libpng version 1.6.36 and libpng license version 2

Cosmin Truta — Sun, 02 Dec 2018 08:25:55 -0000

IMPORTANT licensing update: libpng license v2

The new libpng license comprises the terms and conditions from the zlib
license, and the disclaimer from the Boost license.

The legacy libpng license, used until libpng-1.6.35, is appended to the
new license, following the precedent established in the Python Software
Foundation License version 2.

From now on, the list of contributing authors shall be maintained in a
separate AUTHORS file. The lists of previous contributing authors,
mentioned in the legacy libpng license and considered to be an integral
part of that license, are kept intact, with no further updates.

Changes since the previous public release (version 1.6.35)

Optimized png_do_expand_palette for ARM processors.
Improved performance by around 10-22% on a recent ARM Chromebook.
(Contributed by Richard Townsend, ARM Holdings)
Fixed manipulation of machine-specific optimization options.
(Contributed by Vicki Pfau)
Used memcpy instead of manual pointer arithmetic on Intel SSE2.
(Contributed by Samuel Williams)
Fixed build errors with MSVC on ARM64.
(Contributed by Zhijie Liang)
Fixed detection of libm in CMakeLists.
(Contributed by Cameron Cawley)
Fixed incorrect creation of pkg-config file in CMakeLists.
(Contributed by Kyle Bentley)
Fixed the CMake build on Windows MSYS by avoiding symlinks.
Fixed a build warning on OpenBSD.
(Contributed by Theo Buehler)
Fixed various typos in comments.
(Contributed by "luz.paz")
Raised the minimum required CMake version from 3.0.2 to 3.1.
Removed yet more of the vestigial support for pre-ANSI C compilers.
Removed ancient makefiles for ancient systems that have been broken
across all previous libpng-1.6.x versions.
Removed the Y2K compliance statement and the export control
information.
Applied various code style and documentation fixes.

libpng-1.6.35 released

Cosmin Truta — Mon, 16 Jul 2018 11:29:09 -0000

Here is the list of changes since the last public release (1.6.34):

Restored 21 of the contrib/pngsuite/i*.png, which do not cause test failures. Placed the remainder in contrib/pngsuite/interlaced/i*.png.
Added calls to png_set_*() transforms commonly used by browsers to the fuzzer.
Removed some unnecessary brackets in pngrtran.c
Fixed miscellaneous typos (Patch by github user "luzpaz").
Change "ASM C" to "C ASM" in CMakeLists.txt
Fixed incorrect handling of bKGD chunk in sub-8-bit files
Added hardware optimization directories to zip and 7z distributions.
Fixed incorrect bitmask for options.
Fixed many spelling typos.
Make png_get_iCCP consistent with man page (allow compression-type argument to be NULL, bug report by Lenard Szolnoki).
Replaced the remaining uses of png_size_t with size_t
Fixed the calculation of row_factor in png_check_chunk_length (reported by Thuan Pham in SourceForge issue #278)
Added missing parentheses to a macro definition (suggested by "irwir" in GitHub issue #216)

libpng-1.6.29 released

Glenn Randers-Pehrson — Fri, 17 Mar 2017 00:54:41 -0000

libpng-1.6.29 adds optimized code for PowerPC, and moves the optimized code for Intel into the main libpng directory.

libpng-1.6.28 released

Glenn Randers-Pehrson — Thu, 05 Jan 2017 17:22:10 -0000

libpng-1.6.28 has been released to fix a bug exposed when attempting to build with zlib-1.2.9 or 1.2.10

libpng-1.6.27, 1.5.28, 1.4.20, 1.2.57, and 1.0.67 released

Glenn Randers-Pehrson — Thu, 05 Jan 2017 17:21:15 -0000

New versions released to fix CVE-2016-10087

libpng-1.5.26, 1.4.19, 1.2.56, and 1.0.66 released

Glenn Randers-Pehrson — Thu, 17 Dec 2015 15:09:42 -0000

Libpng-1.5.26, 1.4.19, 1.2.56, and 1.0.66 fix an out-of-range read in png_check_keyword(), CVE-2015-8540.

libpng-1.6.20, 1.5.25, 1.4.18, 1.2.55, and 1.0.65 released

Glenn Randers-Pehrson — Sat, 05 Dec 2015 18:19:37 -0000

The bugfix of CVE-2015-8126 in the previous versions was incomplete; it defended against malevolent PNG files that are read via png_handle_PLTE but did not detect applications that use png_set_PLTE to set an over-length palette. This set of releases completes the bugfix, fixing CVE-2015-8472.

libpng-1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64 released

Glenn Randers-Pehrson — Thu, 12 Nov 2015 16:34:41 -0000

libpng-1.6.19, libpng-1.5.24, libpng-1.2.54, libpng-1.4.17, and libpng-1.0.64 have been released to fix a potential out-of-bounds read in png_set_tIME/png_convert_to_rfc1123 and a potential out-of-bounds write in png_get_PLTE/png_set_PLTE.

libpng-1.6.18 and 1.5.23 released

Glenn Randers-Pehrson — Wed, 29 Jul 2015 00:49:51 -0000

libpng-1.6.18 and 1.5.23 were released last week. Due to the outage, they aren't available yet in the SourceForge File Release System. They are, however, available from the glennrp/libpng-releases repository at github.

libpng-1.6.17 and 1.5.22 released

Glenn Randers-Pehrson — Thu, 26 Mar 2015 15:05:16 -0000

libpng-1.6.17 and 1.5.22 have been released. They "harden" the library against attacks using very wide images by imposing a default limit of 1 million columns. Users who truly need to process wider images can override this limit.

Recent posts to news