
Libpng 1.6.8 - December 19, 2013

This is a public release of libpng, intended for use in production codes.

Files available for download:

Source files with LF line endings (for Unix/Linux) and with a
"configure" script

   libpng-1.6.8.tar.xz (LZMA-compressed, recommended)
   libpng-1.6.8.tar.gz

Source files with CRLF line endings (for Windows), without the
"configure" script

   lpng168.7z  (LZMA-compressed, recommended)
   lpng168.zip

Other information:

   libpng-1.6.8-README.txt
   libpng-1.6.8-LICENSE.txt
   Gnupg/*.asc (PGP armored detached signatures)

Changes since the last public release (1.6.7):
  Changed #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED in pngpread.c to
    #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED to be consistent with
    what is in pngpriv.h.
  Moved prototype for png_handle_unknown() in pngpriv.h outside of
    the #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED/#endif block.
  Added "-Wall" to CFLAGS in contrib/pngminim/*/makefile
  Conditionally compile some unused functions reported by -Wall in
    pngminim.
  Fixed 'minimal' builds. Various obviously useful minimal configurations
    don't build because of missing contrib/libtests test programs and
    overly complex dependencies in scripts/pnglibconf.dfa. This change
    adds contrib/conftest/*.dfa files that can be used in automatic build
    scripts to ensure that these configurations continue to build.
  Enabled WRITE_INVERT and WRITE_PACK in contrib/pngminim/encoder.
  Fixed pngvalid 'fail' function declaration on the Intel C Compiler.
    This reverts to the previous 'static' implementation and works round
    the 'unused static function' warning by using PNG_UNUSED().
  Removed or marked PNG_UNUSED some harmless "dead assignments" reported
    by clang scan-build.
  Changed tabs to 3 spaces in png_debug macros and changed '"%s"m'
    to '"%s" m' to improve portability among compilers.
  Changed png_free_default() to free() in pngtest.c
  Tidied up pngfix inits and fixed pngtest no-write builds.
  Handle zero-length PLTE chunk or NULL palette with png_error()
    instead of png_chunk_report(), which by default issues a warning
    rather than an error, leading to later reading from a NULL pointer
    (png_ptr->palette) in png_do_expand_palette(). This is CVE-2013-6954
    and VU#650142.

Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
to subscribe)
or to glennrp at users.sourceforge.net

Glenn R-P
