upgrade to libpng-1.6.21

ANNOUNCE

@@ -1,4 +1,4 @@
-Libpng 1.6.20 - December 3, 2015
+Libpng 1.6.21 - January 15, 2016
 
 This is a public release of libpng, intended for use in production codes.
 
@@ -7,41 +7,49 @@ Files available for download:
 Source files with LF line endings (for Unix/Linux) and with a
 "configure" script
 
-   libpng-1.6.20.tar.xz (LZMA-compressed, recommended)
-   libpng-1.6.20.tar.gz
+   libpng-1.6.21.tar.xz (LZMA-compressed, recommended)
+   libpng-1.6.21.tar.gz
 
 Source files with CRLF line endings (for Windows), without the
 "configure" script
 
-   /scratch/glennrp/Libpng16/lpng1620.7z  (LZMA-compressed, recommended)
-   /scratch/glennrp/Libpng16/lpng1620.zip
+   /scratch/glennrp/Libpng16/lpng1621.7z  (LZMA-compressed, recommended)
+   /scratch/glennrp/Libpng16/lpng1621.zip
 
 Other information:
 
-   libpng-1.6.20-README.txt
-   libpng-1.6.20-LICENSE.txt
-   libpng-1.6.20-*.asc (armored detached GPG signatures)
-
-Changes since the last public release (1.6.19):
-  Avoid potential pointer overflow/underflow in png_handle_sPLT() and
-    png_handle_pCAL() (Bug report by John Regehr).
-  Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
-    not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
-    vulnerability.
-  Backported tests from libpng-1.7.0beta69.
-  Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
-    American Fuzzy Lop, reported by Brian Carpenter.  inflate() doesn't
-    immediately fault a bad CMINFO field; instead a 'too far back' error
-    happens later (at least some times).  pngfix failed to limit CMINFO to
-    the allowed values but then assumed that window_bits was in range,
-    triggering an assert. The bug is mostly harmless; the PNG file cannot
-    be fixed.
-  In libpng 1.6 zlib initialization was changed to use the window size
-    in the zlib stream, not a fixed value. This causes some invalid images,
-    where CINFO is too large, to display 'correctly' if the rest of the
-    data is valid.  This provides a workaround for zlib versions where the
-    error arises (ones that support the API change to use the window size
-    in the stream).
+   libpng-1.6.21-README.txt
+   libpng-1.6.21-LICENSE.txt
+   libpng-1.6.21-*.asc (armored detached GPG signatures)
+
+Changes since the last public release (1.6.20):
+
+  Fixed syntax "$(command)" in tests/pngstest that some shells other than
+    bash could not parse (Bug report by Nelson Beebe). Use `command` instead.
+  Moved png_check_keyword() from pngwutil.c to pngset.c
+  Removed LE/BE dependencies in pngvalid, to 'fix' the current problem
+    in the BigEndian tests by not testing it, making the BE code the same 
+    as the LE version.
+  Fixes to pngvalid for various reduced build configurations (eliminate unused
+    statics) and a fix for the case in rgb_to_gray when the digitize option
+    reduces graylo to 0, producing a large error.
+  Widened the 'limit' check on the internally calculated error limits in
+    the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error
+    checks) and changed the check to only operate in non-release builds
+   (base build type not RC or RELEASE.)
+  Fixed undefined behavior in pngvalid.c, undefined because
+    (png_byte) << shift is undefined if it changes the signed bit
+    (because png_byte is promoted to int). The libpng exported functions
+    png_get_uint_32 and png_get_uint_16 handle this. (Bug reported by
+    David Drysdale as a result of reports from UBSAN in clang 3.8).
+  This changes pngvalid to use BE random numbers; this used to produce
+    errors but these should not be fixed as a result of the previous changes.
+  In projects/vstudio, combined readme.txt and WARNING into README.txt
+  Relocated assert() in contrib/tools/pngfix.c, bug found by American
+    Fuzzy Lop, reported by Brian Carpenter.
+  Marked 'limit' UNUSED in transform_range_check().  This only affects
+    release builds.
+  Worked around a false-positive Coverity issue in pngvalid.c.
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit

CHANGES

@@ -5421,7 +5421,7 @@ Version 1.6.20beta01 [November 20, 2015]
 Version 1.6.20beta02 [November 23, 2015]
   Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
     not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
-    vulnerability.
+    vulnerability.  Fixes CVE-2015-8472.
 
 Version 1.6.20beta03 [November 24, 2015]
   Backported tests from libpng-1.7.0beta69.
@@ -5446,6 +5446,44 @@ Version 1.6.20rc02 [November 29, 2015]
 Version 1.6.20 [December 3, 2015]
   No changes.
 
+Version 1.6.21beta01 [December 11, 2015]
+  Fixed syntax "$(command)" in tests/pngstest that some shells other than
+    bash could not parse (Bug report by Nelson Beebe). Use `command` instead.
+
+Version 1.6.21beta02 [December 14, 2015]
+  Moved png_check_keyword() from pngwutil.c to pngset.c
+  Removed LE/BE dependencies in pngvalid, to 'fix' the current problem
+    in the BigEndian tests by not testing it, making the BE code the same 
+    as the LE version.
+  Fixes to pngvalid for various reduced build configurations (eliminate unused
+    statics) and a fix for the case in rgb_to_gray when the digitize option
+    reduces graylo to 0, producing a large error.
+
+Version 1.6.21beta03 [December 18, 2015]
+  Widened the 'limit' check on the internally calculated error limits in
+    the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error
+    checks) and changed the check to only operate in non-release builds
+    (base build type not RC or RELEASE.)
+  Fixed undefined behavior in pngvalid.c, undefined because
+    (png_byte) << shift is undefined if it changes the signed bit
+    (because png_byte is promoted to int). The libpng exported functions
+    png_get_uint_32 and png_get_uint_16 handle this. (Bug reported by
+    David Drysdale as a result of reports from UBSAN in clang 3.8).
+  This changes pngvalid to use BE random numbers; this used to produce
+    errors but these should not be fixed as a result of the previous changes.
+
+Version 1.6.21rc01 [January 4, 2016]
+  In projects/vstudio, combined readme.txt and WARNING into README.txt
+
+Version 1.6.21rc02 [January 7, 2016]
+  Relocated assert() in contrib/tools/pngfix.c, bug found by American
+    Fuzzy Lop, reported by Brian Carpenter.
+  Marked 'limit' UNUSED in transform_range_check().  This only affects
+    release builds.
+
+Version 1.6.21 [January 15, 2016]
+  Worked around a false-positive Coverity issue in pngvalid.c.
+
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
 https://lists.sourceforge.net/lists/listinfo/png-mng-implement

CMakeLists.txt

@@ -16,7 +16,7 @@ enable_testing()
 
 set(PNGLIB_MAJOR 1)
 set(PNGLIB_MINOR 6)
-set(PNGLIB_RELEASE 20)
+set(PNGLIB_RELEASE 21)
 set(PNGLIB_NAME libpng${PNGLIB_MAJOR}${PNGLIB_MINOR})
 set(PNGLIB_VERSION ${PNGLIB_MAJOR}.${PNGLIB_MINOR}.${PNGLIB_RELEASE})
 
@@ -261,7 +261,7 @@ endif(NOT WIN32 OR CYGWIN OR MINGW)
 # SET UP LINKS
 if(PNG_SHARED)
   set_target_properties(${PNG_LIB_NAME} PROPERTIES
-#   VERSION 16.${PNGLIB_RELEASE}.1.6.20
+#   VERSION 16.${PNGLIB_RELEASE}.1.6.21
     VERSION 16.${PNGLIB_RELEASE}.0
     SOVERSION 16
     CLEAN_DIRECT_OUTPUT 1)

LICENSE

@@ -10,8 +10,8 @@ this sentence.
 
 This code is released under the libpng license.
 
-libpng versions 1.0.7, July 1, 2000, through 1.6.20, December 3, 2015, are
-Copyright (c) 2000-2002, 2004, 2006-2015 Glenn Randers-Pehrson, are
+libpng versions 1.0.7, July 1, 2000, through 1.6.21, January 15, 2016, are
+Copyright (c) 2000-2002, 2004, 2006-2016 Glenn Randers-Pehrson, are
 derived from libpng-1.0.6, and are distributed according to the same
 disclaimer and license as libpng-1.0.6 with the following individuals
 added to the list of Contributing Authors:
@@ -109,4 +109,4 @@ the additional disclaimers inserted at version 1.0.7.
 
 Glenn Randers-Pehrson
 glennrp at users.sourceforge.net
-December 3, 2015
+January 15, 2016

README

@@ -1,4 +1,4 @@
-README for libpng version 1.6.20 - December 3, 2015 (shared library 16.0)
+README for libpng version 1.6.21 - January 15, 2016 (shared library 16.0)
 See the note about version numbers near the top of png.h
 
 See INSTALL for instructions on how to install libpng.

configure

@@ -1,14 +1,14 @@
 
 echo "
   There is no \"configure\" script in this distribution (*.zip or *.7z) of
-  libpng-1.6.20.
+  libpng-1.6.21.
 
   Instead, please copy the appropriate makefile for your system from the
   \"scripts\" directory.  Read the INSTALL file for more details.
 
   Update, July 2004: you can get a \"configure\" based distribution
   from the libpng distribution sites.  Download the file
-  libpng-1.6.20.tar.gz or libpng-1.6.20.tar.xz.
+  libpng-1.6.21.tar.gz or libpng-1.6.21.tar.xz.
 
   If the line endings in the files look funny, which is likely to be the
   case if you were trying to run \"configure\" on a Linux machine, you may

contrib/libtests/makepng.c

@@ -3,7 +3,7 @@
 /* Copyright: */
 #define COPYRIGHT "\251 2013,2015 John Cunningham Bowler"
 /*
- * Last changed in libpng 1.7.0 [(PENDING RELEASE)]
+ * Last changed in libpng 1.6.20 [November 24, 2015]
  *
  * This code is released under the libpng license.
  * For conditions of distribution and use, see the disclaimer

contrib/libtests/pngstest.c

@@ -3,7 +3,7 @@
  *
  * Copyright (c) 2013-2015 John Cunningham Bowler
  *
- * Last changed in libpng 1.6.19 [(PENDING RELEASE)]
+ * Last changed in libpng 1.6.19 [November 12, 2015]
  *
  * This code is released under the libpng license.
  * For conditions of distribution and use, see the disclaimer