~rafalcieslak256/ubuntu/quantal/libpng/build

~rafalcieslak256/ubuntu/quantal/libpng/build_test

Viewing changes to CHANGES

Committer: Bazaar Package Importer
Author(s): Anibal Monsalve Salazar
Date: 2009-02-21 15:50:52 UTC
mfrom: (1.1.6 upstream)
Revision ID: james.westby@ubuntu.com-20090221155052-x0s21xidln6rlvzl

Tags: 1.2.35-1

http://bugs.debian.org/516256

http://bugs.debian.org/486415

* New upstream release
  - http://secunia.com/advisories/33970/
    Fix a vulnerability reported by Tavis Ormandy in which
    some arrays of pointers are not initialized prior to using
    "malloc" to define the pointers.
    Closes: #516256
  - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
    The png_check_keyword function in pngwutil.c in libpng, might
    allow context-dependent attackers to set the value of an
    arbitrary memory location to zero via vectors involving
    creation of crafted PNG files with keywords, related to an
    implicit cast of the '\0' character constant to a NULL pointer.
* Don't build libpng3 when binary-indep target is not called.
  Closes: #486415

files added:
libpng-1.2.35.txt

files removed:
contrib/gregbook/rpng-x.o

debian/patches/02-501109-pngtest.c.diff

debian/patches/02-CVE-2008-5907.diff

debian/patches/02-CVE-2009-0040.diff

libpng-1.2.27.txt

files modified:
ANNOUNCE

CHANGES

INSTALL

KNOWNBUG

LICENSE

Makefile.am

Makefile.in

README

Y2KINFO

aclocal.m4

autogen.sh

config.guess

config.sub

configure

configure.ac

contrib/visupng/cexcept.h

debian/changelog

debian/control

debian/copyright

debian/docs

debian/libpng12-0.doc-base

debian/libpng12-0.docs

debian/patches/01-legacy.diff

debian/patches/series

debian/rules

depcomp

example.c

install-sh

libpng.3

libpngpf.3

ltmain.sh

missing

mkinstalldirs

png.5

png.c

png.h

pngconf.h

pngerror.c

pnggccrd.c

pngget.c

pngmem.c

pngpread.c

pngread.c

pngrio.c

pngrtran.c

pngrutil.c

pngset.c

pngtest.c

pngtrans.c

pngwio.c

pngwrite.c

pngwtran.c

pngwutil.c

scripts/CMakeLists.txt

scripts/libpng-config-head.in

scripts/libpng-config.in

scripts/libpng.pc-configure.in

scripts/libpng.pc.in

scripts/makefile.32sunu

scripts/makefile.64sunu

scripts/makefile.aix

scripts/makefile.beos

scripts/makefile.cygwin

scripts/makefile.darwin

scripts/makefile.dec

scripts/makefile.elf

scripts/makefile.gcc

scripts/makefile.gcmmx

scripts/makefile.hp64

scripts/makefile.hpgcc

scripts/makefile.hpux

scripts/makefile.linux

scripts/makefile.mingw

scripts/makefile.ne12bsd

scripts/makefile.netbsd

scripts/makefile.nommx

scripts/makefile.openbsd

scripts/makefile.os2

scripts/makefile.sco

scripts/makefile.sggcc

scripts/makefile.sgi

scripts/makefile.so9

scripts/makefile.solaris

scripts/makefile.solaris-x86

scripts/pngos2.def

scripts/pngw32.def

Show diffs side-by-side

added added

removed removed

CHANGES

2107

Fixed bug (introduced in libpng-1.0.5h) with handling zero-length

2108

unknown chunks.

2109

Added more information about png_set_keep_unknown_chunks() to the

2110

documetation.

2110

documentation.

2111

Reject tRNS chunk with out-of-range samples instead of masking off

2112

the invalid high bits as done in since libpng-1.2.19beta5.

2113

2127

Rebuilt Makefile.in, aclocal.m4, and configure with autoconf-2.62

2128

2129

version 1.2.27beta05 [April 19, 2008]

2130

Added MAINTEINERCLEANFILES variable to Makefile.am

2130

Added MAINTAINERCLEANFILES variable to Makefile.am

2131

2132

version 1.2.27beta06 [April 21, 2008]

2133

Avoid changing color_type from GRAY to RGB by

2136

version 1.2.27rc01 [April 23, 2008]

2137

Fix broken URL for rfc2083 in png.5 and libpng-*.txt

2138

2139

version 1.0.33 and 1.2.27rc01 [April 29, 2008]

2139

version 1.0.33 and 1.2.27 [April 30, 2008]

2140

No changes.

2141

2142

version 1.0.34 and 1.2.28 [April 30, 2008]

2143

Rebuilt Makefile.in, aclocal.m4, and configure with autoconf-2.61

2144

due to backward incompatibilities.

2145

Removed a stray object file from contrib/gregbook

2146

2147

version 1.2.29beta01 [May 1, 2008]

2148

Removed some stray *.diff and *.orig files

2149

2150

version 1.2.29beta02 [May 1, 2008]

2151

Reverted Makefile.in, aclocal.m4, and configure to the libpng-1.2.26

2152

versions.

2153

2154

version 1.2.29beta03 [May 2, 2008]

2155

Added --force to autogen libtoolize options and --force-missing to

2156

automake options.

2157

Changed $(ECHO) to echo in Makefile.am and Makefile.in

2158

Updated all configure files to autoconf-2.62

2159

#ifdef out pnggcrd.c code if using MSC_VER

2160

2161

version 1.2.29rc01 [May 4, 2008]

2162

No changes.

2163

2164

version 1.0.35 and 1.2.29 [May 8, 2008]

2165

No changes.

2166

2167

version 1.0.37 [May 9, 2008]

2168

Updated Makefile.in and configure (omitted version 1.0.36).

2169

2170

version 1.2.30beta01 [May 29, 2008]

2171

Updated libpng.pc-configure.in and libpng-config.in per debian bug reports.

2172

2173

version 1.2.30beta02 [June 25, 2008]

2174

Restored png_flush(png_ptr) at the end of png_write_end(), that was

2175

removed from libpng-1.0.9beta03.

2176

2177

version 1.2.30beta03 [July 6, 2008]

2178

Merged some cosmetic whitespace changes from libpng-1.4.0beta19.

2179

Inline call of png_get_uint_32() in png_get_uint_31(), as in 1.4.0beta19.

2180

Added demo of decoding vpAg and sTER chunks to pngtest.c, from 1.4.0beta19.

2181

Changed PNGMAJ from 0 to 12 in makefile.darwin, which does not like 0.

2182

Added new private function png_read_chunk_header() from 1.4.0beta19.

2183

Merge reading of chunk length and chunk type into a single 8-byte read.

2184

Merge writing of chunk length and chunk type into a single 8-byte write.

2185

2186

version 1.2.30beta04 [July 10, 2008]

2187

Merged more cosmetic whitespace changes from libpng-1.4.0beta19.

2188

2189

version 1.0.38rc01, 1.2.30rc01 [February 14, 2009]

2190

No changes.

2191

2192

version 1.0.38rc02, 1.2.30rc02 [July 21, 2008]

2193

Moved local array "chunkdata" from pngrutil.c to the png_struct, so

2194

it will be freed by png_read_destroy() in case of a read error (Kurt

2195

Christensen).

2196

2197

version 1.0.38rc03, 1.2.30rc03 [July 21, 2008]

2198

Changed "purpose" and "buffer" to png_ptr->chunkdata to avoid memory leaking.

2199

2200

version 1.0.38rc04, 1.2.30rc04 [July 22, 2008]

2201

Changed "chunkdata = NULL" to "png_ptr->chunkdata = NULL" several places in

2202

png_decompress_chunk().

2203

2204

version 1.0.38rc05, 1.2.30rc05 [July 25, 2008]

2205

Changed all remaining "chunkdata" to "png_ptr->chunkdata" in

2206

png_decompress_chunk() and remove chunkdata from parameter list.

2207

Put a call to png_check_chunk_name() in png_read_chunk_header().

2208

Revised png_check_chunk_name() to reject a name with a lowercase 3rd byte.

2209

Removed two calls to png_check_chunk_name() occuring later in the process.

2210

2211

version 1.0.38rc06, 1.2.30rc06 [July 29, 2008]

2212

Added a call to png_check_chunk_name() in pngpread.c

2213

Reverted png_check_chunk_name() to accept a name with a lowercase 3rd byte.

2214

2215

version 1.0.38r07, 1.2.30r07 [August 2, 2008]

2216

Changed "-Wall" to "-W -Wall" in the CFLAGS in all makefiles (Cosmin Truta)

2217

Declared png_ptr "volatile" in pngread.c and pngwrite.c to avoid warnings.

2218

Added code in pngset.c to quiet compiler warnings.

2219

Updated contrib/visupng/cexcept.h to version 2.0.1

2220

Relocated a misplaced "#endif /* PNG_NO_WRITE_FILTER */" in pngwutil.c

2221

2222

version 1.0.38r08, 1.2.30r08 [August 2, 2008]

2223

Enclose "volatile" declarations in #ifdef PNG_SETJMP_SUPPORTED (Cosmin).

2224

2225

version 1.0.38, 1.2.30 [August 14, 2008]

2226

No changes.

2227

2228

version 1.2.31rc01 [August 19, 2008]

2229

Removed extra crc check at the end of png_handle_cHRM(). Bug introduced

2230

in libpng-1.2.30beta03 (Heiko Nitzsche).

2231

2232

version 1.2.31rc02 [August 19, 2008]

2233

Added PNG_WRITE_FLUSH_SUPPORTED block around new png_flush() call.

2234

2235

version 1.2.31rc03 [August 19, 2008]

2236

Added PNG_WRITE_FLUSH_AFTER_IEND_SUPPORTED block, off by default, around

2237

new png_flush().

2238

2239

version 1.0.39, 1.2.31 [August 21, 2008]

2240

No changes.

2241

2242

version 1.2.32beta01 [September 6, 2008]

2243

Shortened tIME_string to 29 bytes in pngtest.c (bug introduced in

2244

libpng-1.2.22).

2245

Fixed off-by-one error introduced in png_push_read_zTXt() function in

2246

libpng-1.2.30beta04/pngpread.c (Harald van Dijk)

2247

These bugs have been given the vulnerability id CVE-2008-3964.

2248

2249

version 1.0.40, 1.2.32 [September 18, 2008]

2250

No changes.

2251

2252

version 1.2.33beta01 [October 6, 2008]

2253

Revised makefile.darwin to fix shared library numbering.

2254

Change png_set_gray_1_2_4_to_8() to png_set_expand_gray_1_2_4_to_8()

2255

in example.c (debian bug report)

2256

2257

version 1.2.33rc01 [October 15, 2008]

2258

No changes.

2259

2260

version 1.0.41rc01, version 1.2.33rc02 [October 23, 2008]

2261

Changed remaining "key" to "png_ptr->chunkdata" in png_handle_tEXt()

2262

to avoid memory leak after memory failure while reading tEXt chunk.`

2263

2264

version 1.2.33 [October 31, 2008]

2265

No changes.

2266

2267

version 1.2.34beta01 [November 27, 2008]

2268

Revised png_warning() to write its message on standard output by default

2269

when warning_fn is NULL. This was the behavior prior to libpng-1.2.9beta9.

2270

Fixed string vs pointer-to-string error in png_check_keyword().

2271

Added png_check_cHRM_fixed() in png.c and moved checking from pngget.c,

2272

pngrutil.c, and pngwrite.c, and eliminated floating point cHRM checking.

2273

Added check for zero-area RGB cHRM triangle in png_check_cHRM_fixed().

2274

In png_check_cHRM_fixed(), ensure white_y is > 0, and removed redundant

2275

check for all-zero coordinates that is detected by the triangle check.

2276

Revised png_warning() to write its message on standard output by default

2277

when warning_fn is NULL.

2278

2279

version 1.2.34beta02 [November 28, 2008]

2280

Corrected off-by-one error in bKGD validity check in png_write_bKGD()

2281

and in png_handle_bKGD().

2282

2283

version 1.2.34beta03 [December 1, 2008]

2284

Revised bKGD validity check to use >= x instead of > x + 1

2285

Merged with png_debug from libpng-1.4.0 to remove newlines.

2286

2287

version 1.2.34beta04 [December 2, 2008]

2288

More merging with png_debug from libpng-1.4.0 to remove newlines.

2289

2290

version 1.2.34beta05 [December 5, 2008]

2291

Removed redundant check for key==NULL before calling png_check_keyword()

2292

to ensure that new_key gets initialized and removed extra warning

2293

(Arvan Pritchard).

2294

2295

version 1.2.34beta06 [December 9, 2008]

2296

In png_write_png(), respect the placement of the filler bytes in an earlier

2297

call to png_set_filler() (Jim Barry).

2298

2299

version 1.2.34beta07 [December 9, 2008]

2300

Undid previous change and added PNG_TRANSFORM_STRIP_FILLER_BEFORE and

2301

PNG_TRANSFORM_STRIP_FILLER_AFTER conditionals and deprecated

2302

PNG_TRANSFORM_STRIP_FILLER (Jim Barry).

2303

2304

version 1.0.42rc01, 1.2.34rc01 [December 11, 2008]

2305

No changes.

2306

2307

version 1.0.42, 1.2.34 [December 18, 2008]

2308

No changes.

2309

2310

version 1.2.35beta01 [February 4, 2009]

2311

Zero out some arrays of pointers after png_malloc(). (Tavis Ormandy)

2312

2313

version 1.2.35beta02 [Feburary 4, 2009]

2314

Zero out more arrays of pointers after png_malloc().

2315

2316

version 1.2.35beta03 [February 5, 2009]

2317

Use png_memset() instead of a loop to intialize pointers. We realize

2318

this will not work on platforms where the NULL pointer is not all zeroes.

2319

2320

version 1.2.35rc01 [February 11, 2009]

2321

No changes.

2322

2323

version 1.2.35rc02 [February 12, 2009]

2324

Fix typo in new png_memset call in pngset.c (png_color should be png_charp)

2325

2326

version 1.0.43 and 1.2.35 [February 14, 2009]

2140

2327

No changes.

2141

2328

2142

2329

Send comments/corrections/commendations to png-mng-implement at lists.sf.net

Older »