feat(cli): switch from cute_png to libpng

This addresses security vulnerabilities in the CLI.
libpng is designed to handle untrusted inputs.

.github/workflows/ci.yml

@@ -1,41 +1,29 @@
 name: CI
 on: [push, pull_request]
 jobs:
-  test-ubuntu:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-    - name: Install dependencies
-      run: |
-        sudo .github/workflows/install-deps.sh
-    - name: Test
-      run: |
-        gmake test
-
-  test-bsd:
+  bsd:
     runs-on: ${{ matrix.os.host }}
     strategy:
       matrix:
         os:
           - name: freebsd
             architecture: x86-64
-            version: '13.2'
+            version: '14.1'
             host: ubuntu-latest
           - name: netbsd
             architecture: x86-64
-            version: '9.3'
+            version: '10.0'
             host: ubuntu-latest
           - name: openbsd
             architecture: x86-64
-            version: '7.4'
+            version: '7.5'
             host: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
       - name: Run CI script on ${{ matrix.os.name }}
-        uses: cross-platform-actions/action@v0.24.0
+        uses: cross-platform-actions/action@v0.25.0
         with:
           operating_system: ${{ matrix.os.name }}
           architecture: ${{ matrix.os.architecture }}
@@ -47,3 +35,49 @@ jobs:
             # See https://github.com/cross-platform-actions/action/issues/75
             sudo .github/workflows/install-deps.sh
             gmake test
+
+  linux:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Install dependencies
+      run: |
+        sudo .github/workflows/install-deps.sh
+
+    - name: Test
+      run: |
+        gmake test
+
+  windows:
+    runs-on: windows-latest
+    steps:
+    - name: 'Disable `autocrlf` in Git'
+      run: git config --global core.autocrlf false
+
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Set up MSYS2
+      uses: msys2/setup-msys2@v2
+      with:
+        update: true
+        install: |
+          make
+          mingw-w64-i686-gcc
+          mingw-w64-i686-libpng
+          mingw-w64-i686-zlib
+          tcl
+
+    - name: Test
+      shell: msys2 {0}
+      run: |
+        make test
+
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: hicolor-win32
+        path: |
+          hicolor.exe

.github/workflows/install-deps.sh

@@ -2,19 +2,19 @@
 set -e
 
 if [ "$(uname)" = Linux ]; then
-    apt-get install -y graphicsmagick
+    apt-get install -y graphicsmagick pkg-config
 fi
 
 if [ "$(uname)" = FreeBSD ]; then
-    pkg install -y gmake GraphicsMagick tcl86
+    pkg install -y gmake GraphicsMagick png pkgconf tcl86
     ln -s /usr/local/bin/tclsh8.6 /usr/local/bin/tclsh
 fi
 
 if [ "$(uname)" = NetBSD ]; then
-    pkgin -y install gmake GraphicsMagick tcl
+        pkgin -y install gmake GraphicsMagick png pkg-config tcl zlib
 fi
 
 if [ "$(uname)" = OpenBSD ]; then
-    pkg_add -I gmake GraphicsMagick tcl%8.6
+    pkg_add -I gmake GraphicsMagick png pkgconfig tcl%8.6
     ln -s /usr/local/bin/tclsh8.6 /usr/local/bin/tclsh
 fi

GNUmakefile

@@ -1,13 +1,13 @@
-WIN32_CC ?= i686-w64-mingw32-gcc
-CFLAGS ?= -g -O3 -static -ffunction-sections -fdata-sections -Wl,--gc-sections -lm -Wall -Wextra
+LIBPNG ?= $(shell pkg-config --cflags libpng) $(shell pkg-config --libs libpng)
+ZLIB ?= $(shell pkg-config --cflags zlib) $(shell pkg-config --libs zlib)
+
+CFLAGS ?= -g -O3 -static -ffunction-sections -fdata-sections -Wl,--gc-sections -Wall -Wextra $(LIBPNG) $(ZLIB) -lm
 PREFIX ?= /usr/local
 
 all: hicolor
 
 hicolor: cli.c hicolor.h vendor/cute_png.h
 	$(CC) $< -o $@ $(CFLAGS)
-hicolor.exe: cli.c hicolor.h vendor/cute_png.h
-	$(WIN32_CC) $< -o $@ $(CFLAGS)
 clean: clean-no-ext clean-exe
 clean-no-ext:
 	-rm -f hicolor
@@ -21,11 +21,9 @@ install-include: hicolor.h
 	install -m 0644 $< $(DESTDIR)$(PREFIX)/include
 
 release: clean-no-ext test
-	cp hicolor hicolor-v"$$(./hicolor version)"-"$$(uname | tr 'A-Z' 'a-z')"-"$$(uname -m)"
+	cp hicolor hicolor-v"$$(./hicolor version | head -n 1 | awk '{ print $$2 }')"-"$$(uname | tr 'A-Z' 'a-z')"-"$$(uname -m)"
 
 test: all
 	tests/hicolor.test
-test-wine: hicolor.exe
-	HICOLOR_COMMAND='wine ../hicolor.exe' WINEDEBUG=-all tests/hicolor.test
 
-.PHONY: all clean install-bin install-include test test-wine
+.PHONY: all clean install-bin install-include test

README.md

@@ -49,11 +49,8 @@ It is known to work on Linux (aarch64, i386, riscv64, x86_64), FreeBSD, NetBSD,
 
 ### Security
 
-The command-line version of HiColor (but not the library) uses [cute_png](https://github.com/RandyGaul/cute_headers) to read PNG files.
-cute_png is intended for trusted input.
-This means that a maliciously-crafted PNG file could hack the HiColor CLI.
-To be safe, only feed HiColor PNG files you created yourself.
-Recompress PNG files from the Internet with a trusted program.
+The command-line version of HiColor (but not the library) used a vulnerable PNG reader only intended for trusted input.
+This was fixed in version 0.6.0.
 
 ### PNG file size
 
@@ -80,7 +77,7 @@ Use it to create high-color images readable by other programs.
 `info` displays information about a HiColor file: version (`5` for 15-bit or `6` for 16), width, and height.
 
 ```none
-HiColor 0.5.0
+HiColor 0.6.0
 Create 15/16-bit color RGB images.
 
 usage:
@@ -94,7 +91,7 @@ commands:
   decode           convert HiColor to PNG
   quantize         quantize PNG to PNG
   info             print HiColor image version and resolution
-  version          print program version
+  version          print version of HiColor, libpng, and zlib
   help             print this help message
 
 options:
@@ -114,16 +111,14 @@ sudo apt install -y build-essential graphicsmagick tclsh
 gmake test
 ```
 
-### Cross-compiling for Windows
+### Windows
 
-The following commands build a 32-bit executable for Windows.
+Install [MSYS2](https://www.msys2.org/),
+then run the following commands to build an x86 executable for Windows.
 
 ```sh
-sudo apt install -y build-essential gcc-mingw-w64-i686
-gmake hicolor.exe
-# Wine, Tcl, and GraphicsMagick are needed only for testing.
-sudo apt install -y graphicsmagick tclsh wine
-gmake test-wine
+pacman -Syu make mingw-w64-i686-gcc mingw-w64-i686-libpng mingw-w64-i686-zlib tcl
+gmake test
 ```
 
 ## Alternatives
@@ -142,7 +137,7 @@ What differentiates HiColor is being a small dedicated tool and embeddable C lib
 
 MIT.
 
-[cute_png](https://github.com/RandyGaul/cute_headers/) is copyright (c) 2019, 2021-2023 Randy Gaul and is licensed under the zlib license.
+HiColor uses [libpng](http://www.libpng.org/pub/png/libpng.html) and [zlib](https://www.zlib.net/).
 
 ### Photos from Unsplash