Libpng 1.6.8 - December 19, 2013 This is a public release of libpng, intended for use in production codes. Files available for download: Source files with LF line endings (for Unix/Linux) and with a "configure" script libpng-1.6.8.tar.xz (LZMA-compressed, recommended) libpng-1.6.8.tar.gz Source files with CRLF line endings (for Windows), without the "configure" script lpng168.7z (LZMA-compressed, recommended) lpng168.zip Other information: libpng-1.6.8-README.txt libpng-1.6.8-LICENSE.txt Gnupg/*.asc (PGP armored detached signatures) Changes since the last public release (1.6.7): Changed #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED in pngpread.c to #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED to be consistent with what is in pngpriv.h. Moved prototype for png_handle_unknown() in pngpriv.h outside of the #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED/#endif block. Added "-Wall" to CFLAGS in contrib/pngminim/*/makefile Conditionally compile some unused functions reported by -Wall in pngminim. Fixed 'minimal' builds. Various obviously useful minimal configurations don't build because of missing contrib/libtests test programs and overly complex dependencies in scripts/pnglibconf.dfa. This change adds contrib/conftest/*.dfa files that can be used in automatic build scripts to ensure that these configurations continue to build. Enabled WRITE_INVERT and WRITE_PACK in contrib/pngminim/encoder. Fixed pngvalid 'fail' function declaration on the Intel C Compiler. This reverts to the previous 'static' implementation and works round the 'unused static function' warning by using PNG_UNUSED(). Removed or marked PNG_UNUSED some harmless "dead assignments" reported by clang scan-build. Changed tabs to 3 spaces in png_debug macros and changed '"%s"m' to '"%s" m' to improve portability among compilers. Changed png_free_default() to free() in pngtest.c Tidied up pngfix inits and fixed pngtest no-write builds. Handle zero-length PLTE chunk or NULL palette with png_error() instead of png_chunk_report(), which by default issues a warning rather than an error, leading to later reading from a NULL pointer (png_ptr->palette) in png_do_expand_palette(). This is CVE-2013-6954 and VU#650142. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit https://lists.sourceforge.net/lists/listinfo/png-mng-implement to subscribe) or to glennrp at users.sourceforge.net Glenn R-P