On Mon, 26 Jun 2006 16:46:22 -0400, Vivia Nikolaidou <[EMAIL PROTECTED]> wrote:
> On 6/26/06, Youness Alaoui <[EMAIL PROTECTED]> wrote: >> On Mon, 26 Jun 2006 07:44:04 -0400, Philippe Valembois - Phil >> <[EMAIL PROTECTED]> wrote: >> >> > Le Sunday 25 June 2006 21:55, Youness Alaoui a écrit: >> >> in here : http://amsn.sourceforge.net/forums/viewtopic.php?t=1205 you >> >> can >> >> find an image that doesn't work with TkCximage.. we plan on doing >> >> something to it ? Phil ? no more plans apart of the rewrite ? you're >> >> free >> >> to decide, but if some people use this image as DP and amsn crashes.. >> >> for >> >> me, it's a critical issue... >> > Can't reproduce the error... >> > It only fails with it... The only thing I can do is to update libpng >> to >> > the >> > last version... I let you decide if I do it : it's ready to be >> > committed... >> > Phil >> >> Shouldn't we remove libpng and zlib, and all that crap from amsn SVN ? >> and >> leave it as a dependency ? add the dep in the configure and we're done ? >> just like what Sander did for FC5 ? >> I think it's the best way to do it... the only way it should be. > > Yes, unless they are patched? (I don't know). Then I guess we have to > do the same for tkdnd, but leave it optional. Huh ? what's your point with tkdnd ? tkdnd is not in SVN!!! I'm talking about amsn/utils/TkCximage/src/zlib amsn/utils/TkCximage/src/png amsn/utils/TkCximage/src/jpeg ... those are libraries we should find installed on the system and we shouldn't ship them with us... I just checked libjpeg, it hasn't changed so we're secure with it, but libpng has changed : http://www.libpng.org/pub/png/libpng.html look at the first red warning : "Versions 1.2.7, 1.2.6, 1.0.17, and 1.0.16 have a bug that will cause applications that strip the alpha channel (while reading a PNG) to crash. The bug is fixed in versions 1.2.8 and 1.0.18, which were released on 3 December 2004." The one we have shipped with CxImage is version 1.2.7 (png.h) and the latest release is 1.2.10... and for zlib, we have 1.2.1 (zlib.h) while the latest is 1.2.3, and look at the first sentence in http://zlib.net "Version 1.2.3 eliminates potential security vulnerabilities in zlib 1.2.1 and 1.2.2, so all users of those versions should upgrade immediately. The following important fixes are provided in zlib 1.2.3 over 1.2.1 and 1.2.2" Which means that we REALLY should make sure TkCximage depends on zlib 1.2.3+ and libpng 1.2.8+ (although 1.2.10 is preferred of course) In the case of tkdnd... I still don't know what's the relation, we do ship it (who cares about the shipping), but I'm taking about what should be part of amsn's sources... -- KaKaRoTo Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Amsn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amsn-devel
