hlrs-software-stack/spack
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add libpng 1.6.37 (#13153)

Browse source
This commit is contained in:
Adam J. Stewart 2019-10-13 19:51:04 -05:00 committed by GitHub
parent b3fcfc1cb2
commit 518a7c5bb9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
var/spack/repos/builtin/packages/libpng/package.py
View file

@ -10,25 +10,16 @@ class Libpng(AutotoolsPackage):
"""libpng is the official PNG reference library.""" """libpng is the official PNG reference library."""
homepage = "http://www.libpng.org/pub/png/libpng.html" homepage = "http://www.libpng.org/pub/png/libpng.html"
url = "http://download.sourceforge.net/libpng/libpng-1.6.34.tar.gz" url = "http://download.sourceforge.net/libpng/libpng-1.6.37.tar.gz"
list_url = "https://sourceforge.net/projects/libpng/files/" list_url = "https://sourceforge.net/projects/libpng/files/"
list_depth = 2 list_depth = 2
version('1.6.34', sha256='574623a4901a9969080ab4a2df9437026c8a87150dfd5c235e28c94b212964a7') version('1.6.37', sha256='daeb2620d829575513e35fecc83f0d3791a620b9b93d800b763542ece9390fb4')
version('1.6.29', sha256='e30bf36cd5882e017c23a5c6a79a9aa1a744dd5841bb45ff7035ec6e3b3096b8') # From http://www.libpng.org/pub/png/libpng.html (2019-04-15)
version('1.6.28', sha256='b6cec903e74e9fdd7b5bbcde0ab2415dd12f2f9e84d9e4d9ddd2ba26a41623b2') # libpng versions 1.6.36 and earlier have a use-after-free bug in the
version('1.6.27', sha256='c9d164ec247f426a525a7b89936694aefbc91fb7a50182b198898b8fc91174b4') # simplified libpng API png_image_free(). It has been assigned ID
# From http://www.libpng.org/pub/png/libpng.html (2017-01-04) # CVE-2019-7317. The vulnerability is fixed in version 1.6.37,
# Virtually all libpng versions through 1.6.26, 1.5.27, # released on 15 April 2019.
# 1.4.19, 1.2.56, and 1.0.66, respectively, have a
# null-pointer-dereference bug in png_set_text_2() when an
# image-editing application adds, removes, and re-adds text
# chunks to a PNG image. (This bug does not affect pure
# viewers, nor are there any known editors that could trigger
# it without interactive user input. It has been assigned ID
# CVE-2016-10087.) The vulnerability is fixed in versions
# 1.6.27, 1.5.28, 1.4.20, 1.2.57, and 1.0.67, released on 29
# December 2016.
# Required for qt@3 # Required for qt@3
version('1.2.57', sha256='09ec37869fc5b130f5eb06ffb9bf949796e8d2d78e0788f78ab1c78624c6e9da') version('1.2.57', sha256='09ec37869fc5b130f5eb06ffb9bf949796e8d2d78e0788f78ab1c78624c6e9da')