Closed Bug 408429 Opened 17 years ago Closed 17 years ago

Update libpng to version 1.2.24

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Type:
defect
Priority:
Not set
Severity:
trivial

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9beta3

People

(Reporter: glennrp+bmo, Assigned: glennrp+bmo)

References

(
URL
)

Details

Attachments

(2 files)

Update trunk to libpng-1.2.24 (checked in to trunk)
33.39 KB, patch
tor
: review+
pavlov
: superreview+
mtschrep
: approval1.9+
Details | Diff | Splinter Review
Update 1.8 branch to libpng-1.2.24
840.07 KB, patch
tor
: review-
Details | Diff | Splinter Review
Libpng-1.2.24 has been released. The changes from libpng-1.2.23 are not very significant to mozilla.
Attached patch applies and compiles fine on XPSP2 and all PNGs I've looked at (including APNG) display OK.
Attachment #293218 - Flags: review?(tor) → review+
Removes MMX code for which we do not have a license to modify or distribute. Reduces size of libimglib2.so by about 15k.
Attachment #295385 - Flags: review?(tor)
Comment on attachment 295385 [details] [diff] [review] Update 1.8 branch to libpng-1.2.24 1.8 branch is only accepting security fixes at this point.
Attachment #295385 - Flags: review?(tor) → review-
Haven't there been a fair number of security fixes in libpng between version 1.2.7 and 1.2.24? Glenn, were you ever planning on requesting approval for trunk landing?
Eight CVE numbers have been assigned to vulnerabilities since 1.2.7, and are listed in www.libpng.org/pub/png/libpng.html. There may be a few others that did not rise to that level. I believe all have either been patched in the mozilla embedded libpng or found not to apply the mozilla. Of course, upgrading libpng to 1.2.24 (which seems to be very stable) would increase our confidence in that. More important is the licensing issue. We have informal permission to use the MMX code from the author, but the license from his employer does not permit modification, distribution, or commercial use, and his employer doesn't respond to my requests for a better license.
Attachment #293218 - Flags: superreview?(pavlov)
Flags: blocking1.8.1.12?
(In reply to comment #5) > Glenn, were you ever planning on requesting approval for trunk landing? At this point I suppose we might as well wait for libpng-1.2.25. It will probably be out by the end of January 2008. It fixes two bugs, but I don't think either bug affects mozilla. One deals with unknown chunk handling (not used in mozilla) and the other deals with gamma compensation in combination with the bKGD chunk (bKGD is always ignored by mozilla).
On the branch we'll wait for the next release.
Flags: blocking1.8.1.12? → blocking1.8.1.12-
Attachment #293218 - Flags: superreview?(pavlov) → superreview+
Attachment #293218 - Flags: approval1.9?
Attachment #293218 - Flags: approval1.9? → approval1.9+
Keywords: checkin-needed
Checking in modules/libimg/png/CHANGES; /cvsroot/mozilla/modules/libimg/png/CHANGES,v <-- CHANGES new revision: 3.11; previous revision: 3.10 done Checking in modules/libimg/png/LICENSE; /cvsroot/mozilla/modules/libimg/png/LICENSE,v <-- LICENSE new revision: 1.12; previous revision: 1.11 done Checking in modules/libimg/png/MOZCHANGES; /cvsroot/mozilla/modules/libimg/png/MOZCHANGES,v <-- MOZCHANGES new revision: 3.23; previous revision: 3.22 done Checking in modules/libimg/png/README; /cvsroot/mozilla/modules/libimg/png/README,v <-- README new revision: 3.14; previous revision: 3.13 done Checking in modules/libimg/png/libpng.txt; /cvsroot/mozilla/modules/libimg/png/libpng.txt,v <-- libpng.txt new revision: 3.11; previous revision: 3.10 done Checking in modules/libimg/png/png.c; /cvsroot/mozilla/modules/libimg/png/png.c,v <-- png.c new revision: 3.20; previous revision: 3.19 done Checking in modules/libimg/png/png.h; /cvsroot/mozilla/modules/libimg/png/png.h,v <-- png.h new revision: 3.21; previous revision: 3.20 done Checking in modules/libimg/png/pngconf.h; /cvsroot/mozilla/modules/libimg/png/pngconf.h,v <-- pngconf.h new revision: 3.26; previous revision: 3.25 done Checking in modules/libimg/png/pngerror.c; /cvsroot/mozilla/modules/libimg/png/pngerror.c,v <-- pngerror.c new revision: 3.16; previous revision: 3.15 done Checking in modules/libimg/png/pngpread.c; /cvsroot/mozilla/modules/libimg/png/pngpread.c,v <-- pngpread.c new revision: 3.21; previous revision: 3.20 done Checking in modules/libimg/png/pngread.c; /cvsroot/mozilla/modules/libimg/png/pngread.c,v <-- pngread.c new revision: 3.20; previous revision: 3.19 done Checking in modules/libimg/png/pngrtran.c; /cvsroot/mozilla/modules/libimg/png/pngrtran.c,v <-- pngrtran.c new revision: 3.16; previous revision: 3.15 done Checking in modules/libimg/png/pngrutil.c; /cvsroot/mozilla/modules/libimg/png/pngrutil.c,v <-- pngrutil.c new revision: 3.22; previous revision: 3.21 done Checking in modules/libimg/png/pngset.c; /cvsroot/mozilla/modules/libimg/png/pngset.c,v <-- pngset.c new revision: 3.20; previous revision: 3.19 done Checking in modules/libimg/png/pngwrite.c; /cvsroot/mozilla/modules/libimg/png/pngwrite.c,v <-- pngwrite.c new revision: 3.20; previous revision: 3.19 done
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9 M11
Attachment #293218 - Attachment description: Update trunk to libpng-1.2.24 → Update trunk to libpng-1.2.24 (checked in to trunk)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: