Permalink
Browse files

am 791d8f2: Upgrading libpng to 1.2.46 to fix a few vulnerabilities. …

…DO NOT MERGE

* commit '791d8f2ed98581c67bf9c1ad56d3140719c1882a':
  Upgrading libpng to 1.2.46 to fix a few vulnerabilities. DO NOT MERGE
  • Loading branch information...
Eric Vannier Android Git Automerger
Eric Vannier authored and Android Git Automerger committed Jul 29, 2011
2 parents 7b81f64 + 791d8f2 commit 3c3a7e1f0fbff859b3aaff19069aee5d623a1f75
Showing with 3,486 additions and 166 deletions.
  1. +32 −24 ANNOUNCE
  2. +33 −1 CHANGES
  3. +2 −2 CMakeLists.txt
  4. +2 −2 INSTALL
  5. +4 −11 KNOWNBUG
  6. +2 −2 LICENSE
  7. +4 −1 Makefile.am
  8. +4 −1 Makefile.in
  9. +5 −3 NOTICE
  10. +7 −7 README
  11. +2 −2 Y2KINFO
  12. +12 −12 configure
  13. +3 −3 configure.ac
  14. +3,234 −0 libpng-1.2.46.txt
  15. +19 −11 libpng.3
  16. +2 −2 libpngpf.3
  17. +1 −1 png.5
  18. +7 −7 png.c
  19. +21 −13 png.h
  20. +2 −2 pngconf.h
  21. +16 −6 pngerror.c
  22. +1 −1 pngmem.c
  23. +16 −6 pngrtran.c
  24. +10 −2 pngrutil.c
  25. +1 −1 pngtest.c
  26. +3 −2 pngwrite.c
  27. +2 −2 projects/wince.txt
  28. +2 −2 projects/xcode/libpng.xcodeproj/project.pbxproj
  29. +7 −7 scripts/README.txt
  30. +1 −1 scripts/libpng-config-head.in
  31. +1 −1 scripts/libpng.pc.in
  32. +1 −1 scripts/makefile.32sunu
  33. +1 −1 scripts/makefile.64sunu
  34. +1 −1 scripts/makefile.aix
  35. +1 −1 scripts/makefile.beos
  36. +1 −1 scripts/makefile.cegcc
  37. +1 −1 scripts/makefile.cygwin
  38. +1 −1 scripts/makefile.darwin
  39. +1 −1 scripts/makefile.dec
  40. +1 −1 scripts/makefile.elf
  41. +1 −1 scripts/makefile.gcmmx
  42. +1 −1 scripts/makefile.hp64
  43. +1 −1 scripts/makefile.hpgcc
  44. +1 −1 scripts/makefile.hpux
  45. +1 −1 scripts/makefile.linux
  46. +1 −1 scripts/makefile.mingw
  47. +1 −1 scripts/makefile.ne12bsd
  48. +1 −1 scripts/makefile.netbsd
  49. +1 −1 scripts/makefile.nommx
  50. +1 −1 scripts/makefile.openbsd
  51. +1 −1 scripts/makefile.sco
  52. +1 −1 scripts/makefile.sggcc
  53. +1 −1 scripts/makefile.sgi
  54. +1 −1 scripts/makefile.so9
  55. +1 −1 scripts/makefile.solaris
  56. +1 −1 scripts/makefile.solaris-x86
  57. +1 −1 scripts/png32ce.def
  58. +1 −1 scripts/pngos2.def
  59. +1 −1 scripts/pngw32.def
View
@@ -1,5 +1,5 @@
-Libpng 1.2.44 - June 26, 2010
+Libpng 1.2.46 - July 9, 2011
This is a public release of libpng, intended for use in production codes.
@@ -8,48 +8,56 @@ Files available for download:
Source files with LF line endings (for Unix/Linux) and with a
"configure" script
- libpng-1.2.44.tar.xz (LZMA-compressed, recommended)
- libpng-1.2.44.tar.gz
- libpng-1.2.44.tar.bz2
+ libpng-1.2.46.tar.xz (LZMA-compressed, recommended)
+ libpng-1.2.46.tar.gz
+ libpng-1.2.46.tar.bz2
Source files with LF line endings (for Unix/Linux) without the
"configure" script
- libpng-1.2.44-no-config.tar.xz (LZMA-compressed, recommended)
- libpng-1.2.44-no-config.tar.gz
- libpng-1.2.44-no-config.tar.bz2
+ libpng-1.2.46-no-config.tar.xz (LZMA-compressed, recommended)
+ libpng-1.2.46-no-config.tar.gz
+ libpng-1.2.46-no-config.tar.bz2
Source files with CRLF line endings (for Windows), without the
"configure" script
- lpng1244.zip
- lpng1244.7z
- lpng1244.tar.bz2
+ lpng1246.zip
+ lpng1246.7z
+ lpng1246.tar.bz2
Project files
- libpng-1.2.44-project-netware.zip
- libpng-1.2.44-project-wince.zip
+ libpng-1.2.46-project-netware.zip
+ libpng-1.2.46-project-wince.zip
Other information:
- libpng-1.2.44-README.txt
- libpng-1.2.44-KNOWNBUGS.txt
- libpng-1.2.44-LICENSE.txt
- libpng-1.2.44-Y2K-compliance.txt
- libpng-1.2.44-[previous version]-diff.txt
+ libpng-1.2.46-README.txt
+ libpng-1.2.46-KNOWNBUGS.txt
+ libpng-1.2.46-LICENSE.txt
+ libpng-1.2.46-Y2K-compliance.txt
+ libpng-1.2.46-[previous version]-diff.txt
Changes since the last public release (1.2.43):
-version 1.2.44 [June 26, 2010]
-
- Rewrote png_process_IDAT_data to consistently treat extra data as warnings
- and handle end conditions more cleanly.
- Removed the now-redundant check for out-of-bounds new_row from example.c
-
+version 1.2.45 [July 9, 2011]
+
+ Fixed uninitialized memory read in png_format_buffer() (Bug
+ report by Frank Busse, related to CVE-2004-0421).
+ Pass "" instead of '\0' to png_default_error() in png_err(). This mistake
+ was introduced in libpng-1.2.20beta01.
+ Check for up->location !PNG_AFTER_IDAT when writing unknown chunks
+ before IDAT.
+ Ported bugfix in pngrtran.c from 1.5.3: when expanding a paletted image,
+ always expand to RGBA if transparency is present.
+ Check for integer overflow in png_set_rgb_to_gray().
+ Check for sCAL chunk too short.
+ Added CMakeLists.txt, projects/xcode, and pnggccrd.c to EXTRA_DIST in
+ Makefile.am and Makefile.in
+ Udated copyright year to 2011.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
-
(subscription required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
to subscribe) or to glennrp at users.sourceforge.net
View
34 CHANGES
@@ -1478,7 +1478,7 @@ version 1.2.9beta5 [March 4, 2006]
Removed trailing blanks from source files.
Put version and date of latest change in each source file, and changed
copyright year accordingly.
- More cleanup of configure.ac, Makefile.ac, and associated scripts.
+ More cleanup of configure.ac, Makefile.am, and associated scripts.
Restored scripts/makefile.elf which was inadvertently deleted.
version 1.2.9beta6 [March 6, 2006]
@@ -2704,6 +2704,38 @@ version 1.2.44rc03 [June 23, 2010]
version 1.2.44 [June 26, 2010]
Updated some of the "last changed" dates.
+version 1.2.45beta01 [June 7, 2011]
+ Fixed uninitialized memory read in png_format_buffer() (Bug
+ report by Frank Busse, related to CVE-2004-0421).
+ Pass "" instead of '\0' to png_default_error() in png_err(). This mistake
+ was introduced in libpng-1.2.20beta01.
+ Check for up->location !PNG_AFTER_IDAT when writing unknown chunks
+ before IDAT.
+ Ported bugfix in pngrtran.c from 1.5.3: when expanding a paletted image,
+ always expand to RGBA if transparency is present.
+
+version 1.2.45beta02 [June 8, 2011]
+ Check for integer overflow in png_set_rgb_to_gray().
+
+version 1.2.45beta03 [June 19, 2011]
+ Check for sCAL chunk too short.
+
+version 1.2.45rc01 and 1.0.55rc01 [June 30, 2011]
+ Updated "last changed" dates and copyright year.
+
+version 1.2.45 and 1.0.55 [July 7, 2011]
+ No changes.
+
+version 1.2.46rc01 and 1.0.56rc01 [July 8, 2011]
+ Reverted changes to Makefile.am and Makefile.in to libpng-1.2.44 versions.
+
+version 1.2.46rc02 and 1.0.56rc02 [July 8, 2011]
+ Added CMakeLists.txt, projects/xcode, and pnggccrd.c to EXTRA_DIST in
+ Makefile.am and Makefile.in
+
+version 1.2.46 and 1.0.56 [July 9, 2011]
+ Udated copyright year to 2011.
+
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
View
@@ -22,7 +22,7 @@ enable_testing()
set(PNGLIB_MAJOR 1)
set(PNGLIB_MINOR 2)
-set(PNGLIB_RELEASE 44)
+set(PNGLIB_RELEASE 46)
set(PNGLIB_NAME libpng${PNGLIB_MAJOR}${PNGLIB_MINOR})
set(PNGLIB_VERSION ${PNGLIB_MAJOR}.${PNGLIB_MINOR}.${PNGLIB_RELEASE})
@@ -215,7 +215,7 @@ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/scripts/libpng-config.in
# SET UP LINKS
if(PNG_SHARED)
set_target_properties(${PNG_LIB_NAME} PROPERTIES
-# VERSION 0.${PNGLIB_RELEASE}.1.2.44
+# VERSION 0.${PNGLIB_RELEASE}.1.2.46
VERSION 0.${PNGLIB_RELEASE}.0
SOVERSION 0
CLEAN_DIRECT_OUTPUT 1)
View
@@ -1,5 +1,5 @@
-Installing libpng version 1.2.44 - June 26, 2010
+Installing libpng version 1.2.46 - July 9, 2011
On Unix/Linux and similar systems, you can simply type
@@ -46,7 +46,7 @@ to have access to the zlib.h and zconf.h include files that
correspond to the version of zlib that's installed.
You can rename the directories that you downloaded (they
-might be called "libpng-1.2.44" or "libpng12" and "zlib-1.2.3"
+might be called "libpng-1.2.46" or "libpng12" and "zlib-1.2.3"
or "zlib123") so that you have directories called "zlib" and "libpng".
Your directory structure should look like this:
View
@@ -1,24 +1,17 @@
-Known bugs in libpng version 1.2.44
+Known bugs in libpng version 1.2.46
-1. December 4, 2009: The PNG_NO_ERROR_NUMBERS macro was inadvertently
- defined in libpng-1.2.41/pngconf.h, which may cause a problem with
- building a binary-compatible library.
-
- STATUS: This will be fixed in libpng-1.2.42. In the meantime, simply
- delete the definition from line :
-
-2. February 23, 2006: The custom makefiles don't build libpng with -lz.
+1. February 23, 2006: The custom makefiles don't build libpng with -lz.
STATUS: This is a subject of debate. The change will probably be made
as a part of a major overhaul of the makefiles in libpng version 1.4.0.
-3. February 24, 2006: The Makefile generated by the "configure" script
+2. February 24, 2006: The Makefile generated by the "configure" script
fails to install symbolic links
libpng12.so => libpng12.so.0.1.2.9betaN
that are generated by the custom makefiles.
-4. September 4, 2007: There is a report that pngtest crashes on MacOS 10.
+3. September 4, 2007: There is a report that pngtest crashes on MacOS 10.
STATUS: workarounds are
1) Compile without optimization (crashes are observed with
View
@@ -10,7 +10,7 @@ this sentence.
This code is released under the libpng license.
-libpng versions 1.2.6, August 15, 2004, through 1.2.44, June 26, 2010, are
+libpng versions 1.2.6, August 15, 2004, through 1.2.46, July 9, 2011, are
Copyright (c) 2004, 2006-2009 Glenn Randers-Pehrson, and are
distributed according to the same disclaimer and license as libpng-1.2.5
with the following individual added to the list of Contributing Authors
@@ -108,4 +108,4 @@ certification mark of the Open Source Initiative.
Glenn Randers-Pehrson
glennrp at users.sourceforge.net
-June 26, 2010
+July 9, 2011
View
@@ -74,19 +74,22 @@ pkgconfig_DATA = libpng12.pc
EXTRA_DIST= \
ANNOUNCE CHANGES INSTALL KNOWNBUG LICENSE README TODO Y2KINFO \
pngtest.png pngbar.png pngnow.png pngbar.jpg autogen.sh \
+ CMakeLists.txt \
${srcdir}/projects/cbuilder5/* \
${srcdir}/projects/beos/* \
${srcdir}/projects/visualc6/* \
${srcdir}/projects/visualc71/* \
${srcdir}/projects/wince.txt \
${srcdir}/projects/netware.txt \
+ ${srcdir}/projects/xcode/* \
${srcdir}/scripts/* \
${srcdir}/contrib/gregbook/* \
+ ${srcdir}/contrib/pngminim/* \
${srcdir}/contrib/pngminus/* \
${srcdir}/contrib/pngsuite/* \
${srcdir}/contrib/visupng/* \
$(TESTS) \
- example.c libpng-1.2.44.txt pngvcrd.c
+ example.c libpng-1.2.46.txt pnggccrd.c pngvcrd.c
CLEANFILES= pngout.png libpng12.pc libpng12-config libpng.vers \
libpng.sym
View
@@ -338,20 +338,23 @@ pkgconfig_DATA = libpng12.pc
#extra source distribution files.
EXTRA_DIST = \
ANNOUNCE CHANGES INSTALL KNOWNBUG LICENSE README TODO Y2KINFO \
+ CMakeLists.txt \
pngtest.png pngbar.png pngnow.png pngbar.jpg autogen.sh \
${srcdir}/projects/cbuilder5/* \
${srcdir}/projects/beos/* \
${srcdir}/projects/visualc6/* \
${srcdir}/projects/visualc71/* \
${srcdir}/projects/wince.txt \
+ ${srcdir}/projects/xcode/* \
${srcdir}/projects/netware.txt \
${srcdir}/scripts/* \
${srcdir}/contrib/gregbook/* \
+ ${srcdir}/contrib/pngminim/* \
${srcdir}/contrib/pngminus/* \
${srcdir}/contrib/pngsuite/* \
${srcdir}/contrib/visupng/* \
$(TESTS) \
- example.c libpng-1.2.44.txt pngvcrd.c
+ example.c libpng-1.2.46.txt pnggccrd.c pngvcrd.c
CLEANFILES = pngout.png libpng12.pc libpng12-config libpng.vers \
libpng.sym
View
8 NOTICE
@@ -8,8 +8,10 @@ COPYRIGHT NOTICE, DISCLAIMER, and LICENSE:
If you modify libpng you may insert additional notices immediately following
this sentence.
-libpng versions 1.2.6, August 15, 2004, through 1.2.29, May 8, 2008, are
-Copyright (c) 2004, 2006-2008 Glenn Randers-Pehrson, and are
+This code is released under the libpng license.
+
+libpng versions 1.2.6, August 15, 2004, through 1.2.46, July 9, 2011, are
+Copyright (c) 2004, 2006-2009 Glenn Randers-Pehrson, and are
distributed according to the same disclaimer and license as libpng-1.2.5
with the following individual added to the list of Contributing Authors
@@ -106,4 +108,4 @@ certification mark of the Open Source Initiative.
Glenn Randers-Pehrson
glennrp at users.sourceforge.net
-May 8, 2008
+July 9, 2011
View
14 README
@@ -1,4 +1,4 @@
-README for libpng version 1.2.44 - June 26, 2010 (shared library 12.0)
+README for libpng version 1.2.46 - July 9, 2011 (shared library 12.0)
See the note about version numbers near the top of png.h
See INSTALL for instructions on how to install libpng.
@@ -199,11 +199,11 @@ Files in this distribution:
makefile.std => Generic UNIX makefile (cc, creates static
libpng.a)
makefile.elf => Linux/ELF gcc makefile symbol versioning,
- creates libpng12.so.0.1.2.44)
+ creates libpng12.so.0.1.2.46)
makefile.linux => Linux/ELF makefile (gcc, creates
- libpng12.so.0.1.2.44)
+ libpng12.so.0.1.2.46)
makefile.gcmmx => Linux/ELF makefile (gcc, creates
- libpng12.so.0.1.2.44, previously
+ libpng12.so.0.1.2.46, previously
used assembler code tuned for Intel MMX
platform)
makefile.gcc => Generic makefile (gcc, creates static
@@ -228,12 +228,12 @@ Files in this distribution:
makefile.openbsd => OpenBSD makefile
makefile.sgi => Silicon Graphics IRIX (cc, creates static lib)
makefile.sggcc => Silicon Graphics
- (gcc, creates libpng12.so.0.1.2.44)
+ (gcc, creates libpng12.so.0.1.2.46)
makefile.sunos => Sun makefile
makefile.solaris => Solaris 2.X makefile
- (gcc, creates libpng12.so.0.1.2.44)
+ (gcc, creates libpng12.so.0.1.2.46)
makefile.so9 => Solaris 9 makefile
- (gcc, creates libpng12.so.0.1.2.44)
+ (gcc, creates libpng12.so.0.1.2.46)
makefile.32sunu => Sun Ultra 32-bit makefile
makefile.64sunu => Sun Ultra 64-bit makefile
makefile.sco => For SCO OSr5 ELF and Unixware 7 with Native cc
View
@@ -1,13 +1,13 @@
Y2K compliance in libpng:
=========================
- June 26, 2010
+ July 9, 2011
Since the PNG Development group is an ad-hoc body, we can't make
an official declaration.
This is your unofficial assurance that libpng from version 0.71 and
- upward through 1.2.44 are Y2K compliant. It is my belief that earlier
+ upward through 1.2.46 are Y2K compliant. It is my belief that earlier
versions were also Y2K compliant.
Libpng only has three year fields. One is a 2-byte unsigned integer
Oops, something went wrong.

0 comments on commit 3c3a7e1

Please sign in to comment.