diff options
| author | Eric Vannier <evannier@google.com> | 2011-07-20 17:03:29 -0700 |
|---|---|---|
| committer | Kenny Root <kroot@google.com> | 2011-07-21 10:35:54 -0700 |
| commit | 66dce0da6a5db51ee0c2875517d3a6ca6cbbe53d (patch) | |
| tree | 7a375165c96b754d82ba1b6c304084645a5197bf /ANNOUNCE | |
| parent | 6acf3dd4a350c51fd2b72ec990b7da6d5657e52a (diff) | |
| download | external_libpng-66dce0da6a5db51ee0c2875517d3a6ca6cbbe53d.zip external_libpng-66dce0da6a5db51ee0c2875517d3a6ca6cbbe53d.tar.gz external_libpng-66dce0da6a5db51ee0c2875517d3a6ca6cbbe53d.tar.bz2 | |
Upgrading libpng to 1.2.46 to fix a few vulnerabilities.
Bug: 5057432
Bug: 5055636
Change-Id: I9e1b51881386aa9f574a38abc844e036baef9091
Diffstat (limited to 'ANNOUNCE')
| -rw-r--r-- | ANNOUNCE | 56 |
1 files changed, 32 insertions, 24 deletions
@@ -1,5 +1,5 @@ -Libpng 1.2.44 - June 26, 2010 +Libpng 1.2.46 - July 9, 2011 This is a public release of libpng, intended for use in production codes. @@ -8,48 +8,56 @@ Files available for download: Source files with LF line endings (for Unix/Linux) and with a "configure" script - libpng-1.2.44.tar.xz (LZMA-compressed, recommended) - libpng-1.2.44.tar.gz - libpng-1.2.44.tar.bz2 + libpng-1.2.46.tar.xz (LZMA-compressed, recommended) + libpng-1.2.46.tar.gz + libpng-1.2.46.tar.bz2 Source files with LF line endings (for Unix/Linux) without the "configure" script - libpng-1.2.44-no-config.tar.xz (LZMA-compressed, recommended) - libpng-1.2.44-no-config.tar.gz - libpng-1.2.44-no-config.tar.bz2 + libpng-1.2.46-no-config.tar.xz (LZMA-compressed, recommended) + libpng-1.2.46-no-config.tar.gz + libpng-1.2.46-no-config.tar.bz2 Source files with CRLF line endings (for Windows), without the "configure" script - lpng1244.zip - lpng1244.7z - lpng1244.tar.bz2 + lpng1246.zip + lpng1246.7z + lpng1246.tar.bz2 Project files - libpng-1.2.44-project-netware.zip - libpng-1.2.44-project-wince.zip + libpng-1.2.46-project-netware.zip + libpng-1.2.46-project-wince.zip Other information: - libpng-1.2.44-README.txt - libpng-1.2.44-KNOWNBUGS.txt - libpng-1.2.44-LICENSE.txt - libpng-1.2.44-Y2K-compliance.txt - libpng-1.2.44-[previous version]-diff.txt + libpng-1.2.46-README.txt + libpng-1.2.46-KNOWNBUGS.txt + libpng-1.2.46-LICENSE.txt + libpng-1.2.46-Y2K-compliance.txt + libpng-1.2.46-[previous version]-diff.txt Changes since the last public release (1.2.43): -version 1.2.44 [June 26, 2010] - - Rewrote png_process_IDAT_data to consistently treat extra data as warnings - and handle end conditions more cleanly. - Removed the now-redundant check for out-of-bounds new_row from example.c - +version 1.2.45 [July 9, 2011] + + Fixed uninitialized memory read in png_format_buffer() (Bug + report by Frank Busse, related to CVE-2004-0421). + Pass "" instead of '\0' to png_default_error() in png_err(). This mistake + was introduced in libpng-1.2.20beta01. + Check for up->location !PNG_AFTER_IDAT when writing unknown chunks + before IDAT. + Ported bugfix in pngrtran.c from 1.5.3: when expanding a paletted image, + always expand to RGBA if transparency is present. + Check for integer overflow in png_set_rgb_to_gray(). + Check for sCAL chunk too short. + Added CMakeLists.txt, projects/xcode, and pnggccrd.c to EXTRA_DIST in + Makefile.am and Makefile.in + Udated copyright year to 2011. Send comments/corrections/commendations to png-mng-implement at lists.sf.net - (subscription required; visit https://lists.sourceforge.net/lists/listinfo/png-mng-implement to subscribe) or to glennrp at users.sourceforge.net |