Libpng 1.6.32beta09 - August 3, 2017

This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version.

Files available for download:

Source files with LF line endings (for Unix/Linux) and with a
"configure" script

   1.6.32beta09.tar.xz (LZMA-compressed, recommended)
   1.6.32beta09.tar.gz

Source files with CRLF line endings (for Windows), without the
"configure" script

   lp1632b09.7z  (LZMA-compressed, recommended)
   lp1632b09.zip

Other information:

   1.6.32beta09-README.txt
   1.6.32beta09-LICENSE.txt
   libpng-1.6.32beta09-*.asc (armored detached GPG signatures)

Changes since the last public release (1.6.31):

Version 1.6.32beta01 [July 31, 2017]
  Avoid possible NULL dereference in png_handle_eXIf when benign_errors
    are allowed. Avoid leaking the input buffer "eXIf_buf".
  Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif
    to arguments for png_get_eXIf() and png_set_eXIf().
  Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in
    pngwrite.c, and made various other fixes to png_write_eXIf().
  Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and
    png_set_eXIf_1(), respectively, to avoid breaking API compatibility
    with libpng-1.6.31.

Version 1.6.32beta02 [August 1, 2017]
  Updated contrib/libtests/pngunknown.c with eXIf chunk.

Version 1.6.32beta03 [August 2, 2017]
  Initialized btoa[] in pngstest.c
  Stop memory leak when returning from png_handle_eXIf() with an error
    (Bug report from the OSS-fuzz project).

Version 1.6.32beta04 [August 2, 2017]
  Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
  Update libpng.3 and libpng-manual.txt about eXIf functions.

Version 1.6.32beta05 [August 2, 2017]
  Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability.

Version 1.6.32beta06 [August 2, 2017]
  Removed png_get_eXIf_1() and png_set_eXIf_1().

Version 1.6.32beta07 [August 3, 2017]
  Check length of all chunks except IDAT against user limit to fix an
    OSS-fuzz issue.

Version 1.6.32beta08 [August 3, 2017]
  Check length of IDAT against maximum possible IDAT size, accounting
    for height, rowbytes, interlacing and zlib/deflate overhead.
  Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf)
    does not work (the eXIf chunk data can contain zeroes).

Version 1.6.32beta09 [August 3, 2017]
  Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation,
    no longer using deprecated cmake LOCATION feature (Clifford Yapp).
  Fixed five-byte error in the calculation of IDAT maximum possible size.
  
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
to subscribe)
or to glennrp at users.sourceforge.net

Glenn R-P