diff --git a/harbour/ChangeLog b/harbour/ChangeLog index cbfc355ab1..7d9f85c9c7 100644 --- a/harbour/ChangeLog +++ b/harbour/ChangeLog @@ -16,6 +16,12 @@ The license applies to all entries newer than 2009-04-28. */ +2012-02-20 10:47 UTC+0100 Viktor Szakats (harbour syenar.net) + * src/3rd/png/Makefile + * src/3rd/png/* + * 1.5.8 -> 1.5.9 (using hb3rdpat) + ; Fixed vulnerability: CVE-2011-3026 + 2012-02-19 11:17 UTC+0100 Viktor Szakats (harbour syenar.net) * config/global.mk * added detection of homebrew package manager on darwin (untested) diff --git a/harbour/src/3rd/png/LICENSE b/harbour/src/3rd/png/LICENSE index 40cab05185..dd43d3bf2c 100644 --- a/harbour/src/3rd/png/LICENSE +++ b/harbour/src/3rd/png/LICENSE @@ -10,7 +10,7 @@ this sentence. This code is released under the libpng license. -libpng versions 1.2.6, August 15, 2004, through 1.5.8, February 1, 2012, are +libpng versions 1.2.6, August 15, 2004, through 1.5.9, February 18, 2012, are Copyright (c) 2004, 2006-2011 Glenn Randers-Pehrson, and are distributed according to the same disclaimer and license as libpng-1.2.5 with the following individual added to the list of Contributing Authors @@ -108,4 +108,4 @@ certification mark of the Open Source Initiative. Glenn Randers-Pehrson glennrp at users.sourceforge.net -February 1, 2012 +February 18, 2012 diff --git a/harbour/src/3rd/png/Makefile b/harbour/src/3rd/png/Makefile index 7eea895034..01c05487df 100644 --- a/harbour/src/3rd/png/Makefile +++ b/harbour/src/3rd/png/Makefile @@ -69,8 +69,8 @@ else endif # ORIGIN http://www.libpng.org/pub/png/libpng.html -# VER 1.5.8 -# URL http://prdownloads.sourceforge.net/libpng/libpng-1.5.8.tar.gz?download +# VER 1.5.9 +# URL http://prdownloads.sourceforge.net/libpng/libpng-1.5.9.tar.gz?download # DIFF png.dif # # MAP LICENSE diff --git a/harbour/src/3rd/png/png.c b/harbour/src/3rd/png/png.c index 83e4955b13..ca1de48664 100644 --- a/harbour/src/3rd/png/png.c +++ b/harbour/src/3rd/png/png.c @@ -14,7 +14,7 @@ #include "pngpriv.h" /* Generate a compiler error if there is an old png.h in the search path. */ -typedef png_libpng_version_1_5_8 Your_png_h_is_not_version_1_5_8; +typedef png_libpng_version_1_5_9 Your_png_h_is_not_version_1_5_9; /* Tells libpng that we have already handled the first "num_bytes" bytes * of the PNG file signature. If the PNG data is embedded into another @@ -655,13 +655,13 @@ png_get_copyright(png_const_structp png_ptr) #else # ifdef __STDC__ return PNG_STRING_NEWLINE \ - "libpng version 1.5.8 - February 1, 2012" PNG_STRING_NEWLINE \ + "libpng version 1.5.9 - February 18, 2012" PNG_STRING_NEWLINE \ "Copyright (c) 1998-2011 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \ PNG_STRING_NEWLINE; # else - return "libpng version 1.5.8 - February 1, 2012\ + return "libpng version 1.5.9 - February 18, 2012\ Copyright (c) 1998-2011 Glenn Randers-Pehrson\ Copyright (c) 1996-1997 Andreas Dilger\ Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."; diff --git a/harbour/src/3rd/png/png.dif b/harbour/src/3rd/png/png.dif index 6728ce8c37..9e234e09ea 100644 --- a/harbour/src/3rd/png/png.dif +++ b/harbour/src/3rd/png/png.dif @@ -1,7 +1,7 @@ diff -urN png.orig\png.h png\png.h ---- png.orig\png.h Tue Feb 07 22:32:20 2012 -+++ png\png.h Tue Feb 07 22:32:20 2012 -@@ -425,7 +425,7 @@ +--- png.orig\png.h Mon Feb 20 10:45:12 2012 ++++ png\png.h Mon Feb 20 10:45:13 2012 +@@ -429,7 +429,7 @@ /* If pnglibconf.h is missing, you can * copy scripts/pnglibconf.h.prebuilt to pnglibconf.h */ @@ -11,8 +11,8 @@ diff -urN png.orig\png.h png\png.h #ifndef PNG_VERSION_INFO_ONLY diff -urN png.orig\pnglconf.h png\pnglconf.h ---- png.orig\pnglconf.h Tue Feb 07 22:32:20 2012 -+++ png\pnglconf.h Tue Feb 07 22:32:20 2012 +--- png.orig\pnglconf.h Mon Feb 20 10:45:12 2012 ++++ png\pnglconf.h Mon Feb 20 10:45:13 2012 @@ -21,7 +21,11 @@ #ifndef PNGLCONF_H #define PNGLCONF_H diff --git a/harbour/src/3rd/png/png.h b/harbour/src/3rd/png/png.h index 094b230d2b..0b0fa2518e 100644 --- a/harbour/src/3rd/png/png.h +++ b/harbour/src/3rd/png/png.h @@ -1,7 +1,7 @@ /* png.h - header file for PNG reference library * - * libpng version 1.5.8 - February 1, 2012 + * libpng version 1.5.9 - February 18, 2012 * Copyright (c) 1998-2012 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -11,7 +11,7 @@ * Authors and maintainers: * libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat * libpng versions 0.89c, June 1996, through 0.96, May 1997: Andreas Dilger - * libpng versions 0.97, January 1998, through 1.5.8 - February 1, 2012: Glenn + * libpng versions 0.97, January 1998, through 1.5.9 - February 18, 2012: Glenn * See also "Contributing Authors", below. * * Note about libpng version numbers: @@ -168,6 +168,10 @@ * 1.5.7 15 10507 15.so.15.7[.0] * 1.5.8beta01 15 10508 15.so.15.8[.0] * 1.5.8rc01 15 10508 15.so.15.8[.0] + * 1.5.8 15 10508 15.so.15.8[.0] + * 1.5.9beta01-02 15 10509 15.so.15.9[.0] + * 1.5.9rc01 15 10509 15.so.15.9[.0] + * 1.5.9 15 10509 15.so.15.9[.0] * * Henceforth the source version will match the shared-library major * and minor numbers; the shared-library major version number will be @@ -199,7 +203,7 @@ * * This code is released under the libpng license. * - * libpng versions 1.2.6, August 15, 2004, through 1.5.8, February 1, 2012, are + * libpng versions 1.2.6, August 15, 2004, through 1.5.9, February 18, 2012, are * Copyright (c) 2004, 2006-2012 Glenn Randers-Pehrson, and are * distributed according to the same disclaimer and license as libpng-1.2.5 * with the following individual added to the list of Contributing Authors: @@ -311,13 +315,13 @@ * Y2K compliance in libpng: * ========================= * - * February 1, 2012 + * February 18, 2012 * * Since the PNG Development group is an ad-hoc body, we can't make * an official declaration. * * This is your unofficial assurance that libpng from version 0.71 and - * upward through 1.5.8 are Y2K compliant. It is my belief that + * upward through 1.5.9 are Y2K compliant. It is my belief that * earlier versions were also Y2K compliant. * * Libpng only has two year fields. One is a 2-byte unsigned integer @@ -375,9 +379,9 @@ */ /* Version information for png.h - this should match the version in png.c */ -#define PNG_LIBPNG_VER_STRING "1.5.8" +#define PNG_LIBPNG_VER_STRING "1.5.9" #define PNG_HEADER_VERSION_STRING \ - " libpng version 1.5.8 - February 1, 2012\n" + " libpng version 1.5.9 - February 18, 2012\n" #define PNG_LIBPNG_VER_SONUM 15 #define PNG_LIBPNG_VER_DLLNUM 15 @@ -385,7 +389,7 @@ /* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */ #define PNG_LIBPNG_VER_MAJOR 1 #define PNG_LIBPNG_VER_MINOR 5 -#define PNG_LIBPNG_VER_RELEASE 8 +#define PNG_LIBPNG_VER_RELEASE 9 /* This should match the numeric part of the final component of * PNG_LIBPNG_VER_STRING, omitting any leading zero: @@ -416,7 +420,7 @@ * version 1.0.0 was mis-numbered 100 instead of 10000). From * version 1.0.1 it's xxyyzz, where x=major, y=minor, z=release */ -#define PNG_LIBPNG_VER 10508 /* 1.5.8 */ +#define PNG_LIBPNG_VER 10509 /* 1.5.9 */ /* Library configuration: these options cannot be changed after * the library has been built. @@ -538,7 +542,7 @@ extern "C" { /* This triggers a compiler error in png.c, if png.c and png.h * do not agree upon the version number. */ -typedef char* png_libpng_version_1_5_8; +typedef char* png_libpng_version_1_5_9; /* Three color definitions. The order of the red, green, and blue, (and the * exact size) is not important, although the size of the fields need to diff --git a/harbour/src/3rd/png/pngconf.h b/harbour/src/3rd/png/pngconf.h index 6c1db14ea8..1aa268beef 100644 --- a/harbour/src/3rd/png/pngconf.h +++ b/harbour/src/3rd/png/pngconf.h @@ -1,7 +1,7 @@ /* pngconf.h - machine configurable file for libpng * - * libpng version 1.5.8 - February 1, 2012 + * libpng version 1.5.9 - February 18, 2012 * * Copyright (c) 1998-2012 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) diff --git a/harbour/src/3rd/png/pngerror.c b/harbour/src/3rd/png/pngerror.c index 00ed0fe691..95002f84f7 100644 --- a/harbour/src/3rd/png/pngerror.c +++ b/harbour/src/3rd/png/pngerror.c @@ -1,7 +1,7 @@ /* pngerror.c - stub functions for i/o and memory allocation * - * Last changed in libpng 1.5.7 [February 1, 2012] + * Last changed in libpng 1.5.8 [February 1, 2011] * Copyright (c) 1998-2012 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) diff --git a/harbour/src/3rd/png/pnglconf.h b/harbour/src/3rd/png/pnglconf.h index eefd1af4c9..a9ee7ad1a6 100644 --- a/harbour/src/3rd/png/pnglconf.h +++ b/harbour/src/3rd/png/pnglconf.h @@ -3,7 +3,7 @@ /* pnglibconf.h - library build configuration */ -/* Libpng 1.5.8 - February 1, 2012 */ +/* Libpng 1.5.9 - February 18, 2012 */ /* Copyright (c) 1998-2011 Glenn Randers-Pehrson */ @@ -58,8 +58,6 @@ #define PNG_FIXED_POINT_SUPPORTED #define PNG_FLOATING_ARITHMETIC_SUPPORTED #define PNG_FLOATING_POINT_SUPPORTED -#define PNG_FORMAT_AFIRST_SUPPORTED -#define PNG_FORMAT_BGR_SUPPORTED #define PNG_gAMA_SUPPORTED #define PNG_HANDLE_AS_UNKNOWN_SUPPORTED #define PNG_hIST_SUPPORTED diff --git a/harbour/src/3rd/png/pngpread.c b/harbour/src/3rd/png/pngpread.c index 20d3f236e1..95a2082e40 100644 --- a/harbour/src/3rd/png/pngpread.c +++ b/harbour/src/3rd/png/pngpread.c @@ -1,7 +1,7 @@ /* pngpread.c - read a png file in push mode * - * Last changed in libpng 1.5.7 [December 15, 2011] + * Last changed in libpng 1.5.9 [February 18, 2012] * Copyright (c) 1998-2011 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -730,8 +730,7 @@ png_push_save_buffer(png_structp png_ptr) new_max = png_ptr->save_buffer_size + png_ptr->current_buffer_size + 256; old_buffer = png_ptr->save_buffer; - png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr, - (png_size_t)new_max); + png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr, new_max); if (png_ptr->save_buffer == NULL) { @@ -1201,6 +1200,7 @@ png_push_process_row(png_structp png_ptr) void /* PRIVATE */ png_read_push_finish_row(png_structp png_ptr) { +#ifdef PNG_READ_INTERLACING_SUPPORTED /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */ /* Start of interlace block */ @@ -1219,6 +1219,7 @@ png_read_push_finish_row(png_structp png_ptr) * it, uncomment it here and in png.h static PNG_CONST png_byte FARDATA png_pass_height[] = {8, 8, 4, 4, 2, 2, 1}; */ +#endif png_ptr->row_number++; if (png_ptr->row_number < png_ptr->num_rows) @@ -1285,8 +1286,7 @@ png_push_handle_tEXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 } #endif - png_ptr->current_text = (png_charp)png_malloc(png_ptr, - (png_size_t)(length + 1)); + png_ptr->current_text = (png_charp)png_malloc(png_ptr, length + 1); png_ptr->current_text[length] = '\0'; png_ptr->current_text_ptr = png_ptr->current_text; png_ptr->current_text_size = (png_size_t)length; @@ -1384,8 +1384,7 @@ png_push_handle_zTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 } #endif - png_ptr->current_text = (png_charp)png_malloc(png_ptr, - (png_size_t)(length + 1)); + png_ptr->current_text = (png_charp)png_malloc(png_ptr, length + 1); png_ptr->current_text[length] = '\0'; png_ptr->current_text_ptr = png_ptr->current_text; png_ptr->current_text_size = (png_size_t)length; @@ -1586,8 +1585,7 @@ png_push_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 } #endif - png_ptr->current_text = (png_charp)png_malloc(png_ptr, - (png_size_t)(length + 1)); + png_ptr->current_text = (png_charp)png_malloc(png_ptr, length + 1); png_ptr->current_text[length] = '\0'; png_ptr->current_text_ptr = png_ptr->current_text; png_ptr->current_text_size = (png_size_t)length; @@ -1732,8 +1730,7 @@ png_push_handle_unknown(png_structp png_ptr, png_infop info_ptr, png_uint_32 */ PNG_CSTRING_FROM_CHUNK(png_ptr->unknown_chunk.name, png_ptr->chunk_name); - /* The following cast should be safe because of the check above. */ - png_ptr->unknown_chunk.size = (png_size_t)length; + png_ptr->unknown_chunk.size = length; if (length == 0) png_ptr->unknown_chunk.data = NULL; diff --git a/harbour/src/3rd/png/pngrutil.c b/harbour/src/3rd/png/pngrutil.c index 52a73cfc39..d6c0e0350f 100644 --- a/harbour/src/3rd/png/pngrutil.c +++ b/harbour/src/3rd/png/pngrutil.c @@ -1,8 +1,8 @@ /* pngrutil.c - utilities to read a PNG file * - * Last changed in libpng 1.5.7 [December 15, 2011] - * Copyright (c) 1998-2011 Glenn Randers-Pehrson + * Last changed in libpng 1.5.9 [February 18, 2012] + * Copyright (c) 1998-2012 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -432,15 +432,18 @@ png_decompress_chunk(png_structp png_ptr, int comp_type, /* Now check the limits on this chunk - if the limit fails the * compressed data will be removed, the prefix will remain. */ + if (prefix_size >= (~(png_size_t)0) - 1 || + expanded_size >= (~(png_size_t)0) - 1 - prefix_size #ifdef PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED - if (png_ptr->user_chunk_malloc_max && + || (png_ptr->user_chunk_malloc_max && (prefix_size + expanded_size >= png_ptr->user_chunk_malloc_max - 1)) #else # ifdef PNG_USER_CHUNK_MALLOC_MAX - if ((PNG_USER_CHUNK_MALLOC_MAX > 0) && + || ((PNG_USER_CHUNK_MALLOC_MAX > 0) && prefix_size + expanded_size >= PNG_USER_CHUNK_MALLOC_MAX - 1) # endif #endif + ) png_warning(png_ptr, "Exceeded size limit while expanding chunk"); /* If the size is zero either there was an error and a message @@ -448,12 +451,7 @@ png_decompress_chunk(png_structp png_ptr, int comp_type, * and we have nothing to do - the code will exit through the * error case below. */ -#if defined(PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED) || \ - defined(PNG_USER_CHUNK_MALLOC_MAX) else if (expanded_size > 0) -#else - if (expanded_size > 0) -#endif { /* Success (maybe) - really uncompress the chunk. */ png_size_t new_size = 0; @@ -1279,7 +1277,7 @@ png_handle_iCCP(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) png_free(png_ptr, png_ptr->chunkdata); png_ptr->chunkdata = (png_charp)png_malloc(png_ptr, length + 1); - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, skip)) @@ -1429,7 +1427,7 @@ png_handle_sPLT(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) * that the PNG_MAX_MALLOC_64K test is enabled in this case, but this is a * potential breakage point if the types in pngconf.h aren't exactly right. */ - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, skip)) @@ -1956,7 +1954,7 @@ png_handle_pCAL(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) return; } - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, 0)) @@ -2105,7 +2103,7 @@ png_handle_sCAL(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) return; } - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); png_ptr->chunkdata[slength] = 0x00; /* Null terminate the last string */ @@ -2265,7 +2263,7 @@ png_handle_tEXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) return; } - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, skip)) @@ -2373,7 +2371,7 @@ png_handle_zTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) return; } - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, 0)) @@ -2504,7 +2502,7 @@ png_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) return; } - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, 0)) diff --git a/harbour/src/3rd/png/pngstru.h b/harbour/src/3rd/png/pngstru.h index 07f3a04255..860b8bff8f 100644 --- a/harbour/src/3rd/png/pngstru.h +++ b/harbour/src/3rd/png/pngstru.h @@ -5,7 +5,7 @@ * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * - * Last changed in libpng 1.5.5 [September 22, 2011] + * Last changed in libpng 1.5.9 [February 18, 2012] * * This code is released under the libpng license. * For conditions of distribution and use, see the disclaimer @@ -283,9 +283,7 @@ struct png_struct_def #endif /* New member added in libpng-1.0.4 (renamed in 1.0.9) */ -#if defined(PNG_MNG_FEATURES_SUPPORTED) || \ - defined(PNG_READ_EMPTY_PLTE_SUPPORTED) || \ - defined(PNG_WRITE_EMPTY_PLTE_SUPPORTED) +#if defined(PNG_MNG_FEATURES_SUPPORTED) /* Changed from png_byte to png_uint_32 at version 1.2.0 */ png_uint_32 mng_features_permitted; #endif