--- libpng-1.2.15~beta5.orig/pngpread.c
+++ libpng-1.2.15~beta5/pngpread.c
@@ -703,8 +703,8 @@
save_size = png_ptr->save_buffer_size;
png_calculate_crc(png_ptr, png_ptr->save_buffer_ptr, save_size);
- if (!(png_ptr->flags & PNG_FLAG_ZLIB_FINISHED))
- png_process_IDAT_data(png_ptr, png_ptr->save_buffer_ptr, save_size);
+
+ png_process_IDAT_data(png_ptr, png_ptr->save_buffer_ptr, save_size);
png_ptr->idat_size -= save_size;
png_ptr->buffer_size -= save_size;
png_ptr->save_buffer_size -= save_size;
@@ -725,8 +725,8 @@
save_size = png_ptr->current_buffer_size;
png_calculate_crc(png_ptr, png_ptr->current_buffer_ptr, save_size);
- if (!(png_ptr->flags & PNG_FLAG_ZLIB_FINISHED))
- png_process_IDAT_data(png_ptr, png_ptr->current_buffer_ptr, save_size);
+
+ png_process_IDAT_data(png_ptr, png_ptr->current_buffer_ptr, save_size);
png_ptr->idat_size -= save_size;
png_ptr->buffer_size -= save_size;
@@ -751,57 +751,100 @@
png_process_IDAT_data(png_structp png_ptr, png_bytep buffer,
png_size_t buffer_length)
{
- int ret;
-
- if ((png_ptr->flags & PNG_FLAG_ZLIB_FINISHED) && buffer_length)
- png_error(png_ptr, "Extra compression data");
-
+ /* The caller checks for a non-zero buffer length. */
+ if (!(buffer_length > 0) || buffer == NULL)
+ png_error(png_ptr, "No IDAT data (internal error)");
+
+ /* This routine must process all the data it has been given
+ * before returning, calling the row callback as required to
+ * handle the uncompressed results.
+ */
png_ptr->zstream.next_in = buffer;
png_ptr->zstream.avail_in = (uInt)buffer_length;
- for(;;)
+
+ /* Keep going until the decompressed data is all processed
+ * or the stream marked as finished.
+ */
+ while (png_ptr->zstream.avail_in > 0 &&
+ !(png_ptr->flags & PNG_FLAG_ZLIB_FINISHED))
{
- ret = inflate(&png_ptr->zstream, Z_PARTIAL_FLUSH);
- if (ret != Z_OK)
- {
- if (ret == Z_STREAM_END)
- {
- if (png_ptr->zstream.avail_in)
- png_error(png_ptr, "Extra compressed data");
- if (!(png_ptr->zstream.avail_out))
- {
- png_push_process_row(png_ptr);
- }
+ int ret;
- png_ptr->mode |= PNG_AFTER_IDAT;
- png_ptr->flags |= PNG_FLAG_ZLIB_FINISHED;
- break;
- }
- else if (ret == Z_BUF_ERROR)
- break;
- else
- png_error(png_ptr, "Decompression Error");
+ /* We have data for zlib, but we must check that zlib
+ * has somewhere to put the results. It doesn't matter
+ * if we don't expect any results -- it may be the input
+ * data is just the LZ end code.
+ */
+ if (!(png_ptr->zstream.avail_out > 0))
+ {
+ png_ptr->zstream.avail_out =
+ (uInt) PNG_ROWBYTES(png_ptr->pixel_depth,
+ png_ptr->iwidth) + 1;
+ png_ptr->zstream.next_out = png_ptr->row_buf;
+ }
+
+ /* Using Z_SYNC_FLUSH here means that an unterminated
+ * LZ stream can still be handled (a stream with a missing
+ * end code), otherwise (Z_NO_FLUSH) a future zlib
+ * implementation might defer output and, therefore,
+ * change the current behavior. (See comments in inflate.c
+ * for why this doesn't happen at present with zlib 1.2.5.)
+ */
+ ret = inflate(&png_ptr->zstream, Z_SYNC_FLUSH);
+
+ /* Check for any failure before proceeding. */
+ if (ret != Z_OK && ret != Z_STREAM_END)
+ {
+ /* Terminate the decompression. */
+ png_ptr->flags |= PNG_FLAG_ZLIB_FINISHED;
+
+ /* This may be a truncated stream (missing or
+ * damaged end code). Treat that as a warning.
+ */
+ if (png_ptr->row_number >= png_ptr->num_rows ||
+ png_ptr->pass > 6)
+ png_warning(png_ptr, "Truncated compressed data in IDAT");
+ else
+ png_error(png_ptr, "Decompression error in IDAT");
+
+ /* Skip the check on unprocessed input */
+ return;
}
- if (!(png_ptr->zstream.avail_out))
+
+ /* Did inflate output any data? */
+ if (png_ptr->zstream.next_out != png_ptr->row_buf)
{
- if ((
-#if defined(PNG_READ_INTERLACING_SUPPORTED)
- png_ptr->interlaced && png_ptr->pass > 6) ||
- (!png_ptr->interlaced &&
-#endif
- png_ptr->row_number == png_ptr->num_rows))
+ /* Is this unexpected data after the last row?
+ * If it is, artificially terminate the LZ output
+ * here.
+ */
+ if (png_ptr->row_number >= png_ptr->num_rows ||
+ png_ptr->pass > 6)
{
- if (png_ptr->zstream.avail_in)
- png_warning(png_ptr, "Too much data in IDAT chunks");
- png_ptr->flags |= PNG_FLAG_ZLIB_FINISHED;
- break;
- }
- png_push_process_row(png_ptr);
- png_ptr->zstream.avail_out = (uInt)png_ptr->irowbytes;
- png_ptr->zstream.next_out = png_ptr->row_buf;
+ /* Extra data. */
+ png_warning(png_ptr, "Extra compressed data in IDAT");
+ png_ptr->flags |= PNG_FLAG_ZLIB_FINISHED;
+ /* Do no more processing; skip the unprocessed
+ * input check below.
+ */
+ return;
+ }
+
+ /* Do we have a complete row? */
+ if (png_ptr->zstream.avail_out == 0)
+ png_push_process_row(png_ptr);
}
- else
- break;
+ /* And check for the end of the stream. */
+ if (ret == Z_STREAM_END)
+ png_ptr->flags |= PNG_FLAG_ZLIB_FINISHED;
}
+
+ /* All the data should have been processed, if anything
+ * is left at this point we have bytes of IDAT data
+ * after the zlib end code.
+ */
+ if (png_ptr->zstream.avail_in > 0)
+ png_warning(png_ptr, "Extra compression data");
}
void /* PRIVATE */
@@ -1126,7 +1169,7 @@
for (text = key; *text; text++)
/* empty loop */ ;
- if (text != key + png_ptr->current_text_size)
+ if (text < key + png_ptr->current_text_size)
text++;
text_ptr = (png_textp)png_malloc(png_ptr,
@@ -1222,7 +1265,7 @@
/* empty loop */ ;
/* zTXt can't have zero text */
- if (text == key + png_ptr->current_text_size)
+ if (text >= key + png_ptr->current_text_size)
{
png_ptr->current_text = NULL;
png_free(png_ptr, key);
@@ -1420,7 +1463,7 @@
for (lang = key; *lang; lang++)
/* empty loop */ ;
- if (lang != key + png_ptr->current_text_size)
+ if (lang < key + png_ptr->current_text_size - 3)
lang++;
comp_flag = *lang++;
@@ -1430,10 +1473,14 @@
/* empty loop */ ;
lang_key++; /* skip NUL separator */
- for (text = lang_key; *text; text++)
- /* empty loop */ ;
+ text=lang_key;
+ if (lang_key < key + png_ptr->current_text_size - 1)
+ {
+ for (; *text; text++)
+ /* empty loop */ ;
+ }
- if (text != key + png_ptr->current_text_size)
+ if (text < key + png_ptr->current_text_size)
text++;
text_ptr = (png_textp)png_malloc(png_ptr,
@@ -1500,9 +1547,14 @@
#endif
png_strcpy((png_charp)chunk.name, (png_charp)png_ptr->chunk_name);
- chunk.data = (png_bytep)png_malloc(png_ptr, length);
- png_crc_read(png_ptr, chunk.data, length);
chunk.size = length;
+ if (length == 0)
+ chunk.data = NULL;
+ else
+ {
+ chunk.data = (png_bytep)png_malloc(png_ptr, length);
+ png_crc_read(png_ptr, chunk.data, length);
+ }
#if defined(PNG_READ_USER_CHUNKS_SUPPORTED)
if(png_ptr->read_user_chunk_fn != NULL)
{
--- libpng-1.2.15~beta5.orig/pngrutil.c
+++ libpng-1.2.15~beta5/pngrutil.c
@@ -169,6 +169,95 @@
#if defined(PNG_READ_zTXt_SUPPORTED) || defined(PNG_READ_iTXt_SUPPORTED) || \
defined(PNG_READ_iCCP_SUPPORTED)
+static png_size_t
+png_inflate(png_structp png_ptr, const png_byte *data, png_size_t size,
+ png_bytep output, png_size_t output_size)
+{
+ png_size_t count = 0;
+
+ png_ptr->zstream.next_in = (png_bytep)data; /* const_cast: VALID */
+ png_ptr->zstream.avail_in = size;
+
+ while (1)
+ {
+ int ret, avail;
+
+ /* Reset the output buffer each time round - we empty it
+ * after every inflate call.
+ */
+ png_ptr->zstream.next_out = png_ptr->zbuf;
+ png_ptr->zstream.avail_out = png_ptr->zbuf_size;
+
+ ret = inflate(&png_ptr->zstream, Z_NO_FLUSH);
+ avail = png_ptr->zbuf_size - png_ptr->zstream.avail_out;
+
+ /* First copy/count any new output - but only if we didn't
+ * get an error code.
+ */
+ if ((ret == Z_OK || ret == Z_STREAM_END) && avail > 0)
+ {
+ if (output != 0 && output_size > count)
+ {
+ int copy = output_size - count;
+ if (avail < copy) copy = avail;
+ png_memcpy(output + count, png_ptr->zbuf, copy);
+ }
+ count += avail;
+ }
+
+ if (ret == Z_OK)
+ continue;
+
+ /* Termination conditions - always reset the zstream, it
+ * must be left in inflateInit state.
+ */
+ png_ptr->zstream.avail_in = 0;
+ inflateReset(&png_ptr->zstream);
+
+ if (ret == Z_STREAM_END)
+ return count; /* NOTE: may be zero. */
+
+ /* Now handle the error codes - the API always returns 0
+ * and the error message is dumped into the uncompressed
+ * buffer if available.
+ */
+ {
+ char *msg, umsg[52];
+ if (png_ptr->zstream.msg != 0)
+ msg = png_ptr->zstream.msg;
+ else
+ {
+#if !defined(PNG_NO_STDIO) && !defined(_WIN32_WCE)
+ switch (ret)
+ {
+ case Z_BUF_ERROR:
+ msg = "Buffer error in compressed datastream in %s chunk";
+ break;
+ case Z_DATA_ERROR:
+ msg = "Data error in compressed datastream in %s chunk";
+ break;
+ default:
+ msg = "Incomplete compressed datastream in %s chunk";
+ break;
+ }
+
+ snprintf(umsg, sizeof umsg, msg, png_ptr->chunk_name);
+ msg = umsg;
+#else
+ msg = "Damaged compressed datastream in chunk other than IDAT";
+#endif
+ }
+
+ png_warning(png_ptr, msg);
+ }
+
+ /* 0 means an error - notice that this code simple ignores
+ * zero length compressed chunks as a result.
+ */
+ return 0;
+ }
+}
+
/*
* Decompress trailing data in a chunk. The assumption is that chunkdata
* points at an allocated area holding the contents of a chunk with a
@@ -181,156 +270,93 @@
png_charp chunkdata, png_size_t chunklength,
png_size_t prefix_size, png_size_t *newlength)
{
- static char msg[] = "Error decoding compressed text";
- png_charp text;
- png_size_t text_size;
-
- if (comp_type == PNG_COMPRESSION_TYPE_BASE)
+ /* The caller should guarantee this */
+ if (prefix_size > chunklength)
{
- int ret = Z_OK;
- png_ptr->zstream.next_in = (png_bytep)(chunkdata + prefix_size);
- png_ptr->zstream.avail_in = (uInt)(chunklength - prefix_size);
- png_ptr->zstream.next_out = png_ptr->zbuf;
- png_ptr->zstream.avail_out = (uInt)png_ptr->zbuf_size;
-
- text_size = 0;
- text = NULL;
-
- while (png_ptr->zstream.avail_in)
- {
- ret = inflate(&png_ptr->zstream, Z_PARTIAL_FLUSH);
- if (ret != Z_OK && ret != Z_STREAM_END)
- {
- if (png_ptr->zstream.msg != NULL)
- png_warning(png_ptr, png_ptr->zstream.msg);
- else
- png_warning(png_ptr, msg);
- inflateReset(&png_ptr->zstream);
- png_ptr->zstream.avail_in = 0;
-
- if (text == NULL)
- {
- text_size = prefix_size + png_sizeof(msg) + 1;
- text = (png_charp)png_malloc_warn(png_ptr, text_size);
- if (text == NULL)
- {
- png_free(png_ptr,chunkdata);
- png_error(png_ptr,"Not enough memory to decompress chunk");
- }
- png_memcpy(text, chunkdata, prefix_size);
- }
-
- text[text_size - 1] = 0x00;
-
- /* Copy what we can of the error message into the text chunk */
- text_size = (png_size_t)(chunklength - (text - chunkdata) - 1);
- text_size = png_sizeof(msg) > text_size ? text_size :
- png_sizeof(msg);
- png_memcpy(text + prefix_size, msg, text_size + 1);
- break;
- }
- if (!png_ptr->zstream.avail_out || ret == Z_STREAM_END)
- {
- if (text == NULL)
- {
- text_size = prefix_size +
- png_ptr->zbuf_size - png_ptr->zstream.avail_out;
- text = (png_charp)png_malloc_warn(png_ptr, text_size + 1);
- if (text == NULL)
- {
- png_free(png_ptr,chunkdata);
- png_error(png_ptr,"Not enough memory to decompress chunk.");
- }
- png_memcpy(text + prefix_size, png_ptr->zbuf,
- text_size - prefix_size);
- png_memcpy(text, chunkdata, prefix_size);
- *(text + text_size) = 0x00;
- }
- else
- {
- png_charp tmp;
-
- tmp = text;
- text = (png_charp)png_malloc_warn(png_ptr,
- (png_uint_32)(text_size +
- png_ptr->zbuf_size - png_ptr->zstream.avail_out + 1));
- if (text == NULL)
- {
- png_free(png_ptr, tmp);
- png_free(png_ptr, chunkdata);
- png_error(png_ptr,"Not enough memory to decompress chunk..");
- }
- png_memcpy(text, tmp, text_size);
- png_free(png_ptr, tmp);
- png_memcpy(text + text_size, png_ptr->zbuf,
- (png_ptr->zbuf_size - png_ptr->zstream.avail_out));
- text_size += png_ptr->zbuf_size - png_ptr->zstream.avail_out;
- *(text + text_size) = 0x00;
- }
- if (ret == Z_STREAM_END)
- break;
- else
- {
- png_ptr->zstream.next_out = png_ptr->zbuf;
- png_ptr->zstream.avail_out = (uInt)png_ptr->zbuf_size;
- }
- }
+ /* The recovery is to delete the chunk. */
+ png_warning(png_ptr, "invalid chunklength");
+ prefix_size = 0; /* To delete everything */
+ }
+
+ else if (comp_type == PNG_COMPRESSION_TYPE_BASE)
+ {
+ png_size_t expanded_size = png_inflate(png_ptr,
+ (png_bytep)(chunkdata + prefix_size),
+ chunklength - prefix_size,
+ 0/*output*/, 0/*output size*/);
+
+ /* If the size is zero either there was an error and a message
+ * has already been output (warning) or the size really is zero
+ * and we have nothing to do - the code will exit through the
+ * error case below.
+ */
+ if (expanded_size > 0)
+ {
+ /* Success (maybe) - really uncompress the chunk. */
+ png_size_t new_size = 0;
+ png_charp text = png_malloc_warn(png_ptr,
+ prefix_size + expanded_size + 1);
+
+ if (text != NULL)
+ {
+ png_memcpy(text, chunkdata, prefix_size);
+ new_size = png_inflate(png_ptr,
+ (png_bytep)(chunkdata + prefix_size),
+ chunklength - prefix_size,
+ (png_bytep)(text + prefix_size), expanded_size);
+ text[prefix_size + expanded_size] = 0; /* just in case */
+
+ if (new_size == expanded_size)
+ {
+ png_free(png_ptr, chunkdata);
+ chunkdata = text;
+ *newlength = prefix_size + expanded_size;
+ return chunkdata; /* The success return! */
+ }
+
+ png_warning(png_ptr, "png_inflate logic error");
+ png_free(png_ptr, text);
+ }
+ else
+ png_warning(png_ptr, "Not enough memory to decompress chunk.");
}
- if (ret != Z_STREAM_END)
- {
-#if !defined(PNG_NO_STDIO) && !defined(_WIN32_WCE)
- char umsg[52];
-
- if (ret == Z_BUF_ERROR)
- sprintf(umsg,"Buffer error in compressed datastream in %s chunk",
- png_ptr->chunk_name);
- else if (ret == Z_DATA_ERROR)
- sprintf(umsg,"Data error in compressed datastream in %s chunk",
- png_ptr->chunk_name);
- else
- sprintf(umsg,"Incomplete compressed datastream in %s chunk",
- png_ptr->chunk_name);
- png_warning(png_ptr, umsg);
-#else
- png_warning(png_ptr,
- "Incomplete compressed datastream in chunk other than IDAT");
-#endif
- text_size=prefix_size;
- if (text == NULL)
- {
- text = (png_charp)png_malloc_warn(png_ptr, text_size+1);
- if (text == NULL)
- {
- png_free(png_ptr, chunkdata);
- png_error(png_ptr,"Not enough memory for text.");
- }
- png_memcpy(text, chunkdata, prefix_size);
- }
- *(text + text_size) = 0x00;
- }
-
- inflateReset(&png_ptr->zstream);
- png_ptr->zstream.avail_in = 0;
-
- png_free(png_ptr, chunkdata);
- chunkdata = text;
- *newlength=text_size;
}
+
else /* if (comp_type != PNG_COMPRESSION_TYPE_BASE) */
{
-#if !defined(PNG_NO_STDIO) && !defined(_WIN32_WCE)
char umsg[50];
- sprintf(umsg, "Unknown zTXt compression type %d", comp_type);
+#if !defined(PNG_NO_STDIO) && !defined(_WIN32_WCE)
+ snprintf(umsg, sizeof umsg, "Unknown zTXt compression type %d", comp_type);
png_warning(png_ptr, umsg);
#else
png_warning(png_ptr, "Unknown zTXt compression type");
#endif
- *(chunkdata + prefix_size) = 0x00;
- *newlength=prefix_size;
+ /* The recovery is to simply drop the data. */
+ }
+
+ /* Generic error return - leave the prefix, delete the compressed
+ * data, reallocate the chunkdata to remove the potentially large
+ * amount of compressed data.
+ */
+ {
+ png_charp text = png_malloc_warn(png_ptr, prefix_size + 1);
+ if (text != NULL)
+ {
+ if (prefix_size > 0)
+ png_memcpy(text, chunkdata, prefix_size);
+ png_free(png_ptr, chunkdata);
+ chunkdata = text;
+
+ /* This is an extra zero in the 'uncompressed' part. */
+ *(chunkdata + prefix_size) = 0x00;
+ }
+ /* Ignore a malloc error here - it is safe. */
}
+ *newlength = prefix_size;
+
return chunkdata;
}
#endif
@@ -1037,7 +1063,7 @@
/* there should be at least one zero (the compression type byte)
following the separator, and we should be on it */
- if ( profile >= chunkdata + slength)
+ if ( profile >= chunkdata + slength - 1)
{
png_free(png_ptr, chunkdata);
png_warning(png_ptr, "Malformed iCCP chunk");
@@ -1141,7 +1167,7 @@
++entry_start;
/* a sample depth should follow the separator, and we should be on it */
- if (entry_start > chunkdata + slength)
+ if (entry_start > chunkdata + slength - 2)
{
png_free(png_ptr, chunkdata);
png_warning(png_ptr, "malformed sPLT chunk");
@@ -1234,9 +1260,15 @@
png_handle_tRNS(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
{
png_byte readbuf[PNG_MAX_PALETTE_LENGTH];
+ int bit_mask;
png_debug(1, "in png_handle_tRNS\n");
+ /* For non-indexed color, mask off any bits in the tRNS value that
+ * exceed the bit depth. Some creators were writing extra bits there.
+ * This is not needed for indexed color. */
+ bit_mask = (1 << png_ptr->bit_depth) - 1;
+
if (!(png_ptr->mode & PNG_HAVE_IHDR))
png_error(png_ptr, "Missing IHDR before tRNS");
else if (png_ptr->mode & PNG_HAVE_IDAT)
@@ -1265,7 +1297,7 @@
png_crc_read(png_ptr, buf, 2);
png_ptr->num_trans = 1;
- png_ptr->trans_values.gray = png_get_uint_16(buf);
+ png_ptr->trans_values.gray = png_get_uint_16(buf) & bit_mask;
}
else if (png_ptr->color_type == PNG_COLOR_TYPE_RGB)
{
@@ -1279,9 +1311,9 @@
}
png_crc_read(png_ptr, buf, (png_size_t)length);
png_ptr->num_trans = 1;
- png_ptr->trans_values.red = png_get_uint_16(buf);
- png_ptr->trans_values.green = png_get_uint_16(buf + 2);
- png_ptr->trans_values.blue = png_get_uint_16(buf + 4);
+ png_ptr->trans_values.red = png_get_uint_16(buf) & bit_mask;
+ png_ptr->trans_values.green = png_get_uint_16(buf + 2) & bit_mask;
+ png_ptr->trans_values.blue = png_get_uint_16(buf + 4) & bit_mask;
}
else if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
{
@@ -1314,7 +1346,10 @@
}
if (png_crc_finish(png_ptr, 0))
+ {
+ png_ptr->num_trans = 0;
return;
+ }
png_set_tRNS(png_ptr, info_ptr, readbuf, png_ptr->num_trans,
&(png_ptr->trans_values));
@@ -1657,7 +1692,7 @@
buf++; /* Skip the null string terminator from previous parameter. */
png_debug1(3, "Reading pCAL parameter %d\n", i);
- for (params[i] = buf; *buf != 0x00 && buf <= endptr; buf++)
+ for (params[i] = buf; buf <= endptr && *buf != 0x00; buf++)
/* Empty loop to move past each parameter string */ ;
/* Make sure we haven't run out of data yet */
@@ -1717,6 +1752,7 @@
if (buffer == NULL)
{
png_warning(png_ptr, "Out of memory while processing sCAL chunk");
+ png_crc_finish(png_ptr, length);
return;
}
slength = (png_size_t)length;
@@ -1737,6 +1773,7 @@
if (*vp)
{
png_warning(png_ptr, "malformed width string in sCAL chunk");
+ png_free(png_ptr, buffer);
return;
}
#else
@@ -1745,6 +1782,7 @@
if (swidth == NULL)
{
png_warning(png_ptr, "Out of memory while processing sCAL chunk width");
+ png_free(png_ptr, buffer);
return;
}
png_memcpy(swidth, ep, (png_size_t)png_strlen(ep));
@@ -1755,19 +1793,38 @@
/* empty loop */ ;
ep++;
+ if (buffer + slength < ep)
+ {
+ png_warning(png_ptr, "Truncated sCAL chunk");
+#if defined(PNG_FIXED_POINT_SUPPORTED) && \
+ !defined(PNG_FLOATING_POINT_SUPPORTED)
+ png_free(png_ptr, swidth);
+#endif
+ png_free(png_ptr, buffer);
+ return;
+ }
+
#ifdef PNG_FLOATING_POINT_SUPPORTED
height = png_strtod(png_ptr, ep, &vp);
if (*vp)
{
png_warning(png_ptr, "malformed height string in sCAL chunk");
+ png_free(png_ptr, buffer);
+#if defined(PNG_FIXED_POINT_SUPPORTED) && !defined(PNG_FLOATING_POINT_SUPPORTED)
+ png_free(png_ptr, swidth);
+#endif
return;
}
#else
#ifdef PNG_FIXED_POINT_SUPPORTED
sheight = (png_charp)png_malloc_warn(png_ptr, png_strlen(ep) + 1);
- if (swidth == NULL)
+ if (sheight == NULL)
{
png_warning(png_ptr, "Out of memory while processing sCAL chunk height");
+ png_free(png_ptr, buffer);
+#if defined(PNG_FIXED_POINT_SUPPORTED) && !defined(PNG_FLOATING_POINT_SUPPORTED)
+ png_free(png_ptr, swidth);
+#endif
return;
}
png_memcpy(sheight, ep, (png_size_t)png_strlen(ep));
@@ -1978,10 +2035,11 @@
/* empty loop */ ;
/* zTXt must have some text after the chunkdataword */
- if (text == chunkdata + slength)
+ if (text >= chunkdata + slength - 2)
{
- comp_type = PNG_TEXT_COMPRESSION_NONE;
- png_warning(png_ptr, "Zero length zTXt chunk");
+ png_warning(png_ptr, "Truncated zTXt chunk");
+ png_free(png_ptr, chunkdata);
+ return;
}
else
{
@@ -2081,10 +2139,11 @@
translated keyword (possibly empty), and possibly some text after the
keyword */
- if (lang >= chunkdata + slength)
+ if (lang >= chunkdata + slength - 3)
{
- comp_flag = PNG_TEXT_COMPRESSION_NONE;
- png_warning(png_ptr, "Zero length iTXt chunk");
+ png_warning(png_ptr, "Truncated iTXt chunk");
+ png_free(png_ptr, chunkdata);
+ return;
}
else
{
@@ -2096,9 +2155,29 @@
/* empty loop */ ;
lang_key++; /* skip NUL separator */
+ if (lang_key >= chunkdata + slength)
+ {
+ png_warning(png_ptr, "Truncated iTXt chunk");
+ png_free(png_ptr, chunkdata);
+ return;
+ }
+
for (text = lang_key; *text; text++)
/* empty loop */ ;
text++; /* skip NUL separator */
+ if (text >= chunkdata + slength)
+ {
+ png_warning(png_ptr, "Malformed iTXt chunk");
+ png_free(png_ptr, chunkdata);
+ return;
+ }
+
+ if (text >= chunkdata + slength)
+ {
+ png_warning(png_ptr, "Malformed iTXt chunk");
+ png_free(png_ptr, chunkdata);
+ return;
+ }
prefix_len = text - chunkdata;
@@ -2183,30 +2262,40 @@
length = (png_uint_32)65535L;
}
#endif
- png_strcpy((png_charp)chunk.name, (png_charp)png_ptr->chunk_name);
- chunk.data = (png_bytep)png_malloc(png_ptr, length);
+ png_strncpy((png_charp)chunk.name, (png_charp)png_ptr->chunk_name, 4);
+ chunk.name[4] = '\0';
chunk.size = (png_size_t)length;
- png_crc_read(png_ptr, (png_bytep)chunk.data, length);
+ if (length == 0)
+ chunk.data = NULL;
+ else
+ {
+ chunk.data = (png_bytep)png_malloc(png_ptr, length);
+ png_crc_read(png_ptr, (png_bytep)chunk.data, length);
+ }
#if defined(PNG_READ_USER_CHUNKS_SUPPORTED)
if(png_ptr->read_user_chunk_fn != NULL)
{
/* callback to user unknown chunk handler */
- if ((*(png_ptr->read_user_chunk_fn)) (png_ptr, &chunk) <= 0)
+ int ret;
+ ret = (*(png_ptr->read_user_chunk_fn)) (png_ptr, &chunk);
+ if (ret < 0)
+ png_chunk_error(png_ptr, "error in user chunk");
+ if (ret == 0)
{
if (!(png_ptr->chunk_name[0] & 0x20))
if(png_handle_as_unknown(png_ptr, png_ptr->chunk_name) !=
PNG_HANDLE_CHUNK_ALWAYS)
- {
- png_free(png_ptr, chunk.data);
png_chunk_error(png_ptr, "unknown critical chunk");
- }
png_set_unknown_chunks(png_ptr, info_ptr, &chunk, 1);
+
}
}
- else
+#else
+ png_set_unknown_chunks(png_ptr, info_ptr, &chunk, 1);
+
#endif
- png_set_unknown_chunks(png_ptr, info_ptr, &chunk, 1);
png_free(png_ptr, chunk.data);
+ chunk.data = NULL;
}
else
#endif
@@ -2215,8 +2304,7 @@
png_crc_finish(png_ptr, skip);
#if !defined(PNG_READ_USER_CHUNKS_SUPPORTED)
- if (&info_ptr == NULL) /* quiet compiler warnings about unused info_ptr */
- return;
+ info_ptr = info_ptr; /* quiet compiler warnings about unused info_ptr */
#endif
}
@@ -3098,6 +3186,8 @@
png_error(png_ptr, "This image requires a row greater than 64KB");
#endif
png_ptr->big_row_buf = (png_bytep)png_malloc(png_ptr, row_bytes+64);
+ if (png_ptr->interlaced)
+ png_memset(png_ptr->big_row_buf, 0, row_bytes + 64);
png_ptr->row_buf = png_ptr->big_row_buf+32;
#if defined(PNG_DEBUG) && defined(PNG_USE_PNGGCCRD)
png_ptr->row_buf_size = row_bytes;
--- libpng-1.2.15~beta5.orig/png.5
+++ libpng-1.2.15~beta5/png.5
@@ -18,7 +18,11 @@
platforms.
.SH "SEE ALSO"
-.IR libpng(3), zlib(3), deflate(5), and zlib(5)
+.IR libpng (3),
+.IR zlib (3),
+.IR deflate (5),
+and
+.IR zlib (5)
.LP
PNG specification (second edition), November 2003:
.IP
--- libpng-1.2.15~beta5.orig/pngread.c
+++ libpng-1.2.15~beta5/pngread.c
@@ -1451,6 +1451,8 @@
#ifdef PNG_FREE_ME_SUPPORTED
info_ptr->free_me |= PNG_FREE_ROWS;
#endif
+ png_memset(info_ptr->row_pointers, 0, info_ptr->height
+ * png_sizeof(png_bytep));
for (row = 0; row < (int)info_ptr->height; row++)
{
info_ptr->row_pointers[row] = (png_bytep)png_malloc(png_ptr,
--- libpng-1.2.15~beta5.orig/libpng.txt
+++ libpng-1.2.15~beta5/libpng.txt
@@ -927,8 +927,9 @@
gray = (rw*red + gw*green + bw*blue)/65536;
The default values approximate those recommended in the Charles
-Poynton's Color FAQ,
-Copyright (c) 1998-01-04 Charles Poynton
+Poynton's Color FAQ,
+
+Copyright (c) 2002-12-16 Charles Poynton
Y = 0.212671 * R + 0.715160 * G + 0.072169 * B
--- libpng-1.2.15~beta5.orig/example.c
+++ libpng-1.2.15~beta5/example.c
@@ -342,6 +342,10 @@
/* The easiest way to read the image: */
png_bytep row_pointers[height];
+ /* Clear the pointer array */
+ for (row = 0; row < height; row++)
+ row_pointers[row] = NULL;
+
for (row = 0; row < height; row++)
{
row_pointers[row] = png_malloc(png_ptr, png_get_rowbytes(png_ptr,
--- libpng-1.2.15~beta5.orig/debian/libpng12-0.shlibs
+++ libpng-1.2.15~beta5/debian/libpng12-0.shlibs
@@ -0,0 +1,2 @@
+libpng12 0 libpng12-0 (>= 1.2.13-4)
+udeb: libpng12 0 libpng12-0-udeb (>= 1.2.13-4)
--- libpng-1.2.15~beta5.orig/debian/libpng12-dev.links
+++ libpng-1.2.15~beta5/debian/libpng12-dev.links
@@ -0,0 +1,3 @@
+/usr/share/doc/libpng12-0 /usr/share/doc/libpng12-dev
+/usr/share/man/man1/libpng12-config.1.gz /usr/share/man/man1/libpng-config.1.gz
+/usr/include/libpng12 /usr/include/libpng
--- libpng-1.2.15~beta5.orig/debian/libpng12-0.install
+++ libpng-1.2.15~beta5/debian/libpng12-0.install
@@ -0,0 +1 @@
+usr/lib/libpng12.so.0*
--- libpng-1.2.15~beta5.orig/debian/docs
+++ libpng-1.2.15~beta5/debian/docs
@@ -0,0 +1,3 @@
+libpng.txt
+README
+TODO
--- libpng-1.2.15~beta5.orig/debian/libpng12-0.docs
+++ libpng-1.2.15~beta5/debian/libpng12-0.docs
@@ -0,0 +1,5 @@
+README
+TODO
+ANNOUNCE
+KNOWNBUG
+libpng.txt
--- libpng-1.2.15~beta5.orig/debian/README.Debian
+++ libpng-1.2.15~beta5/debian/README.Debian
@@ -0,0 +1,31 @@
+libpng for Debian
+-----------------
+
+There have been changes in the way libpng is handled. Currently, there
+are 2 versions of libpng in Debian at a time : libpng10 and libpng12,
+formerly known as libpng2 and libpng3.
+
+* The libpng10-0 and libpng12-0 packages contain the runtime for apps
+ built with these new libraries.
+* libpng2 and libpng3 contain compatibility symlinks to let apps built
+ with older versions work correctly.
+* libpng10-dev and libpng12-dev are the corresponding development
+ packages. You should only use libpng10-dev to build packages using
+ gdk-imlib1.
+* libpng2-dev and libpng3-dev provide compatibility symlinks to build
+ applications still build-depending on those.
+
+A package linking with libpng should use as build-depends :
+* libpng-dev for small packages not depending on other libraries which
+ use or may use libpng.
+* libpng10-dev for packages also linking with gdk-imlib1 or gnome 1.
+* libpng12-dev for packages also linking with SDL, Gnome 2, Qt, or any
+ other library using libpng12.
+
+This version diverges from upstream in 3 ways :
+1) the library is explicitly linked with -lm -lz
+2) libpng.so.3 is just a compatibility symlink
+3) symbols are versioned
+
+ -- Junichi Uekawa , Mon Oct 28 2002 12:27:54
+ -- Josselin Mouette , Tue Jun 10 2003 18:16:17 +0200
--- libpng-1.2.15~beta5.orig/debian/libpng3.links
+++ libpng-1.2.15~beta5/debian/libpng3.links
@@ -0,0 +1,2 @@
+/usr/lib/libpng12.so.0 /usr/lib/libpng.so.3
+/usr/share/doc/libpng12-0 /usr/share/doc/libpng3
--- libpng-1.2.15~beta5.orig/debian/rules
+++ libpng-1.2.15~beta5/debian/rules
@@ -0,0 +1,112 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+# This file was originally written by Joey Hess and Craig Small.
+# As a special exception, when this file is copied by dh-make into a
+# dh-make output file, you may use that output file without restriction.
+# This special exception was added by Craig Small in version 0.37 of dh-make.
+
+# Uncomment this to turn on verbose mode.
+export DH_VERBOSE=1
+
+# These are used for cross-compiling and for saving the configure script
+# from having to guess our platform (since we know it already)
+DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+
+CFLAGS = -Wall -g
+
+ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+ CFLAGS += -O0
+else
+ CFLAGS += -O2
+endif
+
+# shared library versions, option 1
+#version=1.2.15
+#major=12
+# option 2, assuming the library is created as src/.libs/libfoo.so.2.0.5 or so
+#version=`ls src/.libs/lib*.so.* | \
+# awk '{if (match($$0,/[0-9]+\.[0-9]+\.[0-9]+$$/)) print substr($$0,RSTART)}'`
+#major=`ls src/.libs/lib*.so.* | \
+# awk '{if (match($$0,/\.so\.[0-9]+$$/)) print substr($$0,RSTART+4)}'`
+
+config.status: configure
+ dh_testdir
+ifneq "$(wildcard /usr/share/misc/config.sub)" ""
+ cp -f /usr/share/misc/config.sub config.sub
+endif
+ifneq "$(wildcard /usr/share/misc/config.guess)" ""
+ cp -f /usr/share/misc/config.guess config.guess
+endif
+ # Add here commands to configure the package.
+ ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info CFLAGS="$(CFLAGS)" LDFLAGS="-Wl,-z,defs"
+
+build: build-stamp
+build-stamp: config.status
+ dh_testdir
+
+ # Add here commands to compile the package.
+ $(MAKE)
+
+ touch $@
+
+clean:
+ dh_testdir
+ dh_testroot
+ rm -f build-stamp
+
+ # Add here commands to clean up after the build process.
+ -$(MAKE) distclean
+ifneq "$(wildcard /usr/share/misc/config.sub)" ""
+ rm -f config.sub
+endif
+ifneq "$(wildcard /usr/share/misc/config.guess)" ""
+ rm -f config.guess
+endif
+
+ dh_clean pngtest-static
+
+install: build
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+
+ # Add here commands to install the package into debian/tmp
+ $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install
+
+ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+ gcc -Wall -g -O2 -c -o pngtest.o pngtest.c
+ gcc -o pngtest -Wall -g -O2 pngtest.o -L.libs -lpng12
+ gcc -o pngtest-static -Wall -g -O2 pngtest.o .libs/libpng.a -lz -lm
+ LD_LIBRARY_PATH=".libs:" ./pngtest
+ ./pngtest-static
+endif
+
+# Build architecture-independent files here.
+binary-indep: build install
+# We have nothing to do by default.
+
+# Build architecture-dependent files here.
+binary-arch: build install
+ dh_testdir
+ dh_testroot
+ dh_link
+ dh_installchangelogs CHANGES
+ dh_installdocs
+ dh_installexamples example.c pngtest.c pngtest.png
+ dh_install --sourcedir=debian/tmp
+ dh_installman
+ dh_strip
+ dh_compress
+ dh_fixperms
+ dh_makeshlibs --add-udeb=libpng12-0-udeb
+ dh_installdeb
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install
--- libpng-1.2.15~beta5.orig/debian/libpng12-0.doc-base
+++ libpng-1.2.15~beta5/debian/libpng12-0.doc-base
@@ -0,0 +1,25 @@
+Document: libpng12
+Title: A description on how to use and modify libpng (version 1.2.X)
+Author: Glenn Randers-Pehrson
+Abstract: This file describes how to use and modify the PNG reference library
+ (known as libpng) for your own use. There are five sections to this
+ file: introduction, structures, reading, writing, and modification and
+ configuration notes for various special platforms. In addition to this
+ file, example.c is a good starting point for using the library, as
+ it is heavily commented and should include everything most people
+ will need. We assume that libpng is already installed; see the
+ INSTALL file for instructions on how to install libpng.
+ .
+ Libpng was written as a companion to the PNG specification, as a way
+ of reducing the amount of time and effort it takes to support the PNG
+ file format in application programs. The PNG specification is available
+ as RFC 2083 and as a
+ W3C Recommendation . Some
+ additional chunks are described in the special-purpose public chunks
+ documents at . Other information
+ about PNG, and the latest version of libpng, can be found at the PNG home
+ page, .
+Section: Apps/Programming
+
+Format: text
+Files: /usr/share/doc/libpng12-0/libpng.txt.gz
--- libpng-1.2.15~beta5.orig/debian/libpng12-config.1
+++ libpng-1.2.15~beta5/debian/libpng12-config.1
@@ -0,0 +1,58 @@
+.TH libpng12-config 1 "15 Jan 2003" "libpng" "Debian GNU/Linux"
+.SH NAME
+libpng12-config \- get information about installed libpng library
+.SH SYNOPSIS
+.B libpng12-config
+[\fIOPTION\fR] ...
+.SH DESCRIPTION
+Provides information about libpng library.
+
+Known values for OPTION are:
+.TP
+\fB\-\-prefix\fR
+print libpng prefix
+.TP
+\fB\-\-libdir\fR
+print path to directory containing library
+.TP
+\fB\-\-libs\fR
+print library linking information
+.TP
+\fB\-\-ccopts\fR
+print compiler options
+.TP
+\fB\-\-cppflags\fR
+print pre-processor flags
+.TP
+\fB\-\-cflags\fR
+print preprocessor flags, I_opts, and compiler options
+.TP
+\fB\-\-I_opts\fR
+print "-I" include options
+.TP
+\fB\-\-L_opts\fR
+print linker "-L" flags for dynamic linking
+.TP
+\fB\-\-R_opts\fR
+print dynamic linker "-R" or "-rpath" flags
+.TP
+\fB\-\-ldopts\fR
+print linker options
+.TP
+\fB\-\-ldflags\fR
+print linker flags (ldopts, L_opts, R_opts, and libs)
+.TP
+\fB\-\-static\fR
+revise subsequent outputs for static linking
+.TP
+\fB\-\-help\fR
+print this help and exit
+.TP
+\fB\-\-version\fR
+print version information
+.SH "AUTHOR"
+This manpage has been written by Junichi Uekawa
+for Debian GNU/Linux system, with the help of help2man, and
+may be used by others.
+
+
--- libpng-1.2.15~beta5.orig/debian/copyright.in
+++ libpng-1.2.15~beta5/debian/copyright.in
@@ -0,0 +1,14 @@
+This is the pre-packaged Debian Linux version of the libpng graphics
+library. It was packaged by Philippe Troin
+from sources originally retrieved from ftp://swrinde.nde.swri.edu/pub/png/src/
+
+The packaging itself is
+copyright (C) 2001 Philippe Troin ,
+copyright 2002 Junichi Uekawa ,
+copyright 2003 Josselin Mouette and
+copyright 2006 Anibal Monsalve Salazar .
+It is licensed under the GNU General Public License. On
+Debian systems, the GPL is in /usr/share/common-licenses/GPL.
+
+Here is the copyright and license for libpng:
+
--- libpng-1.2.15~beta5.orig/debian/changelog
+++ libpng-1.2.15~beta5/debian/changelog
@@ -0,0 +1,786 @@
+libpng (1.2.15~beta5-3ubuntu0.3) hardy-security; urgency=low
+
+ * SECURITY UPDATE: arbitrary code execution from additional data row via
+ malformed PNG image
+ - pngpread.c: check for unexpected data after the last row.
+ - patch backported from 1.2.44
+ - CVE-2010-1205
+ * SECURITY UPDATE: denial of service via memory leak from malformed sCAL
+ chunks
+ - pngrutil.c: properly free memory
+ - patch backported from 1.2.44
+ - CVE-2010-2249
+
+ -- Marc Deslauriers Mon, 05 Jul 2010 13:09:25 -0400
+
+libpng (1.2.15~beta5-3ubuntu0.2) hardy-security; urgency=low
+
+ * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
+ - pngrutil.c: use new two-pass decompression method backported from
+ 1.2.43
+ - CVE-2010-0205
+ * SECURITY UPDATE: information disclosure via 1-bit interlaced images
+ - pngrutil.c: initialize memory if interlaced
+ - CVE-2009-2042
+
+ -- Marc Deslauriers Mon, 15 Mar 2010 11:10:10 -0400
+
+libpng (1.2.15~beta5-3ubuntu0.1) hardy-security; urgency=low
+
+ * SECURITY UPDATE: denial of service and possible execution of arbitrary
+ code via crafted image (LP: #338027)
+ - initialize pointers in pngread.c, pngrtans.c, pngset.c and example.c
+ - CVE-2009-0040
+ * SECURITY UPDATE: denial of service and possible execution of arbitrary
+ code via crafted image (LP: #217128)
+ - initialize "unknown" chunks in pngpread.c, pngrutil.c and pngset.c
+ - CVE-2008-1382
+ * SECURITY UPDATE: denial of service via off-by-one error
+ - shorten tIME_string to 29 bytes in pngtest.c
+ - CVE-2008-3964
+ * SECURITY UPDATE: denial of service via incorrect memory assignment
+ (LP: #324258)
+ - update pngwutil.c to properly set new_key to NULL string
+ - CVE-2008-5907
+ * SECURITY UPDATE: denial of service via a crafted PNG image
+ - fix for pngset.c to properly check palette size in png_set_hIST
+ - CVE-2007-5268
+ * SECURITY UPDATE: denial of service via a crafted PNG image
+ - fix for pngpread.c and pngrutil.c to properly do bounds checking on read
+ operations. Previous version only had a partial fix.
+ - CVE-2007-5269
+
+ -- Jamie Strandboge Thu, 05 Mar 2009 06:39:46 -0600
+
+libpng (1.2.15~beta5-3) unstable; urgency=high
+
+ * ACKed NMU.
+ * Fixed out-of-bounds read operations triggered by crafted
+ png image files (CVE-2007-5269) (Closes: #446308).
+
+ -- Anibal Monsalve Salazar Sun, 14 Oct 2007 09:55:00 +1000
+
+libpng (1.2.15~beta5-2.1) unstable; urgency=high
+
+ * Non-maintainer upload by testing security team.
+ * Fixed out-of-bounds read operations triggered by crafted
+ png image files (CVE-2007-5269) (Closes: #446308).
+
+ -- Nico Golde Sun, 14 Oct 2007 01:12:51 +0200
+
+libpng (1.2.15~beta5-2) unstable; urgency=high
+
+ * It seems that a grayscale image with a malformed (bad CRC) tRNS
+ chunk will crash libpng and mozilla. Closes: #424729.
+ - CVE-2007-2445
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2445
+ - CERT Vulnerability Note VU#684664
+ http://www.kb.cert.org/vuls/id/684664
+
+ -- Anibal Monsalve Salazar Wed, 09 May 2007 17:34:02 +1000
+
+libpng (1.2.15~beta5-1) unstable; urgency=low
+
+ * Applied legacy_symbols.patch.
+ * Changed shlibs dependecy versions to ">= 1.2.13-4".
+ * libpng12-0: Added the following conflicts: mzscheme (<= 1:209-5),
+ pngcrush (<= 1.5.10-2), pngmeta (<= 1.11-3), qemacs (<= 0.3.1-5),
+ povray-3.5 (<= 3.5.0c-10).
+
+ -- Anibal Monsalve Salazar Wed, 20 Dec 2006 10:24:18 +1100
+
+libpng (1.2.15~beta5-0) unstable; urgency=high
+
+ * New upstream release.
+ - Fixed asm API functions not exported on amd64. Closes: #401044.
+ - Fixed "libpng hangs when saving profile". Closes: #401423.
+ * Fixed "Incorrect shlibs information". Closes: #401465.
+ * Removed patches for png.h and pngconf.h.
+ * Updated debian/watch.
+
+ -- Anibal Monsalve Salazar Sun, 03 Dec 2006 14:47:41 +1100
+
+libpng (1.2.13-4) unstable; urgency=low
+
+ * Removed drop_pass_width patch. Closes: #399499.
+
+ -- Anibal Monsalve Salazar Tue, 21 Nov 2006 19:07:43 +1100
+
+libpng (1.2.13-3) unstable; urgency=low
+
+ * libpng12-dev: removed the conflict with libpng3-dev.
+
+ -- Anibal Monsalve Salazar Sun, 19 Nov 2006 16:36:02 +1100
+
+libpng (1.2.13-2) unstable; urgency=low
+
+ * Put back binary package libpng3.
+
+ -- Anibal Monsalve Salazar Sun, 19 Nov 2006 15:32:39 +1100
+
+libpng (1.2.13-1) unstable; urgency=low
+
+ * Fixed conflict with the new libpng package. Closes: #399296.
+ * Fixed png.5 man page formatting. Closes: #353061.
+ Patch by Kevin Ryde .
+
+ -- Anibal Monsalve Salazar Sun, 19 Nov 2006 13:55:17 +1100
+
+libpng (1.2.13-0) unstable; urgency=high
+
+ * New upstream release.
+ * CVE-2006-5793: Fixed a new security issue regarding malformed
+ sPLT chunks. Closes: #398706.
+ * Transitional package libpng3 is not shipped anymore.
+ Closes: #369104.
+
+ -- Anibal Monsalve Salazar Sun, 19 Nov 2006 09:02:09 +1100
+
+libpng (1.2.12-0) unstable; urgency=high
+
+ * New upstream release. Closes: #366070.
+ * CVE-2006-3334: Fixed Buffer overflow in the png_decompress_chunk
+ function in pngrutil.c in libpng before 1.2.12 allows
+ context-dependent attackers to cause a denial of service and
+ possibly execute arbitrary code via unspecified vectors related
+ to "chunk error processing," possibly involving the "chunk_name".
+ Closes: #397892.
+ * Removed debian/x86_patches/pnggccrd-PIC.patch as it's merged
+ upstream.
+
+ -- Anibal Monsalve Salazar Thu, 09 Nov 2006 19:25:08 +1100
+
+libpng (1.2.8rel-7) unstable; urgency=low
+
+ * New maintainer. Closes: #393109.
+ * ACK NMUs. Closes: #378463, #377298, #356252.
+ * debian/control:
+ - set Standards-Version to 3.7.2.
+ - set Priority to extra for libpng12-0-udeb.
+ - added ${misc:Depends} to libpng12-0 and libpng12-0-udeb
+ dependency lists.
+ * Added debian/watch file.
+
+ -- Anibal Monsalve Salazar Mon, 16 Oct 2006 17:34:58 +1000
+
+libpng (1.2.8rel-6) unstable; urgency=low
+
+ * Orphaning package.
+
+ -- Josselin Mouette Sun, 15 Oct 2006 03:22:24 +0200
+
+libpng (1.2.8rel-5.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Backport changes from 1.2.12 to fix a buffer overflow in
+ png_decompress_chunk; patch by Alec Berryman. [CVE-2006-3334]
+ (Closes: #377298)
+
+ -- Steinar H. Gunderson Sun, 16 Jul 2006 16:27:56 +0200
+
+libpng (1.2.8rel-5.1) unstable; urgency=low
+
+ * Non Maintainer Upload (closes: #356252).
+ * Add support for udeb dependency resolution in shlibs file.
+ * Update debhelper compatibility to level 5.
+
+ -- Frans Pop Thu, 30 Mar 2006 11:46:39 +0200
+
+libpng (1.2.8rel-5) unstable; urgency=low
+
+ * drop_pass_width.patch: don't export png_pass_width, it's absolutely
+ unnecessary.
+ * libpng12-0.shlibs: downgrade the shlibs accordingly
+ (closes: #331383).
+
+ -- Josselin Mouette Mon, 3 Oct 2005 20:18:43 +0200
+
+libpng (1.2.8rel-4) unstable; urgency=low
+
+ * makefile.patch:
+ + Use PNG_PRIVATE to get the list of private symbols as well. It
+ sucks, but they've been there for too long (closes: #329886).
+ + Use mawk instead of awk (closes: #329812).
+ * control: build-depend on mawk.
+ * rules:
+ + Use -O2, not -O3.
+ + Actually run the tests.
+ + Make use of x86_patches/ on x86 architectures.
+ * x86_patches/mmxbuild.patch: build MMX routines in pnggccrd.c.
+ * x86_patches/pnggccrd-PIC.patch: patch from Christian Aichinger
+ to make the assembly routines PIC-compatible.
+ * libpng12-0.shlibs: bump the shlibs version.
+
+ -- Josselin Mouette Sun, 25 Sep 2005 15:25:34 +0200
+
+libpng (1.2.8rel-3) unstable; urgency=low
+
+ * Upload to unstable.
+ * Rename the source package to libpng.
+
+ -- Josselin Mouette Thu, 22 Sep 2005 18:24:37 +0200
+
+libpng3 (1.2.8rel-2) experimental; urgency=low
+
+ * makefile.patch:
+ + now patch makefile.elf, so that only public symbols are truly
+ exported.
+ + shorten the differences as much as possible.
+ * rules: use makefile.elf now.
+ * Move libpng3 to oldlibs.
+ * Entirely remove libpng3-dev, making libpng12-dev provide it
+ (closes: #322051).
+ * poynton.patch: correct Charles Poynton's address (closes: #289437).
+ * Don't run the test when cross-building (closes: #285427).
+ * setjmp_error.patch: don't stop when we are not using _BSD_SOURCE, as
+ in this case this is harmless (closes: #299343).
+ * libpng3.postinst: removed, the fix is in sarge.
+ * Standards-version is 3.6.2.
+ * legacy_symbols.patch: still export png_read_destroy and
+ png_write_destroy, which are deprecated but should nevertheless be
+ accessible.
+
+ -- Josselin Mouette Tue, 13 Sep 2005 02:07:16 +0200
+
+libpng3 (1.2.8rel-1) unstable; urgency=medium
+
+ * New upstream release.
+ * read_transformations.patch: removed, included upstream.
+ * libpng12-0.shlibs: Update to version 1.2.8rel, new flags seem to have been
+ added.
+
+ -- Josselin Mouette Sat, 4 Dec 2004 15:54:53 +0100
+
+libpng3 (1.2.8beta5-2) unstable; urgency=medium
+
+ * read_transformations.patch: fix segmentation fault with latex
+ (closes: #281789) and totem (closes: #278618).
+
+ -- Josselin Mouette Thu, 25 Nov 2004 16:49:28 +0100
+
+libpng3 (1.2.8beta5-1) unstable; urgency=medium
+
+ * New upstream release.
+ + Correct segmentation violation in png_combine_row.
+ Closes: #278526, #278917, #278921, #279258, #281789, #282368.
+
+ -- Josselin Mouette Wed, 24 Nov 2004 13:53:49 +0100
+
+libpng3 (1.2.7-1) unstable; urgency=medium
+
+ * New upstream release (closes: #278308).
+ * libpng12-0.shlibs: update shlibs to version 1.2.7.
+ * Remove all security fixed, they are included upstream.
+
+ -- Josselin Mouette Tue, 26 Oct 2004 13:40:25 +0200
+
+libpng3 (1.2.5.0-9) unstable; urgency=high
+
+ * CAN-2004-0954.patch: removed, this is already fixed in
+ CAN-2004-0597_0598_0599.patch.
+
+ -- Josselin Mouette Tue, 19 Oct 2004 10:52:28 +0200
+
+libpng3 (1.2.5.0-8) unstable; urgency=high
+
+ * Switch to CDBS.
+ + Ship modifications and security fixes in debian/patches.
+ + debian/rules: rewritten.
+ + debian/control: build-depend on cdbs.
+ + debian/libpng12-0.shlibs: new.
+ * setjmp_error.patch: port explanation of the error when including setjmp.h
+ from libpng10, thanks Matijs van Zuijlen
+ (closes: #273473).
+ * CAN-2004-0954.patch: fix buffer overflow vulnerability in
+ png_handle_tRNS().
+ * CAN-2004-0955.patch: fix integer arithmetic overflow vulnerability in
+ png_read_png().
+
+ -- Josselin Mouette Thu, 14 Oct 2004 20:06:08 +0200
+
+libpng3 (1.2.5.0-7) unstable; urgency=high
+
+ * pngrtran.c: applied upstream patch 4 to fix incorrect calculation of
+ buffer offsets [CAN-2004-0768].
+ * png.h, pngpread.c, pngrutil.c: patch from Chris Evans
+ to fix several vulnerabilities (closes: #263500):
+ + libpng fails to properly check length on PNG data [CAN-2004-0597].
+ + libpng "png_handle_sBIT" does not perform proper checks to avoid stack
+ buffer overflow [CAN-2004-0597].
+ + libpng "png_handle_iCCP" possible NULL-pointer crash
+ [CAN-2004-0598].
+ + libpng "png_handle_sPLT" possible integer overflow
+ [CAN-2004-0599].
+ + libpng "png_read_png" does not properly handle a PNG with excessive
+ height (integer overflow) [CAN-2004-0599].
+ + libpng progressive reading integer overflow [CAN-2004-0599].
+
+ -- Josselin Mouette Thu, 5 Aug 2004 12:37:32 +0200
+
+libpng3 (1.2.5.0-6) unstable; urgency=high
+
+ * pngerror.c: applied patch by Steve Grubb to
+ fix unintended memory access that could result in a crash of the
+ application linking against libpng [CAN-2004-0421].
+
+ -- Josselin Mouette Tue, 20 Apr 2004 13:39:02 +0200
+
+libpng3 (1.2.5.0-5) unstable; urgency=low
+
+ * Use debhelper 4.2, which generates the udeb appropriately.
+ * Update control and rules appropriately.
+ * Don't use ${shlibs:Depends} for the udeb, rather write the
+ dependencies by hand.
+ * Standards-version is 3.6.1.
+
+ -- Josselin Mouette Fri, 20 Feb 2004 19:23:05 +0100
+
+libpng3 (1.2.5.0-4) unstable; urgency=low
+
+ * scripts/makefile.linux: use versioned dependencies
+ (closes: #155891).
+ * debian/rules: bump dependency for dh_makeshlibs.
+ * add the libpng.a link in libpng12-dev.
+ * Rework scripts/makefile.linux to make it more consistent.
+ * Update stuff in debian/ accordingly.
+ * Updated README.Debian.
+
+ -- Josselin Mouette Tue, 10 Jun 2003 18:14:32 +0200
+
+libpng3 (1.2.5.0-3) unstable; urgency=low
+
+ * Make libpng3{,-dev} depend on libpng12-{0,dev} >= 1.2.5.0-2 instead
+ of the strict source version.
+ * Move /usr/share/doc/libpng3{,-dev} into symlinks at postinst time
+ when directories already exist.
+ * debian/rules: install correctly doc-base stuff.
+ * debian/libpng12-dev.doc-base: updated URIs.
+
+ -- Josselin Mouette Tue, 6 May 2003 19:44:59 +0200
+
+libpng3 (1.2.5.0-2) unstable; urgency=low
+
+ * scripts/{makefile.linux,libpng-config-body.in}: correct the
+ libpng12-config script.
+ * Install correctly pkg-config stuff (closes: #191081).
+ * Make libpng12-dev conflict explicitly with libpng12-0-dev.
+ * Update README.Debian.
+
+ -- Josselin Mouette Mon, 28 Apr 2003 19:42:15 +0200
+
+libpng3 (1.2.5.0-1) unstable; urgency=low
+
+ * New maintainer.
+ * Use real upstream tarball from 1.2.5 release.
+ * Use dpkg-source's way instead of dpatch for patching.
+ * A bit of rework in debian/rules, use dh_install and debhelper 4.
+ * Standards-version is 3.5.9.
+ * The -dev package is now named libpng12-dev (stop using the
+ libpkg-guide way).
+ * libpng3 is now arch-independent.
+ * Improved descriptions a bit.
+ * Don't supply libpngpf.3, it is not useful to programmers.
+
+ -- Josselin Mouette Wed, 16 Apr 2003 18:41:02 +0200
+
+libpng3 (1.2.5-11) unstable; urgency=low
+
+ * Add udeb (closes: #174842)
+ * Add missing section on source files.
+
+ -- Junichi Uekawa Mon, 31 Mar 2003 00:28:06 +0900
+
+libpng3 (1.2.5-10) unstable; urgency=low
+
+ * Rebuild with d-shlibs with fixed "libgcc_s1-dev" handling (for gcc-3.2).
+ (closes: #178070), build-depend on d-shlibs 0.10 or greater.
+
+ -- Junichi Uekawa Fri, 24 Jan 2003 12:23:35 +0900
+
+libpng3 (1.2.5-9) unstable; urgency=low
+
+ * Use dpatch for patch system -- divide Debian patch, and security fix patch.
+ * Standards-Version: 3.5.8
+ * add manual page libpng-config.1 and libpng12-config.1
+
+ -- Junichi Uekawa Wed, 15 Jan 2003 17:55:17 +0900
+
+libpng3 (1.2.5-8) unstable; urgency=low
+
+ * Sorry folks, I made a mistake.
+ * Forward-port of patch from the Security Team,
+ really apply what was there. (closes: #172868,#172871)
+
+ -- Junichi Uekawa Fri, 13 Dec 2002 16:12:01 +0900
+
+libpng3 (1.2.5-7) unstable; urgency=high
+
+ * Forward-port of patch from the Security Team
+ * Applied patch to pngrtran.c by Glenn Randers-Pehrson
+ to fix a buffer overrun.
+
+ -- Junichi Uekawa Thu, 12 Dec 2002 20:36:28 +0900
+
+libpng3 (1.2.5-6) unstable; urgency=low
+
+ * Typo in scripts/makefile.linux.
+ Mistake. -lz and -lm weren't happening.
+ * Change LDFLAGS to not list -lz -lm, so that testsuite will catch such error.
+ * set prefix=/usr/ in scripts/makefile.linux, since it was set to usr/local.
+
+ -- Junichi Uekawa Wed, 30 Oct 2002 20:54:54 +0900
+
+libpng3 (1.2.5-5) unstable; urgency=low
+
+ * scripts/makefile.linux: LIBADDFLAGS introduced, for shared library lib additional
+ flags, and use that for shared library.
+ - this should fix build failure (closes: #166704)
+ Thanks Daniel Schepler for reporting.
+ * updated copyright file to note that libpng3 in Debian is patched to
+ link with -lz -lm.
+
+ -- Junichi Uekawa Mon, 28 Oct 2002 12:25:57 +0900
+
+libpng3 (1.2.5-4) unstable; urgency=low
+
+ * Trying to fix the problem that libpng3 seems to be not linked against libz.
+ LDFLAGS was defined but not being used.
+ Thanks Mike Furr for reporting (closes: #166489)
+
+ -- Junichi Uekawa Sun, 27 Oct 2002 16:07:54 +0900
+
+libpng3 (1.2.5-3) unstable; urgency=low
+
+ * Fixed description, I mixed up the -devel and non-devel
+ packages.
+ * updated README.Debian.
+
+ -- Junichi Uekawa Thu, 24 Oct 2002 18:56:34 +0900
+
+libpng3 (1.2.5-2) unstable; urgency=low
+
+ * careless mistake :(
+ * reinstall libpng.so symlink in libpng-12-0-dev package.
+ Otherwise other packages won't build ...
+
+ -- Junichi Uekawa Wed, 23 Oct 2002 16:46:23 +0900
+
+libpng3 (1.2.5-1) unstable; urgency=low
+
+ * New upstream version (closes: #163425)
+ * re-patched makefile.linux to work with system zlib,
+ added workaround to set CFLAGS, and remove rpath settings from LDFLAGS
+ * Use debhelper.
+ * No longer create /usr/doc symlinks.
+ * Standards-Version: 3.5.7
+
+ -- Junichi Uekawa Tue, 22 Oct 2002 21:05:33 +0900
+
+libpng3 (1.2.1-5) unstable; urgency=low
+
+ * Not yet released.
+ * Change priority from standard to optional.
+
+ -- Junichi Uekawa Sun, 15 Sep 2002 15:39:12 +0900
+
+libpng3 (1.2.1-4) unstable; urgency=low
+
+ * change -dev dependency of libc6-dev to libc-dev
+
+ -- Junichi Uekawa Fri, 13 Sep 2002 18:40:53 +0900
+
+libpng3 (1.2.1-3) unstable; urgency=low
+
+ * Security fix backported from 1.2.4. Check bounds of variables.
+ (closes: #155403)
+
+ -- Junichi Uekawa Wed, 7 Aug 2002 17:30:32 +0900
+
+libpng3 (1.2.1-2) unstable; urgency=low
+
+ * New maintainer (closes: #151343)
+ * apply buffer overflow patch for interlaced png files (closes: #150595)
+ * update description for libpng3-dev.
+ * change libpng-dev to libpng3-dev
+
+ -- Junichi Uekawa Thu, 25 Jul 2002 16:28:24 +0900
+
+libpng3 (1.2.1-1.1) unstable; urgency=low
+
+ * NMU
+ * Provides: libpng2-dev has been changed to Provides: libpng3-dev
+ libpng2-dev can be put back in when some kind of sane transition has
+ finished.
+ (closes: #128384, #128871, #129268, #129269)
+
+ -- Junichi Uekawa Tue, 12 Feb 2002 02:31:53 +0900
+
+libpng3 (1.2.1-1) unstable; urgency=low
+
+ * New upstream version; closes: #125679.
+ * New source package name: libpng3.
+ * Renamed libpng-dev to libpng-dev to avoid having to maintain several
+ development packages (the -dev is source compatible).
+ * Moved png.5 into the -dev package.
+ * Added a Replaces: libpng2 to libpng-dev so that we can steal the png.5
+ manpage without fuss.
+ * Changed debian/shlibs for libpng3.
+ * Compress examples/pngtest.c.
+
+ -- Philippe Troin Tue, 18 Dec 2001 20:01:04 -0800
+
+libpng (1.0.12-3) unstable; urgency=low
+
+ * Moved the png.5 manpage to the dev package to allow multiple libpng
+ packages installed at the same time.
+
+ -- Philippe Troin Tue, 18 Dec 2001 23:58:25 -0800
+
+libpng (1.0.12-2) unstable; urgency=low
+
+ * Changed libpng2-dev's section to devel to resync with override file.
+ * Fixed upstream version detection in debian/rules; closes: #105931.
+
+ -- Philippe Troin Sun, 29 Jul 2001 11:52:40 -0700
+
+libpng (1.0.12-1) unstable; urgency=low
+
+ * New upstream release; closes: #105354.
+ * Bumped dependency information in debian/shlibs to libpng >= 1.0.12
+ since there were some non-backwards compatible changes to the API.
+ * Added support for DEB_BUILD_OPTIONS and get-orig-source to debian/rules.
+ * Added call to ldconfig on postrm's remove.
+ * Removed INSTALL file from /usr/share/doc/libpng2.
+ * Bumped standards version to 3.5.5.0.
+
+ -- Philippe Troin Tue, 17 Jul 2001 23:32:36 -0700
+
+libpng (1.0.11-1) unstable; urgency=low
+
+ * New upstream release.
+
+ -- Philippe Troin Wed, 2 May 2001 20:43:51 -0700
+
+libpng (1.0.10-2) unstable; urgency=low
+
+ * Force recompile because of bad sparc package.
+ * Libpng2's priority changed to standard to comply with the override file.
+
+ -- Philippe Troin Tue, 24 Apr 2001 11:49:31 -0700
+
+libpng (1.0.10-1) unstable; urgency=low
+
+ * New upstream release.
+ * Changed shlib to depend on libpng2 (>= 2.0.10) because of
+ non-backwards compatible changes.
+
+ -- Philippe Troin Sun, 22 Apr 2001 22:48:30 -0700
+
+libpng (1.0.8-1) unstable; urgency=low
+
+ * Changed the doc-base type from 'test' to 'text'; closes: #59877.
+ * New upstream relase 1.0.8; closes: #70464.
+ * Updated copyright notice.
+ * Removed Y2kINFO from the doc directory.
+ * Added pngtest.c in examples; closes: #65229.
+ * Updated to standards version 3.2.1.0.
+ * Added build-depends line in control file; closes: #69291.
+
+ -- Philippe Troin Mon, 11 Sep 2000 23:19:12 -0700
+
+libpng (1.0.5-1) frozen unstable; urgency=low
+
+ * Maintainer upload (closes: #48244, #48246).
+ * Added some extra explanations for the setjmp.h mess (closes: #56759),
+ see pngconf.h for details.
+
+ -- Philippe Troin Mon, 28 Feb 2000 13:53:22 -0800
+
+libpng (1.0.5-0.1) unstable; urgency=low
+
+ * Non-maintainer release.
+ * New upstream release. (closes:Bug#48244).
+ * Remove versioned depend from shlibs (closes:Bug#48246).
+
+ -- Joel Klecker Sat, 30 Oct 1999 08:12:53 -0700
+
+libpng (1.0.3-1) unstable; urgency=low
+
+ * New upstream version (1.0.3); Closes: #31870, #46333.
+ * Maintainer upload, closes NMU bugs; Closes: #28412, #31523, #31690.
+ * FHS compliant.
+ * New standard-version 3.0.1.
+ * Lintian clean.
+ * Removed temporary zlib1g line in control file (used to be a bug in
+ zlib1g).
+ * Moved the documentation file to the -dev package.
+ * Register documentation file to doc-base.
+ * Fontified man pages with addformat script; Closes #38680.
+
+ -- Philippe Troin Mon, 4 Oct 1999 18:59:42 -0700
+
+libpng (1.0.2b-0.1) frozen unstable; urgency=low
+
+ * New upstream (bug-fix only) version.
+ (Should fix bugs #31690滼, since I can't reproduce them)
+ From the author:
+ "I have recently uploaded libpng-1.0.2b to
+ ftp://swrinde.nde.swri.edu/pub/png-group/src
+ I plan to release it as libpng-1.0.3 in a
+ few days, but would like to hear whether it
+ fixes the problems with GNOME.
+ It restores a few lines of code that were
+ inadvertently deleted from pngread.c, which
+ seems to be the cause of problems with adding
+ an alpha channel (which you fixed by downgrading
+ to libpng-1.0.1's pngread.c)."
+ [Glenn Randers-Pehrson ]
+ * Masquerade version number to 1.0.3 to make Imlib & Co. happy.
+
+ -- Vincent Renardias Mon, 11 Jan 1999 06:27:55 +0100
+
+libpng (1.0.2-1.1) frozen unstable; urgency=low
+
+ * Fix Important bug #28412
+ (using pngread.c from libpng-1.0.1 did the trick).
+
+ -- Vincent Renardias Wed, 6 Jan 1999 19:00:15 +0100
+
+libpng (1.0.2-1) unstable; urgency=low
+
+ * Maintainer release (to change a bit).
+ * Pristine sources.
+ * Libpng2-dev includes example.c (fixes bug #10315).
+ * Changed control file to reflect difference with libpng0g (fixes #23795).
+ * Recompiled (should fix the zlib1g missing symbol, bug #24450).
+ * Added -D_REENTRANT also to static library.
+ * Added a dependency upon zlib1g >= 1.1.2 (otherwise we get a missing
+ symbol) (fixes bug #24450).
+
+ -- Philippe Troin Tue, 22 Sep 1998 00:17:16 -0700
+
+libpng (1.0.2-0.1) unstable; urgency=low
+
+ * Non-maintainer release
+ * New upstream version
+
+ -- Karl M. Hegbloom Tue, 4 Aug 1998 23:47:00 -0700
+
+libpng (1.0.1-0.2) unstable; urgency=medium
+
+ * debian/rules (binary-arch): don't call install with -s as an
+ argument when installing a shared library; it doesn't know to use
+ --strip-unneeded, and we call strip separately later anyway.
+ * scripts/makefile.lnx (CFLAGS): killed i386-isms.
+ * scripts/makefile.lnx: compiled shared libraries with -D_REENTRANT.
+ (The above fixes are from James Troup, who yet again, alerted me to
+ my screwups ;)
+ * debian/postinst: only call ldconfig if $1 = configure.
+
+ -- Joel Klecker Wed, 17 Jun 1998 10:25:27 -0700
+
+libpng (1.0.1-0.1) unstable; urgency=low
+
+ * New upstream bug fix release.
+ * Include man pages.
+
+ -- Joel Klecker Wed, 06 May 1998 08:51:49 -0700
+
+libpng (1.0.0-0.1) unstable; urgency=low
+
+ * Non-maintainer Release.
+ * New Upstream Release.
+ * Changed source package name to `libpng'.
+ * Added `-f makefile.lnx' to make invocations in debian/rules.
+ * Removed `ldconfig' call from postrm.
+
+ -- Joel Klecker Tue, 4 Mar 1998 17:58:05 -0800
+
+libpng0 (0.96-5) unstable; urgency=low
+
+ * Removed executable permissions on shared libs (fixes bug #15478).
+ * Updated Standards-Version to 2.3.0.1.
+
+ -- Philippe Troin Sun, 25 Jan 1998 13:19:51 -0800
+
+libpng0 (0.96-4) unstable; urgency=low
+
+ * Shared libraries are stripped with --strip-unneeded and static
+ libraries with --strip-debug (fixes bug #15669).
+ * Made the build strip non-i386 specific (patch by James Troup) (fixes
+ bug #13832).
+ * Removed the dependency between the libc5 and libc6 versions.
+
+ -- Philippe Troin Sun, 18 Jan 1998 22:37:19 -0800
+
+libpng0 (0.96-3) unstable; urgency=low
+
+ * Libc6 compilation.
+
+ -- Philippe Troin Tue, 23 Sep 1997 21:38:42 -0700
+
+libpng0 (0.96-2) unstable; urgency=low
+
+ * Fixed permissions in /usr/doc/libpng0 (fixes bug #10540).
+
+ -- Philippe Troin Sun, 15 Jun 1997 13:18:38 -0700
+
+libpng0 (0.96-1) unstable; urgency=low
+
+ * New upstream sources.
+
+ -- Philippe Troin Thu, 12 Jun 1997 23:32:29 -0700
+
+libpng0 (0.95b-1) unstable; urgency=low
+
+ * New maintainer.
+ * Upgraded to upstream version 0.95b.
+ * Make debian/rules version independent.
+ * Debian/rules clean now removes substvars.
+ * Bumped the shlibs version to 0.95 as some incompatibilities were
+ introduced between 0.89 and 0.90.
+ * Added the Section: and Priority: fields to the control file (fixes bug
+ #6370).
+ * Now /usr/doc/libpng0 contains various info and the debian change log
+ stuff (fixes bug #7925).
+ * Added -D_REENTRANT compilation flag.
+
+ -- Philippe Troin Fri, 18 Apr 1997 14:44:09 -0700
+
+libpng (0.89c-6) unstable; urgency=low
+
+ * Moved shlibs file to correct location
+
+ -- Michael Alan Dorman Sun, 15 Dec 1996 13:03:19 -0500
+
+libpng (0.89c-5) unstable; urgency=low
+
+ * Added shlibs file
+
+ -- Michael Alan Dorman Sat, 23 Nov 1996 16:23:06 -0500
+
+libpng (0.89c-4) unstable; urgency=low
+
+ * Now stripping shared libraries (Bug#5134)
+
+ -- Michael Alan Dorman Sat, 23 Nov 1996 12:05:06 -0500
+
+libpng (0.89c-3) unstable; urgency=low
+
+ * Corrected maintainers address
+
+ -- Michael Alan Dorman Mon, 23 Sep 1996 12:52:03 -0400
+
+libpng (0.89c-2) unstable; urgency=low
+
+ * Accommodate the fact that dpkg-source doesn't properly preserve
+ permissions on scripts when extracting package. (Bug#4513)
+
+ -- Michael Alan Dorman Mon, 23 Sep 1996 12:34:35 -0400
+
+libpng (0.89c-1) unstable; urgency=low
+
+ * New upstream version.
+ * Moved to new source packaging format.
+
+ -- Michael Alan Dorman Thu, 12 Sep 1996 15:19:35 -0400
--- libpng-1.2.15~beta5.orig/debian/compat
+++ libpng-1.2.15~beta5/debian/compat
@@ -0,0 +1 @@
+5
--- libpng-1.2.15~beta5.orig/debian/libpng12-0-udeb.dirs
+++ libpng-1.2.15~beta5/debian/libpng12-0-udeb.dirs
@@ -0,0 +1 @@
+/usr/lib
--- libpng-1.2.15~beta5.orig/debian/copyright
+++ libpng-1.2.15~beta5/debian/copyright
@@ -0,0 +1,122 @@
+This is the pre-packaged Debian Linux version of the libpng graphics
+library. It was packaged by Philippe Troin
+from sources originally retrieved from ftp://swrinde.nde.swri.edu/pub/png/src/
+
+The packaging itself is
+copyright (C) 2001 Philippe Troin ,
+copyright 2002 Junichi Uekawa ,
+copyright 2003 Josselin Mouette and
+copyright 2006 Anibal Monsalve Salazar .
+It is licensed under the GNU General Public License. On
+Debian systems, the GPL is in /usr/share/common-licenses/GPL.
+
+Here is the copyright and license for libpng:
+
+This copy of the libpng notices is provided for your convenience. In case of
+any discrepancy between this copy and the notices in the file png.h that is
+included in the libpng distribution, the latter shall prevail.
+
+COPYRIGHT NOTICE, DISCLAIMER, and LICENSE:
+
+If you modify libpng you may insert additional notices immediately following
+this sentence.
+
+libpng versions 1.2.6, August 15, 2004, through 1.2.12, June 27, 2006, are
+Copyright (c) 2004, 2006 Glenn Randers-Pehrson, and are
+distributed according to the same disclaimer and license as libpng-1.2.5
+with the following individual added to the list of Contributing Authors
+
+ Cosmin Truta
+
+libpng versions 1.0.7, July 1, 2000, through 1.2.5 - October 3, 2002, are
+Copyright (c) 2000-2002 Glenn Randers-Pehrson, and are
+distributed according to the same disclaimer and license as libpng-1.0.6
+with the following individuals added to the list of Contributing Authors
+
+ Simon-Pierre Cadieux
+ Eric S. Raymond
+ Gilles Vollant
+
+and with the following additions to the disclaimer:
+
+ There is no warranty against interference with your enjoyment of the
+ library or against infringement. There is no warranty that our
+ efforts or the library will fulfill any of your particular purposes
+ or needs. This library is provided with all faults, and the entire
+ risk of satisfactory quality, performance, accuracy, and effort is with
+ the user.
+
+libpng versions 0.97, January 1998, through 1.0.6, March 20, 2000, are
+Copyright (c) 1998, 1999 Glenn Randers-Pehrson, and are
+distributed according to the same disclaimer and license as libpng-0.96,
+with the following individuals added to the list of Contributing Authors:
+
+ Tom Lane
+ Glenn Randers-Pehrson
+ Willem van Schaik
+
+libpng versions 0.89, June 1996, through 0.96, May 1997, are
+Copyright (c) 1996, 1997 Andreas Dilger
+Distributed according to the same disclaimer and license as libpng-0.88,
+with the following individuals added to the list of Contributing Authors:
+
+ John Bowler
+ Kevin Bracey
+ Sam Bushell
+ Magnus Holmgren
+ Greg Roelofs
+ Tom Tanner
+
+libpng versions 0.5, May 1995, through 0.88, January 1996, are
+Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.
+
+For the purposes of this copyright and license, "Contributing Authors"
+is defined as the following set of individuals:
+
+ Andreas Dilger
+ Dave Martindale
+ Guy Eric Schalnat
+ Paul Schmidt
+ Tim Wegner
+
+The PNG Reference Library is supplied "AS IS". The Contributing Authors
+and Group 42, Inc. disclaim all warranties, expressed or implied,
+including, without limitation, the warranties of merchantability and of
+fitness for any purpose. The Contributing Authors and Group 42, Inc.
+assume no liability for direct, indirect, incidental, special, exemplary,
+or consequential damages, which may result from the use of the PNG
+Reference Library, even if advised of the possibility of such damage.
+
+Permission is hereby granted to use, copy, modify, and distribute this
+source code, or portions hereof, for any purpose, without fee, subject
+to the following restrictions:
+
+1. The origin of this source code must not be misrepresented.
+
+2. Altered versions must be plainly marked as such and must not
+ be misrepresented as being the original source.
+
+3. This Copyright notice may not be removed or altered from any
+ source or altered source distribution.
+
+The Contributing Authors and Group 42, Inc. specifically permit, without
+fee, and encourage the use of this source code as a component to
+supporting the PNG file format in commercial products. If you use this
+source code in a product, acknowledgment is not required but would be
+appreciated.
+
+
+A "png_get_copyright" function is available, for convenient use in "about"
+boxes and the like:
+
+ printf("%s",png_get_copyright(NULL));
+
+Also, the PNG logo (in PNG format, of course) is supplied in the
+files "pngbar.png" and "pngbar.jpg (88x31) and "pngnow.png" (98x31).
+
+Libpng is OSI Certified Open Source Software. OSI Certified Open Source is a
+certification mark of the Open Source Initiative.
+
+Glenn Randers-Pehrson
+glennrp at users.sourceforge.net
+June 27, 2006
--- libpng-1.2.15~beta5.orig/debian/watch
+++ libpng-1.2.15~beta5/debian/watch
@@ -0,0 +1,2 @@
+version=3
+ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-([\d\.]+).tar.gz debian uupdate
--- libpng-1.2.15~beta5.orig/debian/libpng12-0-udeb.install
+++ libpng-1.2.15~beta5/debian/libpng12-0-udeb.install
@@ -0,0 +1 @@
+usr/lib/libpng12.so.0*
--- libpng-1.2.15~beta5.orig/debian/control
+++ libpng-1.2.15~beta5/debian/control
@@ -0,0 +1,67 @@
+Source: libpng
+Section: libs
+Priority: optional
+Maintainer: Ubuntu Core Developers
+XSBC-Original-Maintainer: Anibal Monsalve Salazar
+Uploaders: Sam Hocevar (Debian packages)
+Build-Depends: debhelper (>= 5), autotools-dev, zlib1g-dev, mawk
+Standards-Version: 3.7.2
+
+Package: libpng12-0
+Section: libs
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Conflicts: libpng12-dev (<= 1.2.8rel-7), mzscheme (<= 1:209-5), pngcrush (<= 1.5.10-2), pngmeta (<= 1.11-3), qemacs (<= 0.3.1-5), povray-3.5 (<= 3.5.0c-10)
+Replaces: libpng12-dev (<= 1.2.8rel-7)
+Description: PNG library - runtime
+ libpng is a library implementing an interface for reading and writing
+ PNG (Portable Network Graphics) format files.
+ .
+ This package contains the runtime library files needed to run software
+ using libpng.
+ .
+ Homepage: http://www.libpng.org/pub/png/libpng.html
+
+Package: libpng12-dev
+Section: libdevel
+Architecture: any
+Depends: libpng12-0 (= ${Source-Version}), zlib1g-dev
+Conflicts: libpng2-dev, libpng-dev, libpng12-0-dev, libpng2 (<< 1.0.12-3)
+Provides: libpng-dev, libpng12-0-dev, libpng3-dev
+Replaces: libpng3-dev (<= 1.2.5), libpng12-0-dev
+Description: PNG library - development
+ libpng is a library implementing an interface for reading and writing
+ PNG (Portable Network Graphics) format files.
+ .
+ This package contains the header and development files needed to build
+ programs and packages using libpng.
+ .
+ Homepage: http://www.libpng.org/pub/png/libpng.html
+
+Package: libpng3
+Section: oldlibs
+Architecture: all
+Depends: libpng12-0 (>= 1.2.5.0-2)
+Description: PNG library - runtime
+ libpng is a library implementing an interface for reading and writing
+ PNG (Portable Network Graphics) format files.
+ .
+ This package is superseded by libpng12-0, and is provided only for
+ transitional purposes.
+ .
+ Homepage: http://www.libpng.org/pub/png/libpng.html
+
+Package: libpng12-0-udeb
+XC-Package-Type: udeb
+Section: debian-installer
+Priority: extra
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: PNG library - minimal runtime library
+ libpng is a library implementing an interface for reading and writing
+ PNG (Portable Network Graphics) format files.
+ .
+ This package provides the minimal libpng12 runtime library needed for
+ the debian-installer.
+ .
+ Homepage: http://www.libpng.org/pub/png/libpng.html
--- libpng-1.2.15~beta5.orig/debian/libpng12-dev.manpages
+++ libpng-1.2.15~beta5/debian/libpng12-dev.manpages
@@ -0,0 +1,3 @@
+libpng.3
+png.5
+debian/libpng12-config.1
--- libpng-1.2.15~beta5.orig/debian/libpng12-dev.install
+++ libpng-1.2.15~beta5/debian/libpng12-dev.install
@@ -0,0 +1,4 @@
+usr/include
+usr/lib/pkgconfig
+usr/lib/{libpng.a,libpng12.a,libpng.so,libpng12.so}
+usr/bin
--- libpng-1.2.15~beta5.orig/debian/dirs
+++ libpng-1.2.15~beta5/debian/dirs
@@ -0,0 +1,2 @@
+usr/bin
+usr/sbin
--- libpng-1.2.15~beta5.orig/png.h
+++ libpng-1.2.15~beta5/png.h
@@ -1720,7 +1720,8 @@
png_ptr_ptr, png_infopp info_ptr_ptr, png_infopp end_info_ptr_ptr));
/* free all memory used by the read (old method - NOT DLL EXPORTED) */
-extern void png_read_destroy PNGARG((png_structp png_ptr, png_infop info_ptr,
+/* Debian note: exporting as it is required by legacy applications */
+extern PNG_EXPORT(void,png_read_destroy) PNGARG((png_structp png_ptr, png_infop info_ptr,
png_infop end_info_ptr));
/* free any memory associated with the png_struct and the png_info_structs */
@@ -1728,7 +1729,8 @@
PNGARG((png_structpp png_ptr_ptr, png_infopp info_ptr_ptr));
/* free any memory used in png_ptr struct (old method - NOT DLL EXPORTED) */
-extern void png_write_destroy PNGARG((png_structp png_ptr));
+/* Debian note: exporting as it is required by legacy applications */
+extern PNG_EXPORT(void,png_write_destroy) PNGARG((png_structp png_ptr));
/* set the libpng method of handling chunk CRC errors */
extern PNG_EXPORT(void,png_set_crc_action) PNGARG((png_structp png_ptr,
--- libpng-1.2.15~beta5.orig/pngtest.c
+++ libpng-1.2.15~beta5/pngtest.c
@@ -95,7 +95,7 @@
#if defined(PNG_TIME_RFC1123_SUPPORTED)
static int tIME_chunk_present=0;
-static char tIME_string[30] = "no tIME chunk present in file";
+static char tIME_string[29] = "tIME chunk is not present";
#endif
static int verbose = 0;
--- libpng-1.2.15~beta5.orig/pngwutil.c
+++ libpng-1.2.15~beta5/pngwutil.c
@@ -1310,7 +1310,7 @@
if (key_len > 79)
{
png_warning(png_ptr, "keyword length must be 1 - 79 characters");
- new_key[79] = '\0';
+ (*new_key[79]) = '\0';
key_len = 79;
}
--- libpng-1.2.15~beta5.orig/pngset.c
+++ libpng-1.2.15~beta5/pngset.c
@@ -222,7 +222,7 @@
png_debug1(1, "in %s storage function\n", "hIST");
if (png_ptr == NULL || info_ptr == NULL)
return;
- if (info_ptr->num_palette <= 0 || info_ptr->num_palette
+ if (info_ptr->num_palette == 0 || info_ptr->num_palette
> PNG_MAX_PALETTE_LENGTH)
{
png_warning(png_ptr,
@@ -427,7 +427,11 @@
return;
}
- info_ptr->pcal_params[nparams] = NULL;
+#ifdef PNG_FREE_ME_SUPPORTED
+ info_ptr->free_me |= PNG_FREE_PCAL;
+#endif
+
+ png_memset(info_ptr->pcal_params, 0, (nparams + 1) * png_sizeof(png_charp));
for (i = 0; i < nparams; i++)
{
@@ -443,9 +447,6 @@
}
info_ptr->valid |= PNG_INFO_pCAL;
-#ifdef PNG_FREE_ME_SUPPORTED
- info_ptr->free_me |= PNG_FREE_PCAL;
-#endif
}
#endif
@@ -1024,18 +1025,19 @@
png_unknown_chunkp from = unknowns + i;
png_strncpy((png_charp)to->name, (png_charp)from->name, 5);
- to->data = (png_bytep)png_malloc_warn(png_ptr, from->size);
- if (to->data == NULL)
- {
- png_warning(png_ptr, "Out of memory processing unknown chunk.");
- }
+ to->size = from->size;
+ /* note our location in the read or write sequence */
+ to->location = (png_byte)(png_ptr->mode & 0xff);
+
+ if (from->size == 0)
+ to->data=NULL;
else
{
- png_memcpy(to->data, from->data, from->size);
- to->size = from->size;
-
- /* note our location in the read or write sequence */
- to->location = (png_byte)(png_ptr->mode & 0xff);
+ to->data = (png_bytep)png_malloc_warn(png_ptr, from->size);
+ if (to->data == NULL)
+ png_warning(png_ptr, "Out of memory processing unknown chunk.");
+ else
+ png_memcpy(to->data, from->data, from->size);
}
}
--- libpng-1.2.15~beta5.orig/pngrtran.c
+++ libpng-1.2.15~beta5/pngrtran.c
@@ -320,9 +320,7 @@
hash = (png_dsortpp)png_malloc(png_ptr, (png_uint_32)(769 *
png_sizeof (png_dsortp)));
- for (i = 0; i < 769; i++)
- hash[i] = NULL;
-/* png_memset(hash, 0, 769 * png_sizeof (png_dsortp)); */
+ png_memset(hash, 0, 769 * png_sizeof(png_dsortp));
num_new_palette = num_palette;
@@ -4064,6 +4062,8 @@
png_ptr->gamma_16_table = (png_uint_16pp)png_malloc(png_ptr,
(png_uint_32)(num * png_sizeof (png_uint_16p)));
+ png_memset(png_ptr->gamma_16_table, 0, num * png_sizeof(png_uint_16p));
+
if (png_ptr->transformations & (PNG_16_TO_8 | PNG_BACKGROUND))
{
double fin, fout;
@@ -4124,6 +4124,8 @@
png_ptr->gamma_16_to_1 = (png_uint_16pp)png_malloc(png_ptr,
(png_uint_32)(num * png_sizeof (png_uint_16p )));
+ png_memset(png_ptr->gamma_16_to_1, 0, num * png_sizeof(png_uint_16p));
+
for (i = 0; i < num; i++)
{
png_ptr->gamma_16_to_1[i] = (png_uint_16p)png_malloc(png_ptr,
@@ -4147,6 +4149,9 @@
png_ptr->gamma_16_from_1 = (png_uint_16pp)png_malloc(png_ptr,
(png_uint_32)(num * png_sizeof (png_uint_16p)));
+ png_memset(png_ptr->gamma_16_from_1, 0,
+ num * png_sizeof(png_uint_16p));
+
for (i = 0; i < num; i++)
{
png_ptr->gamma_16_from_1[i] = (png_uint_16p)png_malloc(png_ptr,