Fedora 8 Update: optipng-0.6.2-1.fc8
Posted by Benjamin D. Thomas   
Fedora The main reason for this update is a buffer overflow that is removed in this version, that could be triggered by processing specially crafted bitmap images (*.bmp).
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-9639
2008-11-13 02:41:03.571449
--------------------------------------------------------------------------------

Name        : optipng
Product     : Fedora 8
Version     : 0.6.2
Release     : 1.fc8
URL         : http://optipng.sourceforge.net/
Summary     : PNG optimizer and converter
Description :
OptiPNG is a PNG optimizer that recompresses image files to a smaller size,
without losing any information. This program also converts external formats
(BMP, GIF, PNM and TIFF) to optimized PNG, and performs PNG integrity checks
and corrections.

--------------------------------------------------------------------------------
Update Information:

The main reason for this update is a buffer overflow that is removed in this
version, that could be triggered by processing specially crafted bitmap images
(*.bmp).    Aggregated upstream changelog:  ==============================    ++
Put back a speed optimization, accidentally removed in version 0.6, allowing
singleton trials (-o1) to be bypassed in certain conditions.  !! Fixed an array
overflow in the BMP reader.  !! Fixed the loss of private chunks under the -snip
option.  + Produced a more concise on-screen output in the non-verbose mode.
(Thanks to Vincent Lefevre for the suggestion.)  * Added a programming interface
to the optimization engine, in order to facilitate the development of PNG-
optimizing GUI apps and plugins.  ! Fixed processing when image reduction yields
an output larger than the original. (Thanks to Michael Krishtopa for the
report.)  ! Fixed behavior of -preserve. (Thanks to Bill Koch for the report.)
- Removed displaying of partial progress when abandoning IDATs under the -v
option. The percentages displayed were not very accurate.  ++ Implemented
grayscale(alpha)-to-palette reductions.  ++ Improved conversion of bKGD info
during RGB-to-palette reductions. (Thanks to Matthew Fearnley for the
contribution.)  !! Fixed conversion of bKGD and tRNS during 16-to-8-bit
reductions. (Thanks to Matthew Fearnley for the report.)  + Added support for
compressed BMP (incl. PNG-compressed BMP, you bet!)  + Improved the speed of
reading raw PNM files.  + Recognized PNG digital signatures (dSIG) and disabled
optimization in their presence, to preserve their integrity.  + Allowed the user
to enforce the optimization of dSIG'ed files.  + Recognized APNG animation files
and disabled reductions to preserve their integrity.  + Added the -snip option,
to allow the user to "snip" one image out of a multi-image file, such as
animated GIF, multi-page TIFF, or APNG. (Thanks to [LaughingMan] for the
suggestion.)  + Improved recovery of PNG files with incomplete IDAT.  ! Fixed
behavior of -out and -dir when the input is already optimized. (Thanks to
Christian Davideck for the report.)  * Provided more detailed image information
at the start of processing.  * Provided a more detailed summary at the end of
processing, under the presence of the -v option and/or the occurence of
exceptional events.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 12 2008 Till Maas  - 0.6.2-1
- Update to new release to fix buffer overflow
- Red Hat Bugzilla #471206
* Thu Aug 28 2008 Ville Skyttä  - 0.6.1-1
- 0.6.1.
* Thu Feb 14 2008 Ville Skyttä  - 0.5.5-4
- Apply sf.net patch #1790969 to fix crash with -log.
- Cosmetic specfile changes.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #471206 - OptiPNG: Buffer overflow in BMP image handling reader
        https://bugzilla.redhat.com/show_bug.cgi?id=471206
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update optipng' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce