From 9b6da14435a1c39d9a64b872357467bc54cd1df2 Mon Sep 17 00:00:00 2001 From: Martin Balao Date: Tue, 26 Sep 2023 00:01:11 +0000 Subject: [PATCH] 8305815: Update Libpng to 1.6.39 Reviewed-by: phh, andrew Backport-of: c1f759e9d01d646eac69442452151b0467eab306 --- THIRD_PARTY_README | 5 +- corba/THIRD_PARTY_README | 5 +- hotspot/THIRD_PARTY_README | 5 +- jaxp/THIRD_PARTY_README | 5 +- jaxws/THIRD_PARTY_README | 5 +- jdk/THIRD_PARTY_README | 5 +- jdk/src/share/native/sun/awt/libpng/CHANGES | 12 ++ jdk/src/share/native/sun/awt/libpng/LICENSE | 2 +- jdk/src/share/native/sun/awt/libpng/README | 137 +++++++++--------- jdk/src/share/native/sun/awt/libpng/png.c | 6 +- jdk/src/share/native/sun/awt/libpng/png.h | 16 +- jdk/src/share/native/sun/awt/libpng/pngconf.h | 2 +- .../share/native/sun/awt/libpng/pnglibconf.h | 2 +- jdk/src/share/native/sun/awt/libpng/pngpriv.h | 2 +- .../share/native/sun/awt/libpng/pngrutil.c | 2 +- langtools/THIRD_PARTY_README | 5 +- nashorn/THIRD_PARTY_README | 5 +- 17 files changed, 121 insertions(+), 100 deletions(-) diff --git a/THIRD_PARTY_README b/THIRD_PARTY_README index f71e8f9b49..99a20eb52d 100644 --- a/THIRD_PARTY_README +++ b/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.38, which may be +%% This notice is provided with respect to libpng 1.6.39, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1678,9 +1678,10 @@ Authors, for copyright and licensing purposes. * Arm Holdings - Richard Townsend * Google Inc. + - Dan Field + - Leon Scroggins III - Matt Sarett - Mike Klein - - Dan Field - Sami Boukortt The build projects, the build scripts, the test scripts, and other diff --git a/corba/THIRD_PARTY_README b/corba/THIRD_PARTY_README index ae4f4d796b..f26a5f3ec5 100644 --- a/corba/THIRD_PARTY_README +++ b/corba/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.38, which may be +%% This notice is provided with respect to libpng 1.6.39, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1678,9 +1678,10 @@ Authors, for copyright and licensing purposes. * Arm Holdings - Richard Townsend * Google Inc. + - Dan Field + - Leon Scroggins III - Matt Sarett - Mike Klein - - Dan Field - Sami Boukortt The build projects, the build scripts, the test scripts, and other diff --git a/hotspot/THIRD_PARTY_README b/hotspot/THIRD_PARTY_README index ae4f4d796b..f26a5f3ec5 100644 --- a/hotspot/THIRD_PARTY_README +++ b/hotspot/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.38, which may be +%% This notice is provided with respect to libpng 1.6.39, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1678,9 +1678,10 @@ Authors, for copyright and licensing purposes. * Arm Holdings - Richard Townsend * Google Inc. + - Dan Field + - Leon Scroggins III - Matt Sarett - Mike Klein - - Dan Field - Sami Boukortt The build projects, the build scripts, the test scripts, and other diff --git a/jaxp/THIRD_PARTY_README b/jaxp/THIRD_PARTY_README index ae4f4d796b..f26a5f3ec5 100644 --- a/jaxp/THIRD_PARTY_README +++ b/jaxp/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.38, which may be +%% This notice is provided with respect to libpng 1.6.39, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1678,9 +1678,10 @@ Authors, for copyright and licensing purposes. * Arm Holdings - Richard Townsend * Google Inc. + - Dan Field + - Leon Scroggins III - Matt Sarett - Mike Klein - - Dan Field - Sami Boukortt The build projects, the build scripts, the test scripts, and other diff --git a/jaxws/THIRD_PARTY_README b/jaxws/THIRD_PARTY_README index ae4f4d796b..f26a5f3ec5 100644 --- a/jaxws/THIRD_PARTY_README +++ b/jaxws/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.38, which may be +%% This notice is provided with respect to libpng 1.6.39, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1678,9 +1678,10 @@ Authors, for copyright and licensing purposes. * Arm Holdings - Richard Townsend * Google Inc. + - Dan Field + - Leon Scroggins III - Matt Sarett - Mike Klein - - Dan Field - Sami Boukortt The build projects, the build scripts, the test scripts, and other diff --git a/jdk/THIRD_PARTY_README b/jdk/THIRD_PARTY_README index ae4f4d796b..f26a5f3ec5 100644 --- a/jdk/THIRD_PARTY_README +++ b/jdk/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.38, which may be +%% This notice is provided with respect to libpng 1.6.39, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1678,9 +1678,10 @@ Authors, for copyright and licensing purposes. * Arm Holdings - Richard Townsend * Google Inc. + - Dan Field + - Leon Scroggins III - Matt Sarett - Mike Klein - - Dan Field - Sami Boukortt The build projects, the build scripts, the test scripts, and other diff --git a/jdk/src/share/native/sun/awt/libpng/CHANGES b/jdk/src/share/native/sun/awt/libpng/CHANGES index 9a86869681..468e1119a1 100644 --- a/jdk/src/share/native/sun/awt/libpng/CHANGES +++ b/jdk/src/share/native/sun/awt/libpng/CHANGES @@ -6109,6 +6109,18 @@ Version 1.6.38 [September 14, 2022] Implemented many stability improvements across all platforms. Updated the internal documentation. +Version 1.6.39 [November 20, 2022] + Changed the error handler of oversized chunks (i.e. larger than + PNG_USER_CHUNK_MALLOC_MAX) from png_chunk_error to png_benign_error. + Fixed a buffer overflow error in contrib/tools/pngfix. + Fixed a memory leak (CVE-2019-6129) in contrib/tools/pngcp. + Disabled the ARM Neon optimizations by default in the CMake file, + following the default behavior of the configure script. + Allowed configure.ac to work with the trunk version of autoconf. + Removed the support for "install" targets from the legacy makefiles; + removed the obsolete makefile.cegcc. + Cleaned up the code and updated the internal documentation. + Send comments/corrections/commendations to png-mng-implement at lists.sf.net. Subscription is required; visit https://lists.sourceforge.net/lists/listinfo/png-mng-implement diff --git a/jdk/src/share/native/sun/awt/libpng/LICENSE b/jdk/src/share/native/sun/awt/libpng/LICENSE index c8ad24eecf..7ac90160ed 100644 --- a/jdk/src/share/native/sun/awt/libpng/LICENSE +++ b/jdk/src/share/native/sun/awt/libpng/LICENSE @@ -131,4 +131,4 @@ The Contributing Authors and Group 42, Inc. specifically permit, without fee, and encourage the use of this source code as a component to supporting the PNG file format in commercial products. If you use this source code in a product, acknowledgment is not required but would -be appreciated. +be appreciated. \ No newline at end of file diff --git a/jdk/src/share/native/sun/awt/libpng/README b/jdk/src/share/native/sun/awt/libpng/README index e6e72aa547..097a3c2184 100644 --- a/jdk/src/share/native/sun/awt/libpng/README +++ b/jdk/src/share/native/sun/awt/libpng/README @@ -1,4 +1,4 @@ -README for libpng version 1.6.38 +README for libpng version 1.6.39 ================================ See the note about version numbers near the top of png.h. @@ -106,73 +106,74 @@ subscribe). Files in this distribution: - ANNOUNCE => Announcement of this version, with recent changes - AUTHORS => List of contributing authors - CHANGES => Description of changes between libpng versions - KNOWNBUG => List of known bugs and deficiencies - LICENSE => License to use and redistribute libpng - README => This file - TODO => Things not implemented in the current library - TRADEMARK => Trademark information - example.c => Example code for using libpng functions - libpng.3 => manual page for libpng (includes libpng-manual.txt) - libpng-manual.txt => Description of libpng and its functions - libpngpf.3 => manual page for libpng's private functions - png.5 => manual page for the PNG format - png.c => Basic interface functions common to library - png.h => Library function and interface declarations (public) - pngpriv.h => Library function and interface declarations (private) - pngconf.h => System specific library configuration (public) - pngstruct.h => png_struct declaration (private) - pnginfo.h => png_info struct declaration (private) - pngdebug.h => debugging macros (private) - pngerror.c => Error/warning message I/O functions - pngget.c => Functions for retrieving info from struct - pngmem.c => Memory handling functions - pngbar.png => PNG logo, 88x31 - pngnow.png => PNG logo, 98x31 - pngpread.c => Progressive reading functions - pngread.c => Read data/helper high-level functions - pngrio.c => Lowest-level data read I/O functions - pngrtran.c => Read data transformation functions - pngrutil.c => Read data utility functions - pngset.c => Functions for storing data into the info_struct - pngtest.c => Library test program - pngtest.png => Library test sample image - pngtrans.c => Common data transformation functions - pngwio.c => Lowest-level write I/O functions - pngwrite.c => High-level write functions - pngwtran.c => Write data transformations - pngwutil.c => Write utility functions - arm => Contains optimized code for the ARM platform - powerpc => Contains optimized code for the PowerPC platform - contrib => Contributions - arm-neon => Optimized code for ARM-NEON platform - powerpc-vsx => Optimized code for POWERPC-VSX platform - examples => Example programs - gregbook => source code for PNG reading and writing, from - Greg Roelofs' "PNG: The Definitive Guide", - O'Reilly, 1999 - libtests => Test programs - mips-msa => Optimized code for MIPS-MSA platform - pngminim => Minimal decoder, encoder, and progressive decoder - programs demonstrating use of pngusr.dfa - pngminus => Simple pnm2png and png2pnm programs - pngsuite => Test images - testpngs - tools => Various tools - visupng => Contains a MSVC workspace for VisualPng - intel => Optimized code for INTEL-SSE2 platform - mips => Optimized code for MIPS platform - projects => Contains project files and workspaces for - building a DLL - owatcom => Contains a WATCOM project for building libpng - visualc71 => Contains a Microsoft Visual C++ (MSVC) - workspace for building libpng and zlib - vstudio => Contains a Microsoft Visual C++ (MSVC) - workspace for building libpng and zlib - scripts => Directory containing scripts for building libpng: - (see scripts/README.txt for the list of scripts) + ANNOUNCE => Announcement of this version, with recent changes + AUTHORS => List of contributing authors + CHANGES => Description of changes between libpng versions + INSTALL => Instructions to install libpng + LICENSE => License to use and redistribute libpng + README => This file + TODO => Things not implemented in the current library + TRADEMARK => Trademark information + example.c => Example code for using libpng functions + libpng.3 => Manual page for libpng (includes libpng-manual.txt) + libpng-manual.txt => Description of libpng and its functions + libpngpf.3 => Manual page for libpng's private functions (deprecated) + png.5 => Manual page for the PNG format + png.c => Basic interface functions common to library + png.h => Library function and interface declarations (public) + pngpriv.h => Library function and interface declarations (private) + pngconf.h => System specific library configuration (public) + pngstruct.h => png_struct declaration (private) + pnginfo.h => png_info struct declaration (private) + pngdebug.h => debugging macros (private) + pngerror.c => Error/warning message I/O functions + pngget.c => Functions for retrieving info from struct + pngmem.c => Memory handling functions + pngbar.png => PNG logo, 88x31 + pngnow.png => PNG logo, 98x31 + pngpread.c => Progressive reading functions + pngread.c => Read data/helper high-level functions + pngrio.c => Lowest-level data read I/O functions + pngrtran.c => Read data transformation functions + pngrutil.c => Read data utility functions + pngset.c => Functions for storing data into the info_struct + pngtest.c => Library test program + pngtest.png => Library test sample image + pngtrans.c => Common data transformation functions + pngwio.c => Lowest-level write I/O functions + pngwrite.c => High-level write functions + pngwtran.c => Write data transformations + pngwutil.c => Write utility functions + arm/ => Optimized code for the ARM platform + intel/ => Optimized code for the INTEL-SSE2 platform + mips/ => Optimized code for the MIPS platform + powerpc/ => Optimized code for the PowerPC platform + ci/ => Scripts for continuous integration + contrib/ => External contributions + arm-neon/ => Optimized code for the ARM-NEON platform + mips-msa/ => Optimized code for the MIPS-MSA platform + powerpc-vsx/ => Optimized code for the POWERPC-VSX platform + examples/ => Example programs + gregbook/ => Source code for PNG reading and writing, from + "PNG: The Definitive Guide" by Greg Roelofs, + O'Reilly, 1999 + libtests/ => Test programs + oss-fuzz/ => Files used by the OSS-Fuzz project for fuzz-testing + libpng + pngminim/ => Minimal decoder, encoder, and progressive decoder + programs demonstrating the use of pngusr.dfa + pngminus/ => Simple pnm2png and png2pnm programs + pngsuite/ => Test images + testpngs/ => Test images + tools/ => Various tools + visupng/ => VisualPng, a Windows viewer for PNG images + projects/ => Project files and workspaces for various IDEs + owatcom/ => OpenWatcom project + visualc71/ => Microsoft Visual C++ 7.1 workspace + vstudio/ => Microsoft Visual Studio workspace + scripts/ => Scripts and makefiles for building libpng + (see scripts/README.txt for the complete list) + tests/ => Test scripts Good luck, and happy coding! diff --git a/jdk/src/share/native/sun/awt/libpng/png.c b/jdk/src/share/native/sun/awt/libpng/png.c index ba608f128a..30181b6ff7 100644 --- a/jdk/src/share/native/sun/awt/libpng/png.c +++ b/jdk/src/share/native/sun/awt/libpng/png.c @@ -42,7 +42,7 @@ #include "pngpriv.h" /* Generate a compiler error if there is an old png.h in the search path. */ -typedef png_libpng_version_1_6_38 Your_png_h_is_not_version_1_6_38; +typedef png_libpng_version_1_6_39 Your_png_h_is_not_version_1_6_39; #ifdef __GNUC__ /* The version tests may need to be added to, but the problem warning has @@ -843,7 +843,7 @@ png_get_copyright(png_const_structrp png_ptr) return PNG_STRING_COPYRIGHT #else return PNG_STRING_NEWLINE \ - "libpng version 1.6.38" PNG_STRING_NEWLINE \ + "libpng version 1.6.39" PNG_STRING_NEWLINE \ "Copyright (c) 2018-2022 Cosmin Truta" PNG_STRING_NEWLINE \ "Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson" \ PNG_STRING_NEWLINE \ @@ -2738,7 +2738,7 @@ png_check_IHDR(png_const_structrp png_ptr, int /* PRIVATE */ png_check_fp_number(png_const_charp string, size_t size, int *statep, - png_size_tp whereami) + size_t *whereami) { int state = *statep; size_t i = *whereami; diff --git a/jdk/src/share/native/sun/awt/libpng/png.h b/jdk/src/share/native/sun/awt/libpng/png.h index aeff31573c..3d9fa03de6 100644 --- a/jdk/src/share/native/sun/awt/libpng/png.h +++ b/jdk/src/share/native/sun/awt/libpng/png.h @@ -29,7 +29,7 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * libpng version 1.6.38 - September 14, 2022 + * libpng version 1.6.39 - November 20, 2022 * * Copyright (c) 2018-2022 Cosmin Truta * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson @@ -43,7 +43,7 @@ * libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger * libpng versions 0.97, January 1998, through 1.6.35, July 2018: * Glenn Randers-Pehrson - * libpng versions 1.6.36, December 2018, through 1.6.38, September 2022: + * libpng versions 1.6.36, December 2018, through 1.6.39, November 2022: * Cosmin Truta * See also "Contributing Authors", below. */ @@ -267,7 +267,7 @@ * ... * 1.5.30 15 10530 15.so.15.30[.0] * ... - * 1.6.38 16 10638 16.so.16.38[.0] + * 1.6.39 16 10639 16.so.16.39[.0] * * Henceforth the source version will match the shared-library major and * minor numbers; the shared-library major version number will be used for @@ -306,8 +306,8 @@ */ /* Version information for png.h - this should match the version in png.c */ -#define PNG_LIBPNG_VER_STRING "1.6.38" -#define PNG_HEADER_VERSION_STRING " libpng version 1.6.38 - September 14, 2022\n" +#define PNG_LIBPNG_VER_STRING "1.6.39" +#define PNG_HEADER_VERSION_STRING " libpng version 1.6.39 - November 20, 2022\n" #define PNG_LIBPNG_VER_SONUM 16 #define PNG_LIBPNG_VER_DLLNUM 16 @@ -315,7 +315,7 @@ /* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */ #define PNG_LIBPNG_VER_MAJOR 1 #define PNG_LIBPNG_VER_MINOR 6 -#define PNG_LIBPNG_VER_RELEASE 38 +#define PNG_LIBPNG_VER_RELEASE 39 /* This should be zero for a public release, or non-zero for a * development version. [Deprecated] @@ -346,7 +346,7 @@ * From version 1.0.1 it is: * XXYYZZ, where XX=major, YY=minor, ZZ=release */ -#define PNG_LIBPNG_VER 10638 /* 1.6.38 */ +#define PNG_LIBPNG_VER 10639 /* 1.6.39 */ /* Library configuration: these options cannot be changed after * the library has been built. @@ -456,7 +456,7 @@ extern "C" { /* This triggers a compiler error in png.c, if png.c and png.h * do not agree upon the version number. */ -typedef char* png_libpng_version_1_6_38; +typedef char* png_libpng_version_1_6_39; /* Basic control structions. Read libpng-manual.txt or libpng.3 for more info. * diff --git a/jdk/src/share/native/sun/awt/libpng/pngconf.h b/jdk/src/share/native/sun/awt/libpng/pngconf.h index e95fa34ad7..d11e9ac346 100644 --- a/jdk/src/share/native/sun/awt/libpng/pngconf.h +++ b/jdk/src/share/native/sun/awt/libpng/pngconf.h @@ -29,7 +29,7 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * libpng version 1.6.38 + * libpng version 1.6.39 * * Copyright (c) 2018-2022 Cosmin Truta * Copyright (c) 1998-2002,2004,2006-2016,2018 Glenn Randers-Pehrson diff --git a/jdk/src/share/native/sun/awt/libpng/pnglibconf.h b/jdk/src/share/native/sun/awt/libpng/pnglibconf.h index b3dc39a45b..f6923c01e9 100644 --- a/jdk/src/share/native/sun/awt/libpng/pnglibconf.h +++ b/jdk/src/share/native/sun/awt/libpng/pnglibconf.h @@ -31,7 +31,7 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: */ -/* libpng version 1.6.38 */ +/* libpng version 1.6.39 */ /* Copyright (c) 2018-2022 Cosmin Truta */ /* Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson */ diff --git a/jdk/src/share/native/sun/awt/libpng/pngpriv.h b/jdk/src/share/native/sun/awt/libpng/pngpriv.h index ed44512ef2..ec47329806 100644 --- a/jdk/src/share/native/sun/awt/libpng/pngpriv.h +++ b/jdk/src/share/native/sun/awt/libpng/pngpriv.h @@ -1974,7 +1974,7 @@ PNG_INTERNAL_FUNCTION(void,png_ascii_from_fixed,(png_const_structrp png_ptr, * the problem character.) This has not been tested within libpng. */ PNG_INTERNAL_FUNCTION(int,png_check_fp_number,(png_const_charp string, - size_t size, int *statep, png_size_tp whereami),PNG_EMPTY); + size_t size, int *statep, size_t *whereami),PNG_EMPTY); /* This is the same but it checks a complete string and returns true * only if it just contains a floating point number. As of 1.5.4 this diff --git a/jdk/src/share/native/sun/awt/libpng/pngrutil.c b/jdk/src/share/native/sun/awt/libpng/pngrutil.c index d41a6d09b2..524297c5a1 100644 --- a/jdk/src/share/native/sun/awt/libpng/pngrutil.c +++ b/jdk/src/share/native/sun/awt/libpng/pngrutil.c @@ -3214,7 +3214,7 @@ png_check_chunk_length(png_const_structrp png_ptr, png_uint_32 length) { png_debug2(0," length = %lu, limit = %lu", (unsigned long)length,(unsigned long)limit); - png_chunk_error(png_ptr, "chunk data is too large"); + png_benign_error(png_ptr, "chunk data is too large"); } } diff --git a/langtools/THIRD_PARTY_README b/langtools/THIRD_PARTY_README index ae4f4d796b..f26a5f3ec5 100644 --- a/langtools/THIRD_PARTY_README +++ b/langtools/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.38, which may be +%% This notice is provided with respect to libpng 1.6.39, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1678,9 +1678,10 @@ Authors, for copyright and licensing purposes. * Arm Holdings - Richard Townsend * Google Inc. + - Dan Field + - Leon Scroggins III - Matt Sarett - Mike Klein - - Dan Field - Sami Boukortt The build projects, the build scripts, the test scripts, and other diff --git a/nashorn/THIRD_PARTY_README b/nashorn/THIRD_PARTY_README index ae4f4d796b..f26a5f3ec5 100644 --- a/nashorn/THIRD_PARTY_README +++ b/nashorn/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.38, which may be +%% This notice is provided with respect to libpng 1.6.39, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1678,9 +1678,10 @@ Authors, for copyright and licensing purposes. * Arm Holdings - Richard Townsend * Google Inc. + - Dan Field + - Leon Scroggins III - Matt Sarett - Mike Klein - - Dan Field - Sami Boukortt The build projects, the build scripts, the test scripts, and other