg_verify: %gpg_verify %{SOURCE1}} %setup -n libpng-%{version} %build @@ -112,6 +129,9 @@ %install make install DESTDIR=$RPM_BUILD_ROOT rm $RPM_BUILD_ROOT/%{_libdir}/libpng*.la +mkdir -p %{buildroot}%{_sysconfdir}/rpm +cp -a %{SOURCE3} \ + %{buildroot}%{_sysconfdir}/rpm/macros.libpng-tools %post -n %{libname} -p /sbin/ldconfig @@ -139,4 +159,10 @@ %doc %{_mandir}/man3/libpngpf.3.gz %doc %{_mandir}/man5/png.5.gz +%files tools +%defattr(-,root,root) +%{_bindir}/png-fix-itxt +%{_bindir}/pngfix +%{_sysconfdir}/rpm/macros.libpng-tools + %changelog ++ rpm-macros.libpng-tools ++ # macro: %png_fix path/to/name-of.png #for given png, fixes 'IDAT: invalid distance too far back', etc., #see pngfix --help # # -q do not output if macro fixed something or find unrecoverable error # # this macro fails only if there is an unrecoverable error in the png # -- pngfix returns nonzero and $png.fixed doesn't exist; run pngfix # on that file, see return code and compare with pngfix --help output %png_fix(q) \ if test "x%1" == "x%%1"; then \ echo "Missing argument in call to %%png_fix: path and name of png file." \ exit 1 \ fi \ /usr/bin/pngfix %{-q: -qq} --suffix='.fixed' "%1" || mv "%1.fixed" "%1" \ %nil # # macro: %png_fix_dir #for given directory, search *.png (recursively) and potentionaly #fix 'IDAT: invalid distance too far back', etc., see pngfix --help # # -q do not output if pngfix fixed something or find unrecoverable error # %png_fix_dir(q) \ if test "x%1" == "x%%1"; then \ echo "Missing argument in call to %%png_fix_dir: dir where to search png files." \ exit 1 \ fi \ for png in `find "%1" -iname '*.png'`; do \ # -q will be propagated \ %png_fix $png \ done \ %nil -- To unsu
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2013-06-24 09:34:09 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-04-26 13:27:39.0 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-06-24 09:34:11.0 +0200 @@ -1,0 +2,10 @@ +Fri Jun 21 18:36:31 UTC 2013 - crrodrig...@opensuse.org + +- Build with LFS_CFLAGS in 32 bit archs otherwise calls such + as png_image_begin_read_from_file() or png_image_write_to_file() + will fail to read/write huge images. + +- Build with Full RELRO as this library is a possible consumer + of malicuous images/files. + +--- Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.9SgJck/_old 2013-06-24 09:34:11.0 +0200 +++ /var/tmp/diff_new_pack.9SgJck/_new 2013-06-24 09:34:11.0 +0200 @@ -98,16 +98,13 @@ %setup -n libpng-%{version} %build -# We'll never use the old pgcc-2.95.1 with the buggy -O3, so having -# the -O3 that is originally used should work. -# Substitute the -O2 to -O3 because I'm not sure if simply appending -# it will preserve(not override) the detailed opt flags used in RPM_OPT_FLAGS: -CFLAGS="`echo $RPM_OPT_FLAGS|sed 's/-O2/-O3/'` -DPNG_SKIP_SETJMP_CHECK" \ - ./configure --prefix=/usr \ - --libdir=%{_libdir} \ - --mandir=%{_mandir} \ +export CFLAGS="%optflags -O3 -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)" +export LDFLAGS="-Wl,-z,relro,-z,now" + +%configure \ --disable-static \ --with-libpng-compat=no +make %{?_smp_mflags} %check make check -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2013-04-05 07:34:57 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16", Maintainer is "" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-03-20 09:53:25.0 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-04-05 07:36:42.0 +0200 @@ -1,0 +2,30 @@ +Tue Apr 2 13:35:08 UTC 2013 - pgaj...@suse.com + +- conflict with libpng12-compat-devel-32bit and libpng15-compat-devel-32bit + +--- +Thu Mar 28 08:12:03 UTC 2013 - pgaj...@suse.com + +- updated to 1.6.1: + Made sRGB check numbers consistent. + Use parentheses more consistently in "#if defined(MACRO)" tests. + Reenabled code to allow zero length PLTE chunks for MNG. + Fixed ALIGNED_MEMORY support. + Avoid a possible memory leak in contrib/gregbook/readpng.c + Better documentation of unknown handling API interactions. + Corrected simplified API default gamma for color-mapped output, added +a flag to change default. In 1.6.0 when the simplified API was used +to produce color-mapped output from an input image with no gamma +information the gamma assumed for the input could be different from +that assumed for non-color-mapped output. In particular 16-bit depth +input files were assumed to be sRGB encoded, whereas in the 'direct' +case they were assumed to have linear data. This was an error. The +fix makes the simplified API treat all input files the same way and +adds a new flag to the png_image::flags member to allow the +application/user to specify that 16-bit files contain sRGB data +rather than the default linear. + etc., see ANNOUNCE or CHANGES for details +- dropped upstreamed + 0387-Reenable-code-to-allow-zero-length-PLTE-chunks-for-M.patch + +--- Old: libpng-1.6.0.tar.bz2 libpng16-0387-Reenable-code-to-allow-zero-length-PLTE-chunks-for-M.patch New: libpng-1.6.1.tar.bz2 Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.TMAte6/_old 2013-04-05 07:36:44.0 +0200 +++ /var/tmp/diff_new_pack.TMAte6/_new 2013-04-05 07:36:44.0 +0200 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 0 +%define micro 1 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} @@ -32,8 +32,6 @@ Group: System/Libraries Source: libpng-%{version}.tar.bz2 Source2:baselibs.conf -# will be upstreamed in 1.6.1 -Patch0: libpng16-0387-Reenable-code-to-allow-zero-length-PLTE-chunks-for-M.patch BuildRequires: libtool BuildRequires: pkg-config BuildRequires: zlib-devel @@ -98,7 +96,6 @@ %prep %setup -n libpng-%{version} -%patch0 -p1 %build # We'll never use the old pgcc-2.95.1 with the buggy -O3, so having ++ baselibs.conf ++ --- /var/tmp/diff_new_pack.TMAte6/_old 2013-04-05 07:36:44.0 +0200 +++ /var/tmp/diff_new_pack.TMAte6/_new 2013-04-05 07:36:44.0 +0200 @@ -7,3 +7,6 @@ libpng16-compat-devel requires -libpng16-compat- requires "libpng16-devel- = " + conflicts "libpng-devel-" + provides "libpng-devel-" + ++ libpng-1.6.0.tar.bz2 -> libpng-1.6.1.tar.bz2 ++ 6838 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2013-03-20 09:53:14 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16", Maintainer is "" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-03-15 10:41:16.0 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-03-20 09:53:25.0 +0100 @@ -1,0 +2,6 @@ +Mon Mar 18 11:44:21 UTC 2013 - pgaj...@suse.com + +- allow zero length PLTE chunks + (fixes GraphicsMagick testsuite) + +--- New: libpng16-0387-Reenable-code-to-allow-zero-length-PLTE-chunks-for-M.patch Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.DUiylK/_old 2013-03-20 09:53:26.0 +0100 +++ /var/tmp/diff_new_pack.DUiylK/_new 2013-03-20 09:53:26.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package libpng16 # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -32,6 +32,8 @@ Group: System/Libraries Source: libpng-%{version}.tar.bz2 Source2:baselibs.conf +# will be upstreamed in 1.6.1 +Patch0: libpng16-0387-Reenable-code-to-allow-zero-length-PLTE-chunks-for-M.patch BuildRequires: libtool BuildRequires: pkg-config BuildRequires: zlib-devel @@ -53,7 +55,10 @@ %package devel Summary:Development Tools for applications which will use the Libpng Group: Development/Libraries/C and C++ -Requires: zlib-devel glibc-devel %{libname} = %{version} pkg-config +Requires: %{libname} = %{version} +Requires: glibc-devel +Requires: pkg-config +Requires: zlib-devel Recommends: libpng%{branch}-compat-devel # bug437293 %ifarch ppc64 @@ -93,6 +98,7 @@ %prep %setup -n libpng-%{version} +%patch0 -p1 %build # We'll never use the old pgcc-2.95.1 with the buggy -O3, so having ++ libpng16-0387-Reenable-code-to-allow-zero-length-PLTE-chunks-for-M.patch ++ http://sourceforge.net/mailarchive/forum.php?thread_name=20130219075910.GK27522%40danbala.tuwien.ac.at&forum_name=png-mng-implement >From 9ee585718b346d32767015152a728106922b49d1 Mon Sep 17 00:00:00 2001 Message-Id: <9ee585718b346d32767015152a728106922b49d1.1361241956.git.jbow...@acm.org> From: John Bowler Date: Mon, 18 Feb 2013 18:44:14 -0800 Subject: [libpng16] Reenable code to allow zero length PLTE chunks for MNG support. Signed-off-by: John Bowler --- pngset.c | 16 ++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/pngset.c b/pngset.c index ac39a44..f89861e 100644 --- a/pngset.c +++ b/pngset.c @@ -514,7 +514,7 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr, png_debug1(1, "in %s storage function", "PLTE"); - if (png_ptr == NULL || info_ptr == NULL || palette == NULL) + if (png_ptr == NULL || info_ptr == NULL) return; if (num_palette < 0 || num_palette > PNG_MAX_PALETTE_LENGTH) @@ -529,6 +529,17 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr, } } + if ((num_palette > 0 && palette == NULL) || + (num_palette == 0 +#ifdef PNG_MNG_FEATURES_SUPPORTED +&& (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0 +#endif + )) + { + png_chunk_report(png_ptr, "Invalid palette", PNG_CHUNK_ERROR); + return; + } + /* It may not actually be necessary to set png_ptr->palette here; * we do it for backward compatibility with the way the png_handle_tRNS * function used to do the allocation. @@ -545,7 +556,8 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr, png_ptr->palette = png_voidcast(png_colorp, png_calloc(png_ptr, PNG_MAX_PALETTE_LENGTH * (sizeof (png_color; - memcpy(png_ptr->palette, palette, num_palette * (sizeof (png_color))); + if (num_palette > 0) + memcpy(png_ptr->palette, palette, num_palette * (sizeof (png_color))); info_ptr->palette = png_ptr->palette; info_ptr->num_palette = png_ptr->num_palette = (png_uint_16)num_palette; -- 1.8.1.2 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libpng16 for openSUSE:Factory
Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2013-03-15 10:41:14 Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) Package is "libpng16", Maintainer is "" Changes: --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes2013-03-11 10:18:24.0 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2013-03-15 10:41:16.0 +0100 @@ -1,0 +2,5 @@ +Mon Mar 4 07:50:46 UTC 2013 - pgaj...@suse.com + +- remove clean section + +--- Other differences: -- ++ libpng16.spec ++ --- /var/tmp/diff_new_pack.qXuJgz/_old 2013-03-15 10:41:18.0 +0100 +++ /var/tmp/diff_new_pack.qXuJgz/_new 2013-03-15 10:41:18.0 +0100 @@ -113,9 +113,6 @@ make install DESTDIR=$RPM_BUILD_ROOT rm $RPM_BUILD_ROOT/%{_libdir}/libpng*.la -%clean -rm -rf "$RPM_BUILD_ROOT" - %post -n %{libname} -p /sbin/ldconfig %postun -n %{libname} -p /sbin/ldconfig -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org