diff --git a/ANNOUNCE b/ANNOUNCE index 5a6a063e..314322ca 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,53 +1,50 @@ -Libpng 1.2.50 - July 10, 2012 +Libpng 1.2.51beta01 - December 10, 2012 -This is a public release of libpng, intended for use in production codes. +This is not intended to be a public release. It will be replaced +within a few weeks by a public version or by another test version. Files available for download: Source files with LF line endings (for Unix/Linux) and with a "configure" script - libpng-1.2.50.tar.xz (LZMA-compressed, recommended) - libpng-1.2.50.tar.gz - libpng-1.2.50.tar.bz2 + libpng-1.2.51beta01.tar.xz (LZMA-compressed, recommended) + libpng-1.2.51beta01.tar.gz + libpng-1.2.51beta01.tar.bz2 Source files with LF line endings (for Unix/Linux) without the "configure" script - libpng-1.2.50-no-config.tar.xz (LZMA-compressed, recommended) - libpng-1.2.50-no-config.tar.gz - libpng-1.2.50-no-config.tar.bz2 + libpng-1.2.51beta01-no-config.tar.xz (LZMA-compressed, recommended) + libpng-1.2.51beta01-no-config.tar.gz + libpng-1.2.51beta01-no-config.tar.bz2 Source files with CRLF line endings (for Windows), without the "configure" script - lpng1250.zip - lpng1250.7z - lpng1250.tar.bz2 + lp1251b01.zip + lp1251b01.7z + lp1251b01.tar.bz2 Project files - libpng-1.2.50-project-netware.zip - libpng-1.2.50-project-wince.zip + libpng-1.2.51beta01-project-netware.zip + libpng-1.2.51beta01-project-wince.zip Other information: - libpng-1.2.50-README.txt - libpng-1.2.50-KNOWNBUGS.txt - libpng-1.2.50-LICENSE.txt - libpng-1.2.50-Y2K-compliance.txt - libpng-1.2.50-[previous version]-diff.txt + libpng-1.2.51beta01-README.txt + libpng-1.2.51beta01-KNOWNBUGS.txt + libpng-1.2.51beta01-LICENSE.txt + libpng-1.2.51beta01-Y2K-compliance.txt + libpng-1.2.51beta01-[previous version]-diff.txt -Changes since the last public release (1.2.49): +Changes since the last public release (1.2.50): -version 1.2.50 [July 10, 2012] +version 1.2.51beta01 [December 10, 2012] + Ignore, with a warning, out-of-range value of num_trans in png_set_tRNS(). -version 1.0.60 and 1.2.50 [July 8, 2012] - Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386. - - -Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit https://lists.sourceforge.net/lists/listinfo/png-mng-implement to subscribe) or to glennrp at users.sourceforge.net diff --git a/CHANGES b/CHANGES index dc9e2ae3..6955ada6 100644 --- a/CHANGES +++ b/CHANGES @@ -2771,12 +2771,16 @@ version 1.0.58 and 1.2.48 [March 8, 2012] version 1.0.59 and 1.2.49 [March 29, 2012] Revised png_set_text_2() to avoid potential memory corruption (fixes - CVE-2011-3048). + CVE-2011-3048, also known as CVE-2012-3425). Prevent PNG_EXPAND+PNG_SHIFT doing the shift twice. version 1.0.60 and 1.2.50 [July 9, 2012] Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386. +version 1.2.51beta01 [December 10, 2012] + Rebuilt the configure scripts with autoconf-2.69 + Ignore, with a warning, out-of-range value of num_trans in png_set_tRNS(). + Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit https://lists.sourceforge.net/lists/listinfo/png-mng-implement diff --git a/pngset.c b/pngset.c index 72d89fcf..1d6b10bc 100644 --- a/pngset.c +++ b/pngset.c @@ -1,7 +1,7 @@ /* pngset.c - storage of image information into info struct * - * Last changed in libpng 1.2.49 [March 29, 2012] + * Last changed in libpng 1.2.51 [December 10, 2012] * Copyright (c) 1998-2012 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -850,6 +850,12 @@ png_set_tRNS(png_structp png_ptr, png_infop info_ptr, if (png_ptr == NULL || info_ptr == NULL) return; + if (num_trans < 0 || num_trans > PNG_MAX_PALETTE_LENGTH) + { + png_warning(png_ptr, "Ignoring invalid num_trans value"); + return; + } + if (trans != NULL) { /* It may not actually be necessary to set png_ptr->trans here;