Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Youness Alaoui <kakaroto <at> kakaroto.homelinux.net>
Subject: Re: a few items
Newsgroups: gmane.network.instant-messaging.amsn.devel
Date: Monday 26th June 2006 22:07:50 UTC (over 12 years ago)
On Mon, 26 Jun 2006 16:46:22 -0400, Vivia Nikolaidou   
wrote:

> On 6/26/06, Youness Alaoui  wrote:
>> On Mon, 26 Jun 2006 07:44:04 -0400, Philippe Valembois - Phil
>>  wrote:
>>
>> > Le Sunday 25 June 2006 21:55, Youness Alaoui a écrit:
>> >> in here : http://amsn.sourceforge.net/forums/viewtopic.php?t=1205
you
>> >> can
>> >> find an image that doesn't work with TkCximage.. we plan on doing
>> >> something to it ? Phil ? no more plans apart of the rewrite ? you're
>> >> free
>> >> to decide, but if some people use this image as DP and amsn crashes..
>> >> for
>> >> me, it's a critical issue...
>> > Can't reproduce the error...
>> > It only fails with it... The only thing I can do is to update libpng  
>> to
>> > the
>> > last version... I let you decide if I do it : it's ready to be
>> > committed...
>> > Phil
>>
>> Shouldn't we remove libpng and zlib, and all that crap from amsn SVN ?  
>> and
>> leave it as a dependency ? add the dep in the configure and we're done ?
>> just like what Sander did for FC5 ?
>> I think it's the best way to do it... the only way it should be.
>
> Yes, unless they are patched? (I don't know). Then I guess we have to
> do the same for tkdnd, but leave it optional.


Huh ? what's your point with tkdnd ? tkdnd is not in SVN!!!
I'm talking about amsn/utils/TkCximage/src/zlib  
amsn/utils/TkCximage/src/png amsn/utils/TkCximage/src/jpeg ... those are  
libraries we should find installed on the system and we shouldn't ship  
them with us...
I just checked libjpeg, it hasn't changed so we're secure with it, but  
libpng has changed :
http://www.libpng.org/pub/png/libpng.html
look at the first red warning :
"Versions 1.2.7, 1.2.6, 1.0.17, and 1.0.16 have a bug that will cause  
applications that strip the alpha channel (while reading a PNG) to crash.  
The bug is fixed in versions 1.2.8 and 1.0.18, which were released on 3  
December 2004."
The one we have shipped with CxImage is version 1.2.7 (png.h) and the  
latest release is 1.2.10...
and for zlib, we have 1.2.1 (zlib.h) while the latest is 1.2.3, and look  
at the first sentence in http://zlib.net
"Version 1.2.3 eliminates potential security vulnerabilities in zlib 1.2.1 

and 1.2.2, so all users of those versions should upgrade immediately. The  
following important fixes are provided in zlib 1.2.3 over 1.2.1 and 1.2.2"

Which means that we REALLY should make sure TkCximage depends on zlib  
1.2.3+ and libpng 1.2.8+ (although 1.2.10 is preferred of course)

In the case of tkdnd... I still don't know what's the relation, we do ship 

it (who cares about the shipping), but I'm taking about what should be  
part of amsn's sources...

-- 
KaKaRoTo

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
 
CD: 20ms