ZhuningOS/libpng16
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Initialize for libpng16

Browse source
This commit is contained in:
zyppe 2024-02-28 22:06:24 +08:00
commit a2aed97139
10 changed files with 1267 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
libpng-1.6.34.tar.xz

1
.libpng16.metadata Normal file
View file

@ -0,0 +1 @@
5e321bbb758764eebacb221f0cd3f239063d8b05b1287225f72531c7a4942671 libpng-1.6.34.tar.xz

12
baselibs.conf Normal file
View file

@ -0,0 +1,12 @@
libpng16-16
obsoletes "libpng-<targettype> < <version>"
provides "libpng-<targettype> = <version>"
libpng16-devel
requires -libpng16-<targettype>
requires "libpng16-16-<targettype> = <version>"
libpng16-compat-devel
requires -libpng16-compat-<targettype>
requires "libpng16-devel-<targettype> = <version>"
conflicts "libpng-devel-<targettype>"
provides "libpng-devel-<targettype>"

17
libpng-1.6.34.tar.xz.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJZzghsAAoJEPVJhL+hbGQPxfAP/iNKJV+UC3f6zNE62jPCjNVg
Gx3pOhWHMw2+mkN8NxlI7L5qPRj/zJ2G0iso2CVXBRzcb21aNMZ+Jx4/mQ1p2qPT
olupBl3mug/zucdUVSxsN0g2i7/atvxHX3fjkCjoNsNpkcBWPGZFhE5yZZTYU5Oz
qNrfluwkV+jC2XWqMw/B40Mahw4LwmbvzXeduaBxxNXDM7nund0vsEdoGYeI/NZx
G106dg+hmalJq1084M+SHyOiDa4xh1CAdpeJnwaL1IMjsbzyALZezUxx2PqrwwVg
WgLuSfPRZjNBFLZJxCBM1Y49QiON90NQzdZqeCA+0nNDQZtQAKPEI/zGadWZHBKd
4H5d19VvmYo2dPsvBoK5t8QSXeSEreTGsryQcKRbNvbzxMSBNdHN/C6zg13Kuteg
1xyx9jTtS59Ir+oOkE9EhXSAhEp4baPzFqjIwK2NON6/+gv9BYywVwc6cTfCz2rR
NgXaxe5/8qCZCb1DM6ZmgbhlLtXUrOLED49zX5ndcHpGBAQx5HVj7GRNn6VcSw1U
Ljk+S9r2A7g/mEzNqzeHcqpMSCjSt59RpQXvDfTI7vF1lxRqmNGMG1W9Sjk0DKe7
nPI7a/wAf6S8gU+VhPOHhj3I/B4e4IrBuwWj4NGaUO0RBbDwWYPXLrrDoMC7FBW7
Z+dSb9Tb6/Ihc3NXkJFI
=qQuX
-----END PGP SIGNATURE-----

13
libpng16-CVE-2018-13785.patch Normal file
View file

@ -0,0 +1,13 @@
Index: libpng-1.6.34/pngrutil.c
===================================================================
--- libpng-1.6.34.orig/pngrutil.c 2017-09-29 10:40:57.000000000 +0200
+++ libpng-1.6.34/pngrutil.c 2018-08-01 09:59:02.399741891 +0200
@@ -3149,7 +3149,7 @@ png_check_chunk_length(png_const_structr
{
png_alloc_size_t idat_limit = PNG_UINT_31_MAX;
size_t row_factor =
- (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1)
+ ((size_t)png_ptr->width * (size_t)png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1)
+ 1 + (png_ptr->interlaced? 6: 0));
if (png_ptr->height > PNG_UINT_32_MAX/row_factor)
idat_limit=PNG_UINT_31_MAX;

15
libpng16-CVE-2019-7317.patch Normal file
View file

@ -0,0 +1,15 @@
diff --git a/png.c b/png.c
index 9d9926f63..efd1aecfb 100644
--- a/png.c
+++ b/png.c
@@ -4588,8 +4588,7 @@ png_image_free(png_imagep image)
if (image != NULL && image->opaque != NULL &&
image->opaque->error_buf == NULL)
{
- /* Ignore errors here: */
- (void)png_safe_execute(image, png_image_free_function, image);
+ png_image_free_function(image);
image->opaque = NULL;
}
}

929
libpng16.changes Normal file
View file

@ -0,0 +1,929 @@
* Wed Apr 17 2019 pgajdos@suse.com
- security update
- added patches
CVE-2019-7317 [bsc#1124211]
+ libpng16-CVE-2019-7317.patch
* Mon Jan 14 2019 pgajdos@suse.com
- asan_build: build ASAN included
- debug_build: build more suitable for debugging, install pngcp
- usecase example: [bsc#1121624]
* Wed Aug 1 2018 pgajdos@suse.com
- security update:
* CVE-2018-13785 [bsc#1100687]
+ libpng16-CVE-2018-13785.patch
* Wed Jan 31 2018 pgajdos@suse.com
- check with -j1
* Tue Jan 30 2018 jengelh@inai.de
- Fix SRPM group and grammar issues.
* Tue Jan 30 2018 pgajdos@suse.com
- removed obsoleted Obsoletes
* Sun Jan 28 2018 avindra@opensuse.org
- update to 1.6.34:
* Removed contrib/pngsuite/i*.png; some of these were incorrect
and caused test failures.
- includes 1.6.33:
* Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added
missing parenthesis in contrib/pngminus/pnm2png.c
* Fixed off-by-one error in png_do_check_palette_indexes()
* Initialize png_handler.row_ptr in libpng_read_fuzzer.cc
to fix shortlived oss-fuzz issue 3234.
* Compute a larger limit on IDAT because some applications write
a deflate buffer for each row
* Use current date (DATE) instead of release-date (RDATE) in last
changed date of contrib/oss-fuzz files.
* Enabled ARM support in CMakeLists.txt
* Fixed incorrect typecast of some arguments to png_malloc() and
png_calloc() that were png_uint_32 instead of png_alloc_size_t
* Use pnglibconf.h.prebuilt when building for ANDROID with cmake
* Initialize memory allocated by png_inflate to zero, using
memset, to stop an oss-fuzz "use of uninitialized value"
detection in png_set_text_2() due to truncated iTXt or zTXt
chunk.
* Initialize memory allocated by png_read_buffer to zero, using
memset, to stop an oss-fuzz "use of uninitialized value"
detection in png_icc_check_tag_table() due to truncated iCCP
chunk.
* Removed redundant tests
* Added an interlaced version of each file in contrib/pngsuite.
* Relocate new memset() call in pngrutil.c
* Add support for loading images with associated alpha in the
Simplified API
* Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32
state
* Initialize png_handler.row_ptr in libpng_read_fuzzer.cc
* Add end_info structure and png_read_end() to the libpng fuzzer
- includes 1.6.32:
* Avoid possible NULL dereference in png_handle_eXIf when
benign_errors are allowed. Avoid leaking the input buffer
"eXIf_buf".
* Eliminated png_ptr->num_exif member from pngstruct.h and added
num_exif to arguments for png_get_eXIf() and png_set_eXIf().
* Added calls to png_handle_eXIf(() in pngread.c and
png_write_eXIf() in pngwrite.c, and made various other fixes
to png_write_eXIf().
* Changed name of png_get_eXIF and png_set_eXIf() to
png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid
breaking API compatibility with libpng-1.6.31.
* Updated contrib/libtests/pngunknown.c with eXIf chunk.
* Initialized btoa[] in pngstest.c
* Stop memory leak when returning from png_handle_eXIf() with an
error
* Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
* Update libpng.3 and libpng-manual.txt about eXIf functions.
* Restored png_get_eXIf() and png_set_eXIf() to maintain API
compatability.
* Removed png_get_eXIf_1() and png_set_eXIf_1().
* Check length of all chunks except IDAT against user limit to
fix an OSS-fuzz issue (Fixes CVE-2017-12652)
* Check length of IDAT against maximum possible IDAT size,
accounting for height, rowbytes, interlacing and zlib/deflate
overhead.
* Restored png_get_eXIf_1() and png_set_eXIf_1(), because
strlen(eXIf_buf) does not work (the eXIf chunk data can
contain zeroes).
* Revised symlink creation, no longer using deprecated cmake
LOCATION feature
* Fixed five-byte error in the calculation of IDAT maximum
possible size.
* Moved chunk-length check into a png_check_chunk_length()
private function
* Moved bad pngs from tests to contrib/libtests/crashers
* Moved testing of bad pngs into a separate
tests/pngtest-badpngs script
* Added the --xfail (expected FAIL) option to pngtest.c. It
writes XFAIL in the output but PASS for the libpng test.
* Require cmake-3.0.2 in CMakeLists.txt
* Fix "const" declaration info_ptr argument to png_get_eXIf_1()
and the num_exif argument to png_get_eXIf_1()
* Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
* Added huge_IDAT.png and empty_ancillary_chunks.png to
testpngs/crashers.
* Make pngtest --strict, --relax, --xfail options imply -m
(multiple).
* Removed unused chunk_name parameter from png_check_chunk_length().
* Relocated setting free_me for eXIf data, to stop an OSS-fuzz'
leak.
* Initialize profile_header[] in png_handle_iCCP() to fix
OSS-fuzz issue.
* Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix
OSS-fuzz UMR.
* Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.
* Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(),
to account for the minimum 'deflate' stream, and relocate the
test to a point after the keyword has been read.
* Check that the eXIf chunk has at least 2 bytes and begins with
"II" or "MM".
* Added a set of "huge_xxxx_chunk.png" files to
contrib/testpngs/crashers, one for each known chunk type, with
length = 2GB-1.
* Check for 0 return from png_get_rowbytes() and added some
(size_t) typecasts in contrib/pngminus/*.c to stop some Coverity
issues (162705, 162706, and 162707).
* Renamed chunks in contrib/testpngs/crashers to avoid having
files whose names differ only in case; this causes problems with
some platforms
* Added contrib/oss-fuzz directory which contains files used by
the oss-fuzz project
- cleanup with spec-cleaner
* Mon Aug 7 2017 pgajdos@suse.com
- update to 1.6.31:
* Guard the definition of _POSIX_SOURCE in pngpriv.h.
* Revised pngpriv.h to work around failure to compile
arm/filter_neon.S.
* Added "Requires: zlib" to libpng.pc.in.
* Added special case for FreeBSD in arm/filter_neon.S.
* Changed "int" to "png_size_t" in intel/filter_sse2.c to prevent
possible integer overflow.
* Added eXIf chunk support.
- remove upstreamed
0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch
* Wed Jul 19 2017 stefan.bruens@rwth-aachen.de
- Drop png-version-info-only.patch, it has no effect after applying
0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch
Both patches achieve the same, prefer the upstream version
* Fri Jul 14 2017 stefan.bruens@rwth-aachen.de
- Add 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch
Fix build on ARM
* Mon Jul 10 2017 schwab@suse.de
- png-version-info-only.patch: fix missing PNG_VERSION_INFO_ONLY check
* Fri Jun 30 2017 pgajdos@suse.com
- update to 1.6.30:
Revised documentation of png_get_error_ptr() in the libpng manual.
Document need to check for integer overflow when allocating a pixel
buffer for multiple rows in contrib/gregbook, contrib/pngminus,
example.c, and in the manual (suggested by Jaeseung Choi). This
is similar to the bug reported against pngquant in CVE-2016-5735.
Check for integer overflow in contrib/visupng and contrib/tools/genpng.
Do not double evaluate CMAKE_SYSTEM_PROCESSOR in CMakeLists.txt.
Avoid writing an empty IDAT when the last IDAT exactly fills the
compression buffer (bug report by Brian Baird). This bug was
introduced in libpng-1.6.0.
Add a reference to the libpng.download site in README.
* Thu Mar 16 2017 pgajdos@suse.com
- update to 1.6.29:
Moved SSE2 optimization code into the main libpng source directory.
Configure libpng with "configure --enable-intel-sse" or compile
libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it.
Added code for PowerPC VSX optimisation (Vadim Barkov).
Avoid potential overflow of shift operations in png_do_expand() (Aaron Boxer).
* Fri Jan 6 2017 pgajdos@suse.com
- update to 1.6.28: fix build issues
* Mon Jan 2 2017 pgajdos@suse.com
- update to 1.6.27: fixes CVE-2016-10087
* Thu Oct 20 2016 pgajdos@suse.com
- update to 1.6.26:
Fixed handling zero length IDAT in pngfix (bug report by Agostino Sarubbo,
bugfix by John Bowler).
Do not issue a png_error() on read in png_set_pCAL() because
png_handle_pCAL has allocated memory that libpng needs to free.
Issue a png_benign_error instead of a png_error on ADLER32 mismatch
while decoding compressed data chunks.
Changed PNG_ZLIB_VERNUM to ZLIB_VERNUM in pngpriv.h, pngstruct.h, and
pngrutil.c.
If CRC handling of critical chunks has been set to PNG_CRC_QUIET_USE,
ignore the ADLER32 checksum in the IDAT chunk as well as the chunk CRCs.
Issue png_benign_error() on ADLER32 checksum mismatch instead of
png_error().
Updated the documentation about CRC and ADLER32 handling.
Fixed offsets in contrib/intel/intel_sse.patch
Changed integer constant 4294967294 to unsigned 4294967294U in pngconf.h
to avoid a signed/unsigned compare in the preprocessor.
Use zlib-1.2.8.1 inflateValidate() instead of inflateReset2() to
optionally avoid ADLER32 evaluation.
* Thu Sep 1 2016 pgajdos@suse.com
- update to 1.6.25:
Reject oversized iCCP profile immediately.
Conditionally compile png_inflate().
Don't install pngcp; it conflicts with pngcp in the pngtools package.
Added MIPS support (Mandar Sahastrabuddhe <
* Thu Aug 4 2016 pgajdos@suse.com
- update to 1.6.24:
Avoid potential overflow of the PNG_IMAGE_SIZE macro.
Correct filter heuristic overflow handling.
Use a more efficient absolute value calculation on SSE2.
Added pngcp.
etc. see ANNOUNCE
* Wed Aug 3 2016 rpm@fthiessen.de
- Update to new upstream release 1.6.23
* Fixes a potential memleak in png_set_tRNS.
* Fixed the progressive reader to handle empty first IDAT
chunk properly.
* Added tests in pngvalid.c to check zero-length IDAT chunks
in various positions.
* Fixed the sequential reader to handle these more robustly.
* Corrected progressive read input buffer in pngvalid.c.
* Moved sse2 prototype from pngpriv.h to
contrib/intel/intel_sse.patch.
* Fixed undefined behavior in png_push_save_buffer().
Do not call memcpy() with a null source, even if count is zero.
* Fixed bad link to RFC2083 in png.5.
* Thu May 26 2016 pgajdos@suse.com
- update to 1.6.22:
Added a png_image_write_to_memory() API and a number of assist macros
to allow an application that uses the simplified API write to bypass
stdio and write directly to memory.
Relaxed limit checks on gamma values in pngrtran.c. As suggested in
the comments gamma values outside the range currently permitted
by png_set_alpha_mode are useful for HDR data encoding. These values
are already permitted by png_set_gamma so it is reasonable caution to
extend the png_set_alpha_mode range as HDR imaging systems are starting
to emerge.
Restored "& 0xff" in png_save_uint_16() and png_save_uint_32() that
were accidentally removed from libpng-1.6.17.
Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0xnnnn to 0xnnnnU in png.h
(Robert C. Seacord).
Added INTEL-SSE2 support (Mike Klein and Matt Sarett, Google, Inc.).
SSE filter speed improvements for bpp=3:
memcpy-free implementations of load3() / store3().
Added PNG_FAST_FILTERS macro (defined as
PNG_FILTER_NONE|PNG_FILTER_SUB|PNG_FILTER_UP).
* Sun Jan 17 2016 jengelh@inai.de
- Update to new upstream release 1.6.21
* Widened the 'limit' check on the internally calculated error limits in
the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error
checks) and changed the check to only operate in non-release builds
(base build type not RC or RELEASE.)
* Fixed undefined behavior in pngvalid.c, undefined because
(png_byte) << shift is undefined if it changes the signed bit
(because png_byte is promoted to int). The libpng exported functions
png_get_uint_32 and png_get_uint_16 handle this.
* Thu Dec 3 2015 pgajdos@suse.com
- update to 1.6.20:
Avoid potential pointer overflow/underflow in png_handle_sPLT() and
png_handle_pCAL() (Bug report by John Regehr).
Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
vulnerability.
Backported tests from libpng-1.7.0beta69.
Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't
immediately fault a bad CMINFO field; instead a 'too far back' error
happens later (at least some times). pngfix failed to limit CMINFO to
the allowed values but then assumed that window_bits was in range,
triggering an assert. The bug is mostly harmless; the PNG file cannot
be fixed.
In libpng 1.6 zlib initialization was changed to use the window size
in the zlib stream, not a fixed value. This causes some invalid images,
where CINFO is too large, to display 'correctly' if the rest of the
data is valid. This provides a workaround for zlib versions where the
error arises (ones that support the API change to use the window size
in the stream).
* Fri Nov 13 2015 pgajdos@suse.com
- update to 1.6.19:
Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
Fixed the recently reported 1's complement security issue.
Fixed png_save_int_32 when int is not 2's complement by replacing
the value that is illegal in the PNG spec, in both signed and
unsigned values, with 0.
etc., see ANNOUNCE and CHANGES for details
- removed: libpng-rgb_to_gray-checks.patch (upstreamed)
* Fri Aug 7 2015 pgajdos@suse.com
- drop unknown configure switch
* Wed Apr 1 2015 pgajdos@suse.com
- Fixed rgb_to_gray checks and added tRNS checks to pngvalid.c.
+ libpng-rgb_to_gray-checks.patch
* Mon Mar 30 2015 pgajdos@suse.com
- updated to 1.6.17:
Corrected the width limit calculation in png_check_IHDR().
Removed user limits from pngfix. Also pass NULL pointers to
png_read_row to skip the unnecessary row de-interlace stuff.
Implement previously untested cases of libpng transforms in pngvalid.c
Fixed byte order in 2-byte filler, in png_do_read_filler().
Made the check for out-of-range values in png_set_tRNS() detect
values that are exactly 2^bit_depth, and work on 16-bit platforms.
Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47.
Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and
pngset.c to avoid warnings about dead code.
Do not build png_product2() when it is unused.
Display user limits in the output from pngtest.
Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column
and 1-million-row default limits in pnglibconf.dfa, that can be reset
by the user at build time or run time. This provides a more robust
defense against DOS and as-yet undiscovered overflows.
Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default.
Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins).
Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block
of png.h.
Free the unknown_chunks structure even when it contains no data.
Fixed simplified 8-bit-linear to sRGB alpha. The calculated alpha
value was wrong. It's not clear if this affected the final stored
value; in the obvious code path the upper and lower 8-bits of the
alpha value were identical and the alpha was truncated to 8-bits
rather than dividing by 257 (John Bowler).
* Tue Jan 13 2015 pgajdos@suse.com
- build with PNG_SAFE_LIMITS_SUPPORTED [bnc#912076], [bnc#912929]
* Mon Dec 29 2014 pgajdos@suse.com
- updated to 1.6.16:
* Restored a test on width that was removed from png.c at libpng-1.6.9
(Bug report by Alex Eubanks).
* Fixed an overflow in png_combine_row with very wide interlaced images.
* Thu Nov 20 2014 pgajdos@suse.com
- updated to 1.6.15:
* Avoid out-of-bounds memory access in png_user_version_check().
* Fixed incorrect handling of the iTXt compression.
* Free all allocated memory in pngimage.
* Fixed array size calculations to avoid warnings.
etc. see ANNOUNCE
* Fri Aug 22 2014 pgajdos@suse.com
- updated to 1.6.13: a "cleanup" release that have no security
fixes or new features.
* Thu Jun 12 2014 pgajdos@suse.com
- updated to 1.6.12:
* bugfixes, almost build-related only
* Fri Jun 6 2014 pgajdos@suse.com
- updated to 1.6.11:
* fixed CVE-2014-0333
* other bugfixes
- removed libpng16-1.6.9-CVE-2014-0333.patch (upstreamed)
* Tue Mar 4 2014 pgajdos@suse.com
- fixed CVE-2014-0333 [bnc#866298]
- added patches:
* libpng16-1.6.6-CVE-2014-0333.patch
* Fri Feb 7 2014 pgajdos@suse.com
- updated to 1.6.9:
Bookkeeping: Moved functions around (no changes). Moved transform
function definitions before the place where they are called so that
they can be masde static. Move the intrapixel functions and the
grayscale palette builder out of the png?tran.c files. The latter
isn't a transform function and is no longer used internally, and the
former MNG specific functions are better placed in pngread/pngwrite.c
Made transform implementation functions static. This makes the internal
functions called by png_do_{read|write}_transformations static. On an
x86-64 DLL build (Gentoo Linux) this reduces the size of the text
segment of the DLL by 1208 bytes, about 0.6%%. It also simplifies
maintenance by removing the declarations from pngpriv.h and allowing
easier changes to the internal interfaces.
Rebuilt configure scripts with automake-1.14.1 and autoconf-2.69
in the tar distributions.
Added checks for libpng 1.5 to pngvalid.c. This supports the use of
this version of pngvalid in libpng 1.5
Merged with pngvalid.c from libpng-1.7 changes to create a single
pngvalid.c
Merged pngrio.c, pngtrans.c, pngwio.c, and pngerror.c with libpng-1.7.0
Merged libpng-1.7.0 changes to make no-interlace configurations work
with test programs.
Revised pngvalid.c to support libpng 1.5, which does not support the
PNG_MAXIMUM_INFLATE_WINDOW option, so #define it out when appropriate
in pngvalid.c
Allow unversioned links created on install to be disabled in configure.
In configure builds 'make install' changes/adds links like png.h
and libpng.a to point to the newly installed, versioned, files (e.g.
libpng17/png.h and libpng17.a). Three new configure options and some
rearrangement of Makefile.am allow creation of these links to be
disabled.
Removed potentially misleading warning from png_check_IHDR().
Updated scripts/makefile.* to use CPPFLAGS (Cosmin).
Added clang attribute support (Cosmin).
* Fri Dec 20 2013 pgajdos@suse.com
- updated to 1.6.8:
Changed #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED in pngpread.c to
[#]ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED to be consistent with
what is in pngpriv.h.
Moved prototype for png_handle_unknown() in pngpriv.h outside of
the #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED/#endif block.
Enabled WRITE_INVERT and WRITE_PACK in contrib/pngminim/encoder.
Fixed pngvalid 'fail' function declaration on the Intel C Compiler.
This reverts to the previous 'static' implementation and works round
the 'unused static function' warning by using PNG_UNUSED().
Handle zero-length PLTE chunk or NULL palette with png_error()
instead of png_chunk_report(), which by default issues a warning
rather than an error, leading to later reading from a NULL pointer
(png_ptr->palette) in png_do_expand_palette(). This is CVE-2013-6954
and VU#650142.
* Mon Dec 2 2013 pgajdos@suse.com
- png_fix macro doesn't leave *.png.fixed (which happened for correct
PNGs) [bnc#852862]
* Fri Nov 15 2013 pgajdos@suse.com
- updated to 1.6.7:
* Revised unknown chunk code to correct several bugs in the
NO_SAVE_/NO_WRITE combination
* Check user callback behavior in pngunknown.c. Previous versions
compiled if SAVE_UNKNOWN was not available but did nothing since the
callback was never implemented.
* Merged pngunknown.c with 1.7 version and back ported 1.7
improvements/fixes
* Revised pngvalid to generate size images with as many filters as
it can manage, limited by the number of rows.
* ARM improvements/fixes
* Wed Sep 25 2013 pgajdos@suse.com
- updated to 1.6.6:
* fix arm build
* Thu Sep 12 2013 pgajdos@suse.com
- updated to 1.6.4:
* Added information about png_set_options() to the manual.
* Delay calling png_init_filter_functions() until a row with nonzero
filter is found.
* Fixed inconsistent conditional compilation of
png_chunk_unknown_handling() prototype, definition, and usage.
Made it depend on PNG_HANDLE_AS_UNKNOWN_SUPPORTED everywhere.
* Fri Aug 30 2013 coolo@suse.com
- remove gpg-offline usage, libpng16 is too low in the build chain
* Thu Aug 8 2013 pgajdos@suse.com
- png-fix-too-far-back was actually renamed to pngfix. Adjusted rpm
macro names accordingly, %%png_fix and %%png_fix_dir.
* Tue Aug 6 2013 pgajdos@suse.com
- updated to 1.6.3:
* Added png-fix-itxt and png-fix-too-far-back to the built programs and
removed warnings from the source code and timepng that are revealed as
a result.
=> new subpackage tools, created rpm macros
* Fri Jun 21 2013 crrodriguez@opensuse.org
- Build with LFS_CFLAGS in 32 bit archs otherwise calls such
as png_image_begin_read_from_file() or png_image_write_to_file()
will fail to read/write huge images.
- Build with Full RELRO as this library is a possible consumer
of malicuous images/files.
* Fri Apr 26 2013 pgajdos@suse.com
- updated to 1.6.2:
Updated documentation of 1.5.x to 1.6.x changes in iCCP chunk handling.
Fixed incorrect warning of excess deflate data. End condition - the
warning would be produced if the end of the deflate stream wasn't read
in the last row. The warning is harmless.
Corrected the test on user transform changes on read. It was in the
png_set of the transform function, but that doesn't matter unless the
transform function changes the rowbuf size, and that is only valid if
transform_info is called.
Corrected a misplaced closing bracket in contrib/libtests/pngvalid.c
(Flavio Medeiros).
Corrected length written to uncompressed iTXt chunks (Samuli Suominen).
Added contrib/tools/fixitxt.c, to repair the erroneous iTXt chunk length
written by libpng-1.6.0 and 1.6.1.
Disallow storing sRGB information when the sRGB is not supported.
Merge pngtest.c with libpng-1.7.0
* Tue Apr 2 2013 pgajdos@suse.com
- conflict with libpng12-compat-devel-32bit and libpng15-compat-devel-32bit
* Thu Mar 28 2013 pgajdos@suse.com
- updated to 1.6.1:
Made sRGB check numbers consistent.
Use parentheses more consistently in "#if defined(MACRO)" tests.
Reenabled code to allow zero length PLTE chunks for MNG.
Fixed ALIGNED_MEMORY support.
Avoid a possible memory leak in contrib/gregbook/readpng.c
Better documentation of unknown handling API interactions.
Corrected simplified API default gamma for color-mapped output, added
a flag to change default. In 1.6.0 when the simplified API was used
to produce color-mapped output from an input image with no gamma
information the gamma assumed for the input could be different from
that assumed for non-color-mapped output. In particular 16-bit depth
input files were assumed to be sRGB encoded, whereas in the 'direct'
case they were assumed to have linear data. This was an error. The
fix makes the simplified API treat all input files the same way and
adds a new flag to the png_image::flags member to allow the
application/user to specify that 16-bit files contain sRGB data
rather than the default linear.
etc., see ANNOUNCE or CHANGES for details
- dropped upstreamed
0387-Reenable-code-to-allow-zero-length-PLTE-chunks-for-M.patch
* Mon Mar 18 2013 pgajdos@suse.com
- allow zero length PLTE chunks
(fixes GraphicsMagick testsuite)
* Mon Mar 4 2013 pgajdos@suse.com
- remove clean section
* Thu Feb 14 2013 pgajdos@suse.com
- updated to 1.6.0
- changes from 1.5.x to 1.6.x:
* new simplified api added:
macros:
PNG_FORMAT_*
PNG_IMAGE_*
structures:
png_control
png_image
read functions
png_image_begin_read_from_file()
png_image_begin_read_from_stdio()
png_image_begin_read_from_memory()
png_image_finish_read()
png_image_free()
write functions
png_image_write_to_file()
png_image_write_to_stdio()
* possibility to configure libpng to prefix all exported symbols
(PNG_PREFIX macro)
* no longer include string.h in png.h
* deprecated api:
png_info_init_3()
png_convert_to_rfc1123() which has been replaced
with png_convert_to_rfc1123_buffer()
png_data_freer()
png_malloc_default()
png_free_default()
png_reset_zstream()
* removed api:
png_get_io_chunk_name()
* signatures of many exported functions were changed, such that
png_structp became png_structrp or png_const_structrp
png_infop became png_inforp or png_const_inforp
where "rp" indicates a "restricted pointer".
- for more details see section XII of libpng-manual.txt or ANNOUNCE
* Mon Jan 14 2013 pgajdos@suse.com
- updated to 1.6.0beta37
* Tue Nov 20 2012 pgajdos@suse.com
- updated to 1.6.0beta31
* Wed Oct 24 2012 jengelh@inai.de
- Add missing baselib requires for compat-devel-32bit
* Mon Oct 15 2012 pgajdos@suse.com
- updated to 1.6.0beta29
* Wed Jul 11 2012 pgajdos@suse.com
- updated to 1.6.0beta26
* Fri Jun 15 2012 pgajdos@suse.com
- updated to 1.6.0beta24
* Thu Mar 29 2012 pgajdos@suse.com
- updated to 1.6.0beta20
* Wed Mar 14 2012 pgajdos@suse.com
- updated to 1.6.0beta17
* Mon Feb 20 2012 pgajdos@suse.com
- updated to 1.6.0beta12
* Mon Jan 9 2012 pgajdos@suse.com
- updated to 1.6.0beta04
* Mon Dec 19 2011 pgajdos@suse.com
- updated to 1.5.7:
Added support for ARM processor (Mans Rullgard)
Fixed bug in pngvalid on early allocation failure; fixed type cast in
pngmem.c; pngvalid would attempt to call png_error() if the allocation
of a png_struct or png_info failed. This would probably have led to a
crash. The pngmem.c implementation of png_malloc() included a cast
to png_size_t which would fail on large allocations on 16-bit systems.
Fix for the preprocessor of the Intel C compiler. The preprocessor
splits adjacent @ signs with a space; this changes the concatentation
token from @-@-@ to PNG_JOIN; that should work with all compiler
preprocessors.
Paeth filter speed improvements from work by Siarhei Siamashka. This
changes the 'Paeth' reconstruction function to improve the GCC code
generation on x86. The changes are only part of the suggested ones;
just the changes that definitely improve speed and remain simple.
The changes also slightly increase the clarity of the code.
Check compression_type parameter in png_get_iCCP and remove spurious
casts. The compression_type parameter is always assigned to, so must
be non-NULL. The cast of the profile length potentially truncated the
value unnecessarily on a 16-bit int system, so the cast of the (byte)
compression type to (int) is specified by ANSI-C anyway.
Fixed FP division by zero in pngvalid.c; the 'test_pixel' code left
the sBIT fields in the test pixel as 0, which resulted in a floating
point division by zero which was irrelevant but causes systems where
FP exceptions cause a crash. Added code to pngvalid to turn on FP
exceptions if the appropriate glibc support is there to ensure this is
tested in the future.
Updated scripts/pnglibconf.mak and scripts/makefile.std to handle the
new PNG_JOIN macro.
Added versioning to pnglibconf.h comments.
Simplified read/write API initial version; basic read/write tested on
a variety of images, limited documentation (in the header file.)
Installed more accurate linear to sRGB conversion tables. The slightly
modified tables reduce the number of 16-bit values that
convert to an off-by-one 8-bit value. The "makesRGB.c" code that was used
to generate the tables is now in a contrib/sRGBtables sub-directory.
etc. see CHANGES
* Thu Dec 1 2011 idoenmez@suse.de
- Name field shouldn't contain a macro
* Thu Dec 1 2011 coolo@suse.com
- add libtool as buildrequire to avoid implicit dependency
* Thu Nov 3 2011 pgajdos@suse.com
- updated to 1.5.6:
Fixed some 64-bit type conversion warnings in pngrtran.c
Moved row_info from png_struct to a local variable.
The various interlace mask arrays have been made into arrays of
bytes and made PNG_CONST and static (previously some arrays were
marked PNG_CONST and some weren't).
Additional checks have been added to the transform code to validate the
pixel depths after the transforms on both read and write.
Removed some redundant code from pngwrite.c, in png_desgtroy_write_struct().
Changed chunk reading/writing code to use png_uint_32 instead of png_byte[4].
This removes the need to allocate temporary strings for chunk names on
the stack in the read/write code. Unknown chunk handling still uses the
string form because this is exposed in the API.
Added a note in the manual the png_read_update_info() must be called only
once with a particular info_ptr.
Revised test-pngtest.sh to report FAIL when pngtest fails.
Added "--strict" option to pngtest, to report FAIL when the failure is
only because the resulting valid files are different.
Revised CMakeLists.txt to work with mingw and removed some material from
CMakeLists.txt that is no longer useful in libpng-1.5.
Fixed typo in Makefile.in and Makefile.am ("-M Wl" should be "-M -Wl")."
Speed up png_combine_row() for interlaced images. This reduces the generality
of the code, allowing it to be optimized for Adam7 interlace. The masks
passed to png_combine_row() are now generated internally, avoiding
some code duplication and localizing the interlace handling somewhat.
Align png_struct::row_buf - previously it was always unaligned, caused by
a bug in the code that attempted to align it; the code needs to subtract
one from the pointer to take account of the filter byte prepended to
each row.
Optimized png_combine_row() when rows are aligned. This gains a small
percentage for 16-bit and 32-bit pixels in the typical case where the
output row buffers are appropriately aligned. The optimization was not
previously possible because the png_struct buffer was always misaligned.
Removed two redundant tests for unitialized row.
Fixed a relatively harmless memory overwrite in compressed text writing
with a 1 byte zlib buffer.
Add ability to call png_read_update_info multiple times to pngvalid.c
Fixes for multiple calls to png_read_update_info. These fixes attend to
most of the errors revealed in pngvalid, however doing the gamma work
twice results in inaccuracies that can't be easily fixed. There is now
a warning in the code if this is going to happen.
Turned on multiple png_read_update_info in pngvalid transform tests.
Prevent libpng from overwriting unused bits at the end of the image when
it is not byte aligned, while reading. Prior to libpng-1.5.6 libpng would
overwrite the partial byte at the end of each row if the row width was not
an exact multiple of 8 bits and the image is not interlaced.
Made png_ptr->prev_row an aligned pointer into png_ptr->big_prev_row
(Mans Rullgard).
Changed misleading "Missing PLTE before cHRM" warning to "Out of place cHRM"
Added PNG_LSR() and PNG_LSL() macros to defend against buggy compilers that
evaluate non-taken code branches and complain about out-of-range shifts.
Renamed the local variable 'byte' because it appears in a MSYS header
file.
Added #define PNG_ALIGN_TYPE PNG_ALIGN_NONE to contrib/pngminim/*/pngusr.h
* Mon Sep 26 2011 pgajdos@suse.com
- updated to 1.5.5, fixes:
* CVE-2011-3328 [bnc#720017]
* Tue Jul 26 2011 pgajdos@novell.com
- updated to 1.5.4, fixes:
* CVE-2011-2501 [bnc#702578]
* CVE-2011-2690 [bnc#706387]
* CVE-2011-2691 [bnc#706388]
* CVE-2011-2692 [bnc#706389]
* Thu Mar 31 2011 pgajdos@suse.cz
- updated to 1.5.2:
* Turned on interlace handling in png_read_png().
* Fixed gcc pendantic warnings.
* Fixed png_get_current_row_number() in the interlaced case.
* Cleaned up ALPHA flags and transformations.
* Implemented expansion to 16 bits.
* etc, see
http://sourceforge.net/projects/libpng/files/libpng15/1.5.2/
* Thu Feb 3 2011 pgajdos@suse.cz
- updated to 1.5.1: new branch shortly after 1.4, many structural
changes, see CHANGELOG or
http://sourceforge.net/projects/libpng/files/libpng15/1.5.0/
and
http://sourceforge.net/projects/libpng/files/libpng15/1.5.1/
* Thu Sep 30 2010 pgajdos@novell.com
- updated to 1.4.4:
* Eliminated another deprecated reference to png_ptr->io_ptr in pngtest.c
* Updated the xcode project to work with libpng-1.4.x and added iOS targets
for simulator and device (Philippe Hausler).
* Eliminated a deprecated reference to png_ptr->io_ptr in pngtest.c
* Removed unused png_mem_* defines from pngconf.h.
* Updated the read macros and functions from 1.5.0beta38.
* Mon Aug 30 2010 coolo@novell.com
- fix baselibs.conf after previous change
* Thu Jul 29 2010 pgajdos@suse.cz
- add devel packages to baselbis.conf [bnc#625883]
* Mon Jun 28 2010 pgajdos@suse.cz
- updated to 1.4.3: fixed libpng overflow (CVE-2010-1205)
and memory leak [bnc#617866]
* Fri Jun 4 2010 coolo@novell.com
- remove devel packages from baselibs.conf, not convinced of
their usefulness
* Mon May 3 2010 dmueller@suse.de
- also obsolete libpng-devel-1.2.43 (previous factory version)
* Sat Apr 24 2010 coolo@novell.com
- buildrequire pkg-config to fix provides
* Thu Apr 15 2010 pgajdos@suse.cz
- support png_read_dither() for xfig and transfig
* read-dither.patch
* Tue Apr 6 2010 ro@suse.de
- fix baselibs.conf
* Thu Mar 25 2010 pgajdos@suse.cz
- updated to 1.4.1 -- new branch
* Thu Feb 25 2010 pgajdos@suse.cz
- updated to 1.2.43 (fixes [bnc#585403]):
* Removed "#define PNG_NO_ERROR_NUMBERS" that was inadvertently added
to pngconf.h in version 1.2.41.
* Removed leftover "-DPNG_CONFIGURE_LIBPNG" from scripts/makefile.darwin
and contrib/pngminim/*/makefile
* Relocated png_do_chop() to its original position in pngrtran.c; the
change in version 1.2.41beta08 caused transparency to be handled wrong
in some 16-bit datastreams (Yusaku Sugai).
* Renamed libpng-pc.in back to libpng.pc.in and revised CMakeLists.txt
(revising changes made in 1.2.41)
* Swapped PNG_UNKNOWN_CHUNKS_SUPPORTED and PNG_HANDLE_AS_UNKNOWN_SUPPORTED
in pngset.c to be consistent with other changes in version 1.2.38.
* Avoid deprecated references to png_ptr-io_ptr and png_ptr->error_ptr
in pngtest.c
* Mon Dec 14 2009 jengelh@medozas.de
- add baselibs.conf as a source
* Mon Dec 7 2009 pgajdos@suse.cz
- updated to 1.2.41:
contains numerous cleanups, some new compile-time warnings about
direct struct access (define PNG_NO_PEDANTIC_WARNINGS to enable),
a new xcode build project, and a minor performance improvement
(avoid building 16-bit gamma tables when not needed)
* Tue Nov 24 2009 pgajdos@suse.cz
- updated to 1.2.40:
Removed an extra png_debug() recently added to png_write_find_filter().
Fixed incorrect #ifdef in pngset.c regarding unknown chunk support.
Various bugfixes and improvements to CMakeLists.txt (Philip Lowman)
* Tue Nov 3 2009 coolo@novell.com
- updated patches to apply with fuzz=0
* Thu Aug 13 2009 pgajdos@suse.cz
- updated to 1.2.39:
* Added a prototype for png_64bit_product() in png.c
* Avoid a possible NULL dereference in debug build,
in png_set_text_2()
* Relocated new png_64_bit_product() prototype into png.h
* Replaced *.tar.lzma with *.txz in distribution.
* Reject attempt to write iCCP chunk with negative embedded
profile length.
* Mon Jul 20 2009 pgajdos@suse.cz
- updated to 1.2.38:
* Revised libpng*.txt and libpng.3 to mention calling png_set_IHDR()
multiple times and to specify the sample order in the tRNS chunk,
because the ISO PNG specification has a typo in the tRNS table.
* Changed several PNG_UNKNOWN_CHUNK_SUPPORTED to
PNG_HANDLE_AS_UNKNOWN_SUPPORTED, to make the png_set_keep mechanism
available for ignoring known chunks even when not saving unknown chunks.
* Adopted preference for consistent use of "#ifdef" and "#ifndef" versus
"#if defined()" and "if !defined()" where possible.
* Added PNG_NO_HANDLE_AS_UNKNOWN in the PNG_LEGACY_SUPPORTED block of
pngconf.h, and moved the various unknown chunk macro definitions
outside of the PNG_READ|WRITE_ANCILLARY_CHUNK_SUPPORTED blocks.
* Thu Jun 4 2009 pgajdos@suse.cz
- updated to 1.2.37:
* fixed bug with new png_memset() of the big_row_buffer
* Tue May 12 2009 pgajdos@suse.cz
- updated to 1.2.36 (see CHANGES)
* Mon Feb 23 2009 pgajdos@suse.cz
- fixes possible double free [bnc#472745]
(CVE-2009-0040)
* Mon Jan 19 2009 pgajdos@suse.cz
- updated to 1.2.34:
* fixes CVE-2008-3964 (removed CVE-2008-3964.patch)
* Tue Jan 13 2009 olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
* Mon Sep 15 2008 pgajdos@suse.cz
- fixed CVE-2008-3964 [bnc#424739]
* CVE-2008-3964.patch
* Thu Sep 11 2008 pgajdos@suse.cz
- updated to version 1.2.31:
* coding bugfixes and enhancements
* Mon Sep 1 2008 aj@suse.de
- Do not package la files.
* Mon Jun 23 2008 pgajdos@suse.cz
- updated to 1.2.29:
* fixes to the configure-related build-scripts
* security fix that affects programs that attempt to do
special handling of unknown PNG chunks (presumably very
few such programs), along with a reversion to previous
behavior for handling of images with out-of-range tRNS-chunk
values [bnc#378634]
* fix for unintentional gray-to-RGB conversion in
png_set_expand_gray_1_2_4_to_8()
* various other minor fixes
- removed makefile-am.patch, issue fixed upstream
* Sun May 11 2008 coolo@suse.de
- fix rename of xxbit packages
* Tue Apr 22 2008 pgajdos@suse.cz
- $(ECHO) substituted by echo in Makefile.in -- fixes package
build in beta (makefile-am.patch)
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
* Thu Apr 3 2008 pgajdos@suse.cz
- updated to 1.2.26:
* fixed minor coding errors that could lead to crashes in
exceptional cases
* Thu Dec 6 2007 mrueckert@suse.de
- added provides/obsoletes for the old package
* Fri Nov 30 2007 nadvornik@suse.cz
- updated to 1.2.23:
* more sanity checks, fixes [#332249]
- adjusted to Shared Library Policy:
* renamed package libpng to libpng12-0
* created compatibility package libpng3
* Wed Jul 11 2007 nadvornik@suse.cz
- updated to 1.2.18:
* security fixes merged upstream
* Thu Mar 29 2007 aj@suse.de
- Add zlib-devel to BuildRequires.
* Thu Nov 23 2006 nadvornik@suse.cz
- fixed crash on malformed sPLT chunks CVE-2006-5793 [#219007]
* Mon Jul 17 2006 nadvornik@suse.cz
- make sure PNG_NO_ASSEMBLER_CODE is used consistently
* Thu Jun 29 2006 nadvornik@suse.cz
- updated to 1.2.12:
* fixed possible buffer overflow [#189241]
* Wed Jun 21 2006 nadvornik@suse.cz
- updated to 1.2.10:
* use autoconf
* many bugfixes
- libpng12-config no longer gives -Wl,-rpath,/usr/lib [#168627]
- spec file cleanup
* Fri Feb 24 2006 nadvornik@suse.cz
- removed libpng-64bit.diff [#153106]
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Thu Jan 12 2006 nadvornik@suse.cz
- compile with -fstack-protector
* Mon Oct 10 2005 nadvornik@suse.cz
- fixed incorrect inline asm usage
* Thu May 19 2005 ro@suse.de
- fix libdir in pkgconfig file libpng.pc
* Thu Jan 20 2005 nadvornik@suse.cz
- updated to 1.2.8:
* fixed crash of applications that strip the alpha channel
* fixed invalid zlib header within the PNG datastream
* Mon Sep 27 2004 sf@suse.de
- fixed problem with wrong assumption for long on 64bit archs
which prevents khunphan from working (#45738)
* Wed Aug 25 2004 kukuk@suse.de
- Avoid /bin/sh PreRequires
* Mon Aug 16 2004 nadvornik@suse.cz
- updated to 1.2.6: included security fixes
* Mon Jul 19 2004 nadvornik@suse.cz
- fixed several buffer overflows [#43008]
* Wed Jun 16 2004 nadvornik@suse.cz
- added missing part of pngtran overflow patch [#42043]
* Fri Apr 23 2004 nadvornik@suse.cz
- fixed reading behind end of string [#39180]
* Sat Jan 10 2004 adrian@suse.de
- build as user
* Fri Oct 10 2003 adrian@suse.de
- add %%run_ldconfig
* Mon Apr 7 2003 ro@suse.de
- fix tail calling syntax
* Mon Feb 10 2003 nadvornik@suse.cz
- link the shared library with -lz -lm -lc again
* Wed Jan 29 2003 kukuk@suse.de
- Fix libpng-devel requires (add zlib-devel) [Bug #23154]
* Fri Jan 24 2003 sbrabec@suse.cz
- Added missing pkgconfig files to %%files.
* Tue Jan 7 2003 nadvornik@suse.cz
- updated to 1.2.5
- fixed buffer overflow
* Wed Jul 31 2002 coolo@suse.de
- fix libz dependency, so the resulting libpng is self containing
* Fri Jul 26 2002 adrian@suse.de
- fix neededforbuild
* Wed Jul 24 2002 nadvornik@suse.cz
- updated to 1.2.4:
- fixed buffer overflow in pngpread.c when IDAT is
corrupted with extra data
* Fri Jul 12 2002 schwab@suse.de
- Fix makefile.
* Fri Jul 5 2002 kukuk@suse.de
- Use %%ix86 macro
* Tue Jul 2 2002 nadvornik@suse.cz
- updated to 1.2.3
- changed package version to match the version of source tarball
* Tue Mar 5 2002 nadvornik@suse.cz
- fixed permissions for man pages
* Tue Feb 5 2002 nadvornik@suse.cz
- added Provides: libpng:/usr/include/png.h to libpng-devel
* Thu Jan 31 2002 nadvornik@suse.cz
- back to 1.0.12, libpng 1.2.x will be packed in separate package
- created devel subpackage to allow parallel instalation of
shared libraries
* Wed Jan 9 2002 nadvornik@suse.cz
- update to 1.2.1
- used macros %%{_lib} and %%{_libdir}
* Tue Dec 4 2001 nadvornik@suse.cz
- update to 1.2.0
- shared library version changed to 3.1.2.0
- new API for dynamically enabling and disabling certain optimizations
- added Provides: libpng-devel for compatibility [bug #11978]
* Tue Jul 17 2001 nadvornik@suse.cz
- update to 1.0.12
* Tue Apr 3 2001 nadvornik@suse.cz
- update to 1.0.10
- used pnggccrd.c - MMX support on intel
* Tue Feb 13 2001 nadvornik@suse.cz
- update to 1.0.9
* Fri Jan 19 2001 bk@suse.de
- call pngtest program to have some tests that libpng works.
- don't remove -O3 when adding RPM_OPT_FLAGS(still do -O3 optimisations)
* Thu Jan 4 2001 nadvornik@suse.cz
- changed rpm version to 2.1.0.8 (bug #5062)
- changed shared library name to libpng.so.2.1.0.8
* Wed Aug 23 2000 nadvornik@suse.cz
- update to 1.0.8
* Tue Jul 11 2000 adrian@suse.de
- seg fault fix in pngrutil.c
* Mon May 22 2000 nadvornik@suse.cz
- changed group
- changed URL
* Sat Apr 29 2000 kukuk@suse.de
- Make sure libpng.so.2 is linked against libz to avoid problems
with missing dependencies.
* Mon Apr 10 2000 nadvornik@suse.cz
- added URL
* Tue Apr 4 2000 nadvornik@suse.cz
- update to 1.0.6
- added BuildRoot
* Tue Jan 25 2000 ro@suse.de
- update to 1.0.5
- manpages to /usr/share using macro
* Mon Sep 13 1999 bs@suse.de
- ran old prepare_spec on spec file to switch to new prepare_spec.
* Tue Jun 29 1999 ro@suse.de
- moved from /usr/X11R6 to /usr
* Mon Jun 28 1999 ro@suse.de
- update to 1.0.3
* Wed Feb 17 1999 ro@suse.de
- added .so.2 link
* Fri Jan 22 1999 ro@suse.de
- bump version to 2.1.0 (the version of the installed library)
* Fri Mar 20 1998 ro@suse.de
- extracted package from libgr tree
update to version 1.0.1

91
libpng16.keyring Normal file
View file

@ -0,0 +1,91 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.20 (GNU/Linux)
mQINBFGn+ogBEAD6cK4C1MRIOUPToIxBZA1mwkiUYTimGEhmgHFle9h20GQWuuJ3
sU34ptoljsmgeWChuC1PRtYm1mb/nrIC98Osu1MKwj1QQbHgGa/oK57LBx05bVZr
GI36tkZXi9VC4aiilJ08c1bVYDh0WKx9ohH7VKlNiDiS5g5Fsk8fe3hj+nCBbRN1
6VZjcVhWwhYYygTnTu/4KxkjgbE2QUP1CsE8UbeubFcInlSFmXAyoc3hXLbe0NqI
Jxri1dQAwg/J/GtEqLfTDE9f+xuHgVVwUpGNDhf2Md4STW/5m0lzfOQXxN0AUwml
wTNS6YNkb8WK0ab63wnVwP+4wAwVp3QjDYhrkApTdv3W5V/7oGL0Iw6o1XGbXLp2
qLwgAhcWFeZWU6RbfT33ipeoYPmt4Cw8tGW6Zh1CEW4lj33hJoOTfrogtMFqPRSa
sbz2tTGha3ZA3FKg84tfg1UaS7ZJ6MmrO2lXr7VcjR75xmeqjjQyQlhZ67Ew4mbw
J456mG0fM9a7PPgCIJPAluNQvgUjoSfDFb/0klhnZeUULZqhBNQP05wisWjLinGB
3QW4WKJlBpugSR8ymIgn0aU9gsbBppDHrF9Vzl/1oQAbcuiRM/GIiVvY8q5a8x1I
KnSNH0/SXSdaHdhcfzOx1JG2wM5S5dS5LDkCchxbReD82DDr90dxBlxfnwARAQAB
tDdHbGVubiBSYW5kZXJzLVBlaHJzb24gKG1vemlsbGEpIDxnbGVubnJwK2Jtb0Bn
bWFpbC5jb20+iQI+BBMBAgAoBQJRr4XlAhsDBQkJbUKdBgsJCAcDAgYVCAIJCgsE
FgIDAQIeAQIXgAAKCRD1SYS/oWxkD+AfEACgCTqUYZC4LvwPnaK0Y/Cjgwt6ToaJ
t3dpziKibYR3fL0F8vzX153Ry++K7yRe6C+1oNgNwEtT3NcJ/LOESrQEv0VGMKNK
IgETWGUoPL96X7huX5SJvWWzqjMwqiuGnxhh5zINKFdYEDemzclFgCld9NqMPObJ
K9qnQY2VNl1enn6omXuX6uL9CkYxvAgEWeROLfFqaKv3pqERAegKPSMsLCVvBgOv
LVKbt+Du/sRd2NfmfSBNhubCwegPNw6PW/G/w/IFu28L5FAessIqcPL5fqx0qIpm
Eb+LWOTPb9UrlzVYJmyLZP11I4dTo7RUGcWyP4Pr+LAkYmfjjXMSvVXia3rsy7R6
uhkiq1Ar6o4WHuDqbWfyM8FRT0IQaeJ2RgMxXx82bG7TYg+3jj/auR1cu77PDcp1
kZbKS0TTmXnOVk8R3HmM4Nu7JzEgagyvGNZm43yPMk1Z6GyrW7vyF4rV+yC3C4FF
yqL061DOgm/jA8JhRs0CxPpYgBeYKkfbk86cH/42ecCVCOqf59YkIRacQ/BZe8gL
Na/9o9mhL36IXfkr7Y4zwLPeSzwQNewDobqjqxZx24hwXJDgw61khxWmZLc4TaSD
ztYpUiwhzEApPpNPfiyKgemXW3AZas72t4sKcopsubildANMQCLeqnJnOwzA45Dj
gM4isVqLMX0m9bQ+R2xlbm4gUmFuZGVycy1QZWhyc29uIChsaWJwbmcpIDxnbGVu
bnJwQHVzZXJzLnNvdXJjZWZvcmdlLm5ldD6JAj4EEwECACgCGwMGCwkIBwMCBhUI
AgkKCwQWAgMBAh4BAheABQJRrzusBQkJbUKdAAoJEPVJhL+hbGQP65AP/0v4qqp9
yrwJI1xc56iaB12sUVTUa1LKdFer6rN56Z757dRPrksbR4pQrpU9pjEETg7gn3TL
kMusGeNWWPr86X4kVuAUhw9/SCZiT/MsRvYHNKyNzZBNpw5pPjn/AeQhuHoMER25
M0e1/hExiwBrpNhyRyywO1NYDbuHFlPA9vlcb7vYF4EYimKyjPg0r1Qbq2rrwPGz
KI6k+Zlhp3NfdAJKdXA50TL48nqCYu1uH18eYP9V4qRaXPto4rzNzlMPn0IILFl4
zmrC+vrBqtDfcg1fYupDBupKdb54D9xExfx5w+eX7/VhzBesnBEkhOZJRpABW8NE
P9/9ryraPiKyHyfpy1D/LzJXGcNDOwziv0R7LdmLECB714v9tSjie6EdZJYc9E1s
VUG7iJ4te+B0iKohqQIpvuDwjmsJsViu/tHYYndoJd5DYt4QxewN17Vl/P48bV6E
cTZWTnK2hI6/n0u0vfnQ6Zy2Hmkl9PRaDK/EQPaEJ68uk9bx8jiZ2quIDZkdMHZ0
5hkQk2E4VdCOBPsmeH/kSXhUrhJLcP8wHInBV7Twtv3PR6MVv71Zvccydrqrz0W5
JtbSA1pMKeDLh8zTL8ZwbvGPwB7qbeaD82babXQErAVkX6N5TX9pbPQU8EHnD/C4
o8YYtMJ/TSSJQBFo0O3RNTroosHiWtzGQtH7iQI+BBMBAgAoBQJRp/qIAhsDBQkJ
ZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRD1SYS/oWxkD0eUEAC2nqdB
wpzGdUl4HlbdUTSgMSbCO+96rgVQCp5WvQniPaUB4DkHL2V4VDQW4oeDvTWxKC8t
rG4MSgC6Oyjg4qQe9+p9UqxhWWxqajJxMUlBMS/Xn+cHO+FbDfSCOMmHkbmuMOkJ
Z/4g8u4PgKOjnV+Hnmvo49CWkw549NmK4G3GOsoOVVNjz4IjJC1HJkLje662n1SV
q2CqggjflqN90hE0x4n55ihQWsqC0dMYeYLzJXqWkDMavx6oJTVgSGHPSdKx3LPG
UiuDytU1A93K8Ki97NuVOdvC+U3iEnUf1uMBasbDxaGSlIBrMDS3saVqMNDXpfXl
XPyc5dxMz23vayjlWyQI6OO7Im4wpfdHsSQP5uvkkkyLWOz+ZZsASFstF52jfJLm
53Q3agQS8lL1OCvy3rsgVl5OjEpfBwj9L4XF+Meu6EPv5Yk7WUV6+Uabt+KxvIuQ
KqnZ0hlZ4R7ALOloe9yebmWpjW2WtBJS6RJHtJdsym2oVhUjk5NX/on0hAAJDAls
udkFEw+pqtjdiWeyhNvWpTaVLxwwEv0+lHOEVwzC4eU2XOYPS1mzMYaNRjDU1Nf3
vYV54tnomtr3WvmI9QHlXYU3xpg6F70PdfKoju9JUKoDYi3fwldwLacPEG83XGbf
2r/g6viS5y2k4sOkx23O7L23OFcmoKhx9hibxLRAR2xlbm4gUmFuZGVycy1QZWhy
c29uIChwbmdjcnVzaCkgPGdsZW5ucnBAdXNlcnMuc291cmNlZm9yZ2UubmV0PokC
PgQTAQIAKAUCUa8+fAIbAwUJCW1CnQYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA
CgkQ9UmEv6FsZA/1lRAAmPj6tlVpbr9Nm7tENuWw18r/EkWqf485MMktMvC+ZNOh
SUGTKVX/Snq2AsEvTHhuLv3YvLFRZ4to9veLA1vjXvBVYvdirfIznxfYjdmzLOZ7
8CWRiRk8aC1j7K1czBUNhRgrTl4YN3GZNxnrmtSDm9A/uHE+RewcbXZsRv8PS9Bn
LCkb2bGbHAJvfjkjDFKstjN0qCMFxFKiQm2QjY1Q8pkD0DtsJgtqirCxkyZvzmqZ
mSIeGURL5l7WJnLiMOckk4V0z3/6BsO4WXJYWe0G1vnPZFJjBvauhKVZMZ75FaKe
+O80dXIiQBblbxV6O/P+2D/V4HnSiENDowltFx2CGhvrf8QY9vvZIApa/qu9FTuF
zMkpKTvODWTMXKKN8V4CAX8YvGJ4P7TU3iicRDG7ElE0v5ewH2DbcJyf9MTtCk+R
zHpxElbkz5WWKEmHQZaVm95W9EWjOM19mvWNCZdgW7u8nGjnfJ+IwZCCYa+VycSg
9sucH7YC9yEKWW2YpdrqbqnjBSEGnjq0MtyXUU5cQIHBgit61sPSBc2nbEsyP4a1
2o/wF341HzwRQOyU4BSLRgLsnMSwfneOveoC6bFqKebZuMcMuYgzV81vDdGW2JEv
qXsTuAWmiUyJbdVp0ofvAc1ZVCQjbPI5jgWAGSFA/IEES/VrXWwB1Beimk1EW5a5
Ag0EUaf6iAEQAKx8uIVati92dJrTR1dQLDjcpvnjXdU59gbHZ7u2vC6o4lvNcjBn
9sbS+20PE/bMcfJnYWirJSMSxYGvgfiDRz+LjAMNPtbde/5saqRRFmNOa9i1Kl5M
HxC4LzM8TZOHqpay02GvhB3Uz+o4o4vm148N9dJRNhBiGO0Tmf0RL145FUr2OTDb
Q/RVMIxx1xCqbQCabGKlL6g1ByM65S2s+3wYCqOJfdIAQJ01ohzEiLDToX06wqgI
/zUG9J96Hxwy8GYOG3d5EXKlpZI9y8MdYIKgiTc7wjbrUvsW4H9KQBxm4CMfn24r
/mdnpcDYRKPd7YZBhW7LpDrYXbAqH5OoQZwNXAvLq+iLzZNfgVlQNPup67JD0efO
A9uCwVlSg145EVWBzwbhtd8K5NaEYqbbrK1IYlfsVVk9N1cs6zw/yh/P5TmHvkpH
u2zyYhNaH8CKAmj+cR04eDqqn/ECQ14dA7qoUyADLm199ytpxzjOx1uAz153JnAg
jnZz0cfGpg8oKptQ1j+PQcoy6PEYAE3zUz5PRPWEQr+8S4QSi/HUQQ87d0ysgLzU
uMLHuV+0lOiZ/Jk8N7SOyNnpgkJaE+0NOPuPqH2YUAB3VuoJTxmLq5z49N8+rx0A
P3F8W49dJ7RuA8w5QAGT9UpG3jRvBNkOqCpXyZKfUvSC7H/66HGy7x6rABEBAAGJ
AiUEGAECAA8FAlGn+ogCGwwFCQlmAYAACgkQ9UmEv6FsZA8sehAAw1AAbcjRO6Zs
ivgr3oBMxUcQRwCqhK4JrCXnA2j2LdPmNxVwabjuk/T95gEx/JaPrEN3aNyV6Psb
ajBJ9OChvBjBZ3dib7HmUmKn/q3UDt/ZtOR2Y11rfFcd1WOD6xOzu+GH0Bq9/eN0
YYZswppy0+s7uKKd2vPxKoCuCt0b0Aze/LpLn7+Az01xsLfHJ8tmwVklkNdT6g9u
Xoxj27ibjOP7XsB/xugCcItxvIPu0kYLohqpSxcOrtAFuGyUm/pqYGFPKvs+4x8+
oTomn68w2nyI4m3slHdbUfeRNq6uSxzw7a8VqwV4NeGBQLOwq0RCVgvyDKF3vVLR
NkNXkNxRQ8WCOw31qFsAAuBtO2QPxj8KuUzOkMF5nTtyJravAOaSGkjMtBGlUbxS
TSpIeiy8o1SOmj3Fd5fG8k8MlZ+LCzRoAjDREGgk9NZSCpA/kQB3lkv0RSYqgMB8
nkcBOaCbXRBQ66iPg9KhkMwadUxLAK/i6jFir1HGzgjeSufk/8BJPzHWb5IQna4G
VgGy5MP5iCup2WVyeEREw8p9IGZU+UAOdziD8OicCrMdkw24TqEKOCCREByiRgIf
scWcJdpHlqFYCQhjKPXM79PWYCP600VFW/m1/gblHu3pB3n40NjMOC7Fi1gl96+q
jbyUPEKA6rvduCBJHehOpTSTScWnA3U=
=Rum9
-----END PGP PUBLIC KEY BLOCK-----

153
libpng16.spec Normal file
View file

@ -0,0 +1,153 @@
#
# spec file for package libpng16
#
# Copyright (c) 2022-2023 ZhuningOS
#
%define debug_build 0
%define asan_build 0
%define major 1
%define minor 6
%define micro 34
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
%define debug_package_requires %{libname} = %{version}-%{release}
Name: libpng16
Version: %{major}.%{minor}.%{micro}
Release: 3.9.1
Summary: Library for the Portable Network Graphics Format (PNG)
License: Zlib
Group: Development/Libraries/C and C++
Url: http://www.libpng.org/pub/png/libpng.html
Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz
Source1: ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz.asc
Source2: libpng16.keyring
Source3: rpm-macros.libpng-tools
Source4: baselibs.conf
Patch0: libpng16-CVE-2018-13785.patch
# CVE-2019-7317 [bsc#1124211]
Patch1: libpng16-CVE-2019-7317.patch
BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: zlib-devel
%package -n %{libname}
Summary: Library for the Portable Network Graphics Format (PNG)
Group: System/Libraries
%package devel
Summary: Development tools for applications which will use libpng
Group: Development/Libraries/C and C++
Requires: %{libname} = %{version}
Requires: glibc-devel
Requires: pkgconfig
Requires: zlib-devel
Recommends: libpng%{branch}-compat-devel
#
%package compat-devel
Summary: Development tools for applications which will use libpng
Group: Development/Libraries/C and C++
Requires: libpng%{branch}-devel = %{version}
Conflicts: libpng-devel
Provides: libpng-devel = %{version}
Obsoletes: libpng-devel < 1.2.44
%package tools
Summary: Tools for Manipulating PNG Images
Group: Productivity/Graphics/Other
Conflicts: libpng-tools
Provides: libpng-tools = %{version}
%description
libpng is the official reference library for the Portable Network
Graphics format (PNG).
%description -n %{libname}
libpng is the official reference library for the Portable Network
Graphics format (PNG).
%description devel
The libpng%{branch}-devel package includes the header files, libraries,
configuration files and development tools necessary for compiling and
linking programs which will manipulate PNG files using libpng%{branch}.
libpng is the official reference library for the Portable Network
Graphics (PNG) format.
%description compat-devel
The libpng%{branch}-compat-devel package contains unversioned symlinks
to the header files, libraries, configuration files and development
tools necessary for compiling and linking programs that don't care
about libpng version.
%description tools
Package consists of low level tools for manipulating and fixing particular
PNG files.
%prep
%setup -q -n libpng-%{version}
%patch0 -p1
%patch1 -p1
%build
# PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1
export CFLAGS="%{optflags} -O3 -DPNG_SAFE_LIMITS_SUPPORTED -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)"
export LDFLAGS="-Wl,-z,relro,-z,now"
%if %{debug_build}
export CFLAGS="$CFLAGS -O0"
%endif
%configure \
--disable-static
%if %{asan_build}
sed -i -e 's/^\(CFLAGS.*\)$/\1 -fsanitize=address/' \
-e 's/\(^LIBS =.*\)/\1 -lasan/' Makefile
%endif
make %{?_smp_mflags}
%check
make -j1 check
%install
%make_install
rm %{buildroot}/%{_libdir}/libpng*.la
mkdir -p %{buildroot}%{_sysconfdir}/rpm
cp -a %{SOURCE3} \
%{buildroot}%{_sysconfdir}/rpm/macros.libpng-tools
%if %{debug_build} ||%{asan_build}
install -m755 .libs/pngcp %{buildroot}/%{_bindir}
%endif
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
%files -n %{libname}
%{_libdir}/libpng%{branch}.so.*
%files devel
%{_bindir}/libpng%{branch}-config
%{_includedir}/libpng%{branch}
%{_libdir}/libpng%{branch}.so
%{_libdir}/pkgconfig/libpng%{branch}.pc
%doc CHANGES README TODO ANNOUNCE LICENSE libpng-*.txt
%files compat-devel
%{_bindir}/libpng-config
%{_includedir}/*.h
%{_libdir}/libpng.so
%{_libdir}/pkgconfig/libpng.pc
%{_mandir}/man3/libpng.3%{ext_man}
%{_mandir}/man3/libpngpf.3%{ext_man}
%{_mandir}/man5/png.5%{ext_man}
%files tools
%{_bindir}/png-fix-itxt
%{_bindir}/pngfix
%{_sysconfdir}/rpm/macros.libpng-tools
%if %{debug_build} || %{asan_build}
%{_bindir}/pngcp
%endif
%changelog

35
rpm-macros.libpng-tools Normal file
View file

@ -0,0 +1,35 @@
# macro: %png_fix path/to/name-of.png
# for given png, fixes 'IDAT: invalid distance too far back', etc.,
# see pngfix --help
#
# -q do not output if macro fixed something or find unrecoverable error
#
# this macro fails only if there is an unrecoverable error in the png
# -- pngfix returns nonzero and $png.fixed doesn't exist; run pngfix
# on that file, see return code and compare with pngfix --help output
%png_fix(q) \
if test "x%1" == "x%%1"; then \
echo "Missing argument in call to %%png_fix: path and name of png file." \
exit 1 \
fi \
/usr/bin/pngfix %{-q: -qq} --suffix='.fixed' "%1" || true \
mv "%1.fixed" "%1" \
%nil
#
# macro: %png_fix_dir
# for given directory, search *.png (recursively) and potentionaly
# fix 'IDAT: invalid distance too far back', etc., see pngfix --help
#
# -q do not output if pngfix fixed something or find unrecoverable error
#
%png_fix_dir(q) \
if test "x%1" == "x%%1"; then \
echo "Missing argument in call to %%png_fix_dir: dir where to search png files." \
exit 1 \
fi \
for png in `find "%1" -iname '*.png'`; do \
# -q will be propagated \
%png_fix $png \
done \
%nil