Closed Bug 408429 Opened 14 years ago Closed 14 years ago

Update libpng to version 1.2.24

Categories

(Core :: ImageLib, defect)

defect
Not set
trivial

Tracking

()

RESOLVED FIXED
mozilla1.9beta3

People

(Reporter: glennrp+bmo, Assigned: glennrp+bmo)

References

()

Details

Attachments

(2 files)

Libpng-1.2.24 has been released.  The changes from libpng-1.2.23 are not very significant to mozilla.
Attached patch applies and compiles fine on XPSP2 and all PNGs I've looked at (including APNG) display OK.
Attachment #293218 - Flags: review?(tor) → review+
Removes MMX code for which we do not have a license to modify or distribute.
Reduces size of libimglib2.so by about 15k.
Attachment #295385 - Flags: review?(tor)
Comment on attachment 295385 [details] [diff] [review]
Update 1.8 branch to libpng-1.2.24

1.8 branch is only accepting security fixes at this point.
Attachment #295385 - Flags: review?(tor) → review-
Haven't there been a fair number of security fixes in libpng between version 1.2.7 and 1.2.24?

Glenn, were you ever planning on requesting approval for trunk landing?
Eight CVE numbers have been assigned to vulnerabilities since 1.2.7, and are listed in www.libpng.org/pub/png/libpng.html.  There may be a few others that did not rise to that level.  I believe all have either been patched in the mozilla embedded libpng or found not to apply the mozilla.  Of course, upgrading libpng to 1.2.24 (which seems to be very stable) would increase our confidence in that.
More important is the licensing issue.  We have informal permission to use the MMX code from the author, but the license from his employer does not permit modification, distribution, or commercial use, and his employer doesn't respond to my requests for a better license.
Attachment #293218 - Flags: superreview?(pavlov)
Flags: blocking1.8.1.12?
(In reply to comment #5)

> Glenn, were you ever planning on requesting approval for trunk landing?

At this point I suppose we might as well wait for libpng-1.2.25.  It will probably be out by the end of January 2008.  It fixes two bugs, but I don't think either bug affects mozilla.  One deals with unknown chunk handling (not used in mozilla) and the other deals with gamma compensation in combination with the bKGD chunk (bKGD is always ignored by mozilla).

On the branch we'll wait for the next release.
Flags: blocking1.8.1.12? → blocking1.8.1.12-
Attachment #293218 - Flags: superreview?(pavlov) → superreview+
Attachment #293218 - Flags: approval1.9?
Attachment #293218 - Flags: approval1.9? → approval1.9+
Keywords: checkin-needed
Checking in modules/libimg/png/CHANGES;
/cvsroot/mozilla/modules/libimg/png/CHANGES,v  <--  CHANGES
new revision: 3.11; previous revision: 3.10
done
Checking in modules/libimg/png/LICENSE;
/cvsroot/mozilla/modules/libimg/png/LICENSE,v  <--  LICENSE
new revision: 1.12; previous revision: 1.11
done
Checking in modules/libimg/png/MOZCHANGES;
/cvsroot/mozilla/modules/libimg/png/MOZCHANGES,v  <--  MOZCHANGES
new revision: 3.23; previous revision: 3.22
done
Checking in modules/libimg/png/README;
/cvsroot/mozilla/modules/libimg/png/README,v  <--  README
new revision: 3.14; previous revision: 3.13
done
Checking in modules/libimg/png/libpng.txt;
/cvsroot/mozilla/modules/libimg/png/libpng.txt,v  <--  libpng.txt
new revision: 3.11; previous revision: 3.10
done
Checking in modules/libimg/png/png.c;
/cvsroot/mozilla/modules/libimg/png/png.c,v  <--  png.c
new revision: 3.20; previous revision: 3.19
done
Checking in modules/libimg/png/png.h;
/cvsroot/mozilla/modules/libimg/png/png.h,v  <--  png.h
new revision: 3.21; previous revision: 3.20
done
Checking in modules/libimg/png/pngconf.h;
/cvsroot/mozilla/modules/libimg/png/pngconf.h,v  <--  pngconf.h
new revision: 3.26; previous revision: 3.25
done
Checking in modules/libimg/png/pngerror.c;
/cvsroot/mozilla/modules/libimg/png/pngerror.c,v  <--  pngerror.c
new revision: 3.16; previous revision: 3.15
done
Checking in modules/libimg/png/pngpread.c;
/cvsroot/mozilla/modules/libimg/png/pngpread.c,v  <--  pngpread.c
new revision: 3.21; previous revision: 3.20
done
Checking in modules/libimg/png/pngread.c;
/cvsroot/mozilla/modules/libimg/png/pngread.c,v  <--  pngread.c
new revision: 3.20; previous revision: 3.19
done
Checking in modules/libimg/png/pngrtran.c;
/cvsroot/mozilla/modules/libimg/png/pngrtran.c,v  <--  pngrtran.c
new revision: 3.16; previous revision: 3.15
done
Checking in modules/libimg/png/pngrutil.c;
/cvsroot/mozilla/modules/libimg/png/pngrutil.c,v  <--  pngrutil.c
new revision: 3.22; previous revision: 3.21
done
Checking in modules/libimg/png/pngset.c;
/cvsroot/mozilla/modules/libimg/png/pngset.c,v  <--  pngset.c
new revision: 3.20; previous revision: 3.19
done
Checking in modules/libimg/png/pngwrite.c;
/cvsroot/mozilla/modules/libimg/png/pngwrite.c,v  <--  pngwrite.c
new revision: 3.20; previous revision: 3.19
done
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9 M11
Attachment #293218 - Attachment description: Update trunk to libpng-1.2.24 → Update trunk to libpng-1.2.24 (checked in to trunk)
You need to log in before you can comment on or make changes to this bug.