commit a2aed971398b32851bbe50570b67e5ed8666f846 Author: zyppe <210hcl@gmail.com> Date: Wed Feb 28 22:06:24 2024 +0800 Initialize for libpng16 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e785b50 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +libpng-1.6.34.tar.xz diff --git a/.libpng16.metadata b/.libpng16.metadata new file mode 100644 index 0000000..080a987 --- /dev/null +++ b/.libpng16.metadata @@ -0,0 +1 @@ +5e321bbb758764eebacb221f0cd3f239063d8b05b1287225f72531c7a4942671 libpng-1.6.34.tar.xz diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..f77968e --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,12 @@ +libpng16-16 + obsoletes "libpng- < " + provides "libpng- = " +libpng16-devel + requires -libpng16- + requires "libpng16-16- = " +libpng16-compat-devel + requires -libpng16-compat- + requires "libpng16-devel- = " + conflicts "libpng-devel-" + provides "libpng-devel-" + diff --git a/libpng-1.6.34.tar.xz.asc b/libpng-1.6.34.tar.xz.asc new file mode 100644 index 0000000..cd00802 --- /dev/null +++ b/libpng-1.6.34.tar.xz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQIcBAABAgAGBQJZzghsAAoJEPVJhL+hbGQPxfAP/iNKJV+UC3f6zNE62jPCjNVg +Gx3pOhWHMw2+mkN8NxlI7L5qPRj/zJ2G0iso2CVXBRzcb21aNMZ+Jx4/mQ1p2qPT +olupBl3mug/zucdUVSxsN0g2i7/atvxHX3fjkCjoNsNpkcBWPGZFhE5yZZTYU5Oz +qNrfluwkV+jC2XWqMw/B40Mahw4LwmbvzXeduaBxxNXDM7nund0vsEdoGYeI/NZx +G106dg+hmalJq1084M+SHyOiDa4xh1CAdpeJnwaL1IMjsbzyALZezUxx2PqrwwVg +WgLuSfPRZjNBFLZJxCBM1Y49QiON90NQzdZqeCA+0nNDQZtQAKPEI/zGadWZHBKd +4H5d19VvmYo2dPsvBoK5t8QSXeSEreTGsryQcKRbNvbzxMSBNdHN/C6zg13Kuteg +1xyx9jTtS59Ir+oOkE9EhXSAhEp4baPzFqjIwK2NON6/+gv9BYywVwc6cTfCz2rR +NgXaxe5/8qCZCb1DM6ZmgbhlLtXUrOLED49zX5ndcHpGBAQx5HVj7GRNn6VcSw1U +Ljk+S9r2A7g/mEzNqzeHcqpMSCjSt59RpQXvDfTI7vF1lxRqmNGMG1W9Sjk0DKe7 +nPI7a/wAf6S8gU+VhPOHhj3I/B4e4IrBuwWj4NGaUO0RBbDwWYPXLrrDoMC7FBW7 +Z+dSb9Tb6/Ihc3NXkJFI +=qQuX +-----END PGP SIGNATURE----- diff --git a/libpng16-CVE-2018-13785.patch b/libpng16-CVE-2018-13785.patch new file mode 100644 index 0000000..df6d292 --- /dev/null +++ b/libpng16-CVE-2018-13785.patch @@ -0,0 +1,13 @@ +Index: libpng-1.6.34/pngrutil.c +=================================================================== +--- libpng-1.6.34.orig/pngrutil.c 2017-09-29 10:40:57.000000000 +0200 ++++ libpng-1.6.34/pngrutil.c 2018-08-01 09:59:02.399741891 +0200 +@@ -3149,7 +3149,7 @@ png_check_chunk_length(png_const_structr + { + png_alloc_size_t idat_limit = PNG_UINT_31_MAX; + size_t row_factor = +- (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1) ++ ((size_t)png_ptr->width * (size_t)png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1) + + 1 + (png_ptr->interlaced? 6: 0)); + if (png_ptr->height > PNG_UINT_32_MAX/row_factor) + idat_limit=PNG_UINT_31_MAX; diff --git a/libpng16-CVE-2019-7317.patch b/libpng16-CVE-2019-7317.patch new file mode 100644 index 0000000..ecea15d --- /dev/null +++ b/libpng16-CVE-2019-7317.patch @@ -0,0 +1,15 @@ +diff --git a/png.c b/png.c +index 9d9926f63..efd1aecfb 100644 +--- a/png.c ++++ b/png.c +@@ -4588,8 +4588,7 @@ png_image_free(png_imagep image) + if (image != NULL && image->opaque != NULL && + image->opaque->error_buf == NULL) + { +- /* Ignore errors here: */ +- (void)png_safe_execute(image, png_image_free_function, image); ++ png_image_free_function(image); + image->opaque = NULL; + } + } + diff --git a/libpng16.changes b/libpng16.changes new file mode 100644 index 0000000..f6b1f2f --- /dev/null +++ b/libpng16.changes @@ -0,0 +1,929 @@ +* Wed Apr 17 2019 pgajdos@suse.com +- security update +- added patches + CVE-2019-7317 [bsc#1124211] + + libpng16-CVE-2019-7317.patch +* Mon Jan 14 2019 pgajdos@suse.com +- asan_build: build ASAN included +- debug_build: build more suitable for debugging, install pngcp +- usecase example: [bsc#1121624] +* Wed Aug 1 2018 pgajdos@suse.com +- security update: + * CVE-2018-13785 [bsc#1100687] + + libpng16-CVE-2018-13785.patch +* Wed Jan 31 2018 pgajdos@suse.com +- check with -j1 +* Tue Jan 30 2018 jengelh@inai.de +- Fix SRPM group and grammar issues. +* Tue Jan 30 2018 pgajdos@suse.com +- removed obsoleted Obsoletes +* Sun Jan 28 2018 avindra@opensuse.org +- update to 1.6.34: + * Removed contrib/pngsuite/i*.png; some of these were incorrect + and caused test failures. +- includes 1.6.33: + * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added + missing parenthesis in contrib/pngminus/pnm2png.c + * Fixed off-by-one error in png_do_check_palette_indexes() + * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc + to fix shortlived oss-fuzz issue 3234. + * Compute a larger limit on IDAT because some applications write + a deflate buffer for each row + * Use current date (DATE) instead of release-date (RDATE) in last + changed date of contrib/oss-fuzz files. + * Enabled ARM support in CMakeLists.txt + * Fixed incorrect typecast of some arguments to png_malloc() and + png_calloc() that were png_uint_32 instead of png_alloc_size_t + * Use pnglibconf.h.prebuilt when building for ANDROID with cmake + * Initialize memory allocated by png_inflate to zero, using + memset, to stop an oss-fuzz "use of uninitialized value" + detection in png_set_text_2() due to truncated iTXt or zTXt + chunk. + * Initialize memory allocated by png_read_buffer to zero, using + memset, to stop an oss-fuzz "use of uninitialized value" + detection in png_icc_check_tag_table() due to truncated iCCP + chunk. + * Removed redundant tests + * Added an interlaced version of each file in contrib/pngsuite. + * Relocate new memset() call in pngrutil.c + * Add support for loading images with associated alpha in the + Simplified API + * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 + state + * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc + * Add end_info structure and png_read_end() to the libpng fuzzer +- includes 1.6.32: + * Avoid possible NULL dereference in png_handle_eXIf when + benign_errors are allowed. Avoid leaking the input buffer + "eXIf_buf". + * Eliminated png_ptr->num_exif member from pngstruct.h and added + num_exif to arguments for png_get_eXIf() and png_set_eXIf(). + * Added calls to png_handle_eXIf(() in pngread.c and + png_write_eXIf() in pngwrite.c, and made various other fixes + to png_write_eXIf(). + * Changed name of png_get_eXIF and png_set_eXIf() to + png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid + breaking API compatibility with libpng-1.6.31. + * Updated contrib/libtests/pngunknown.c with eXIf chunk. + * Initialized btoa[] in pngstest.c + * Stop memory leak when returning from png_handle_eXIf() with an + error + * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). + * Update libpng.3 and libpng-manual.txt about eXIf functions. + * Restored png_get_eXIf() and png_set_eXIf() to maintain API + compatability. + * Removed png_get_eXIf_1() and png_set_eXIf_1(). + * Check length of all chunks except IDAT against user limit to + fix an OSS-fuzz issue (Fixes CVE-2017-12652) + * Check length of IDAT against maximum possible IDAT size, + accounting for height, rowbytes, interlacing and zlib/deflate + overhead. + * Restored png_get_eXIf_1() and png_set_eXIf_1(), because + strlen(eXIf_buf) does not work (the eXIf chunk data can + contain zeroes). + * Revised symlink creation, no longer using deprecated cmake + LOCATION feature + * Fixed five-byte error in the calculation of IDAT maximum + possible size. + * Moved chunk-length check into a png_check_chunk_length() + private function + * Moved bad pngs from tests to contrib/libtests/crashers + * Moved testing of bad pngs into a separate + tests/pngtest-badpngs script + * Added the --xfail (expected FAIL) option to pngtest.c. It + writes XFAIL in the output but PASS for the libpng test. + * Require cmake-3.0.2 in CMakeLists.txt + * Fix "const" declaration info_ptr argument to png_get_eXIf_1() + and the num_exif argument to png_get_eXIf_1() + * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). + * Added huge_IDAT.png and empty_ancillary_chunks.png to + testpngs/crashers. + * Make pngtest --strict, --relax, --xfail options imply -m + (multiple). + * Removed unused chunk_name parameter from png_check_chunk_length(). + * Relocated setting free_me for eXIf data, to stop an OSS-fuzz' + leak. + * Initialize profile_header[] in png_handle_iCCP() to fix + OSS-fuzz issue. + * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix + OSS-fuzz UMR. + * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. + * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), + to account for the minimum 'deflate' stream, and relocate the + test to a point after the keyword has been read. + * Check that the eXIf chunk has at least 2 bytes and begins with + "II" or "MM". + * Added a set of "huge_xxxx_chunk.png" files to + contrib/testpngs/crashers, one for each known chunk type, with + length = 2GB-1. + * Check for 0 return from png_get_rowbytes() and added some + (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity + issues (162705, 162706, and 162707). + * Renamed chunks in contrib/testpngs/crashers to avoid having + files whose names differ only in case; this causes problems with + some platforms + * Added contrib/oss-fuzz directory which contains files used by + the oss-fuzz project +- cleanup with spec-cleaner +* Mon Aug 7 2017 pgajdos@suse.com +- update to 1.6.31: + * Guard the definition of _POSIX_SOURCE in pngpriv.h. + * Revised pngpriv.h to work around failure to compile + arm/filter_neon.S. + * Added "Requires: zlib" to libpng.pc.in. + * Added special case for FreeBSD in arm/filter_neon.S. + * Changed "int" to "png_size_t" in intel/filter_sse2.c to prevent + possible integer overflow. + * Added eXIf chunk support. +- remove upstreamed + 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch +* Wed Jul 19 2017 stefan.bruens@rwth-aachen.de +- Drop png-version-info-only.patch, it has no effect after applying + 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch + Both patches achieve the same, prefer the upstream version +* Fri Jul 14 2017 stefan.bruens@rwth-aachen.de +- Add 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch + Fix build on ARM +* Mon Jul 10 2017 schwab@suse.de +- png-version-info-only.patch: fix missing PNG_VERSION_INFO_ONLY check +* Fri Jun 30 2017 pgajdos@suse.com +- update to 1.6.30: + Revised documentation of png_get_error_ptr() in the libpng manual. + Document need to check for integer overflow when allocating a pixel + buffer for multiple rows in contrib/gregbook, contrib/pngminus, + example.c, and in the manual (suggested by Jaeseung Choi). This + is similar to the bug reported against pngquant in CVE-2016-5735. + Check for integer overflow in contrib/visupng and contrib/tools/genpng. + Do not double evaluate CMAKE_SYSTEM_PROCESSOR in CMakeLists.txt. + Avoid writing an empty IDAT when the last IDAT exactly fills the + compression buffer (bug report by Brian Baird). This bug was + introduced in libpng-1.6.0. + Add a reference to the libpng.download site in README. +* Thu Mar 16 2017 pgajdos@suse.com +- update to 1.6.29: + Moved SSE2 optimization code into the main libpng source directory. + Configure libpng with "configure --enable-intel-sse" or compile + libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it. + Added code for PowerPC VSX optimisation (Vadim Barkov). + Avoid potential overflow of shift operations in png_do_expand() (Aaron Boxer). +* Fri Jan 6 2017 pgajdos@suse.com +- update to 1.6.28: fix build issues +* Mon Jan 2 2017 pgajdos@suse.com +- update to 1.6.27: fixes CVE-2016-10087 +* Thu Oct 20 2016 pgajdos@suse.com +- update to 1.6.26: + Fixed handling zero length IDAT in pngfix (bug report by Agostino Sarubbo, + bugfix by John Bowler). + Do not issue a png_error() on read in png_set_pCAL() because + png_handle_pCAL has allocated memory that libpng needs to free. + Issue a png_benign_error instead of a png_error on ADLER32 mismatch + while decoding compressed data chunks. + Changed PNG_ZLIB_VERNUM to ZLIB_VERNUM in pngpriv.h, pngstruct.h, and + pngrutil.c. + If CRC handling of critical chunks has been set to PNG_CRC_QUIET_USE, + ignore the ADLER32 checksum in the IDAT chunk as well as the chunk CRCs. + Issue png_benign_error() on ADLER32 checksum mismatch instead of + png_error(). + Updated the documentation about CRC and ADLER32 handling. + Fixed offsets in contrib/intel/intel_sse.patch + Changed integer constant 4294967294 to unsigned 4294967294U in pngconf.h + to avoid a signed/unsigned compare in the preprocessor. + Use zlib-1.2.8.1 inflateValidate() instead of inflateReset2() to + optionally avoid ADLER32 evaluation. +* Thu Sep 1 2016 pgajdos@suse.com +- update to 1.6.25: + Reject oversized iCCP profile immediately. + Conditionally compile png_inflate(). + Don't install pngcp; it conflicts with pngcp in the pngtools package. + Added MIPS support (Mandar Sahastrabuddhe < +* Thu Aug 4 2016 pgajdos@suse.com +- update to 1.6.24: + Avoid potential overflow of the PNG_IMAGE_SIZE macro. + Correct filter heuristic overflow handling. + Use a more efficient absolute value calculation on SSE2. + Added pngcp. + etc. see ANNOUNCE +* Wed Aug 3 2016 rpm@fthiessen.de +- Update to new upstream release 1.6.23 + * Fixes a potential memleak in png_set_tRNS. + * Fixed the progressive reader to handle empty first IDAT + chunk properly. + * Added tests in pngvalid.c to check zero-length IDAT chunks + in various positions. + * Fixed the sequential reader to handle these more robustly. + * Corrected progressive read input buffer in pngvalid.c. + * Moved sse2 prototype from pngpriv.h to + contrib/intel/intel_sse.patch. + * Fixed undefined behavior in png_push_save_buffer(). + Do not call memcpy() with a null source, even if count is zero. + * Fixed bad link to RFC2083 in png.5. +* Thu May 26 2016 pgajdos@suse.com +- update to 1.6.22: + Added a png_image_write_to_memory() API and a number of assist macros + to allow an application that uses the simplified API write to bypass + stdio and write directly to memory. + Relaxed limit checks on gamma values in pngrtran.c. As suggested in + the comments gamma values outside the range currently permitted + by png_set_alpha_mode are useful for HDR data encoding. These values + are already permitted by png_set_gamma so it is reasonable caution to + extend the png_set_alpha_mode range as HDR imaging systems are starting + to emerge. + Restored "& 0xff" in png_save_uint_16() and png_save_uint_32() that + were accidentally removed from libpng-1.6.17. + Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0xnnnn to 0xnnnnU in png.h + (Robert C. Seacord). + Added INTEL-SSE2 support (Mike Klein and Matt Sarett, Google, Inc.). + SSE filter speed improvements for bpp=3: + memcpy-free implementations of load3() / store3(). + Added PNG_FAST_FILTERS macro (defined as + PNG_FILTER_NONE|PNG_FILTER_SUB|PNG_FILTER_UP). +* Sun Jan 17 2016 jengelh@inai.de +- Update to new upstream release 1.6.21 + * Widened the 'limit' check on the internally calculated error limits in + the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error + checks) and changed the check to only operate in non-release builds + (base build type not RC or RELEASE.) + * Fixed undefined behavior in pngvalid.c, undefined because + (png_byte) << shift is undefined if it changes the signed bit + (because png_byte is promoted to int). The libpng exported functions + png_get_uint_32 and png_get_uint_16 handle this. +* Thu Dec 3 2015 pgajdos@suse.com +- update to 1.6.20: + Avoid potential pointer overflow/underflow in png_handle_sPLT() and + png_handle_pCAL() (Bug report by John Regehr). + Fixed incorrect implementation of png_set_PLTE() that uses png_ptr + not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126 + vulnerability. + Backported tests from libpng-1.7.0beta69. + Fixed an error in handling of bad zlib CMINFO field in pngfix, found by + American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't + immediately fault a bad CMINFO field; instead a 'too far back' error + happens later (at least some times). pngfix failed to limit CMINFO to + the allowed values but then assumed that window_bits was in range, + triggering an assert. The bug is mostly harmless; the PNG file cannot + be fixed. + In libpng 1.6 zlib initialization was changed to use the window size + in the zlib stream, not a fixed value. This causes some invalid images, + where CINFO is too large, to display 'correctly' if the rest of the + data is valid. This provides a workaround for zlib versions where the + error arises (ones that support the API change to use the window size + in the stream). +* Fri Nov 13 2015 pgajdos@suse.com +- update to 1.6.19: + Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c + Fixed uninitialized variable in contrib/gregbook/rpng2-x.c + Fixed the recently reported 1's complement security issue. + Fixed png_save_int_32 when int is not 2's complement by replacing + the value that is illegal in the PNG spec, in both signed and + unsigned values, with 0. + etc., see ANNOUNCE and CHANGES for details +- removed: libpng-rgb_to_gray-checks.patch (upstreamed) +* Fri Aug 7 2015 pgajdos@suse.com +- drop unknown configure switch +* Wed Apr 1 2015 pgajdos@suse.com +- Fixed rgb_to_gray checks and added tRNS checks to pngvalid.c. + + libpng-rgb_to_gray-checks.patch +* Mon Mar 30 2015 pgajdos@suse.com +- updated to 1.6.17: + Corrected the width limit calculation in png_check_IHDR(). + Removed user limits from pngfix. Also pass NULL pointers to + png_read_row to skip the unnecessary row de-interlace stuff. + Implement previously untested cases of libpng transforms in pngvalid.c + Fixed byte order in 2-byte filler, in png_do_read_filler(). + Made the check for out-of-range values in png_set_tRNS() detect + values that are exactly 2^bit_depth, and work on 16-bit platforms. + Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47. + Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and + pngset.c to avoid warnings about dead code. + Do not build png_product2() when it is unused. + Display user limits in the output from pngtest. + Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column + and 1-million-row default limits in pnglibconf.dfa, that can be reset + by the user at build time or run time. This provides a more robust + defense against DOS and as-yet undiscovered overflows. + Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default. + Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins). + Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block + of png.h. + Free the unknown_chunks structure even when it contains no data. + Fixed simplified 8-bit-linear to sRGB alpha. The calculated alpha + value was wrong. It's not clear if this affected the final stored + value; in the obvious code path the upper and lower 8-bits of the + alpha value were identical and the alpha was truncated to 8-bits + rather than dividing by 257 (John Bowler). +* Tue Jan 13 2015 pgajdos@suse.com +- build with PNG_SAFE_LIMITS_SUPPORTED [bnc#912076], [bnc#912929] +* Mon Dec 29 2014 pgajdos@suse.com +- updated to 1.6.16: + * Restored a test on width that was removed from png.c at libpng-1.6.9 + (Bug report by Alex Eubanks). + * Fixed an overflow in png_combine_row with very wide interlaced images. +* Thu Nov 20 2014 pgajdos@suse.com +- updated to 1.6.15: + * Avoid out-of-bounds memory access in png_user_version_check(). + * Fixed incorrect handling of the iTXt compression. + * Free all allocated memory in pngimage. + * Fixed array size calculations to avoid warnings. + etc. see ANNOUNCE +* Fri Aug 22 2014 pgajdos@suse.com +- updated to 1.6.13: a "cleanup" release that have no security + fixes or new features. +* Thu Jun 12 2014 pgajdos@suse.com +- updated to 1.6.12: + * bugfixes, almost build-related only +* Fri Jun 6 2014 pgajdos@suse.com +- updated to 1.6.11: + * fixed CVE-2014-0333 + * other bugfixes +- removed libpng16-1.6.9-CVE-2014-0333.patch (upstreamed) +* Tue Mar 4 2014 pgajdos@suse.com +- fixed CVE-2014-0333 [bnc#866298] +- added patches: + * libpng16-1.6.6-CVE-2014-0333.patch +* Fri Feb 7 2014 pgajdos@suse.com +- updated to 1.6.9: + Bookkeeping: Moved functions around (no changes). Moved transform + function definitions before the place where they are called so that + they can be masde static. Move the intrapixel functions and the + grayscale palette builder out of the png?tran.c files. The latter + isn't a transform function and is no longer used internally, and the + former MNG specific functions are better placed in pngread/pngwrite.c + Made transform implementation functions static. This makes the internal + functions called by png_do_{read|write}_transformations static. On an + x86-64 DLL build (Gentoo Linux) this reduces the size of the text + segment of the DLL by 1208 bytes, about 0.6%%. It also simplifies + maintenance by removing the declarations from pngpriv.h and allowing + easier changes to the internal interfaces. + Rebuilt configure scripts with automake-1.14.1 and autoconf-2.69 + in the tar distributions. + Added checks for libpng 1.5 to pngvalid.c. This supports the use of + this version of pngvalid in libpng 1.5 + Merged with pngvalid.c from libpng-1.7 changes to create a single + pngvalid.c + Merged pngrio.c, pngtrans.c, pngwio.c, and pngerror.c with libpng-1.7.0 + Merged libpng-1.7.0 changes to make no-interlace configurations work + with test programs. + Revised pngvalid.c to support libpng 1.5, which does not support the + PNG_MAXIMUM_INFLATE_WINDOW option, so #define it out when appropriate + in pngvalid.c + Allow unversioned links created on install to be disabled in configure. + In configure builds 'make install' changes/adds links like png.h + and libpng.a to point to the newly installed, versioned, files (e.g. + libpng17/png.h and libpng17.a). Three new configure options and some + rearrangement of Makefile.am allow creation of these links to be + disabled. + Removed potentially misleading warning from png_check_IHDR(). + Updated scripts/makefile.* to use CPPFLAGS (Cosmin). + Added clang attribute support (Cosmin). +* Fri Dec 20 2013 pgajdos@suse.com +- updated to 1.6.8: + Changed #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED in pngpread.c to + [#]ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED to be consistent with + what is in pngpriv.h. + Moved prototype for png_handle_unknown() in pngpriv.h outside of + the #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED/#endif block. + Enabled WRITE_INVERT and WRITE_PACK in contrib/pngminim/encoder. + Fixed pngvalid 'fail' function declaration on the Intel C Compiler. + This reverts to the previous 'static' implementation and works round + the 'unused static function' warning by using PNG_UNUSED(). + Handle zero-length PLTE chunk or NULL palette with png_error() + instead of png_chunk_report(), which by default issues a warning + rather than an error, leading to later reading from a NULL pointer + (png_ptr->palette) in png_do_expand_palette(). This is CVE-2013-6954 + and VU#650142. +* Mon Dec 2 2013 pgajdos@suse.com +- png_fix macro doesn't leave *.png.fixed (which happened for correct + PNGs) [bnc#852862] +* Fri Nov 15 2013 pgajdos@suse.com +- updated to 1.6.7: + * Revised unknown chunk code to correct several bugs in the + NO_SAVE_/NO_WRITE combination + * Check user callback behavior in pngunknown.c. Previous versions + compiled if SAVE_UNKNOWN was not available but did nothing since the + callback was never implemented. + * Merged pngunknown.c with 1.7 version and back ported 1.7 + improvements/fixes + * Revised pngvalid to generate size images with as many filters as + it can manage, limited by the number of rows. + * ARM improvements/fixes +* Wed Sep 25 2013 pgajdos@suse.com +- updated to 1.6.6: + * fix arm build +* Thu Sep 12 2013 pgajdos@suse.com +- updated to 1.6.4: + * Added information about png_set_options() to the manual. + * Delay calling png_init_filter_functions() until a row with nonzero + filter is found. + * Fixed inconsistent conditional compilation of + png_chunk_unknown_handling() prototype, definition, and usage. + Made it depend on PNG_HANDLE_AS_UNKNOWN_SUPPORTED everywhere. +* Fri Aug 30 2013 coolo@suse.com +- remove gpg-offline usage, libpng16 is too low in the build chain +* Thu Aug 8 2013 pgajdos@suse.com +- png-fix-too-far-back was actually renamed to pngfix. Adjusted rpm + macro names accordingly, %%png_fix and %%png_fix_dir. +* Tue Aug 6 2013 pgajdos@suse.com +- updated to 1.6.3: + * Added png-fix-itxt and png-fix-too-far-back to the built programs and + removed warnings from the source code and timepng that are revealed as + a result. + => new subpackage tools, created rpm macros +* Fri Jun 21 2013 crrodriguez@opensuse.org +- Build with LFS_CFLAGS in 32 bit archs otherwise calls such + as png_image_begin_read_from_file() or png_image_write_to_file() + will fail to read/write huge images. +- Build with Full RELRO as this library is a possible consumer + of malicuous images/files. +* Fri Apr 26 2013 pgajdos@suse.com +- updated to 1.6.2: + Updated documentation of 1.5.x to 1.6.x changes in iCCP chunk handling. + Fixed incorrect warning of excess deflate data. End condition - the + warning would be produced if the end of the deflate stream wasn't read + in the last row. The warning is harmless. + Corrected the test on user transform changes on read. It was in the + png_set of the transform function, but that doesn't matter unless the + transform function changes the rowbuf size, and that is only valid if + transform_info is called. + Corrected a misplaced closing bracket in contrib/libtests/pngvalid.c + (Flavio Medeiros). + Corrected length written to uncompressed iTXt chunks (Samuli Suominen). + Added contrib/tools/fixitxt.c, to repair the erroneous iTXt chunk length + written by libpng-1.6.0 and 1.6.1. + Disallow storing sRGB information when the sRGB is not supported. + Merge pngtest.c with libpng-1.7.0 +* Tue Apr 2 2013 pgajdos@suse.com +- conflict with libpng12-compat-devel-32bit and libpng15-compat-devel-32bit +* Thu Mar 28 2013 pgajdos@suse.com +- updated to 1.6.1: + Made sRGB check numbers consistent. + Use parentheses more consistently in "#if defined(MACRO)" tests. + Reenabled code to allow zero length PLTE chunks for MNG. + Fixed ALIGNED_MEMORY support. + Avoid a possible memory leak in contrib/gregbook/readpng.c + Better documentation of unknown handling API interactions. + Corrected simplified API default gamma for color-mapped output, added + a flag to change default. In 1.6.0 when the simplified API was used + to produce color-mapped output from an input image with no gamma + information the gamma assumed for the input could be different from + that assumed for non-color-mapped output. In particular 16-bit depth + input files were assumed to be sRGB encoded, whereas in the 'direct' + case they were assumed to have linear data. This was an error. The + fix makes the simplified API treat all input files the same way and + adds a new flag to the png_image::flags member to allow the + application/user to specify that 16-bit files contain sRGB data + rather than the default linear. + etc., see ANNOUNCE or CHANGES for details +- dropped upstreamed + 0387-Reenable-code-to-allow-zero-length-PLTE-chunks-for-M.patch +* Mon Mar 18 2013 pgajdos@suse.com +- allow zero length PLTE chunks + (fixes GraphicsMagick testsuite) +* Mon Mar 4 2013 pgajdos@suse.com +- remove clean section +* Thu Feb 14 2013 pgajdos@suse.com +- updated to 1.6.0 +- changes from 1.5.x to 1.6.x: + * new simplified api added: + macros: + PNG_FORMAT_* + PNG_IMAGE_* + structures: + png_control + png_image + read functions + png_image_begin_read_from_file() + png_image_begin_read_from_stdio() + png_image_begin_read_from_memory() + png_image_finish_read() + png_image_free() + write functions + png_image_write_to_file() + png_image_write_to_stdio() + * possibility to configure libpng to prefix all exported symbols + (PNG_PREFIX macro) + * no longer include string.h in png.h + * deprecated api: + png_info_init_3() + png_convert_to_rfc1123() which has been replaced + with png_convert_to_rfc1123_buffer() + png_data_freer() + png_malloc_default() + png_free_default() + png_reset_zstream() + * removed api: + png_get_io_chunk_name() + * signatures of many exported functions were changed, such that + png_structp became png_structrp or png_const_structrp + png_infop became png_inforp or png_const_inforp + where "rp" indicates a "restricted pointer". +- for more details see section XII of libpng-manual.txt or ANNOUNCE +* Mon Jan 14 2013 pgajdos@suse.com +- updated to 1.6.0beta37 +* Tue Nov 20 2012 pgajdos@suse.com +- updated to 1.6.0beta31 +* Wed Oct 24 2012 jengelh@inai.de +- Add missing baselib requires for compat-devel-32bit +* Mon Oct 15 2012 pgajdos@suse.com +- updated to 1.6.0beta29 +* Wed Jul 11 2012 pgajdos@suse.com +- updated to 1.6.0beta26 +* Fri Jun 15 2012 pgajdos@suse.com +- updated to 1.6.0beta24 +* Thu Mar 29 2012 pgajdos@suse.com +- updated to 1.6.0beta20 +* Wed Mar 14 2012 pgajdos@suse.com +- updated to 1.6.0beta17 +* Mon Feb 20 2012 pgajdos@suse.com +- updated to 1.6.0beta12 +* Mon Jan 9 2012 pgajdos@suse.com +- updated to 1.6.0beta04 +* Mon Dec 19 2011 pgajdos@suse.com +- updated to 1.5.7: + Added support for ARM processor (Mans Rullgard) + Fixed bug in pngvalid on early allocation failure; fixed type cast in + pngmem.c; pngvalid would attempt to call png_error() if the allocation + of a png_struct or png_info failed. This would probably have led to a + crash. The pngmem.c implementation of png_malloc() included a cast + to png_size_t which would fail on large allocations on 16-bit systems. + Fix for the preprocessor of the Intel C compiler. The preprocessor + splits adjacent @ signs with a space; this changes the concatentation + token from @-@-@ to PNG_JOIN; that should work with all compiler + preprocessors. + Paeth filter speed improvements from work by Siarhei Siamashka. This + changes the 'Paeth' reconstruction function to improve the GCC code + generation on x86. The changes are only part of the suggested ones; + just the changes that definitely improve speed and remain simple. + The changes also slightly increase the clarity of the code. + Check compression_type parameter in png_get_iCCP and remove spurious + casts. The compression_type parameter is always assigned to, so must + be non-NULL. The cast of the profile length potentially truncated the + value unnecessarily on a 16-bit int system, so the cast of the (byte) + compression type to (int) is specified by ANSI-C anyway. + Fixed FP division by zero in pngvalid.c; the 'test_pixel' code left + the sBIT fields in the test pixel as 0, which resulted in a floating + point division by zero which was irrelevant but causes systems where + FP exceptions cause a crash. Added code to pngvalid to turn on FP + exceptions if the appropriate glibc support is there to ensure this is + tested in the future. + Updated scripts/pnglibconf.mak and scripts/makefile.std to handle the + new PNG_JOIN macro. + Added versioning to pnglibconf.h comments. + Simplified read/write API initial version; basic read/write tested on + a variety of images, limited documentation (in the header file.) + Installed more accurate linear to sRGB conversion tables. The slightly + modified tables reduce the number of 16-bit values that + convert to an off-by-one 8-bit value. The "makesRGB.c" code that was used + to generate the tables is now in a contrib/sRGBtables sub-directory. + etc. see CHANGES +* Thu Dec 1 2011 idoenmez@suse.de +- Name field shouldn't contain a macro +* Thu Dec 1 2011 coolo@suse.com +- add libtool as buildrequire to avoid implicit dependency +* Thu Nov 3 2011 pgajdos@suse.com +- updated to 1.5.6: + Fixed some 64-bit type conversion warnings in pngrtran.c + Moved row_info from png_struct to a local variable. + The various interlace mask arrays have been made into arrays of + bytes and made PNG_CONST and static (previously some arrays were + marked PNG_CONST and some weren't). + Additional checks have been added to the transform code to validate the + pixel depths after the transforms on both read and write. + Removed some redundant code from pngwrite.c, in png_desgtroy_write_struct(). + Changed chunk reading/writing code to use png_uint_32 instead of png_byte[4]. + This removes the need to allocate temporary strings for chunk names on + the stack in the read/write code. Unknown chunk handling still uses the + string form because this is exposed in the API. + Added a note in the manual the png_read_update_info() must be called only + once with a particular info_ptr. + Revised test-pngtest.sh to report FAIL when pngtest fails. + Added "--strict" option to pngtest, to report FAIL when the failure is + only because the resulting valid files are different. + Revised CMakeLists.txt to work with mingw and removed some material from + CMakeLists.txt that is no longer useful in libpng-1.5. + Fixed typo in Makefile.in and Makefile.am ("-M Wl" should be "-M -Wl")." + Speed up png_combine_row() for interlaced images. This reduces the generality + of the code, allowing it to be optimized for Adam7 interlace. The masks + passed to png_combine_row() are now generated internally, avoiding + some code duplication and localizing the interlace handling somewhat. + Align png_struct::row_buf - previously it was always unaligned, caused by + a bug in the code that attempted to align it; the code needs to subtract + one from the pointer to take account of the filter byte prepended to + each row. + Optimized png_combine_row() when rows are aligned. This gains a small + percentage for 16-bit and 32-bit pixels in the typical case where the + output row buffers are appropriately aligned. The optimization was not + previously possible because the png_struct buffer was always misaligned. + Removed two redundant tests for unitialized row. + Fixed a relatively harmless memory overwrite in compressed text writing + with a 1 byte zlib buffer. + Add ability to call png_read_update_info multiple times to pngvalid.c + Fixes for multiple calls to png_read_update_info. These fixes attend to + most of the errors revealed in pngvalid, however doing the gamma work + twice results in inaccuracies that can't be easily fixed. There is now + a warning in the code if this is going to happen. + Turned on multiple png_read_update_info in pngvalid transform tests. + Prevent libpng from overwriting unused bits at the end of the image when + it is not byte aligned, while reading. Prior to libpng-1.5.6 libpng would + overwrite the partial byte at the end of each row if the row width was not + an exact multiple of 8 bits and the image is not interlaced. + Made png_ptr->prev_row an aligned pointer into png_ptr->big_prev_row + (Mans Rullgard). + Changed misleading "Missing PLTE before cHRM" warning to "Out of place cHRM" + Added PNG_LSR() and PNG_LSL() macros to defend against buggy compilers that + evaluate non-taken code branches and complain about out-of-range shifts. + Renamed the local variable 'byte' because it appears in a MSYS header + file. + Added #define PNG_ALIGN_TYPE PNG_ALIGN_NONE to contrib/pngminim/*/pngusr.h +* Mon Sep 26 2011 pgajdos@suse.com +- updated to 1.5.5, fixes: + * CVE-2011-3328 [bnc#720017] +* Tue Jul 26 2011 pgajdos@novell.com +- updated to 1.5.4, fixes: + * CVE-2011-2501 [bnc#702578] + * CVE-2011-2690 [bnc#706387] + * CVE-2011-2691 [bnc#706388] + * CVE-2011-2692 [bnc#706389] +* Thu Mar 31 2011 pgajdos@suse.cz +- updated to 1.5.2: + * Turned on interlace handling in png_read_png(). + * Fixed gcc pendantic warnings. + * Fixed png_get_current_row_number() in the interlaced case. + * Cleaned up ALPHA flags and transformations. + * Implemented expansion to 16 bits. + * etc, see + http://sourceforge.net/projects/libpng/files/libpng15/1.5.2/ +* Thu Feb 3 2011 pgajdos@suse.cz +- updated to 1.5.1: new branch shortly after 1.4, many structural + changes, see CHANGELOG or + http://sourceforge.net/projects/libpng/files/libpng15/1.5.0/ + and + http://sourceforge.net/projects/libpng/files/libpng15/1.5.1/ +* Thu Sep 30 2010 pgajdos@novell.com +- updated to 1.4.4: + * Eliminated another deprecated reference to png_ptr->io_ptr in pngtest.c + * Updated the xcode project to work with libpng-1.4.x and added iOS targets + for simulator and device (Philippe Hausler). + * Eliminated a deprecated reference to png_ptr->io_ptr in pngtest.c + * Removed unused png_mem_* defines from pngconf.h. + * Updated the read macros and functions from 1.5.0beta38. +* Mon Aug 30 2010 coolo@novell.com +- fix baselibs.conf after previous change +* Thu Jul 29 2010 pgajdos@suse.cz +- add devel packages to baselbis.conf [bnc#625883] +* Mon Jun 28 2010 pgajdos@suse.cz +- updated to 1.4.3: fixed libpng overflow (CVE-2010-1205) + and memory leak [bnc#617866] +* Fri Jun 4 2010 coolo@novell.com +- remove devel packages from baselibs.conf, not convinced of + their usefulness +* Mon May 3 2010 dmueller@suse.de +- also obsolete libpng-devel-1.2.43 (previous factory version) +* Sat Apr 24 2010 coolo@novell.com +- buildrequire pkg-config to fix provides +* Thu Apr 15 2010 pgajdos@suse.cz +- support png_read_dither() for xfig and transfig + * read-dither.patch +* Tue Apr 6 2010 ro@suse.de +- fix baselibs.conf +* Thu Mar 25 2010 pgajdos@suse.cz +- updated to 1.4.1 -- new branch +* Thu Feb 25 2010 pgajdos@suse.cz +- updated to 1.2.43 (fixes [bnc#585403]): + * Removed "#define PNG_NO_ERROR_NUMBERS" that was inadvertently added + to pngconf.h in version 1.2.41. + * Removed leftover "-DPNG_CONFIGURE_LIBPNG" from scripts/makefile.darwin + and contrib/pngminim/*/makefile + * Relocated png_do_chop() to its original position in pngrtran.c; the + change in version 1.2.41beta08 caused transparency to be handled wrong + in some 16-bit datastreams (Yusaku Sugai). + * Renamed libpng-pc.in back to libpng.pc.in and revised CMakeLists.txt + (revising changes made in 1.2.41) + * Swapped PNG_UNKNOWN_CHUNKS_SUPPORTED and PNG_HANDLE_AS_UNKNOWN_SUPPORTED + in pngset.c to be consistent with other changes in version 1.2.38. + * Avoid deprecated references to png_ptr-io_ptr and png_ptr->error_ptr + in pngtest.c +* Mon Dec 14 2009 jengelh@medozas.de +- add baselibs.conf as a source +* Mon Dec 7 2009 pgajdos@suse.cz +- updated to 1.2.41: + contains numerous cleanups, some new compile-time warnings about + direct struct access (define PNG_NO_PEDANTIC_WARNINGS to enable), + a new xcode build project, and a minor performance improvement + (avoid building 16-bit gamma tables when not needed) +* Tue Nov 24 2009 pgajdos@suse.cz +- updated to 1.2.40: + Removed an extra png_debug() recently added to png_write_find_filter(). + Fixed incorrect #ifdef in pngset.c regarding unknown chunk support. + Various bugfixes and improvements to CMakeLists.txt (Philip Lowman) +* Tue Nov 3 2009 coolo@novell.com +- updated patches to apply with fuzz=0 +* Thu Aug 13 2009 pgajdos@suse.cz +- updated to 1.2.39: + * Added a prototype for png_64bit_product() in png.c + * Avoid a possible NULL dereference in debug build, + in png_set_text_2() + * Relocated new png_64_bit_product() prototype into png.h + * Replaced *.tar.lzma with *.txz in distribution. + * Reject attempt to write iCCP chunk with negative embedded + profile length. +* Mon Jul 20 2009 pgajdos@suse.cz +- updated to 1.2.38: + * Revised libpng*.txt and libpng.3 to mention calling png_set_IHDR() + multiple times and to specify the sample order in the tRNS chunk, + because the ISO PNG specification has a typo in the tRNS table. + * Changed several PNG_UNKNOWN_CHUNK_SUPPORTED to + PNG_HANDLE_AS_UNKNOWN_SUPPORTED, to make the png_set_keep mechanism + available for ignoring known chunks even when not saving unknown chunks. + * Adopted preference for consistent use of "#ifdef" and "#ifndef" versus + "#if defined()" and "if !defined()" where possible. + * Added PNG_NO_HANDLE_AS_UNKNOWN in the PNG_LEGACY_SUPPORTED block of + pngconf.h, and moved the various unknown chunk macro definitions + outside of the PNG_READ|WRITE_ANCILLARY_CHUNK_SUPPORTED blocks. +* Thu Jun 4 2009 pgajdos@suse.cz +- updated to 1.2.37: + * fixed bug with new png_memset() of the big_row_buffer +* Tue May 12 2009 pgajdos@suse.cz +- updated to 1.2.36 (see CHANGES) +* Mon Feb 23 2009 pgajdos@suse.cz +- fixes possible double free [bnc#472745] + (CVE-2009-0040) +* Mon Jan 19 2009 pgajdos@suse.cz +- updated to 1.2.34: + * fixes CVE-2008-3964 (removed CVE-2008-3964.patch) +* Tue Jan 13 2009 olh@suse.de +- obsolete old -XXbit packages (bnc#437293) +* Mon Sep 15 2008 pgajdos@suse.cz +- fixed CVE-2008-3964 [bnc#424739] + * CVE-2008-3964.patch +* Thu Sep 11 2008 pgajdos@suse.cz +- updated to version 1.2.31: + * coding bugfixes and enhancements +* Mon Sep 1 2008 aj@suse.de +- Do not package la files. +* Mon Jun 23 2008 pgajdos@suse.cz +- updated to 1.2.29: + * fixes to the configure-related build-scripts + * security fix that affects programs that attempt to do + special handling of unknown PNG chunks (presumably very + few such programs), along with a reversion to previous + behavior for handling of images with out-of-range tRNS-chunk + values [bnc#378634] + * fix for unintentional gray-to-RGB conversion in + png_set_expand_gray_1_2_4_to_8() + * various other minor fixes +- removed makefile-am.patch, issue fixed upstream +* Sun May 11 2008 coolo@suse.de +- fix rename of xxbit packages +* Tue Apr 22 2008 pgajdos@suse.cz +- $(ECHO) substituted by echo in Makefile.in -- fixes package + build in beta (makefile-am.patch) +* Thu Apr 10 2008 ro@suse.de +- added baselibs.conf file to build xxbit packages + for multilib support +* Thu Apr 3 2008 pgajdos@suse.cz +- updated to 1.2.26: + * fixed minor coding errors that could lead to crashes in + exceptional cases +* Thu Dec 6 2007 mrueckert@suse.de +- added provides/obsoletes for the old package +* Fri Nov 30 2007 nadvornik@suse.cz +- updated to 1.2.23: + * more sanity checks, fixes [#332249] +- adjusted to Shared Library Policy: + * renamed package libpng to libpng12-0 + * created compatibility package libpng3 +* Wed Jul 11 2007 nadvornik@suse.cz +- updated to 1.2.18: + * security fixes merged upstream +* Thu Mar 29 2007 aj@suse.de +- Add zlib-devel to BuildRequires. +* Thu Nov 23 2006 nadvornik@suse.cz +- fixed crash on malformed sPLT chunks CVE-2006-5793 [#219007] +* Mon Jul 17 2006 nadvornik@suse.cz +- make sure PNG_NO_ASSEMBLER_CODE is used consistently +* Thu Jun 29 2006 nadvornik@suse.cz +- updated to 1.2.12: + * fixed possible buffer overflow [#189241] +* Wed Jun 21 2006 nadvornik@suse.cz +- updated to 1.2.10: + * use autoconf + * many bugfixes +- libpng12-config no longer gives -Wl,-rpath,/usr/lib [#168627] +- spec file cleanup +* Fri Feb 24 2006 nadvornik@suse.cz +- removed libpng-64bit.diff [#153106] +* Wed Jan 25 2006 mls@suse.de +- converted neededforbuild to BuildRequires +* Thu Jan 12 2006 nadvornik@suse.cz +- compile with -fstack-protector +* Mon Oct 10 2005 nadvornik@suse.cz +- fixed incorrect inline asm usage +* Thu May 19 2005 ro@suse.de +- fix libdir in pkgconfig file libpng.pc +* Thu Jan 20 2005 nadvornik@suse.cz +- updated to 1.2.8: + * fixed crash of applications that strip the alpha channel + * fixed invalid zlib header within the PNG datastream +* Mon Sep 27 2004 sf@suse.de +- fixed problem with wrong assumption for long on 64bit archs + which prevents khunphan from working (#45738) +* Wed Aug 25 2004 kukuk@suse.de +- Avoid /bin/sh PreRequires +* Mon Aug 16 2004 nadvornik@suse.cz +- updated to 1.2.6: included security fixes +* Mon Jul 19 2004 nadvornik@suse.cz +- fixed several buffer overflows [#43008] +* Wed Jun 16 2004 nadvornik@suse.cz +- added missing part of pngtran overflow patch [#42043] +* Fri Apr 23 2004 nadvornik@suse.cz +- fixed reading behind end of string [#39180] +* Sat Jan 10 2004 adrian@suse.de +- build as user +* Fri Oct 10 2003 adrian@suse.de +- add %%run_ldconfig +* Mon Apr 7 2003 ro@suse.de +- fix tail calling syntax +* Mon Feb 10 2003 nadvornik@suse.cz +- link the shared library with -lz -lm -lc again +* Wed Jan 29 2003 kukuk@suse.de +- Fix libpng-devel requires (add zlib-devel) [Bug #23154] +* Fri Jan 24 2003 sbrabec@suse.cz +- Added missing pkgconfig files to %%files. +* Tue Jan 7 2003 nadvornik@suse.cz +- updated to 1.2.5 +- fixed buffer overflow +* Wed Jul 31 2002 coolo@suse.de +- fix libz dependency, so the resulting libpng is self containing +* Fri Jul 26 2002 adrian@suse.de +- fix neededforbuild +* Wed Jul 24 2002 nadvornik@suse.cz +- updated to 1.2.4: + - fixed buffer overflow in pngpread.c when IDAT is + corrupted with extra data +* Fri Jul 12 2002 schwab@suse.de +- Fix makefile. +* Fri Jul 5 2002 kukuk@suse.de +- Use %%ix86 macro +* Tue Jul 2 2002 nadvornik@suse.cz +- updated to 1.2.3 +- changed package version to match the version of source tarball +* Tue Mar 5 2002 nadvornik@suse.cz +- fixed permissions for man pages +* Tue Feb 5 2002 nadvornik@suse.cz +- added Provides: libpng:/usr/include/png.h to libpng-devel +* Thu Jan 31 2002 nadvornik@suse.cz +- back to 1.0.12, libpng 1.2.x will be packed in separate package +- created devel subpackage to allow parallel instalation of + shared libraries +* Wed Jan 9 2002 nadvornik@suse.cz +- update to 1.2.1 +- used macros %%{_lib} and %%{_libdir} +* Tue Dec 4 2001 nadvornik@suse.cz +- update to 1.2.0 + - shared library version changed to 3.1.2.0 + - new API for dynamically enabling and disabling certain optimizations +- added Provides: libpng-devel for compatibility [bug #11978] +* Tue Jul 17 2001 nadvornik@suse.cz +- update to 1.0.12 +* Tue Apr 3 2001 nadvornik@suse.cz +- update to 1.0.10 +- used pnggccrd.c - MMX support on intel +* Tue Feb 13 2001 nadvornik@suse.cz +- update to 1.0.9 +* Fri Jan 19 2001 bk@suse.de +- call pngtest program to have some tests that libpng works. +- don't remove -O3 when adding RPM_OPT_FLAGS(still do -O3 optimisations) +* Thu Jan 4 2001 nadvornik@suse.cz +- changed rpm version to 2.1.0.8 (bug #5062) +- changed shared library name to libpng.so.2.1.0.8 +* Wed Aug 23 2000 nadvornik@suse.cz +- update to 1.0.8 +* Tue Jul 11 2000 adrian@suse.de +- seg fault fix in pngrutil.c +* Mon May 22 2000 nadvornik@suse.cz +- changed group +- changed URL +* Sat Apr 29 2000 kukuk@suse.de +- Make sure libpng.so.2 is linked against libz to avoid problems + with missing dependencies. +* Mon Apr 10 2000 nadvornik@suse.cz +- added URL +* Tue Apr 4 2000 nadvornik@suse.cz +- update to 1.0.6 +- added BuildRoot +* Tue Jan 25 2000 ro@suse.de +- update to 1.0.5 +- manpages to /usr/share using macro +* Mon Sep 13 1999 bs@suse.de +- ran old prepare_spec on spec file to switch to new prepare_spec. +* Tue Jun 29 1999 ro@suse.de +- moved from /usr/X11R6 to /usr +* Mon Jun 28 1999 ro@suse.de +- update to 1.0.3 +* Wed Feb 17 1999 ro@suse.de +- added .so.2 link +* Fri Jan 22 1999 ro@suse.de +- bump version to 2.1.0 (the version of the installed library) +* Fri Mar 20 1998 ro@suse.de +- extracted package from libgr tree + update to version 1.0.1 diff --git a/libpng16.keyring b/libpng16.keyring new file mode 100644 index 0000000..878ac9b --- /dev/null +++ b/libpng16.keyring @@ -0,0 +1,91 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.20 (GNU/Linux) + +mQINBFGn+ogBEAD6cK4C1MRIOUPToIxBZA1mwkiUYTimGEhmgHFle9h20GQWuuJ3 +sU34ptoljsmgeWChuC1PRtYm1mb/nrIC98Osu1MKwj1QQbHgGa/oK57LBx05bVZr +GI36tkZXi9VC4aiilJ08c1bVYDh0WKx9ohH7VKlNiDiS5g5Fsk8fe3hj+nCBbRN1 +6VZjcVhWwhYYygTnTu/4KxkjgbE2QUP1CsE8UbeubFcInlSFmXAyoc3hXLbe0NqI +Jxri1dQAwg/J/GtEqLfTDE9f+xuHgVVwUpGNDhf2Md4STW/5m0lzfOQXxN0AUwml +wTNS6YNkb8WK0ab63wnVwP+4wAwVp3QjDYhrkApTdv3W5V/7oGL0Iw6o1XGbXLp2 +qLwgAhcWFeZWU6RbfT33ipeoYPmt4Cw8tGW6Zh1CEW4lj33hJoOTfrogtMFqPRSa +sbz2tTGha3ZA3FKg84tfg1UaS7ZJ6MmrO2lXr7VcjR75xmeqjjQyQlhZ67Ew4mbw +J456mG0fM9a7PPgCIJPAluNQvgUjoSfDFb/0klhnZeUULZqhBNQP05wisWjLinGB +3QW4WKJlBpugSR8ymIgn0aU9gsbBppDHrF9Vzl/1oQAbcuiRM/GIiVvY8q5a8x1I +KnSNH0/SXSdaHdhcfzOx1JG2wM5S5dS5LDkCchxbReD82DDr90dxBlxfnwARAQAB +tDdHbGVubiBSYW5kZXJzLVBlaHJzb24gKG1vemlsbGEpIDxnbGVubnJwK2Jtb0Bn +bWFpbC5jb20+iQI+BBMBAgAoBQJRr4XlAhsDBQkJbUKdBgsJCAcDAgYVCAIJCgsE +FgIDAQIeAQIXgAAKCRD1SYS/oWxkD+AfEACgCTqUYZC4LvwPnaK0Y/Cjgwt6ToaJ +t3dpziKibYR3fL0F8vzX153Ry++K7yRe6C+1oNgNwEtT3NcJ/LOESrQEv0VGMKNK +IgETWGUoPL96X7huX5SJvWWzqjMwqiuGnxhh5zINKFdYEDemzclFgCld9NqMPObJ +K9qnQY2VNl1enn6omXuX6uL9CkYxvAgEWeROLfFqaKv3pqERAegKPSMsLCVvBgOv +LVKbt+Du/sRd2NfmfSBNhubCwegPNw6PW/G/w/IFu28L5FAessIqcPL5fqx0qIpm +Eb+LWOTPb9UrlzVYJmyLZP11I4dTo7RUGcWyP4Pr+LAkYmfjjXMSvVXia3rsy7R6 +uhkiq1Ar6o4WHuDqbWfyM8FRT0IQaeJ2RgMxXx82bG7TYg+3jj/auR1cu77PDcp1 +kZbKS0TTmXnOVk8R3HmM4Nu7JzEgagyvGNZm43yPMk1Z6GyrW7vyF4rV+yC3C4FF +yqL061DOgm/jA8JhRs0CxPpYgBeYKkfbk86cH/42ecCVCOqf59YkIRacQ/BZe8gL +Na/9o9mhL36IXfkr7Y4zwLPeSzwQNewDobqjqxZx24hwXJDgw61khxWmZLc4TaSD +ztYpUiwhzEApPpNPfiyKgemXW3AZas72t4sKcopsubildANMQCLeqnJnOwzA45Dj +gM4isVqLMX0m9bQ+R2xlbm4gUmFuZGVycy1QZWhyc29uIChsaWJwbmcpIDxnbGVu +bnJwQHVzZXJzLnNvdXJjZWZvcmdlLm5ldD6JAj4EEwECACgCGwMGCwkIBwMCBhUI +AgkKCwQWAgMBAh4BAheABQJRrzusBQkJbUKdAAoJEPVJhL+hbGQP65AP/0v4qqp9 +yrwJI1xc56iaB12sUVTUa1LKdFer6rN56Z757dRPrksbR4pQrpU9pjEETg7gn3TL +kMusGeNWWPr86X4kVuAUhw9/SCZiT/MsRvYHNKyNzZBNpw5pPjn/AeQhuHoMER25 +M0e1/hExiwBrpNhyRyywO1NYDbuHFlPA9vlcb7vYF4EYimKyjPg0r1Qbq2rrwPGz +KI6k+Zlhp3NfdAJKdXA50TL48nqCYu1uH18eYP9V4qRaXPto4rzNzlMPn0IILFl4 +zmrC+vrBqtDfcg1fYupDBupKdb54D9xExfx5w+eX7/VhzBesnBEkhOZJRpABW8NE +P9/9ryraPiKyHyfpy1D/LzJXGcNDOwziv0R7LdmLECB714v9tSjie6EdZJYc9E1s +VUG7iJ4te+B0iKohqQIpvuDwjmsJsViu/tHYYndoJd5DYt4QxewN17Vl/P48bV6E +cTZWTnK2hI6/n0u0vfnQ6Zy2Hmkl9PRaDK/EQPaEJ68uk9bx8jiZ2quIDZkdMHZ0 +5hkQk2E4VdCOBPsmeH/kSXhUrhJLcP8wHInBV7Twtv3PR6MVv71Zvccydrqrz0W5 +JtbSA1pMKeDLh8zTL8ZwbvGPwB7qbeaD82babXQErAVkX6N5TX9pbPQU8EHnD/C4 +o8YYtMJ/TSSJQBFo0O3RNTroosHiWtzGQtH7iQI+BBMBAgAoBQJRp/qIAhsDBQkJ +ZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRD1SYS/oWxkD0eUEAC2nqdB +wpzGdUl4HlbdUTSgMSbCO+96rgVQCp5WvQniPaUB4DkHL2V4VDQW4oeDvTWxKC8t +rG4MSgC6Oyjg4qQe9+p9UqxhWWxqajJxMUlBMS/Xn+cHO+FbDfSCOMmHkbmuMOkJ +Z/4g8u4PgKOjnV+Hnmvo49CWkw549NmK4G3GOsoOVVNjz4IjJC1HJkLje662n1SV +q2CqggjflqN90hE0x4n55ihQWsqC0dMYeYLzJXqWkDMavx6oJTVgSGHPSdKx3LPG +UiuDytU1A93K8Ki97NuVOdvC+U3iEnUf1uMBasbDxaGSlIBrMDS3saVqMNDXpfXl +XPyc5dxMz23vayjlWyQI6OO7Im4wpfdHsSQP5uvkkkyLWOz+ZZsASFstF52jfJLm +53Q3agQS8lL1OCvy3rsgVl5OjEpfBwj9L4XF+Meu6EPv5Yk7WUV6+Uabt+KxvIuQ +KqnZ0hlZ4R7ALOloe9yebmWpjW2WtBJS6RJHtJdsym2oVhUjk5NX/on0hAAJDAls +udkFEw+pqtjdiWeyhNvWpTaVLxwwEv0+lHOEVwzC4eU2XOYPS1mzMYaNRjDU1Nf3 +vYV54tnomtr3WvmI9QHlXYU3xpg6F70PdfKoju9JUKoDYi3fwldwLacPEG83XGbf +2r/g6viS5y2k4sOkx23O7L23OFcmoKhx9hibxLRAR2xlbm4gUmFuZGVycy1QZWhy +c29uIChwbmdjcnVzaCkgPGdsZW5ucnBAdXNlcnMuc291cmNlZm9yZ2UubmV0PokC +PgQTAQIAKAUCUa8+fAIbAwUJCW1CnQYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA +CgkQ9UmEv6FsZA/1lRAAmPj6tlVpbr9Nm7tENuWw18r/EkWqf485MMktMvC+ZNOh +SUGTKVX/Snq2AsEvTHhuLv3YvLFRZ4to9veLA1vjXvBVYvdirfIznxfYjdmzLOZ7 +8CWRiRk8aC1j7K1czBUNhRgrTl4YN3GZNxnrmtSDm9A/uHE+RewcbXZsRv8PS9Bn +LCkb2bGbHAJvfjkjDFKstjN0qCMFxFKiQm2QjY1Q8pkD0DtsJgtqirCxkyZvzmqZ +mSIeGURL5l7WJnLiMOckk4V0z3/6BsO4WXJYWe0G1vnPZFJjBvauhKVZMZ75FaKe ++O80dXIiQBblbxV6O/P+2D/V4HnSiENDowltFx2CGhvrf8QY9vvZIApa/qu9FTuF +zMkpKTvODWTMXKKN8V4CAX8YvGJ4P7TU3iicRDG7ElE0v5ewH2DbcJyf9MTtCk+R +zHpxElbkz5WWKEmHQZaVm95W9EWjOM19mvWNCZdgW7u8nGjnfJ+IwZCCYa+VycSg +9sucH7YC9yEKWW2YpdrqbqnjBSEGnjq0MtyXUU5cQIHBgit61sPSBc2nbEsyP4a1 +2o/wF341HzwRQOyU4BSLRgLsnMSwfneOveoC6bFqKebZuMcMuYgzV81vDdGW2JEv +qXsTuAWmiUyJbdVp0ofvAc1ZVCQjbPI5jgWAGSFA/IEES/VrXWwB1Beimk1EW5a5 +Ag0EUaf6iAEQAKx8uIVati92dJrTR1dQLDjcpvnjXdU59gbHZ7u2vC6o4lvNcjBn +9sbS+20PE/bMcfJnYWirJSMSxYGvgfiDRz+LjAMNPtbde/5saqRRFmNOa9i1Kl5M +HxC4LzM8TZOHqpay02GvhB3Uz+o4o4vm148N9dJRNhBiGO0Tmf0RL145FUr2OTDb +Q/RVMIxx1xCqbQCabGKlL6g1ByM65S2s+3wYCqOJfdIAQJ01ohzEiLDToX06wqgI +/zUG9J96Hxwy8GYOG3d5EXKlpZI9y8MdYIKgiTc7wjbrUvsW4H9KQBxm4CMfn24r +/mdnpcDYRKPd7YZBhW7LpDrYXbAqH5OoQZwNXAvLq+iLzZNfgVlQNPup67JD0efO +A9uCwVlSg145EVWBzwbhtd8K5NaEYqbbrK1IYlfsVVk9N1cs6zw/yh/P5TmHvkpH +u2zyYhNaH8CKAmj+cR04eDqqn/ECQ14dA7qoUyADLm199ytpxzjOx1uAz153JnAg +jnZz0cfGpg8oKptQ1j+PQcoy6PEYAE3zUz5PRPWEQr+8S4QSi/HUQQ87d0ysgLzU +uMLHuV+0lOiZ/Jk8N7SOyNnpgkJaE+0NOPuPqH2YUAB3VuoJTxmLq5z49N8+rx0A +P3F8W49dJ7RuA8w5QAGT9UpG3jRvBNkOqCpXyZKfUvSC7H/66HGy7x6rABEBAAGJ +AiUEGAECAA8FAlGn+ogCGwwFCQlmAYAACgkQ9UmEv6FsZA8sehAAw1AAbcjRO6Zs +ivgr3oBMxUcQRwCqhK4JrCXnA2j2LdPmNxVwabjuk/T95gEx/JaPrEN3aNyV6Psb +ajBJ9OChvBjBZ3dib7HmUmKn/q3UDt/ZtOR2Y11rfFcd1WOD6xOzu+GH0Bq9/eN0 +YYZswppy0+s7uKKd2vPxKoCuCt0b0Aze/LpLn7+Az01xsLfHJ8tmwVklkNdT6g9u +Xoxj27ibjOP7XsB/xugCcItxvIPu0kYLohqpSxcOrtAFuGyUm/pqYGFPKvs+4x8+ +oTomn68w2nyI4m3slHdbUfeRNq6uSxzw7a8VqwV4NeGBQLOwq0RCVgvyDKF3vVLR +NkNXkNxRQ8WCOw31qFsAAuBtO2QPxj8KuUzOkMF5nTtyJravAOaSGkjMtBGlUbxS +TSpIeiy8o1SOmj3Fd5fG8k8MlZ+LCzRoAjDREGgk9NZSCpA/kQB3lkv0RSYqgMB8 +nkcBOaCbXRBQ66iPg9KhkMwadUxLAK/i6jFir1HGzgjeSufk/8BJPzHWb5IQna4G +VgGy5MP5iCup2WVyeEREw8p9IGZU+UAOdziD8OicCrMdkw24TqEKOCCREByiRgIf +scWcJdpHlqFYCQhjKPXM79PWYCP600VFW/m1/gblHu3pB3n40NjMOC7Fi1gl96+q +jbyUPEKA6rvduCBJHehOpTSTScWnA3U= +=Rum9 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libpng16.spec b/libpng16.spec new file mode 100644 index 0000000..0bd39cc --- /dev/null +++ b/libpng16.spec @@ -0,0 +1,153 @@ +# +# spec file for package libpng16 +# +# Copyright (c) 2022-2023 ZhuningOS +# + + +%define debug_build 0 +%define asan_build 0 + +%define major 1 +%define minor 6 +%define micro 34 +%define branch %{major}%{minor} +%define libname libpng%{branch}-%{branch} +%define debug_package_requires %{libname} = %{version}-%{release} +Name: libpng16 +Version: %{major}.%{minor}.%{micro} +Release: 3.9.1 +Summary: Library for the Portable Network Graphics Format (PNG) +License: Zlib +Group: Development/Libraries/C and C++ +Url: http://www.libpng.org/pub/png/libpng.html +Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz +Source1: ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz.asc +Source2: libpng16.keyring +Source3: rpm-macros.libpng-tools +Source4: baselibs.conf +Patch0: libpng16-CVE-2018-13785.patch +# CVE-2019-7317 [bsc#1124211] +Patch1: libpng16-CVE-2019-7317.patch +BuildRequires: libtool +BuildRequires: pkgconfig +BuildRequires: zlib-devel + +%package -n %{libname} +Summary: Library for the Portable Network Graphics Format (PNG) +Group: System/Libraries + +%package devel +Summary: Development tools for applications which will use libpng +Group: Development/Libraries/C and C++ +Requires: %{libname} = %{version} +Requires: glibc-devel +Requires: pkgconfig +Requires: zlib-devel +Recommends: libpng%{branch}-compat-devel +# + +%package compat-devel +Summary: Development tools for applications which will use libpng +Group: Development/Libraries/C and C++ +Requires: libpng%{branch}-devel = %{version} +Conflicts: libpng-devel +Provides: libpng-devel = %{version} +Obsoletes: libpng-devel < 1.2.44 + +%package tools +Summary: Tools for Manipulating PNG Images +Group: Productivity/Graphics/Other +Conflicts: libpng-tools +Provides: libpng-tools = %{version} + +%description +libpng is the official reference library for the Portable Network +Graphics format (PNG). + +%description -n %{libname} +libpng is the official reference library for the Portable Network +Graphics format (PNG). + +%description devel +The libpng%{branch}-devel package includes the header files, libraries, +configuration files and development tools necessary for compiling and +linking programs which will manipulate PNG files using libpng%{branch}. + +libpng is the official reference library for the Portable Network +Graphics (PNG) format. + +%description compat-devel +The libpng%{branch}-compat-devel package contains unversioned symlinks +to the header files, libraries, configuration files and development +tools necessary for compiling and linking programs that don't care +about libpng version. + +%description tools +Package consists of low level tools for manipulating and fixing particular +PNG files. + +%prep +%setup -q -n libpng-%{version} +%patch0 -p1 +%patch1 -p1 + +%build +# PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1 +export CFLAGS="%{optflags} -O3 -DPNG_SAFE_LIMITS_SUPPORTED -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)" +export LDFLAGS="-Wl,-z,relro,-z,now" +%if %{debug_build} +export CFLAGS="$CFLAGS -O0" +%endif +%configure \ + --disable-static +%if %{asan_build} +sed -i -e 's/^\(CFLAGS.*\)$/\1 -fsanitize=address/' \ + -e 's/\(^LIBS =.*\)/\1 -lasan/' Makefile +%endif +make %{?_smp_mflags} + +%check +make -j1 check + +%install +%make_install +rm %{buildroot}/%{_libdir}/libpng*.la +mkdir -p %{buildroot}%{_sysconfdir}/rpm +cp -a %{SOURCE3} \ + %{buildroot}%{_sysconfdir}/rpm/macros.libpng-tools +%if %{debug_build} ||%{asan_build} +install -m755 .libs/pngcp %{buildroot}/%{_bindir} +%endif + +%post -n %{libname} -p /sbin/ldconfig +%postun -n %{libname} -p /sbin/ldconfig + +%files -n %{libname} +%{_libdir}/libpng%{branch}.so.* + +%files devel +%{_bindir}/libpng%{branch}-config +%{_includedir}/libpng%{branch} +%{_libdir}/libpng%{branch}.so +%{_libdir}/pkgconfig/libpng%{branch}.pc +%doc CHANGES README TODO ANNOUNCE LICENSE libpng-*.txt + +%files compat-devel +%{_bindir}/libpng-config +%{_includedir}/*.h +%{_libdir}/libpng.so +%{_libdir}/pkgconfig/libpng.pc +%{_mandir}/man3/libpng.3%{ext_man} +%{_mandir}/man3/libpngpf.3%{ext_man} +%{_mandir}/man5/png.5%{ext_man} + +%files tools +%{_bindir}/png-fix-itxt +%{_bindir}/pngfix +%{_sysconfdir}/rpm/macros.libpng-tools +%if %{debug_build} || %{asan_build} +%{_bindir}/pngcp +%endif + +%changelog diff --git a/rpm-macros.libpng-tools b/rpm-macros.libpng-tools new file mode 100644 index 0000000..a22e9dc --- /dev/null +++ b/rpm-macros.libpng-tools @@ -0,0 +1,35 @@ +# macro: %png_fix path/to/name-of.png +# for given png, fixes 'IDAT: invalid distance too far back', etc., +# see pngfix --help +# +# -q do not output if macro fixed something or find unrecoverable error +# +# this macro fails only if there is an unrecoverable error in the png +# -- pngfix returns nonzero and $png.fixed doesn't exist; run pngfix +# on that file, see return code and compare with pngfix --help output +%png_fix(q) \ + if test "x%1" == "x%%1"; then \ + echo "Missing argument in call to %%png_fix: path and name of png file." \ + exit 1 \ + fi \ + /usr/bin/pngfix %{-q: -qq} --suffix='.fixed' "%1" || true \ + mv "%1.fixed" "%1" \ + %nil +# +# macro: %png_fix_dir +# for given directory, search *.png (recursively) and potentionaly +# fix 'IDAT: invalid distance too far back', etc., see pngfix --help +# +# -q do not output if pngfix fixed something or find unrecoverable error +# +%png_fix_dir(q) \ + if test "x%1" == "x%%1"; then \ + echo "Missing argument in call to %%png_fix_dir: dir where to search png files." \ + exit 1 \ + fi \ + for png in `find "%1" -iname '*.png'`; do \ + # -q will be propagated \ + %png_fix $png \ + done \ + %nil +