deepin-community · deepin-ci-robot · Nov 20, 2023 · Nov 16, 2023
diff --git a/.appveyor.yml b/.appveyor.yml
@@ -0,0 +1,78 @@
+version: 1.6.x-{build}
+
+branches:
+  except:
+    - /libpng[0-1][0-7]/
+
+image:
+  - Visual Studio 2022
+
+shallow_clone: true
+
+environment:
+  matrix:
+    - TOOLCHAIN: vstudio
+      AUTOMATION: cmake
+      ARCH: x86
+    - TOOLCHAIN: vstudio
+      AUTOMATION: cmake
+      ARCH: x64
+    - TOOLCHAIN: vstudio
+      AUTOMATION: cmake
+      ARCH: arm64
+      CI_NO_TEST: 1
+    - TOOLCHAIN: llvm
+      AUTOMATION: cmake
+      ARCH: x64
+    - TOOLCHAIN: msys2
+      AUTOMATION: cmake
+      ARCH: i686
+    - TOOLCHAIN: msys2
+      AUTOMATION: cmake
+      ARCH: x86_64
+    - TOOLCHAIN: msys2
+      AUTOMATION: configure
+      ARCH: i686
+    - TOOLCHAIN: msys2
+      AUTOMATION: configure
+      ARCH: x86_64
+    - TOOLCHAIN: msys2
+      AUTOMATION: makefiles
+      ARCH: i686
+    - TOOLCHAIN: msys2
+      AUTOMATION: makefiles
+      ARCH: x86_64
+
+install:
+  - 'if "%TOOLCHAIN%"=="vstudio" C:\tools\vcpkg\vcpkg.exe install zlib:%ARCH%-windows'
+  - 'if "%TOOLCHAIN%"=="vstudio" C:\tools\vcpkg\vcpkg.exe integrate install'
+  - 'if "%TOOLCHAIN%"=="llvm" C:\tools\vcpkg\vcpkg.exe install zlib:%ARCH%-windows'
+  - 'if "%TOOLCHAIN%"=="llvm" C:\tools\vcpkg\vcpkg.exe integrate install'
+
+before_build:
+  - 'if "%TOOLCHAIN%"=="vstudio" set CI_CMAKE_GENERATOR=Visual Studio 17 2022'
+  - 'if "%TOOLCHAIN%"=="vstudio" set CI_CMAKE_TOOLCHAIN_FILE=C:\tools\vcpkg\scripts\buildsystems\vcpkg.cmake'
+  - 'if "%TOOLCHAIN%"=="vstudio" if "%ARCH%"=="x86" set CI_CMAKE_GENERATOR_PLATFORM=Win32'
+  - 'if "%TOOLCHAIN%"=="vstudio" if "%ARCH%"=="x64" set CI_CMAKE_GENERATOR_PLATFORM=x64'
+  - 'if "%TOOLCHAIN%"=="vstudio" if "%ARCH%"=="arm64" set CI_CMAKE_GENERATOR_PLATFORM=ARM64'
+  - 'if "%TOOLCHAIN%"=="llvm" set CI_CMAKE_GENERATOR=Ninja'
+  - 'if "%TOOLCHAIN%"=="llvm" set CI_CMAKE_TOOLCHAIN_FILE=C:\tools\vcpkg\scripts\buildsystems\vcpkg.cmake'
+  - 'if "%TOOLCHAIN%"=="llvm" set CI_CC=clang.exe'
+  - 'if "%TOOLCHAIN%"=="msys2" if "%AUTOMATION%"=="cmake" set CI_CMAKE_GENERATOR=Unix Makefiles'
+  - 'if "%TOOLCHAIN%"=="msys2" if "%ARCH%"=="i686" set PATH=C:\msys64\mingw32\bin;%PATH%'
+  - 'if "%TOOLCHAIN%"=="msys2" if "%ARCH%"=="x86_64" set PATH=C:\msys64\mingw64\bin;%PATH%'
+  - 'if "%TOOLCHAIN%"=="msys2" set CI_CC=%ARCH%-w64-mingw32-gcc.exe'
+  - 'set CI_CMAKE_BUILD_FLAGS=--parallel 2'
+  - 'set CI_CTEST_FLAGS=--parallel 2'
+  - 'set CI_MAKE_FLAGS=-j2'
+  - 'set CI_MAKEFILES=scripts/makefile.gcc scripts/makefile.msys scripts/makefile.std'
+
+build_script:
+  - 'if "%TOOLCHAIN%"=="vstudio" C:\msys64\usr\bin\bash.exe -l "%APPVEYOR_BUILD_FOLDER%\ci\ci_verify_cmake.sh"'
+  - 'if "%TOOLCHAIN%"=="llvm" C:\msys64\usr\bin\bash.exe -l "%APPVEYOR_BUILD_FOLDER%\ci\ci_verify_cmake.sh"'
+  - 'if "%TOOLCHAIN%"=="msys2" if "%AUTOMATION%"=="cmake" C:\msys64\usr\bin\bash.exe -l "%APPVEYOR_BUILD_FOLDER%\ci\ci_verify_cmake.sh"'
+  - 'if "%TOOLCHAIN%"=="msys2" if "%AUTOMATION%"=="configure" C:\msys64\usr\bin\bash.exe -l "%APPVEYOR_BUILD_FOLDER%\ci\ci_verify_configure.sh"'
+  - 'if "%TOOLCHAIN%"=="msys2" if "%AUTOMATION%"=="makefiles" C:\msys64\usr\bin\bash.exe -l "%APPVEYOR_BUILD_FOLDER%\ci\ci_verify_makefiles.sh"'
+
+cache:
+  - C:\tools\vcpkg\installed
diff --git a/.travis.yml b/.travis.yml
@@ -0,0 +1,35 @@
+branches:
+  except:
+    - /libpng[0-1][0-7]/
+
+language: c
+
+os:
+  - freebsd
+  - linux
+  - osx
+
+env:
+  - AUTOMATION=cmake CI_NO_TEST=1
+  - AUTOMATION=cmake CI_CMAKE_VARS="-DPNG_HARDWARE_OPTIMIZATIONS=ON" CI_SANITIZERS="address,undefined"
+  - AUTOMATION=cmake CI_CMAKE_VARS="-DPNG_HARDWARE_OPTIMIZATIONS=OFF" CI_SANITIZERS="address,undefined"
+  - AUTOMATION=configure CI_NO_TEST=1
+  - AUTOMATION=configure CI_CONFIGURE_FLAGS="--enable-hardware-optimizations"
+  - AUTOMATION=configure CI_CONFIGURE_FLAGS="--disable-hardware-optimizations"
+  - AUTOMATION=makefiles CI_NO_TEST=1
+  - AUTOMATION=makefiles CI_SANITIZERS="address,undefined"
+
+matrix:
+  include:
+    - os: osx
+      env: AUTOMATION=cmake CI_CMAKE_GENERATOR=Xcode
+
+before_script:
+  - 'if test "$TRAVIS_OS_NAME" = "linux"; then COMPILER="gcc"; else COMPILER="clang"; fi'
+  - 'export CI_MAKEFILES="scripts/makefile.std scripts/makefile.$COMPILER"'
+  - 'export CI_MAKE_FLAGS="-j2"'
+  - 'export CI_CMAKE_BUILD_FLAGS="--parallel 2"'
+  - 'export CI_CTEST_FLAGS="--parallel 2"'
+
+script:
+  - './ci/ci_verify_$AUTOMATION.sh'
diff --git a/ANNOUNCE b/ANNOUNCE
@@ -1,5 +1,5 @@
-libpng 1.6.37 - April 14, 2019
-==============================
+libpng 1.6.40 - June 21, 2023
+=============================
 
 This is a public release of libpng, intended for use in production code.
 
@@ -9,13 +9,13 @@ Files available for download
 
 Source files with LF line endings (for Unix/Linux):
 
- * libpng-1.6.37.tar.xz (LZMA-compressed, recommended)
- * libpng-1.6.37.tar.gz
+ * libpng-1.6.40.tar.xz (LZMA-compressed, recommended)
+ * libpng-1.6.40.tar.gz
 
 Source files with CRLF line endings (for Windows):
 
- * lp1637.7z (LZMA-compressed, recommended)
- * lp1637.zip
+ * lpng1640.7z (LZMA-compressed, recommended)
+ * lpng1640.zip
 
 Other information:
 
@@ -25,20 +25,15 @@ Other information:
  * TRADEMARK.md
 
 
-Changes since the previous public release (version 1.6.36)
-----------------------------------------------------------
-
- * Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.
- * Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette.
- * Fixed a memory leak in pngtest.c.
- * Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in
-   contrib/pngminus; refactor.
- * Changed the license of contrib/pngminus to MIT; refresh makefile and docs.
-   (Contributed by Willem van Schaik)
- * Fixed a typo in the libpng license v2.
-   (Contributed by Miguel Ojeda)
- * Added makefiles for AddressSanitizer-enabled builds.
- * Cleaned up various makefiles.
+Changes from version 1.6.39 to version 1.6.40
+---------------------------------------------
+
+ * Fixed the eXIf chunk multiplicity checks.
+ * Fixed a memory leak in pCAL processing.
+ * Corrected the validity report about tRNS inside png_get_valid().
+ * Fixed various build issues on *BSD, Mac and Windows.
+ * Updated the configurations and the scripts for continuous integration.
+ * Cleaned up the code, the build scripts, and the documentation.
 
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net.

diff --git a/AUTHORS b/AUTHORS
@@ -20,7 +20,10 @@ Authors, for copyright and licensing purposes.
  * Mans Rullgard
  * Matt Sarett
  * Mike Klein
+ * Pascal Massimino
  * Paul Schmidt
+ * Philippe Antoine
+ * Qiang Zhou
  * Sam Bushell
  * Samuel Williams
  * Simon-Pierre Cadieux
@@ -33,12 +36,16 @@ Authors, for copyright and licensing purposes.
  * Arm Holdings
    - Richard Townsend
  * Google Inc.
+   - Dan Field
+   - Leon Scroggins III
    - Matt Sarett
    - Mike Klein
+   - Sami Boukortt
+   - Wan-Teh Chang
 
 The build projects, the build scripts, the test scripts, and other
-files in the "projects", "scripts" and "tests" directories, have other
-copyright owners, but are released under the libpng license.
+files in the "ci", "projects", "scripts" and "tests" directories, have
+other copyright owners, but are released under the libpng license.
 
 Some files in the "contrib" directory, and some tools-generated files
 that are distributed with libpng, have other copyright owners, and are

diff --git a/CHANGES b/CHANGES
@@ -204,7 +204,7 @@ Version 0.97 [January, 1998]
   Added simple sRGB support (Glenn R-P)
   Easier conditional compiling, e.g.,
     define PNG_READ/WRITE_NOT_FULLY_SUPPORTED;
-    all configurable options can be selected from command-line instead
+    all configurable options can be selected from command line instead
     of having to edit pngconf.h (Glenn R-P)
   Fixed memory leak in pngwrite.c (free info_ptr->text) (Glenn R-P)
   Added more conditions for png_do_background, to avoid changing
@@ -942,7 +942,7 @@ Version 1.0.8 [July 24, 2000]
 Version 1.0.9beta1 [November 10, 2000]
   Fixed typo in scripts/makefile.hpux
   Updated makevms.com in scripts and contrib/* and contrib/* (Martin Zinser)
-  Fixed seqence-point bug in contrib/pngminus/png2pnm (Martin Zinser)
+  Fixed sequence-point bug in contrib/pngminus/png2pnm (Martin Zinser)
   Changed "cdrom.com" in documentation to "libpng.org"
   Revised pnggccrd.c to get it all working, and updated makefile.gcmmx (Greg).
   Changed type of "params" from voidp to png_voidp in png_read|write_png().
@@ -2295,7 +2295,7 @@ Version 1.4.0beta58 [May 14, 2009]
   Clarified usage of sig_bit versus sig_bit_p in example.c (Vincent Torri)
 
 Version 1.4.0beta59 [May 15, 2009]
-  Reformated sources in libpng style (3-space intentation, comment format)
+  Reformatted sources in libpng style (3-space indentation, comment format)
   Fixed typo in libpng docs (PNG_FILTER_AVE should be PNG_FILTER_AVG)
   Added sections about the git repository and our coding style to the
     documentation
@@ -2661,7 +2661,7 @@ Version 1.4.1beta06 [January 28, 2010]
 
 Version 1.4.1beta07 [February 6, 2010]
   Folded some long lines in the source files.
-  Added defineable PNG_USER_CHUNK_CACHE_MAX, PNG_USER_CHUNK_MALLOC_MAX,
+  Added definable PNG_USER_CHUNK_CACHE_MAX, PNG_USER_CHUNK_MALLOC_MAX,
     and a PNG_USER_LIMITS_SUPPORTED flag.
   Eliminated use of png_ptr->irowbytes and reused the slot in png_ptr as
     png_ptr->png_user_chunk_malloc_max.
@@ -3886,7 +3886,7 @@ Version 1.6.0beta06 [January 24, 2012]
 Version 1.6.0beta07 [January 28, 2012]
   Eliminated Intel icc/icl compiler warnings. The Intel (GCC derived)
     compiler issues slightly different warnings from those issued by the
-    current vesions of GCC. This eliminates those warnings by
+    current versions of GCC. This eliminates those warnings by
     adding/removing casts and small code rewrites.
   Updated configure.ac from autoupdate: added --enable-werror option.
     Also some layout regularization and removal of introduced tab characters
@@ -3919,7 +3919,7 @@ Version 1.6.0beta08 [February 1, 2012]
     version checking to configure.ac
   Improved pngstest speed by not doing redundant tests and add const to
     the background parameter of png_image_finish_read. The --background
-    option is now done automagically only when required, so that commandline
+    option is now done automagically only when required, so that command-line
     option no longer exists.
   Cleaned up pngpriv.h to consistently declare all functions and data.
     Also eliminated PNG_CONST_DATA, which is apparently not needed but we
@@ -4052,7 +4052,7 @@ Version 1.6.0beta16 [March 6, 2012]
     (in fact this is harmless, but the PNG data produced may be sub-optimal).
 
 Version 1.6.0beta17 [March 10, 2012]
-  Fixed PNG_LIBPNG_BUILD_BASE_TYPE definition. 
+  Fixed PNG_LIBPNG_BUILD_BASE_TYPE definition.
   Reject all iCCP chunks after the first, even if the first one is invalid.
   Deflate/inflate was reworked to move common zlib calls into single
     functions [rw]util.c.  A new shared keyword check routine was also added
@@ -4962,7 +4962,7 @@ Version 1.6.13beta01 [July 4, 2014]
   Changed "if defined(__ARM_NEON__)" to
     "if (defined(__ARM_NEON__) || defined(__ARM_NEON))" (James Wu).
   Fixed clang no-warning builds: png_digit was defined but never used.
-    
+
 Version 1.6.13beta02 [July 21, 2014]
   Fixed an incorrect separator ("/" should be "\") in scripts/makefile.vcwin32
     (bug report from Wolfgang S. Kechel).  Bug was introduced in libpng-1.6.11.
@@ -5453,7 +5453,7 @@ Version 1.6.21beta01 [December 11, 2015]
 Version 1.6.21beta02 [December 14, 2015]
   Moved png_check_keyword() from pngwutil.c to pngset.c
   Removed LE/BE dependencies in pngvalid, to 'fix' the current problem
-    in the BigEndian tests by not testing it, making the BE code the same 
+    in the BigEndian tests by not testing it, making the BE code the same
     as the LE version.
   Fixes to pngvalid for various reduced build configurations (eliminate unused
     statics) and a fix for the case in rgb_to_gray when the digitize option
@@ -5517,7 +5517,7 @@ Version 1.6.22beta03 [March 9, 2016]
   Added a common-law trademark notice and export control information
     to the LICENSE file, png.h, and the man page.
   Restored "& 0xff" in png_save_uint_16() and png_save_uint_32() that
-    were accidentally removed from libpng-1.6.17. 
+    were accidentally removed from libpng-1.6.17.
   Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0xnnnn to 0xnnnnU in png.h
     (Robert C. Seacord).
   Removed dubious "#if INT_MAX" test from png.h that was added to
@@ -5927,7 +5927,7 @@ Version 1.6.32beta03 [August 2, 2017]
     (Bug report from the OSS-fuzz project).
 
 Version 1.6.32beta04 [August 2, 2017]
-  Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
+  Replaced local eXIf_buf with info_ptr->eXIf_buf in png_handle_eXIf().
   Update libpng.3 and libpng-manual.txt about eXIf functions.
 
 Version 1.6.32beta05 [August 2, 2017]
@@ -5950,7 +5950,7 @@ Version 1.6.32beta09 [August 3, 2017]
   Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation,
     no longer using deprecated cmake LOCATION feature (Clifford Yapp).
   Fixed five-byte error in the calculation of IDAT maximum possible size.
-  
+
 Version 1.6.32beta10 [August 5, 2017]
   Moved chunk-length check into a png_check_chunk_length() private
     function (Suggested by Max Stepin).
@@ -6103,6 +6103,32 @@ Version 1.6.37 [April 14, 2019]
   Added makefiles for AddressSanitizer-enabled builds.
   Cleaned up various makefiles.
 
+Version 1.6.38 [September 14, 2022]
+  Added configurations and scripts for continuous integration.
+  Fixed various errors in the handling of tRNS, hIST and eXIf.
+  Implemented many stability improvements across all platforms.
+  Updated the internal documentation.
+
+Version 1.6.39 [November 20, 2022]
+  Changed the error handler of oversized chunks (i.e. larger than
+    PNG_USER_CHUNK_MALLOC_MAX) from png_chunk_error to png_benign_error.
+  Fixed a buffer overflow error in contrib/tools/pngfix.
+  Fixed a memory leak (CVE-2019-6129) in contrib/tools/pngcp.
+  Disabled the ARM Neon optimizations by default in the CMake file,
+    following the default behavior of the configure script.
+  Allowed configure.ac to work with the trunk version of autoconf.
+  Removed the support for "install" targets from the legacy makefiles;
+    removed the obsolete makefile.cegcc.
+  Cleaned up the code and updated the internal documentation.
+
+Version 1.6.40 [June 21, 2023]
+  Fixed the eXIf chunk multiplicity checks.
+  Fixed a memory leak in pCAL processing.
+  Corrected the validity report about tRNS inside png_get_valid().
+  Fixed various build issues on *BSD, Mac and Windows.
+  Updated the configurations and the scripts for continuous integration.
+  Cleaned up the code, the build scripts, and the documentation.
+
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net.
 Subscription is required; visit
 https://lists.sourceforge.net/lists/listinfo/png-mng-implement