Libpng 1.4.17 - November 12, 2015

This is a public release of libpng, intended for use in production codes.

Files available for download:

Source files with LF line endings (for Unix/Linux) and with a
"configure" script

  libpng-1.4.17.tar.xz (LZMA-compressed, recommended)
  libpng-1.4.17.tar.gz
  libpng-1.4.17.tar.bz2

Source files with CRLF line endings (for Windows), without the
"configure" script

  lpng1417.7z (LZMA-compressed, recommended)
  lpng1417.zip

Other information:

  libpng-1.4.17-README.txt
  libpng-1.4.17-LICENSE.txt
  libpng-1.4.17-*.asc (armored detached GPG signatures)

Changes since the last public release (1.4.16):

 Fixed typecast in a png_debug2() statement in png_set_text_2() to
   avoid a compiler warning in PNG_DEBUG builds.
 Avoid Coverity issues 80855, 80856, and 80857 (PRINTF_ARG_MISMATCH)
   in pngtest.c PNG_DEBUG builds.
 Avoid Coverity issue 80858 (REVERSE NULL) in pngtest.c PNG_DEBUG builds.
 Removed WRITE_WEIGHTED_FILTERED code.
 Added -DZ_SOLO to contrib/pngminim/*/makefile to work with zlib-1.2.7+
 Use nanosleep() instead of usleep() in contrib/gregbook/rpng2-x.c
   because usleep() is deprecated (port from libpng16).
 Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
 Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
 Fixed some bad links in the man page.
 Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert
   Seacord).
 Fixed the recently reported 1's complement security issue by replacing
   the value that is illegal in the PNG spec, in both signed and unsigned
   values, with 0. Illegal unsigned values (anything greater than or equal
   to  0x80000000) can still pass through, but since these are not illegal
   in ANSI-C (unlike 0x80000000 in the signed case) the checking that
   occurs later can catch them (John Bowler).
 Fixed png_save_int_32 when int is not 2's complement (John Bowler).
 Added sPLT support to pngtest.c
 Added a safety check in png_set_tIME() (Fixes CVE-2015-7981, bug report
   from Qixue Xiao).
 Prevent writing over-length PLTE chunk (Cosmin Truta).
 Silently truncate over-length PLTE chunk while reading.
 Clarified COPYRIGHT information to state explicitly that versions
   are derived from previous versions.
 Removed much of the long list of previous versions from png.h and
   libpng.3.

Send comments/corrections/commendations to glennrp at users.sourceforge.net
or to png-mng-implement at lists.sf.net (subscription required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement).

Glenn R-P

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.