From 77b798ce8e8616e8cb0e82a22ad9eb4f69eb271f Mon Sep 17 00:00:00 2001 From: scroggo Date: Fri, 19 Feb 2016 06:33:07 -0800 Subject: Update the version of libpng used by Skia tests The version of libpng we were using has some security vulnerabilities. Update to a newer version - 1.6.20 (http://sourceforge.net/p/libpng/code/ci/047737496a77eeb97f9991919dac08ca3c149711/). Update pnglibconf.h. The new version is a copy of the newer version of the file, with our /* custom settings */ tacked onto the end. (The custom settings are unchanged from the last version.) Update the LICENSE. The new version is a copy of the LICENSE that libpng now includes as a separate file. Update the README file to reflect the change in source of the LICENSE file. BUG=skia:4573 GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1453373003 Review URL: https://codereview.chromium.org/1453373003 --- third_party/libpng/LICENSE | 284 +++++++++++++++------------------------ third_party/libpng/README.google | 6 +- third_party/libpng/pnglibconf.h | 20 +-- 3 files changed, 128 insertions(+), 182 deletions(-) (limited to 'third_party/libpng') diff --git a/third_party/libpng/LICENSE b/third_party/libpng/LICENSE index ce2f3c8569..11f6ffe5db 100644 --- a/third_party/libpng/LICENSE +++ b/third_party/libpng/LICENSE @@ -1,172 +1,112 @@ -/* - * COPYRIGHT NOTICE, DISCLAIMER, and LICENSE: - * - * If you modify libpng you may insert additional notices immediately following - * this sentence. - * - * This code is released under the libpng license. - * - * libpng versions 1.2.6, August 15, 2004, through 1.6.16, December 22, 2014, are - * Copyright (c) 2004, 2006-2014 Glenn Randers-Pehrson, and are - * distributed according to the same disclaimer and license as libpng-1.2.5 - * with the following individual added to the list of Contributing Authors: - * - * Cosmin Truta - * - * libpng versions 1.0.7, July 1, 2000, through 1.2.5, October 3, 2002, are - * Copyright (c) 2000-2002 Glenn Randers-Pehrson, and are - * distributed according to the same disclaimer and license as libpng-1.0.6 - * with the following individuals added to the list of Contributing Authors: - * - * Simon-Pierre Cadieux - * Eric S. Raymond - * Gilles Vollant - * - * and with the following additions to the disclaimer: - * - * There is no warranty against interference with your enjoyment of the - * library or against infringement. There is no warranty that our - * efforts or the library will fulfill any of your particular purposes - * or needs. This library is provided with all faults, and the entire - * risk of satisfactory quality, performance, accuracy, and effort is with - * the user. - * - * libpng versions 0.97, January 1998, through 1.0.6, March 20, 2000, are - * Copyright (c) 1998, 1999, 2000 Glenn Randers-Pehrson, and are - * distributed according to the same disclaimer and license as libpng-0.96, - * with the following individuals added to the list of Contributing Authors: - * - * Tom Lane - * Glenn Randers-Pehrson - * Willem van Schaik - * - * libpng versions 0.89, June 1996, through 0.96, May 1997, are - * Copyright (c) 1996, 1997 Andreas Dilger - * Distributed according to the same disclaimer and license as libpng-0.88, - * with the following individuals added to the list of Contributing Authors: - * - * John Bowler - * Kevin Bracey - * Sam Bushell - * Magnus Holmgren - * Greg Roelofs - * Tom Tanner - * - * libpng versions 0.5, May 1995, through 0.88, January 1996, are - * Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc. - * - * For the purposes of this copyright and license, "Contributing Authors" - * is defined as the following set of individuals: - * - * Andreas Dilger - * Dave Martindale - * Guy Eric Schalnat - * Paul Schmidt - * Tim Wegner - * - * The PNG Reference Library is supplied "AS IS". The Contributing Authors - * and Group 42, Inc. disclaim all warranties, expressed or implied, - * including, without limitation, the warranties of merchantability and of - * fitness for any purpose. The Contributing Authors and Group 42, Inc. - * assume no liability for direct, indirect, incidental, special, exemplary, - * or consequential damages, which may result from the use of the PNG - * Reference Library, even if advised of the possibility of such damage. - * - * Permission is hereby granted to use, copy, modify, and distribute this - * source code, or portions hereof, for any purpose, without fee, subject - * to the following restrictions: - * - * 1. The origin of this source code must not be misrepresented. - * - * 2. Altered versions must be plainly marked as such and must not - * be misrepresented as being the original source. - * - * 3. This Copyright notice may not be removed or altered from - * any source or altered source distribution. - * - * The Contributing Authors and Group 42, Inc. specifically permit, without - * fee, and encourage the use of this source code as a component to - * supporting the PNG file format in commercial products. If you use this - * source code in a product, acknowledgment is not required but would be - * appreciated. - */ - -/* - * A "png_get_copyright" function is available, for convenient use in "about" - * boxes and the like: - * - * printf("%s", png_get_copyright(NULL)); - * - * Also, the PNG logo (in PNG format, of course) is supplied in the - * files "pngbar.png" and "pngbar.jpg (88x31) and "pngnow.png" (98x31). - */ - -/* - * Libpng is OSI Certified Open Source Software. OSI Certified is a - * certification mark of the Open Source Initiative. - */ - -/* - * The contributing authors would like to thank all those who helped - * with testing, bug fixes, and patience. This wouldn't have been - * possible without all of you. - * - * Thanks to Frank J. T. Wojcik for helping with the documentation. - */ - -/* - * Y2K compliance in libpng: - * ========================= - * - * December 22, 2014 - * - * Since the PNG Development group is an ad-hoc body, we can't make - * an official declaration. - * - * This is your unofficial assurance that libpng from version 0.71 and - * upward through 1.6.16 are Y2K compliant. It is my belief that - * earlier versions were also Y2K compliant. - * - * Libpng only has two year fields. One is a 2-byte unsigned integer - * that will hold years up to 65535. The other, which is deprecated, - * holds the date in text format, and will hold years up to 9999. - * - * The integer is - * "png_uint_16 year" in png_time_struct. - * - * The string is - * "char time_buffer[29]" in png_struct. This is no longer used - * in libpng-1.6.x and will be removed from libpng-1.7.0. - * - * There are seven time-related functions: - * png.c: png_convert_to_rfc_1123_buffer() in png.c - * (formerly png_convert_to_rfc_1123() prior to libpng-1.5.x and - * png_convert_to_rfc_1152() in error prior to libpng-0.98) - * png_convert_from_struct_tm() in pngwrite.c, called in pngwrite.c - * png_convert_from_time_t() in pngwrite.c - * png_get_tIME() in pngget.c - * png_handle_tIME() in pngrutil.c, called in pngread.c - * png_set_tIME() in pngset.c - * png_write_tIME() in pngwutil.c, called in pngwrite.c - * - * All handle dates properly in a Y2K environment. The - * png_convert_from_time_t() function calls gmtime() to convert from system - * clock time, which returns (year - 1900), which we properly convert to - * the full 4-digit year. There is a possibility that libpng applications - * are not passing 4-digit years into the png_convert_to_rfc_1123_buffer() - * function, or that they are incorrectly passing only a 2-digit year - * instead of "year - 1900" into the png_convert_from_struct_tm() function, - * but this is not under our control. The libpng documentation has always - * stated that it works with 4-digit years, and the APIs have been - * documented as such. - * - * The tIME chunk itself is also Y2K compliant. It uses a 2-byte unsigned - * integer to hold the year, and can hold years as large as 65535. - * - * zlib, upon which libpng depends, is also Y2K compliant. It contains - * no date-related code. - * - * Glenn Randers-Pehrson - * libpng maintainer - * PNG Development Group - */ + +This copy of the libpng notices is provided for your convenience. In case of +any discrepancy between this copy and the notices in the file png.h that is +included in the libpng distribution, the latter shall prevail. + +COPYRIGHT NOTICE, DISCLAIMER, and LICENSE: + +If you modify libpng you may insert additional notices immediately following +this sentence. + +This code is released under the libpng license. + +libpng versions 1.0.7, July 1, 2000, through 1.6.19, November 12, 2015, are +Copyright (c) 2000-2002, 2004, 2006-2015 Glenn Randers-Pehrson, are +derived from libpng-1.0.6, and are distributed according to the same +disclaimer and license as libpng-1.0.6 with the following individuals +added to the list of Contributing Authors: + + Simon-Pierre Cadieux + Eric S. Raymond + Mans Rullgard + Cosmin Truta + Gilles Vollant + James Yu + +and with the following additions to the disclaimer: + + There is no warranty against interference with your enjoyment of the + library or against infringement. There is no warranty that our + efforts or the library will fulfill any of your particular purposes + or needs. This library is provided with all faults, and the entire + risk of satisfactory quality, performance, accuracy, and effort is with + the user. + +libpng versions 0.97, January 1998, through 1.0.6, March 20, 2000, are +Copyright (c) 1998-2000 Glenn Randers-Pehrson, are derived from +libpng-0.96, and are distributed according to the same disclaimer and +license as libpng-0.96, with the following individuals added to the list +of Contributing Authors: + + Tom Lane + Glenn Randers-Pehrson + Willem van Schaik + +libpng versions 0.89, June 1996, through 0.96, May 1997, are +Copyright (c) 1996-1997 Andreas Dilger, are derived from libpng-0.88, +and are distributed according to the same disclaimer and license as +libpng-0.88, with the following individuals added to the list of +Contributing Authors: + + John Bowler + Kevin Bracey + Sam Bushell + Magnus Holmgren + Greg Roelofs + Tom Tanner + +libpng versions 0.5, May 1995, through 0.88, January 1996, are +Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. + +For the purposes of this copyright and license, "Contributing Authors" +is defined as the following set of individuals: + + Andreas Dilger + Dave Martindale + Guy Eric Schalnat + Paul Schmidt + Tim Wegner + +The PNG Reference Library is supplied "AS IS". The Contributing Authors +and Group 42, Inc. disclaim all warranties, expressed or implied, +including, without limitation, the warranties of merchantability and of +fitness for any purpose. The Contributing Authors and Group 42, Inc. +assume no liability for direct, indirect, incidental, special, exemplary, +or consequential damages, which may result from the use of the PNG +Reference Library, even if advised of the possibility of such damage. + +Permission is hereby granted to use, copy, modify, and distribute this +source code, or portions hereof, for any purpose, without fee, subject +to the following restrictions: + + 1. The origin of this source code must not be misrepresented. + + 2. Altered versions must be plainly marked as such and must not + be misrepresented as being the original source. + + 3. This Copyright notice may not be removed or altered from any + source or altered source distribution. + +The Contributing Authors and Group 42, Inc. specifically permit, without +fee, and encourage the use of this source code as a component to +supporting the PNG file format in commercial products. If you use this +source code in a product, acknowledgment is not required but would be +appreciated. + +END OF COPYRIGHT NOTICE, DISCLAIMER, and LICENSE. + +A "png_get_copyright" function is available, for convenient use in "about" +boxes and the like: + + printf("%s", png_get_copyright(NULL)); + +Also, the PNG logo (in PNG format, of course) is supplied in the +files "pngbar.png" and "pngbar.jpg (88x31) and "pngnow.png" (98x31). + +Libpng is OSI Certified Open Source Software. OSI Certified Open Source is +a certification mark of the Open Source Initiative. OSI has not addressed +the additional disclaimers inserted at version 1.0.7. + +Glenn Randers-Pehrson +glennrp at users.sourceforge.net +November 12, 2015 diff --git a/third_party/libpng/README.google b/third_party/libpng/README.google index 841b42d82b..c40482c43e 100644 --- a/third_party/libpng/README.google +++ b/third_party/libpng/README.google @@ -4,8 +4,10 @@ License: libpng license License File: LICENSE, pulled out of png.h Description: png compression/decompression library Local Modifications: (1) Created pnglibconf.h from pnglibconf.h.prebuilt (a - rename with a few additional settings enabled). (2) Pulled LICENSE into - its own file. + rename with a few additional settings enabled). (2) Copied LICENSE into + this directory. (Originally it was pulled from png.h, but libpng has + now provided a separate LICENSE file for convenience, which we use + directly.) FAQ: Q: Why does this directory exist? diff --git a/third_party/libpng/pnglibconf.h b/third_party/libpng/pnglibconf.h index 3ba831479c..15b3530f6e 100644 --- a/third_party/libpng/pnglibconf.h +++ b/third_party/libpng/pnglibconf.h @@ -1,10 +1,10 @@ -/* libpng 1.6.16 STANDARD API DEFINITION */ +/* libpng 1.6.19 STANDARD API DEFINITION */ /* pnglibconf.h - library build configuration */ -/* Libpng version 1.6.16 - December 22, 2014 */ +/* Libpng version 1.6.19 - November 12, 2015 */ -/* Copyright (c) 1998-2014 Glenn Randers-Pehrson */ +/* Copyright (c) 1998-2015 Glenn Randers-Pehrson */ /* This code is released under the libpng license. */ /* For conditions of distribution and use, see the disclaimer */ @@ -97,13 +97,10 @@ #define PNG_READ_tIME_SUPPORTED #define PNG_READ_tRNS_SUPPORTED #define PNG_READ_zTXt_SUPPORTED -/*#undef PNG_SAFE_LIMITS_SUPPORTED*/ #define PNG_SAVE_INT_32_SUPPORTED #define PNG_SAVE_UNKNOWN_CHUNKS_SUPPORTED #define PNG_SEQUENTIAL_READ_SUPPORTED #define PNG_SETJMP_SUPPORTED -#define PNG_SET_CHUNK_CACHE_LIMIT_SUPPORTED -#define PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED #define PNG_SET_OPTION_SUPPORTED #define PNG_SET_UNKNOWN_CHUNKS_SUPPORTED #define PNG_SET_USER_LIMITS_SUPPORTED @@ -129,6 +126,7 @@ #define PNG_WRITE_BGR_SUPPORTED #define PNG_WRITE_CHECK_FOR_INVALID_INDEX_SUPPORTED #define PNG_WRITE_COMPRESSED_TEXT_SUPPORTED +#define PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED #define PNG_WRITE_CUSTOMIZE_ZTXT_COMPRESSION_SUPPORTED #define PNG_WRITE_FILLER_SUPPORTED #define PNG_WRITE_FILTER_SUPPORTED @@ -187,18 +185,24 @@ /* end of options */ /* settings */ #define PNG_API_RULE 0 -#define PNG_COST_SHIFT 3 #define PNG_DEFAULT_READ_MACROS 1 #define PNG_GAMMA_THRESHOLD_FIXED 5000 #define PNG_IDAT_READ_SIZE PNG_ZBUF_SIZE #define PNG_INFLATE_BUF_SIZE 1024 +#define PNG_LINKAGE_API extern +#define PNG_LINKAGE_CALLBACK extern +#define PNG_LINKAGE_DATA extern +#define PNG_LINKAGE_FUNCTION extern #define PNG_MAX_GAMMA_8 11 #define PNG_QUANTIZE_BLUE_BITS 5 #define PNG_QUANTIZE_GREEN_BITS 5 #define PNG_QUANTIZE_RED_BITS 5 #define PNG_TEXT_Z_DEFAULT_COMPRESSION (-1) #define PNG_TEXT_Z_DEFAULT_STRATEGY 0 -#define PNG_WEIGHT_SHIFT 8 +#define PNG_USER_CHUNK_CACHE_MAX 1000 +#define PNG_USER_CHUNK_MALLOC_MAX 8000000 +#define PNG_USER_HEIGHT_MAX 1000000 +#define PNG_USER_WIDTH_MAX 1000000 #define PNG_ZBUF_SIZE 8192 #define PNG_ZLIB_VERNUM 0 /* unknown */ #define PNG_Z_DEFAULT_COMPRESSION (-1) -- cgit v1.2.3