On Mon, 26 Jun 2006 16:46:22 -0400, Vivia Nikolaidou
> On 6/26/06, Youness Alaoui wrote:
>> On Mon, 26 Jun 2006 07:44:04 -0400, Philippe Valembois - Phil
>> > Le Sunday 25 June 2006 21:55, Youness Alaoui a écrit:
>> >> in here : http://amsn.sourceforge.net/forums/viewtopic.php?t=1205
>> >> can
>> >> find an image that doesn't work with TkCximage.. we plan on doing
>> >> something to it ? Phil ? no more plans apart of the rewrite ? you're
>> >> free
>> >> to decide, but if some people use this image as DP and amsn crashes..
>> >> for
>> >> me, it's a critical issue...
>> > Can't reproduce the error...
>> > It only fails with it... The only thing I can do is to update libpng
>> > the
>> > last version... I let you decide if I do it : it's ready to be
>> > committed...
>> > Phil
>> Shouldn't we remove libpng and zlib, and all that crap from amsn SVN ?
>> leave it as a dependency ? add the dep in the configure and we're done ?
>> just like what Sander did for FC5 ?
>> I think it's the best way to do it... the only way it should be.
> Yes, unless they are patched? (I don't know). Then I guess we have to
> do the same for tkdnd, but leave it optional.
Huh ? what's your point with tkdnd ? tkdnd is not in SVN!!!
I'm talking about amsn/utils/TkCximage/src/zlib
amsn/utils/TkCximage/src/png amsn/utils/TkCximage/src/jpeg ... those are
libraries we should find installed on the system and we shouldn't ship
them with us...
I just checked libjpeg, it hasn't changed so we're secure with it, but
libpng has changed :
look at the first red warning :
"Versions 1.2.7, 1.2.6, 1.0.17, and 1.0.16 have a bug that will cause
applications that strip the alpha channel (while reading a PNG) to crash.
The bug is fixed in versions 1.2.8 and 1.0.18, which were released on 3
The one we have shipped with CxImage is version 1.2.7 (png.h) and the
latest release is 1.2.10...
and for zlib, we have 1.2.1 (zlib.h) while the latest is 1.2.3, and look
at the first sentence in http://zlib.net
"Version 1.2.3 eliminates potential security vulnerabilities in zlib 1.2.1
and 1.2.2, so all users of those versions should upgrade immediately. The
following important fixes are provided in zlib 1.2.3 over 1.2.1 and 1.2.2"
Which means that we REALLY should make sure TkCximage depends on zlib
1.2.3+ and libpng 1.2.8+ (although 1.2.10 is preferred of course)
In the case of tkdnd... I still don't know what's the relation, we do ship
it (who cares about the shipping), but I'm taking about what should be
part of amsn's sources...
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo