diff -ru4N libpng-1.2.22/Makefile.am libpng-1.2.23beta04/Makefile.am
--- libpng-1.2.22/Makefile.am	2007-10-15 10:31:07.971675000 -0500
+++ libpng-1.2.23beta04/Makefile.am	2007-10-23 10:54:12.006179000 -0500
@@ -57,8 +57,11 @@
   libpng12_la_DEPENDENCIES = libpng.sym
 endif
 libpng_la_DEPENDENCIES = $(libpng12_la_DEPENDENCIES)
 
+# Avoid depending upon Character Ranges.
+AN = '_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
+
 #distribute headers in /usr/include/libpng/*
 pkgincludedir= $(includedir)/$(PNGLIB_BASENAME)
 pkginclude_HEADERS= png.h pngconf.h
 
@@ -96,10 +99,11 @@
 
 libpng.sym: png.h pngconf.h
 	rm -f $@ $@.new
 	$(CPP) @LIBPNG_DEFINES@ $(CPPFLAGS) -DPNG_BUILDSYMS $(srcdir)/png.h | \
-		$(SED) -n -e 's|^.*PNG_FUNCTION_EXPORT[ 	]*\([a-zA-Z0-9_]*\).*$$|\1|p' \
-			-e 's|^.*PNG_DATA_EXPORT[ 	]*\([a-zA-Z0-9_]*\).*$$|\1|p' \
+		$(SED) -n -e \
+                's|^.*PNG_FUNCTION_EXPORT[ 	]*\([$(AN)]*\).*$$|\1|p' \
+		-e 's|^.*PNG_DATA_EXPORT[ 	]*\([$(AN)]*\).*$$|\1|p' \
 			>$@.new
 	mv $@.new $@
 
 libpng.vers: libpng.sym
diff -ru4N libpng-1.2.22/Makefile.in libpng-1.2.23beta04/Makefile.in
--- libpng-1.2.22/Makefile.in	2007-10-15 10:31:08.009816000 -0500
+++ libpng-1.2.23beta04/Makefile.in	2007-10-23 10:54:12.070728000 -0500
@@ -141,8 +141,11 @@
 GZIP_ENV = --best
 distuninstallcheck_listfiles = find . -type f -print
 distcleancheck_listfiles = find . -type f -print
 
+# Avoid depending upon Character Ranges.
+AN = '_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
+
 #distribute headers in /usr/include/libpng/*
 pkgincludedir = $(includedir)/$(PNGLIB_BASENAME)
 ACLOCAL = @ACLOCAL@
 AMDEP_FALSE = @AMDEP_FALSE@
@@ -1229,10 +1232,11 @@
 
 libpng.sym: png.h pngconf.h
 	rm -f $@ $@.new
 	$(CPP) @LIBPNG_DEFINES@ $(CPPFLAGS) -DPNG_BUILDSYMS $(srcdir)/png.h | \
-		$(SED) -n -e 's|^.*PNG_FUNCTION_EXPORT[ 	]*\([a-zA-Z0-9_]*\).*$$|\1|p' \
-			-e 's|^.*PNG_DATA_EXPORT[ 	]*\([a-zA-Z0-9_]*\).*$$|\1|p' \
+		$(SED) -n -e \
+                's|^.*PNG_FUNCTION_EXPORT[ 	]*\([$(AN)]*\).*$$|\1|p' \
+		-e 's|^.*PNG_DATA_EXPORT[ 	]*\([$(AN)]*\).*$$|\1|p' \
 			>$@.new
 	mv $@.new $@
 
 libpng.vers: libpng.sym
diff -ru4N libpng-1.2.22/png.h libpng-1.2.23beta04/png.h
--- libpng-1.2.22/png.h	2007-10-13 12:07:26.084752000 -0500
+++ libpng-1.2.23beta04/png.h	2007-10-23 10:53:52.757195000 -0500
@@ -168,8 +168,9 @@
  *    1.0.30rc1               10    10030  10.so.0.30[.0]
  *    1.2.22rc1               13    10222  12.so.0.22[.0]
  *    1.0.30                  10    10030  10.so.0.30[.0]
  *    1.2.22                  13    10222  12.so.0.22[.0]
+ *    1.2.23beta01-04         13    10223  12.so.0.23[.0]
  *
  *    Henceforth the source version will match the shared-library major
  *    and minor numbers; the shared-library major version number will be
  *    used for changes in backward compatibility, as it is intended.  The
@@ -650,11 +651,12 @@
  * no specific support.  The idea is that we can use this to queue
  * up private chunks for output even though the library doesn't actually
  * know about their semantics.
  */
+#define PNG_CHUNK_NAME_LENGTH 5
 typedef struct png_unknown_chunk_t
 {
-    png_byte name[5];
+    png_byte name[PNG_CHUNK_NAME_LENGTH];
     png_byte *data;
     png_size_t size;
 
     /* libpng-using applications should NOT directly modify this byte. */
diff -ru4N libpng-1.2.22/pngconf.h libpng-1.2.23beta04/pngconf.h
--- libpng-1.2.22/pngconf.h	2007-10-13 12:07:26.164803000 -0500
+++ libpng-1.2.23beta04/pngconf.h	2007-10-23 10:53:52.836179000 -0500
@@ -1429,10 +1429,8 @@
 #  define NOCHECK 0
 #  define CVT_PTR(ptr) (png_far_to_near(png_ptr,ptr,CHECK))
 #  define CVT_PTR_NOCHECK(ptr) (png_far_to_near(png_ptr,ptr,NOCHECK))
 #  define png_snprintf _fsnprintf   /* Added to v 1.2.19 */
-#  define png_strcpy  _fstrcpy
-#  define png_strncpy _fstrncpy   /* Added to v 1.2.6 */
 #  define png_strlen  _fstrlen
 #  define png_memcmp  _fmemcmp    /* SJT: added */
 #  define png_memcpy  _fmemcpy
 #  define png_memset  _fmemset
@@ -1459,10 +1457,8 @@
 #    define png_snprintf2(s1,n,fmt,x1,x2) sprintf(s1,fmt,x1,x2)
 #    define png_snprintf6(s1,n,fmt,x1,x2,x3,x4,x5,x6) \
         sprintf(s1,fmt,x1,x2,x3,x4,x5,x6)
 #  endif
-#  define png_strcpy  strcpy
-#  define png_strncpy strncpy     /* Added to v 1.2.6 */
 #  define png_strlen  strlen
 #  define png_memcmp  memcmp      /* SJT: added */
 #  define png_memcpy  memcpy
 #  define png_memset  memset
diff -ru4N libpng-1.2.22/pngerror.c libpng-1.2.23beta04/pngerror.c
--- libpng-1.2.22/pngerror.c	2007-10-13 12:07:26.270691000 -0500
+++ libpng-1.2.23beta04/pngerror.c	2007-10-23 10:53:52.960461000 -0500
@@ -135,8 +135,10 @@
    '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
    'A', 'B', 'C', 'D', 'E', 'F'
 };
 
+#define PNG_MAX_ERROR_TEXT 64
+
 #if !defined(PNG_NO_WARNINGS) || !defined(PNG_NO_ERROR_TEXT)
 static void /* PRIVATE */
 png_format_buffer(png_structp png_ptr, png_charp buffer, png_const_charp
    error_message)
@@ -164,18 +166,18 @@
    else
    {
       buffer[iout++] = ':';
       buffer[iout++] = ' ';
-      png_strncpy(buffer+iout, error_message, 63);
-      buffer[iout+63] = '\0';
+      png_memcpy(buffer+iout, error_message, PNG_MAX_ERROR_TEXT);
+      buffer[iout+PNG_MAX_ERROR_TEXT-1] = '\0';
    }
 }
 
 #ifdef PNG_READ_SUPPORTED
 void PNGAPI
 png_chunk_error(png_structp png_ptr, png_const_charp error_message)
 {
-   char msg[18+64];
+   char msg[18+PNG_MAX_ERROR_TEXT];
    if (png_ptr == NULL)
      png_error(png_ptr, error_message);
    else
    {
@@ -189,9 +191,9 @@
 #ifndef PNG_NO_WARNINGS
 void PNGAPI
 png_chunk_warning(png_structp png_ptr, png_const_charp warning_message)
 {
-   char msg[18+64];
+   char msg[18+PNG_MAX_ERROR_TEXT];
    if (png_ptr == NULL)
      png_warning(png_ptr, warning_message);
    else
    {
diff -ru4N libpng-1.2.22/pngpread.c libpng-1.2.23beta04/pngpread.c
--- libpng-1.2.22/pngpread.c	2007-10-13 12:07:26.427022000 -0500
+++ libpng-1.2.23beta04/pngpread.c	2007-10-23 10:53:53.103695000 -0500
@@ -1489,11 +1489,13 @@
           skip = length - (png_uint_32)65535L;
           length = (png_uint_32)65535L;
       }
 #endif
-      png_strncpy((png_charp)png_ptr->unknown_chunk.name,
-	 (png_charp)png_ptr->chunk_name, 4);
-      png_ptr->unknown_chunk.name[4] = '\0';
+      png_memcpy((png_charp)png_ptr->unknown_chunk.name,
+                 (png_charp)png_ptr->chunk_name, 
+                 png_sizeof(png_ptr->unknown_chunk.name));
+      png_ptr->unknown_chunk.name[png_sizeof(png_ptr->unknown_chunk.name)-1]='\0';
+
       png_ptr->unknown_chunk.data = (png_bytep)png_malloc(png_ptr, length);
       png_ptr->unknown_chunk.size = (png_size_t)length;
       png_crc_read(png_ptr, (png_bytep)png_ptr->unknown_chunk.data, length);
 #if defined(PNG_READ_USER_CHUNKS_SUPPORTED)
diff -ru4N libpng-1.2.22/pngrutil.c libpng-1.2.23beta04/pngrutil.c
--- libpng-1.2.22/pngrutil.c	2007-10-13 12:07:26.804750000 -0500
+++ libpng-1.2.23beta04/pngrutil.c	2007-10-23 10:53:53.456177000 -0500
@@ -2222,11 +2222,12 @@
            skip = length - (png_uint_32)65535L;
            length = (png_uint_32)65535L;
        }
 #endif
-       png_strncpy((png_charp)png_ptr->unknown_chunk.name,
-	 (png_charp)png_ptr->chunk_name, 4);
-       png_ptr->unknown_chunk.name[4] = '\0';
+       png_memcpy((png_charp)png_ptr->unknown_chunk.name,
+                  (png_charp)png_ptr->chunk_name, 
+                  png_sizeof(png_ptr->unknown_chunk.name));
+       png_ptr->unknown_chunk.name[png_sizeof(png_ptr->unknown_chunk.name)-1] = '\0';
        png_ptr->unknown_chunk.data = (png_bytep)png_malloc(png_ptr, length);
        png_ptr->unknown_chunk.size = (png_size_t)length;
        png_crc_read(png_ptr, (png_bytep)png_ptr->unknown_chunk.data, length);
 #if defined(PNG_READ_USER_CHUNKS_SUPPORTED)
diff -ru4N libpng-1.2.22/pngset.c libpng-1.2.23beta04/pngset.c
--- libpng-1.2.22/pngset.c	2007-10-13 12:07:26.873243000 -0500
+++ libpng-1.2.23beta04/pngset.c	2007-10-23 10:53:53.515339000 -0500
@@ -40,9 +40,15 @@
 {
    png_debug1(1, "in %s storage function\n", "cHRM");
    if (png_ptr == NULL || info_ptr == NULL)
       return;
-
+   if (!(white_x || white_y || red_x || red_y || green_x || green_y ||
+       blue_x || blue_y))
+   {
+      png_warning(png_ptr,
+        "Ignoring attempt to set all-zero chromaticity values");
+      return;
+   }
    if (white_x < 0.0 || white_y < 0.0 ||
          red_x < 0.0 ||   red_y < 0.0 ||
        green_x < 0.0 || green_y < 0.0 ||
         blue_x < 0.0 ||  blue_y < 0.0)
@@ -92,8 +98,15 @@
    png_debug1(1, "in %s storage function\n", "cHRM");
    if (png_ptr == NULL || info_ptr == NULL)
       return;
 
+   if (!(white_x || white_y || red_x || red_y || green_x || green_y ||
+       blue_x || blue_y))
+   {
+      png_warning(png_ptr,
+        "Ignoring attempt to set all-zero chromaticity values");
+      return;
+   }
    if (white_x < 0 || white_y < 0 ||
          red_x < 0 ||   red_y < 0 ||
        green_x < 0 || green_y < 0 ||
         blue_x < 0 ||  blue_y < 0)
@@ -678,21 +691,22 @@
              png_charp profile, png_uint_32 proflen)
 {
    png_charp new_iccp_name;
    png_charp new_iccp_profile;
+   png_uint_32 length;
 
    png_debug1(1, "in %s storage function\n", "iCCP");
    if (png_ptr == NULL || info_ptr == NULL || name == NULL || profile == NULL)
       return;
 
-   new_iccp_name = (png_charp)png_malloc_warn(png_ptr, png_strlen(name)+1);
+   length = png_strlen(name)+1;
+   new_iccp_name = (png_charp)png_malloc_warn(png_ptr, length);
    if (new_iccp_name == NULL)
    {
       png_warning(png_ptr, "Insufficient memory to process iCCP chunk.");
       return;
    }
-   png_strncpy(new_iccp_name, name, png_strlen(name));
-   new_iccp_name[png_strlen(name)] = '\0';
+   png_memcpy(new_iccp_name, name, length);
    new_iccp_profile = (png_charp)png_malloc_warn(png_ptr, proflen);
    if (new_iccp_profile == NULL)
    {
       png_free (png_ptr, new_iccp_name);
@@ -971,19 +985,19 @@
     for (i = 0; i < nentries; i++)
     {
         png_sPLT_tp to = np + info_ptr->splt_palettes_num + i;
         png_sPLT_tp from = entries + i;
+        png_uint_32 length;
 
-        to->name = (png_charp)png_malloc_warn(png_ptr,
-          png_strlen(from->name) + 1);
+        length = png_strlen(from->name) + 1;
+        to->name = (png_charp)png_malloc_warn(png_ptr, length);
         if (to->name == NULL)
         {
            png_warning(png_ptr,
              "Out of memory while processing sPLT chunk");
         }
         /* TODO: use png_malloc_warn */
-        png_strncpy(to->name, from->name, png_strlen(from->name));
-        to->name[png_strlen(from->name)] = '\0';
+        png_memcpy(to->name, from->name, length);
         to->entries = (png_sPLT_entryp)png_malloc_warn(png_ptr,
             from->nentries * png_sizeof(png_sPLT_entry));
         /* TODO: use png_malloc_warn */
         png_memcpy(to->entries, from->entries,
@@ -1038,10 +1052,13 @@
     {
         png_unknown_chunkp to = np + info_ptr->unknown_chunks_num + i;
         png_unknown_chunkp from = unknowns + i;
 
-        png_strncpy((png_charp)to->name, (png_charp)from->name, 4);
-        to->name[4] = '\0';
+        png_memcpy((png_charp)to->name, 
+                   (png_charp)from->name, 
+                   png_sizeof(from->name));
+        to->name[png_sizeof(to->name)-1] = '\0';
+
         to->data = (png_bytep)png_malloc_warn(png_ptr, from->size);
         if (to->data == NULL)
         {
            png_warning(png_ptr,
diff -ru4N libpng-1.2.22/pngtest.c libpng-1.2.23beta04/pngtest.c
--- libpng-1.2.22/pngtest.c	2007-10-13 12:07:26.940163000 -0500
+++ libpng-1.2.23beta04/pngtest.c	2007-10-23 10:53:53.574087000 -0500
@@ -81,10 +81,11 @@
 #include <time.h>
 #endif
 
 #if defined(PNG_TIME_RFC1123_SUPPORTED)
+#define PNG_tIME_STRING_LENGTH 30
 static int tIME_chunk_present=0;
-static char tIME_string[30] = "no tIME chunk present in file";
+static char tIME_string[PNG_tIME_STRING_LENGTH] = "no tIME chunk present in file";
 #endif
 
 static int verbose = 0;
 
@@ -1001,14 +1002,15 @@
       if (png_get_tIME(read_ptr, read_info_ptr, &mod_time))
       {
          png_set_tIME(write_ptr, write_info_ptr, mod_time);
 #if defined(PNG_TIME_RFC1123_SUPPORTED)
-         /* we have to use png_strncpy instead of "=" because the string
+         /* we have to use png_memcpy instead of "=" because the string
             pointed to by png_convert_to_rfc1123() gets free'ed before
             we use it */
-         png_strncpy(tIME_string,png_convert_to_rfc1123(read_ptr,
-            mod_time),29);
-         tIME_string[29] = '\0';
+         png_memcpy(tIME_string,
+                    png_convert_to_rfc1123(read_ptr, mod_time), 
+                    png_sizeof(tIME_string));
+         tIME_string[png_sizeof(tIME_string)-1] = '\0';
          tIME_chunk_present++;
 #endif /* PNG_TIME_RFC1123_SUPPORTED */
       }
    }
@@ -1143,14 +1145,15 @@
       if (png_get_tIME(read_ptr, end_info_ptr, &mod_time))
       {
          png_set_tIME(write_ptr, write_end_info_ptr, mod_time);
 #if defined(PNG_TIME_RFC1123_SUPPORTED)
-         /* we have to use png_strncpy instead of "=" because the string
+         /* we have to use png_memcpy instead of "=" because the string
             pointed to by png_convert_to_rfc1123() gets free'ed before
             we use it */
-         png_strncpy(tIME_string,png_convert_to_rfc1123(read_ptr,
-            mod_time),29);
-         tIME_string[29] = '\0';
+         png_memcpy(tIME_string,
+                    png_convert_to_rfc1123(read_ptr, mod_time),
+                    png_sizeof(tIME_string));
+         tIME_string[png_sizeof(tIME_string)-1] = '\0';
          tIME_chunk_present++;
 #endif /* PNG_TIME_RFC1123_SUPPORTED */
       }
    }