Status
()
People
(Reporter: Glenn Randers-Pehrson, Assigned: Glenn Randers-Pehrson)
Tracking
Bug Flags:
Firefox Tracking Flags
(Not tracked)
Details
(URL)
Attachments
(2 attachments)
|
33.39 KB,
patch
|
tor
:
review+
Stuart Parmenter
:
superreview+
Mike Schroepfer
:
approval1.9+
|
Details | Diff | Splinter Review |
|
840.07 KB,
patch
|
tor
:
review-
|
Details | Diff | Splinter Review |
Libpng-1.2.24 has been released. The changes from libpng-1.2.23 are not very significant to mozilla.
| (Assignee) | ||
Comment 1•10 years ago
|
||
Created attachment 293218 [details] [diff] [review] Update trunk to libpng-1.2.24 (checked in to trunk)
Attachment #293218 -
Flags: review?(tor)
Comment 2•10 years ago
|
||
Attached patch applies and compiles fine on XPSP2 and all PNGs I've looked at (including APNG) display OK.
Attachment #293218 -
Flags: review?(tor) → review+
| (Assignee) | ||
Comment 3•10 years ago
|
||
Created attachment 295385 [details] [diff] [review] Update 1.8 branch to libpng-1.2.24 Removes MMX code for which we do not have a license to modify or distribute. Reduces size of libimglib2.so by about 15k.
Attachment #295385 -
Flags: review?(tor)
Comment on attachment 295385 [details] [diff] [review] Update 1.8 branch to libpng-1.2.24 1.8 branch is only accepting security fixes at this point.
Attachment #295385 -
Flags: review?(tor) → review-
Comment 5•10 years ago
|
||
Haven't there been a fair number of security fixes in libpng between version 1.2.7 and 1.2.24? Glenn, were you ever planning on requesting approval for trunk landing?
| (Assignee) | ||
Comment 6•10 years ago
|
||
Eight CVE numbers have been assigned to vulnerabilities since 1.2.7, and are listed in www.libpng.org/pub/png/libpng.html. There may be a few others that did not rise to that level. I believe all have either been patched in the mozilla embedded libpng or found not to apply the mozilla. Of course, upgrading libpng to 1.2.24 (which seems to be very stable) would increase our confidence in that. More important is the licensing issue. We have informal permission to use the MMX code from the author, but the license from his employer does not permit modification, distribution, or commercial use, and his employer doesn't respond to my requests for a better license.
| (Assignee) | ||
Updated•10 years ago
|
||
Attachment #293218 -
Flags: superreview?(pavlov)
Updated•10 years ago
|
||
Flags: blocking1.8.1.12?
| (Assignee) | ||
Comment 7•10 years ago
|
||
(In reply to comment #5) > Glenn, were you ever planning on requesting approval for trunk landing? At this point I suppose we might as well wait for libpng-1.2.25. It will probably be out by the end of January 2008. It fixes two bugs, but I don't think either bug affects mozilla. One deals with unknown chunk handling (not used in mozilla) and the other deals with gamma compensation in combination with the bKGD chunk (bKGD is always ignored by mozilla).
Comment 8•10 years ago
|
||
On the branch we'll wait for the next release.
Flags: blocking1.8.1.12? → blocking1.8.1.12-
Updated•10 years ago
|
||
Attachment #293218 -
Flags: superreview?(pavlov) → superreview+
Updated•10 years ago
|
||
Attachment #293218 -
Flags: approval1.9?
Updated•10 years ago
|
||
Attachment #293218 -
Flags: approval1.9? → approval1.9+
Updated•10 years ago
|
||
Keywords: checkin-needed
Comment 9•10 years ago
|
||
Checking in modules/libimg/png/CHANGES; /cvsroot/mozilla/modules/libimg/png/CHANGES,v <-- CHANGES new revision: 3.11; previous revision: 3.10 done Checking in modules/libimg/png/LICENSE; /cvsroot/mozilla/modules/libimg/png/LICENSE,v <-- LICENSE new revision: 1.12; previous revision: 1.11 done Checking in modules/libimg/png/MOZCHANGES; /cvsroot/mozilla/modules/libimg/png/MOZCHANGES,v <-- MOZCHANGES new revision: 3.23; previous revision: 3.22 done Checking in modules/libimg/png/README; /cvsroot/mozilla/modules/libimg/png/README,v <-- README new revision: 3.14; previous revision: 3.13 done Checking in modules/libimg/png/libpng.txt; /cvsroot/mozilla/modules/libimg/png/libpng.txt,v <-- libpng.txt new revision: 3.11; previous revision: 3.10 done Checking in modules/libimg/png/png.c; /cvsroot/mozilla/modules/libimg/png/png.c,v <-- png.c new revision: 3.20; previous revision: 3.19 done Checking in modules/libimg/png/png.h; /cvsroot/mozilla/modules/libimg/png/png.h,v <-- png.h new revision: 3.21; previous revision: 3.20 done Checking in modules/libimg/png/pngconf.h; /cvsroot/mozilla/modules/libimg/png/pngconf.h,v <-- pngconf.h new revision: 3.26; previous revision: 3.25 done Checking in modules/libimg/png/pngerror.c; /cvsroot/mozilla/modules/libimg/png/pngerror.c,v <-- pngerror.c new revision: 3.16; previous revision: 3.15 done Checking in modules/libimg/png/pngpread.c; /cvsroot/mozilla/modules/libimg/png/pngpread.c,v <-- pngpread.c new revision: 3.21; previous revision: 3.20 done Checking in modules/libimg/png/pngread.c; /cvsroot/mozilla/modules/libimg/png/pngread.c,v <-- pngread.c new revision: 3.20; previous revision: 3.19 done Checking in modules/libimg/png/pngrtran.c; /cvsroot/mozilla/modules/libimg/png/pngrtran.c,v <-- pngrtran.c new revision: 3.16; previous revision: 3.15 done Checking in modules/libimg/png/pngrutil.c; /cvsroot/mozilla/modules/libimg/png/pngrutil.c,v <-- pngrutil.c new revision: 3.22; previous revision: 3.21 done Checking in modules/libimg/png/pngset.c; /cvsroot/mozilla/modules/libimg/png/pngset.c,v <-- pngset.c new revision: 3.20; previous revision: 3.19 done Checking in modules/libimg/png/pngwrite.c; /cvsroot/mozilla/modules/libimg/png/pngwrite.c,v <-- pngwrite.c new revision: 3.20; previous revision: 3.19 done
Status: ASSIGNED → RESOLVED
Last Resolved: 10 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9 M11
| (Assignee) | ||
Updated•10 years ago
|
||
Attachment #293218 -
Attachment description: Update trunk to libpng-1.2.24 → Update trunk to libpng-1.2.24 (checked in to trunk)
You need to log in
before you can comment on or make changes to this bug.
Description
•