1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
##############################################################################
# Copyright (c) 2013-2016, Lawrence Livermore National Security, LLC.
# Produced at the Lawrence Livermore National Laboratory.
#
# This file is part of Spack.
# Created by Todd Gamblin, tgamblin@llnl.gov, All rights reserved.
# LLNL-CODE-647188
#
# For details, see https://github.com/llnl/spack
# Please also see the LICENSE file for our notice and the LGPL.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License (as
# published by the Free Software Foundation) version 2.1, February 1999.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the IMPLIED WARRANTY OF
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the terms and
# conditions of the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
##############################################################################
from spack import *
class Libpng(AutotoolsPackage):
"""libpng is the official PNG reference library."""
homepage = "http://www.libpng.org/pub/png/libpng.html"
url = "http://download.sourceforge.net/libpng/libpng-1.6.29.tar.gz"
version('1.6.29', '68553080685f812d1dd7a6b8215c37d8')
version('1.6.27', '58698519e9f6126c1caeefc28dbcbd5f')
# From http://www.libpng.org/pub/png/libpng.html (2017-01-04)
# Virtually all libpng versions through 1.6.26, 1.5.27,
# 1.4.19, 1.2.56, and 1.0.66, respectively, have a
# null-pointer-dereference bug in png_set_text_2() when an
# image-editing application adds, removes, and re-adds text
# chunks to a PNG image. (This bug does not affect pure
# viewers, nor are there any known editors that could trigger
# it without interactive user input. It has been assigned ID
# CVE-2016-10087.) The vulnerability is fixed in versions
# 1.6.27, 1.5.28, 1.4.20, 1.2.57, and 1.0.67, released on 29
# December 2016.
# Required for qt@3
version('1.2.57', 'dfcda3603e29dcc11870c48f838ef75b')
depends_on('zlib@1.0.4:') # 1.2.5 or later recommended
|