-Libpng 1.6.23 - June 9, 2016\r
+libpng 1.6.37 - April 14, 2019\r
+==============================\r
\r
-This is a public release of libpng, intended for use in production codes.\r
+This is a public release of libpng, intended for use in production code.\r
\r
-Files available for download:\r
\r
-Source files with LF line endings (for Unix/Linux) and with a\r
-"configure" script\r
+Files available for download\r
+----------------------------\r
\r
- libpng-1.6.23.tar.xz (LZMA-compressed, recommended)\r
- libpng-1.6.23.tar.gz\r
+Source files with LF line endings (for Unix/Linux):\r
\r
-Source files with CRLF line endings (for Windows), without the\r
-"configure" script\r
+ * libpng-1.6.37.tar.xz (LZMA-compressed, recommended)\r
+ * libpng-1.6.37.tar.gz\r
\r
- lpng1623.7z (LZMA-compressed, recommended)\r
- lpng1623.zip\r
+Source files with CRLF line endings (for Windows):\r
+\r
+ * lp1637.7z (LZMA-compressed, recommended)\r
+ * lp1637.zip\r
\r
Other information:\r
\r
- libpng-1.6.23-README.txt\r
- libpng-1.6.23-LICENSE.txt\r
- libpng-1.6.23-*.asc (armored detached GPG signatures)\r
-\r
-Changes since the last public release (1.6.22):\r
-\r
- Stop a potential memory leak in png_set_tRNS() (Bug report by Ted Ying).\r
- Fixed the progressive reader to handle empty first IDAT chunk properly\r
- (patch by Timothy Nikkel). This bug was introduced in libpng-1.6.0 and\r
- only affected the libpng16 branch.\r
- Added tests in pngvalid.c to check zero-length IDAT chunks in various\r
- positions. Fixed the sequential reader to handle these more robustly\r
- (John Bowler).\r
- Corrected progressive read input buffer in pngvalid.c. The previous version\r
- the code invariably passed just one byte at a time to libpng. The intent\r
- was to pass a random number of bytes in the range 0..511.\r
- Moved sse2 prototype from pngpriv.h to contrib/intel/intel_sse.patch.\r
- Added missing ")" in pngerror.c (Matt Sarrett).\r
- Fixed undefined behavior in png_push_save_buffer(). Do not call\r
- memcpy() with a null source, even if count is zero (Leon Scroggins III).\r
- Fixed bad link to RFC2083 in png.5 (Nikola Forro).\r
-\r
-(subscription required; visit\r
-https://lists.sourceforge.net/lists/listinfo/png-mng-implement\r
-to subscribe)\r
-or to glennrp at users.sourceforge.net\r
+ * README.md\r
+ * LICENSE.md\r
+ * AUTHORS.md\r
+ * TRADEMARK.md\r
+\r
+\r
+Changes since the previous public release (version 1.6.36)\r
+----------------------------------------------------------\r
\r
-Glenn R-P\r
+ * Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.\r
+ * Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette.\r
+ * Fixed a memory leak in pngtest.c.\r
+ * Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in\r
+ contrib/pngminus; refactor.\r
+ * Changed the license of contrib/pngminus to MIT; refresh makefile and docs.\r
+ (Contributed by Willem van Schaik)\r
+ * Fixed a typo in the libpng license v2.\r
+ (Contributed by Miguel Ojeda)\r
+ * Added makefiles for AddressSanitizer-enabled builds.\r
+ * Cleaned up various makefiles.\r
+\r
+\r
+Send comments/corrections/commendations to png-mng-implement at lists.sf.net.\r
+Subscription is required; visit\r
+https://lists.sourceforge.net/lists/listinfo/png-mng-implement\r
+to subscribe.\r