Thursday 12th November 2015
Fedora Project
Updated libpng10 to 1.0.64 in F-21, F-22, F-23, Rawhide and EPEL-6:
Fix typecast in a png_debug2() statement in png_set_text_2() to avoid a compiler warning in PNG_DEBUG builds
Fixed printf formats in pngtest.c to avoid compiler warnings and a Coverity warning in PNG_DEBUG builds
Avoid Coverity issue 80858 (REVERSE NULL) in pngtest.c PNG_DEBUG builds
Removed WRITE_WEIGHTED_FILTERED code
Avoid potentially dereferencing NULL info_ptr in png_info_init_3()
Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
Use nanosleep() instead of usleep() in contrib/gregbook/rpng2-x.c because usleep() is deprecated (port from libpng16)
- Fixed some bad links in the man page
Added a safety check in png_set_tIME() (CVE-2015-7981)
- Prevent writing over-length PLTE chunk
- Silently truncate over-length PLTE chunk while reading
Clarified COPYRIGHT information to state explicitly that versions are derived from previous versions
Removed much of the long list of previous versions from png.h and libpng.3
Local Packages
Updated libpng10 to 1.0.64 as per the Fedora version