"libpng version 1.6.31 added png_handle_eXIf(), which has a
null-pointer-dereference bug as well as a potential memory leak. Insofar as the
function has existed for only four weeks and the chunk itself for only six,
it's unlikely there are any applications affected by it at this time, but they
might come into existence in the future. The vulnerability is fixed in version
1.6.32, released on 24 August 2017."
ok naddy@
- Fix for possible buffer overrun in kodak_65000 decoder
- Fix for possible heap overrun in Canon makernotes parser
- Fix for CVE-2017-13735 CVE-2017-14265: Additional check for X-Trans
CFA pattern data
-- https://www.libraw.org/news/libraw-0-18-5
- take maintainer
ok dcoppa@
in the checks.
Someone clearly did not read the autoconf documentation because
using the following functions with a function declaration inside
the body will end up declaring a function inside a function.
- AC_TRY_COMPILE( [], [ int main() { return 0; } ],
- AC_LANG_PROGRAM([[]], [[int main (void) { return 0; }]])],
- AC_TRY_LINK([], [int main (void) { return 0; }],
Result:
int
main ()
{
int main (void) { return 0; }
;
return 0;
}
nested functions is a gcc extension which is not supported by
clang.
test.c:4:17: error: function definition is not allowed here
int main (void) { return 0; }
^
1 error generated.
This causes tests to fail in the configure scripts resulting in
missing compile and link time flags from the builds.
This resulted in weird behaviour of several software, like gnome
hanging completely due to gtk+3 not being built properly.
This change intrudces the following fixes:
- remove int main() declaration from AC_TRY_COMPILE, AC_LANG_PROGRAM, AC_TRY_LINK
as it comes with a declaration already, and people misused them
- change to use AC_LANG_SOURCE when needed in case a complete source block is specified
Most of the changes are in configure.(ac|in), however there were some cases
where autoconf is either broken or the build failed because of an autoconf
generated configure script. Everytihng else is switched to autoconf, so
the maintainers can go ahead and upstream these diffs.
There are more to come, we are continously checking the tree for these issues
and in the future the infrastructure will error if such a case is found.
decoding. Upstream bug/patch suggested by Jan Beich (jbeich@freebsd), tweak
from Brad to keep it as close as possible to the upstream commit.
AAC encode still hangs on i386.
compiled with clang 4.0.x (either 4.0.0 in base or the older ports 4.0.1).
Based on a diff from Brad.
Add a comment explaining this and note that there is another issue where the
H264 decoder segfaults in ff_deblock_v_luma_8_sse2 on i386, but this isn't
helped by the newer ports clang.
### Security
- Double-free in gdImagePngPtr(). (CVE-2017-6362)
- Buffer over-read into uninitialized memory. (CVE-2017-7890)
### Fixed
- Fix#109: XBM reading fails with printed error
- Fix#338: Fatal and normal libjpeg/ibpng errors not distinguishable
- Fix#357: 2.2.4: Segfault in test suite
- Fix#386: gdImageGrayScale() may produce colors
- Fix#406: webpng -i removes the transparent color
- Fix Coverity #155475: Failure to restore alphaBlendingFlag
- Fix Coverity #155476: potential resource leak
- Fix several build issues and test failures
- Fix and reenable optimized support for reading 1 bps TIFFs
