Update bundled libpng to version 1.6.38

With this update, there are no longer any diffs to upstream
libpng. Hence, the qtpatches.diff file is removed. Details:

- #define _CRT_SECURE_NO_DEPRECATE: Done on compiler cmdline instead
- #undef PNG_BUILD_DLL: For our usecase, that only caused PNG_IMPEXP
  to be defined to an empty string. Done on compiler cmdline instead.
- #ifdef for WinCE: dead platform.
- A memory leak fix: Included in upstream 1.6.38.

[ChangeLog][Third-Party Code] libpng was updated to version 1.6.38

Pick-to: 6.4 6.2 5.15
Change-Id: I229db30e1dd54c209dc93e76d11e6fdb1f7adbdb
Reviewed-by: Allan Sandfeld Jensen <[email protected]>

src/3rdparty/libpng/ANNOUNCE

@@ -1,5 +1,5 @@
-libpng 1.6.37 - April 14, 2019
-==============================
+libpng 1.6.38 - September 14, 2022
+==================================
 
 This is a public release of libpng, intended for use in production code.
 
@@ -9,13 +9,13 @@ Files available for download
 
 Source files with LF line endings (for Unix/Linux):
 
- * libpng-1.6.37.tar.xz (LZMA-compressed, recommended)
- * libpng-1.6.37.tar.gz
+ * libpng-1.6.38.tar.xz (LZMA-compressed, recommended)
+ * libpng-1.6.38.tar.gz
 
 Source files with CRLF line endings (for Windows):
 
- * lp1637.7z (LZMA-compressed, recommended)
- * lp1637.zip
+ * lp1638.7z (LZMA-compressed, recommended)
+ * lp1638.zip
 
 Other information:
 
@@ -25,20 +25,13 @@ Other information:
  * TRADEMARK.md
 
 
-Changes since the previous public release (version 1.6.36)
+Changes since the previous public release (version 1.6.37)
 ----------------------------------------------------------
 
- * Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.
- * Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette.
- * Fixed a memory leak in pngtest.c.
- * Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in
-   contrib/pngminus; refactor.
- * Changed the license of contrib/pngminus to MIT; refresh makefile and docs.
-   (Contributed by Willem van Schaik)
- * Fixed a typo in the libpng license v2.
-   (Contributed by Miguel Ojeda)
- * Added makefiles for AddressSanitizer-enabled builds.
- * Cleaned up various makefiles.
+ * Added configurations and scripts for continuous integration.
+ * Fixed various errors in the handling of tRNS, hIST and eXIf.
+ * Implemented many stability improvements across all platforms.
+ * Updated the internal documentation.
 
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net.

src/3rdparty/libpng/CHANGES

@@ -2295,7 +2295,7 @@ Version 1.4.0beta58 [May 14, 2009]
   Clarified usage of sig_bit versus sig_bit_p in example.c (Vincent Torri)
 
 Version 1.4.0beta59 [May 15, 2009]
-  Reformated sources in libpng style (3-space intentation, comment format)
+  Reformated sources in libpng style (3-space indentation, comment format)
   Fixed typo in libpng docs (PNG_FILTER_AVE should be PNG_FILTER_AVG)
   Added sections about the git repository and our coding style to the
     documentation
@@ -3886,7 +3886,7 @@ Version 1.6.0beta06 [January 24, 2012]
 Version 1.6.0beta07 [January 28, 2012]
   Eliminated Intel icc/icl compiler warnings. The Intel (GCC derived)
     compiler issues slightly different warnings from those issued by the
-    current vesions of GCC. This eliminates those warnings by
+    current versions of GCC. This eliminates those warnings by
     adding/removing casts and small code rewrites.
   Updated configure.ac from autoupdate: added --enable-werror option.
     Also some layout regularization and removal of introduced tab characters
@@ -6103,6 +6103,12 @@ Version 1.6.37 [April 14, 2019]
   Added makefiles for AddressSanitizer-enabled builds.
   Cleaned up various makefiles.
 
+Version 1.6.38 [September 14, 2022]
+  Added configurations and scripts for continuous integration.
+  Fixed various errors in the handling of tRNS, hIST and eXIf.
+  Implemented many stability improvements across all platforms.
+  Updated the internal documentation.
+
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net.
 Subscription is required; visit
 https://lists.sourceforge.net/lists/listinfo/png-mng-implement

src/3rdparty/libpng/CMakeLists.txt

@@ -28,6 +28,8 @@ qt_internal_add_3rdparty_library(BundledLibpng
     DEFINES
         PNG_ARM_NEON_OPT=0
         PNG_POWERPC_VSX_OPT=0
+        PNG_IMPEXP=
+        _CRT_SECURE_NO_DEPRECATE
     PUBLIC_INCLUDE_DIRECTORIES
         $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>
 )

src/3rdparty/libpng/INSTALL

@@ -128,53 +128,54 @@ Your directory structure should look like this:
           README
           *.h, *.c  => libpng source files
           CMakeLists.txt    =>  "cmake" script
+          ci
+             ci_*.sh
           configuration files:
              configure.ac, configure, Makefile.am, Makefile.in,
              autogen.sh, config.guess, ltmain.sh, missing, libpng.pc.in,
              libpng-config.in, aclocal.m4, config.h.in, config.sub,
-             depcomp, install-sh, mkinstalldirs, test-pngtest.sh
+             depcomp, install-sh, mkinstalldirs, test-pngtest.sh, etc.
           contrib
              arm-neon, conftest, examples, gregbook, libtests, pngminim,
              pngminus, pngsuite, tools, visupng
           projects
-             cbuilder5, owatcom, visualc71, vstudio, xcode
+             owatcom, visualc71, vstudio
           scripts
              makefile.*
              *.def (module definition files)
              etc.
           pngtest.png
           etc.
       zlib
-          README, *.h, *.c contrib, etc.
+          README, *.h, *.c, contrib, etc.
 
 If the line endings in the files look funny, you may wish to get the other
 distribution of libpng.  It is available in both tar.gz (UNIX style line
 endings) and zip (DOS style line endings) formats.
 
 VI. Building with project files
 
-If you are building libpng with MSVC, you can enter the
-libpng projects\visualc71 or vstudio directory and follow the instructions
-in README.txt.
+If you are building libpng with Microsoft Visual Studio, you can enter
+the directory projects\visualc71 or projects\vstudio and follow the
+instructions in README.txt.
 
-Otherwise enter the zlib directory and follow the instructions in zlib/README,
-then come back here and run "configure" or choose the appropriate
-makefile.sys in the scripts directory.
+Otherwise, enter the zlib directory and follow the instructions in
+zlib/README, then come back here and run "configure" or choose the
+appropriate makefile in the scripts directory.
 
 VII. Building with makefiles
 
 Copy the file (or files) that you need from the
 scripts directory into this directory, for example
 
-MSDOS example:
+UNIX example:
 
-    copy scripts\makefile.msc makefile
-    copy scripts\pnglibconf.h.prebuilt pnglibconf.h
+    cp scripts/makefile.std Makefile
+    make
 
-UNIX example:
+Windows example:
 
-    cp scripts/makefile.std makefile
-    cp scripts/pnglibconf.h.prebuilt pnglibconf.h
+    nmake -f scripts\makefile.vcwin32
 
 Read the makefile to see if you need to change any source or
 target directories to match your preferences.
@@ -197,30 +198,27 @@ do that, run "make install" in the zlib directory first if necessary).
 Some also allow you to run "make test-installed" after you have
 run "make install".
 
-VIII. Configuring libpng for 16-bit platforms
-
-You will want to look into zconf.h to tell zlib (and thus libpng) that
-it cannot allocate more than 64K at a time.  Even if you can, the memory
-won't be accessible.  So limit zlib and libpng to 64K by defining MAXSEG_64K.
+VIII. Configuring for DOS and other 16-bit platforms
 
-IX. Configuring for DOS
+Officially, the support for 16-bit platforms has been removed.
 
 For DOS users who only have access to the lower 640K, you will
 have to limit zlib's memory usage via a png_set_compression_mem_level()
 call.  See zlib.h or zconf.h in the zlib library for more information.
 
-X. Configuring for Medium Model
+You may be or may not be in luck if you target the "large" memory model,
+but all the smaller models ("small", "compact" and "medium") are known
+to be unworkable.  For DOS users who have access beyond the lower 640K,
+a "flat" 32-bit DOS model (such as DJGPP) is strongly recommended.
 
-Libpng's support for medium model has been tested on most of the popular
-compilers.  Make sure MAXSEG_64K gets defined, USE_FAR_KEYWORD gets
-defined, and FAR gets defined to far in pngconf.h, and you should be
-all set.  Everything in the library (except for zlib's structure) is
-expecting far data.  You must use the typedefs with the p or pp on
-the end for pointers (or at least look at them and be careful).  Make
-note that the rows of data are defined as png_bytepp, which is
-an "unsigned char far * far *".
+For DOS users who only have access to the lower 640K, you will have to
+limit zlib's memory usage via a png_set_compression_mem_level() call.
+You will also have to look into zconf.h to tell zlib (and thus libpng)
+that it cannot allocate more than 64K at a time.  Even if you can, the
+memory won't be accessible.  Therefore, you should limit zlib and libpng
+to 64K by defining MAXSEG_64K.
 
-XI. Prepending a prefix to exported symbols
+IX. Prepending a prefix to exported symbols
 
 Starting with libpng-1.6.0, you can configure libpng (when using the
 "configure" script) to prefix all exported symbols by means of the
@@ -231,7 +229,7 @@ identifier).  This creates a set of macros in pnglibconf.h, so this is
 transparent to applications; their function calls get transformed by
 the macros to use the modified names.
 
-XII. Configuring for compiler xxx:
+X. Configuring for compiler xxx:
 
 All includes for libpng are in pngconf.h.  If you need to add, change
 or delete an include, this is the place to do it.
@@ -243,7 +241,7 @@ As of libpng-1.5.0, pngpriv.h also includes three other private header
 files, pngstruct.h, pnginfo.h, and pngdebug.h, which contain material
 that previously appeared in the public headers.
 
-XIII. Removing unwanted object code
+XI. Removing unwanted object code
 
 There are a bunch of #define's in pngconf.h that control what parts of
 libpng are compiled.  All the defines end in _SUPPORTED.  If you are
@@ -282,7 +280,7 @@ library to fail if they call functions not available in your library.
 The size of the library itself should not be an issue, because only
 those sections that are actually used will be loaded into memory.
 
-XIV. Enabling or disabling hardware optimizations
+XII. Enabling or disabling hardware optimizations
 
 Certain hardware capabilities, such as the Intel SSE instructions,
 are normally detected at run time. Enable them with configure options
@@ -332,7 +330,7 @@ or disable them all at once with
 
     cmake . -DPNG_HARDWARE_OPTIMIZATIONS=no
 
-XV. Changes to the build and configuration of libpng in libpng-1.5.x
+XIII. Changes to the build and configuration of libpng in libpng-1.5.x
 
 Details of internal changes to the library code can be found in the CHANGES
 file and in the GIT repository logs.  These will be of no concern to the vast
@@ -423,7 +421,7 @@ $PREFIX/include directory).  Do not edit pnglibconf.h after you have built
 libpng, because than the settings would not accurately reflect the settings
 that were used to build libpng.
 
-XVI. Setjmp/longjmp issues
+XIV. Setjmp/longjmp issues
 
 Libpng uses setjmp()/longjmp() for error handling.  Unfortunately setjmp()
 is known to be not thread-safe on some platforms and we don't know of
@@ -441,7 +439,7 @@ This requires setjmp/longjmp, so you must either build the library
 with PNG_SETJMP_SUPPORTED defined, or with PNG_SIMPLIFIED_READ_SUPPORTED
 and PNG_SIMPLIFIED_WRITE_SUPPORTED undefined.
 
-XVII. Common linking failures
+XV. Common linking failures
 
 If your application fails to find libpng or zlib entries while linking:
 
@@ -453,12 +451,13 @@ If your application fails to find libpng or zlib entries while linking:
   If you are using the vstudio project, observe the WARNING in
   project/vstudio/README.txt.
 
-XVIII. Other sources of information about libpng:
+XVI. Other sources of information about libpng:
 
 Further information can be found in the README and libpng-manual.txt
 files, in the individual makefiles, in png.h, and the manual pages
 libpng.3 and png.5.
 
+Copyright (c) 2022 Cosmin Truta
 Copyright (c) 1998-2002,2006-2016 Glenn Randers-Pehrson
 This document is released under the libpng license.
 For conditions of distribution and use, see the disclaimer

src/3rdparty/libpng/LICENSE

@@ -4,8 +4,8 @@ COPYRIGHT NOTICE, DISCLAIMER, and LICENSE
 PNG Reference Library License version 2
 ---------------------------------------
 
- * Copyright (c) 1995-2019 The PNG Reference Library Authors.
- * Copyright (c) 2018-2019 Cosmin Truta.
+ * Copyright (c) 1995-2022 The PNG Reference Library Authors.
+ * Copyright (c) 2018-2022 Cosmin Truta.
  * Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson.
  * Copyright (c) 1996-1997 Andreas Dilger.
  * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.

src/3rdparty/libpng/README

@@ -1,12 +1,12 @@
-README for libpng version 1.6.37 - April 14, 2019
-=================================================
+README for libpng version 1.6.38
+================================
 
 See the note about version numbers near the top of png.h.
 See INSTALL for instructions on how to install libpng.
 
 Libpng comes in several distribution formats.  Get libpng-*.tar.gz or
-libpng-*.tar.xz or if you want UNIX-style line endings in the text
-files, or lpng*.7z or lpng*.zip if you want DOS-style line endings.
+libpng-*.tar.xz if you want UNIX-style line endings in the text files,
+or lpng*.7z or lpng*.zip if you want DOS-style line endings.
 
 Version 0.89 was the first official release of libpng.  Don't let the
 fact that it's the first release fool you.  The libpng library has been

src/3rdparty/libpng/libpng-manual.txt

@@ -1,6 +1,6 @@
 libpng-manual.txt - A description on how to use and modify libpng
 
- Copyright (c) 2018-2019 Cosmin Truta
+ Copyright (c) 2018-2022 Cosmin Truta
  Copyright (c) 1998-2018 Glenn Randers-Pehrson
 
  This document is released under the libpng license.
@@ -9,9 +9,9 @@ libpng-manual.txt - A description on how to use and modify libpng
 
  Based on:
 
- libpng version 1.6.36, December 2018, through 1.6.37 - April 2019
+ libpng version 1.6.36, December 2018, through 1.6.38 - September 2022
  Updated and distributed by Cosmin Truta
- Copyright (c) 2018-2019 Cosmin Truta
+ Copyright (c) 2018-2022 Cosmin Truta
 
  libpng versions 0.97, January 1998, through 1.6.35 - July 2018
  Updated and distributed by Glenn Randers-Pehrson
@@ -1792,7 +1792,7 @@ the information.  If, instead, you want to convert the image to an opaque
 version with no alpha channel use png_set_background; see below.
 
 As of libpng version 1.5.2, almost all useful expansions are supported, the
-major ommissions are conversion of grayscale to indexed images (which can be
+major omissions are conversion of grayscale to indexed images (which can be
 done trivially in the application) and conversion of indexed to grayscale (which
 can be done by a trivial manipulation of the palette.)
 

src/3rdparty/libpng/png.c

@@ -1,7 +1,7 @@
 
 /* png.c - location for general purpose libpng functions
  *
- * Copyright (c) 2018-2019 Cosmin Truta
+ * Copyright (c) 2018-2022 Cosmin Truta
  * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson
  * Copyright (c) 1996-1997 Andreas Dilger
  * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
@@ -14,7 +14,7 @@
 #include "pngpriv.h"
 
 /* Generate a compiler error if there is an old png.h in the search path. */
-typedef png_libpng_version_1_6_37 Your_png_h_is_not_version_1_6_37;
+typedef png_libpng_version_1_6_38 Your_png_h_is_not_version_1_6_38;
 
 #ifdef __GNUC__
 /* The version tests may need to be added to, but the problem warning has
@@ -720,7 +720,7 @@ png_init_io(png_structrp png_ptr, png_FILE_p fp)
  *
  * Where UNSIGNED_MAX is the appropriate maximum unsigned value, so when the
  * negative integral value is added the result will be an unsigned value
- * correspnding to the 2's complement representation.
+ * corresponding to the 2's complement representation.
  */
 void PNGAPI
 png_save_int_32(png_bytep buf, png_int_32 i)
@@ -815,8 +815,8 @@ png_get_copyright(png_const_structrp png_ptr)
    return PNG_STRING_COPYRIGHT
 #else
    return PNG_STRING_NEWLINE \
-      "libpng version 1.6.37" PNG_STRING_NEWLINE \
-      "Copyright (c) 2018-2019 Cosmin Truta" PNG_STRING_NEWLINE \
+      "libpng version 1.6.38" PNG_STRING_NEWLINE \
+      "Copyright (c) 2018-2022 Cosmin Truta" PNG_STRING_NEWLINE \
       "Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson" \
       PNG_STRING_NEWLINE \
       "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \
@@ -1843,12 +1843,12 @@ png_icc_profile_error(png_const_structrp png_ptr, png_colorspacerp colorspace,
 #  ifdef PNG_WARNINGS_SUPPORTED
    else
       {
-         char number[PNG_NUMBER_BUFFER_SIZE]; /* +24 = 114*/
+         char number[PNG_NUMBER_BUFFER_SIZE]; /* +24 = 114 */
 
          pos = png_safecat(message, (sizeof message), pos,
              png_format_number(number, number+(sizeof number),
              PNG_NUMBER_FORMAT_x, value));
-         pos = png_safecat(message, (sizeof message), pos, "h: "); /*+2 = 116*/
+         pos = png_safecat(message, (sizeof message), pos, "h: "); /* +2 = 116 */
       }
 #  endif
    /* The 'reason' is an arbitrary message, allow +79 maximum 195 */