--- libpng-1.2.37.orig/debian/libpng12-0.shlibs +++ libpng-1.2.37/debian/libpng12-0.shlibs @@ -0,0 +1,2 @@ +libpng12 0 libpng12-0 (>= 1.2.13-4) +udeb: libpng12 0 libpng12-0-udeb (>= 1.2.13-4) --- libpng-1.2.37.orig/debian/libpng12-dev.links +++ libpng-1.2.37/debian/libpng12-dev.links @@ -0,0 +1,2 @@ +/usr/share/man/man1/libpng12-config.1.gz /usr/share/man/man1/libpng-config.1.gz +/usr/include/libpng12 /usr/include/libpng --- libpng-1.2.37.orig/debian/libpng12-0.install +++ libpng-1.2.37/debian/libpng12-0.install @@ -0,0 +1 @@ +usr/lib/libpng12.so.0* --- libpng-1.2.37.orig/debian/docs +++ libpng-1.2.37/debian/docs @@ -0,0 +1,3 @@ +libpng-1.2.37.txt +README +TODO --- libpng-1.2.37.orig/debian/libpng12-0.docs +++ libpng-1.2.37/debian/libpng12-0.docs @@ -0,0 +1,5 @@ +README +TODO +ANNOUNCE +KNOWNBUG +libpng-1.2.37.txt --- libpng-1.2.37.orig/debian/README.Debian +++ libpng-1.2.37/debian/README.Debian @@ -0,0 +1,31 @@ +libpng for Debian +----------------- + +There have been changes in the way libpng is handled. Currently, there +are 2 versions of libpng in Debian at a time : libpng10 and libpng12, +formerly known as libpng2 and libpng3. + +* The libpng10-0 and libpng12-0 packages contain the runtime for apps + built with these new libraries. +* libpng2 and libpng3 contain compatibility symlinks to let apps built + with older versions work correctly. +* libpng10-dev and libpng12-dev are the corresponding development + packages. You should only use libpng10-dev to build packages using + gdk-imlib1. +* libpng2-dev and libpng3-dev provide compatibility symlinks to build + applications still build-depending on those. + +A package linking with libpng should use as build-depends : +* libpng-dev for small packages not depending on other libraries which + use or may use libpng. +* libpng10-dev for packages also linking with gdk-imlib1 or gnome 1. +* libpng12-dev for packages also linking with SDL, Gnome 2, Qt, or any + other library using libpng12. + +This version diverges from upstream in 3 ways : +1) the library is explicitly linked with -lm -lz +2) libpng.so.3 is just a compatibility symlink +3) symbols are versioned + + -- Junichi Uekawa , Mon Oct 28 2002 12:27:54 + -- Josselin Mouette , Tue Jun 10 2003 18:16:17 +0200 --- libpng-1.2.37.orig/debian/libpng3.links +++ libpng-1.2.37/debian/libpng3.links @@ -0,0 +1,2 @@ +/usr/lib/libpng12.so.0 /usr/lib/libpng.so.3 +/usr/share/doc/libpng12-0 /usr/share/doc/libpng3 --- libpng-1.2.37.orig/debian/rules +++ libpng-1.2.37/debian/rules @@ -0,0 +1,94 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +include /usr/share/quilt/quilt.make + +# Uncomment this to turn on verbose mode. +export DH_VERBOSE=1 + +# These are used for cross-compiling and for saving the configure script +# from having to guess our platform (since we know it already) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +config.status: configure + dh_testdir + #cp -f /usr/share/misc/config.sub /usr/share/misc/config.guess . + ./autogen.sh + ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info CFLAGS="$(CFLAGS)" LDFLAGS="-Wl,-z,defs" + +build: patch build-stamp +build-stamp: config.status + dh_testdir + $(MAKE) + touch $@ + +clean: unpatch + dh_testdir + dh_testroot + rm -f build-stamp + [ ! -f Makefile ] || $(MAKE) distclean + rm -f config.sub config.guess + dh_clean pngtest-static + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install + +ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) + gcc -Wall -g -O2 -c -o pngtest.o pngtest.c + gcc -o pngtest -Wall -g -O2 pngtest.o -L.libs -lpng12 + gcc -o pngtest-static -Wall -g -O2 pngtest.o .libs/libpng.a -lz -lm + LD_LIBRARY_PATH=".libs:" ./pngtest + ./pngtest-static +endif + +binary-indep: build install + dh_testdir -i + dh_testroot -i + dh_link -i + dh_installchangelogs CHANGES -i + dh_installdocs -i + dh_install --sourcedir=debian/tmp -i + dh_installman -i + dh_strip -i + dh_compress -i + dh_fixperms -i + dh_installdeb -i + dh_shlibdeps -i + dh_gencontrol -i + dh_md5sums -i + dh_builddeb -i + +binary-arch: build install + dh_testdir -a + dh_testroot -a + dh_link -a + dh_installchangelogs -a CHANGES + dh_installdocs -a + dh_installexamples -plibpng12-dev example.c pngtest.c pngtest.png + dh_install --sourcedir=debian/tmp -a + dh_installman -a + dh_strip -a + dh_compress -a + dh_fixperms -a + dh_makeshlibs --add-udeb=libpng12-0-udeb -a + dh_installdeb -a + dh_shlibdeps -a + dh_gencontrol -a + dh_md5sums -a + dh_builddeb -a + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- libpng-1.2.37.orig/debian/libpng12-dev.dirs +++ libpng-1.2.37/debian/libpng12-dev.dirs @@ -0,0 +1 @@ +usr/bin --- libpng-1.2.37.orig/debian/libpng12-0.doc-base +++ libpng-1.2.37/debian/libpng12-0.doc-base @@ -0,0 +1,25 @@ +Document: libpng12 +Title: A description on how to use and modify libpng (version 1.2.X) +Author: Glenn Randers-Pehrson +Abstract: This file describes how to use and modify the PNG reference library + (known as libpng) for your own use. There are five sections to this + file: introduction, structures, reading, writing, and modification and + configuration notes for various special platforms. In addition to this + file, example.c is a good starting point for using the library, as + it is heavily commented and should include everything most people + will need. We assume that libpng is already installed; see the + INSTALL file for instructions on how to install libpng. + . + Libpng was written as a companion to the PNG specification, as a way + of reducing the amount of time and effort it takes to support the PNG + file format in application programs. The PNG specification is available + as RFC 2083 and as a + W3C Recommendation . Some + additional chunks are described in the special-purpose public chunks + documents at . Other information + about PNG, and the latest version of libpng, can be found at the PNG home + page, . +Section: Programming + +Format: text +Files: /usr/share/doc/libpng12-0/libpng-1.2.37.txt.gz --- libpng-1.2.37.orig/debian/libpng12-config.1 +++ libpng-1.2.37/debian/libpng12-config.1 @@ -0,0 +1,58 @@ +.TH libpng12-config 1 "15 Jan 2003" "libpng" "Debian GNU/Linux" +.SH NAME +libpng12-config \- get information about installed libpng library +.SH SYNOPSIS +.B libpng12-config +[\fIOPTION\fR] ... +.SH DESCRIPTION +Provides information about libpng library. + +Known values for OPTION are: +.TP +\fB\-\-prefix\fR +print libpng prefix +.TP +\fB\-\-libdir\fR +print path to directory containing library +.TP +\fB\-\-libs\fR +print library linking information +.TP +\fB\-\-ccopts\fR +print compiler options +.TP +\fB\-\-cppflags\fR +print pre-processor flags +.TP +\fB\-\-cflags\fR +print preprocessor flags, I_opts, and compiler options +.TP +\fB\-\-I_opts\fR +print "-I" include options +.TP +\fB\-\-L_opts\fR +print linker "-L" flags for dynamic linking +.TP +\fB\-\-R_opts\fR +print dynamic linker "-R" or "-rpath" flags +.TP +\fB\-\-ldopts\fR +print linker options +.TP +\fB\-\-ldflags\fR +print linker flags (ldopts, L_opts, R_opts, and libs) +.TP +\fB\-\-static\fR +revise subsequent outputs for static linking +.TP +\fB\-\-help\fR +print this help and exit +.TP +\fB\-\-version\fR +print version information +.SH "AUTHOR" +This manpage has been written by Junichi Uekawa +for Debian GNU/Linux system, with the help of help2man, and +may be used by others. + + --- libpng-1.2.37.orig/debian/copyright.in +++ libpng-1.2.37/debian/copyright.in @@ -0,0 +1,14 @@ +This is the pre-packaged Debian Linux version of the libpng graphics +library. It was packaged by Philippe Troin +from sources originally retrieved from ftp://swrinde.nde.swri.edu/pub/png/src/ + +The packaging itself is +copyright (C) 2001 Philippe Troin , +copyright 2002 Junichi Uekawa , +copyright 2003 Josselin Mouette and +copyright 2006 Anibal Monsalve Salazar . +It is licensed under the GNU General Public License. On +Debian systems, the GPL is in /usr/share/common-licenses/GPL. + +Here is the copyright and license for libpng: + --- libpng-1.2.37.orig/debian/changelog +++ libpng-1.2.37/debian/changelog @@ -0,0 +1,857 @@ +libpng (1.2.37-1ubuntu0.2) karmic-security; urgency=low + + * SECURITY UPDATE: arbitrary code execution from additional data row via + malformed PNG image + - debian/patches/03-CVE-2010-1205.patch: check for unexpected data + after the last row in pngpread.c. + - CVE-2010-1205 + * SECURITY UPDATE: denial of service via memory leak from malformed sCAL + chunks + - debian/patches/04-CVE-2010-2249.patch: properly free memory in + pngrutil.c. + - CVE-2010-2249 + + -- Marc Deslauriers Mon, 05 Jul 2010 11:44:13 -0400 + +libpng (1.2.37-1ubuntu0.1) karmic-security; urgency=low + + * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140) + - debian/patches/02-CVE-2010-0205.patch: use new two-pass decompression + method in pngrutil.c. + - CVE-2010-0205 + + -- Marc Deslauriers Fri, 12 Mar 2010 10:53:26 -0500 + +libpng (1.2.37-1) unstable; urgency=low + + * New upstream release + + -- Anibal Monsalve Salazar Thu, 04 Jun 2009 23:03:58 +1000 + +libpng (1.2.36-1) unstable; urgency=low + + * New upstream release + * Standards-Version is 3.8.1 + * debhelper compat is 7 + * Run dh_prep instead of dh_clean -k + + -- Anibal Monsalve Salazar Fri, 22 May 2009 09:11:26 +1000 + +libpng (1.2.35-1) unstable; urgency=high + + * New upstream release + - http://secunia.com/advisories/33970/ + Fix a vulnerability reported by Tavis Ormandy in which + some arrays of pointers are not initialized prior to using + "malloc" to define the pointers. + Closes: #516256 + - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907 + The png_check_keyword function in pngwutil.c in libpng, might + allow context-dependent attackers to set the value of an + arbitrary memory location to zero via vectors involving + creation of crafted PNG files with keywords, related to an + implicit cast of the '\0' character constant to a NULL pointer. + * Don't build libpng3 when binary-indep target is not called. + Closes: #486415 + + -- Anibal Monsalve Salazar Sat, 21 Feb 2009 15:50:52 +1100 + +libpng (1.2.33-2) unstable; urgency=low + + * Fix the following lintian issues: + W: libpng12-0: copyright-refers-to-versionless-license-file + usr/share/common-licenses/GPL + + -- Anibal Monsalve Salazar Mon, 16 Feb 2009 11:32:17 +1100 + +libpng (1.2.33-1) experimental; urgency=low + + * New upstream release + - Fix memory leak after reading a malformed tEXt chunk + + -- Anibal Monsalve Salazar Sat, 01 Nov 2008 17:21:56 +1100 + +libpng (1.2.32-1) experimental; urgency=low + + * New upstream release + - libpng.pc is configured to do static linking; closes: #483477 + - use autoconf variables in .pc and libpng-config; closes: #483478 + * Remove debian/patches/02-501109-pngtest.c.diff; it was merged + + -- Anibal Monsalve Salazar Sun, 05 Oct 2008 08:20:20 +1100 + +libpng (1.2.27-2) unstable; urgency=medium + + * Fix CVE-2008-3964: off-by-one error in pngtest.c; closes: #501109 + * Standards-Version is 3.8.0 + + -- Anibal Monsalve Salazar Sat, 04 Oct 2008 19:45:17 +1000 + +libpng (1.2.27-1) unstable; urgency=low + + * New upstream release + * Patches merged upstream: + debian/patches/02-476669-CVE-2008-1382.diff + debian/patches/03-404514-png.5.diff + * Run ./autogen.sh + + -- Anibal Monsalve Salazar Tue, 29 Apr 2008 17:22:16 +1000 + +libpng (1.2.26-1) unstable; urgency=high + + * New upstream release. Closes: #431202 + * Use quilt + Add 01-legacy.diff + * Fix CVE-2008-1382 denial of service and possibly code execution + Add 02-476669-CVE-2008-1382.diff + Closes: #476669 + * Fix URL in png.5. Closes: #404514 + Add 03-404514-png.5.diff + * Move examples to libpng12-dev. Closes: #401467 + * Fix "libpng (<= 1.2.20) contains grey-licensed code". Closes: #469126 + * Fix the following lintian issues: + W: libpng source: debian-rules-ignores-make-clean-error line 37 + W: libpng source: substvar-source-version-is-deprecated libpng12-dev + W: libpng source: out-of-date-standards-version 3.7.2 (current is 3.7.3) + W: libpng12-0-udeb udeb: description-contains-homepage + W: libpng3: description-contains-homepage + W: libpng12-dev: description-contains-homepage + W: libpng12-0: package-contains-empty-directory usr/bin/ + W: libpng12-0: package-contains-empty-directory usr/sbin/ + W: libpng12-0: description-contains-homepage + W: libpng12-0: doc-base-unknown-section libpng12:22 Apps/Programming + + -- Anibal Monsalve Salazar Sun, 20 Apr 2008 18:22:32 +1000 + +libpng (1.2.15~beta5-3) unstable; urgency=high + + * ACKed NMU. + * Fixed out-of-bounds read operations triggered by crafted + png image files (CVE-2007-5269) (Closes: #446308). + + -- Anibal Monsalve Salazar Sun, 14 Oct 2007 09:55:00 +1000 + +libpng (1.2.15~beta5-2.1) unstable; urgency=high + + * Non-maintainer upload by testing security team. + * Fixed out-of-bounds read operations triggered by crafted + png image files (CVE-2007-5269) (Closes: #446308). + + -- Nico Golde Sun, 14 Oct 2007 01:12:51 +0200 + +libpng (1.2.15~beta5-2) unstable; urgency=high + + * It seems that a grayscale image with a malformed (bad CRC) tRNS + chunk will crash libpng and mozilla. Closes: #424729. + - CVE-2007-2445 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2445 + - CERT Vulnerability Note VU#684664 + http://www.kb.cert.org/vuls/id/684664 + + -- Anibal Monsalve Salazar Wed, 09 May 2007 17:34:02 +1000 + +libpng (1.2.15~beta5-1) unstable; urgency=low + + * Applied legacy_symbols.patch. + * Changed shlibs dependecy versions to ">= 1.2.13-4". + * libpng12-0: Added the following conflicts: mzscheme (<= 1:209-5), + pngcrush (<= 1.5.10-2), pngmeta (<= 1.11-3), qemacs (<= 0.3.1-5), + povray-3.5 (<= 3.5.0c-10). + + -- Anibal Monsalve Salazar Wed, 20 Dec 2006 10:24:18 +1100 + +libpng (1.2.15~beta5-0) unstable; urgency=high + + * New upstream release. + - Fixed asm API functions not exported on amd64. Closes: #401044. + - Fixed "libpng hangs when saving profile". Closes: #401423. + * Fixed "Incorrect shlibs information". Closes: #401465. + * Removed patches for png.h and pngconf.h. + * Updated debian/watch. + + -- Anibal Monsalve Salazar Sun, 03 Dec 2006 14:47:41 +1100 + +libpng (1.2.13-4) unstable; urgency=low + + * Removed drop_pass_width patch. Closes: #399499. + + -- Anibal Monsalve Salazar Tue, 21 Nov 2006 19:07:43 +1100 + +libpng (1.2.13-3) unstable; urgency=low + + * libpng12-dev: removed the conflict with libpng3-dev. + + -- Anibal Monsalve Salazar Sun, 19 Nov 2006 16:36:02 +1100 + +libpng (1.2.13-2) unstable; urgency=low + + * Put back binary package libpng3. + + -- Anibal Monsalve Salazar Sun, 19 Nov 2006 15:32:39 +1100 + +libpng (1.2.13-1) unstable; urgency=low + + * Fixed conflict with the new libpng package. Closes: #399296. + * Fixed png.5 man page formatting. Closes: #353061. + Patch by Kevin Ryde . + + -- Anibal Monsalve Salazar Sun, 19 Nov 2006 13:55:17 +1100 + +libpng (1.2.13-0) unstable; urgency=high + + * New upstream release. + * CVE-2006-5793: Fixed a new security issue regarding malformed + sPLT chunks. Closes: #398706. + * Transitional package libpng3 is not shipped anymore. + Closes: #369104. + + -- Anibal Monsalve Salazar Sun, 19 Nov 2006 09:02:09 +1100 + +libpng (1.2.12-0) unstable; urgency=high + + * New upstream release. Closes: #366070. + * CVE-2006-3334: Fixed Buffer overflow in the png_decompress_chunk + function in pngrutil.c in libpng before 1.2.12 allows + context-dependent attackers to cause a denial of service and + possibly execute arbitrary code via unspecified vectors related + to "chunk error processing," possibly involving the "chunk_name". + Closes: #397892. + * Removed debian/x86_patches/pnggccrd-PIC.patch as it's merged + upstream. + + -- Anibal Monsalve Salazar Thu, 09 Nov 2006 19:25:08 +1100 + +libpng (1.2.8rel-7) unstable; urgency=low + + * New maintainer. Closes: #393109. + * ACK NMUs. Closes: #378463, #377298, #356252. + * debian/control: + - set Standards-Version to 3.7.2. + - set Priority to extra for libpng12-0-udeb. + - added ${misc:Depends} to libpng12-0 and libpng12-0-udeb + dependency lists. + * Added debian/watch file. + + -- Anibal Monsalve Salazar Mon, 16 Oct 2006 17:34:58 +1000 + +libpng (1.2.8rel-6) unstable; urgency=low + + * Orphaning package. + + -- Josselin Mouette Sun, 15 Oct 2006 03:22:24 +0200 + +libpng (1.2.8rel-5.2) unstable; urgency=low + + * Non-maintainer upload. + * Backport changes from 1.2.12 to fix a buffer overflow in + png_decompress_chunk; patch by Alec Berryman. [CVE-2006-3334] + (Closes: #377298) + + -- Steinar H. Gunderson Sun, 16 Jul 2006 16:27:56 +0200 + +libpng (1.2.8rel-5.1) unstable; urgency=low + + * Non Maintainer Upload (closes: #356252). + * Add support for udeb dependency resolution in shlibs file. + * Update debhelper compatibility to level 5. + + -- Frans Pop Thu, 30 Mar 2006 11:46:39 +0200 + +libpng (1.2.8rel-5) unstable; urgency=low + + * drop_pass_width.patch: don't export png_pass_width, it's absolutely + unnecessary. + * libpng12-0.shlibs: downgrade the shlibs accordingly + (closes: #331383). + + -- Josselin Mouette Mon, 3 Oct 2005 20:18:43 +0200 + +libpng (1.2.8rel-4) unstable; urgency=low + + * makefile.patch: + + Use PNG_PRIVATE to get the list of private symbols as well. It + sucks, but they've been there for too long (closes: #329886). + + Use mawk instead of awk (closes: #329812). + * control: build-depend on mawk. + * rules: + + Use -O2, not -O3. + + Actually run the tests. + + Make use of x86_patches/ on x86 architectures. + * x86_patches/mmxbuild.patch: build MMX routines in pnggccrd.c. + * x86_patches/pnggccrd-PIC.patch: patch from Christian Aichinger + to make the assembly routines PIC-compatible. + * libpng12-0.shlibs: bump the shlibs version. + + -- Josselin Mouette Sun, 25 Sep 2005 15:25:34 +0200 + +libpng (1.2.8rel-3) unstable; urgency=low + + * Upload to unstable. + * Rename the source package to libpng. + + -- Josselin Mouette Thu, 22 Sep 2005 18:24:37 +0200 + +libpng3 (1.2.8rel-2) experimental; urgency=low + + * makefile.patch: + + now patch makefile.elf, so that only public symbols are truly + exported. + + shorten the differences as much as possible. + * rules: use makefile.elf now. + * Move libpng3 to oldlibs. + * Entirely remove libpng3-dev, making libpng12-dev provide it + (closes: #322051). + * poynton.patch: correct Charles Poynton's address (closes: #289437). + * Don't run the test when cross-building (closes: #285427). + * setjmp_error.patch: don't stop when we are not using _BSD_SOURCE, as + in this case this is harmless (closes: #299343). + * libpng3.postinst: removed, the fix is in sarge. + * Standards-version is 3.6.2. + * legacy_symbols.patch: still export png_read_destroy and + png_write_destroy, which are deprecated but should nevertheless be + accessible. + + -- Josselin Mouette Tue, 13 Sep 2005 02:07:16 +0200 + +libpng3 (1.2.8rel-1) unstable; urgency=medium + + * New upstream release. + * read_transformations.patch: removed, included upstream. + * libpng12-0.shlibs: Update to version 1.2.8rel, new flags seem to have been + added. + + -- Josselin Mouette Sat, 4 Dec 2004 15:54:53 +0100 + +libpng3 (1.2.8beta5-2) unstable; urgency=medium + + * read_transformations.patch: fix segmentation fault with latex + (closes: #281789) and totem (closes: #278618). + + -- Josselin Mouette Thu, 25 Nov 2004 16:49:28 +0100 + +libpng3 (1.2.8beta5-1) unstable; urgency=medium + + * New upstream release. + + Correct segmentation violation in png_combine_row. + Closes: #278526, #278917, #278921, #279258, #281789, #282368. + + -- Josselin Mouette Wed, 24 Nov 2004 13:53:49 +0100 + +libpng3 (1.2.7-1) unstable; urgency=medium + + * New upstream release (closes: #278308). + * libpng12-0.shlibs: update shlibs to version 1.2.7. + * Remove all security fixed, they are included upstream. + + -- Josselin Mouette Tue, 26 Oct 2004 13:40:25 +0200 + +libpng3 (1.2.5.0-9) unstable; urgency=high + + * CAN-2004-0954.patch: removed, this is already fixed in + CAN-2004-0597_0598_0599.patch. + + -- Josselin Mouette Tue, 19 Oct 2004 10:52:28 +0200 + +libpng3 (1.2.5.0-8) unstable; urgency=high + + * Switch to CDBS. + + Ship modifications and security fixes in debian/patches. + + debian/rules: rewritten. + + debian/control: build-depend on cdbs. + + debian/libpng12-0.shlibs: new. + * setjmp_error.patch: port explanation of the error when including setjmp.h + from libpng10, thanks Matijs van Zuijlen + (closes: #273473). + * CAN-2004-0954.patch: fix buffer overflow vulnerability in + png_handle_tRNS(). + * CAN-2004-0955.patch: fix integer arithmetic overflow vulnerability in + png_read_png(). + + -- Josselin Mouette Thu, 14 Oct 2004 20:06:08 +0200 + +libpng3 (1.2.5.0-7) unstable; urgency=high + + * pngrtran.c: applied upstream patch 4 to fix incorrect calculation of + buffer offsets [CAN-2004-0768]. + * png.h, pngpread.c, pngrutil.c: patch from Chris Evans + to fix several vulnerabilities (closes: #263500): + + libpng fails to properly check length on PNG data [CAN-2004-0597]. + + libpng "png_handle_sBIT" does not perform proper checks to avoid stack + buffer overflow [CAN-2004-0597]. + + libpng "png_handle_iCCP" possible NULL-pointer crash + [CAN-2004-0598]. + + libpng "png_handle_sPLT" possible integer overflow + [CAN-2004-0599]. + + libpng "png_read_png" does not properly handle a PNG with excessive + height (integer overflow) [CAN-2004-0599]. + + libpng progressive reading integer overflow [CAN-2004-0599]. + + -- Josselin Mouette Thu, 5 Aug 2004 12:37:32 +0200 + +libpng3 (1.2.5.0-6) unstable; urgency=high + + * pngerror.c: applied patch by Steve Grubb to + fix unintended memory access that could result in a crash of the + application linking against libpng [CAN-2004-0421]. + + -- Josselin Mouette Tue, 20 Apr 2004 13:39:02 +0200 + +libpng3 (1.2.5.0-5) unstable; urgency=low + + * Use debhelper 4.2, which generates the udeb appropriately. + * Update control and rules appropriately. + * Don't use ${shlibs:Depends} for the udeb, rather write the + dependencies by hand. + * Standards-version is 3.6.1. + + -- Josselin Mouette Fri, 20 Feb 2004 19:23:05 +0100 + +libpng3 (1.2.5.0-4) unstable; urgency=low + + * scripts/makefile.linux: use versioned dependencies + (closes: #155891). + * debian/rules: bump dependency for dh_makeshlibs. + * add the libpng.a link in libpng12-dev. + * Rework scripts/makefile.linux to make it more consistent. + * Update stuff in debian/ accordingly. + * Updated README.Debian. + + -- Josselin Mouette Tue, 10 Jun 2003 18:14:32 +0200 + +libpng3 (1.2.5.0-3) unstable; urgency=low + + * Make libpng3{,-dev} depend on libpng12-{0,dev} >= 1.2.5.0-2 instead + of the strict source version. + * Move /usr/share/doc/libpng3{,-dev} into symlinks at postinst time + when directories already exist. + * debian/rules: install correctly doc-base stuff. + * debian/libpng12-dev.doc-base: updated URIs. + + -- Josselin Mouette Tue, 6 May 2003 19:44:59 +0200 + +libpng3 (1.2.5.0-2) unstable; urgency=low + + * scripts/{makefile.linux,libpng-config-body.in}: correct the + libpng12-config script. + * Install correctly pkg-config stuff (closes: #191081). + * Make libpng12-dev conflict explicitly with libpng12-0-dev. + * Update README.Debian. + + -- Josselin Mouette Mon, 28 Apr 2003 19:42:15 +0200 + +libpng3 (1.2.5.0-1) unstable; urgency=low + + * New maintainer. + * Use real upstream tarball from 1.2.5 release. + * Use dpkg-source's way instead of dpatch for patching. + * A bit of rework in debian/rules, use dh_install and debhelper 4. + * Standards-version is 3.5.9. + * The -dev package is now named libpng12-dev (stop using the + libpkg-guide way). + * libpng3 is now arch-independent. + * Improved descriptions a bit. + * Don't supply libpngpf.3, it is not useful to programmers. + + -- Josselin Mouette Wed, 16 Apr 2003 18:41:02 +0200 + +libpng3 (1.2.5-11) unstable; urgency=low + + * Add udeb (closes: #174842) + * Add missing section on source files. + + -- Junichi Uekawa Mon, 31 Mar 2003 00:28:06 +0900 + +libpng3 (1.2.5-10) unstable; urgency=low + + * Rebuild with d-shlibs with fixed "libgcc_s1-dev" handling (for gcc-3.2). + (closes: #178070), build-depend on d-shlibs 0.10 or greater. + + -- Junichi Uekawa Fri, 24 Jan 2003 12:23:35 +0900 + +libpng3 (1.2.5-9) unstable; urgency=low + + * Use dpatch for patch system -- divide Debian patch, and security fix patch. + * Standards-Version: 3.5.8 + * add manual page libpng-config.1 and libpng12-config.1 + + -- Junichi Uekawa Wed, 15 Jan 2003 17:55:17 +0900 + +libpng3 (1.2.5-8) unstable; urgency=low + + * Sorry folks, I made a mistake. + * Forward-port of patch from the Security Team, + really apply what was there. (closes: #172868,#172871) + + -- Junichi Uekawa Fri, 13 Dec 2002 16:12:01 +0900 + +libpng3 (1.2.5-7) unstable; urgency=high + + * Forward-port of patch from the Security Team + * Applied patch to pngrtran.c by Glenn Randers-Pehrson + to fix a buffer overrun. + + -- Junichi Uekawa Thu, 12 Dec 2002 20:36:28 +0900 + +libpng3 (1.2.5-6) unstable; urgency=low + + * Typo in scripts/makefile.linux. + Mistake. -lz and -lm weren't happening. + * Change LDFLAGS to not list -lz -lm, so that testsuite will catch such error. + * set prefix=/usr/ in scripts/makefile.linux, since it was set to usr/local. + + -- Junichi Uekawa Wed, 30 Oct 2002 20:54:54 +0900 + +libpng3 (1.2.5-5) unstable; urgency=low + + * scripts/makefile.linux: LIBADDFLAGS introduced, for shared library lib additional + flags, and use that for shared library. + - this should fix build failure (closes: #166704) + Thanks Daniel Schepler for reporting. + * updated copyright file to note that libpng3 in Debian is patched to + link with -lz -lm. + + -- Junichi Uekawa Mon, 28 Oct 2002 12:25:57 +0900 + +libpng3 (1.2.5-4) unstable; urgency=low + + * Trying to fix the problem that libpng3 seems to be not linked against libz. + LDFLAGS was defined but not being used. + Thanks Mike Furr for reporting (closes: #166489) + + -- Junichi Uekawa Sun, 27 Oct 2002 16:07:54 +0900 + +libpng3 (1.2.5-3) unstable; urgency=low + + * Fixed description, I mixed up the -devel and non-devel + packages. + * updated README.Debian. + + -- Junichi Uekawa Thu, 24 Oct 2002 18:56:34 +0900 + +libpng3 (1.2.5-2) unstable; urgency=low + + * careless mistake :( + * reinstall libpng.so symlink in libpng-12-0-dev package. + Otherwise other packages won't build ... + + -- Junichi Uekawa Wed, 23 Oct 2002 16:46:23 +0900 + +libpng3 (1.2.5-1) unstable; urgency=low + + * New upstream version (closes: #163425) + * re-patched makefile.linux to work with system zlib, + added workaround to set CFLAGS, and remove rpath settings from LDFLAGS + * Use debhelper. + * No longer create /usr/doc symlinks. + * Standards-Version: 3.5.7 + + -- Junichi Uekawa Tue, 22 Oct 2002 21:05:33 +0900 + +libpng3 (1.2.1-5) unstable; urgency=low + + * Not yet released. + * Change priority from standard to optional. + + -- Junichi Uekawa Sun, 15 Sep 2002 15:39:12 +0900 + +libpng3 (1.2.1-4) unstable; urgency=low + + * change -dev dependency of libc6-dev to libc-dev + + -- Junichi Uekawa Fri, 13 Sep 2002 18:40:53 +0900 + +libpng3 (1.2.1-3) unstable; urgency=low + + * Security fix backported from 1.2.4. Check bounds of variables. + (closes: #155403) + + -- Junichi Uekawa Wed, 7 Aug 2002 17:30:32 +0900 + +libpng3 (1.2.1-2) unstable; urgency=low + + * New maintainer (closes: #151343) + * apply buffer overflow patch for interlaced png files (closes: #150595) + * update description for libpng3-dev. + * change libpng-dev to libpng3-dev + + -- Junichi Uekawa Thu, 25 Jul 2002 16:28:24 +0900 + +libpng3 (1.2.1-1.1) unstable; urgency=low + + * NMU + * Provides: libpng2-dev has been changed to Provides: libpng3-dev + libpng2-dev can be put back in when some kind of sane transition has + finished. + (closes: #128384, #128871, #129268, #129269) + + -- Junichi Uekawa Tue, 12 Feb 2002 02:31:53 +0900 + +libpng3 (1.2.1-1) unstable; urgency=low + + * New upstream version; closes: #125679. + * New source package name: libpng3. + * Renamed libpng-dev to libpng-dev to avoid having to maintain several + development packages (the -dev is source compatible). + * Moved png.5 into the -dev package. + * Added a Replaces: libpng2 to libpng-dev so that we can steal the png.5 + manpage without fuss. + * Changed debian/shlibs for libpng3. + * Compress examples/pngtest.c. + + -- Philippe Troin Tue, 18 Dec 2001 20:01:04 -0800 + +libpng (1.0.12-3) unstable; urgency=low + + * Moved the png.5 manpage to the dev package to allow multiple libpng + packages installed at the same time. + + -- Philippe Troin Tue, 18 Dec 2001 23:58:25 -0800 + +libpng (1.0.12-2) unstable; urgency=low + + * Changed libpng2-dev's section to devel to resync with override file. + * Fixed upstream version detection in debian/rules; closes: #105931. + + -- Philippe Troin Sun, 29 Jul 2001 11:52:40 -0700 + +libpng (1.0.12-1) unstable; urgency=low + + * New upstream release; closes: #105354. + * Bumped dependency information in debian/shlibs to libpng >= 1.0.12 + since there were some non-backwards compatible changes to the API. + * Added support for DEB_BUILD_OPTIONS and get-orig-source to debian/rules. + * Added call to ldconfig on postrm's remove. + * Removed INSTALL file from /usr/share/doc/libpng2. + * Bumped standards version to 3.5.5.0. + + -- Philippe Troin Tue, 17 Jul 2001 23:32:36 -0700 + +libpng (1.0.11-1) unstable; urgency=low + + * New upstream release. + + -- Philippe Troin Wed, 2 May 2001 20:43:51 -0700 + +libpng (1.0.10-2) unstable; urgency=low + + * Force recompile because of bad sparc package. + * Libpng2's priority changed to standard to comply with the override file. + + -- Philippe Troin Tue, 24 Apr 2001 11:49:31 -0700 + +libpng (1.0.10-1) unstable; urgency=low + + * New upstream release. + * Changed shlib to depend on libpng2 (>= 2.0.10) because of + non-backwards compatible changes. + + -- Philippe Troin Sun, 22 Apr 2001 22:48:30 -0700 + +libpng (1.0.8-1) unstable; urgency=low + + * Changed the doc-base type from 'test' to 'text'; closes: #59877. + * New upstream relase 1.0.8; closes: #70464. + * Updated copyright notice. + * Removed Y2kINFO from the doc directory. + * Added pngtest.c in examples; closes: #65229. + * Updated to standards version 3.2.1.0. + * Added build-depends line in control file; closes: #69291. + + -- Philippe Troin Mon, 11 Sep 2000 23:19:12 -0700 + +libpng (1.0.5-1) frozen unstable; urgency=low + + * Maintainer upload (closes: #48244, #48246). + * Added some extra explanations for the setjmp.h mess (closes: #56759), + see pngconf.h for details. + + -- Philippe Troin Mon, 28 Feb 2000 13:53:22 -0800 + +libpng (1.0.5-0.1) unstable; urgency=low + + * Non-maintainer release. + * New upstream release. (closes:Bug#48244). + * Remove versioned depend from shlibs (closes:Bug#48246). + + -- Joel Klecker Sat, 30 Oct 1999 08:12:53 -0700 + +libpng (1.0.3-1) unstable; urgency=low + + * New upstream version (1.0.3); Closes: #31870, #46333. + * Maintainer upload, closes NMU bugs; Closes: #28412, #31523, #31690. + * FHS compliant. + * New standard-version 3.0.1. + * Lintian clean. + * Removed temporary zlib1g line in control file (used to be a bug in + zlib1g). + * Moved the documentation file to the -dev package. + * Register documentation file to doc-base. + * Fontified man pages with addformat script; Closes #38680. + + -- Philippe Troin Mon, 4 Oct 1999 18:59:42 -0700 + +libpng (1.0.2b-0.1) frozen unstable; urgency=low + + * New upstream (bug-fix only) version. + (Should fix bugs #31690滼, since I can't reproduce them) + From the author: + "I have recently uploaded libpng-1.0.2b to + ftp://swrinde.nde.swri.edu/pub/png-group/src + I plan to release it as libpng-1.0.3 in a + few days, but would like to hear whether it + fixes the problems with GNOME. + It restores a few lines of code that were + inadvertently deleted from pngread.c, which + seems to be the cause of problems with adding + an alpha channel (which you fixed by downgrading + to libpng-1.0.1's pngread.c)." + [Glenn Randers-Pehrson ] + * Masquerade version number to 1.0.3 to make Imlib & Co. happy. + + -- Vincent Renardias Mon, 11 Jan 1999 06:27:55 +0100 + +libpng (1.0.2-1.1) frozen unstable; urgency=low + + * Fix Important bug #28412 + (using pngread.c from libpng-1.0.1 did the trick). + + -- Vincent Renardias Wed, 6 Jan 1999 19:00:15 +0100 + +libpng (1.0.2-1) unstable; urgency=low + + * Maintainer release (to change a bit). + * Pristine sources. + * Libpng2-dev includes example.c (fixes bug #10315). + * Changed control file to reflect difference with libpng0g (fixes #23795). + * Recompiled (should fix the zlib1g missing symbol, bug #24450). + * Added -D_REENTRANT also to static library. + * Added a dependency upon zlib1g >= 1.1.2 (otherwise we get a missing + symbol) (fixes bug #24450). + + -- Philippe Troin Tue, 22 Sep 1998 00:17:16 -0700 + +libpng (1.0.2-0.1) unstable; urgency=low + + * Non-maintainer release + * New upstream version + + -- Karl M. Hegbloom Tue, 4 Aug 1998 23:47:00 -0700 + +libpng (1.0.1-0.2) unstable; urgency=medium + + * debian/rules (binary-arch): don't call install with -s as an + argument when installing a shared library; it doesn't know to use + --strip-unneeded, and we call strip separately later anyway. + * scripts/makefile.lnx (CFLAGS): killed i386-isms. + * scripts/makefile.lnx: compiled shared libraries with -D_REENTRANT. + (The above fixes are from James Troup, who yet again, alerted me to + my screwups ;) + * debian/postinst: only call ldconfig if $1 = configure. + + -- Joel Klecker Wed, 17 Jun 1998 10:25:27 -0700 + +libpng (1.0.1-0.1) unstable; urgency=low + + * New upstream bug fix release. + * Include man pages. + + -- Joel Klecker Wed, 06 May 1998 08:51:49 -0700 + +libpng (1.0.0-0.1) unstable; urgency=low + + * Non-maintainer Release. + * New Upstream Release. + * Changed source package name to `libpng'. + * Added `-f makefile.lnx' to make invocations in debian/rules. + * Removed `ldconfig' call from postrm. + + -- Joel Klecker Tue, 4 Mar 1998 17:58:05 -0800 + +libpng0 (0.96-5) unstable; urgency=low + + * Removed executable permissions on shared libs (fixes bug #15478). + * Updated Standards-Version to 2.3.0.1. + + -- Philippe Troin Sun, 25 Jan 1998 13:19:51 -0800 + +libpng0 (0.96-4) unstable; urgency=low + + * Shared libraries are stripped with --strip-unneeded and static + libraries with --strip-debug (fixes bug #15669). + * Made the build strip non-i386 specific (patch by James Troup) (fixes + bug #13832). + * Removed the dependency between the libc5 and libc6 versions. + + -- Philippe Troin Sun, 18 Jan 1998 22:37:19 -0800 + +libpng0 (0.96-3) unstable; urgency=low + + * Libc6 compilation. + + -- Philippe Troin Tue, 23 Sep 1997 21:38:42 -0700 + +libpng0 (0.96-2) unstable; urgency=low + + * Fixed permissions in /usr/doc/libpng0 (fixes bug #10540). + + -- Philippe Troin Sun, 15 Jun 1997 13:18:38 -0700 + +libpng0 (0.96-1) unstable; urgency=low + + * New upstream sources. + + -- Philippe Troin Thu, 12 Jun 1997 23:32:29 -0700 + +libpng0 (0.95b-1) unstable; urgency=low + + * New maintainer. + * Upgraded to upstream version 0.95b. + * Make debian/rules version independent. + * Debian/rules clean now removes substvars. + * Bumped the shlibs version to 0.95 as some incompatibilities were + introduced between 0.89 and 0.90. + * Added the Section: and Priority: fields to the control file (fixes bug + #6370). + * Now /usr/doc/libpng0 contains various info and the debian change log + stuff (fixes bug #7925). + * Added -D_REENTRANT compilation flag. + + -- Philippe Troin Fri, 18 Apr 1997 14:44:09 -0700 + +libpng (0.89c-6) unstable; urgency=low + + * Moved shlibs file to correct location + + -- Michael Alan Dorman Sun, 15 Dec 1996 13:03:19 -0500 + +libpng (0.89c-5) unstable; urgency=low + + * Added shlibs file + + -- Michael Alan Dorman Sat, 23 Nov 1996 16:23:06 -0500 + +libpng (0.89c-4) unstable; urgency=low + + * Now stripping shared libraries (Bug#5134) + + -- Michael Alan Dorman Sat, 23 Nov 1996 12:05:06 -0500 + +libpng (0.89c-3) unstable; urgency=low + + * Corrected maintainers address + + -- Michael Alan Dorman Mon, 23 Sep 1996 12:52:03 -0400 + +libpng (0.89c-2) unstable; urgency=low + + * Accommodate the fact that dpkg-source doesn't properly preserve + permissions on scripts when extracting package. (Bug#4513) + + -- Michael Alan Dorman Mon, 23 Sep 1996 12:34:35 -0400 + +libpng (0.89c-1) unstable; urgency=low + + * New upstream version. + * Moved to new source packaging format. + + -- Michael Alan Dorman Thu, 12 Sep 1996 15:19:35 -0400 --- libpng-1.2.37.orig/debian/compat +++ libpng-1.2.37/debian/compat @@ -0,0 +1 @@ +7 --- libpng-1.2.37.orig/debian/Libpng2-dev.examples +++ libpng-1.2.37/debian/Libpng2-dev.examples @@ -0,0 +1,3 @@ +example.c +pngtest.c +pngtest.png --- libpng-1.2.37.orig/debian/libpng12-0-udeb.dirs +++ libpng-1.2.37/debian/libpng12-0-udeb.dirs @@ -0,0 +1 @@ +/usr/lib --- libpng-1.2.37.orig/debian/copyright +++ libpng-1.2.37/debian/copyright @@ -0,0 +1,114 @@ +This is the pre-packaged Debian Linux version of the libpng graphics +library. It was packaged by Philippe Troin +from sources originally retrieved from ftp://swrinde.nde.swri.edu/pub/png/src/ + +The packaging itself is +copyright (C) 2001 Philippe Troin , +copyright 2002 Junichi Uekawa , +copyright 2003 Josselin Mouette and +copyright 2006-2009 Anibal Monsalve Salazar . +It is licensed under the GNU General Public License v2 or later. On +Debian systems, the GPL is in /usr/share/common-licenses/GPL-2. + +Here is the copyright and license for libpng: + + libpng version 1.2.26 - April 2, 2008 + Copyright (c) 1998-2008 Glenn Randers-Pehrson + (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) + (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) + + Authors and maintainers: + libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat + libpng versions 0.89c, June 1996, through 0.96, May 1997: Andreas Dilger + libpng versions 0.97, January 1998, through 1.2.26 - April 2, 2008: Glenn + See also "Contributing Authors", below. + + + COPYRIGHT NOTICE, DISCLAIMER, and LICENSE: + + If you modify libpng you may insert additional notices immediately following + this sentence. + + libpng versions 1.2.6, August 15, 2004, through 1.2.26, April 2, 2008, are + Copyright (c) 2004, 2006-2008 Glenn Randers-Pehrson, and are + distributed according to the same disclaimer and license as libpng-1.2.5 + with the following individual added to the list of Contributing Authors: + + Cosmin Truta + + libpng versions 1.0.7, July 1, 2000, through 1.2.5, October 3, 2002, are + Copyright (c) 2000-2002 Glenn Randers-Pehrson, and are + distributed according to the same disclaimer and license as libpng-1.0.6 + with the following individuals added to the list of Contributing Authors: + + Simon-Pierre Cadieux + Eric S. Raymond + Gilles Vollant + + and with the following additions to the disclaimer: + + There is no warranty against interference with your enjoyment of the + library or against infringement. There is no warranty that our + efforts or the library will fulfill any of your particular purposes + or needs. This library is provided with all faults, and the entire + risk of satisfactory quality, performance, accuracy, and effort is with + the user. + + libpng versions 0.97, January 1998, through 1.0.6, March 20, 2000, are + Copyright (c) 1998, 1999, 2000 Glenn Randers-Pehrson, and are + distributed according to the same disclaimer and license as libpng-0.96, + with the following individuals added to the list of Contributing Authors: + + Tom Lane + Glenn Randers-Pehrson + Willem van Schaik + + libpng versions 0.89, June 1996, through 0.96, May 1997, are + Copyright (c) 1996, 1997 Andreas Dilger + Distributed according to the same disclaimer and license as libpng-0.88, + with the following individuals added to the list of Contributing Authors: + + John Bowler + Kevin Bracey + Sam Bushell + Magnus Holmgren + Greg Roelofs + Tom Tanner + + libpng versions 0.5, May 1995, through 0.88, January 1996, are + Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc. + + For the purposes of this copyright and license, "Contributing Authors" + is defined as the following set of individuals: + + Andreas Dilger + Dave Martindale + Guy Eric Schalnat + Paul Schmidt + Tim Wegner + + The PNG Reference Library is supplied "AS IS". The Contributing Authors + and Group 42, Inc. disclaim all warranties, expressed or implied, + including, without limitation, the warranties of merchantability and of + fitness for any purpose. The Contributing Authors and Group 42, Inc. + assume no liability for direct, indirect, incidental, special, exemplary, + or consequential damages, which may result from the use of the PNG + Reference Library, even if advised of the possibility of such damage. + + Permission is hereby granted to use, copy, modify, and distribute this + source code, or portions hereof, for any purpose, without fee, subject + to the following restrictions: + + 1. The origin of this source code must not be misrepresented. + + 2. Altered versions must be plainly marked as such and + must not be misrepresented as being the original source. + + 3. This Copyright notice may not be removed or altered from + any source or altered source distribution. + + The Contributing Authors and Group 42, Inc. specifically permit, without + fee, and encourage the use of this source code as a component to + supporting the PNG file format in commercial products. If you use this + source code in a product, acknowledgment is not required but would be + appreciated. --- libpng-1.2.37.orig/debian/watch +++ libpng-1.2.37/debian/watch @@ -0,0 +1,2 @@ +version=3 +ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-([\d\.]+).tar.gz debian uupdate --- libpng-1.2.37.orig/debian/libpng12-0-udeb.install +++ libpng-1.2.37/debian/libpng12-0-udeb.install @@ -0,0 +1 @@ +usr/lib/libpng12.so.0* --- libpng-1.2.37.orig/debian/control +++ libpng-1.2.37/debian/control @@ -0,0 +1,60 @@ +Source: libpng +Section: libs +Priority: optional +Maintainer: Ubuntu Core Developers +XSBC-Original-Maintainer: Anibal Monsalve Salazar +Uploaders: Sam Hocevar (Debian packages) +Build-Depends: debhelper (>= 7), libtool, automake, autoconf, quilt (>= 0.40), zlib1g-dev, mawk +Standards-Version: 3.8.1 +Homepage: http://www.libpng.org/pub/png/libpng.html + +Package: libpng12-0 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Conflicts: libpng12-dev (<= 1.2.8rel-7), mzscheme (<= 1:209-5), pngcrush (<= 1.5.10-2), pngmeta (<= 1.11-3), qemacs (<= 0.3.1-5), povray-3.5 (<= 3.5.0c-10) +Replaces: libpng12-dev (<= 1.2.8rel-7) +Description: PNG library - runtime + libpng is a library implementing an interface for reading and writing + PNG (Portable Network Graphics) format files. + . + This package contains the runtime library files needed to run software + using libpng. + +Package: libpng12-dev +Section: libdevel +Architecture: any +Depends: libpng12-0 (= ${binary:Version}), zlib1g-dev +Conflicts: libpng2-dev, libpng-dev, libpng12-0-dev, libpng2 (<< 1.0.12-3) +Provides: libpng-dev, libpng12-0-dev, libpng3-dev +Replaces: libpng3-dev (<= 1.2.5), libpng12-0-dev +Description: PNG library - development + libpng is a library implementing an interface for reading and writing + PNG (Portable Network Graphics) format files. + . + This package contains the header and development files needed to build + programs and packages using libpng. + +Package: libpng3 +Section: oldlibs +Architecture: all +Depends: libpng12-0 (>= 1.2.5.0-2) +Description: PNG library - runtime + libpng is a library implementing an interface for reading and writing + PNG (Portable Network Graphics) format files. + . + This package is superseded by libpng12-0, and is provided only for + transitional purposes. + +Package: libpng12-0-udeb +XC-Package-Type: udeb +Section: debian-installer +Priority: extra +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: PNG library - minimal runtime library + libpng is a library implementing an interface for reading and writing + PNG (Portable Network Graphics) format files. + . + This package provides the minimal libpng12 runtime library needed for + the debian-installer. --- libpng-1.2.37.orig/debian/libpng12-dev.manpages +++ libpng-1.2.37/debian/libpng12-dev.manpages @@ -0,0 +1,3 @@ +libpng.3 +png.5 +debian/libpng12-config.1 --- libpng-1.2.37.orig/debian/libpng12-dev.install +++ libpng-1.2.37/debian/libpng12-dev.install @@ -0,0 +1,4 @@ +usr/include +usr/lib/pkgconfig +usr/lib/{libpng.a,libpng12.a,libpng.so,libpng12.so} +usr/bin --- libpng-1.2.37.orig/debian/patches/series +++ libpng-1.2.37/debian/patches/series @@ -0,0 +1,4 @@ +01-legacy.diff +02-CVE-2010-0205.patch +03-CVE-2010-1205.patch +04-CVE-2010-2249.patch --- libpng-1.2.37.orig/debian/patches/02-CVE-2010-0205.patch +++ libpng-1.2.37/debian/patches/02-CVE-2010-0205.patch @@ -0,0 +1,351 @@ +Description: fix denial of service via decompression bomb +Origin: backported from 1.2.43 by Marc Deslauriers +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libpng/+bug/533140 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572308 + +diff -Nur libpng-1.2.37/pngrutil.c libpng-1.2.37.new/pngrutil.c +--- libpng-1.2.37/pngrutil.c 2009-06-04 07:08:00.000000000 -0400 ++++ libpng-1.2.37.new/pngrutil.c 2010-03-12 10:48:35.000000000 -0500 +@@ -213,180 +213,193 @@ + + #if defined(PNG_READ_zTXt_SUPPORTED) || defined(PNG_READ_iTXt_SUPPORTED) || \ + defined(PNG_READ_iCCP_SUPPORTED) +-/* +- * Decompress trailing data in a chunk. The assumption is that chunkdata +- * points at an allocated area holding the contents of a chunk with a +- * trailing compressed part. What we get back is an allocated area +- * holding the original prefix part and an uncompressed version of the +- * trailing part (the malloc area passed in is freed). +- */ +-void /* PRIVATE */ +-png_decompress_chunk(png_structp png_ptr, int comp_type, +- png_size_t chunklength, +- png_size_t prefix_size, png_size_t *newlength) ++static png_size_t ++png_inflate(png_structp png_ptr, const png_byte *data, png_size_t size, ++ png_bytep output, png_size_t output_size) + { +- static PNG_CONST char msg[] = "Error decoding compressed text"; +- png_charp text; +- png_size_t text_size; ++ png_size_t count = 0; + +- if (comp_type == PNG_COMPRESSION_TYPE_BASE) +- { +- int ret = Z_OK; +- png_ptr->zstream.next_in = (png_bytep)(png_ptr->chunkdata + prefix_size); +- png_ptr->zstream.avail_in = (uInt)(chunklength - prefix_size); +- png_ptr->zstream.next_out = png_ptr->zbuf; +- png_ptr->zstream.avail_out = (uInt)png_ptr->zbuf_size; ++ png_ptr->zstream.next_in = (png_bytep)data; /* const_cast: VALID */ ++ png_ptr->zstream.avail_in = size; + +- text_size = 0; +- text = NULL; ++ while (1) ++ { ++ int ret, avail; + +- while (png_ptr->zstream.avail_in) +- { +- ret = inflate(&png_ptr->zstream, Z_PARTIAL_FLUSH); +- if (ret != Z_OK && ret != Z_STREAM_END) +- { +- if (png_ptr->zstream.msg != NULL) +- png_warning(png_ptr, png_ptr->zstream.msg); +- else +- png_warning(png_ptr, msg); +- inflateReset(&png_ptr->zstream); +- png_ptr->zstream.avail_in = 0; +- +- if (text == NULL) +- { +- text_size = prefix_size + png_sizeof(msg) + 1; +- text = (png_charp)png_malloc_warn(png_ptr, text_size); +- if (text == NULL) +- { +- png_free(png_ptr, png_ptr->chunkdata); +- png_ptr->chunkdata = NULL; +- png_error(png_ptr, "Not enough memory to decompress chunk"); +- } +- png_memcpy(text, png_ptr->chunkdata, prefix_size); +- } +- +- text[text_size - 1] = 0x00; +- +- /* Copy what we can of the error message into the text chunk */ +- text_size = (png_size_t)(chunklength - +- (text - png_ptr->chunkdata) - 1); +- if (text_size > png_sizeof(msg)) +- text_size = png_sizeof(msg); +- png_memcpy(text + prefix_size, msg, text_size); +- break; +- } +- if (!png_ptr->zstream.avail_out || ret == Z_STREAM_END) +- { +- if (text == NULL) +- { +- text_size = prefix_size + +- png_ptr->zbuf_size - png_ptr->zstream.avail_out; +- text = (png_charp)png_malloc_warn(png_ptr, text_size + 1); +- if (text == NULL) +- { +- png_free(png_ptr, png_ptr->chunkdata); +- png_ptr->chunkdata = NULL; +- png_error(png_ptr, +- "Not enough memory to decompress chunk."); +- } +- png_memcpy(text + prefix_size, png_ptr->zbuf, +- text_size - prefix_size); +- png_memcpy(text, png_ptr->chunkdata, prefix_size); +- *(text + text_size) = 0x00; +- } +- else +- { +- png_charp tmp; ++ /* Reset the output buffer each time round - we empty it ++ * after every inflate call. ++ */ ++ png_ptr->zstream.next_out = png_ptr->zbuf; ++ png_ptr->zstream.avail_out = png_ptr->zbuf_size; + +- tmp = text; +- text = (png_charp)png_malloc_warn(png_ptr, +- (png_uint_32)(text_size + +- png_ptr->zbuf_size - png_ptr->zstream.avail_out + 1)); +- if (text == NULL) +- { +- png_free(png_ptr, tmp); +- png_free(png_ptr, png_ptr->chunkdata); +- png_ptr->chunkdata = NULL; +- png_error(png_ptr, +- "Not enough memory to decompress chunk.."); +- } +- png_memcpy(text, tmp, text_size); +- png_free(png_ptr, tmp); +- png_memcpy(text + text_size, png_ptr->zbuf, +- (png_ptr->zbuf_size - png_ptr->zstream.avail_out)); +- text_size += png_ptr->zbuf_size - png_ptr->zstream.avail_out; +- *(text + text_size) = 0x00; +- } +- if (ret == Z_STREAM_END) +- break; +- else +- { +- png_ptr->zstream.next_out = png_ptr->zbuf; +- png_ptr->zstream.avail_out = (uInt)png_ptr->zbuf_size; +- } +- } +- } +- if (ret != Z_STREAM_END) +- { +-#if !defined(PNG_NO_STDIO) && !defined(_WIN32_WCE) +- char umsg[52]; ++ ret = inflate(&png_ptr->zstream, Z_NO_FLUSH); ++ avail = png_ptr->zbuf_size - png_ptr->zstream.avail_out; + +- if (ret == Z_BUF_ERROR) +- png_snprintf(umsg, 52, +- "Buffer error in compressed datastream in %s chunk", +- png_ptr->chunk_name); ++ /* First copy/count any new output - but only if we didn't ++ * get an error code. ++ */ ++ if ((ret == Z_OK || ret == Z_STREAM_END) && avail > 0) ++ { ++ if (output != 0 && output_size > count) ++ { ++ int copy = output_size - count; ++ if (avail < copy) copy = avail; ++ png_memcpy(output + count, png_ptr->zbuf, copy); ++ } ++ count += avail; ++ } ++ ++ if (ret == Z_OK) ++ continue; ++ ++ /* Termination conditions - always reset the zstream, it ++ * must be left in inflateInit state. ++ */ ++ png_ptr->zstream.avail_in = 0; ++ inflateReset(&png_ptr->zstream); + +- else if (ret == Z_DATA_ERROR) +- png_snprintf(umsg, 52, +- "Data error in compressed datastream in %s chunk", +- png_ptr->chunk_name); ++ if (ret == Z_STREAM_END) ++ return count; /* NOTE: may be zero. */ + +- else +- png_snprintf(umsg, 52, +- "Incomplete compressed datastream in %s chunk", +- png_ptr->chunk_name); ++ /* Now handle the error codes - the API always returns 0 ++ * and the error message is dumped into the uncompressed ++ * buffer if available. ++ */ ++ { ++ char *msg, umsg[52]; ++ if (png_ptr->zstream.msg != 0) ++ msg = png_ptr->zstream.msg; ++ else ++ { ++#if !defined(PNG_NO_STDIO) && !defined(_WIN32_WCE) ++ switch (ret) ++ { ++ case Z_BUF_ERROR: ++ msg = "Buffer error in compressed datastream in %s chunk"; ++ break; ++ case Z_DATA_ERROR: ++ msg = "Data error in compressed datastream in %s chunk"; ++ break; ++ default: ++ msg = "Incomplete compressed datastream in %s chunk"; ++ break; ++ } + +- png_warning(png_ptr, umsg); ++ png_snprintf(umsg, sizeof umsg, msg, png_ptr->chunk_name); ++ msg = umsg; + #else +- png_warning(png_ptr, +- "Incomplete compressed datastream in chunk other than IDAT"); ++ msg = "Damaged compressed datastream in chunk other than IDAT"; + #endif +- text_size = prefix_size; +- if (text == NULL) +- { +- text = (png_charp)png_malloc_warn(png_ptr, text_size+1); +- if (text == NULL) +- { +- png_free(png_ptr, png_ptr->chunkdata); +- png_ptr->chunkdata = NULL; +- png_error(png_ptr, "Not enough memory for text."); +- } +- png_memcpy(text, png_ptr->chunkdata, prefix_size); +- } +- *(text + text_size) = 0x00; ++ } ++ ++ png_warning(png_ptr, msg); + } + +- inflateReset(&png_ptr->zstream); +- png_ptr->zstream.avail_in = 0; ++ /* 0 means an error - notice that this code simple ignores ++ * zero length compressed chunks as a result. ++ */ ++ return 0; ++ } ++} + +- png_free(png_ptr, png_ptr->chunkdata); +- png_ptr->chunkdata = text; +- *newlength=text_size; ++/* ++ * Decompress trailing data in a chunk. The assumption is that chunkdata ++ * points at an allocated area holding the contents of a chunk with a ++ * trailing compressed part. What we get back is an allocated area ++ * holding the original prefix part and an uncompressed version of the ++ * trailing part (the malloc area passed in is freed). ++ */ ++void /* PRIVATE */ ++png_decompress_chunk(png_structp png_ptr, int comp_type, ++ png_size_t chunklength, ++ png_size_t prefix_size, png_size_t *newlength) ++{ ++ /* The caller should guarantee this */ ++ if (prefix_size > chunklength) ++ { ++ /* The recovery is to delete the chunk. */ ++ png_warning(png_ptr, "invalid chunklength"); ++ prefix_size = 0; /* To delete everything */ ++ } ++ ++ else if (comp_type == PNG_COMPRESSION_TYPE_BASE) ++ { ++ png_size_t expanded_size = png_inflate(png_ptr, ++ (png_bytep)(png_ptr->chunkdata + prefix_size), ++ chunklength - prefix_size, ++ 0/*output*/, 0/*output size*/); ++ ++ /* If the size is zero either there was an error and a message ++ * has already been output (warning) or the size really is zero ++ * and we have nothing to do - the code will exit through the ++ * error case below. ++ */ ++ if (expanded_size > 0) ++ { ++ /* Success (maybe) - really uncompress the chunk. */ ++ png_size_t new_size = 0; ++ png_charp text = png_malloc_warn(png_ptr, ++ prefix_size + expanded_size + 1); ++ ++ if (text != NULL) ++ { ++ png_memcpy(text, png_ptr->chunkdata, prefix_size); ++ new_size = png_inflate(png_ptr, ++ (png_bytep)(png_ptr->chunkdata + prefix_size), ++ chunklength - prefix_size, ++ (png_bytep)(text + prefix_size), expanded_size); ++ text[prefix_size + expanded_size] = 0; /* just in case */ ++ ++ if (new_size == expanded_size) ++ { ++ png_free(png_ptr, png_ptr->chunkdata); ++ png_ptr->chunkdata = text; ++ *newlength = prefix_size + expanded_size; ++ return; /* The success return! */ ++ } ++ ++ png_warning(png_ptr, "png_inflate logic error"); ++ png_free(png_ptr, text); ++ } ++ else ++ png_warning(png_ptr, "Not enough memory to decompress chunk."); ++ } + } ++ + else /* if (comp_type != PNG_COMPRESSION_TYPE_BASE) */ + { +-#if !defined(PNG_NO_STDIO) && !defined(_WIN32_WCE) + char umsg[50]; + +- png_snprintf(umsg, 50, "Unknown zTXt compression type %d", comp_type); ++#if !defined(PNG_NO_STDIO) && !defined(_WIN32_WCE) ++ png_snprintf(umsg, sizeof umsg, "Unknown zTXt compression type %d", comp_type); + png_warning(png_ptr, umsg); + #else + png_warning(png_ptr, "Unknown zTXt compression type"); + #endif + +- *(png_ptr->chunkdata + prefix_size) = 0x00; +- *newlength = prefix_size; ++ /* The recovery is to simply drop the data. */ + } ++ ++ /* Generic error return - leave the prefix, delete the compressed ++ * data, reallocate the chunkdata to remove the potentially large ++ * amount of compressed data. ++ */ ++ { ++ png_charp text = png_malloc_warn(png_ptr, prefix_size + 1); ++ if (text != NULL) ++ { ++ if (prefix_size > 0) ++ png_memcpy(text, png_ptr->chunkdata, prefix_size); ++ png_free(png_ptr, png_ptr->chunkdata); ++ png_ptr->chunkdata = text; ++ ++ /* This is an extra zero in the 'uncompressed' part. */ ++ *(png_ptr->chunkdata + prefix_size) = 0x00; ++ } ++ /* Ignore a malloc error here - it is safe. */ ++ } ++ ++ *newlength = prefix_size; + } + #endif + --- libpng-1.2.37.orig/debian/patches/04-CVE-2010-2249.patch +++ libpng-1.2.37/debian/patches/04-CVE-2010-2249.patch @@ -0,0 +1,67 @@ +Description: fix denial of service via memory leak from malformed sCAL chunks +Origin: Backport, from upstream 1.2.44 +Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=587670 + +diff -Nur libpng-1.2.37/pngrutil.c libpng-1.2.37.new/pngrutil.c +--- libpng-1.2.37/pngrutil.c 2010-07-05 11:44:30.000000000 -0400 ++++ libpng-1.2.37.new/pngrutil.c 2010-07-05 11:44:36.000000000 -0400 +@@ -1772,6 +1772,7 @@ + if (png_ptr->chunkdata == NULL) + { + png_warning(png_ptr, "Out of memory while processing sCAL chunk"); ++ png_crc_finish(png_ptr, length); + return; + } + slength = (png_size_t)length; +@@ -1793,6 +1794,8 @@ + if (*vp) + { + png_warning(png_ptr, "malformed width string in sCAL chunk"); ++ png_free(png_ptr, png_ptr->chunkdata); ++ png_ptr->chunkdata = NULL; + return; + } + #else +@@ -1801,6 +1804,8 @@ + if (swidth == NULL) + { + png_warning(png_ptr, "Out of memory while processing sCAL chunk width"); ++ png_free(png_ptr, png_ptr->chunkdata); ++ png_ptr->chunkdata = NULL; + return; + } + png_memcpy(swidth, ep, (png_size_t)png_strlen(ep)); +@@ -1814,8 +1819,7 @@ + if (png_ptr->chunkdata + slength < ep) + { + png_warning(png_ptr, "Truncated sCAL chunk"); +-#if defined(PNG_FIXED_POINT_SUPPORTED) && \ +- !defined(PNG_FLOATING_POINT_SUPPORTED) ++#if defined(PNG_FIXED_POINT_SUPPORTED) && !defined(PNG_FLOATING_POINT_SUPPORTED) + png_free(png_ptr, swidth); + #endif + png_free(png_ptr, png_ptr->chunkdata); +@@ -1828,6 +1832,11 @@ + if (*vp) + { + png_warning(png_ptr, "malformed height string in sCAL chunk"); ++ png_free(png_ptr, png_ptr->chunkdata); ++ png_ptr->chunkdata = NULL; ++#if defined(PNG_FIXED_POINT_SUPPORTED) && !defined(PNG_FLOATING_POINT_SUPPORTED) ++ png_free(png_ptr, swidth); ++#endif + return; + } + #else +@@ -1836,6 +1845,11 @@ + if (sheight == NULL) + { + png_warning(png_ptr, "Out of memory while processing sCAL chunk height"); ++ png_free(png_ptr, png_ptr->chunkdata); ++ png_ptr->chunkdata = NULL; ++#if defined(PNG_FIXED_POINT_SUPPORTED) && !defined(PNG_FLOATING_POINT_SUPPORTED) ++ png_free(png_ptr, swidth); ++#endif + return; + } + png_memcpy(sheight, ep, (png_size_t)png_strlen(ep)); --- libpng-1.2.37.orig/debian/patches/01-legacy.diff +++ libpng-1.2.37/debian/patches/01-legacy.diff @@ -0,0 +1,51 @@ +--- libpng-1.2.37/libpng-1.2.37.txt ++++ libpng-1.2.37/libpng-1.2.37.txt +@@ -929,8 +929,9 @@ + gray = (rw*red + gw*green + bw*blue)/65536; + + The default values approximate those recommended in the Charles +-Poynton's Color FAQ, +-Copyright (c) 1998-01-04 Charles Poynton ++Poynton's Color FAQ, ++ ++Copyright (c) 2002-12-16 Charles Poynton + + Y = 0.212671 * R + 0.715160 * G + 0.072169 * B + +--- libpng-1.2.26/png.h ++++ libpng-1.2.26/png.h +@@ -1773,7 +1773,8 @@ + png_ptr_ptr, png_infopp info_ptr_ptr, png_infopp end_info_ptr_ptr)); + + /* free all memory used by the read (old method - NOT DLL EXPORTED) */ +-extern void png_read_destroy PNGARG((png_structp png_ptr, png_infop info_ptr, ++/* Debian note: exporting as it is required by legacy applications */ ++extern PNG_EXPORT(void,png_read_destroy) PNGARG((png_structp png_ptr, png_infop info_ptr, + png_infop end_info_ptr)); + + /* free any memory associated with the png_struct and the png_info_structs */ +@@ -1781,7 +1782,8 @@ + PNGARG((png_structpp png_ptr_ptr, png_infopp info_ptr_ptr)); + + /* free any memory used in png_ptr struct (old method - NOT DLL EXPORTED) */ +-extern void png_write_destroy PNGARG((png_structp png_ptr)); ++/* Debian note: exporting as it is required by legacy applications */ ++extern PNG_EXPORT(void,png_write_destroy) PNGARG((png_structp png_ptr)); + + /* set the libpng method of handling chunk CRC errors */ + extern PNG_EXPORT(void,png_set_crc_action) PNGARG((png_structp png_ptr, +--- libpng-1.2.26/png.5 ++++ libpng-1.2.26/png.5 +@@ -18,7 +18,11 @@ + platforms. + + .SH "SEE ALSO" +-.IR libpng(3) ", " zlib(3) ", " deflate(5) ", and " zlib(5) ++.IR libpng (3), ++.IR zlib (3), ++.IR deflate (5), ++and ++.IR zlib (5) + .LP + PNG specification (second edition), November 2003: + .IP --- libpng-1.2.37.orig/debian/patches/03-CVE-2010-1205.patch +++ libpng-1.2.37/debian/patches/03-CVE-2010-1205.patch @@ -0,0 +1,171 @@ +Description: fix arbitrary code execution from additional data row via + malformed PNG image +Origin: Backport, from upstream 1.2.44 + +diff -Nur libpng-1.2.37/pngpread.c libpng-1.2.37.new/pngpread.c +--- libpng-1.2.37/pngpread.c 2009-06-04 07:08:00.000000000 -0400 ++++ libpng-1.2.37.new/pngpread.c 2010-07-05 11:43:22.000000000 -0400 +@@ -771,8 +771,7 @@ + + png_calculate_crc(png_ptr, png_ptr->save_buffer_ptr, save_size); + +- if (!(png_ptr->flags & PNG_FLAG_ZLIB_FINISHED)) +- png_process_IDAT_data(png_ptr, png_ptr->save_buffer_ptr, save_size); ++ png_process_IDAT_data(png_ptr, png_ptr->save_buffer_ptr, save_size); + + png_ptr->idat_size -= save_size; + png_ptr->buffer_size -= save_size; +@@ -795,8 +794,8 @@ + save_size = png_ptr->current_buffer_size; + + png_calculate_crc(png_ptr, png_ptr->current_buffer_ptr, save_size); +- if (!(png_ptr->flags & PNG_FLAG_ZLIB_FINISHED)) +- png_process_IDAT_data(png_ptr, png_ptr->current_buffer_ptr, save_size); ++ ++ png_process_IDAT_data(png_ptr, png_ptr->current_buffer_ptr, save_size); + + png_ptr->idat_size -= save_size; + png_ptr->buffer_size -= save_size; +@@ -821,60 +820,101 @@ + png_process_IDAT_data(png_structp png_ptr, png_bytep buffer, + png_size_t buffer_length) + { +- int ret; +- +- if ((png_ptr->flags & PNG_FLAG_ZLIB_FINISHED) && buffer_length) +- png_error(png_ptr, "Extra compression data"); +- ++ /* The caller checks for a non-zero buffer length. */ ++ if (!(buffer_length > 0) || buffer == NULL) ++ png_error(png_ptr, "No IDAT data (internal error)"); ++ ++ /* This routine must process all the data it has been given ++ * before returning, calling the row callback as required to ++ * handle the uncompressed results. ++ */ + png_ptr->zstream.next_in = buffer; + png_ptr->zstream.avail_in = (uInt)buffer_length; +- for (;;) ++ ++ /* Keep going until the decompressed data is all processed ++ * or the stream marked as finished. ++ */ ++ while (png_ptr->zstream.avail_in > 0 && ++ !(png_ptr->flags & PNG_FLAG_ZLIB_FINISHED)) + { +- ret = inflate(&png_ptr->zstream, Z_PARTIAL_FLUSH); +- if (ret != Z_OK) ++ int ret; ++ ++ /* We have data for zlib, but we must check that zlib ++ * has somewhere to put the results. It doesn't matter ++ * if we don't expect any results -- it may be the input ++ * data is just the LZ end code. ++ */ ++ if (!(png_ptr->zstream.avail_out > 0)) + { +- if (ret == Z_STREAM_END) +- { +- if (png_ptr->zstream.avail_in) +- png_error(png_ptr, "Extra compressed data"); ++ png_ptr->zstream.avail_out = ++ (uInt) PNG_ROWBYTES(png_ptr->pixel_depth, ++ png_ptr->iwidth) + 1; ++ png_ptr->zstream.next_out = png_ptr->row_buf; ++ } + +- if (!(png_ptr->zstream.avail_out)) +- { +- png_push_process_row(png_ptr); +- } ++ /* Using Z_SYNC_FLUSH here means that an unterminated ++ * LZ stream can still be handled (a stream with a missing ++ * end code), otherwise (Z_NO_FLUSH) a future zlib ++ * implementation might defer output and, therefore, ++ * change the current behavior. (See comments in inflate.c ++ * for why this doesn't happen at present with zlib 1.2.5.) ++ */ ++ ret = inflate(&png_ptr->zstream, Z_SYNC_FLUSH); + +- png_ptr->mode |= PNG_AFTER_IDAT; +- png_ptr->flags |= PNG_FLAG_ZLIB_FINISHED; +- break; +- } +- else if (ret == Z_BUF_ERROR) +- break; ++ /* Check for any failure before proceeding. */ ++ if (ret != Z_OK && ret != Z_STREAM_END) ++ { ++ /* Terminate the decompression. */ ++ png_ptr->flags |= PNG_FLAG_ZLIB_FINISHED; ++ ++ /* This may be a truncated stream (missing or ++ * damaged end code). Treat that as a warning. ++ */ ++ if (png_ptr->row_number >= png_ptr->num_rows || ++ png_ptr->pass > 6) ++ png_warning(png_ptr, "Truncated compressed data in IDAT"); ++ else ++ png_error(png_ptr, "Decompression error in IDAT"); + +- else +- png_error(png_ptr, "Decompression Error"); ++ /* Skip the check on unprocessed input */ ++ return; + } +- if (!(png_ptr->zstream.avail_out)) ++ ++ /* Did inflate output any data? */ ++ if (png_ptr->zstream.next_out != png_ptr->row_buf) + { +- if (( +-#if defined(PNG_READ_INTERLACING_SUPPORTED) +- png_ptr->interlaced && png_ptr->pass > 6) || +- (!png_ptr->interlaced && +-#endif +- png_ptr->row_number == png_ptr->num_rows)) ++ /* Is this unexpected data after the last row? ++ * If it is, artificially terminate the LZ output ++ * here. ++ */ ++ if (png_ptr->row_number >= png_ptr->num_rows || ++ png_ptr->pass > 6) + { +- if (png_ptr->zstream.avail_in) +- png_warning(png_ptr, "Too much data in IDAT chunks"); +- png_ptr->flags |= PNG_FLAG_ZLIB_FINISHED; +- break; +- } +- png_push_process_row(png_ptr); +- png_ptr->zstream.avail_out = (uInt)png_ptr->irowbytes; +- png_ptr->zstream.next_out = png_ptr->row_buf; ++ /* Extra data. */ ++ png_warning(png_ptr, "Extra compressed data in IDAT"); ++ png_ptr->flags |= PNG_FLAG_ZLIB_FINISHED; ++ /* Do no more processing; skip the unprocessed ++ * input check below. ++ */ ++ return; ++ } ++ ++ /* Do we have a complete row? */ ++ if (png_ptr->zstream.avail_out == 0) ++ png_push_process_row(png_ptr); + } + +- else +- break; ++ /* And check for the end of the stream. */ ++ if (ret == Z_STREAM_END) ++ png_ptr->flags |= PNG_FLAG_ZLIB_FINISHED; + } ++ ++ /* All the data should have been processed, if anything ++ * is left at this point we have bytes of IDAT data ++ * after the zlib end code. ++ */ ++ if (png_ptr->zstream.avail_in > 0) ++ png_warning(png_ptr, "Extra compression data"); + } + + void /* PRIVATE */