Closed Bug 952505 Opened 11 years ago Closed 10 years ago

Update libpng to version 1.6.9

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla30
Tracking Flags:
Tracking Status
firefox27 --- unaffected
firefox28 --- unaffected
firefox29 --- unaffected
firefox30 --- affected
b2g18 --- unaffected
b2g-v1.1hd --- unaffected
b2g-v1.2 --- unaffected
b2g-v1.3 --- unaffected
b2g-v1.4 --- affected

People

(Reporter: glennrp+bmo, Assigned: glennrp+bmo)

References

(
URL
)

Details

Attachments

(1 file, 8 obsolete files)

v08 952505 update bundled libpng to version 1.6.9
207.60 KB, patch
jrmuizel
: review+
Details | Diff | Splinter Review 
Libpng-1.6.8 was released yesterday.  It fixes a potential null pointer dereference (see bug #945912) and is otherwise a simple cleanup release.
Depends on: 832390, 938740
Don't delete "#include mozpngconf.h" from pngpriv.h
Attachment #8350920 - Attachment is obsolete: true
Glenn, IIUC, this fixes a known sec issue in 1.6.7? Do you need any extra assistance here?
status-b2g18: --- → unaffected
status-b2g-v1.1hd: --- → unaffected
status-b2g-v1.2: --- → unaffected
status-b2g-v1.3: --- → affected
status-b2g-v1.4: --- → affected
status-firefox27: --- → unaffected
status-firefox28: --- → affected
status-firefox29: --- → affected
status-firefox30: --- → affected
Flags: needinfo?(glennrp+bmo)
Needs a try server run.  I know you'd prefer I do those myself but am not set up yet to do them.
The older versions can use the one-line-change patch in bug #945912 to simplify matters.
Flags: needinfo?(glennrp+bmo) → needinfo?(ryanvm)
Incidentally, libpng-1.6.9 will be out tomorrow.  If Max releases the APNG patch for 1.6.9 soon, we can skip 1.6.8.
v02 updates libpng to version 1.6.9 instead of 1.6.8.  Also changed description accordingly.  Need try server run.
Attachment #8351565 - Attachment is obsolete: true
Flags: needinfo?(ryanvm)
Summary: Update libpng to version 1.6.8 → Update libpng to version 1.6.9
Changed all EOL to newlines (in the v02 patch, 1590 lines out of 8592 ended with CR-LF, inherited from the apng.patch).  Changed CR-LF in the apng.patch to newlines as well.  These changes shouldn't require a new try server run.
Attachment #8372330 - Attachment is obsolete: true
This patch fixes the small amount of bit rot caused by checkin of bug #945912.
Attachment #8372930 - Attachment is obsolete: true
Attachment #8375226 - Flags: review?(jmuizelaar)
No longer blocks: 945912
Depends on: 945912
Marking earlier releases "unaffected" since they have been fixed in bug #945912.  The remainder of the upgrade to libpng-1.6.9 is code cleanup, so I'm reducing the importance of this bug to "minor".
Severity: normal → minor
status-b2g-v1.3: affectedunaffected
status-b2g-v1.4: affectedunaffected
status-firefox28: affectedunaffected
status-firefox29: affectedunaffected
status-firefox30: affectedunaffected
Attachment #8375226 - Flags: review?(jmuizelaar) → review+
Keywords: checkin-needed
I'll look into this.

1951 ERROR TEST-UNEXPECTED-FAIL | /tests/content/base/test/test_mixed_content_blocker.html | image did not follow block_display_content pref
6571 ERROR TEST-UNEXPECTED-FAIL | /tests/content/canvas/test/webgl/test_webgl_conformance_test_suite.html | [conformance/textures/gl-teximage.html] Test failed - pixel 0, 15 should be 255, 0, 0, 255 was 0, 0, 0, 0
[8 more similar]
10:06:58     INFO -  6580 ERROR TEST-UNEXPECTED-FAIL | /tests/content/canvas/test/webgl
/test_webgl_conformance_test_suite.html | [conformance/textures/gl-teximage.html] Test failed - uploading PNGs with same data but various ICC profiles should generate the same results
[4 more similar]

ImageMagick built with libpng-1.6.9 detects problems with four of these images:
$ mogrify -format ppm *.png 
mogrify: iCCP: known incorrect sRGB profile `3x3.png'
mogrify: iCCP: profile 'Photoshop ICC profile': 1DAh: invalid length `small-square-with-colorspin-profile.png'
mogrify: cHRM: invalid chromaticities `small-square-with-e-srgb-profile.png'
mogrify: iCCP: known incorrect sRGB profile `small-square-with-srgb-iec61966-2.1-profile.png'

ImageMagick built with libpng-1.6.7 reports the same four problems.

The v04 patch of mozpngconf.h turns of PNG_BENIGN_ERRORS handling except
when MOZ_GONK is defined.  That's probably the mistake.
The v04 patch of mozpngconf.h turns off PNG_BENIGN_ERRORS handling except
when MOZ_WIDGET_GONK is defined.  That's probably a mistake.  This patch keeps the current PNG_BENIGN_ERRORS handling instead.
Attachment #8375226 - Attachment is obsolete: true
Flags: needinfo?(ryanvm)
Exposed png_error() redefinition macro so it is visible to calling applications.
Disabled PNG_FIXED_POINT_SUPPORTED; we don't need both FIXED and FLOATING_POINT support.
Attachment #8376640 - Attachment is obsolete: true
Comment on attachment 8376775 [details] [diff] [review]
v06 952505 update bundled libpng to version 1.6.9

Sorry, The v06 patch is incomplete.  Marking it obsolete.
Attachment #8376775 - Attachment is obsolete: true
v07 includes the changes to png.h and pngpriv.h that were omitted from v06.
Looks like this still has the test failures that led to the backout.
Don't reject PNG images that have benign errors
Attachment #8376777 - Attachment is obsolete: true
Flags: needinfo?(ryanvm)
Guys, I think I figured out how to decode APNG with standard libpng...
Should I pursue this further? 
It would be nice to retire apng patch eventually.
Comment on attachment 8377762 [details] [diff] [review]
v08 952505 update bundled libpng to version 1.6.9

Try server results mostly green.  The several failures don't appear to be related to this patch.
Attachment #8377762 - Flags: review?(jmuizelaar)
Depends on: 974825
Attachment #8377762 - Flags: review?(jmuizelaar) → review+
Keywords: checkin-needed
Flags: needinfo?(ryanvm)
Flags: needinfo?(ryanvm)
https://hg.mozilla.org/mozilla-central/rev/71a558bf7b6f
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: