On Tue, 27 Jun 2006 02:04:59 -0400, Sander Hoentjen <[EMAIL PROTECTED]> wrote:
> On Mon, 2006-06-26 at 18:07 -0400, Youness Alaoui wrote: >> On Mon, 26 Jun 2006 16:46:22 -0400, Vivia Nikolaidou <[EMAIL PROTECTED]> >> wrote: >> >> > On 6/26/06, Youness Alaoui <[EMAIL PROTECTED]> wrote: >> >> On Mon, 26 Jun 2006 07:44:04 -0400, Philippe Valembois - Phil >> >> <[EMAIL PROTECTED]> wrote: >> >> >> >> > Le Sunday 25 June 2006 21:55, Youness Alaoui a écrit: >> >> >> in here : http://amsn.sourceforge.net/forums/viewtopic.php?t=1205 >> you >> >> >> can >> >> >> find an image that doesn't work with TkCximage.. we plan on doing >> >> >> something to it ? Phil ? no more plans apart of the rewrite ? >> you're >> >> >> free >> >> >> to decide, but if some people use this image as DP and amsn >> crashes.. >> >> >> for >> >> >> me, it's a critical issue... >> >> > Can't reproduce the error... >> >> > It only fails with it... The only thing I can do is to update >> libpng >> >> to >> >> > the >> >> > last version... I let you decide if I do it : it's ready to be >> >> > committed... >> >> > Phil >> >> >> >> Shouldn't we remove libpng and zlib, and all that crap from amsn SVN >> ? >> >> and >> >> leave it as a dependency ? add the dep in the configure and we're >> done ? >> >> just like what Sander did for FC5 ? >> >> I think it's the best way to do it... the only way it should be. >> > >> > Yes, unless they are patched? (I don't know). Then I guess we have to >> > do the same for tkdnd, but leave it optional. >> >> >> Huh ? what's your point with tkdnd ? tkdnd is not in SVN!!! >> I'm talking about amsn/utils/TkCximage/src/zlib >> amsn/utils/TkCximage/src/png amsn/utils/TkCximage/src/jpeg ... those are >> libraries we should find installed on the system and we shouldn't ship >> them with us... >> I just checked libjpeg, it hasn't changed so we're secure with it, but >> libpng has changed : >> http://www.libpng.org/pub/png/libpng.html >> look at the first red warning : >> "Versions 1.2.7, 1.2.6, 1.0.17, and 1.0.16 have a bug that will cause >> applications that strip the alpha channel (while reading a PNG) to >> crash. >> The bug is fixed in versions 1.2.8 and 1.0.18, which were released on 3 >> December 2004." >> The one we have shipped with CxImage is version 1.2.7 (png.h) and the >> latest release is 1.2.10... >> and for zlib, we have 1.2.1 (zlib.h) while the latest is 1.2.3, and look >> at the first sentence in http://zlib.net >> "Version 1.2.3 eliminates potential security vulnerabilities in zlib >> 1.2.1 >> and 1.2.2, so all users of those versions should upgrade immediately. >> The >> following important fixes are provided in zlib 1.2.3 over 1.2.1 and >> 1.2.2" >> >> Which means that we REALLY should make sure TkCximage depends on zlib >> 1.2.3+ and libpng 1.2.8+ (although 1.2.10 is preferred of course) > > Or not, amsn won't crash, and if a user has outdated libs he should > worry about that himself. I don't think we should add extra complexity. > Attached I have the patch from my SRPM for the libs, easy enough but I > thought I would send it anyway. >> >> In the case of tkdnd... I still don't know what's the relation, we do >> ship >> it (who cares about the shipping), but I'm taking about what should be >> part of amsn's sources... >> humm.. I guess you're right, but can't we set a minimal version ? at least, set it to the one CxImage came with, we don't know about backward compatibility... about your patch, am I dreaming, or is the latest Opera 9 buggy, or did you just forget to include the attachment ? -- KaKaRoTo Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Amsn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amsn-devel
