diff --git a/ANNOUNCE b/ANNOUNCE index ab2651a440d0ea675774952f75861b0393adc0e3..58928615c5a443810416ac47d76065ab64b777ce 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,5 +1,5 @@ -Libpng 1.6.3beta05 - May 8, 2013 +Libpng 1.6.3beta05 - May 9, 2013 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -45,7 +45,7 @@ Version 1.6.3beta04 [May 6, 2013] Calculate our own zlib windowBits when decoding rather than trusting the CMF bytes in the PNG datastream. -Version 1.6.3beta05 [May 8, 2013] +Version 1.6.3beta05 [May 9, 2013] Choose to use windowBits==15 or the zlib header setting via the benign-errors setting. If benign errors are allowed, then ignore the windowBits setting in the zlib header. @@ -72,6 +72,9 @@ Version 1.6.3beta05 [May 8, 2013] Attempt to detect configuration issues with pngdeflate, which requires both the correct libpng and the correct zlib to function correctly. Check ZLIB_VERNUM for mismatches, enclose #error in quotes + Renamed contrib/tools/fixitxt to contrib/tools/png-fix-itxt. + Added information in the documentation about problems with and fixes for + the bad CRC and bad iTXt chunk situations. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index 96f9d0305056deb06b5521205e3579775e2e1010..0b11b91bca772c3e0b67bdfeed61101d5457e7aa 100644 --- a/CHANGES +++ b/CHANGES @@ -4528,7 +4528,7 @@ Version 1.6.3beta04 [May 6, 2013] Calculate our own zlib windowBits when decoding rather than trusting the CMF bytes in the PNG datastream. -Version 1.6.3beta05 [May 8, 2013] +Version 1.6.3beta05 [May 9, 2013] Choose to use windowBits==15 or the zlib header setting via the benign-errors setting. If benign errors are allowed, then ignore the windowBits setting in the zlib header. @@ -4555,6 +4555,9 @@ Version 1.6.3beta05 [May 8, 2013] Attempt to detect configuration issues with pngdeflate, which requires both the correct libpng and the correct zlib to function correctly. Check ZLIB_VERNUM for mismatches, enclose #error in quotes + Renamed contrib/tools/fixitxt to contrib/tools/png-fix-itxt. + Added information in the documentation about problems with and fixes for + the bad CRC and bad iTXt chunk situations. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/Makefile.am b/Makefile.am index 9b1f9edf489322029081d1ae1758acdaa7d500b7..1d27b11408c86aa63dfdfe297a03f64f682e3618 100644 --- a/Makefile.am +++ b/Makefile.am @@ -10,7 +10,7 @@ ACLOCAL_AMFLAGS = -I scripts check_PROGRAMS= pngtest pngunknown pngstest pngvalid # Utilities - installed -bin_PROGRAMS= pngdeflate fixitxt +bin_PROGRAMS= pngdeflate png-fix-itxt pngtest_SOURCES = pngtest.c pngtest_LDADD = libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@.la @@ -27,7 +27,7 @@ pngunknown_LDADD = libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@.la pngdeflate_SOURCES = contrib/tools/pngdeflate.c pngdeflate_LDADD = libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@.la -fixitxt_SOURCES = contrib/tools/fixitxt.c +png_fix_itxt_SOURCES = contrib/tools/png-fix-itxt.c # Generally these are single line shell scripts to run a test with a particular # set of parameters: @@ -196,7 +196,7 @@ $(srcdir)/scripts/pnglibconf.h.prebuilt: # an installed one (this can happen immediately after on a clean system if # 'make test' is the first thing the user does.) pngstest.o pngvalid.o pngtest.o pngunknown.o timepng.o: pnglibconf.h -pngdeflate.o fixitxt.o: pnglibconf.h +pngdeflate.o png-fix-itxt.o: pnglibconf.h # We must use -DPNG_NO_USE_READ_MACROS here even when the library may actually # be built with PNG_USE_READ_MACROS; this prevents the read macros from diff --git a/contrib/tools/fixitxt.c b/contrib/tools/png-fix-itxt.c similarity index 89% rename from contrib/tools/fixitxt.c rename to contrib/tools/png-fix-itxt.c index c119d53eaeaae16b5026acd9a2fc249cf4e4c47c..7cbd996ce068ae4b725d1b96dbb67f10d057d4ae 100644 --- a/contrib/tools/fixitxt.c +++ b/contrib/tools/png-fix-itxt.c @@ -1,8 +1,8 @@ -#include -/* fixitxt version 1.0.0 +/* png-fix-itxt version 1.0.0 * * Copyright 2013 Glenn Randers-Pehrson + * Last changed in libpng 1.6.3 [(PENDING RELEASE)] * * This code is released under the libpng license. * For conditions of distribution and use, see the disclaimer @@ -10,7 +10,7 @@ * * Usage: * - * fixitxt.exe < bad.png > good.png + * png-fix-itxt.exe < bad.png > good.png * * Fixes a PNG file written with libpng-1.6.0 or 1.6.1 that has one or more * uncompressed iTXt chunks. Assumes that the actual length is greater @@ -22,8 +22,14 @@ * * Requires zlib (for crc32 and Z_NULL); build with * - * gcc -O -o fixitxt fixitxt.c -lz + * gcc -O -o png-fix-itxt png-fix-itxt.c -lz + * + * If you need to handle iTXt chunks larger than 500000 kbytes you must + * rebuild png-fix-itxt with a larger values of MAX_LENGTH (or a smaller value + * if you know you will never encounter such huge iTXt chunks). */ + +#include #include #define MAX_LENGTH 500000 diff --git a/contrib/tools/pngdeflate.c b/contrib/tools/pngdeflate.c index c30a7ee9f76c3e188be2b25c9408397af8456189..0a5c5a5a3a0a7998c11060d012d1a34e0af8f6ef 100644 --- a/contrib/tools/pngdeflate.c +++ b/contrib/tools/pngdeflate.c @@ -691,8 +691,8 @@ fix_one(FILE *fp, FILE *fpIn, IDAT_info *info, png_uint_32 max_IDAT, int strip) } } /* while len > 0 && state < 4 */ - /* The above loop only exits on 0 bytes left or end of stream, if - * the stream ended with bytes left discard them: + /* The above loop only exits on 0 bytes left or end of stream. If + * the stream ended with bytes left, discard them: */ if (len > 0) { @@ -723,7 +723,7 @@ fix_one(FILE *fp, FILE *fpIn, IDAT_info *info, png_uint_32 max_IDAT, int strip) case 1: /* Keep gAMA, sRGB */ if (tag == png_gAMA || tag == png_sRGB) break; - /* Fall trhough */ + /* Fall through */ default: /* Keep only IHDR, PLTE, tRNS */ if (tag == png_IHDR || tag == png_PLTE || tag == png_tRNS) diff --git a/libpng-manual.txt b/libpng-manual.txt index 7c1bd4c4e13e6f63a2e6ca021b6520cc5d32975b..1e7ca924d35e2c4bb701ecb6acb38c1f50d1a327 100644 --- a/libpng-manual.txt +++ b/libpng-manual.txt @@ -1,6 +1,6 @@ libpng-manual.txt - A description on how to use and modify libpng - libpng version 1.6.3beta05 - May 6, 2013 + libpng version 1.6.3beta05 - May 9, 2013 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2013 Glenn Randers-Pehrson @@ -11,7 +11,7 @@ libpng-manual.txt - A description on how to use and modify libpng Based on: - libpng versions 0.97, January 1998, through 1.6.3beta05 - May 6, 2013 + libpng versions 0.97, January 1998, through 1.6.3beta05 - May 9, 2013 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2013 Glenn Randers-Pehrson @@ -5035,6 +5035,20 @@ The machine-generated configure files are no longer included in branches libpng16 and later of the GIT repository. They continue to be included in the tarball releases, however. +Libpng-1.6.0 and later use the CMF bytes at the beginning of the IDAT stream +to set the size of the sliding window for reading instead of using the default +32-kbyte sliding window size. It was discovered that there are hundreds of PNG +files in the wild that have incorrect CMF bytes that cause libpng to now issue +a "too far back" error and reject the file. Libpng-1.6.3 provides a way to +revert to the libpng-1.5.x behavior (ignoring the CMF bytes and using a 32-kbyte +sliding window), and provides a tool (called "contrib/tools/pnginflate"), +for optimizing the CMF bytes correctly. + +Libpng-1.6.0 and libpng-1.6.1 wrote uncompressed iTXt chunks with the wrong +length, which resulted in PNG files that cannot be read beyond the bad iTXt +chunk. This error was fixed in libpng-1.6.3, and a tool (called +contrib/tools/png-fix-itxt) has been added to the libpng distribution. + XIII. Detecting libpng The png_get_io_ptr() function has been present since libpng-0.88, has never @@ -5197,7 +5211,7 @@ Other rules can be inferred by inspecting the libpng source. XVI. Y2K Compliance in libpng -May 6, 2013 +May 9, 2013 Since the PNG Development group is an ad-hoc body, we can't make an official declaration. diff --git a/libpng.3 b/libpng.3 index 5a1a9a41149fed2d5f6f17feb95d265d06f279f1..41c4835511d456255ee24793b6e626eb626da059 100644 --- a/libpng.3 +++ b/libpng.3 @@ -1,4 +1,4 @@ -.TH LIBPNG 3 "May 6, 2013" +.TH LIBPNG 3 "May 9, 2013" .SH NAME libpng \- Portable Network Graphics (PNG) Reference Library 1.6.3beta05 .SH SYNOPSIS @@ -504,7 +504,7 @@ Following is a copy of the libpng-manual.txt file that accompanies libpng. .SH LIBPNG.TXT libpng-manual.txt - A description on how to use and modify libpng - libpng version 1.6.3beta05 - May 6, 2013 + libpng version 1.6.3beta05 - May 9, 2013 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2013 Glenn Randers-Pehrson @@ -515,7 +515,7 @@ libpng-manual.txt - A description on how to use and modify libpng Based on: - libpng versions 0.97, January 1998, through 1.6.3beta05 - May 6, 2013 + libpng versions 0.97, January 1998, through 1.6.3beta05 - May 9, 2013 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2013 Glenn Randers-Pehrson @@ -5540,6 +5540,20 @@ The machine-generated configure files are no longer included in branches libpng16 and later of the GIT repository. They continue to be included in the tarball releases, however. +Libpng-1.6.0 and later use the CMF bytes at the beginning of the IDAT stream +to set the size of the sliding window for reading instead of using the default +32-kbyte sliding window size. It was discovered that there are hundreds of PNG +files in the wild that have incorrect CMF bytes that cause libpng to now issue +a "too far back" error and reject the file. Libpng-1.6.3 provides a way to +revert to the libpng-1.5.x behavior (ignoring the CMF bytes and using a 32-kbyte +sliding window), and provides a tool (called "contrib/tools/pnginflate"), +for optimizing the CMF bytes correctly. + +Libpng-1.6.0 and libpng-1.6.1 wrote uncompressed iTXt chunks with the wrong +length, which resulted in PNG files that cannot be read beyond the bad iTXt +chunk. This error was fixed in libpng-1.6.3, and a tool (called +contrib/tools/png-fix-itxt) has been added to the libpng distribution. + .SH XIII. Detecting libpng The png_get_io_ptr() function has been present since libpng-0.88, has never @@ -5702,7 +5716,7 @@ Other rules can be inferred by inspecting the libpng source. .SH XVI. Y2K Compliance in libpng -May 6, 2013 +May 9, 2013 Since the PNG Development group is an ad-hoc body, we can't make an official declaration. @@ -5979,7 +5993,7 @@ possible without all of you. Thanks to Frank J. T. Wojcik for helping with the documentation. -Libpng version 1.6.3beta05 - May 6, 2013: +Libpng version 1.6.3beta05 - May 9, 2013: Initially created in 1995 by Guy Eric Schalnat, then of Group 42, Inc. Currently maintained by Glenn Randers-Pehrson (glennrp at users.sourceforge.net). @@ -6002,7 +6016,7 @@ this sentence. This code is released under the libpng license. -libpng versions 1.2.6, August 15, 2004, through 1.6.3beta05, May 6, 2013, are +libpng versions 1.2.6, August 15, 2004, through 1.6.3beta05, May 9, 2013, are Copyright (c) 2004,2006-2007 Glenn Randers-Pehrson, and are distributed according to the same disclaimer and license as libpng-1.2.5 with the following individual added to the list of Contributing Authors @@ -6101,7 +6115,7 @@ certification mark of the Open Source Initiative. Glenn Randers-Pehrson glennrp at users.sourceforge.net -May 6, 2013 +May 9, 2013 .\" end of man page