![[PNG icon]](img_png/pnglogo-blk-tiny.png)
News and History of the PNG Development Group from 2007
Herein lie news items and historical stuff primarily of interest to the
Portable Network Graphics Development Group itself. Feel free to poke
around even if you're not a member, though. Note that some of the links,
particularly the older ones, are broken; in some cases this is explained by
later entries. Other links (CompuServe, tcg.arl.mil) have fallen prey to
reorganizations or upgrades; should they ever reappear, the entries below
will be updated as needed.
Keep in mind that this is history here...
- current - see here
- 14 December 2007 - libpng 1.2.24 is
released. Its changes consist only of minor code cleanups.
- 9 November 2007 - libpng 1.2.23 is
released. Its changes consist only of minor code cleanups, including
a fix for the MSVC project files and improved detection of invalid
chromaticity (cHRM) chunks.
- 13 October 2007 - libpng 1.2.22 is
released. It fixes the aforementioned iCCP
crash bug
(CVE-2007-5267), as well as a related
bug in the unknown-chunk handler.
- 4 October 2007 - libpng 1.2.21 is
released. It fixes several bugs reported by George Cook, Jeff Phillips,
and Tavis Ormandy, including some crash
bugs
(CVE-2007-5266,
CVE-2007-5268,
CVE-2007-5269) that can be triggered
by visiting a malicious web site. (There is one crash-bug in the iCCP
handler remaining to be fixed in 1.2.22, however. :-( )
- 8 September 2007 - libpng 1.2.20 is
released. It eliminates the MMX assembly code (sigh) due to ongoing
portability/support issues, an unclear license, and minimal performance
improvement in the vast majority of cases. It also fixes some minor
build bugs.
- 18 August 2007 - libpng 1.2.19 is
released (ditto the obsolescent 1.0.27). It includes a number of
minor bug-fixes, as well as a major update to the GCC MMX assembly
code to support support the x86-64 architecture (AMD64 and Intel64
chips), improve thread-safety, etc. (Greg's demo code for PNG: The Definitive Guide, included in libpng's
contrib/gregbook subdirectory, is also updated.)
- 15 May 2007 - libpng 1.2.18 is
released (as is the obsolescent 1.0.26) just a few hours after 1.2.17.
Both fix a crash bug that can occur
when decoding palette images (not grayscale as claimed in the
original advisory) containing a malformed (bad-CRC) tRNS chunk; the
earlier release also included a buggy change to the configure script,
reverted in the later release. As with the previous security bug
(16 November 2006), this is normally quite rare ("in
nature") but might be expected to become more common as part of a
specific kind of remote attack (i.e., visit a bad site, watch browser
crash). Associated tracking identifiers are VU#684664 (CERT) and
CVE-2007-2445 (MITRE).
- 20 April 2007 - A vote on whether to officially register new
chunk types for the proposed APNG extension failed. MNG remains the sole official
PNG-derived animation standard.
- 31 March 2007 - Andy King of WebSiteOptimization.com publishes
a nice article, "Replace GIF with
PNG Images," covering compression, features, browser support, etc.
(Did we mention that PNG rules for bar charts?)
- 31 January 2007 - libpng 1.2.16 is
released (as is 1.0.24 on the old branch). Only CMakeLists.txt
and makefile.nommx are updated.
- 5 January 2007 - libpng 1.2.15 is
released (as is 1.0.23 on the old branch). It adds CMAKE support and
cleans up (or attempts to... ;-) ) the MMX support.
Here are some related PNG pages at this site:
![[primary site hosted by SourceForge]](http://sflogo.sourceforge.net/sflogo.php?group_id=32355&type=9)
Last modified 27 January 2013.
Copyright © 1995-2013 Greg Roelofs.
![[PNG icon]](img_png/png-tiny.png){kind=small}
Current News of the PNG Development Group