-Libpng 1.6.29 - March 16, 2017
+Libpng 1.6.32 - August 24, 2017
This is a public release of libpng, intended for use in production codes.
Source files with LF line endings (for Unix/Linux) and with a
"configure" script
- libpng-1.6.29.tar.xz (LZMA-compressed, recommended)
- libpng-1.6.29.tar.gz
+ libpng-1.6.32.tar.xz (LZMA-compressed, recommended)
+ libpng-1.6.32.tar.gz
Source files with CRLF line endings (for Windows), without the
"configure" script
- lpng1629.7z (LZMA-compressed, recommended)
- lpng1629.zip
+ lpng1632.7z (LZMA-compressed, recommended)
+ lpng1632.zip
Other information:
- libpng-1.6.29-README.txt
- libpng-1.6.29-LICENSE.txt
- libpng-1.6.29-*.asc (armored detached GPG signatures)
-
-Changes since the last public release (1.6.28):
-
- Readded "include(GNUInstallDirs)" to CMakeLists.txt (Gianfranco Costamagna).
- Moved SSE2 optimization code into the main libpng source directory.
- Configure libpng with "configure --enable-intel-sse" or compile
- libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it.
- Simplified conditional compilation in pngvalid.c, for AIX (Michael Felt).
- Avoid conditional directives that break statements in pngrutil.c (Romero
- Malaquias)
- The contrib/examples/pngtopng.c recovery code was in the wrong "if"
- branches; the comments were correct.
- Added code for PowerPC VSX optimisation (Vadim Barkov).
- Avoid potential overflow of shift operations in png_do_expand() (Aaron Boxer).
- Change test ZLIB_VERNUM >= 0x1281 to ZLIB_VERNUM >= 0x1290 in pngrutil.c
- because Solaris 11 distributes zlib-1.2.8.f that is older than 1.2.8.1.
- Suppress clang warnings about implicit sign changes in png.c
+ libpng-1.6.32-README.txt
+ libpng-1.6.32-LICENSE.txt
+ libpng-1.6.32-*.asc (armored detached GPG signatures)
+
+Changes since the last public release (1.6.31):
+ Avoid possible NULL dereference in png_handle_eXIf when benign_errors
+ are allowed. Avoid leaking the input buffer "eXIf_buf".
+ Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif
+ to arguments for png_get_eXIf() and png_set_eXIf().
+ Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in
+ pngwrite.c, and made various other fixes to png_write_eXIf().
+ Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and
+ png_set_eXIf_1(), respectively, to avoid breaking API compatibility
+ with libpng-1.6.31.
+ Updated contrib/libtests/pngunknown.c with eXIf chunk.
+ Initialized btoa[] in pngstest.c
+ Stop memory leak when returning from png_handle_eXIf() with an error
+ (Bug report from the OSS-fuzz project).
+ Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
+ Update libpng.3 and libpng-manual.txt about eXIf functions.
+ Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability.
+ Removed png_get_eXIf_1() and png_set_eXIf_1().
+ Check length of all chunks except IDAT against user limit to fix an
+ OSS-fuzz issue.
+ Check length of IDAT against maximum possible IDAT size, accounting
+ for height, rowbytes, interlacing and zlib/deflate overhead.
+ Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf)
+ does not work (the eXIf chunk data can contain zeroes).
+ Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation,
+ no longer using deprecated cmake LOCATION feature (Clifford Yapp).
+ Fixed five-byte error in the calculation of IDAT maximum possible size.
+ Moved chunk-length check into a png_check_chunk_length() private
+ function (Suggested by Max Stepin).
+ Moved bad pngs from tests to contrib/libtests/crashers
+ Moved testing of bad pngs into a separate tests/pngtest-badpngs script
+ Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL
+ in the output but PASS for the libpng test.
+ Require cmake-3.0.2 in CMakeLists.txt (Clifford Yapp).
+ Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the
+ num_exif argument to png_get_eXIf_1() (Github Issue 171).
+ Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
+ Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers.
+ Make pngtest --strict, --relax, --xfail options imply -m (multiple).
+ Removed unused chunk_name parameter from png_check_chunk_length().
+ Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak.
+ Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue.
+ Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR.
+ Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.
+ Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account
+ for the minimum 'deflate' stream, and relocate the test to a point
+ after the keyword has been read.
+ Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM".
+ Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers,
+ one for each known chunk type, with length = 2GB-1.
+ Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts
+ in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706,
+ and 162707).
+ Renamed chunks in contrib/testpngs/crashers to avoid having files whose
+ names differ only in case; this causes problems with some platforms
+ (github issue #172).
+ Added contrib/oss-fuzz directory which contains files used by the oss-fuzz
+ project (https://github.com/google/oss-fuzz/tree/master/projects/libpng).
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit