Library for the Portable Network Graphics Format (PNG)
libpng is the official reference library for the Portable Network
Graphics format (PNG).
- Developed at graphics
- Sources inherited from project openSUSE:Factory
-
3
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Leap:15.1:Staging:FactoryCandidates/libpng16 && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
baselibs.conf | 0000000390 390 Bytes | |
libpng-1.6.20.tar.xz | 0000942672 921 KB | |
libpng-1.6.20.tar.xz.asc | 0000000819 819 Bytes | |
libpng16.changes | 0000042807 41.8 KB | |
libpng16.keyring | 0000005672 5.54 KB | |
libpng16.spec | 0000005027 4.91 KB | |
rpm-macros.libpng-tools | 0000001208 1.18 KB |
Revision 26 (latest revision is 54)
Dominique Leuenberger (dimstar_suse)
accepted
request 347335
from
Petr Gajdos (pgajdos)
(revision 26)
- update to 1.6.20: Avoid potential pointer overflow/underflow in png_handle_sPLT() and png_handle_pCAL() (Bug report by John Regehr). Fixed incorrect implementation of png_set_PLTE() that uses png_ptr not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126 vulnerability. Backported tests from libpng-1.7.0beta69. Fixed an error in handling of bad zlib CMINFO field in pngfix, found by American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't immediately fault a bad CMINFO field; instead a 'too far back' error happens later (at least some times). pngfix failed to limit CMINFO to the allowed values but then assumed that window_bits was in range, triggering an assert. The bug is mostly harmless; the PNG file cannot be fixed. In libpng 1.6 zlib initialization was changed to use the window size in the zlib stream, not a fixed value. This causes some invalid images, where CINFO is too large, to display 'correctly' if the rest of the data is valid. This provides a workaround for zlib versions where the error arises (ones that support the API change to use the window size in the stream).
Comments 0