2011年7月 8日

[installer 2872] Re: libpng-1.2.45, 1.4.8, 1.5.4

(Fri, 08 Jul 2011 10:58:04 +0900 (JST))
Koga Youichirou <y-koga@xxxxx>:
> libpng-1.2.45, 1.4.8, 1.5.4 出ています。

これ、セキュリティ・ホールの修正が含まれています。
http://www.kb.cert.org/vuls/id/819894
http://jvn.jp/cert/JVNVU819894/
参照のこと。


> ☆ libpng-1.2.45
> http://sourceforge.net/projects/libpng/
> http://sourceforge.net/projects/libpng/files/libpng12/1.2.45/
>
> version 1.2.45beta01 [June 7, 2011]
> Fixed uninitialized memory read in png_format_buffer() (Bug
> report by Frank Busse, related to CVE-2004-0421).
> Pass "" instead of '\0' to png_default_error() in png_err(). This mistake
> was introduced in libpng-1.2.20beta01.
> Check for up->location !PNG_AFTER_IDAT when writing unknown chunks
> before IDAT.
> Ported bugfix in pngrtran.c from 1.5.3: when expanding a paletted image,
> always expand to RGBA if transparency is present.
>
> version 1.2.45beta02 [June 8, 2011]
> Check for integer overflow in png_set_rgb_to_gray().
>
> version 1.2.45beta03 [June 19, 2011]
> Check for sCAL chunk too short.
>
> version 1.2.45rc01 and 1.0.55rc01 [June 30, 2011]
> Updated "last changed" dates and copyright year.
>
> version 1.2.45 and 1.0.55 [July 7, 2011]
> No changes.
>
>
> ☆ libpng-1.4.8
> http://sourceforge.net/projects/libpng/
> http://sourceforge.net/projects/libpng/files/libpng14/1.4.8/
>
> version 1.4.8beta01 [June 4, 2011]
> Undef "_ALL_SOURCE" for AIX, to prevent "jmpbuf" from being redefined.
> Copied png_debug macros from pngpriv.h into pngtest.c and removed
> "#include pngpriv.h" from pngtest.c, to avoid setting a bad example.
> Pass "" instead of '\0' to png_default_error() in png_err(). This mistake
> was introduced in libpng-1.2.20beta01.
> Check for up->location !PNG_AFTER_IDAT when writing unknown chunks
> before IDAT.
> Ported bugfix in pngrtran.c from 1.5.3: when expanding a paletted image,
> always expand to RGBA if transparency is present.
>
> version 1.4.8beta02 [June 5, 2011]
> Ported bugfix in pngrtran.c from 1.5.3: Ensure coefficients are OK for
> png_rgb_to_gray_fixed().
>
> version 1.4.8beta03 [June 6, 2011]
> Check for integer overflow in png_set_rgb_to_gray().
>
> version 1.4.8beta04 [June 7, 2011]
> Fixed uninitialized memory read in png_format_buffer() (Bug report by
> Frank Busse, related to CVE-2004-0421).
>
> version 1.4.8beta05 [June 19, 2011]
> Fixed error in "ACCURATE" 16-to-8 scaling (John Bowler).
> Check for sCAL chunk too short.
>
> version 1.4.8rc01 [June 30, 2011]
> No changes.
>
> version 1.4.8 [July 7, 2011]
> No changes.
>
>
> ☆ libpng-1.5.4
> http://sourceforge.net/projects/libpng/
> http://sourceforge.net/projects/libpng/files/libpng15/1.5.4/
>
> Version 1.5.4beta01 [June 14, 2011]
> Made it possible to undefine PNG_READ_16_TO_8_ACCURATE_SCALE_SUPPORTED
> to get the same (inaccurate) output as libpng-1.5.2 and earlier.
> Moved definitions of PNG_HAVE_IHDR, PNG_AFTER_IDAT, and PNG_HAVE_PLTE
> outside of an unknown-chunk block in png.h because they are also
> needed for other uses.
>
> Version 1.5.4beta02 [June 14, 2011]
> Fixed and clarified LEGACY 16-to-8 scaling code.
> Added png_set_chop_16() API, to match inaccurate results from previous
> libpng versions.
> Removed the ACCURATE and LEGACY options (they are no longer useable)
> Use the old scaling method for background if png_set_chop_16() was
> called.
> Made png_set_chop_16() API removeable by disabling PNG_CHOP_16_TO_8_SUPPORTED
>
> Version 1.5.4beta03 [June 15, 2011]
> Fixed a problem in png_do_expand_palette() exposed by optimization in
> 1.5.3beta06
> Also removed a spurious and confusing "trans" member ("trans") from png_info.
> The palette expand optimization prevented expansion to an intermediate RGBA
> form if tRNS was present but alpha was marked to be stripped; this exposed
> a check for tRNS in png_do_expand_palette() which is inconsistent with the
> code elsewhere in libpng.
> Correction to the expand_16 code; removed extra instance of
> png_set_scale_16_to_8 from pngpriv.h
>
> Version 1.5.4beta04 [June 16, 2011]
> Added a missing "#ifdef PNG_READ_BACKGROUND_SUPPORTED/#endif" in pngrtran.c
> Added PNG_TRANSFORM_CHOP_16 to the high-level read transforms.
> Made PNG_READ_16_TO_8_ACCURATE_SCALE configurable again. If this is
> not enabled, png_set_strip_16() and png_do_scale_16_to_8() aren't built.
> Revised contrib/visupng, gregbook, and pngminim to demonstrate chop_16_to_8
>
> Version 1.5.4beta05 [June 16, 2011]
> Renamed png_set_strip_16() to png_set_scale_16() and renamed
> png_set_chop_16() to png_set_strip(16) in an attempt to minimize the
> behavior changes between libpng14 and libpng15.
>
> Version 1.5.4beta06 [June 18, 2011]
> Fixed new bug that was causing both strip_16 and scale_16 to be applied.
>
> Version 1.5.4beta07 [June 19, 2011]
> Fixed pngvalid, simplified macros, added checking for 0 in sCAL.
> The ACCURATE scale macro is no longer defined in 1.5 - call the
> png_scale_16_to_8 API. Made sure that PNG_READ_16_TO_8 is still defined
> if the png_strip_16_to_8 API is present. png_check_fp_number now
> maintains some state so that positive, negative and zero values are
> identified. sCAL uses these to be strictly spec conformant.
>
> Version 1.5.4beta08 [June 23, 2011]
> Fixed pngvalid if ACCURATE_SCALE is defined.
> Updated scripts/pnglibconf.h.prebuilt.
>
> Version 1.5.4rc01 [June 30, 2011]
> Define PNG_ALLOCATED to "restrict" only if MSC_VER >= 1400.
>
> Version 1.5.4 [July 7, 2011]

----
こがよういちろう


投稿者 xml-rpc : 2011年7月 8日 12:59
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/104772
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。