On 24 May 2010 19:07, Andrew John Hughes <ahug...@redhat.com> wrote: > On 09:42 Thu 20 May , Phil Race wrote: >> From http://www.libpng.org/pub/png/libpng.html >> >> >The current public release, *libpng 1.4.2*, restores the 1.2.x >> png_check_sig() macro ... >> >> I suppose removing it caused too many problems. >> > > Ah, that explains why I couldn't replicate the failure recently and > it was still in the local header file I checked. > It's not exactly prominent on that page and the differences document > still lists it as obsolete. > > I'd be interested to know why they reverted the decision. > >> So whilst I see nothing wrong with this change, I wonder if its worth >> the trouble ? > > Well, it's no great trouble for me to push it given I've already made > the (very minor) change. And if it isn't changed in OpenJDK upstream, > I imagine the change will still have to stay around for a while in > IcedTea to cover the 1.4.0 and 1.4.1 releases that do remove the > macro (given we build against the system library, rather than the > in-tree one). > >> >> If you still want to push I'll supply a bug id. >> > > Thanks, that'd be good. > >> 2 other things >> 1) Not that it matters (just FYI) but splashscreen is considered to be >> AWT not 2D, >> even though libpng itself is 2D. Relevant only because the bug would be >> classes_awt, >> not classes_2d. > > I always seem to get this wrong; the last two patches I sent to the > awt list and was told to send here. Is there a guide to who has > responsibility for what? It's certainly not clear from the > openjdk.java.net pages, which indeed still list OpenJDK as having > encumberances in the area of 2D; that hasn't been the case for a > couple of years. > >> 2) Maybe we are due to upgrade the libpng in JDK ? We upgraded it >> last in May 2007 right before launching openjdk, then to 1.2.18 >> Was there ever a 1.3.X ?? Looks like that got skipped for some reason. >> Doesn't seem urgent but it might be a good thing to add to the to-do list. >> > > I've never seen a 1.3. Maybe they use the odd numbers as a development branch > as is the case with Gtk+ and used to be the case with Linux prior to 2.6. > > In 1.4, the main changes are apparently 'support for the iTXt chunk > and a function for limiting the amount of memory that a possibly > malicious compressed chunk can consume.' The former is only really > needed if files with iTXt chunks become prominent in the wild (which > seems unlikely until 1.4 is widespread). The other change sounds like > it could be more important. > > >From our side, I think it would be more useful to see in-tree support > for building against the system libpng as we never use the in-tree > version anyway. Using the system version means we are better covered > for security updates and new versions of libpng don't first need to be > imported into the OpenJDK tree. > >> -phil. >> >> Andrew John Hughes wrote: >> > With libpng 1.4, the png_check_sig function has been removed, having >> > been deprecated in previous releases: >> > >> > http://www.libpng.org/pub/png/src/libpng-1.2.x-to-1.4.x-summary.txt >> > >> > This function is used in splashscreen_png.c and can be easily be >> > replaced with png_sig_cmp, as in this webrev: >> > >> > http://cr.openjdk.java.net/~andrew/libpng/webrev.01/ >> > >> > This actually makes the line clearer as the not operator is no longer >> > needed. >> > I know OpenJDK still uses an in-tree libpng 1.2 by default, but this >> > fix still works with that version and also means that the code will >> > still build, should the internal libpng be upgraded to 1.4. >> > >> > Ok to push this? If so, can I have a bug ID for it? >> > >> > Thanks, >> > >> > > -- > Andrew :) > > Free Java Software Engineer > Red Hat, Inc. (http://www.redhat.com) > > Support Free Java! > Contribute to GNU Classpath and the OpenJDK > http://www.gnu.org/software/classpath > http://openjdk.java.net > PGP Key: 94EFD9D8 (http://subkeys.pgp.net) > Fingerprint = F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8 >
So can I have a bug ID for this? Thanks, -- Andrew :-) Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) Support Free Java! Contribute to GNU Classpath and the OpenJDK http://www.gnu.org/software/classpath http://openjdk.java.net PGP Key: 94EFD9D8 (http://subkeys.pgp.net) Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
